Re: mlocate - what is it good for?
On Wed, May 22, 2019 at 09:47:22PM +0200, Julian Andres Klode wrote: > I think mlocate only really makes sense on data storage servers with > huge disks, or on machines with HDDs. I therefore do not think the > overhead of building the index is warranted for most users. It might > make sense to keep mlocate in always-on tasks, like servers, but get > rid of it from desktop scenarios. In my early days of using Linux, I used locate dozens of times a day. I might know the filename but not the pathname, or a part of a filename, etc. "locate XF86Config" was way easier than "find / -name '*XF86Config*' -print". Sure, the find command is simpler today, but it still spews loads of useless error messages unless you also add 2> /dev/null. (And maybe you care about some but not all errors. Unlikely but possible.) Now that I'm far more familiar with where files live I no longer use locate for this purpose. Now I fall firmly in the other camp, where locate is annoyingly slow and I will try my hand at writing a replacement someday: $ time locate thisdoesntexist real1m29.294s user1m27.649s sys 0m1.644s Anyway, I believe locate can have great value to all our users, experienced or brand new, huge systems or small systems. I'd like us to keep it in default installs. Thanks signature.asc Description: PGP signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Segfaults
On Thu, Jun 23, 2016 at 09:21:20AM -0500, Tyler Petersen wrote: > [2920471.605928] mdadm[26249]: segfault at 8 ip 7f6cb8f0ed16 sp > 7fffd5bb20e8 error 4 in libc-2.23.so[7f6cb8e84000+1c] > [2920471.606068] Core dump to |/usr/share/apport/apport 15730 11 0 26249 pipe > failed Double-check that /usr/share/apport/apport is executable and check that debsums -ac apport doesn't report errors. Thanks signature.asc Description: PGP signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Ubuntu server inquiries and application for the mentoring program
On Fri, Apr 22, 2016 at 08:15:13AM +0800, Juan Karlo de Guzman wrote: > Moving forward, I was just wondering if you guys can help me out > utilizing the new technology that is natively supported when Ubuntu > 16.04 was released. It is the ZFS file system. That term is familiar for ZFS is an amazing tool. To get the most benefit it's worth investing a few hours of reading; I suggest starting with the excellent series of blog posts by Aaron Toponce; https://pthree.org/2012/12/04/zfs-administration-part-i-vdevs/ I've got some advice, probably duplicates much of what's in the best practices pages: - Do not use dedup - Turn on lz4 compression for the top-level dataset when creating the pool, so all datasets get it by default - raidz1, raidz2, raidz3 are good for bulk storage but slow - mirrors are faster than raidz*, but also more expensive per terabyte - if you set ashift=12 now, even on 512byte hard drives, you'll be able to replace the 512byte drives with 4k drives in the future without performance loss. (ashift=12 apparenlty interacts poorly with raidz*.) - You cannot remove a vdev from a pool. Do not make mistakes with "zpool add". I've known five or six people who've accidentally added a single, bare, drive to their pool, turning it into roughly a raid0. The way out is to destroy the pool and recreate it from your backups. - If you're using 2tb drives or larger, it's really worth using raidz2 or raidz3, or three-way mirrors. Resilvering takes long enough. - Do not use dedup There's some details specific to Ubuntu's ZFS: - Ubuntu currently doesn't support root-on-zfs. This is a huge amount of work for a distribution to support, so I'm not surprised it didn't happen for 16.04 LTS. I recommend skipping it yourself, though I understand Richard Laager is preparing a HOWTO that may be useful if you want it anyway. - Ubuntu currently doesn't ship a cronjob or systemd job to schedule scrubs periodically. You really should do one yourself in the meantime. - Ubuntu currently doesn't ship a cronjob or systemd job to schedule snapshots. There's a lot to know about snapshots, so it's worth investigating tools that schedule snapshots automatically. It's truly astonishing what ZFS can do for you. In five minutes I was able to assemble nine 3TB drives into three 3-way mirrors for a total of 9TB of storage space, excellent redundancy, and excellent throughput that rivals consumer SSDs with large enough operations, compression, and checksums. All this is before using a l2arc or slog device to push speeds through the roof. > server has less than 4 GB of RAM then a 32-bit version of the server > should be used so that the memory won't be entirely wasted. Although, > feel free to correct me if I'm wrong. While it's true that 64bit systems on small memory VMs is slightly wasteful with pointer sizes, I think the benefits of 64 bit systems outweighs the downsides in almost all cases: - more CPU registers are free for use - more CPU instructions are available for more effecient use of data - better address space layout randomization makes certain kinds of attacks far less likely to succeed. - If all instances in your organization are 64 bit, your squid-deb-proxy or similar tools will have better hit rates with less storage. Have fun with your new toys :) I sure am. Thanks signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Xenial on USB stick install can't detect itself
On Thu, Apr 07, 2016 at 12:20:24PM +1000, Mark Constable wrote: > The usb stick with the server iso is fine and the usb keyboard/mouse works > okay on this hardware, it's the destination installation on yet another usb > stick that is the problem. When I boot onto the installed OS the initrd does > not detect the partition UUID and drops me to the initramfs prompt and the Ah, I see. It feels unlikely to be your issue, but you may wish to fiddle with the switch in your bios that controls between legacy bios, uefi, and a combination of the two.. my first install attempt didn't work because I used the "both" setting in my bios. Thanks signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Xenial on USB stick install can't detect itself
