Re: LDAP Expert's help please
1) Relax. Youre in the right place. 2) Worry. You need to learn ldap fast 3) Use GQ (ldap browser) to get an idea of whats in there 4) Get a safari account and get yourself a couple of good ldap books. 5) Read the most relevant chapters for an intro to htf (how the fuck) does this ldap stuff works 5.bis) Many of the apps that are being ldap authentified may support ldap directly (can be a lame setup unless you know what youre doing), or really everyone is authenting against PAM, and then thats against LDAP (better setup in many medium to small cases) which is plain POSIX over ldap which point 5 will clear up best. I do hope youre in this later scenario. 6) Be shure to have medical inssurance. Throwing you to the lions like this can cause permanent health damage due to stress. :) If everything fails. Send an RFP here. Many will gleefully charge some money and fix your stuff straight up. On Tue, 2004-11-23 at 10:49 -0700, Omar wrote: Hi all, I need help with LDAP. I just got two servers that use LDAP authentication for FTP, E-mail and other login's, problem is I only got the root user name and password. I have no idea how to reverse engineer the login's and schema info and so on.. Any and all help is appreciated :) Thanks in Advance, Omar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: LDAP Expert's help please
1.- Be shure what service is what. I mean, if youre running imap, we are talking about 10 different possible imap servers that are provided in debian. So, make shure you know which of them are you running. Same goes for smtp, ftp...etc. 2.- Each of those you can research separately to see where are their auth settings taken care of. If you can assert that no funnny ldap/ldap auth stuff is happening in each config file, you can start looking at PAM to see if everything is being authed there (a shure hit is that there is a config file for each service in the pam.d config directory, and the services are directed to auth against PAM -most, but not necesarily all, are by default- ). 3.- LDAP is an easy thing. It aint much really, just data ordered to some schema. So, the sysadm is right if he says with the root password you can check everything out. 4.- You can possibly get whats the diff between what ldap.conf is by default, and what does it look like now. A big part of this thing is what schema files are included in this file. That will tell you at least what schemas your ldap server supports appart from the default. For example, if you are using qmail as the smtp, there will probably be a file with the speciffic qmail-ldap schema (carefull about assumptions, thats not true the other way arround, nor is it analogous in every other mta). On Tue, 2004-11-23 at 12:13 -0700, Omar wrote: Hi Alex, The problem is that reading the documentation assumes that you are starting from Scratch, and installing everything. Which in turn means that you have the passwords and all the settings, but I am starting it backwards, everything is there, and I need to dig it up. The previous admin said that with root password everything can be figured out. Partially true, but it is time consuming. How can I find out if the system is using PAM against LDAP, in the documentation it says using LDAP authentication nothing else. As for the insurance I am up for the challenge, but it'a ironic as I work for an ISP and I don't have the net at home, which would greatly help me :( I have downloaded an LDAP browser, but had no luck connecting to the server. I used slapcat to get user info, but it doesn't mean much to me, since I can't figure out how to create a new user, using which schema and so on. Life goes on :) Thanks for teh suggestion I am looking at the Safari bookself right now :) Omar On Tue Nov 23 11:30 , Alex Borges [EMAIL PROTECTED] sent: 1) Relax. Youre in the right place. 2) Worry. You need to learn ldap fast 3) Use GQ (ldap browser) to get an idea of whats in there 4) Get a safari account and get yourself a couple of good ldap books. 5) Read the most relevant chapters for an intro to htf (how the fuck) does this ldap stuff works 5.bis) Many of the apps that are being ldap authentified may support ldap directly (can be a lame setup unless you know what youre doing), or really everyone is authenting against PAM, and then thats against LDAP (better setup in many medium to small cases) which is plain POSIX over ldap which point 5 will clear up best. I do hope youre in this later scenario. 6) Be shure to have medical inssurance. Throwing you to the lions like this can cause permanent health damage due to stress. :) If everything fails. Send an RFP here. Many will gleefully charge some money and fix your stuff straight up. On Tue, 2004-11-23 at 10:49 -0700, Omar wrote: Hi all, I need help with LDAP. I just got two servers that use LDAP authentication for FTP, E-mail and other login's, problem is I only got the root user name and password. I have no idea how to reverse engineer the login's and schema info and so on.. Any and all help is appreciated :) Thanks in Advance, Omar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advice for an IP accounting program
martin f krafft wrote: also sprach Francesco P. Lovergine [EMAIL PROTECTED] [2004.10.15.1702 +0200]: The main purpose is identify periodically boxes on an internal private network which cause very high traffic, due to worms, virus and so. A per-IP simple report a la mrtg could be nice. apt-cache search ip accounting The best ive seen was not in debian when i chacked. Its an ipacc but patched to lazyly report to a mysql database. This way the measurement doesnt take a lot of resources in a really demanding environment (after truly 10MBit mixed bandwidth, the measurment problem becomes really complex) search for ipaccounting mysql in google. begin:vcard fn:Alejandro Borges n:Borges;Alejandro email;internet:[EMAIL PROTECTED] url:http://www.stepone.com.mx version:2.1 end:vcard
Re: Advice for an IP accounting program
martin f krafft wrote: also sprach Alex Borges [EMAIL PROTECTED] [2004.10.15.1742 +0200]: The best ive seen was not in debian when i chacked. Its an ipacc but patched to lazyly report to a mysql database. This way the measurement doesnt take a lot of resources in a really demanding environment Yeah, except for the resources eaten by MySQL, which has no place in a really demanding environment, IMHO. Not wanting to start a religious war... it is my opinion when I suggest to use a proper database server instead. Agreed. In my medium sized environment this scaled well, but if we are talking really post 10mbit very mixed traffic and complex stats, mysql aint gonna cut it. Still, if youre in charge of such a thing, it should be no problem for you to hack ipac-ng to work with postgres, or use iptables log+syslog-ng to relay to a log server and analyze it there (although im not shure this would be an ideal solution... id go for the lazy db). begin:vcard fn:Alejandro Borges n:Borges;Alejandro email;internet:[EMAIL PROTECTED] url:http://www.stepone.com.mx version:2.1 end:vcard
Re: WINNING NOTIFICATION
Whats realy baking my noodle is, how the hell did this email got to us. I mean. If she/he has a friend at debian-isp then they shouldve known better. I just cant think of a chain of events... or maybe this is the infamous grandma of a BOFH and suffered this unfortunate fraud because she didnt consult with the geekiest of her children. On Sat, 2004-06-19 at 01:52, Russell Coker wrote: On Sat, 19 Jun 2004 02:30, [EMAIL PROTECTED] wrote: You have lied as far as my winnings I have given what I was supposed to and that information is crucial to my identity..I was sent an email that I won at my other email address that NOONE knew..I didnt believe it was a hoax.. I believed it so much that I have given my bank account my ,drivers licence, and other crucial information.I even called the NL to speak with It was all a hoax, any money you have spent has been lost and will never be recovered. Any information that you gave (such as bank account numbers) should be changed. You mention that they called you, it would probably be best if you change your phone number so that they can't call you again. You appear to be in the US, so contacting the FBI is the best thing for you to do. But as more than a million other USians have been fooled in the same way as you it's unlikely that the FBI will be able to spend much time on your case. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page signature.asc Description: This is a digitally signed message part
Re: WINNING NOTIFICATION
Whats realy baking my noodle is, how the hell did this email got to us. I mean. If she/he has a friend at debian-isp then they shouldve known better. I just cant think of a chain of events... or maybe this is the infamous grandma of a BOFH and suffered this unfortunate fraud because she didnt consult with the geekiest of her children. On Sat, 2004-06-19 at 01:52, Russell Coker wrote: On Sat, 19 Jun 2004 02:30, [EMAIL PROTECTED] wrote: You have lied as far as my winnings I have given what I was supposed to and that information is crucial to my identity..I was sent an email that I won at my other email address that NOONE knew..I didnt believe it was a hoax.. I believed it so much that I have given my bank account my ,drivers licence, and other crucial information.I even called the NL to speak with It was all a hoax, any money you have spent has been lost and will never be recovered. Any information that you gave (such as bank account numbers) should be changed. You mention that they called you, it would probably be best if you change your phone number so that they can't call you again. You appear to be in the US, so contacting the FBI is the best thing for you to do. But as more than a million other USians have been fooled in the same way as you it's unlikely that the FBI will be able to spend much time on your case. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page signature.asc Description: This is a digitally signed message part
Re: Intel Hyperthreading problem on server?
I used to have a problem on my server, i passed myself to sarge 1.3.29 with libapache-modssl and never saw the problem again. On Tue, 2004-06-15 at 20:18, Jason Lim wrote: Dear Gilles , I'll try as well... hope we can find a solution. I have a few Redhat Linux 9 servers with Hyperthreading CPUs, and no problem whatsoever. I think they run Apache 2, so maybe that is the solution... but surely there must be people running Apache 1.x without any problem and hyperthreading?! Jas - Original Message - From: gilles.hanotel [EMAIL PROTECTED] To: Jason Lim [EMAIL PROTECTED] Sent: Wednesday, 16 June, 2004 6:49 AM Subject: Re: Intel Hyperthreading problem on server? Hi Jason, Unfortunately, I never did. The solution was to disable Hyperthreading altogether unfortunately. Perhaps others have had more luck? Google don't think so :( I have two servers with the same hardware. One with hyperthreading enable and one without. As soon as there is a little load the one with hyperthreading shows a lot of blocked process.. Perhaps there is an smp race condition with apache. I have a notebook with hyperthreading and i use it as a workstation whithout any problem for months now... Still searching, if i find something I'll tell you ;-) Thanks -- Gilles HANOTEL signature.asc Description: This is a digitally signed message part
Re: Intel Hyperthreading problem on server?
I used to have a problem on my server, i passed myself to sarge 1.3.29 with libapache-modssl and never saw the problem again. On Tue, 2004-06-15 at 20:18, Jason Lim wrote: Dear Gilles , I'll try as well... hope we can find a solution. I have a few Redhat Linux 9 servers with Hyperthreading CPUs, and no problem whatsoever. I think they run Apache 2, so maybe that is the solution... but surely there must be people running Apache 1.x without any problem and hyperthreading?! Jas - Original Message - From: gilles.hanotel [EMAIL PROTECTED] To: Jason Lim [EMAIL PROTECTED] Sent: Wednesday, 16 June, 2004 6:49 AM Subject: Re: Intel Hyperthreading problem on server? Hi Jason, Unfortunately, I never did. The solution was to disable Hyperthreading altogether unfortunately. Perhaps others have had more luck? Google don't think so :( I have two servers with the same hardware. One with hyperthreading enable and one without. As soon as there is a little load the one with hyperthreading shows a lot of blocked process.. Perhaps there is an smp race condition with apache. I have a notebook with hyperthreading and i use it as a workstation whithout any problem for months now... Still searching, if i find something I'll tell you ;-) Thanks -- Gilles HANOTEL signature.asc Description: This is a digitally signed message part
Re: ...please
What really bakes my cookie here is why do spammers dont get the clue that debian-isp's never ever buy anything from a spammer...or do they? Maybe its all Your Fault! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ...please
What really bakes my cookie here is why do spammers dont get the clue that debian-isp's never ever buy anything from a spammer...or do they? Maybe its all Your Fault!
Re: Re: Sendmail or Qmail ? ..
El vie, 05-03-2004 a las 12:56, Lucius Junevicus escribió: I saw your post on setting up qmail over drbd. I would love to see how you did it. I'd like to create a how-to on setting up a hybrid cluster (open-mosix and drbd) for qmail. Open Mosix? Isnt that like, autobalanced cluster? Interesting, how does it help a smtp farm as opposed to simple load balancing? I'd love to know how you setup your cluster. What do your drbd.conf, ha.cf, haresources files look like? Which services do you have heartbeat control? (qmail, spamassassin, ?) I know your probably very busy, but any help would be greatly appreciated. This is pretty straighforward. A most mta's Qmail has configurable queue directories and can deliver to maildirs anywhare as well (i use vpopmail as delivery). All you need is to set up your drbd partition as announced in drbd's documentation (engeneer your disks, etc.). Our nodes look like this: Primary DELL 6250 PIV XEON 2.4gh DUal Processor 1GB ram 210GB RAID V SCSI storage Secondary DELL 6250 PIV XEON2.4gh Single processor 1GB ram 210GB RAID V SCSI storage Make a big partition, set up some symlinks to make important directories reside in this partition (i named it data and its mounted on /data): /var/qmail - /data/var/qmail /home/vpopmail - /data/home/vpopmail /webhostingpeople - /data/webhostingpeople /var/lib/mysql - /data/var/lib/mysql /etc/passwd - /data/etc/passwd /etc/group - /data/etc/group etc. HEre is the trick: In the primary server: Install (or mod) everything so that important services boot up without a problem from files in this partition (already using the symlinks and all). Make SHURE you profile every possible path of use that may be related to file access creation, directory creation...etc. In the secondary server: Make a data partition Make shure that data partition is absolutely exactly the same size of the primary. In the primary: In init=1 (make shure all services are OFF) do: tar cf --exclude-from exludedfiles / | ssh -lroot secondary tar xf / In the file excludedfiles you should put /dev/ /var/log /var ...etc...anything that doesnt make sense putting in the failback node (/proc, /sys). This will snapshot the primary onto the secondary. Reboot the secondary, all services should be on and working just as in the primary. If that is the case, youre ready to roll. Make the drbd magic you have to on the /data partition and youre home free. Lucius -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: Sendmail or Qmail ? ..
El vie, 05-03-2004 a las 12:56, Lucius Junevicus escribió: I saw your post on setting up qmail over drbd. I would love to see how you did it. I'd like to create a how-to on setting up a hybrid cluster (open-mosix and drbd) for qmail. Open Mosix? Isnt that like, autobalanced cluster? Interesting, how does it help a smtp farm as opposed to simple load balancing? I'd love to know how you setup your cluster. What do your drbd.conf, ha.cf, haresources files look like? Which services do you have heartbeat control? (qmail, spamassassin, ?) I know your probably very busy, but any help would be greatly appreciated. This is pretty straighforward. A most mta's Qmail has configurable queue directories and can deliver to maildirs anywhare as well (i use vpopmail as delivery). All you need is to set up your drbd partition as announced in drbd's documentation (engeneer your disks, etc.). Our nodes look like this: Primary DELL 6250 PIV XEON 2.4gh DUal Processor 1GB ram 210GB RAID V SCSI storage Secondary DELL 6250 PIV XEON2.4gh Single processor 1GB ram 210GB RAID V SCSI storage Make a big partition, set up some symlinks to make important directories reside in this partition (i named it data and its mounted on /data): /var/qmail - /data/var/qmail /home/vpopmail - /data/home/vpopmail /webhostingpeople - /data/webhostingpeople /var/lib/mysql - /data/var/lib/mysql /etc/passwd - /data/etc/passwd /etc/group - /data/etc/group etc. HEre is the trick: In the primary server: Install (or mod) everything so that important services boot up without a problem from files in this partition (already using the symlinks and all). Make SHURE you profile every possible path of use that may be related to file access creation, directory creation...etc. In the secondary server: Make a data partition Make shure that data partition is absolutely exactly the same size of the primary. In the primary: In init=1 (make shure all services are OFF) do: tar cf --exclude-from exludedfiles / | ssh -lroot secondary tar xf / In the file excludedfiles you should put /dev/ /var/log /var ...etc...anything that doesnt make sense putting in the failback node (/proc, /sys). This will snapshot the primary onto the secondary. Reboot the secondary, all services should be on and working just as in the primary. If that is the case, youre ready to roll. Make the drbd magic you have to on the /data partition and youre home free. Lucius
Re: IMAP automagic replication?
El sáb, 28-02-2004 a las 18:51, Adam ENDRODI escribió: On Sun, Feb 29, 2004 at 01:00:09AM +0100, Kilian Krause wrote: I came accross the idea of using CODA for replication of the filesys even though the slow network connection, but somewhat i doubt it'll be performant over internet. Especially more performant than plain IMAP replication. Anybody having numbers on these ones? I guess you don't want to sync at the file system level. Coda won't be an easy battle and is generally agreed not to be suitable for real-time applications (read: bloody slow). Moreover, apart from the rumours, wou'd definitely need to complicate the architect with another layer--some kind of encrypting tunnel. DRBD ... this is what i use, and it works fine. It is very bandwith sensitive though. just my gut feelings, adam -- Am I a cleric? | 1024D/37B8D989 Or maybe a sinner? | 954B 998A E5F5 BA2A 3622 Unbeliever?| 82DD 54C2 843D 37B8 D989 Renegade? | http://sks.dnsalias.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IMAP automagic replication?
El sáb, 28-02-2004 a las 18:51, Adam ENDRODI escribió: On Sun, Feb 29, 2004 at 01:00:09AM +0100, Kilian Krause wrote: I came accross the idea of using CODA for replication of the filesys even though the slow network connection, but somewhat i doubt it'll be performant over internet. Especially more performant than plain IMAP replication. Anybody having numbers on these ones? I guess you don't want to sync at the file system level. Coda won't be an easy battle and is generally agreed not to be suitable for real-time applications (read: bloody slow). Moreover, apart from the rumours, wou'd definitely need to complicate the architect with another layer--some kind of encrypting tunnel. DRBD ... this is what i use, and it works fine. It is very bandwith sensitive though. just my gut feelings, adam -- Am I a cleric? | 1024D/37B8D989 Or maybe a sinner? | 954B 998A E5F5 BA2A 3622 Unbeliever?| 82DD 54C2 843D 37B8 D989 Renegade? | http://sks.dnsalias.net
Re: How do you deploy a new system ?
This is what i regard as the EASY way: Divide target boxes into hardware 'races' (all exactly-the-same hardware into one race). Install one debian per race. Partimage each race. Sync all boxes of each race with a partimage bootdisk, look into the dhcp logs to see the ip of each box. Script or do one by one, change all hostnames (at this point they are all the same). This is a 20 line script at most if ssh is properly installed in all boxes (just put it with your pubkey in the imaged boxes). El dom, 22-02-2004 a las 19:55, [EMAIL PROTECTED] escribió: Hi, What are you guys using to deploy new systems. In our env we are bringing up one system every other week. So far, we've been using Red Hat and Kickstart. We simply save the config on a floppy then boot from the CD and a few minutes later the system is ready without the endless Yes/No questions. BTW, I tried Mondo on the latest stable Woody-3.2 and it didn't seem to work i.e. I issued the command: $ mondoarchive -Oi -d /mnt/NFS/Images -E /mnt and it started doing something but then it never returned back (left it running for 4 hrs) to the prompt and there was no disk activity after the first 10 mins. I Ctrl-C'd it and never looked into it. FAI etc sound too complicated to setup. Anaconda port doesn't sound that great since you have to use a special kernel to make it work...from what I've heard ? We are just curious about the setups of other big ISP/University type environments since we're thinking of doing a swtich from RH to Debian. Thank You. __ Introducing the New Netscape Internet Service. Only $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FTP-TLS
Sorry i cant be of more help. But this is what we do. We have an all windows (all flavors) environment and an all linux data center (print,file,web,collaboration,email,a-spam,a-virii,backups,sql...etc. we like pain...its good for us). After checking out how do we want to share the server with the clients, we settled for ssh (w00t!?) Yeah, winscp is just as annoying as cuteftp, it looks the same, it can do edit-on-server (a fad, of course) and, it doesnt have the funny stuff ftp has. Contra: Its a bitch to chroot a ssh server and keep your admin setup, but its doable. So there i recomend you dump ftp. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FTP-TLS
Sorry i cant be of more help. But this is what we do. We have an all windows (all flavors) environment and an all linux data center (print,file,web,collaboration,email,a-spam,a-virii,backups,sql...etc. we like pain...its good for us). After checking out how do we want to share the server with the clients, we settled for ssh (w00t!?) Yeah, winscp is just as annoying as cuteftp, it looks the same, it can do edit-on-server (a fad, of course) and, it doesnt have the funny stuff ftp has. Contra: Its a bitch to chroot a ssh server and keep your admin setup, but its doable. So there i recomend you dump ftp.
