Back to Home / #linode / 2004 / 05 / Prev Day | Next Day
#linode IRC Logs for 2004-05-30

---Logopened Sun May 30 00:00:23 2004
00:03@caker sighup: ups 1ZT132T00348782839
00:03sighup In Transit [ On-Time ] Sched. Delivery: Jun 7, 2004 Shipped to: NASHVILLE, TN, US Service Type: GROUND Your package is in the UPS system and is on-time with a scheduled delivery date of Jun 7, 2004.. Results as of May 30, 2004 12:03 A.M. Eastern Time (USA)
00:05fo0bar ha ha ups
00:05guinea-sleepe| another server?
00:05@caker that's just a 1000base-t GBIC
00:05@caker just for fun
00:05guinea-sleepe| oh, one of those old things
00:05guinea-sleepe| i was hoping it'd be something cool
00:05@caker servers are on their way, too :)
00:06guinea-sleepe| i've not been paying attention in a long time... are you still looking for a third DC?
00:06@caker ahh, I was wrong -- those are the two DS9's
00:06fo0bar <-- I love xosd and xplanet
00:06fo0bar and staging screenshots ;)
00:06@caker guinea-sleepe: pretty sure I'm going with Equinix in Ashburn, VA
00:07@caker llamma-tipping?
00:07fo0bar caker: don't ask :)
00:08guinea-sleepe| so *maybe* museum of science tomorrow, otherwise definitely next weekend. gotta go before einstein leaves!
00:09guinea-sleepe| but the MFA is free on monday. i can't pass that up :p
00:09@caker hehe .. on my trip around the US, I was suprised to see "Llammas for sale" in TX (i think) .. we got a big kick out of it
00:09guinea-sleepe| heh
00:09--- <<-- pknetworks [] has quit (Ping timeout: 480 seconds)
00:09fo0bar I guess that's the closest thing to an official web page
00:09guinea-sleepe| friend of mine is up in ... maine? ... for a llama art festival or something
00:10@caker I generally tip 15% :-p
00:11guinea-sleepe| that's the great thing about living in MA: sales tax is 5%, so you just tip 3*whatever the tax is
00:12guinea-sleepe| and don't even have to think about what 15% might be
00:12fo0bar WI was the same way
00:12@caker I just do 10% of the amount, and add another half ..
00:12@caker easy
00:12guinea-sleepe| caker: that's too hard for some people :P
00:12guinea-sleepe| i didn't say i was one of them
00:28--- ---> jh_ [~jason@] has joined #linode
00:29@caker hello
00:30Efudd word to my UT2004 server running now :)
00:30@caker where is it running?
00:30* Efudd just got beat bad :/
00:31Efudd that isn't against any eula is it? :)
00:31@caker haha
00:31@caker nope .. how's it handle it?
00:31Efudd i figure i could *use* some of the cpu i've been giving up lately :)
00:31Efudd well, with 2 players, ok :)
00:31@caker I've been playing the demo
00:31Efudd ah. spiffy.
00:31Efudd yah., password secret
00:31@caker will kick ur butt
00:31Efudd not on now. logging into EQ for a bit tho
00:32Efudd server is running, but eh.. :)
00:32Efudd i just got my ass handed to me by a friend
00:32Efudd 42 deaths to his 4?
01:13--- <<-- Newsome [] has quit (Quit: Leaving)
01:19--- <<-- emcnabb [] has quit (Ping timeout: 480 seconds)
01:37--- ---> Sh8d0w [] has joined #linode
01:38--- <--- Sh8d0w [] has left #linode ()
01:42--- ---> Redgore_ [Redgore@] has joined #linode
01:42--- <<-- Redgore [Redgore@] has quit (Read error: Connection reset by peer)
02:02--- ---> Newsome [] has joined #linode
02:35--- ---> umun [~ca9c0208@] has joined #linode
02:36--- <<-- umun [~ca9c0208@] has quit (Quit: )
02:36--- ---> umun [~ca9c0208@] has joined #linode
02:38--- <--- umun [~ca9c0208@] has left #linode ()
02:52--- <<-- Newsome [] has quit (Quit: Leaving)
03:42--- ---> Redgore [Redgore@] has joined #linode
03:42--- <<-- Redgore_ [Redgore@] has quit (Read error: Connection reset by peer)
04:21--- <<-- codesmith [] has quit (Ping timeout: 480 seconds)
04:30--- ---> littleady [~3efc6004@] has joined #linode
04:34--- ---> codesmith [] has joined #linode
04:47--- <<-- codesmith [] has quit (Ping timeout: 480 seconds)
05:01--- ---> codesmith [] has joined #linode
05:17adamg morning all
05:19--- <<-- codesmith [] has quit (Ping timeout: 480 seconds)
05:19Efudd yo
05:32--- ---> codesmith [] has joined #linode
05:44--- <<-- Redgore [Redgore@] has quit (Read error: No route to host)
05:44--- ---> Redgore_ [Redgore@] has joined #linode
05:53--- <<-- sunny [] has quit (Read error: Connection reset by peer)
05:55littleady hi anyone here to help me setup my dns???
05:59littleady just through doster i have got a domain name and managed dns services with it??
06:56--- ---> sunny [] has joined #linode
07:06--- User: *** Redgore_ is now known as Redgore
07:45--- <<-- Redgore [Redgore@] has quit (Read error: No route to host)
07:45--- ---> Redgore_ [Redgore@] has joined #linode
08:22--- <<-- codesmith [] has quit (Ping timeout: 480 seconds)
08:56--- ---> codesmith [] has joined #linode
09:21--- <<-- Tenkawa [] has quit (Ping timeout: 480 seconds)
09:32--- <<-- codesmith [] has quit (Ping timeout: 480 seconds)
09:38--- ---> emcnabb [] has joined #linode
09:39--- User: *** guinea-sleepe is now known as guinea-MoS
09:40--- ---> Tenkawa [] has joined #linode
09:44--- <<-- littleady [~3efc6004@] has quit (Quit: CGI:IRC (Ping timeout))
09:45--- ---> Redgore [Redgore@] has joined #linode
09:46--- <<-- Redgore_ [Redgore@] has quit (Read error: No route to host)
09:46--- ---> codesmith [] has joined #linode
09:51--- ---> symb [~18832c72@] has joined #linode
09:52--- <<-- david [] has quit (Ping timeout: 480 seconds)
09:54symb out of curiousity, what are some uses/benefits of changing your reverse dns?
09:57guinea-MoS if i visit your website from my linode, i'll show up in your logs as "" instead of ""
09:57guinea-MoS when i irc, i irc from "" instead of...
09:58guinea-MoS i think some email servers may throw a fit if rDNS doesn't match. i can't remember
09:58* guinea-MoS leaves now
09:58guinea-MoS a Van de Graaff generator awaits!
09:58adamg email servers may moan if there is no rdns set, the rdns does not have to match the sender domain
09:58guinea-MoS aha
09:58adamg mainly aol
09:59symb so basically rather than having to set any type of vhost
10:00--- <<-- codesmith [] has quit (Ping timeout: 480 seconds)
10:00Ashen you can get irc vhosts - that's what I use it for. Not sure it has any other uses though.
10:00--- <<-- Ashen [] has quit (Remote host closed the connection)
10:00--- ---> Ashen [] has joined #linode
10:02symb Ashen: but you could only use * for vhosts and only one domain right?
10:04Ashen symb: you can use any vhost that you want for a host on IRC, provided you can get the forward and reverse dns to match up for that IP, and that's an IP you can bind to on your machine
10:05Ashen the limit is : can you get to resolve to your-ip-addy, and can you get your-ip-addy to resolve back to if you can get both, and you can use your-ip-addy on irc, then you can have the vhost.
10:05symb ok cool, i understand now, thank you
10:06symb on a mail server, if I were to host another domain and have a mail server for each, would the header for each domain show the reverse dns somewhere in it?
10:13Ashen not sure, don't think so
10:13Ashen depends on mailer config
10:13--- <<-- probonic [~probonic@] has quit (Read error: Connection reset by peer)
10:14Ashen I don't think you really need rdns control for mail
10:24--- ---> Smith [] has joined #linode
10:24Smith Hi
10:24adamg lo
10:26--- <<-- Smith [] has quit (Quit:
10:39--- <<-- emcnabb [] has quit (Quit: emcnabb)
11:07--- ---> R0mMeL [] has joined #linode
11:29--- <<-- Redgore [Redgore@] has quit (Quit: )
11:33--- ---> Redgore [Redgore@] has joined #linode
12:12--- <<-- Redgore [Redgore@] has quit (Quit: )
12:19--- ---> Redgore [Redgore@] has joined #linode
12:34--- ---> compuserve [~c89e1491@] has joined #linode
12:34compuserve hi
12:34compuserve caker ;)
12:45--- Netsplit <-> quits: Ashen, ElectricElf, pdx6, inkblot, fo0bar, Tenkawa, NeXTer, fo0barf, Artifex, AndyHat, (+19 more, use /NETSPLIT to show all of them)
12:47--- Netsplit over, joins: ElectricElf, adamg, Redgore, Efudd, rko, BB, inkblot, wferrel, @caker, Artifex (+19 more)
12:54--- <<-- compuserve [~c89e1491@] has quit (Quit: CGI:IRC (Ping timeout))
13:08--- <<-- Devboy [~devboy@] has quit (Quit: Leaving)
13:37--- ---> brtb [] has joined #linode
14:20--- ---> Redgore_ [Redgore@] has joined #linode
14:20--- <<-- Redgore [Redgore@] has quit (Read error: No route to host)
14:27--- ---> k4k0 [] has joined #linode
14:29--- ---> codesmith [] has joined #linode
14:52--- User: *** Redgore_ is now known as Redgore
15:09--- <<-- R0mMeL [] has quit (Read error: Connection reset by peer)
15:24--- ---> emcnabb [] has joined #linode
15:32--- <<-- codesmith [] has quit (Ping timeout: 480 seconds)
15:55emcnabb is there a way to see a graph of my transfer rates over the last few months?
15:59@caker emcnabb: no graphs unless you mrtg'ed it (or the like)... just the history off the "My Account"
15:59adamg hi caker
15:59Ashen caker: is there any file that documents the changes made from kernel 2.4.26 to 2.6.5?
15:59Ashen caker: the linode version, I mean
16:00Ashen caker: I ask because due to security arrangements it looks like I'm going to have to run 2.6.5, and wonder if it will change much.
16:00@caker hello
16:00@caker Ashen: hmm .. changes needed to run 2.6 you mean?
16:02@caker Ashen: There shouldn't be any Linode/UML specific changes from 2.4 to 2.6, other than lack of nptl support
16:02@caker Ashen: which distro do you run?
16:02Ashen both, if possible...... I've always run latest 2.4 stable, never ventured into 2.6
16:03Ashen caker: RH9 atm, but I'm trying to migrate to debian (for which I would want to buy a second linode), and redesign from the ground up. One of the features I want requires .6 to work.
16:03@caker Ashen: yeah .. you might need to "mv /lib/tls /lib/tls-disabled" to get around the NPTL issue
16:04Ashen NPTL? What is tls?
16:04@caker Ashen: and the apt-get needs "LD_ASSUME_KERNEL=2.2.5 apt-get whatever"
16:04@caker Ashen: there might be an update to apt so you don't have to do that
16:04@caker Ashen: native posix threads library
16:04Ashen hm
16:04@caker Ashen: those are the only issues
16:04* Ashen saves this convo out
16:04emcnabb caker, cool, thanks
16:04@caker Ashen: you can also stick that env variable in a startup/login script
16:04Ashen you must get a lot of questions about that upgrade.
16:04@caker not really, that's from my own use :)
16:05@caker those are really the only two issues that I've encountered
16:05@caker both NPTL related
16:05Ashen would it be possible to get a second linode on the same account, or would I have to get a second account ?
16:05@caker second account ;/
16:05@caker you could shutdown and boot into a different profile...
16:06Ashen can't do that - need to have em both running at once
16:06Ashen otherwise, would have - already tried that in fact to test out debian.
16:09Ashen would I have to do the phone verification thing again if I bought another linode?
16:09@caker nah
16:10Ashen if I gave you the specs of what I wanted, could you bill me for it (same everything as first account) and set it up?
16:11@caker Ashen: I'll need you to run through the signup again .. is that ok?
16:11Ashen I'm migrating systems you see, I want the first one online while I transfer stuff off it and get the second one setup, but eventually I plan to move to the second one exclusively.
16:11Ashen which signup is that?
16:17Ashen it won't let me signup:
16:17Ashen no plan was found that could match your request. Please narrow your selection, and try again.
16:18@caker for what?
16:18Ashen signing up with linode 128 monthly, no extras
16:18@caker sighup: linode avail
16:18sighup Linode availability -- [Linode 64: 12] [Linode 96: 0] [Linode 128: 0] [Linode 192: 3] [Linode 256: 3]
16:19@caker one secv
16:19@caker try now please
16:22--- ---> Redgore_ [Redgore@] has joined #linode
16:22--- <<-- Redgore [Redgore@] has quit (Read error: Connection reset by peer)
16:22--- User: *** Redgore_ is now known as Redgore
16:23Ashen doing payment now.
16:27adamg this new hosts seems stable enough
16:27@caker yeah, I've opened some slots on it .. up to 12 nodes running on it now...
16:28adamg is it only a new linode kernel or a new host kernel as well
16:28@caker both
16:28@caker cat /proc/cpuinfo
16:28@caker the other's are 2.6.4 based
16:29adamg at least it means I wont have to go through another host reboot this time
16:33@caker Ashen: all set -- thanks
16:35Ashen thank you :)
16:35@caker time for food .. bbiab
16:36@caker Ashen: btw, if you want to transition some of your IPs when you're ready, let me know
16:36Efudd hrm.
16:37Ashen caker: mmmm, I'll think about it, I was considering moving only the absolute bare minimums across (some scripts I've written, databases...) and just doing everything else from scratch.
16:37@caker Ashen: okay
16:38Ashen caker: out of curiousity, what is CentOS?
16:38@caker Ashen: it's Red Hat Enterprise distro
16:39Ashen ah :)
16:54--- User: *** guinea-MoS is now known as guinea-pig
16:57--- <<-- k4k0 [] has quit (Quit: The 7 Deadly Sins: Respire aliviado. \xA0\xA0[])
17:12Ashen caker: I hate to ask this, but is the debian install usable? apt-get doesn't work as it claims that "something wicked happened with resolving" all the sources ftp sites, and 'dig' is missing.
17:12Ashen there is also no gcc or similar that I can use to actually install the missing packages like dig that I would need to alter the dns situation
17:13Ashen can you advise?
17:14adamg apt-get should work
17:14adamg you will need to install gcc etc via apt-get
17:15adamg you may need to update the nameservers list thought
17:16Ashen ah, where is that, and what should I set it to?
17:17adamg /etc/resolv.conf
17:17adamg nameserver
17:17adamg nameserver
17:17adamg nameserver
17:17adamg nameserver
17:19Ashen search?
17:20Ashen hm, same result as before
17:20adamg apt-get update
17:22Ashen all fails for the same reason
17:22adamg can you ssh in to it
17:23Ashen yeah I'm sitting on # now
17:23Ashen I can run commands, but apt-get fails totally
17:23adamg can you ping anything
17:23Ashen unknown host
17:24Ashen looks like it's not networked
17:24adamg if you can ssh in to it, it is working, just cant resolv
17:24adamg can you ping
17:24Ashen hang on, I'm in list-console, not ssh, sorry
17:24Ashen lish* console
17:24adamg what does ifconfig say
17:26adamg looks like there hasnt been an ip assigned
17:26adamg it appears to happen every now and again when a host runs out of ip addresses
17:27Ashen ok, sorry for appearing so clueless, but how do I fix it?
17:27adamg you will have to wait for caker do get back
17:27adamg you cant fix it
17:27Ashen hm ok
17:28* Ashen waits for caker then, thank you adamg.
17:30--- ---> compuserve [~c89e1491@] has joined #linode
17:30compuserve caker hi
17:36SupaDongzu oh boy it is compuserv!
17:36SupaDongzu compuserve: do you still charge by the second?
17:36guinea-pig no, he rounds up to the nearest minute now
17:37SupaDongzu compuserve: You should have sent out tons of CD-ROMs the way AOL did
17:37SupaDongzu then you would have had lots of users!
17:38@caker Ashen: what's up with that?
17:41--- ---> claviola [] has joined #linode
17:41claviola there's no compuserve brasil.
17:41--- <--- claviola [] has left #linode ()
17:42Ashen caker: don't know - it's not getting an IP address.
17:42@caker Ashen: /...
17:42@caker Ashen: oops .. try /etc/init.d/networking restart
17:44@caker ahh
17:44@caker I know this bug
17:44* Ashen loses net access from home due to unreliable optical link that drops repeatedly - and just uses the members/ web panel to reboot whilst he gets terminal back up
17:45@caker with Debian and the 2.6 kernel, you need to apt-get install dhcp3-client
17:45--- <<-- compuserve [~c89e1491@] has quit (Quit: caput!)
17:45adamg which you cant do without an ip
17:45@caker reboot using 2.4
17:45@caker or ifconfig eth0 manually
17:46@caker or edit and fix /sbin/dhclient
17:46@caker (shell script)
17:46adamg and ask caker nicly to update the debian image
17:47@caker hehe
17:47@caker word
17:48Ashen heh
17:48Ashen I see.
17:49adamg caker may be worth pointing that out on the forum as it means that if people from from 2.4 to 2.6 most of the debian boots will have problems
17:50@caker adamg: there's a bunch of 2.6-related issues, that's why I haven't officially announced/supported it yet
17:50adamg yeah with gentoo is screws things as well
17:50adamg or for me anyway
17:51Ashen hwclock is unable to get I/O port access: the iopl(3) call failed.
17:51Ashen it's not working, even with 2.4
17:51@caker Ashen: that's normal (no hwclock)
17:51* Ashen checks
17:52Ashen conflciting dhcp-config files
17:52@caker blow it away
17:52Ashen install new over old you mean?
17:52adamg yeah
17:52@caker install new
17:53@caker that's a generic conf file
17:53* adamg has gotta stop playing silly computer card games and get on with some coding
17:53Ashen ok
17:53Ashen should I be able to reboot now into 2.6 and have things work?
17:53@caker yeah
17:53Ashen ok
17:53* Ashen tests tennatively.
17:54@caker it pings :0
17:54Ashen run-parts: component /etc/dhcp3/dhclient-enter-hooks.d/debug-enter is not an executable plain file
17:55Ashen run-parts: component /etc/dhcp3/dhclient-exit-hooks.d/debug-exit is not an executable plain file
17:55@caker that's new to me
17:55Ashen yay, it works :)
17:55guinea-pig heh
17:55Ashen more or less - not to install
17:56Ashen caker: there is a very helpful guide I found at that you might want to post somewhere for people wanting to setup debian securely (I dunno if you'd find it helpful, I'm going by it as this is the first time I've ever used deb)
17:57@caker Ashen: you should run "dpkg-reconfigure -a" to set everything up right off (I missed that step when building the image)
17:58@caker the deb image is also missing /etc/hosts
17:58@caker but I believe that will fix it
17:58Ashen ok
17:58Ashen hrm, I have a lot of learning to do before I can operate debian sufficiently :)
17:59guinea-pig regarding those errors, i think the .deb may be broken
18:00guinea-pig if it's using run-parts, i think those hook scripts need to be +x, and should have a #!, and they aren't/don't
18:01Ashen hrm, that command caker gave me appears to hang
18:02Ashen on the keymap screen
18:02Ashen I think this happened before
18:02Ashen when I did a tmp deb install on my old linode
18:02@caker Ashen: try running it via ssh, rather than through the console (?)
18:02Ashen and it crashed unless I entered 'don't touch kernel keymap'
18:02@caker hmm
18:03guinea-pig interesting
18:03Ashen that won't even start
18:03Ashen debconf: DbDriver "configdb" error: /var/cache/debconf/config.dat is locked by another process
18:03Ashen I killed all sessions from a new lish
18:03@caker ps auxhf, kill
18:04@caker ps auxhf, kill the dpkg processes
18:04adamg yeah but it is still running from within the linode
18:04adamg skill dpkg
18:04Ashen ah ok
18:04guinea-pig meh
18:05guinea-pig you don't even need console-common, which is what asks that message
18:05guinea-pig i mean, why bother? there isn't a physical console for a linode
18:05@caker there's a console, just not a keyboard, which is what keymap is for, no?
18:06guinea-pig well, console tools do keyboard and console fonts
18:06@caker you don't think it would cause problems for the console if you removed those?
18:06Ashen mmm, defaults timezone to NY,USA
18:07guinea-pig hasn't for me
18:07@caker cool
18:07guinea-pig i haven't had them installed on my linode in ages :P
18:07@caker another few K removed from Debian then :)
18:07guinea-pig i have no reason to change the kernel keymap, and i had no reason to change the console font, as it wouldn't matter on a linode
18:07guinea-pig it's depended on by base-config, though
18:10Ashen should I add my linode's IP to the list of addresses considered local for the machine? It asks, but does not tell me what effect this will have, if any.
18:13@caker I think you just want
18:15sunny h? in ps auxhf ?
18:15sunny ah, I see
18:16sunny I'll stick to pa auxfw
18:16sunny :)
18:16sunny *ps
18:16* Ashen added his linode's IP, hm
18:16@caker force of habit .. it doesn't print the header line
18:17@caker Ashen: I think it just added it to /etc/hosts, not sure
18:18Ashen hm, /etc/hosts does not exist
18:18@caker Ashen: echo " localhost" > /etc/hosts
18:18* caker really should fix that
18:19Ashen sorry for being such a newbie about all this :)
18:19@caker I still can't get over the Vodka ads on /.
18:19@caker geeks aren't big drinkers, in my experience
18:20Ashen default runlevel for linodes is '3', right?
18:20@caker ya
18:21chris depends on the dist (debian uses 2)
18:21@caker well then :)
18:21chris At least mine does...
18:21Ashen how do I tell what runlevel I am in?
18:21sunny caker: geeks are consumptionists, not real drinkers, heh
18:21Ashen ah I see, ps aufx | grep init
18:21Ashen it shows it in init's args
18:23--- ---> Redgore_ [Redgore@] has joined #linode
18:23--- <<-- Redgore [Redgore@] has quit (Read error: Connection reset by peer)
18:30guinea-pig i worship rachel ray
18:31@caker food network chick, or page3 chick?
18:31@caker food network chick is annoying
18:31guinea-pig !!!
18:31* guinea-pig beats up caker
18:32@caker wait a sec
18:32@caker she's on page3? yuk
18:32@caker no way .. those have to be fakes :)
18:32@caker hahaha
18:34guinea-pig why is she annoying?
18:35@caker I dunno .. I think she reminds me of someone I knew/disliked
18:35guinea-pig she reminds me of Laura Petrie
18:35@caker I don't see that connection, but .. ok
18:36guinea-pig heh
18:36* caker was once in a band with three lesbians. I wanted to call the band Dick Van Dyke, but they wouldn't go for it
18:36guinea-pig something about her expressions and hand movements
18:36@caker instead, we were "Raw Umber" .. a brown crayon color ... go figure
18:37guinea-pig Burnt Sienna
18:39Ashen hm, I've created several paritions to house /usr, /tmp and /home. Unforunately after I've got debian working up to a bare-bones level, they already have data on them - how do I mount the new partitions into those places whilst keeping the data I already have?
18:41@caker Ashen: single user mode is probably the safest way, but, copy the data to those partitions, delete everything in the orig (but keep the mountpoints), edit /etc/fstab, and reboot
18:43guinea-pig i can't believe she's 35
18:43@caker er, mount the images under /mnt first :)
18:43Ashen ok..... edit config profile to use singer user mode, bring up the system, mv tmp tmp2, mv usr usr2, mv home home2, mount /home, mount /tmp, mount /usr, cp tmp2/* tmp....
18:43Ashen hrm
18:43Ashen *tries this*
18:44@caker Ashen: yeah, mkdir /tmp /usr/ home, before mounting
18:44@caker Ashen: also, single user mode probably mounts root read only, so: mount -o remount,rw /
18:45@caker Ashen: also, do "cp -au" to keep the correct permissions/ownership on the files you're copying
18:45@caker Ashen: "cp -au /home2/* /home/"
18:48Ashen phew
18:49Ashen should I edit /etc/fstab to include the defs I want before I reboot into single user?
18:49@caker No .. I'd leave everything as it is and do all of this in single
18:50Ashen ok
18:51@caker Ashen: btw, this is all done through the console
18:51Ashen through lish?
18:51@caker yes
18:51Ashen ah *changes to that*
18:52Ashen give root password maintenance - *logs in*
18:52Ashen thank you for your patience with this guys :)
18:52@caker scared yet?
18:53--- ---> codesmith [] has joined #linode
18:53@caker Ashen: no biggie .. 'tis fun
18:53Ashen *g*
18:53Ashen mmm, ls -l / and getting total 0 is a bit scary
18:54@caker you left out /
18:54@caker I think that's just in /root/
18:54* caker tail's ashen's console log
18:54Ashen mm, thanks :)
18:54Ashen there's a console log? :)
18:54@caker hell yeah .. Lish's "logview" cmd
18:55@caker it's useful for capturing boot output, and kernel oop's/panics
18:56Ashen mount -o remount,rw / && mv /home /home2 && mv /tmp /tmp2 && mv /usr /usr2 && mkdir /tmp /usr /home
18:56@caker looks good
18:56Ashen then mount the new paritions into their new places as /home, /var and /tmp
18:56@caker yes
18:56Ashen then cp -au /x2/* /x/
18:56Ashen for x = tmp, home, usr
18:57@caker correct, then?
18:57Ashen leave the old home2/ tmp2 and user2 there in case, add entries to /etc/fstab
18:57@caker wallah!
18:57Ashen reboot into multi user mode
18:58Ashen cross fingers.... if everything works, delete usr2, home2, and tmp2
18:59@caker man's probably in /usr somewhere, so now it can't find it
18:59@caker try: /usr2/bin/man mount
19:00Ashen mounting partitions into their places : mount -t ext3 /dev/ubdc /home
19:00@caker you can leave off the -t ext3
19:00Ashen mount -t ext3 /dev/ubdd /var && mount /dev/ubde /tmp
19:01Ashen mmm ok
19:01@caker you can also edit fstab first, and then do "mount -a"
19:01@caker that would help verify fstab is correct
19:01Ashen /dev/ubc /mnt/home ext3 noauto,nodev,noexec,nosuid,nouser,rw 0 2
19:01@caker mmm strict :)
19:02Ashen it's a public shell box, and I'm not cutting corners on security :)
19:02Ashen that's why I wanted the 2.6 kernel - I'm aware of a workaround that lets users escape noexec restrictions on filesystems usind ld-linux
19:02@caker pretty simple to run an interpreter (bash/perl, etc) but you've probably already thought of that
19:02@caker hmm
19:03Ashen users running scripts doesn't bother me, it's compiling their own executables and running them that I worry about :)
19:03Ashen jump to 4.9.1
19:03@caker perl, etc provide the same functionality .. ?
19:03heidi hmm
19:03Ashen need perl, don't want people gcc'ing mremap.c :)
19:04--- ---> Newsome [] has joined #linode
19:04Ashen hrm
19:05Ashen mount -a does not mount anything new it seems
19:05@caker cat /etc/fstab
19:06@caker does it say "ubde" or ube" ?
19:06@caker also /mnt/home ?
19:06@caker (didn't catch that when you pasted it)
19:07Ashen mounting em to /mnt/etc rather then /home nd /tmp and similar?
19:07@caker you need them off of /
19:08Ashen should be ok now
19:08@caker looks good now
19:08Ashen mount -a still does not pick them up
19:08Ashen ah, they're +noauto
19:08@caker hah
19:09@caker glad we tried it this way :)
19:09@caker heh
19:09* Ashen also
19:10Ashen cp time
19:11@caker /tmp2/ must be empty ...
19:12Ashen probably is in single user
19:13Ashen mmm, nothing else left to do - apart from reboot *changes cpanel conf*
19:14Ashen I'm going to symlink /var/tmp to /tmp/var
19:14Ashen that way, I can mount the whole of /var/ without noexec or nosuid if necessary
19:14Ashen as there would be nowhere on /var users could write to...
19:17--- ---> compuserve [~c89e1491@] has joined #linode
19:21Ashen hm, can reboots hang if partitions can't be unmounted?
19:21@caker Ashen: type "reboot"
19:22adamg would there be any reason why they cant be unmounted
19:22@caker Ashen: curious if in single user mode, it ignores "cad"
19:22Ashen cad?
19:22@caker control-alt-delete...
19:22@caker grep cad /etc/inittab
19:23Ashen /var/run/etc/init.d/rcS: cd: /var/run: No such file or directory
19:23Ashen /etc/init.d/rcS: /var/run/utmp: No such file or directory
19:23Ashen Initializing random number generator... urandom start: failed.
19:23Ashen appears /var is not filed with anything
19:23Ashen hangs on starting syslog
19:23guinea-pig on debian, no it doesn't ignore c-a-d, iirc
19:23Ashen ah yes the salute heh
19:24Ashen well, it appers it won't boot now due to hanging on syslodg
19:24Ashen logd*
19:24adamg sounds like you are not mounting /var on boot
19:26Ashen it should, I deleted noauto from all of em.
19:26adamg what does df say
19:26Ashen EXT3-fs: mounted filesystem with ordered data mode.
19:26Ashen /dev/ubdd on /var type ext3 (rw,noexec,nosuid,nodev)
19:27Ashen nothing - I can't get a prompt
19:27@caker single user mode time
19:27Ashen it hangs on starting syslogd
19:27adamg syslogd needs access to /var/log
19:27adamg and /var/run
19:28Ashen hrm
19:28Ashen - /var appers to be empty
19:28adamg so it is not mounted
19:29@caker did some of your linkage (ln) overwrite it?
19:29@caker uh oh :)
19:29Ashen :-/
19:30adamg what does df say
19:30adamg it should like all mounted srives
19:30Ashen /var is mounted
19:30Ashen as are /home and /tmp
19:30@caker Ashen: where's var2 ?
19:30adamg did you copy all the stuff over to the new drive from the orig /var
19:30@caker he might have just mounted var overtop (if he's lucky)
19:31@caker :)
19:31Ashen I backed up /usr to /usr2 but not /var to /var2
19:31adamg unmount /var
19:32* Ashen has already unmounted /var and is copying a backup /var to the mounted /var
19:32@caker Ashen: you meant /usr, not /var :)
19:32@caker Ashen: now you've got a copy of /usr on the rootfs . you never mounted a /usr
19:32@caker Ashen: which is it? var or usr?
19:33Ashen I'm moving var
19:33Ashen I'm leaving /usr/ alone as there is nowhere in it it that normal users can write to
19:33Ashen and hence, nowhere they can exec files
19:33Ashen so it doesn't need to be nosuid
19:34@caker so you can blow away /usr2 then ...
19:34@caker wait
19:34@caker mv /var /var2
19:34@caker mount /var
19:34@caker cp -au /var2/* /var
19:36@caker I don't know how good of an idea it is to have a /tmp/var ...
19:36@caker as /tmp get's cleaned out
19:36Ashen mmm
19:36guinea-pig yeah, but what uses /var/tmp/ anyway?
19:36@caker var and tmp have the same mount options, so why not just leave /var/tmp alone?
19:36Ashen yeah, good point
19:37@caker rm -f /var/tmp
19:37@caker cp -auf /var2/* /var/
19:37@caker :)
19:37@caker that worked
19:38Ashen phew
19:38guinea-pig oh
19:38guinea-pig FHS: "Files and directories located in /var/tmp must not be deleted when the system is booted."
19:38Ashen FHS?
19:39* Ashen thinks things are ready for another try at multi-user mode now
19:39guinea-pig filesystem heirarchy standard
19:39guinea-pig at least debian tries to adhere to it as though it were LAW
19:39adamg as it should
19:41guinea-pig for example, /var/spool/mail changed in the FHS to /var/mail, and debian followed suit, providing symlinks for people "upgrading"
19:41guinea-pig this was back during potato, iirc
19:41guinea-pig i order food now
19:42Ashen a reboot on the actual members page seems to be 'in progress' forever
19:42adamg gentoo just symlinks that as well
19:42* Ashen wonders what is causing the hangs
19:42guinea-pig are you connected to lish to watch it shutdown?
19:43Ashen "Emmergency Sync complete"
19:43adamg the shutdown hung on something
19:43@caker I think that in single user mode, you need to logout/type "reboot"
19:43Ashen aah.
19:43guinea-pig caker: if you logout of single user, it completes the boot
19:43guinea-pig doesn't it?
19:43Ashen caker: does that console log log everything typed into console, including root passwords?
19:43guinea-pig a simple poweroff/reboot from within single user should work
19:44@caker I think it reboots .. on an error, when it prompts you to fix, is when I think it continues booting
19:44* caker shrugs
19:45adamg Ashen: since the log is just a screen capture it should only capture output not input
19:45Ashen ah
19:46* Ashen tests his new secure config
19:46Ashen if, having done this, I'm not secure against the ld-linux flaw I'll call it 50/50 for the day :)
19:51Ashen ashen@moonlight:/tmp$ /lib/ ./date
19:51Ashen Segmentation fault
19:51Efudd ....
19:52* Ashen tennatively thinks that that is a success
19:52* Ashen reboots into 2.4 to test the comparison
19:55Ashen ashen@moonlight:/tmp$ /lib/ /bin/date
19:55Ashen Sun May 30 19:55:23 EDT 2004
19:55Ashen ashen@moonlight:/tmp$ /lib/ ./date
19:55Ashen Segmentation fault
19:55Ashen mmmm :)
19:58Ashen thank you very much caker and adamg for your help with getting all this set up :)
19:58@caker yaaa
19:58@caker go get em
19:59Ashen heh, still have the rest of these large list of security checks to work through before my system can even remotely consider doing anything useful
19:59@caker Ashen: the real test would be to copy /bin/date to your homedir
19:59Ashen but that was a big one :)
19:59@caker ahh, never mind
20:00@caker Ashen: that's pretty funky
20:00Ashen ashen@moonlight:~$ cp /bin/date date
20:00Ashen ashen@moonlight:~$ ./date
20:00Ashen bash: ./date: Permission denied
20:00Ashen - /home is a lot easier to secure then /tmp............ and thanks to, both protections are useless without securing all areas to which users can write, and also having the 2.6 kernel
20:01--- <<-- compuserve [~c89e1491@] has quit (Quit: CGI:IRC)
20:02@caker so that was a 2.4 bug then?
20:02Ashen I think so
20:02Ashen I got told that the only way to get around that was to upgrade to 2.4
20:02Ashen however, it produces the same result on both 2.4 and 2.6 - SIGSEV
20:03Ashen which, I'm assuming, means 403 and it's not going to let the kiddies run their m_remap.o :)
20:04Ashen half-way through chapter 4 of the hardening process I'm using first
20:04Ashen (4/12 of A)... got a few more ones after this to go
20:04Ashen by the end of it, I should be a lot more secure then my old host under RH9
20:05@caker have you looked into rbash?
20:06@caker probably too restrictive
20:06sunny rbash is stupid
20:06* caker heads to the coke machine, brb
20:06sunny it doesn't place restrictions on shell scripts
20:07Ashen different to bash -r?
20:07sunny no, its the same thing
20:08sunny Ashen: what is it that you are trying to do ? chroot ?
20:10Ashen I would use rbash but 1) users have to be able to cd. 2) it doesn't protect scripts.
20:10sunny well
20:10sunny if chroot is what you want
20:10sunny download the sources to pam_chroot
20:10sunny it has a great example of how the system works
20:10Ashen sunny: I'm working through various security options in debian to lock down a shell server.
20:10Ashen I don't really need chroot for users - though I will lock down sftp so it's chrooted to ~
20:11Ashen no sense in having ftp over the whole system.
20:11sunny is sftp provided by ssh ?
20:11Ashen lol
20:11Ashen man2html: unable to open or read file ../man1/bash.1
20:11Ashen classic manual :)
20:11Ashen sunny: sftp is a ssh subsystem
20:12sunny well yes, but ssh itself doesn't support chroot
20:12sunny or last I checked it didn't
20:13sunny there is a shell specifically for chrooting ssh/sftp
20:13sunny I just don't remember what it was called
20:15Ashen hm
20:18--- <<-- codesmith [] has quit (Ping timeout: 480 seconds)
20:22--- ---> codesmith [] has joined #linode
20:22--- <<-- codesmith [] has quit (Quit: )
20:23--- ---> Redgore [Redgore@] has joined #linode
20:24--- <<-- Redgore_ [Redgore@] has quit (Read error: No route to host)
20:46Ashen caker: out of curiousity, it is intended that debian come without an /etc/apt/apt.conf?
20:46@caker is that possible?
20:47@caker hmm
20:47@caker it is missing, isn't it
20:48@caker well, that wasn't indentional
20:48@caker intentional, even
20:48Ashen I ask because I have to change the dir apt-get tries to do things in away from /tmp
20:49@caker try: apt-get --reinstall install apt (or somethign like that)
20:50Ashen I can't - as I said, can't use apt-get till I fix apt :)
20:50@caker oh ..
20:50* Ashen edits fstab and then tries again
20:50@caker actually, just touch /etc/apt/apt.conf and stick the directive you need in there
20:51@caker I'm guessing it works fine on the defaults (without apt.conf)
20:51@caker since no one has mentioned it until now
20:52Ashen hm
20:53@caker you sure this isn't a sticky bit problem?
20:53@caker or does debian run stuff from /tmp ?
20:54Ashen hrrrm
20:54Ashen no apt.conf created
20:55@caker must be up to you then :)
20:56Ashen indeed.
20:58@caker ahh .. says it listens to TMPDIR env var
20:58@caker noexec is a PITA
21:01Ashen hehe already set it all
21:01Ashen worked out the syntax, testing it with all the fses secure now
21:02Ashen no, no dice.
21:03@caker what's the error?
21:05Ashen subprocess pre-removal script returned error exit status 2
21:05Ashen dpkg (subprocess): unable to execute post-installation script: Permission denied
21:05Ashen dpkg: error while cleaning up:
21:05Ashen subprocess post-installation script returned error exit status 2
21:05@caker I think it runs scripts out of /var
21:06* caker guesses
21:06Ashen you're probably right
21:06Ashen I can mount var exec.... I'd just have to disable /var/tmp
21:06Ashen seems intuitively like a bad idea
21:06@caker why not mount /var/tmp noexec?
21:06@caker and leave /var alone
21:07Ashen that would require creating another mount point for /var/tmp
21:07Ashen ah what the heck, lets go with it, there's always room for another mount point.
21:08@caker you could create a "raw" disk image, and literally partition it, and mount /dev/ubdx1 on /tmp and /dev/ubdx2 on /var/tmp, if you're worried about using up ubd's
21:09Ashen I've one more udb spare
21:10Ashen it might be a good idea, if you can, to increase the avalible number of udb*s
21:10@caker Can't .. only 8 drives in UML
21:10@caker and the 8th I've reserved for a special purpose, not yet deployed
21:11Ashen :-S
21:11Ashen ah well, I don't need any more imgs anyway, but if I did, I'd take your advice *saves for later in case he needs it*
21:11Ashen btw, apt-get runs sucessfully now :)
21:12Ashen chattr +a is SO useful.
21:21--- ---> compuserve [~c89e1491@] has joined #linode
21:51--- <<-- compuserve [~c89e1491@] has quit (Quit: CGI:IRC)
21:52* caker chattr's mikegrb
21:52mikegrb :-O
21:52mikegrb you are just jealous I have beautiful high def sharks on my tv and you don't
21:52Ashen o.Os
21:52mikegrb ;)
21:53Ashen does the debian install support quotas? (usrquota,grpquota I mean)
21:53@caker ... I checked out some big TVs today at CompUSA
21:53mikegrb caker: you can get a nice hdtv around 36" direct view
21:53@caker some of them SUCK
21:53mikegrb about $750
21:53mikegrb yes
21:53@caker looked worse .. a TV image stretched and blown up to fit the widescreen
21:53mikegrb some are aweful
21:53mikegrb heh
21:53mikegrb we watch tv like that
21:53@caker looked like a 320x240 mpeg or something
21:53mikegrb ]odd at first
21:53mikegrb oh
21:53mikegrb that sucks
21:53mikegrb digital cable was like that before
21:54@caker I couldn't deal with that much aspect distortion
21:54guinea-pig name that city:
21:54mikegrb when comcast did the fiber rollout and upgrade to 3mega bit they uped the bitrate of the digital cable channels
21:54mikegrb they look better now
21:54mikegrb the aspect distortion isn't too bad
21:54mikegrb depends on the tv
21:54@caker Ashen: quota support is in the kernel, you'll have to find the userspace tools
21:54mikegrb they use different algo's for streatching
21:55mikegrb our sony does a good job
21:55Ashen caker: Turning off quotasquotaoff: Error while detecting kernel quota version: No such file or directory
21:55@caker Ashen: apt-get install quota quotatool ?
21:55mikegrb it stretches more on the outside then the middle of the picture
21:55Ashen caker: I'm doing the userspace tools, it neither installs nor deinstalls properly - diagnosing it :)
21:55@caker Ashen: what's it looking for? version.h ?
21:56Ashen not sure, that's what I'm looking for now :)
21:56@caker Ashen: strace is your friend
21:56* mikegrb strace's caker
21:56* caker segfaults
21:57Ashen fork(quotaoff: Error while detecting kernel quota version: No such file or directory
21:58Ashen odd, there don't appear to be any files around that that 404 on my system, yet it still faults.
21:59@caker [root@host4 2.6.5-linode2]# grep QUOTA .config
21:59@caker CONFIG_XFS_QUOTA=y
21:59@caker CONFIG_QUOTA=y
21:59@caker CONFIG_QUOTACTL=y
22:00@caker Ashen: I'd guess it needs updated tools for 2.6
22:01Ashen hm. I'll try it in 2.4
22:01Ashen see if that works.
22:01@caker that app was that? quotaoff ?
22:02Ashen that was 'quota'
22:02@caker try strace -f (follow forks)
22:03Ashen hrm, works on 2.4
22:04Ashen I'm going to edit my fstab to re-enable quotas, reboot, and attempt to get it working with the 2.4 kernel
22:05Ashen by 'works' I mean 'doesn't die horribly'
22:06* Ashen reboots and sees if he can get it actually doing quotaing on 2.4
22:07Ashen hrm, it appears that quotaing *does* work (edquota lets me edit and all)
22:10Ashen and it enforces it :)
22:10Ashen would it help you if I reloaded back into 2.6 so I could give you some debug output from the quota there?
22:18Ashen if that would help you, say so and i'll help you track down the problem.
22:25--- ---> Redgore_ [Redgore@] has joined #linode
22:25--- <<-- Redgore [Redgore@] has quit (Read error: Connection reset by peer)
22:35mikegrb caker: ^^^
22:35mikegrb Linode advertising
22:35chris Let the stalking begin
22:36chris I mean... um... good advertising
22:36mikegrb heh
22:36mikegrb need to do better on the bottom lip
22:37--- ---> captg [~d8a5919e@] has joined #linode
22:37captg Hi, any linode staff in here?
22:37--- <<-- captg [~d8a5919e@] has quit (Quit: )
22:37--- ---> captg [~d8a5919e@] has joined #linode
22:38captg Hi, any linode staff?
22:40@caker hello
22:40@caker Ashen: I think you just want to strace "quotaoff" or whatever /etc/init.d/quota was running .. that might be useful
22:42@caker captg: what's up?
22:43Ashen caker: hang on, I'll reload into 2.6 for you
22:44Ashen caker: got it working completely on 2.4 :)
22:45@caker Ashen: cool
22:45Ashen open("/proc/fs/quota", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
22:45Ashen help you at all?
22:46@caker hmm
22:46@caker find /proc/ -name quota
22:47Ashen /proc/sys/fs/quota
22:47Ashen mmm, that seems like a bugfix waiting to happen :)
22:47@caker no kidding
22:47@caker I'd bet there are updated packages for that
22:47chris Are you running woody with 2.6?
22:47chris If so... duh
22:48@caker chris: shool us
22:48chris I think it was procps and module-init-tools that *had* to be backported
22:48Ashen how would I get these updated packages?
22:49chris caker: check if vmstat segs on his node
22:49@caker mod-init-tools is irrelevant
22:49@caker yeah, and procps is only needed for segfaulting ps/vmstat/etc
22:49Ashen vmstat does seg, yes.
22:51--- <<-- captg [~d8a5919e@] has quit (Quit: CGI:IRC (Ping timeout))
22:51Ashen I'm going back to 2.4, it seems more stable. Anything I can do for you before I do?
22:51@caker I think that's it .. thanks :)
22:51@caker at least we got to the bottom of it
22:52Ashen :)
23:24--- <<-- sunny [] has quit (Ping timeout: 480 seconds)
23:38--- ---> captg [~d8a5919e@] has joined #linode
23:40@caker captg: all set. May I ask what you were expecting?
23:41* caker thinks CGI::IRC doesn't work well in Firefox on the PC
23:46--- ---> mowser [] has joined #linode
23:50mowser is there a recommened swap file size for a linode 64?
23:50mowser 256?
23:51@caker 128 min .. anything more than that and you should look into upgrading.
23:53mowser my swap was set at 256 by default with the distro creation; typicall it doesn't get used beyond 30000K
23:53@caker Let me rephrase, 256 is a good size to have for graceful degradation, but if you're *using* more than 128M of swap, I'd say time to upgrade
23:53--- <--- UML_ChanLog [~stats@] has left #linode (Rotating Logs)
23:53mowser but i've seen it as high as 650000
23:53--- ---> UML_ChanLog [~stats@] has joined #linode
23:54@caker cool .. you could probably shave off 128 megs without any problems ..
23:54mowser so i ok then, thank for the info, i'll keep an eye on it
23:55--- <--- mowser [] has left #linode ()
23:56--- <<-- captg [~d8a5919e@] has quit (Quit: CGI:IRC)
23:56--- ---> captg [~d8a5919e@] has joined #linode
23:57--- ---> gman1 [] has joined #linode
23:59--- <<-- guinea-pig [] has quit (Remote host closed the connection)
---Logclosed Mon May 31 00:00:11 2004