On Wed, Apr 06, 2016 at 10:28:51PM +1000, Mark Constable wrote: > Is this expected behavior with xenial server installs and if so how can > I work around this and force USB modules to be installed to initrd? Which image did you start from? I did a recent hardware install using ubuntu-16.04-beta2-server-amd64.iso (0f948fea5a587a62a873d2c001948a6ffbda20b67b05a468006caf9dfd41bcd7) and was able to see both the USB installer stick as well as the usb keyboard I used to drive the installation. Thanks signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [PHP7] Request for testing
On Fri, Apr 01, 2016 at 05:28:32PM -0700, Nish Aravamudan wrote: > For a few packages, our best (only) option is to update major versions > to get PHP7 support [the alternative being dropping them from the > archive]. The three I have hit so far are: > drupal7 [drupal8] (7.41 -> 8.0.5) I think it is a mistake to add drupal8 to our archives. No one has tended to existing versions: http://people.canonical.com/~ubuntu-security/cve/pkg/drupal6.html http://people.canonical.com/~ubuntu-security/cve/pkg/drupal7.html Anyone installing drupal from our archives is getting something that we know is old and has security issues. Packaging drupal is providing negative value to our users. If someone absolutely must run drupal, they'd be best served to run an upstream tarball. Then it is clear who has the burden of following updates. Unless someone has a serious committment to SRUing every single upstream update for the life of 16.04 LTS I think we'd be better off dropping drupal entirely. Thanks signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Calling for Server Guide reviewers/contributors - - XENIAL
On Tue, Mar 22, 2016 at 06:29:30AM +0530, Om Prakash wrote: > md is a good writing format and can use gollum > https://github.com/gollum/gollum, this is a markdown wiki, particularly > handy when we are writing doc in markdown and want to ensure our > markdowns are rendering properly. I've found this website very useful for comparing the markdown output of multiple renderers: http://johnmacfarlane.net/babelmark2/?text=-+one%0A+-+two%0A++-+three%0A+++-+four%0A-+five%0A+-+six%0A++-+seven%0A+++-+eight Or if you want a shorter URL but less interesting output: http://johnmacfarlane.net/babelmark2/?text=-+hi Thanks signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: kGraft/kPatch Support on 16.04 LTS
On Tue, Jan 26, 2016 at 07:51:05PM +, Raja Genupula wrote: > if we are using kernel 4.X , this feature will be default right ? Having the feature in the kernel is different from having the infrastructure available to manage live patches on the computers in an organization and from having the infrastructure to prepare and test the live patches. I won't speculate on how these services will be delivered to end users; perhaps the best thing to do is to talk with your account representative if you have one. I just want to point out that there's a lot more to live patching than turning on a kernel configuration option. Thanks signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: SoftEther VPN package for ubuntu
On Sun, Sep 06, 2015 at 08:41:33AM +0300, Dmitry Verkhoturov wrote: > There is a GPL VPN-server named SoftEther VPN > (https://github.com/SoftEtherVPN/SoftEtherVPN) which is still not What does this offer compared to l2tpns or xl2tpd or l2tp-ipsec-vpn? Thanks signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: NGINX in Ubuntu: Course of Action - Opinions Please
On Fri, Jun 12, 2015 at 12:54:03PM -0400, Thomas Ward wrote: > If we go NGINX Mainline, we must support 1.9.x and many new additionally > developed features for both Wily, and likely the next LTS (16.04). We > must also handle bugs that come from those additional features, some of > which we won't easily be able to resolve. And as we know, an > actively-developed branch is not necessarily the most stable. I think following Debian and importing 1.9.x makes sense: - it's traditional - it'll provide some bugreports to nginx from enthusiast users - it'll provide us with knowledge of what's coming in (hypothetical) 1.10 before 16.04 LTS Going with 1.9.x now does run the risk that we'll be "stuck" with it for 16.04 LTS rather than 1.10. Hopefully it'll just be a few small changes away from the 1.10 that nginx is planning on releasing in April. (If we're lucky we might even get them to aim for an early-enough release that 1.10 can be included in 16.04 LTS.) But I think being "stuck" with 1.8.x in 16.04 LTS isn't a great position to be in -- people will want the new features -- probably better http/2.0, generic tcp loadbalancing, SO_REUSEPORT, etc. And I don't think 1.8.x will be a significant improvement in security either -- on the one hand, it will have received a year's scrutiny and updates, on the other hand, all the patches will be one year and a development cycle behind. I think on the whole the balance suggests moving to 1.9.x sooner. Thanks signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Call for testing: OpenSSL, compression security fix
Hi, I have pushed updated OpenSSL packages for Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and Saucy into the -proposed pocket. Saucy's OpenSSL has been accepted into -release. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. The packages fix the following security issues: http://en.wikipedia.org/wiki/CRIME_(security_exploit) The update disables compression before encryption for all applications, unless the OPENSSL_DEFAULT_ZLIB environment variable is defined in the program's environment at start. Please report any issues in the tracking bug: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1187195 If no issues are reported, I plan on releasing the packages as security updates in a couple of weeks. Thanks, signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam