Bug#966218: marked as done (firmware: failed to load iwl-debug-yoyo.bin (-2))
control: reopen -1 control: found -1 5.8.7-1 $ uname -a Linux foo 5.8.0-1-amd64 #1 SMP Debian 5.8.7-1 (2020-09-05) x86_64 GNU/Linux $ journalctl -k -g iwl-debug-yoyo -- Logs begin at Mon 2020-08-03 07:03:27 EDT, end at Wed 2020-09-09 16:08:47 EDT. -- Sep 09 15:53:32 foo kernel: iwlwifi :03:00.0: firmware: failed to load iwl-debug-yoyo.bin (-2)
Bug#966218: marked as done (firmware: failed to load iwl-debug-yoyo.bin (-2))
control: reopen -1 control: found -1 5.8.7-1 $ uname -a Linux foo 5.8.0-1-amd64 #1 SMP Debian 5.8.7-1 (2020-09-05) x86_64 GNU/Linux $ journalctl -k -g iwl-debug-yoyo -- Logs begin at Mon 2020-08-03 07:03:27 EDT, end at Wed 2020-09-09 16:08:47 EDT. -- Sep 09 15:53:32 foo kernel: iwlwifi :03:00.0: firmware: failed to load iwl-debug-yoyo.bin (-2)
Bug#966218: firmware: failed to load iwl-debug-yoyo.bin (-2)
Control: notfound -1 20200421-1 Control: reassign -1 src:linux Control: found -1 5.5.13-1 Control: found -1 5.7.17-1 Control: forwarded -1 https://lore.kernel.org/linux-wireless/20200625165210.14904-1-...@kernel.org/ Control: severity -1 minor Control: tags -1 + patch pending upstream fixed-upstream -- An upstream patch [0] that suppresses this (harmless) error message was merged in v5.9-rc1 [1] and should be available in 5.9 and later kernels. As a "workaround" (if the error message bothers you), you may set the iwlwifi module's "enable_ini" parameter to false (e.g., "N"). This will disable the (attempted) loading of the "iwl-debug-yoyo.bin" file -- which fails, obviously, causing this error to be generated. [0]: https://patchwork.kernel.org/patch/11625759/ [1]: https://github.com/torvalds/linux/commit/3f4600d
Bug#966218: firmware: failed to load iwl-debug-yoyo.bin (-2)
Control: notfound -1 20200421-1 Control: reassign -1 src:linux Control: found -1 5.5.13-1 Control: found -1 5.7.17-1 Control: forwarded -1 https://lore.kernel.org/linux-wireless/20200625165210.14904-1-...@kernel.org/ Control: severity -1 minor Control: tags -1 + patch pending upstream fixed-upstream -- An upstream patch [0] that suppresses this (harmless) error message was merged in v5.9-rc1 [1] and should be available in 5.9 and later kernels. As a "workaround" (if the error message bothers you), you may set the iwlwifi module's "enable_ini" parameter to false (e.g., "N"). This will disable the (attempted) loading of the "iwl-debug-yoyo.bin" file -- which fails, obviously, causing this error to be generated. [0]: https://patchwork.kernel.org/patch/11625759/ [1]: https://github.com/torvalds/linux/commit/3f4600d
Bug#951032: python-qtpy: FTBFS due to typo in debian/control
control: fixed -1 1.9.0-2 control: close -1 -- Although the most recent commit visible on salsa.d.o [0] is 4e133aca, the PTS makes reference to version 1.9.0-2 [1] which appears to have fixed this (please push the missing commits!), although debci continues to report package build failure w/ version 1.9.0-2. [0]: https://salsa.debian.org/python-team/modules/python-qtpy [1]: https://tracker.debian.org/news/1100594/ Thanks, -Jeremy
[Python-modules-team] Bug#951032: python-qtpy: FTBFS due to typo in debian/control
control: fixed -1 1.9.0-2 control: close -1 -- Although the most recent commit visible on salsa.d.o [0] is 4e133aca, the PTS makes reference to version 1.9.0-2 [1] which appears to have fixed this (please push the missing commits!), although debci continues to report package build failure w/ version 1.9.0-2. [0]: https://salsa.debian.org/python-team/modules/python-qtpy [1]: https://tracker.debian.org/news/1100594/ Thanks, -Jeremy ___ Python-modules-team mailing list Python-modules-team@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
Bug#951032: python-qtpy: FTBFS due to typo in debian/control
control: fixed -1 1.9.0-2 control: close -1 -- Although the most recent commit visible on salsa.d.o [0] is 4e133aca, the PTS makes reference to version 1.9.0-2 [1] which appears to have fixed this (please push the missing commits!), although debci continues to report package build failure w/ version 1.9.0-2. [0]: https://salsa.debian.org/python-team/modules/python-qtpy [1]: https://tracker.debian.org/news/1100594/ Thanks, -Jeremy
Bug#951032: python-qtpy: FTBFS due to typo in debian/control
Package: python-qtpy Version: 1.9.0-1 Severity: grave Tags: ftbfs Approximately 13 hours ago, commit 1e833c44 introduced a typo in the "Depends:" field for the "python3-qtpy" package in the ("python-qtpy" source package's) "debian/control" file. As a result, the "python3-qtpy" binary package and packages which depend on it, such as "git-cola", are not installable: [snip] $ sudo apt install git-cola ... The following packages have unmet dependencies: git-cola : Depends: python3-qtpy but it is not going to be installed E: Unable to correct problems, you have held broken packages. [snip] The most recent build of the "python-qtpy" source package on ci.debian.net failed for this reason, as can be seen in the test log [0]. The typo exists on line 35 [1] of the "debian/control" file. Line 35 currently reads: [snip] python3-pyqt5.qtquic, [snip] This should obviously read "python3-pyqt5.qtquick," instead. [0]: https://ci.debian.net/data/autopkgtest/unstable/amd64/p/python-qtpy/4246249/log.gz [1]: https://salsa.debian.org/python-team/modules/python-qtpy/blob/1e833c442dc9d63b2c4328f57a9ad42c4bfc7d24/debian/control#L35 Thanks, -Jeremy -- Jeremy L. Gaddis
Bug#951032: python-qtpy: FTBFS due to typo in debian/control
Package: python-qtpy Version: 1.9.0-1 Severity: grave Tags: ftbfs Approximately 13 hours ago, commit 1e833c44 introduced a typo in the "Depends:" field for the "python3-qtpy" package in the ("python-qtpy" source package's) "debian/control" file. As a result, the "python3-qtpy" binary package and packages which depend on it, such as "git-cola", are not installable: [snip] $ sudo apt install git-cola ... The following packages have unmet dependencies: git-cola : Depends: python3-qtpy but it is not going to be installed E: Unable to correct problems, you have held broken packages. [snip] The most recent build of the "python-qtpy" source package on ci.debian.net failed for this reason, as can be seen in the test log [0]. The typo exists on line 35 [1] of the "debian/control" file. Line 35 currently reads: [snip] python3-pyqt5.qtquic, [snip] This should obviously read "python3-pyqt5.qtquick," instead. [0]: https://ci.debian.net/data/autopkgtest/unstable/amd64/p/python-qtpy/4246249/log.gz [1]: https://salsa.debian.org/python-team/modules/python-qtpy/blob/1e833c442dc9d63b2c4328f57a9ad42c4bfc7d24/debian/control#L35 Thanks, -Jeremy -- Jeremy L. Gaddis
[Python-modules-team] Bug#951032: python-qtpy: FTBFS due to typo in debian/control
Package: python-qtpy Version: 1.9.0-1 Severity: grave Tags: ftbfs Approximately 13 hours ago, commit 1e833c44 introduced a typo in the "Depends:" field for the "python3-qtpy" package in the ("python-qtpy" source package's) "debian/control" file. As a result, the "python3-qtpy" binary package and packages which depend on it, such as "git-cola", are not installable: [snip] $ sudo apt install git-cola ... The following packages have unmet dependencies: git-cola : Depends: python3-qtpy but it is not going to be installed E: Unable to correct problems, you have held broken packages. [snip] The most recent build of the "python-qtpy" source package on ci.debian.net failed for this reason, as can be seen in the test log [0]. The typo exists on line 35 [1] of the "debian/control" file. Line 35 currently reads: [snip] python3-pyqt5.qtquic, [snip] This should obviously read "python3-pyqt5.qtquick," instead. [0]: https://ci.debian.net/data/autopkgtest/unstable/amd64/p/python-qtpy/4246249/log.gz [1]: https://salsa.debian.org/python-team/modules/python-qtpy/blob/1e833c442dc9d63b2c4328f57a9ad42c4bfc7d24/debian/control#L35 Thanks, -Jeremy -- Jeremy L. Gaddis ___ Python-modules-team mailing list Python-modules-team@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
[DRE-maint] Bug#946837: vagrant: Does not work with virtualbox 6.1 from unstable
A fix has been committed upstream: https://github.com/hashicorp/vagrant/commit/20ccf46 ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
Bug#946837: vagrant: Does not work with virtualbox 6.1 from unstable
A fix has been committed upstream: https://github.com/hashicorp/vagrant/commit/20ccf46
Bug#946837: vagrant: Does not work with virtualbox 6.1 from unstable
A fix has been committed upstream: https://github.com/hashicorp/vagrant/commit/20ccf46
Re: Cloudflare 1.1.1.1 public DNS different as path info for 1.0.0.1 and 1.1.1.1 london
On 2018-04-03 (Tue) at 01:22 EDT, Tore Anderson wrote: > Any plans to support NSID and/or "hostname.bind" to allow clients to > identify which node is serving their requests? For example: FWIW: $ dig @1.0.0.1 id.server. CH TXT [...] ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1536 ;; QUESTION SECTION: ;id.server. CH TXT ;; ANSWER SECTION: id.server. 0 CH TXT "dtw01" [...] -- Jeremy L. Gaddis
Cloudflare 1.1.1.1 public DNS broken w/ AT CPE
Greetings, If anyone at 7018 wants to pass a message along to the correct folks, please let them know that Cloudflare's new public DNS service (1.1.1.1) is completely unusable for at least some of AT's customers. There is apparently a bug with some CPE (including the 5268AC). From behind such CPE, the services at 1.1.1.1 are completely unreachable, whether via (ICMP) ping, DNS, or HTTPS. Using the 5268AC's web-based diagnostic tools, pinging 1.1.1.1 returns the following results: ping successful: icmp seq:0, time=2.364 ms ping successful: icmp seq:1, time=1.085 ms ping successful: icmp seq:2, time=1.160 ms ping successful: icmp seq:3, time=1.245 ms ping successful: icmp seq:4, time=0.739 ms RTTs to the CPE's default gateway are, at minimum, ~20 ms. A traceroute (using the same web-based diagnostic tool built-in to the CPE) reports, simply: traceroute 1.1.1.1 with: 64 bytes of data 1: 1.1.1.1(1dot1dot1dot1.cloudflare-dns.com), time=0 ms I haven't bothered to report this to AT through the standard customer support channels (for reasons that should be obvious to anyone who has ever called AT's consumer/residential technical support) but if anyone at AT wants to pass the info along to the appropriate group, it would certainly be appreciated. Thanks, -Jeremy -- Jeremy L. Gaddis "The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to." --John Levine
Fw: new message
Hey! New message, please read <http://singdanceplaylearn.com/these.php?7vhh> Jeremy L. Gaddis
Fw: new message
Hey! New message, please read <http://teapartyhost.com/anybody.php?d> Jeremy L. Gaddis
Fw: new message
Hey! New message, please read <http://whiteningskin.org/sea.php?bqp7> Jeremy L. Gaddis
Conservancy Helps Samsung Resolve GPL Compliance Matter Amicably (was: Re: Licensing stolen/leaked code as GPL)
Conservancy Helps Samsung Resolve GPL Compliance Matter Amicably Conservancy's GPL Compliance Project for Linux Developers is pleased to announce its role in assisting Samsung in a recent public compliance issue. The compliance issue was brought to Conservancy's attention when source code of an exFAT filesystem driver for Linux was unintentionally released via GitHub, and Conservancy later determined that similar code appeared in binary form only (thus violating GPLv2§3) in a Samsung Linux-based tablet. Samsung has made a source release available on their Open Source Release Center website. -- http://sfconservancy.org/news/2013/aug/16/exfat-samsung/ On 07/21/2013 08:24 PM, Andrei Frumusanu wrote: Hello, It has come to my attention that a recent internal leak of Samsung's kernel-space exFat driver implementation has been making the rounds around the web. Nothing we can do about that, what is out, is out. However a certain user rxrz went a bit too far with his actions: https://github.com/rxrz/exfat-nofuse He basically has stripped the original code clean of all Samsung proprietary license marks and threw GPL tags on it. When confronted with the issue; he came with the most unbelievable retort: https://github.com/rxrz/exfat-nofuse/issues/5 This went as far as being posted on Phoronix as a legitimate driver: http://phoronix.com/forums/showthread.php?81642-Native-Linux-Kernel-Module-Is-Out-For-Microsoft-exFAT Clearly this is a breach of the most severe matter. Samsung has been made aware of it, but there has been no response on the matter yet. I expect nothing less than a DCMA takedown of the repository. It's a leaked code of a proprietary exfat driver, written by Samsung, Inc. It works, you can use it. What else do you want, a signed paper from your parents on whether you can or can not use it? I'm a programmer, not a lawyer. You got the code, now decide what to do with it, it's up to you. What is wrong with such persons? This is insane. Andrei F.
Bug#694481: OpenSC: fix to provide support for ePass2003 token (#694481)
Eric, First off, thank you for updating the OpenSC package in Debian to 0.13. Bug #694481 was marked closed with your upload of 0.13.0-1 as upstream had added support for the ePass2003 token. Unfortunately, this device does not actually work as expected with the latest OpenSC package (0.13.0-2). This can be easily resolved, however, simply by enabling support for Secure Messaging (by adding --enable-sm to debian/rules) and rebuilding your package. - $ dpkg -s opensc | grep ^Ver Version: 0.13.0-2 $ lsusb | grep ePass Bus 003 Device 002: ID 096e:0807 Feitian Technologies, Inc. ePass2003 $ opensc-tool --list-readers # Detected readers (pcsc) Nr. Card Features Name 0Yes Feitian ePass2003 00 00 $ opensc-tool --name Using reader with a card: Feitian ePass2003 00 00 Unsupported card $ pkcs15-tool --dump Using reader with a card: Feitian ePass2003 00 00 PKCS#15 binding failed: Unsupported card - $ dpkg -s opensc | grep ^Ver Version: 0.13.0-2.0+jlg.1 $ opensc-tool --name Using reader with a card: Feitian ePass2003 00 00 epass2003 $ pkcs15-tool --dump Using reader with a card: Feitian ePass2003 00 00 PKCS#15 Card [jlgaddis]: Version: 0 Serial number : removed Manufacturer ID: EnterSafe Last update: 20130521042533Z Flags : EID compliant [...snip...] - The first set of output is received when using the current 0.13.0-2 .deb with a working (previously configured) ePass2003 token. The second set of output is received when using the same .deb package rebuilt with the --enable-sm option added (and with no other changes). In addition, I've tested the device extensively (I use it daily) and it has worked great with the package rebuilt with Secure Messaging support. I would normally include a patch but it seemed unnecessary in this case. If you would simply rebuild your latest package with the --enable-sm option, I believe it would resolve this issue permanently. Thanks, -Jeremy -- Jeremy Gaddis e: jlgad...@gnu.org Network Engineer m: +1.812.865.0581 PGP: 0x95E2C8FE w: evilrouters.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [WISPA] network password manager
Agreed, even flat text files will work. Personally, I've always preferred LDAP, as many other applications and devices we have deployed can make use of the same LDAP backend for centralized authentication (e.g. basic web applications such as Cacti and Dokuwiki as well as network devices from various vendors such as our Barracuda). There are plenty of applications that also support using SQL as a datastore, but they may require that you adhere to a specific schema. LDAP, in my opinion, gives me the greatest flexibility. As always, YMMV, best tool for the job, etc. -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 On Mar 31, 2013, at 2:11 AM, Butch Evans but...@butchevans.com wrote: On Sat, 2013-03-30 at 19:23 -0400, Jeremy L. Gaddis wrote: individual user accounts via RADIUS w/ an LDAP backend is the best way RADIUS backend doesn't matter. Personally, I've always used SQL backend. -- * Butch Evans* Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE!* * 702-537-0979 * ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] network password manager
As Butch mentioned, individual user accounts via RADIUS w/ an LDAP backend is the best way -- for devices that support it. For devices that don't support RADIUS/LDAP/other centralized backend and/or for credentials (or other sensitive data) that must be shared amongst multiple people, I highly recommend LastPass Enterprise: https://lastpass.com/enterprise_overview.php Note that authentication is only one of the A's in AAA. The other two, authorization and accounting, are just as important. -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 On Mar 21, 2013, at 3:04 PM, Sean Heskett af...@zirkel.us wrote: As our network grows and we keep adding more hardware I am wondering what others do with passwords to all these devices. i hate having one password that works on a lot of devices but i haven't found a good industry practice or software tool to store all this data securely. I'm thinking of looking at our network as different classes of devices and making some kind of standard password for each device class but then make the specific password for the device different by adding something to the base class password so it would be different than all the others in the class. servers routers switches UPSs BHs APs etc. what are you guys doing? any good tools out there? thanks, sean ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
[WISPA] Link: The US Needs A New Spectrum Policy
The US Needs A New Spectrum Policy http://www.avc.com/a_vc/2013/02/the-us-needs-a-new-spectrum-policy-.html -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] Router Question
* Fred Goldstein fgoldst...@ionary.com wrote: On 2/13/2013 5:19 AM, Bret Clark wrote: Since their's no such thing as a 150Mbps LAN/WAN ports, you need to get one with gigabit ports. The Mikrotik RB751G-2HnD...has 5 Gig ports and any port can be configured for WAN and/or LAN setups. Includes 2.4GHz 30dBi/1000mW 802.11b/g/n wireless is you need it. SRP is $80. Well if you want to get picky there are 150 Mbps (STS-3) ports, but they're pretty obscure nowadays. I think Cisco supports them for ATM, though it may be historical, not current product. I'm curious what the application is. Ancient Cisco stuff like that does show up on eBay at pretty low prices, but anything new and under $1k or so will probably only have Ethernet ports. Well, if you want to get picky, those would actually be (if memory serves) 155.52 Mbps and, of course, it's only called STS-3 (STS-3c, technically) if it's an electrical carrier (an optical carrier being referred to as OC-3c)... but I'm sure you know all this, Fred. While I'd certainly agree that new SONET deployments likely are few and bar between, there's still a huge installed base out there (indeed, one of our upstreams network is mostly SONET). I think it's safe to say, though, that we all know what Bret meant and that these well, *technically*, ... posts (including this one) add nothing of value to the conversation. -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] Level3 Explosion?
* Matt Hoppes mhop...@indigowireless.com wrote: Did anyone else see an explosion on the Level3 network this morning? They've been up and down all morning since around 2:30 eastern time... just recovered recently. From the e-mail notification I received from Level 3 (~13 hours before the start of the maintenance window): Emergency Maintenance Advisement - This maintenance is scheduled. ... and ... Level 3 Communications will perform a mandatory network upgrade that will be service impacting and will impact devices in multiple locations. We are upgrading the code on portions of the global network to increase stability for the overall network. During this maintenance activity customers may be impacted for approximately 30 minutes. My own guess is that they wanted to quickly get their gear upgraded so that they weren't caught with their pants down like the last time such a vulnerability was announced. In that case, someone posted (previously unknown) exploit details to the full-disclosure mailing list, forcing many to to delay patching any longer: http://seclists.org/fulldisclosure/2010/Jan/136 On a side note: if you ever want to receive a ton of hate mail from engineers at large companies and telcos, that's a good way to do it. -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Lack of SSL for Debian Wiki login (was: Re: wiki.debian.org password reset)
* Luca Filipozzi lfili...@debian.org wrote: Please recall our recent email regarding the moinmoin [1] vulnerability [2] and the penetration of Debian's wiki [3]. We have reset all password hashes and sent individual notification to all Debian wiki account holders with instructions on how to recover (and thereby reset) their passwords [4]. More technical details about the attack are available [5]. [snip] Thanks, I just reset the password on my account only to realize that SSL is not being used by default on wiki.d.o. Surely this will be fixed in the very near future? Off to change my password again, -JLG -- Jeremy L. Gaddis e: jlgad...@gnu.org Network Engineer m: +1.812.865.0581 PGP: 0x95E2C8FE w: http://evilrouters.net -- To UNSUBSCRIBE, email to debian-www-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130107000808.ga10...@hq.evilrouters.net
Re: Lack of SSL for Debian Wiki login (was: Re: wiki.debian.org password reset)
* Luca Filipozzi lfili...@debian.org wrote: On Sun, Jan 06, 2013 at 07:08:08PM -0500, Jeremy L. Gaddis wrote: Thanks, I just reset the password on my account only to realize that SSL is not being used by default on wiki.d.o. Yes. :/ Surely this will be fixed in the very near future? DSA and DWA are in discussion about enforcing encryption at all authentication points. We're currently debating the pros/cons of using a commercial SSL cert vs a Debian SSL cert. Given the dubious value of commercial certificates, I'm in favour of the latter but I appreciate that some users will find the browser warnings to be confusing. Coincidentally, I'm taking a break from rolling out a new (internal only) PKI infrastructure at $work to write this e-mail. Enforcing encryption at any/all authentication points is something that, I hope, should not even need discussing. It should be enabled at any such points. If money wasn't a concern, I'd be in favor of rolling out commercial certificates everywhere simply to avoid any of the browser warnings. I'll admit ignorance when it comes to not knowing how or where Debian uses SSL certificates on public-facing infrastructure (although a quick check seems to indicate SSL isn't enabled on www.d.o), but I see no reason why certificates signed by SPI's CA (whose certificate is included in ca-certificates) could not be used. Alternatively, perhaps certificates from CAcert.org for public-facing services (does anyone besides Debian include their root CA certificate) and certificates from a private CA for use on Debian internal services? Obviously, there are a number of things to consider; I'm simply tossing out ideas at this point. OTOH, I'd argue that if one wishes to maintain content at wiki.debian.org, then one should understand the basics of PKI. What do you think? Agree. Being technical folks, I would guess that a large number of Debian users *do* understand the basics of PKI and why a certificate signed by a commercial CA is not technically more secure than one signed by a private CA. For those who don't, well, they should be able to understand why after ten minutes of reading. -- Jeremy Gaddis -- To UNSUBSCRIBE, email to debian-www-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130107024611.gb10...@hq.evilrouters.net
Re: Lack of SSL for Debian Wiki login (was: Re: wiki.debian.org password reset)
* Charles Plessy ple...@debian.org wrote: Le Mon, Jan 07, 2013 at 01:41:49AM +, Luca Filipozzi a écrit : OTOH, I'd argue that if one wishes to maintain content at wiki.debian.org, then one should understand the basics of PKI. What do you think? how about Debian Single Sign On (https://sso.debian.org) ? Unfortunately, that is not an option for everyone at this time. From http://wiki.debian.org/DebianSingleSignOn: The web password single signon method only works for Debian Developers. While I may make a few contributions here and there, for example, I am not a DD. I would suspect there are a great number of wiki editors, for example, that are not DDs. I am not sure if wiki supports Debian SSO or not. If not, hopefully that support will be added in the future. In the meantime, however, requiring encryption when logging in to any site is a good idea. Actually, I'll go one step further and say that *not* requiring encrypted authentication is a *very bad idea*. -- Jeremy Gaddis -- To UNSUBSCRIBE, email to debian-www-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130107025232.gc10...@hq.evilrouters.net
Bug#669643: ITP: bugzilla4 -- web-based bug tracking system
* m...@everybody.org m...@everybody.org wrote: Package: wnpp Owner: Mark A. Hershberger m...@everybody.org Severity: wishlist * Package name: bugzilla4 Version : 4.0.6 Upstream Author : Mozilla Corp * URL or Web page : http://bugzilla.org/ * License : MPL Description : web-based bug tracking system Hi Mark, I was curious if an upload was coming anytime soon? Thanks, -Jeremy -- Jeremy Gaddis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#612662: ITP: libpam-yubico -- Yubico PAM Module
* Aníbal Monsalve Salazar ani...@debian.org wrote: Do you have debian packages for libpam-yubico and libapache2-mod-authn-yubikey? I would like to test them with my yubikey. I would also be interested in testing these packages. Do you have an update on your ITP, Alexandre? Thanks, -Jeremy -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669643: ITP: bugzilla4 -- web-based bug tracking system
* m...@everybody.org m...@everybody.org wrote: Package: wnpp Owner: Mark A. Hershberger m...@everybody.org Severity: wishlist * Package name: bugzilla4 Version : 4.0.6 Upstream Author : Mozilla Corp * URL or Web page : http://bugzilla.org/ * License : MPL Description : web-based bug tracking system Hi Mark, I was curious if an upload was coming anytime soon? Thanks, -Jeremy -- Jeremy Gaddis -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121225183918.ga9...@hq.evilrouters.net
Bug#612662: ITP: libpam-yubico -- Yubico PAM Module
* Aníbal Monsalve Salazar ani...@debian.org wrote: Do you have debian packages for libpam-yubico and libapache2-mod-authn-yubikey? I would like to test them with my yubikey. I would also be interested in testing these packages. Do you have an update on your ITP, Alexandre? Thanks, -Jeremy -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121226002123.ga26...@hq.evilrouters.net
Re: [WISPA] Ubiquiti Radios as routers
* Fred Goldstein fgoldst...@ionary.com wrote: At 10/12/2012 10:23 AM, Tim Densmore wrote: There's a real market gap not quite being filled by our usual WISP vendors MT and UBNT. MT has a new CPE router with SFP support. This would be great for a regional CE fiber network. Let's say you have a building (say, Town Hall) with multiple tenants in it, each with a separate IP network (say, Town administration, Police, and School Admin). You'd want to be able to drop off one fiber with separate VLANs (virtual circuits) for each network, isolating the traffic from each other. An MEF switch is cheaper than a real Cisco router but a I can't speak to Ubiquiti but Mikrotik RouterOS certainly supports MPLS and VPLS (and LDP and OSPF and BGP). The design you describe is exactly what the majority of the world is using MPLS VPNs for -- utilizing, of course, LDP and BGP (and occasionally OSPF between CE and PE). Unless I'm missing something... -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] EOIP/GRE Performance
* Nick Olsen n...@flhsi.com wrote: [snip] The cable connections are normally 50Mb/s down, 5Mb/s up. If I run a bandwidth test inside the tunnel, I can only get 25-30Mb/s down. Outside the tunnel, It does the full 50Mb/s. This is the same for every cable connection we have. They are all terminating back to a RB493G in our rack sitting on GigE. I can even run multiple bandwidth tests to all of the locations and get an aggregate of 200Mb/s but no more then 25-30 to any single endpoint. And ideas? Does the latency increase on your throughput tests inside the tunnel? Are you considering fragmentation/MTU issues? -- Jeremy L. Gaddis e: jer...@as54225.net CCNP/JNCIA/ASE m: +1.812.865.0581 Network Engineer w: evilrouters.net ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] Future of Wifi Offloading WAS: Ericsson is buying BelAir, betting on Wi-Fi
On Jan 26, 2012, at 11:22 PM, John Scrivner wrote: Here are my predictions based partly upon the acquisitions we have seen of Atheros by Qualcomm and now this latest play into Wifi by otherwise generally licensed zealots of the mobile world: [snip] I predict we'll see all this come to pass by 2017-18. We'll see how clear my crystal ball is in a few years. I hope you guys will remember this then and be sure to pull it up and make fun of me for being so far offor not!:-) I predict you'll see it well before that. Someone else in the thread mentioned Comcast and Time Warner planning to roll out thousands of access points. Remember that both of these companies are also in the cellular game now. What's (one of) the biggest problem(s) cellular carriers are facing right now? The explosion in data traffic. They *need* to offload as much data traffic off of their networks as they can. They simply cannot handle the projected long-term growth in data traffic. Enter 802.11u. -- Jeremy L. Gaddise: jer...@as54225.net Network Engineerm: +1.812.865.0581 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [lopsa-tech] Recommendation on managed fiber-to-copper meda converter?
* Will Dennis wden...@nec-labs.com wrote: Yes, I thought of that, but a good managed switch would most probably cost more than a good media converter... And since it's inline to our main Internet connection, I don't want to use a cheap-o switch ;) A switch will be more expensive, but you can also use it for more. I would avoid the use of a media converter if at all possible. I *might* use one on a non-critical link, but not inline w/ my primary Internet connection (especially if it was my *only* Internet connection) -- Jeremy L. Gaddis ___ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
[Logcheck-devel] Bug#637918: tagging 637918
# fixed in 6b0c4445 by Hanspeter tags 637918 +pending thanks commitdiff: http://goo.gl/gUD3A -- Jeremy L. Gaddis ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#637916: tagging 637916
# fixed in e4f4889a tags 637916 +pending thanks -- Jeremy L. Gaddis ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#637923: tagging 637923
# fixed in 7f8efa8d tags 637923 +pending thanks -- Jeremy L. Gaddis ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
Bug#637918: tagging 637918
# fixed in 6b0c4445 by Hanspeter tags 637918 +pending thanks commitdiff: http://goo.gl/gUD3A -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637916: tagging 637916
# fixed in e4f4889a tags 637916 +pending thanks -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#637923: tagging 637923
# fixed in 7f8efa8d tags 637923 +pending thanks -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [Logcheck-devel] Requesting clarification on a few things
martin f krafft madd...@debian.org wrote: also sprach Jeremy L. Gaddis jlgad...@gnu.org [2011.07.08.0624 +0200]: One thing that Hannes mentioned was in response to commits 5f7da05[1] and cf5e9d3[2] which I made to address bug #590559[3]. As he mentioned in his email, webmin was removed from the Debian archive over five years ago[4]. He Cc:'d madduck asking what the policy is for rules for packages that have been removed from Debian. My personal thought was that since they were still there, they might as well be updated. For clarification and future reference, I am interested in knowing what the policy is as well. I do not think there is a policy. It makes sense to keep filters around while any version of Debian still has a package (due to backports), but when Debian does not have the package at all anymore, then there is no real reason to carry over the weight??? Right. I was a bit confused since webmin had long ago been removed, yet the filters for it was still present. Makes sense to me to remove it. Currently, I am trying to figure out the proper thing to do with regard to bug #621373[7]. This is a request for two rules related to log messages generated by avahi-daemon. As of now, there are no rules in logcheck-database for Avahi. Is there some process for deciding if it is appropriate to add them or do we just go ahead (which seems like the logical decision to me). It would make much more sense to distribute the filters in the avahi-daemon package. I agree. In an ideal world, I think logcheck-database wouldn't contain much besides filters for kernel messages. All of the other filters (for specific software) would be included in the respective packages. Related to that, can I assume that the proper file to create would be i.d.s/avahi-daemon instead of i.d.w/avahi-daemon? Avahi is often present on both servers and workstations so it would seem appropriate to put it under i.d.s since those rules will get applied when REPORTLEVEL is set to workstation as well as server. I really do not see a reason why one would have Avahi on a server, so I'd tend to put it into the workstation pool. If you disagree, then use your own judgement. I agree with you totally and I wouldn't personally run Avahi on any of my servers, but I've seen it done. Workstation it is. Bug #617232[9] mentions rules which match on IPv4 addresses but will not match IPv6 addresses. Should we begin updating rules so that both IPv4 and IPv6 addresses will be matched? Is there a preferred methodology for doing this, or is it okay to simply start working on it now? Rather than hacking the regexps, this should really be done by finally introducing macros/templates/patterns into rulefiles. From what I gathered (either from the archives or the wiki, I forget which), it seems that this idea has been floating around for a while but hasn't really taken off yet. Is anyone [interested in] leading this effort? Thanks for your time and effort. I hope I answered all questions. I appreciate the reply, martin. You've basically reinforced my previous thought which was use your best judgment. If I make the wrong decision, well, that's what git revert is for. Thanks, -j -- Jeremy L. Gaddis ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] RulesToDo - madduck's IMAP mailbox
All, Is the IMAP mailbox mentioned on the RulesToDo page up-to-date, current, and/or still being used? Most stuff there looks a few years old. Can I assume that it is still desireable to have rules created for the log messages shown in that mailbox? Thanks, -j -- Jeremy L. Gaddis ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
Bug#589600: f5vpn-login: changing back from ITP to RFP
retitle 589600 RFP: f5vpn-login -- F5 VPN command-line client noowner 589600 thanks I'm reverting this back from ITP to RFP. I attempted to get in touch with the upstream author to discuss the ITP and to see if he would be willing to establish a scheme for version numbering and other minor details which would assist in packaging the application for Debian, but never received a response. In addition, I have left my previous position and no longer have access to any F5 Firepass devices to use for testing. Thanks, -j -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#589600: f5vpn-login: changing back from ITP to RFP
retitle 589600 RFP: f5vpn-login -- F5 VPN command-line client noowner 589600 thanks I'm reverting this back from ITP to RFP. I attempted to get in touch with the upstream author to discuss the ITP and to see if he would be willing to establish a scheme for version numbering and other minor details which would assist in packaging the application for Debian, but never received a response. In addition, I have left my previous position and no longer have access to any F5 Firepass devices to use for testing. Thanks, -j -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110708050426.gb23...@lab.evilrouters.net
Bug#616659: logcheck ignore rules for rsyslogd
reassign 623058 rsyslog thanks Karl, The rsyslog package provides the ignore rules for logcheck: $ dpkg -S /etc/logcheck/ignore.d.server/rsyslog rsyslog: /etc/logcheck/ignore.d.server/rsyslog There is also an existing bug for this (#616659) and perhaps they should be merged. Thanks, -j -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#621373: avahi-daemon rule
Ian Langdon ilang...@trapeze.com wrote: \w{3} [ :0-9]{11} [._[:alnum:]-]+ avahi-daemon\[[0-9]+\]: Invalid query packet.$ \w{3} [ :0-9]{11} [._[:alnum:]-]+ avahi-daemon\[[0-9]+\]: last message repeated [[:digit:]] times$ Second rule should probably be [[:digit:]]+: last message repeated 9 times would match, but last message repeated 10 times wouldn't. Thanks Ian, -j -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#281915: bind9-doc: RR types table confuses A6 with AAAA, saying AAAA is obsolete
#281915 does not appear to exist in 1:9.7.3.dfsg-1. -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#539944: RFH: logcheck -- mails anomalies in the system logfiles to the administrator
Request to join Alioth project logcheck sent. Thanks, -Jeremy -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#539944: RFH: logcheck -- mails anomalies in the system logfiles to the administrator
Request to join Alioth project logcheck sent. Thanks, -Jeremy -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110405114900.gh5...@lab.evilrouters.net
Bug#589600: ITP: f5vpn-login -- F5 VPN command-line client
retitle 589600 ITP: f5vpn-login -- F5 VPN command-line client owner 589600 jlgad...@gnu.org thanks Package name: f5vpn-login Version : 20101015 Upstream Author : James Y. Knight, f...@fuhm.net URL : http://fuhm.net/software/f5vpn-login/ License : GPL v3 Language: C, Python Description : F5 VPN command-line client f5vpn-login allows you to connect to an F5 VPN server without using their browser plugin. You can connect to a VPN automatically or non- interactively using this software. This software does not have the full functionality of the official F5 VPN client; it merely supports establishing a connection to the VPN. -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#589600: ITP: f5vpn-login -- F5 VPN command-line client
retitle 589600 ITP: f5vpn-login -- F5 VPN command-line client owner 589600 jlgad...@gnu.org thanks Package name: f5vpn-login Version : 20101015 Upstream Author : James Y. Knight, f...@fuhm.net URL : http://fuhm.net/software/f5vpn-login/ License : GPL v3 Language: C, Python Description : F5 VPN command-line client f5vpn-login allows you to connect to an F5 VPN server without using their browser plugin. You can connect to a VPN automatically or non- interactively using this software. This software does not have the full functionality of the official F5 VPN client; it merely supports establishing a connection to the VPN. -- Jeremy L. Gaddis -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110326100125.gd...@lab.evilrouters.net
Re: Router only speaks IGP in BGP network
On 12/25/2010 3:36 AM, Mark Tinka wrote: On Friday, December 24, 2010 07:26:43 am Randy Bush wrote: and do NOT redistribute bgp into ospf. This is good truth. Don't redistribute your BGP into the IGP (or vice versa). I'm not even sure OSPF would handle it in this day - but you don't want to find out. Oh please. OSPF loves it when you shove a few 100k routes into it. -- Jeremy L. Gaddis
Re: FUD: 15% of world's internet traffic hijacked
Hanlon's razor? On Dec 1, 2010 6:43 PM, Brett Watson br...@the-watsons.org wrote: On Dec 1, 2010, at 4:17 PM, Christopher Morrow wrote: sometimes I love to pull your chain... :) I agree though that folks won't publish this data (in general) directly, for whatever reason. Also, right '15% of traffic' really should have been '15% of routes*' Agreed, I should have been more clear. I wasn't implying that much traffic either, but rather 15% of global prefixes. I was more focused on, Seems clear enough that traffic *transited* China ASNs, as opposed to being blackholed as we seen in many hijacks. Further, in hopes of generating discussion... I've seen a lot of comments along the lines of this was likely an accident, misconfiguration, or fat-finger... I'm having a really hard time figuring how, if traffic not only diverted to China but *transited* China, this could be any kind of mistake. I'm not able to get my fingers or thumbs to randomly (seemingly) select approximately 15% of all prefixes, originate those, modify filters so I can do so, and also somehow divert it to another router that doesn't have the hijacked prefixes I'm announcing but rather forwards the source traffic on to it's intended destination. I can't seem to work all of that out into any kind of accident. Anyone? -b
Bug#577111: rancid: terminal length 0\r breaks for some Procurve switches
I'm having the same experience as James Zuelow. Same version of the installed packages and same issue. Issuing terminal length 0\n breaks rancid collection on some ProCurve switches that I have (5406zl and 5412zl's). Thanks, -j -- Jeremy L. Gaddis http://evilrouters.net/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
[Registry] [Bug 115381] Re: [apport] BloGTK.py crashed with ImportError in ?()
@Sam (#3) and @Mariusz (#4): Installing python-gtkhtml2 package from Debian (http://packages.debian.org/sid/python-gtkhtml2), while not the best solution, was a successful workaround for me. -- [apport] BloGTK.py crashed with ImportError in ?() https://bugs.launchpad.net/bugs/115381 You received this bug notification because you are a member of Registry Administrators, which is the registrant for Debian. ___ Mailing list: https://launchpad.net/~registry Post to : registry@lists.launchpad.net Unsubscribe : https://launchpad.net/~registry More help : https://help.launchpad.net/ListHelp
[Bug 115381] Re: [apport] BloGTK.py crashed with ImportError in ?()
@Sam (#3) and @Mariusz (#4): Installing python-gtkhtml2 package from Debian (http://packages.debian.org/sid/python-gtkhtml2), while not the best solution, was a successful workaround for me. -- [apport] BloGTK.py crashed with ImportError in ?() https://bugs.launchpad.net/bugs/115381 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Full-disclosure] JunOS malformed TCP options vulnerability
This works for me: $ cat junos-crash.pl #!/usr/bin/perl my $host = shift; my $port = shift; use Net::Packet qw($Env); use Net::Packet::IPv4; my $ip =Net::Packet::IPv4-new(dst = $host); use Net::Packet::TCP; my $tcp = Net::Packet::TCP-new( dst = $port, options = \x65\x02\x01\x01, ); use Net::Packet::Frame; my $frame = Net::Packet::Frame-new(l3 = $ip, l4 = $tcp); $frame-send; exit 0; -- Jeremy L. Gaddis http://evilrouters.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [OSL | CCIE_RS] Detailed solution page 701 TASK 24.3
On Dec 26, 2009, at 3:02 PM, Ahmed Haji Munye wrote: Of course these configs are basic for you, but not for especially if I did not come across these configs earlier. That is why I am here and I would like to learn, Because its better to come across these commands in a lab environment and do mistakes than in the Lab and exam room. :) Many on this list would be wise to learn how to use the DocCD. It is available (at least, partially) in the lab, while the guys at IPexpert are not. A little RTFM will go a long way. Teach a man to fish ... -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_RS] how to use iperf with GNS3
On Mon, Dec 21, 2009 at 10:24 AM, Taqdir Singh singh.taq...@gmail.com wrote: Could you please share, how can I use ipperf on windows ? I have downloaded ipperf from two websites, when I click on .exe files it just blinks and disappears and windows DOS promt says no command C:\iperf 'iperf' is not recognized as an internal or external command, operable program or batch file. I will be actually making microsoft loopback adapter and then I want to generate diff diff traffics. It would be of great help if anycan can share ,1) from where to install, 2)after installing what steps to do..,3) what are commands and 4) how can I generate diff diff traffic Perhaps you were looking for the GroupStudy list? -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_RS] can we shut down (power off) router
On Wed, Dec 16, 2009 at 10:22 AM, Taqdir Singh singh.taq...@gmail.com wrote: hi all , just curious to know can we shut down (power off ) the router / switch remotely like we can shutdown any PC or server remotely ? Remote control power strips. /offtopic -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_RS] I cant log into IPexpert :(
What, you expect people to actually *read*!? On 12/6/09, CCIETalk.com cciet...@gmail.com wrote: I wish everyone read the initial email where Mike Down stated that who ever wants to use workbooks needs to open them ahead of time so they dont run into this issue :) Another reason to FOLLOW IPX on Twitter/Facebook. I have been working on my workbooks without any issues. On Sun, Dec 6, 2009 at 11:09 AM, Wayne Lawson groupst...@ipexpert.comwrote: Haresh - we're working on this and will have this resolved within the next 24 hours. In the meantime - I've copied support. I believe there is a work around that has been created. Regards, Wayne A. Lawson II - CCIE #5244 Founder President - IPexpert Mailto: wlaw...@ipexpert.comwlaw...@ipexpert.com Telephone: +1.810.326.1444, ext. 101 Live Assistance, Please visit: http://www.ipexpert.com/chat www.ipexpert.com/chat eFax: +1.810.454.0130 ::Message sent from iPhone:: IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (RS, Voice Security), CCNP, CCVP, CCSP and CCIE (RS, Voice, Security Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com. On Dec 6, 2009, at 11:05 AM, Haresh Parikh hares...@hotmail.com wrote: Is there any time limit when members will have login? -- Date: Sun, 6 Dec 2009 10:19:52 -0500 From: r...@ipexpert.comr...@ipexpert.com To: edward.bod...@unisys.comedward.bod...@unisys.com CC: ccie_rs@onlinestudylist.comccie_rs@onlinestudylist.com Subject: Re: [OSL | CCIE_RS] I cant log into IPexpert :( IPexpert is currently in the process of changing over to our new website. We are working to ensure that this process goes as quickly and smoothly as possible. At this time we are working to transfer all customers' data and files to the new server. Customers may not find files in their account and have issues logging into the new site until all transfers have been completed. We apologize for any inconvenience this has caused. The IPexpert team appreciates your patience and understanding. If you go to http://ipxweb001.ipexpert.com/http://ipxweb001.ipexpert.com You will be able to use your credentials to log into your account. You will need have your web browser settings to not check for security certificates in order to access the site. You will need to download the workbook files again and authenticate. On Sun, Dec 6, 2009 at 9:59 AM, Bodnar, Edward edward.bod...@unisys.com edward.bod...@unisys.com wrote: Can anybody help trying to do labs today and I cant open any of them. IP expert web site is asking me from an e-mail address and a username. I am not able to log in. ___ For more information regarding industry leading CCIE Lab training, please visit http://www.ipexpert.com/www.ipexpert.com -- If I can be of further assistance, please let me know. -- Ryan Barnum Technical Support Engineer - IPexpert, Inc. Telephone: +1.810.326.1444 x 205 Fax: +1.810.454.0130 Mailto: r...@ipexpert.comr...@ipexpert.com -- Join our free online support and peer group communities: http://www.ipexpert.com/communitieshttp://www.IPexpert.com/communities -- IPexpert - The Global Leader in Self-Study, Classroom-Based, Video-On-Demand and Audio Certification Training Tools for the Cisco CCIE RS Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. -- -- Windows Live: Make it easier for your friends to see what you’re up to on Facebook. http://go.microsoft.com/?linkid=9691811 ___ For more information regarding industry leading CCIE Lab training, please visit http://www.ipexpert.comwww.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com -- www.ccietalk.com -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_RS] CCIE_RS Digest, Vol 48, Issue 1
On Wed, Dec 2, 2009 at 8:59 PM, Jean-Marie Ngok jm.n...@yahoo.fr wrote: I have a problem with a multicast configuration. I am working with cisco 360 learning program (Advanced Workshop II) I need to understand why the mentor guide configure a static RP without putting the RP (Loopback 104 on router 4) in sparse mode. First off, see the following, which appears near the top of the digests: When replying, please edit your Subject line so it is more specific than Re: Contents of CCIE_RS digest... Second, create a new thead when you're not actually replying. Third, learn to trim the irrelevant stuff (don't over-quote). Fourth, this list is for IPexpert, not Cisco 360. Explain me i don't understand well. I'll say... -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_RS] EIGRP distribute-list
On Nov 23, 2009, at 12:52 AM, erik.fairbanks@fe.navy.mil erik.fairbanks@fe.navy.mil wrote: Every set metric example explicitly identifies BGP, OSPF, and RIP as supported - not EIGRP. I am not 100% sure why you can't manipulate an inbound metric within IOS to reflect whatever you like. It might be a software deficiency. It seems like it could be useful to manipulate route metrics to easily implement load balancing between EIGRP routes. The composite metric can be manipulated by using an offset-list. -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_RS] stack ports in GNS3
On Mon, Nov 23, 2009 at 9:09 AM, Taqdir Singh singh.taq...@gmail.com wrote: could any1 please suggest if we can do stacking practicals 3750 in GNS3/dynamips ? From the Dynamips / Dynagen Tutorial[0]: Although Dynamips provides a simple virtual switch, it does not emulate Catalyst switches (although it does emulate the NM-16ESW). [0]: http://www.dynagen.org/tutorial.htm -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_RS] Core Knowledge Quizzer Question 38 : BGP
On Mon, Nov 23, 2009 at 12:13 PM, pra pa patelpr...@hotmail.com wrote: Thx. I did not paly with all that different strings but nice to know. :-) So in short * can include space in AS path string i.e. _ and it covers any multiples too. . matches any character. .* matches any character any number of times. + matches the previous character one or more times. _ matches a space. An excellent reference for regular expressions is O'Reilly's _Mastering Regular Expressions_, though it is geared towards the UNIX world (there are some slight differences). -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_RS] Configure VLANS 2567 and 567 to be in area 567. DOnot use are 567 in any commands
0.0.2.55 == area 567 0.0.2.255 == area 767 Likely just a typo in the solution. -- Jeremy L. Gaddis http://evilrouters.net/ On Sat, Oct 31, 2009 at 2:06 PM, Joe Astorino jastor...@ipexpert.com wrote: Convert 567 to binary as a 32-bit number. Take that 32 bits and express it in dotted decimal Regards, Joe Astorino - CCIE #24347 RS Technical Instructor - IPexpert, Inc. Cell: +1.586.212.6107 Fax: +1.810.454.0130 Mailto: jastor...@ipexpert.com -Original Message- From: Ahmed Haji Munye ahmhaj...@yahoo.se Date: Sat, 31 Oct 2009 17:54:09 To: CC IEccie_rs@onlinestudylist.com Subject: [OSL | CCIE_RS] Configure VLANS 2567 and 567 to be in area 567. DO not use are 567 in any commands ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_RS] Mark Snow Left Ipexpert?
On Wed, Oct 28, 2009 at 3:08 PM, nicholas golden nickst...@yahoo.comwrote: So I was checking my ccie blogs and saw a snippet that Mark snow took off to work for INE. So first it was Scott Morris and now Mark Snow now working for INE. I guess some restructuring is going on at Ipexpert or something? Just curious as to why he took off, if this is indeed true? Curiosity is making mecurious. This has been discussed already on the voice list: http://www.mail-archive.com/ccie_vo...@onlinestudylist.com/index.html#12749 -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: [OSL | CCIE_RS] so why 2950 supports 64 vlans?
You're joking, right? On 10/27/09, Bayan Sardari bayan.sard...@yahoo.com wrote: hi all thanks for your good comments but if 2950 doesen't support more than one ip why does it support 64 vlans?it means we coulden't have more that one vlan on it?we coulden't link it to a router (2621 for example)and do intervlan routing? i am confused! bayan -- Jeremy L. Gaddis http://evilrouters.net/ ___ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Re: Verio taking twitter down during Iran Election Riots?
On Tue, Jun 16, 2009 at 12:05 PM, Steve Pirkor...@pirk.com wrote: There are some, ehrm, boxen out on the 'net to allow them to get around the active blocking going on, but most of the citizen reporters are unable to even get a conection to allow proxying out. Some serious censoring of 'net access going on. Doesn't DCI still control things there? If so, they could cut Iran off from the world very easily if they wanted. -- Jeremy L. Gaddis http://evilrouters.net/
Minnesota Sends List of Blacklisted Gambling Sites to ISPs, Telcos
With regard to the recent discussion... Late last month the Minnesota Department of Public Safety announced it would require ISPs and telcos to block computers located in the state from accessing gambling sites, and said non-compliant companies would be referred to the FCC. Now, the state has sent each ISP and telco the enclosed blacklist of sites and URLs. http://www.govtech.com/gt/articles/656645 -- Jeremy L. Gaddis
Re: Dynamic IP log retention = 0?
On Wed, Mar 11, 2009 at 12:57 PM, Alec Berry alec.be...@restontech.com wrote: block in log quick from evil to any label evil RFC 3514? :-) -- Jeremy L. Gaddis http://evilrouters.net/
Re:
On Mon, 12 Jan 2009, Reese wrote: I once had a legitimate difficulty and posted to this list as a direct result. As I was moderated at the time, my post was denied with the provided reason that it was not appropriate for this list. An attempt to identify the source ISP of a troublesome IP was not appropriate but the below (and etc.) is? Still, still, exercising undue discipline - unlike others. http://tinyurl.com/6q7g3m ? -- Jeremy L. Gaddis http://evilrouters.net
Re: [c-nsp] Procurve DHCP relay question
On Thu, 8 Jan 2009, Eric Cables wrote: I'm in the middle of a transition from HP - Cisco, with an HP 2848 as the core, so sorry if this e-mail is off topic. I am having a hard time getting DHCP relay to work, and was hoping someone with HP experience could chime in with some assistance. I've created a new VLAN, and have specified a helper-address to point to a DHCP server that manages dozens of scopes. The new VLAN functions fine, assuming users are given a static address, but DHCP does not appear to work at all. Hi Eric, I'm not sure how helpful this might be (it seems you've already taken the necessary steps), but here's a cut and paste from a production switch doing the same thing (a 5400 in this case): vlan 4071 name VLAN4071 ip helper-address 10.144.16.2 ip address 10.144.1.65 255.255.255.192 tagged A1-A4,Trk1 exit HTH, -j -- Jeremy L. Gaddis http://evilrouters.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Looking for Fedora merchandise for Fedora promotion
On 10/15/07, Hans de Goede [EMAIL PROTECTED] wrote: Since we do a lot with and somethings for Fedora we would also like to give Fedora a prominent place there, so I'm looking for things like T-shirts, but also things like maybe a big blue flag with the Fedora logo on it etc. I know the Fedora have stuff like this, so I have 2 questions: 1) Can we get / buy stuff like this? 2) If the answer to 1 is yes, how / where and how must will it cost? Not a whole lot there, but a starting point might be http://redhat.brandfuelstores.com/index.php?main_page=indexcPath=37 -- Jeremy L. Gaddis http://www.jeremygaddis.com/ -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list
Re: Post-introduction (some 2 years late) ...
On 7/22/07, Bryan J. Smith [EMAIL PROTECTED] wrote: I won't talk about my history except as stated in my signature ... Professional, Technical Annoyance. That and the disclaimer that I've made 90% of my salary/billables on Red Hat solutions over the last 12 years. I.e., I'm your typical, American Libertarian capitalist pig who probably wouldn't be here if it didn't make me so rich. ;) At least you're honest. Myself, I do it for the chicks. =) -- Jeremy L. Gaddis http://www.jeremygaddis.com/ -- Fedora-marketing-list mailing list Fedora-marketing-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-marketing-list
RE: W32/Myparty
Because a person's e-mail address and password are used to sign on to the Passport server -- where account numbers are held -- an unscrupulous person at an ISP could easily steal credit card numbers, experts say. I'm sure the experts were hard at work researching this for months before they figured that out. This isn't limited to Microsoft's Passport. This would apply to anything that doesn't use some form of encryption. On a side note, any unscrupulous person at my ISP could easily get my credit card numbers from their own files. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: allen wayne best just ramblin in his amx [mailto:[EMAIL PROTECTED] Sent: Thursday, January 31, 2002 9:37 PM To: Debian User Mailing List Subject: Re: W32/Myparty all: see http://www.infoworld.com/articles/op/xml/01/09/10/010910oplivingston.xml On Thursday 31 January 2002 18:30, dman wrote: On Fri, Feb 01, 2002 at 10:34:25AM +0800, csj wrote: | On Thu, 31 Jan 2002 15:15:34 -0800 (PST) | | Paul 'Baloo' Johnson [EMAIL PROTECTED] wrote: | On Thu, 31 Jan 2002, John Cichy wrote: | Yes, but we might have to be more careful now, billy is going to | concentrate on security from now on... | | Do you honestly believe it's more than the same bullshit lipservice as | before? | | Security and ease of use don't go hand in hand. Of course, that doesn't | mean that just because your OS is difficult it's necessarily secure... | One of Bill's biggest problems is probably convincing the average | computer user to use passwords. Maybe Passport will solve it for him. I heard that Passport had been cracked already. Maybe google will tell you where I heard it (actually, I think the URL came up on deb-user a while back). -D -- regards, allen wayne best contractor, diagnostics and support tools telnet 447-4070 your friendly neighborhood rambler owner my rambler will go from 0 to 105 Current date: 36:35:18::30:2002 Ramblers -- Don't you wish everyone had one? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: W32/Myparty
Are you saying that when I decide to read the debian-* lists I'm subscribed to, I should close Outlook, SSH to the mail server and read them using {elm|mutt|pine|other_mda}? Like anything else, it comes down to what you like best and what does the job well. I run Linux on my servers because it does the job better. On the same note, I run Windows on my desktop machines because, at this time, Linux, IMO, sucks ass as far as desktops go. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Paul 'Baloo' Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, January 31, 2002 5:09 PM To: Chris Mueller Cc: debian-user@lists.debian.org Subject: Re: W32/Myparty On Thu, 31 Jan 2002, Chris Mueller wrote: Hi, 7 mails with virus W32/Myparty got into my inbox - all of them from linux-mailinglists. This makes no sense to me. If you're on a Linux mailing list, just why are you using software by the antichrist? -- Baloo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Mailing list recomendation
As Brian Clark already suggested, I'd have to agree with mailman. I can't comment on any of the other list programs as I haven't used any of them. I've been running mailman and haven't felt the need to explore any other options. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Erik van der Meulen [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 30, 2002 2:43 PM To: debian-user@lists.debian.org Subject: Mailing list recomendation Hi all - I am looking for a mailing list server to replace Majordomo since that does not seem to be available in Debian anymore. I have a Potato system with sendmail and need to run only a few small lists (100 users) but for different domains. A search in Potato packages shows: - sympa - mailman - fml - smartlist - listar I would welcome recomendations for the one that would suit my needs best. Ease of installation, configuration and maintenance is imprtant to me too. Thanks a lot! -- Erik van der Meulen [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE:
I wrote this in a hurry a few days ago. It's not elegant and actually quite ugly, but it does work. Note that I only keep a few fields in the database (IP address, timestamp, URL requested, the response code, and the size). Modify it to suit your needs. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] #!/usr/bin/perl # # $Id: log2sql.pl, v1.0 2002/01/26 07:25:47 jeremy Exp $ # # Author: Jeremy Gaddis [EMAIL PROTECTED] # # Released under the terms of the GNU Public License (GPL). my $version = 1.0; # General Configuration my $LOGFILE = access.log; my $serverName = localhost; my $serverPort = 3306; my $serverUser = username; my $serverPass = password; my $serverDB= apache; # Main stuff use DBI; use DBI::DBD; use Time::ParseDate; $| = 1; #print log2mysql $version - Jeremy Gaddis jeremy\@gaddis.org\n\n; my $start = localtime; chomp($start); print [$start] Starting up... done.\n; my $start = localtime; chomp($start); print [$start] Connecting to '$serverDB' on $serverName:$serverPort... ; my $dbh = DBI-connect(DBI:mysql:database=$serverDB;host=$serverName;po rt=$serverPort,$serverUser,$serverPass); print done.\n; my $start = localtime; chomp($start); print [$start] Opening log file... ; open(LOGFILE, access.log); print done.\n; my $line = ; my ($totalcount) = 0; my ($id, $host, $ident, $remoteuser, $datetime, $method, $request, $httpversion, $response, $size, $referrer, $agent) = (, , , , , , , , , , , ); my $sql_fmt = INSERT INTO logs VALUES ( NULL, '%s', '%s', '%s', '%s', %d ); my $start = localtime; chomp($start); print [$start] Importing logs... ; while(defined($line = LOGFILE)) { chomp($line); $totalcount++; ($host, $ident, $remoteuser, $datetime, $request, $response, $size, $ref errer, $agent) = $line =~ m!(.*?) (.*?) (.*?) \[(.*?)\] (.*?) (.*?) (.*?) (.* ?) (.*?)!gi; $datetime =~ s/-0500//; $datetime =~ s/\//:/g; $request =~ s/(HTTP.*?$)//; chomp($request); if ($size eq '-') { $size = 0; } # do funky date stuff here @datearray = split(/:/, $datetime); $day = @datearray[0]; $month = @datearray[1]; $year = @datearray[2]; $hour = @datearray[3]; $minute = @datearray[4]; $second = @datearray[5]; if ($month eq 'Jan') { $month = 1; } if ($month eq 'Feb') { $month = 2; } if ($month eq 'Mar') { $month = 3; } if ($month eq 'Apr') { $month = 4; } if ($month eq 'May') { $month = 5; } if ($month eq 'Jun') { $month = 6; } if ($month eq 'Jul') { $month = 7; } if ($month eq 'Aug') { $month = 8; } if ($month eq 'Sep') { $month = 9; } if ($month eq 'Oct') { $month = 10; } if ($month eq 'Nov') { $month = 11; } if ($month eq 'Dec') { $month = 12; } $newdate = $year-$month-$day $hour:$minute:$second; $sql = sprintf($sql_fmt, $host, $newdate, $request, $response, $size); $dbh-do($sql) or die *** ERROR ***; } print done.\n; my $start = localtime; chomp($start); print [$start] Closing log files... ; close(LOGFILE); print done.\n; my $start = localtime; chomp($start); print [$start] Disconnecting from database... ; $dbh-disconnect; print done.\n; print \nTotal records imported: $totalcount\n\n; -Original Message- From: Andreas Rabus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 7:32 AM To: Debian ISP List (E-Mail) Subject: Hi, i'm looking for a web-log analyzer for potato and multiple virtual hosts. webalizer keeps breaking (didn't create stats for some days, and then starts again...), analog is ugly, ... and all need plain text log. I'd like to put the log in a database (mysql, postgresql or s.th.) and run some more sophisticated stats opver that data, like url of waht regexp are visited how often, form where, etc. I found s.th calle Le Visitéur (URL not handy at the moment...) some time ago, but that's it. Has anybody else found a program that can do this for me? thanks, ar Andreas Rabus entity38 AG Theresienstraße 29 80333 München Tel +49 (89) 286772-27 Fax +49 (89) 286772-21 ISDN +49 (89) 286772-30 ICQ #132675697 [EMAIL PROTECTED] www.entity38.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: announcing documentation on setting up exim with spamassasin
[EMAIL PROTECTED]:pts/1:~]$ host -t a dman.ddts.net dman.ddts.net A 169.254.0.0 j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: D-Man [mailto:[EMAIL PROTECTED] Behalf Of dman Sent: Saturday, January 26, 2002 4:53 PM To: debian-user@lists.debian.org; exim-users@exim.org; spamassassin-talk@lists.sourceforge.net Subject: announcing documentation on setting up exim with spamassasin I have just whipped up some documentation regarding setting up exim and spamassassin. Basically I just outlined my setup, which Works For Me :-). Check it out if you are interested, http://dman.ddts.net/~dman/config_docs/exim_spamassassin.html and let me know what you think (if you want to). HAND, -D -- Come to me, all you who are weary and burdened, and I will give you rest. Take my yoke upon you and learn from me, for I am gentle and humble in heart, and you will find rest for your souls. For my yoke is easy and my burden is light. Matthew 11:28-30 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE:SpamAssassin (Was Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON)
Heh, what's funny is that SpamAssassin tagged this message you sent as spam and sent it to my spam folder. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bryan Andersen Sent: Thursday, January 24, 2002 7:04 PM To: [EMAIL PROTECTED] Subject: *SPAM* SpamAssassin (Was Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON) [snip] My ISP uses SpamAssassin and it works quite nicely. Not perfectly, but well enough that I like it. It's filtered out about 8M bytes of spam in the past 16 days. SpamAssassin puts some new headers into the message that tell it's spam status. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE:SpamAssassin (Was Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON)
Heh, what's funny is that SpamAssassin tagged this message you sent as spam and sent it to my spam folder. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bryan Andersen Sent: Thursday, January 24, 2002 7:04 PM To: debian-security@lists.debian.org Subject: *SPAM* SpamAssassin (Was Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON) [snip] My ISP uses SpamAssassin and it works quite nicely. Not perfectly, but well enough that I like it. It's filtered out about 8M bytes of spam in the past 16 days. SpamAssassin puts some new headers into the message that tell it's spam status.
RE: Sendmail Config
I use sendmail's genericstable feature without any problems. It rewrites the addresses for all my (home network) users as their email heads out the mail gateway. If you can tell us what problems you were having, perhaps we can help you. genericstable was really easy to get going. Simply put a list of all domains you want addresses rewritten for in /etc/mail/genericsdomain. For example, on the internal side of my network, I use @home.lan addresses. These get rewritten when mail passes through the outgoing mail gateway. [EMAIL PROTECTED]:pts/0:~]$ cat /etc/mail/genericsdomain home.lan [EMAIL PROTECTED]:pts/0:~]$ grep ^jeremy /etc/mail/genericstable jeremy [EMAIL PROTECTED] This shows that for any email that comes in with a From address of [EMAIL PROTECTED], it should be rewritten as [EMAIL PROTECTED]. sendmail doesn't use the plain-text genericstable file, however. You need to generate a hashed db file using: `makemap -r hash genericstable.db genericstable`. HTH. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Sven Gaerner [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 6:58 AM To: debian-user@lists.debian.org Subject: Sendmail Config Hi, I got a problem with sendmail's config. I'm using the cyrus imapd and sendmail as MTA on one machine. This machine is MXed as internal mail server. Internal email is sent as expected but sendmail tries to send external mails with my internal email address. Therefore freemailer like GMX are rejecting this mails because my sender domain is not resolvable. I tried using genericstable feature to rewrite my internal address. I also tried to send my email to my gateway machine that should masquerade emails to come from gmx.net. Both didn't work. If you have any information that may help to solve this please CC it to me because I'm not subcribed yet. Thanks in advance. Bye Sven -- ++ | Please reply only to [EMAIL PROTECTED] | || | Do not send HTML mails, they may not be read...| ++ GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Creating a Debian mirror from 2.2r0 CDs
I am in the process of setting up a (private) Debian mirror for my local mirror. I was just going to rsync the whole tree, and have already started, however, when a thought occured to me. I have here four Debian 2.2r0 CDs. I was thinking I could copy the contents off the four CDs into my debian/ tree and then rsync from that to only update what has changed (I'll only be mirroring stable/x86). I am curious, though, on how many of the packages have been updated since 2.2r0. I am also unsure of the right way(tm) to get the packages from the CD into the correct directory structure on my file server. Ideally, there'd be some (apt?) utilities to take the files from the CDs and place them where they should go. Then, I can continue on with my rsync without having to download every package. Any tips or pointers to documentation would be much appreciated. Thanks. j. -- Jeremy L. Gaddis [EMAIL PROTECTED]
RE: Debian security being trashed in Linux Today comments
It renders fine in IE. :) The binary data is, I presume, the two files that Javier attached, as stated in the message: quote I adjoint some data: - a Gnumeric spreadsheet with all the information - a PNG graphic with this year's distribution of time-to-fix (in days) made by gnuplot with the previous data /quote j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Lupe Christoph [mailto:[EMAIL PROTECTED]] Sent: Monday, January 14, 2002 12:17 PM To: Javier Fernández-Sanguino Peña Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Debian security being trashed in Linux Today comments On Monday, 2002-01-14 at 15:12:48 +0100, Javier Fernández-Sanguino Peña wrote: On Mon, Jan 14, 2002 at 01:15:16PM +0100, Wichert Akkerman wrote: Previously Adam Warner wrote: Someone with better knowledge of all the facts might want to comment on the claim that Debian is always the last to fix security holes and the tag team follow up I've been fighting for months now to try to convince them to release an advisory or fix for ftpd... Someone should point them to Javier's analysis of security response times.. Thanks' I was about to say so... BTW pointer is: http://lists.debian.org/debian-security/2001/debian-security-200112/msg0 0257.html I'm going to add this to the info available in the Debian Security Manual seems to be a FAQ I hope you provide a cleaned-up version. .../msg00257.html is full of binary crap. And the link .../bin0.bin could be stored as the PNG file it is supposed to be. The way it is now, I get a MIME-type of application/octet-stream, which Mozilla won't display. Maybe you can put the text, the spreadsheet, and the graph on a website? Archive maintainers, what happens to attachments like those in the mentioned mail? I don't keep debian-security mails around, so I can't see what MIME-type the attachments had. The binary crap must be the spreadsheet which has been inlined. Lupe Christoph -- | [EMAIL PROTECTED] |http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Debian security being trashed in Linux Today comments
It renders fine in IE. :) The binary data is, I presume, the two files that Javier attached, as stated in the message: quote I adjoint some data: - a Gnumeric spreadsheet with all the information - a PNG graphic with this year's distribution of time-to-fix (in days) made by gnuplot with the previous data /quote j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Lupe Christoph [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2002 12:17 PM To: Javier Fernández-Sanguino Peña Cc: debian-security@lists.debian.org; [EMAIL PROTECTED] Subject: Re: Debian security being trashed in Linux Today comments On Monday, 2002-01-14 at 15:12:48 +0100, Javier Fernández-Sanguino Peña wrote: On Mon, Jan 14, 2002 at 01:15:16PM +0100, Wichert Akkerman wrote: Previously Adam Warner wrote: Someone with better knowledge of all the facts might want to comment on the claim that Debian is always the last to fix security holes and the tag team follow up I've been fighting for months now to try to convince them to release an advisory or fix for ftpd... Someone should point them to Javier's analysis of security response times.. Thanks' I was about to say so... BTW pointer is: http://lists.debian.org/debian-security/2001/debian-security-200112/msg0 0257.html I'm going to add this to the info available in the Debian Security Manual seems to be a FAQ I hope you provide a cleaned-up version. .../msg00257.html is full of binary crap. And the link .../bin0.bin could be stored as the PNG file it is supposed to be. The way it is now, I get a MIME-type of application/octet-stream, which Mozilla won't display. Maybe you can put the text, the spreadsheet, and the graph on a website? Archive maintainers, what happens to attachments like those in the mentioned mail? I don't keep debian-security mails around, so I can't see what MIME-type the attachments had. The binary crap must be the spreadsheet which has been inlined. Lupe Christoph -- | [EMAIL PROTECTED] |http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: ipmasqadm portfw
This can (and probably should) be set in /etc/network/options: ip_forward=yes to stay consistent across reboots. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Raffael Ferenc [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2002 4:45 AM To: Jeremy L. Gaddis Subject: Re: ipmasqadm portfw And sometimes it's necessary to echo 1/proc/sys/net/ip_forward On Sun, Jan 13, 2002 at 09:22:12PM -0500, Jeremy L. Gaddis wrote: You need to say Yes to Network Firewalls, IP: firewalling, IP: masquerading and IP: masquerading special modules support. You also need to say Yes to Prompt for development and/or incomplete code/drivers if you haven't already. j. -- Jeremy L. Gaddis [EMAIL PROTECTED]
RE: broken man
[EMAIL PROTECTED]:pts/0:~]$ dpkg --status man Package `man' is not installed and no info is available. [EMAIL PROTECTED]:pts/0:~]# apt-get install man Reading Package Lists... Done Building Dependency Tree... Done Note, selecting man-db instead of man The following extra packages will be installed: groff man-db The following NEW packages will be installed: groff man-db 0 packages upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 1499kB of archives. After unpacking 5079kB will be used. Do you want to continue? [Y/n] y j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: icewind [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2002 12:42 PM To: debian-user@lists.debian.org Subject: broken man Hello, I installed the lastest stable release of debain over the network, installing a minimal number of packages. Shouldn't 'man' be part of the base install? When I type man, the system doesnt find anything. How can I determine if man is installed and see if all of the things that man depends on are installed as well? Thanks. __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Procmail filtering on outgoing mail
I'm not sure that that can be done with procmail. procmail is a local delivery agent, mainly used for final delivery of mail into /var/mail/{username}. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Jeremy Nickurak [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2002 6:11 PM To: debian-user@lists.debian.org Subject: Procmail filtering on outgoing mail I've been looking through mailing lists and FAQ, but can't find an answer to something I presume would be fairly simple, although I'm not really familiar with exim at all. What I want to do is get exim to pass _outgoing_ mail through certain procmail filters. Specifically, I want my From: address to be altered in certain cases, depending on who I'm corresponding with. Any suggestions here would be greatly appreciated. -- Jeremy Nickurak -= [EMAIL PROTECTED] =- For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
RE: ipmasqadm portfw
You need to say Yes to Network Firewalls, IP: firewalling, IP: masquerading and IP: masquerading special modules support. You also need to say Yes to Prompt for development and/or incomplete code/drivers if you haven't already. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Jonathan Daugherty [mailto:[EMAIL PROTECTED] Behalf Of Jonathan Daugherty Sent: Sunday, January 13, 2002 9:06 PM To: debian-firewall@lists.debian.org Subject: ipmasqadm portfw When I run this -- ipmasqadm portfw -f I get portfw: setsockopt failed: Invalid argument I have ipmasqing turned on in my kernel (2.2.20) and I have all three fw modules (autofw, mfw, and portfw) loaded. Any ideas? -- Jonathan Daugherty Dept. of Computer Science / Engineering Support, EITS See http://www.debian.org/Bugs/Reporting when submitting bugs -- to any forum. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: sshd sending packets outside lan during local connection
Turn BIND's query logging on and see what it's trying to lookup. You can do this from the shell (as root) by entering ndc querylog. Then take a look at your log files and see exactly what it's doing. As someone pointed out, I would also guess that it's attempting to perform lookups on the IP that you're connecting from. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Jeff Stevens [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 13, 2002 10:27 PM To: [EMAIL PROTECTED] Subject: sshd sending packets outside lan during local connection I am using Debian Potato 2.2.19ide-pci and running openssh (3.0.2p1) and bind (version: 1:8.2.3-0.potato.1). It is also being used as a firewall for a local network. It has 2 nic cards, one with an internal ip and one with an external ip. When I ssh locally (to the internal ip)to this firewall it sends out packets to my ISP. If I unplug the external ip nic before entering the password then the connection pauses for about a minute before connecting. I am no expert as I have just started using Debian, but it seems like the password is being sniffed. I'm not exactly sure what the tcpdump output shows (ATTACHED with route info) but it seems to be doing a domain name look up (but I could be wrong). I have no idea why it would have to do a domain look-up because I connect via ip address (ssh [EMAIL PROTECTED]) which is inside the local network. Earlier I made the mistake of offering bind publicly. I recently changed this but I don't know if I was compromised during the time it was public. I am hoping this is just a misconfiguration problem. Any suggestions would be greatly appreciated. Thanks in advance. --Jeff Debian user _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: sshd sending packets outside lan during local connection
Turn BIND's query logging on and see what it's trying to lookup. You can do this from the shell (as root) by entering ndc querylog. Then take a look at your log files and see exactly what it's doing. As someone pointed out, I would also guess that it's attempting to perform lookups on the IP that you're connecting from. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Jeff Stevens [mailto:[EMAIL PROTECTED] Sent: Sunday, January 13, 2002 10:27 PM To: debian-security@lists.debian.org Subject: sshd sending packets outside lan during local connection I am using Debian Potato 2.2.19ide-pci and running openssh (3.0.2p1) and bind (version: 1:8.2.3-0.potato.1). It is also being used as a firewall for a local network. It has 2 nic cards, one with an internal ip and one with an external ip. When I ssh locally (to the internal ip)to this firewall it sends out packets to my ISP. If I unplug the external ip nic before entering the password then the connection pauses for about a minute before connecting. I am no expert as I have just started using Debian, but it seems like the password is being sniffed. I'm not exactly sure what the tcpdump output shows (ATTACHED with route info) but it seems to be doing a domain name look up (but I could be wrong). I have no idea why it would have to do a domain look-up because I connect via ip address (ssh [EMAIL PROTECTED]) which is inside the local network. Earlier I made the mistake of offering bind publicly. I recently changed this but I don't know if I was compromised during the time it was public. I am hoping this is just a misconfiguration problem. Any suggestions would be greatly appreciated. Thanks in advance. --Jeff Debian user _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
RE: Netconfig tool or do I have to edit file manually?
Just man 5 interfaces and edit it manually. It's a really easy format to follow, shouldn't take more than 60 seconds or so to change it. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Brian Lavender [mailto:[EMAIL PROTECTED] Sent: Sunday, January 13, 2002 11:41 PM To: Debian User Subject: Netconfig tool or do I have to edit file manually? I configured my Debian box so it uses dhcp, but now I want to change it to a static IP. Is there a netconfig utility for Debian, or do I just have to edit /etc/network/interfaces manually? brian -- Brian Lavender http://www.brie.com/brian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: configuring Checksecurity to email reports to root
I've never used checksecurity, but I assume any reports it creates will be sent to root. Assuming you have root aliased to a regular user account, that's where the reports will end up. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Stefan Srdic [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 12, 2002 5:59 AM To: Stephen Gran; [EMAIL PROTECTED] Subject: Re: configuring Checksecurity to email reports to root On January 12, 2002 02:28 pm, Stephen Gran wrote: Thus spake Stefan Srdic: Hi, I was going through the Securing Debian HOW-TO and noticed the section on setuid check (4.11). I would like for the checksecurity script to email root of any changes to the system. Will this work if I have exim installed? Currently, exim forwards all mail from root to my day-to-day user. I would like to be able to read any information that this script would have for me through kmail :D Has anybody set this up? Stef I'm fairly sure this is handled by /etc/aliases for exim. I have lines like: postmaster: root root: steve #Steve being my ordinary account, obviously and it works great. I think this is part of eximconfig, although I don't remember exactly. HTH, Steve You might have misunderstood me, my question was, will the checksecurity script that runs from cron e-mail it's report to root if I have exim installed? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: configuring Checksecurity to email reports to root
I've never used checksecurity, but I assume any reports it creates will be sent to root. Assuming you have root aliased to a regular user account, that's where the reports will end up. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Stefan Srdic [mailto:[EMAIL PROTECTED] Sent: Saturday, January 12, 2002 5:59 AM To: Stephen Gran; debian-security@lists.debian.org Subject: Re: configuring Checksecurity to email reports to root On January 12, 2002 02:28 pm, Stephen Gran wrote: Thus spake Stefan Srdic: Hi, I was going through the Securing Debian HOW-TO and noticed the section on setuid check (4.11). I would like for the checksecurity script to email root of any changes to the system. Will this work if I have exim installed? Currently, exim forwards all mail from root to my day-to-day user. I would like to be able to read any information that this script would have for me through kmail :D Has anybody set this up? Stef I'm fairly sure this is handled by /etc/aliases for exim. I have lines like: postmaster: root root: steve #Steve being my ordinary account, obviously and it works great. I think this is part of eximconfig, although I don't remember exactly. HTH, Steve You might have misunderstood me, my question was, will the checksecurity script that runs from cron e-mail it's report to root if I have exim installed? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: ProFTPd + mod_LDAP + OpenLDAP
Hey, sounds good. I'll mess with this a bit later and see if I can get it to work. I ended up creating an cn=proftpd,ou=misc,... entry to my tree with read access to the userPassword attributes. I didn't want to do it this way but someone suggested it and it *did* work, so... Anyways, thanks alot. That sounds like exactly what I was looking for. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Steve McIntyre [mailto:[EMAIL PROTECTED] Sent: Saturday, January 12, 2002 9:27 PM To: [EMAIL PROTECTED] Cc: debian-user@lists.debian.org Subject: Re: ProFTPd + mod_LDAP + OpenLDAP In article [EMAIL PROTECTED] you write: Today I compiled ProFTPd with support for mod_ldap (authenticating against OpenLDAP). I set up proftpd.conf as per the documentation and authentication was still failing. After examining the log files for ProFTPd, I noticed that it was attempting to lookup various attributed in the LDAP server after entering a username but before entering a password. It was attempting to get the value of the userPassword attribute, which my ACLs didn't allow. After changing OpenLDAP's ACLs to the following, user authentication worked: What I've done for LDAP and proftpd was just use the already-functional PAM support and not added mod_ldap. Then my /etc/pam.d/proftpd looks like == #%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth sufficient pam_ldap.so auth required pam_unix.so nullok # This is disabled because anonymous logins will fail otherwise, # unless you give the 'ftp' user a valid shell, or /bin/false and add # /bin/false to /etc/shells. #auth requiredpam_shells.so account sufficient pam_ldap.so account required pam_unix.so session sufficient pam_ldap.so session required pam_unix.so == and then added the line PersistentPasswdoff to /etc/proftpd.conf, which took a while (and some help from the developers) to work out. Now it all works fine for me. -- Steve McIntyre, Cambridge, UK. [EMAIL PROTECTED] They say that you play Cambridge twice - once on the way up and once on the way down. It's nice to be back... --- Armstrong Miller
RE: Yow, Madduck!
If you're on a dialup link, why don't you use your ISP's mail server as a smart host? Let them take care of your mail delivery. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Brenda J. Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, January 10, 2002 7:39 PM To: debian-user@lists.debian.org Subject: Yow, Madduck! Martin, I don't have a domain. My isp has one but I don't. My FQHN is seal (and it's not visible from the internet anyway). I send mail from my mail client to local exim for delivery next time I dial up. exim rewrites the reply-to, from, etc to have the achilles.net, but I guess your software only looks at the original sender. Guess I can't email you then. On Thu, Jan 10, 2002 at 07:06:59PM -0500, Mail Delivery System wrote: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. The following address(es) failed: [EMAIL PROTECTED]: SMTP error from remote mailer after RCPT TO:[EMAIL PROTECTED]: host mail.madduck.net [195.226.187.154]: 504 seal: Helo command rejected: need fully-qualified hostname -- [EMAIL PROTECTED] Welcome to the GNU age! http://www.gnu.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Yow, Madduck!
The only problem with that is that people start using myhost.dynamic-dns-provider.com as their domain name for email. That's not bad in and of itself, except when they're on a dialup modem link and {dis|re}connect often. The DNS RR's get updated often, mail servers cache them, and try to connect to the wrong IP. Mail gets queued and backed up, etc. etc. The smart host is definitely the way to go. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: martin f krafft [mailto:[EMAIL PROTECTED] Sent: Thursday, January 10, 2002 10:38 PM To: debian-user@lists.debian.org Subject: Re: Yow, Madduck! also sprach Jeremy L. Gaddis [EMAIL PROTECTED] [2002.01.11.0338 +0100]: If you're on a dialup link, why don't you use your ISP's mail server as a smart host? Let them take care of your mail delivery. that would be the proper way of doing it. or to get a dynamic host name... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] in the stage of grand illusion you walked into my life out of my dreams. -- david bowie