Re: Debian and SAN support
Im not shure i follow. If youve already got the SAN, why the need of a DFS? I thought it would just export you its volumes and youd see it as scsi devices? El lun, 09-02-2004 a las 14:44, J.J. van Gorkum escribió: Hi, Can sombody point me in the right direction for cluster Filesystem support (that will work on Debian) to be used in combination with a SAN? (Compaq MSA1000) I have found: - luster (clusterFS) the say they have support for Linux 2.4.x but the systenms segfault on vanilla 2.4.20 kernels... - gpfs (suspended by IBM due to the (soon) arrival of Storage Tank) - openGFS (but the project seems dead -- and segv on the DLM module) Keep in mind that running a Redhat kernel is NOT an option. -- JJ van Gorkum Knowledge Zone If UNIX isn't the solution, you've got the wrong problem. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian and SAN support
El lun, 09-02-2004 a las 19:23, Michael Loftis escribió: Yes but if you have need of sharing a single filesystem, on a single volume, you need a FS capable of such. Ah yes...well doh... i didnt think of that...thx Ok... You can tell i dont know much about this matters. I just want to learn about it. Would anyone be so kind as to point me to a link where this need may be described? Because... through my limited knowledge, id nfs or samba the damned share out of a server and off we go...:)... I have the feeling that would put a fast end in my career, so any help in my apprenticeship would be appreciated (I am currently STFW for cluster fs and suchmore would be better thanks). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian and SAN support
Im not shure i follow. If youve already got the SAN, why the need of a DFS? I thought it would just export you its volumes and youd see it as scsi devices? El lun, 09-02-2004 a las 14:44, J.J. van Gorkum escribió: Hi, Can sombody point me in the right direction for cluster Filesystem support (that will work on Debian) to be used in combination with a SAN? (Compaq MSA1000) I have found: - luster (clusterFS) the say they have support for Linux 2.4.x but the systenms segfault on vanilla 2.4.20 kernels... - gpfs (suspended by IBM due to the (soon) arrival of Storage Tank) - openGFS (but the project seems dead -- and segv on the DLM module) Keep in mind that running a Redhat kernel is NOT an option. -- JJ van Gorkum Knowledge Zone If UNIX isn't the solution, you've got the wrong problem.
Re: Debian and SAN support
El lun, 09-02-2004 a las 19:23, Michael Loftis escribió: Yes but if you have need of sharing a single filesystem, on a single volume, you need a FS capable of such. Ah yes...well doh... i didnt think of that...thx Ok... You can tell i dont know much about this matters. I just want to learn about it. Would anyone be so kind as to point me to a link where this need may be described? Because... through my limited knowledge, id nfs or samba the damned share out of a server and off we go...:)... I have the feeling that would put a fast end in my career, so any help in my apprenticeship would be appreciated (I am currently STFW for cluster fs and suchmore would be better thanks).
OT - [Fwd: Lineox Enterprise Linux Support Partner Program]
Okay, im sorry to post this here. I dont know why a linux distro is sending me spam. I wonder if any of you guys also got this. I dont think its acceptable for a linux distro to fall down to this level and so, i am posting this here in order for them to find out what the linux community thinks of spammers, spammer buyers and spammer supporters (and just exactly what we think is spam). The reason im saying this is spam is that the return address is invalid. Im guessing anyone in the Linux Consultant HowTo got this but maybe it was also harvested from this list. Sorry again, dont hesitate to tell me im an idiot if this is far-fetched and of no interest to this list. ---BeginMessage--- Lineox Enterprise Linux Support Partner Program === Lineox Enterprise Linux is sold without bundled support. This creates a business opportunity for companies and consultants who can offer support for Lineox Enterprise Linux. Lineox believes that free market will provide the best support network for our products. There already exists a kind of market place for Linux support, but Lineox wishes to improve it. Linux Consultants Guide already provides a directory of Linux consultants, so there is no need for Lineox to duplicate that effort. Lineox can however provide information on how active a particular consultant is by following Lineox products sales figures. Lineox can also create a list of consultants who support Lineox products and what kind of support they provide. How to join the Lineox Enterprise Linux Support Partner Program === First you should add your information to the Linux Consultants Guide if you haven't done that already and then send us email. You should mention if you would like to become a Lineox reseller, what kind of support you can offer to our products, and how we could develop our Support Partner Program. We will then provide on our web site a link to your Linux Consultants Guide entry and work out a structure how to best categorize and present support providers. We will develop our Support Partner Program based on response we receive, so it is important that you provide input. We believe that at this stage we should not bind our Support Partner Program to any strict format, but build it to satisfy the needs of our partners. Why become Lineox reseller = Selling products might not be your main business, but if you need Lineox Enterprise Linux 3.0 disks, you can buy them at cheaper dealer prices, if you order at least 5 disks at a time. Our reseller program is open to all, but EU based companies must provide intra-EU VAT code, minimum order is 5 disks, and we accept only PayPal payments. Lineox Enterprise Linux 3.0 === Lineox Enterprise Linux 3.0 contains all freely distributable packages from Red Hat Enterprise Linux 3.0 Advanced Server ($1499), Red Hat Cluster Suite ($499), and Red Hat Developer Suite (free as an introductory offer for RHEL subscribers). Lineox Enterprise Linux 3.0 does not contain any support. Lineox is however offering program package updates for free for a limited time and later as a paid subscription. Lineox Enterprise Linux 3.0 is available immediately directly from www.lineox.com and soon also from resellers. The suggested retail price is 17.90 Euro for DVD-ROM and approximately 20 USD/Euro for separately sold printed Lineox Enterprise Linux 3.0 Installation Guide. Further information: www.lineox.com, [EMAIL PROTECTED] Support Partner Program: http://www.lineox.com/SupportPartners.php Reseller page: http://www.lineox.com/4reseller.php ---End Message---
OT - [Fwd: Lineox Enterprise Linux Support Partner Program]
Okay, im sorry to post this here. I dont know why a linux distro is sending me spam. I wonder if any of you guys also got this. I dont think its acceptable for a linux distro to fall down to this level and so, i am posting this here in order for them to find out what the linux community thinks of spammers, spammer buyers and spammer supporters (and just exactly what we think is spam). The reason im saying this is spam is that the return address is invalid. Im guessing anyone in the Linux Consultant HowTo got this but maybe it was also harvested from this list. Sorry again, dont hesitate to tell me im an idiot if this is far-fetched and of no interest to this list. ---BeginMessage--- Lineox Enterprise Linux Support Partner Program === Lineox Enterprise Linux is sold without bundled support. This creates a business opportunity for companies and consultants who can offer support for Lineox Enterprise Linux. Lineox believes that free market will provide the best support network for our products. There already exists a kind of market place for Linux support, but Lineox wishes to improve it. Linux Consultants Guide already provides a directory of Linux consultants, so there is no need for Lineox to duplicate that effort. Lineox can however provide information on how active a particular consultant is by following Lineox products sales figures. Lineox can also create a list of consultants who support Lineox products and what kind of support they provide. How to join the Lineox Enterprise Linux Support Partner Program === First you should add your information to the Linux Consultants Guide if you haven't done that already and then send us email. You should mention if you would like to become a Lineox reseller, what kind of support you can offer to our products, and how we could develop our Support Partner Program. We will then provide on our web site a link to your Linux Consultants Guide entry and work out a structure how to best categorize and present support providers. We will develop our Support Partner Program based on response we receive, so it is important that you provide input. We believe that at this stage we should not bind our Support Partner Program to any strict format, but build it to satisfy the needs of our partners. Why become Lineox reseller = Selling products might not be your main business, but if you need Lineox Enterprise Linux 3.0 disks, you can buy them at cheaper dealer prices, if you order at least 5 disks at a time. Our reseller program is open to all, but EU based companies must provide intra-EU VAT code, minimum order is 5 disks, and we accept only PayPal payments. Lineox Enterprise Linux 3.0 === Lineox Enterprise Linux 3.0 contains all freely distributable packages from Red Hat Enterprise Linux 3.0 Advanced Server ($1499), Red Hat Cluster Suite ($499), and Red Hat Developer Suite (free as an introductory offer for RHEL subscribers). Lineox Enterprise Linux 3.0 does not contain any support. Lineox is however offering program package updates for free for a limited time and later as a paid subscription. Lineox Enterprise Linux 3.0 is available immediately directly from www.lineox.com and soon also from resellers. The suggested retail price is 17.90 Euro for DVD-ROM and approximately 20 USD/Euro for separately sold printed Lineox Enterprise Linux 3.0 Installation Guide. Further information: www.lineox.com, [EMAIL PROTECTED] Support Partner Program: http://www.lineox.com/SupportPartners.php Reseller page: http://www.lineox.com/4reseller.php ---End Message---
Re: FreeBSD/ Redhat / Debian
There is a very young thread about this in the list archives...look in there, then come with more speciffic doubts...:) El lun, 19-01-2004 a las 13:58, Vahric MUHTARYAN escribió: Hi Everybody , I will be new user of Debian. For quick tour I want to learn and I want to get your advise about Comparing other OS with Debian . Do you have any link about some test with Debian and athor OS, Please share you exprience with me .. Thanks Vahric MUHTARYAN -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: FreeBSD/ Redhat / Debian
Browse through the bug pages, bugs.debian.org and related pages linked to from the debian.org site The debian quality control process is thoroughly documented, absolutly open and streneusly enforced. You will find why this is the best of breed platform for standards compliant, secure internet services deployment. El lun, 19-01-2004 a las 17:50, Vahric MUHTARYAN escribió: Thanks, Where can I find last bugfixes or history of bugfix of Debian . Maybe you know FreeBSD is more clearly history then other OSs. I consider some things too, Does Debian end can be like Redhat and Suse , because after redhat , debian is really most used OS ?! Vahric -Original Message- From: George Georgalis [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 1:32 AM To: [EMAIL PROTECTED] Subject: Re: FreeBSD/ Redhat / Debian On Mon, Jan 19, 2004 at 06:00:55PM -0500, George Georgalis wrote: On Mon, Jan 19, 2004 at 09:58:48PM +0200, Vahric MUHTARYAN wrote: Hi Everybody , I will be new user of Debian. For quick tour I want to learn and I want to get your advise about Comparing other OS with Debian . Do you have any link about some test with Debian and athor OS, Please share you exprience with me .. I've not had time to look closely at this, but I've heard it's a fair linux/bsd comparison http://www.over-yonder.net/~fullermd/rants/bsd4linux/ let me know if anyone sees an inaccuracy! okay just took a closer look, it's bsd biased. but if you want to know why BSD lovers love BSD you have some good arguments, just remember, there is more to Linux than in this article. Every OS/distro has idiosyncrasies, weigh the benefits and choose the idiosyncrasies you want to deal with. The author obviously hasn't chosen Linux idiosyncrasies. BTW - re RedHat vs Debian. RH is slanted more toward GUI administration/philosophy while Debian allows you a finer control but more controls are pushed to the command line. Debian is easier/better for me but RH is more popular in some industries, for example. // George -- George Georgalis, Admin/Architect cell: 646-331-2027IXOYE Linux Infrastructure, Security mailto:[EMAIL PROTECTED] Services, Multimedia and Metrics. http://www.galis.org/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FreeBSD/ Redhat / Debian
There is a very young thread about this in the list archives...look in there, then come with more speciffic doubts...:) El lun, 19-01-2004 a las 13:58, Vahric MUHTARYAN escribió: Hi Everybody , I will be new user of Debian. For quick tour I want to learn and I want to get your advise about Comparing other OS with Debian . Do you have any link about some test with Debian and athor OS, Please share you exprience with me .. Thanks Vahric MUHTARYAN
RE: FreeBSD/ Redhat / Debian
Browse through the bug pages, bugs.debian.org and related pages linked to from the debian.org site The debian quality control process is thoroughly documented, absolutly open and streneusly enforced. You will find why this is the best of breed platform for standards compliant, secure internet services deployment. El lun, 19-01-2004 a las 17:50, Vahric MUHTARYAN escribió: Thanks, Where can I find last bugfixes or history of bugfix of Debian . Maybe you know FreeBSD is more clearly history then other OSs. I consider some things too, Does Debian end can be like Redhat and Suse , because after redhat , debian is really most used OS ?! Vahric -Original Message- From: George Georgalis [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 1:32 AM To: debian-isp@lists.debian.org Subject: Re: FreeBSD/ Redhat / Debian On Mon, Jan 19, 2004 at 06:00:55PM -0500, George Georgalis wrote: On Mon, Jan 19, 2004 at 09:58:48PM +0200, Vahric MUHTARYAN wrote: Hi Everybody , I will be new user of Debian. For quick tour I want to learn and I want to get your advise about Comparing other OS with Debian . Do you have any link about some test with Debian and athor OS, Please share you exprience with me .. I've not had time to look closely at this, but I've heard it's a fair linux/bsd comparison http://www.over-yonder.net/~fullermd/rants/bsd4linux/ let me know if anyone sees an inaccuracy! okay just took a closer look, it's bsd biased. but if you want to know why BSD lovers love BSD you have some good arguments, just remember, there is more to Linux than in this article. Every OS/distro has idiosyncrasies, weigh the benefits and choose the idiosyncrasies you want to deal with. The author obviously hasn't chosen Linux idiosyncrasies. BTW - re RedHat vs Debian. RH is slanted more toward GUI administration/philosophy while Debian allows you a finer control but more controls are pushed to the command line. Debian is easier/better for me but RH is more popular in some industries, for example. // George -- George Georgalis, Admin/Architect cell: 646-331-2027IXOYE Linux Infrastructure, Security mailto:[EMAIL PROTECTED] Services, Multimedia and Metrics. http://www.galis.org/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Services in a ISP
jabber.org Has clients in EVERYTHING and an opensource server. Its very well tested. El jue, 08-01-2004 a las 06:37, Ghe Rivero escribió: Hi people! I need to provided some basic services for an ISP. I have almost everything resolved except a chat services. The server is running but i cann find any software to access it via web. Anybody knows something? Thx in advanced Ghe Rivero PD.- Apart of this, do you know any software for a search engine (for the web) and to create the web map? Thx again -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Considering Debian (currently using Red Hat)
Boy, are u gonna get answers El mié, 14-01-2004 a las 08:56, Fred Whipple escribió: Hi Everyone, I'd like to get some of your thoughts on a few things relating to the possibility of our company switching distributions from Red Hat to Debian. As most folks already know, Red Hat has drastically changed their strategy, and we ultimately must make *some* relatively drastic changes no matter what. And, we intend not to switch to RHEL (though not for financial reasons). This gives us the opportunity, welcome or not, to consider other distributions. And even other OS's -- we're frankly not closed to the idea of ultimately switching platforms entirely to BSD or Solaris. So with this in mind, 1.) One of the biggest reasons we went with Red Hat many years ago was RPM. Of course I know that Debian has a package system, and there're constant arguments about which is better, if either. What I wonder, though, is how they compare for the purposes of security checking. On a Red Hat system, practically any file or directory outside of /home can be found within the RPM database. We can check each and every file, its MD5 hash, etc. It's like having a built-in Tripwire installation so long as you trust the RPM database. We've modified the RPM installation such that we can trust it more than we trust Tripwire. Do Debian packages have similar security built-in? Yes although it wouldnt be safe to say ALL files in every package as some of the files (as config files) are generated from pre or postinstall proceses and thus are likely to say. Anyhow. Debian comes with a debsums command that takes the deb database and does an md5 comparission of everything. Its quite effective. Ive used aide, tiger and integrit as local IDS systems and they do their job quite well. Ive never fiddled with tripwire though. Those will do the debsums check for you plus, depending on package, will conduct other similar testing procedures to detect filesystem changes. 2.) A related reason we used Red Hat was that practically anything you could want to use was pre-packaged in a simple to install RPM. And they were typically pretty high quality RPM's, and very often well maintained. Do admins typically find that they're able to find Debian packages for most software they're typically interested in using? I realise this varries greatly between markets, but I guess what I'm asking is do you usually find 70% of the packages you're interested in in Debian package format, and well maintained? 80%? Just a general idea. Well. Its a tradeoff there. Third party (non distro) software is almost allways distributed in rpm's. This makes it much easyer for admins to integrate that packages into your stuff. Debian is another taco there, we have an authoritative source of packages (the debian project) and most packages youll ever need are there. Third party debian packaged software is generally complex to safely integrate into debian because non-stable debian moves a lot (thus many prefer the testing and unstable distribution, depending on usage) so most projects find it a PITA to manage debs as third party. On the other hand, debian makes it very easy for you to take a tarball and turn it into a safely installable (for whatever debian version you use) packacge through the dpkg-buildpackage command. If the third party package is GNU-style compatible (has a configure, make, make install style of distribution), dpkg-buildpackage will build you your deb and you can then install it with the equivalent of the redhat rpm command for debian, called dpkg. Finally, debian supports you tracking packages from different versions of it. Say, you want a stable (read OLD) setup for all email related services, but you need a younger version of apache. You can quite troublessly install the apache for debian/testing (which is younger) into your debian/stable setup, and it will only install whatever testing versions of the apache dependencies you need, thus leaving your email services safely in their old versions (unless they depend on the same libraries as the younger apache). 3.) I read quite a bit of the Web site, and see that in general, releases seem to be very far and few between. This is advantageous to ISP's, of course, because we want things to just work. Is my perception correct in that releases are far apart? When is the next release expected? How significant is the difference from, say, 3.0 and Yes. Very very far appart. Between stable releases what differs is just package versions, installation software upgrades and a whole lot of new packages. Naturally, they also change in administration software (see all the debian update-* commands, which make it easy to manage a lot of things) 3.1. Can you just install a bunch of packages and call it an upgrade, or do you have to go through a whole ordeal as you do between Red Hat .X versions? You can just install a bunch of
Re: Intel Hyperthreading problem on server?
I do not appear to be having the same problem you guys are. The machine does not have a high load, but has not exhibited any problems whatsoever. Running vanilla source 2.4.23 from kernel.org. Are you using Debian kernel packages or vanilla source? Any other magic going on? Possibly a bug in some other DSO you're using? Yeah, this may make sense. i do use some pretty heavy php modules (xslt and dom), but the reference deployment in non-smp does the exact same thing and does not crash. Do you use high memory support? It may be all mixed up to that. Sorry if I missed some relevant part of the thread. :-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Intel Hyperthreading problem on server?
I do not appear to be having the same problem you guys are. The machine does not have a high load, but has not exhibited any problems whatsoever. Running vanilla source 2.4.23 from kernel.org. Are you using Debian kernel packages or vanilla source? Any other magic going on? Possibly a bug in some other DSO you're using? Yeah, this may make sense. i do use some pretty heavy php modules (xslt and dom), but the reference deployment in non-smp does the exact same thing and does not crash. Do you use high memory support? It may be all mixed up to that. Sorry if I missed some relevant part of the thread. :-)
Re: Intel Hyperthreading problem on server?
Except in my case, this error ONLY appears if SMP support is compiled into the kernel, otherwise, it runs smooth with very high load. Apache doesn't immediately have the problem with SMP compiled in tho... it takes maybe an hour or two before the problem appears. That is consistent with what im seeing. Same debian woody apache+php version on a single procesor box, no problem. Take that to HT dual pIV, and apache crashes from segv -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Intel Hyperthreading problem on server?
Except in my case, this error ONLY appears if SMP support is compiled into the kernel, otherwise, it runs smooth with very high load. Apache doesn't immediately have the problem with SMP compiled in tho... it takes maybe an hour or two before the problem appears. That is consistent with what im seeing. Same debian woody apache+php version on a single procesor box, no problem. Take that to HT dual pIV, and apache crashes from segv
Re: Intel Hyperthreading problem on server?
El mar, 16-12-2003 a las 12:39, Jason Lim escribió: Just noticed one more thing... it appears to be Apache causing the super high load (among other programs running) when SMP is compiled into the kernel, and with a bunch of errors in syslog: [Wed Dec 17 02:27:37 2003] [notice] child pid xx exit signal Segmentation fault (11) (and a whole bunch of these errors, like 50 lines) I did a search and someone said it has to do with Apache requesting memory that it doesn't own or something: http://lists.debian.org/debian-apache/2002/debian-apache-200207/msg5.html Mhm... i dont want to be hasty, but it seems im looking at exactly this problem for a very memory hungry php application but that doesn't really help in this case, unless you guys can think of a different angle on this? - Original Message - From: Jason Lim [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 11:23 PM Subject: Intel Hyperthreading problem on server? Hi All... Do you guys know anything about a problem with Intel Hyperthreading (eg. on the Intel 2.4Ghz HT-enabled processor) that would cause the load average to jump to over 200? Here is the log line: Dec 16 22:48:17 be watchdog[250]: loadavg 203 101 40 is higher than the given threshold 200 150 100! (then it reboots) This happened on the 2.4.22 kernel, and now I tried it with the 2.4.23 kernel, and it has the same problem. When the kernel is compiled WITHOUT SMP support, the kernel works fine, and it can have uptimes of months without any problem. But when SMP is compiled in, and the HT processor is correctly identified (and top can see CPU0 and CPU1), then it only takes about an hour or two of operation before the load average jumps like that. Note that this is with Debian woody/stable, and with a clean kernel.org kernel. Do you guys know anything about this, or have any ideas where I should look? Is there something in Woody that isn't friendly with SMP or perhaps HyperThreading processors? Thanks in advance. Sincerely, Jas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Intel Hyperthreading problem on server?
Well, its not that the kernel does not detect the ht, it does and quite fine (shows lots of processors in the box and all). The problem is that apache is crashing under high load with a segfault. Now, as i understand it, this can be a faulty hardware problem (bad memory=segfault) or an actual software problem. Im not shure, but im having this problem as well with an HT server and have not been able to rule out the possibility of a faulty hardware thing. Nonetheless, this can also be, for example, an ugly module in woodies php4 which are particluarly edgy (xslt for example) under high load due to them being in beta stage by the time woody froze. El mar, 16-12-2003 a las 20:07, Theodore Knab escribió: I am using the 2.4.20 kernel with SMP support on a Hyper-threading Intel. I remember having problems getting it work with SMP support initially. I think the kernel has to be perfect. ;-) Do you have high memory support compiled in ? High memory support above 4GB might cause problems. If you do not have more than 2GB of RAM you should make sure that High memory support is not enabled. Also did you enable hyper-threading in BIOS ? Auto-detect modes might cause problems. http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/tips0175.html?Open My system: Linux tedsdesk 2.4.20 #22 SMP Mon Jul 21 14:53:07 EDT 2003 i686 GNU/Linux [EMAIL PROTECTED]:cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 1 model name : Intel(R) Pentium(R) 4 CPU 1.50GHz stepping: 2 cpu MHz : 1495.172 cache size : 256 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm bogomips: 2981.88 The ht in the flags section tells me hyper threading is being recognized. On 16/12/03 23:23 +0800, Jason Lim wrote: Hi All... Do you guys know anything about a problem with Intel Hyper-threading (eg. on the Intel 2.4Ghz HT-enabled processor) that would cause the load average to jump to over 200? Here is the log line: Dec 16 22:48:17 be watchdog[250]: loadavg 203 101 40 is higher than the given threshold 200 150 100! (then it reboots) This happened on the 2.4.22 kernel, and now I tried it with the 2.4.23 kernel, and it has the same problem. When the kernel is compiled WITHOUT SMP support, the kernel works fine, and it can have uptimes of months without any problem. But when SMP is compiled in, and the HT processor is correctly identified (and top can see CPU0 and CPU1), then it only takes about an hour or two of operation before the load average jumps like that. Note that this is with Debian woody/stable, and with a clean kernel.org kernel. Do you guys know anything about this, or have any ideas where I should look? Is there something in Woody that isn't friendly with SMP or perhaps Hyper-Threading processors? Thanks in advance. Sincerely, Jas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- -- Ted Knab Chester, MD 21619 -- 35570707f6274702478656021626f6c6964796f6e602f66602478656 02e6164796f6e60237471647560216e6460276c6f62616c60257e696 4797e2a0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Intel Hyperthreading problem on server?
El mar, 16-12-2003 a las 12:39, Jason Lim escribió: Just noticed one more thing... it appears to be Apache causing the super high load (among other programs running) when SMP is compiled into the kernel, and with a bunch of errors in syslog: [Wed Dec 17 02:27:37 2003] [notice] child pid xx exit signal Segmentation fault (11) (and a whole bunch of these errors, like 50 lines) I did a search and someone said it has to do with Apache requesting memory that it doesn't own or something: http://lists.debian.org/debian-apache/2002/debian-apache-200207/msg5.html Mhm... i dont want to be hasty, but it seems im looking at exactly this problem for a very memory hungry php application but that doesn't really help in this case, unless you guys can think of a different angle on this? - Original Message - From: Jason Lim [EMAIL PROTECTED] To: debian-isp@lists.debian.org Sent: Tuesday, December 16, 2003 11:23 PM Subject: Intel Hyperthreading problem on server? Hi All... Do you guys know anything about a problem with Intel Hyperthreading (eg. on the Intel 2.4Ghz HT-enabled processor) that would cause the load average to jump to over 200? Here is the log line: Dec 16 22:48:17 be watchdog[250]: loadavg 203 101 40 is higher than the given threshold 200 150 100! (then it reboots) This happened on the 2.4.22 kernel, and now I tried it with the 2.4.23 kernel, and it has the same problem. When the kernel is compiled WITHOUT SMP support, the kernel works fine, and it can have uptimes of months without any problem. But when SMP is compiled in, and the HT processor is correctly identified (and top can see CPU0 and CPU1), then it only takes about an hour or two of operation before the load average jumps like that. Note that this is with Debian woody/stable, and with a clean kernel.org kernel. Do you guys know anything about this, or have any ideas where I should look? Is there something in Woody that isn't friendly with SMP or perhaps HyperThreading processors? Thanks in advance. Sincerely, Jas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Intel Hyperthreading problem on server?
Well, its not that the kernel does not detect the ht, it does and quite fine (shows lots of processors in the box and all). The problem is that apache is crashing under high load with a segfault. Now, as i understand it, this can be a faulty hardware problem (bad memory=segfault) or an actual software problem. Im not shure, but im having this problem as well with an HT server and have not been able to rule out the possibility of a faulty hardware thing. Nonetheless, this can also be, for example, an ugly module in woodies php4 which are particluarly edgy (xslt for example) under high load due to them being in beta stage by the time woody froze. El mar, 16-12-2003 a las 20:07, Theodore Knab escribió: I am using the 2.4.20 kernel with SMP support on a Hyper-threading Intel. I remember having problems getting it work with SMP support initially. I think the kernel has to be perfect. ;-) Do you have high memory support compiled in ? High memory support above 4GB might cause problems. If you do not have more than 2GB of RAM you should make sure that High memory support is not enabled. Also did you enable hyper-threading in BIOS ? Auto-detect modes might cause problems. http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/tips0175.html?Open My system: Linux tedsdesk 2.4.20 #22 SMP Mon Jul 21 14:53:07 EDT 2003 i686 GNU/Linux [EMAIL PROTECTED]:cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 15 model : 1 model name : Intel(R) Pentium(R) 4 CPU 1.50GHz stepping: 2 cpu MHz : 1495.172 cache size : 256 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm bogomips: 2981.88 The ht in the flags section tells me hyper threading is being recognized. On 16/12/03 23:23 +0800, Jason Lim wrote: Hi All... Do you guys know anything about a problem with Intel Hyper-threading (eg. on the Intel 2.4Ghz HT-enabled processor) that would cause the load average to jump to over 200? Here is the log line: Dec 16 22:48:17 be watchdog[250]: loadavg 203 101 40 is higher than the given threshold 200 150 100! (then it reboots) This happened on the 2.4.22 kernel, and now I tried it with the 2.4.23 kernel, and it has the same problem. When the kernel is compiled WITHOUT SMP support, the kernel works fine, and it can have uptimes of months without any problem. But when SMP is compiled in, and the HT processor is correctly identified (and top can see CPU0 and CPU1), then it only takes about an hour or two of operation before the load average jumps like that. Note that this is with Debian woody/stable, and with a clean kernel.org kernel. Do you guys know anything about this, or have any ideas where I should look? Is there something in Woody that isn't friendly with SMP or perhaps Hyper-Threading processors? Thanks in advance. Sincerely, Jas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- -- Ted Knab Chester, MD 21619 -- 35570707f6274702478656021626f6c6964796f6e602f66602478656 02e6164796f6e60237471647560216e6460276c6f62616c60257e696 4797e2a0
Re: Software for a NIC (Network Information Center)
I think, the full Hardware/Software can not exceed 150k US$, better less. (the cost does not inlude the Online-UPS) I think the largest cost wont be in actual software infrastructure but in value added infrastructure. Do you want people to buy the domains online, that will cost. Do you want them to be able to receive e-invoices according to some standards or do you want it to integrate to an invoicing system that works for your country, that will cost. The bandwith, that will cost. Offsite Backups, backup system, redundant storage...that may cost...if you really really need it. But not more than an extra 50k for a small redundant NAS. Do you want to run a toplevel domain? Hey, that goes for well less than 20k dollars easy with a couple of redundant servers. It will do for hundreds of thousends (probably millions) of domains. With redundant power supplies and a redundant active/passive pair setup (two servers for the primary, two for the secondary). Since it is a Debian list, I will mention only free software, of course. Naturally! I say, pocket the rest of the 150k and send some this way! LEX Step One Group www.sogrp.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: bind9 vs tinydns vs others
On Tue, 2003-12-02 at 09:46, David Zejda wrote: what do you prefer for authoritative dns? experiences/stability...? i have no verbose bind knowledge yet. Please explore the list for a three month very fun discussion about it (i still remember it). thanks David
Re: Software for a NIC (Network Information Center)
I think, the full Hardware/Software can not exceed 150k US$, better less. (the cost does not inlude the Online-UPS) I think the largest cost wont be in actual software infrastructure but in value added infrastructure. Do you want people to buy the domains online, that will cost. Do you want them to be able to receive e-invoices according to some standards or do you want it to integrate to an invoicing system that works for your country, that will cost. The bandwith, that will cost. Offsite Backups, backup system, redundant storage...that may cost...if you really really need it. But not more than an extra 50k for a small redundant NAS. Do you want to run a toplevel domain? Hey, that goes for well less than 20k dollars easy with a couple of redundant servers. It will do for hundreds of thousends (probably millions) of domains. With redundant power supplies and a redundant active/passive pair setup (two servers for the primary, two for the secondary). Since it is a Debian list, I will mention only free software, of course. Naturally! I say, pocket the rest of the 150k and send some this way! LEX Step One Group www.sogrp.com
Re: apt-get bcm5700-module-2.4.18
On Thu, 2003-11-20 at 08:38, Dan MacNeil wrote: Two questions: 1) Has anyone done a: apt-get install bcm5700-module-2.4.18 Well, its a source module, so you will have to compile it for your running kernel. Other than that, ive a year and a half worth of uptime out of it on a woody install (gigabit and all) and it works well. This module is part of the standard woody release, no funny sources required as far as i know. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt-get bcm5700-module-2.4.18
Allthough its things like this that break ones automatically kernelbuildingsystem for +25 debianservers :( I use to have script that did build an *.deb package based on config in .config but now i need to come up with something clever that compile the source against the running kernel... and im not really a kernel guy other that i know howto configure and compile and install a kernel? Well. It being a debian module, if all kernels are homogeneous, you just need to build one deb among with your kernel and out it goes with it. Like make-kpkg modules_image will make your deb for the same revission of the kernel you are executing the command from. If youre in /usr/src/kernel-source-2.4.18 it will build for that, be elsewere and it will be for that other kernel. I think kernel-package can solve most problems of that kind of environment. Remember you can make it stamp revisions and all, and the built modules will be stamped as well. THink about ti. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt-get bcm5700-module-2.4.18
On Thu, 2003-11-20 at 08:38, Dan MacNeil wrote: Two questions: 1) Has anyone done a: apt-get install bcm5700-module-2.4.18 Well, its a source module, so you will have to compile it for your running kernel. Other than that, ive a year and a half worth of uptime out of it on a woody install (gigabit and all) and it works well. This module is part of the standard woody release, no funny sources required as far as i know.
Re: apt-get bcm5700-module-2.4.18
Allthough its things like this that break ones automatically kernelbuildingsystem for +25 debianservers :( I use to have script that did build an *.deb package based on config in .config but now i need to come up with something clever that compile the source against the running kernel... and im not really a kernel guy other that i know howto configure and compile and install a kernel? Well. It being a debian module, if all kernels are homogeneous, you just need to build one deb among with your kernel and out it goes with it. Like make-kpkg modules_image will make your deb for the same revission of the kernel you are executing the command from. If youre in /usr/src/kernel-source-2.4.18 it will build for that, be elsewere and it will be for that other kernel. I think kernel-package can solve most problems of that kind of environment. Remember you can make it stamp revisions and all, and the built modules will be stamped as well. THink about ti.
Re: CPU Utiliaztion on a ethernet bridge
Any firewall rules or logging mechanism? El mar, 18-11-2003 a las 15:12, Simon Allard escribió: I have setup a linux box with a 2.4.19 kernel. I am bridging 2 ethernet devices together using 3Com PCI 3c982 Dual Port cards. (3c59x). What I am seeing is that the module itself uses 30% of CPU to handle just 10mbit both ways (20mbit total). ~6000ps total. From what I have read on the bridge homepages I should be able to run this on a 486 as CPU has nothing to do with it. What am I doing wrong? bridge:~# brctl show bridge name bridge id STP enabled interfaces br0 8000.000475c9a6f9 yes eth1 eth2 bridge:~# lsmod Module Size Used byNot tainted limiter13064 0 (unused) bridge 16748 1 3c59x 25512 2 sis900 12388 1 bridge:~# cat /etc/modules # /etc/modules: kernel modules to load at boot time. # # This file should contain the names of kernel modules that are # to be loaded at boot time, one per line. Comments begin with # a #, and everything on the line after them are ignored. sis900 3c59x options=4,4,4,4 full_duplex=1,1,1,1 max_interrupt_work=1 bridge limiter in /etc/network/interfaces auto eth1 iface eth1 inet loopback auto eth2 iface eth2 inet loopback # Bridge Interface for eth1 + eth2 auto br0 iface br0 inet loopback pre-up brctl addbr br0 up brctl addif br0 eth1 up brctl addif br0 eth2 up brctl stp br0 on down brctl delif br0 eth1 down brctl delif br0 eth2 post-down brctl delbr br0 Does anyone have any ideas off the top of your head what could be causing this or be able to point me in the right direction for some documentation relating to this problem. Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: CPU Utiliaztion on a ethernet bridge
Any firewall rules or logging mechanism? El mar, 18-11-2003 a las 15:12, Simon Allard escribió: I have setup a linux box with a 2.4.19 kernel. I am bridging 2 ethernet devices together using 3Com PCI 3c982 Dual Port cards. (3c59x). What I am seeing is that the module itself uses 30% of CPU to handle just 10mbit both ways (20mbit total). ~6000ps total. From what I have read on the bridge homepages I should be able to run this on a 486 as CPU has nothing to do with it. What am I doing wrong? bridge:~# brctl show bridge name bridge id STP enabled interfaces br0 8000.000475c9a6f9 yes eth1 eth2 bridge:~# lsmod Module Size Used byNot tainted limiter13064 0 (unused) bridge 16748 1 3c59x 25512 2 sis900 12388 1 bridge:~# cat /etc/modules # /etc/modules: kernel modules to load at boot time. # # This file should contain the names of kernel modules that are # to be loaded at boot time, one per line. Comments begin with # a #, and everything on the line after them are ignored. sis900 3c59x options=4,4,4,4 full_duplex=1,1,1,1 max_interrupt_work=1 bridge limiter in /etc/network/interfaces auto eth1 iface eth1 inet loopback auto eth2 iface eth2 inet loopback # Bridge Interface for eth1 + eth2 auto br0 iface br0 inet loopback pre-up brctl addbr br0 up brctl addif br0 eth1 up brctl addif br0 eth2 up brctl stp br0 on down brctl delif br0 eth1 down brctl delif br0 eth2 post-down brctl delbr br0 Does anyone have any ideas off the top of your head what could be causing this or be able to point me in the right direction for some documentation relating to this problem. Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message.
Re: An insight of email traffic in universities
Sorry michael, i also sent this to you. It was a mistake, do not hit me. I am smaller and wear glasses El mié, 12-11-2003 a las 19:03, Michael Loftis escribió: well i can share summarized stats if you want, we're a small/midsize ISP though so we have heavier mail usage than a uni...I can say that for about 6k mailboxes we deliver about half a million to a million messages/day. Wow, thats a whole lot. I get, from another ISP, about 40k messages for the same 6k users. Lets have a look at the messages per user per day, u just divide 750,000/6000 thats um... kill the zeroes ... 116.6 messages per user per day. Damn. A lot. I get about that too, but im in like 3 high traffic mailing lists+all the spam known to man. Well, uwash claims to IO smtp at about 7 messages per user per day... and i have a consistent ratio in two other deployments one corporate, one ISP. This is after shaving spam hits i guess Anyone else knows what their messages per user per day is on a monthly average? Now, before and after shaving some spam? --On Wednesday, November 12, 2003 16:51 -0600 Alex Borges [EMAIL PROTECTED] wrote: Okay, here is a cool question about neat things like ye olde email farm in your uni. If u guys work at a university, it would be fun to know how many email boxes you have and how much email traffic do you get. This variables would be helpfull: a) Number of email I/O (bulk total, how many in, how many out) b) How many users u have Its a neat thing to know when youre starting to set one up yourself. For example, Uwash does 120k users 800k emails a day. I want to make a spreadsheet model to calculate the ammount of bandwidth and IOPS demanded by a maildir smtp farm depending on how many users there are, how many emails do they receive in a particular ammount of time, assuming that they are click crazy and check their email exactly at the time it arrives...etc. It will take into account that you have an IMAP farm for checking the emails and will also attempt to calculate the bw generated by click crazy monkeys. Ive just started making it but im worried that i will assume stupid things, so i wanna gather some more real data to see if its all fitting in. For example, i assume that all users have a workstation and are checking their email at the very same period where most of the email is arriving (thats what i call a worst case scenario). I know this will not make for a trustable model because of the complexity of usage prediction (can one really predict the next outlook worm?mhm... yes, come to think of it, it has a probability that approaches 1 as time passes...:-) that kind of thing. But i think it can provide some with insight modeling this kind of things. The fun part will be when i build a test farm just to see how crazy am i (or not?). So if anyone can/will spare some time to share this data and/or is interested in this kind of modeling (or know of a way that is -The Right Way- (TM)) take pity and post it to the list! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Michael Loftis Modwest Sr. Systems Administrator Powerful, Affordable Web Hosting GPG/PGP -- 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
An insight of email traffic in universities
Okay, here is a cool question about neat things like ye olde email farm in your uni. If u guys work at a university, it would be fun to know how many email boxes you have and how much email traffic do you get. This variables would be helpfull: a) Number of email I/O (bulk total, how many in, how many out) b) How many users u have Its a neat thing to know when youre starting to set one up yourself. For example, Uwash does 120k users 800k emails a day. I want to make a spreadsheet model to calculate the ammount of bandwidth and IOPS demanded by a maildir smtp farm depending on how many users there are, how many emails do they receive in a particular ammount of time, assuming that they are click crazy and check their email exactly at the time it arrives...etc. It will take into account that you have an IMAP farm for checking the emails and will also attempt to calculate the bw generated by click crazy monkeys. Ive just started making it but im worried that i will assume stupid things, so i wanna gather some more real data to see if its all fitting in. For example, i assume that all users have a workstation and are checking their email at the very same period where most of the email is arriving (thats what i call a worst case scenario). I know this will not make for a trustable model because of the complexity of usage prediction (can one really predict the next outlook worm?mhm... yes, come to think of it, it has a probability that approaches 1 as time passes...:-) that kind of thing. But i think it can provide some with insight modeling this kind of things. The fun part will be when i build a test farm just to see how crazy am i (or not?). So if anyone can/will spare some time to share this data and/or is interested in this kind of modeling (or know of a way that is -The Right Way- (TM)) take pity and post it to the list!
Re: turn a firewall into a wireless access point?
Well yeah, u just plug in your wi card, make shure its linux compatible and there are packages (apt-cache search them) that will help u in configuring the card to behave as an access point. vie, 07-11-2003 a las 07:16, Dale E Martin escribió: I was curious if there was software to turn my firewall into a wireless access point? I've got a shorewall setup that has net, loc, and dmz zones. My plan was to make a dmzw zone for the wireless. I've got an Orinoco card + an ISA/PCMCIA adapter that I plan on using for the wireless connectivity. I'm looking for ways to assign the ESID, manage ACLs, WEP, etc, like you would on a standalone access point. I realize even with these protections that the wireless setup will be easy to compromise - that's why I'm planning on making it part of a dmz. Anyways, thanks for any pointers. Take care, Dale -- Dale E. Martin, Clifton Labs, Inc. Senior Computer Engineer [EMAIL PROTECTED] http://www.cliftonlabs.com pgp key available -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: turn a firewall into a wireless access point?
Well yeah, u just plug in your wi card, make shure its linux compatible and there are packages (apt-cache search them) that will help u in configuring the card to behave as an access point. vie, 07-11-2003 a las 07:16, Dale E Martin escribió: I was curious if there was software to turn my firewall into a wireless access point? I've got a shorewall setup that has net, loc, and dmz zones. My plan was to make a dmzw zone for the wireless. I've got an Orinoco card + an ISA/PCMCIA adapter that I plan on using for the wireless connectivity. I'm looking for ways to assign the ESID, manage ACLs, WEP, etc, like you would on a standalone access point. I realize even with these protections that the wireless setup will be easy to compromise - that's why I'm planning on making it part of a dmz. Anyways, thanks for any pointers. Take care, Dale -- Dale E. Martin, Clifton Labs, Inc. Senior Computer Engineer [EMAIL PROTECTED] http://www.cliftonlabs.com pgp key available
Re: Sugesstions building a rather big mail system.
Im building one for about 120,000 little university brats and their teachers Ive already designed it and decided exactly that way... postfix, ldap, courier, san, apache, squirrelmail. BUT, we decided to split by breed. For example, we will use two Dual-P4Xeon 2Gb for the IMAP/POP, same for the SMTP (same kind of server, but another two servers). Then, the apache (which i am most afraid about) are the ones that spell trouble BIGTIME. This is because php/sm will prove to be the most resource intensive application in the farm (SMTP is simple, IMAP is simple). So we give it three of the same boxen and its own dual pair of LVS. THen, the backend, this will be two failover enabled boxes with postgres and openldap. They will be quad xeon 6GB ram. All of that, goes to the SAN. The local storage in each server should respond mostly to services cache necesities (a php cache for the apaches perhaps). Let me know what you guys think this whole farm is about twelve servers, 4 LVS (a pair for IMAP and SMTP and its own pair for apache), 2 IMAP/POP, 2 SMTP, 3 APACHE, 2 (bigger) Backend - SQL/LDAP and the SAN. El lun, 06-10-2003 a las 09:51, Theodore Knab escribió: How many servers do you have running this ? I have been approached about building a rather big mail system handling 500. existing accounts (running today on a windows based product (ick)) with a growth about 50.000 new accounts per year. The services needed is: smtp, pop3, imap4. I have used LVS for about 3y with good results for 30.000 accounts. But this is certainly a bigger project. Should I go for alteon or any other closed product or stick with LVS? Is there anyone on the list running such a system or have some comments about building such a system? (I do prefer to use OS/FS Software) Sounds like you have a fun project. I re-did a campus mail-system a few years ago here, and I still manage it. It is much smaller [and under powered] with only 3000+ users, but I have learned a lot running an Open Source mail system based on: Postfix [with LDAP] MTA Courier [with LDAP] IMAP OpenLDAP [ mail routing and accounts] Squirrel Mail [ Web-mail] In running my own open source mail system for a 1.5+ years, I would probably do a few things differently if I had the opportunity to setup one again. More specifically, I would probably use the SUN one product rather than Open Source. Although I do not know anything about SUN one [or IPlanet], it appears from this side of the fence to have simpler administrative tools and it has training. With open source you [alone] are the subject matter expert unless you find someone that is interested in learning and someone that you can trust. Since you are familiar with LVS, you should have no problem setting 2 [redundant] LVS systems up. You could balance the load between 10-20 IMAP servers. You might also be able to use the same 2 LVS systems to balance your load between the Web-mail servers. Crude Diagram [Firewall] | | | [LVS1][LVS2] | | [Fiber Only Switch] | Estimated Minimums needed for 500,000+ Email Users -- 10 IMAP servers [Courier IMAP 1 [Dual Xeon 1GHz] server /200 active users] w/ XFS filesystem and Debian Stable 20 Webmail Servers [Squirrel-mail 1 [Dual Xeon 1Ghz] server /100 active users] w/ XFS filesystem and Debian Stable 2 Databases Servers for authentication either [Mysql or OpenLDAP] w/ XFS filesystem and Debian Stable 2-4 MX Gateways running either Exim or Postfix MTA and SPAMD with w/ XFS filesystem and Debian Stable Amivisd 2 [Fiber Channel] SAN Volumes for [MAIL storage] redundancy. /Crude Diagram -- -- Ted Knab Chester, MD 21619 -- 940216d6021602a41607166696c656c202778696368602d65616e637 02940226c696e646c69702c6f667560256675627478696e67602a416 0716e6563756e2a0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: RFC2228-only FTP ?
But most of these people have commercial Windoze FTP clients that support some flavor of RFC2228 FTP security extensions. Of course, they are not technical and do not know which extensions they can use. All they know is someone sold them a secure FTP program and they can't understand why I want them to dump it and use the known-to-be-broken WinSCP instead. Whats broken in winscp? Its working fine for about 400 clients here -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Of SANS and IOS
Answer to self, now anyone that reads the list will know! According to this excelent (introductory) site: http://www.imperialtech.com/technology_whitepapers_Good_Performance.htm IOPs is a messure of the IO requests per second a device will give you. In the FC-SAN context, this IOps are actually blocks read/writen (makes sense, thats what i thought) to the device. Another interesting part in the site, mentions how overall performance is seldom a function only of the storage device, but clearly depends on the application. This means, for example, that if you make an Email delivery farm, the IOPS youll need will depend on the performance capabilility of your farm (the application being in this case an SMTP server cluster), which has obvious limitations (such as possible incomming bandwidth on the said cluster, the blocksize and innards of your filesystem) among certain statistically aquired or estimated variables (average email size comes to mind). So, basically, estimate the blocks per second your applications will require, and that will be your IOPS requirement. For example, one can take the Email farm as an example, you will need an imap server as well, thats a whole lot of read operations. Take you email size estimate, your number of received mails, estimate your number of peak concurrent users and add that to the IOPS you got for the SMTP. Thats your IOPS requirement combined. Makes senseanyone sees an inconsitency here? please correct me! here is another page: http://www.netapp.com/tech_library/3239.html This one is like a sales bid, but it has interesting points... like, dont trust vendors that dont publish the blocksize that they used to messure IOPS performance same goes for the throughput value I hope more ppl contribute to this email, its a subdocumented topic in the OSS world (you wont find it -YET- in the LDP) El vie, 19-09-2003 a las 17:08, Alex Borges escribió: Anyone knows What The FARKS is that IOs unit the HP SAN folk keep talking about? Like in, yeah, this thing can take 2000 IOS per second. How many bytes is an IOs supposed to be? An IO==Device blocksize or WTF? It seems like most that have bought a SAN knows how many IOs it is worth, but noone knows what an IOs is (yeah, Input Output Operation) I know how many Gbps i need, not how many IOs, how do i go from one to the other? My guess is that its the blocksize of the fs that i plan to use. If so, ican divide my X Gbps between 8 to get GBps, then between 4000 to get the blocks per seconds i needwould that map into IOS? Treacherous salesmen everywhere! Lex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Of SANS and IOS
Anyone knows What The FARKS is that IOs unit the HP SAN folk keep talking about? Like in, yeah, this thing can take 2000 IOS per second. How many bytes is an IOs supposed to be? An IO==Device blocksize or WTF? It seems like most that have bought a SAN knows how many IOs it is worth, but noone knows what an IOs is (yeah, Input Output Operation) I know how many Gbps i need, not how many IOs, how do i go from one to the other? My guess is that its the blocksize of the fs that i plan to use. If so, ican divide my X Gbps between 8 to get GBps, then between 4000 to get the blocks per seconds i needwould that map into IOS? Treacherous salesmen everywhere! Lex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Help] Find server hardware stress/benchmark tools on linux box
Im shure russel coker is arround He made the coolest stress benchamrks arround. All Free baby! Try: Bonnie++For testing your disks/storage (you can BM a samba share if you want for example) slapper For testing your ldap postal To kill your smtp There are more. Intel has also an io/something stuff that is supposed to work. If you ask me its pretty sucky, id go with bonnie++ every time. Now, benchmark is more in the technique and the statistic accuracy than in the software itself. Make shure you use a good test farm, for example grab a couple/three of old boxes that SHOULD have the combined power to stress your servers. This is important, the bigger your test farm, the better the stress. Also, sincronize it all by ntp so that you get accurate logs everywhere and can cross search and analyze all the data. If at first your servers just humm nicely, your test farm is not big enough. Get enough to make those servers cry. El mar, 16-09-2003 a las 12:03, axacheng escribió: Hello List : We're 2 intel base testing servers need to stress/benchmark for hardware stability and reliability those are testing servers runing Debian woody... Anyone has any good advice? -- Trust Unique ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Virtual Hosting
If your clients get domains, buy service by domain, dont care about it at all, go for it. You can chroot ftp/dav..etc, then they wont even know it. El mar, 16-09-2003 a las 13:34, Rod Rodolico escribió: Long time ago, I ran a dozen domains or so off one IP. Then, did a colo with a lot of IP's and have each domain running on its own. Now I have a chance to decrease my colo costs significantly, but only 8 IP's come with the service (I can get more, but it gets more expensive). I can not think of any drawbacks to doing it. I only offer web, ftp and mail service (apache, proftp and exim). The only thing I can think of is that reverse dns will not work correctly, but I see no reason that should impact these services. Any thoughts? Rod -- BRITANNUS(shocked): Caesar, this is not proper. THEODOTUS(outraged): How? CAESAR (recovering his self-possession): Pardon him, Theodotus: he is a barbarian, and thinks that the customs of his tribe and island are the laws of nature. Caesar and Cleopatra, Act II --George Bernard Shaw -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
It all depends qmail has a very non standard way of being managed. Its almost meta-unix. That said, its VERY flexible, extremely powerfull, once you get a hang of it INCREDEBLY EASY to manage. And it has no paralell in security (AGES and AGES better than sendmail) Sadly, its non free. You cannot distribute binaries of it, you can not distribute it modified (have to distribute the patches separately). Even if debian has very good packages for it, the license defeats the good system in debian so you still have to go through some extra work to get it to work. Anything you want to do to it in terms of features is patch and recompile. Anyhow, qmail is what i use for the big things, postfix for the small things, sendmail is an urban legend. I HATE it. El jue, 04-09-2003 a las 00:43, Rudi Starcevic escribió: Hi, Sorry to bother you all with this repeat question. I've have searched around and seen plenty of opinions but I'd like to ask again and get the latest from this list. Sendmail or Qmail ? That is my question. Currently we use Sendmail. It's worked fine, well actually problem free so better than fine - I've got the Sendmail book and all. However we will be setting up some new email servers soon and I'm considering Qmail. As I hold this list in high regard I'll base my final decision on the feedback I get from this list. At this stage I'm leaning towards sticking with Sendmail but something inside wants to know more about Qmail. If you *had* to pick one of these two which would it be ? Many thanks Best regards Rudi. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
El jue, 04-09-2003 a las 01:47, Jamie Baddeley escribió: so how does exim compare in all of this? It doesnt at all Not to ellaborate, but the subject says it all...even then. I hate exim too. jamie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
El jue, 04-09-2003 a las 07:58, Eric Sproul escribió: We chose OpenLDAP. At the time (1999), Qmail did not have LDAP support (correct me if I'm wrong). Sendmail did. Even if Qmail did have LDAP support then, Sendmail's source was *much* easier to dig through for the performance tuning we did. It does support LDAP now, and yes. You are right about the disk-io tradeoff. But, where reliability and lossless environments are needed, the way qmail does things ensure you NEVER loose mail, even if its all over a SAN or NFS setup. This is because it will return OK delivered or OK queued until it confirms it has been written. Its like postgresql. You can have it allways fsync (all writes, deletes inserts trigger a commit before they return OK), and it will slow down, need big iron. Or you can turn fsync off and live with the posibility of you loosing some data in a power outage. Mail is almost never a MUST HAVE thing though, i think for most its valid to just live with the posibility of loosing an email in the queue, or to have it half written to it. Not for me though, i like the secure,reliable thing and i did get some good big iron (two dell 2650 in a drbd cluster+heartbeat, 2 gigs ram). Also, i like the way qmail is done to be managable. Even then, i am trying to move to postfix as fast as i can. Not because of religion (i am religious too though, just really a sinner), but because it has a healthy community, its very very well supported in debian, it has very little of sendmail nonsense (i was reading the 7th edition unix redbook...damn, even back then, people already hated it), and its GPL (-a nice cherry on top that is, master yoda said.). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Software for WLAN Hotspot
The new buzzword for solutions to the wifi solution provider is VBN or visitor based networking. Dumb boxes that force each user to authenticate, then take appropriate steps in the firewall/proxy...etc. There was a thread about that a couple of months before. Please dont go and buy a cisco box. I think we need a FLOSS VBN box in debian. Im interested in doin it too. El vie, 15-08-2003 a las 10:35, Kay-Michael Voit escribió: Hi, I'm considering to build up a public wlan hotspot. I need time-limited authentification, mainly for identity logging purposes, not for billing. I thougt about buying tickets (perhaps around 1 EUR/h) with time-limited username and password on it. Where should I put in the authentification? At the proxy? Which software should I use? afaik I have to open the wlan, do I? How do commercial solutions work? I need only very basic answer, only something to search for. I don't really know what to begin with Thanks in advance, Kay -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Software for WLAN Hotspot
yes, the solution is plausible this way, but i do think the nocatauth ppl have some road ahead for this problem (perl based wifi authentication gateway). I mean, there are som many ways to do this. For example, the way they are doing it at airports. You go and buy a little card, fire up the wifi card, try and browse to debian.org. They have a redirect to a site in the gateway that asks for your little key. You give the key, then they let you out. Obviously, if the machine hit you, you have its key and ip address which you can autmatically make permanent in the dhcp server. So, for the time of the sesssion you have a positive key-ip pair that identifies a session. Im shure anyone here can think of a 100 ways to do this in a 1000 languages times 4 different webserving/proxy/firewall solutions. No cat auth sort of works this way, except it requieres the users to keep a web window open to not keep the time of the session. I think its a poor approach but its obvious that it wouldnt need to much klinking arround to approach this with crons and a a database. So, my recomendation is, before rolling your own, evaluate nocat. It looks easyer to start there and modify than starting all over again with a less numerous community. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apache + PHP4
El vie, 15-08-2003 a las 07:51, [EMAIL PROTECTED] escribió: Dear, I have a problem. I have instaled apache and php4 with apt-get, but when i don't comment the line: LoadModule php4_module /usr/lib/apache/1.3/mod_php4.so apache don't start. Help-me Help me help you. Whats the error log say when you start it up? /var/log/apache/error.log Rafael Domingues Pires Ourinhos - Brasil --- webmail.farolbr.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Process -:0
apt-get install chkrootkit chkrootkit It looks awfully like a punk emoticon to me. El jue, 14-08-2003 a las 11:52, [EMAIL PROTECTED] escribió: Hi, I was just doing some debugging on another problem and did a ps -eaf and saw the following line that looks very suspicious to me: UIDPID PPID C STIME TTY TIME CMD root 319 315 0 09:55 ? 00:00:00 -:0 It came up when I rebooted the system. I've googled for it and can't see any traces of it in syslog. Anyone have any idea what this process -:0 is and how to get rid of it if it is evil? thanks, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Process -:0 (OT)
Are you perhaps running X? I believe this process is an xdm child, which manages the primary display (:0). Now thats friendly! that one looks like babe, the brave pigglet. HTH, - Keegan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Symantec antivirus gateway
Has anyone tried it on woody? Claims to work on redhat Out of the box. I really dont want to mix that in so.any experiences? Lex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Webmail configuration for schools
El mar, 01 de 07 de 2003 a las 07:35, Ross, Chris escribió: I need to provide email access for 13,000 to 14,000 K12 students. Last school year we used Microsoft Exchange BY GOD, did he really say that? with extremely 1. Postfix with either mysql or LDAP for virtual user delivery. 2. Courier-imap with a web interface (squirrelmail, sqwebmnail etc.) (Courier-imap authentication is the tricky bit.) Sounds great! Since we have been using a SQL database to track user account information, I thought that mysql would be the best means of dealing with Postfix. It would be trivial to load mysql with the information that Postfix needs. My experience with active directory LDAP is not great. When using active directory as an LDAP server, it seams like there is always more fiddling than there should be. Would mysql hold up well in this sort of environment? (load, speed etc.) Hell, postfix/courier wont even need the database to scale to that (but you will for peace of mind and easy of reporting), it aint that big. Properly tunned mysql would work very well, postgress would also do the job very well. Hell, ive a 10K accounts system, it runs all of it on a single host with webmail (yeah, i know i push it too hard), and it doesnt even use the database and its nowhere near saturation. Course, its a qmail based system, not postfix, but there shouldnt be much of a difference. Courier-imap authentication is the big question in my mind. It would be great if we could use active directory to do authentication here. LDAP authentication probably won't work correctly. There is no compatible password available and LDAP bind authentication is problematic. Microsoft lets you do an LDAP bind even if your account is locked, your password has expired etc. Would Kerberos be a reasonable solution? I have no direct experience with Kerberos. Im not shure ms kerberos plays nice with other's kerberos. Would it be possible to authenticate the user by having the courier authentication daemon request a Kerberos ticket? It is my understanding that the imap server would not be granted a ticket if the client credentials were not authentic. It would also be possible to set up RADIUS authentication. Would RADIUS be a better solution? USE THE PAM. I mean it, use pam, youll be able to even do NT domain based autentication (albeit with some tweaking and lots and lots of stress testing). Id go with SQL authentication+pam, or even courier mysql standard authentication, then dump from the activedir from time to time. You can also use pam and kerberos i think, so you dont need courier to do kerberos itself. The only remaining issue is a policy related one. Students and or parents have to sign an Internet acceptable use policy for a student to get access to the Internet. (The person that has to sign depends on the age/grade level of the student.) If they have a signed form, we enter this in the SQL database along with their other account info. Currently, we provide email accounts to all students. If they don't have a singed form, they can only send email internally. Can postfix be configured to allow virtual users access to specific domains based on the user? Um... not shure cool idea though. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Webmail configuration for schools
El mar, 01 de 07 de 2003 a las 07:35, Ross, Chris escribió: I need to provide email access for 13,000 to 14,000 K12 students. Last school year we used Microsoft Exchange BY GOD, did he really say that? with extremely 1. Postfix with either mysql or LDAP for virtual user delivery. 2. Courier-imap with a web interface (squirrelmail, sqwebmnail etc.) (Courier-imap authentication is the tricky bit.) Sounds great! Since we have been using a SQL database to track user account information, I thought that mysql would be the best means of dealing with Postfix. It would be trivial to load mysql with the information that Postfix needs. My experience with active directory LDAP is not great. When using active directory as an LDAP server, it seams like there is always more fiddling than there should be. Would mysql hold up well in this sort of environment? (load, speed etc.) Hell, postfix/courier wont even need the database to scale to that (but you will for peace of mind and easy of reporting), it aint that big. Properly tunned mysql would work very well, postgress would also do the job very well. Hell, ive a 10K accounts system, it runs all of it on a single host with webmail (yeah, i know i push it too hard), and it doesnt even use the database and its nowhere near saturation. Course, its a qmail based system, not postfix, but there shouldnt be much of a difference. Courier-imap authentication is the big question in my mind. It would be great if we could use active directory to do authentication here. LDAP authentication probably won't work correctly. There is no compatible password available and LDAP bind authentication is problematic. Microsoft lets you do an LDAP bind even if your account is locked, your password has expired etc. Would Kerberos be a reasonable solution? I have no direct experience with Kerberos. Im not shure ms kerberos plays nice with other's kerberos. Would it be possible to authenticate the user by having the courier authentication daemon request a Kerberos ticket? It is my understanding that the imap server would not be granted a ticket if the client credentials were not authentic. It would also be possible to set up RADIUS authentication. Would RADIUS be a better solution? USE THE PAM. I mean it, use pam, youll be able to even do NT domain based autentication (albeit with some tweaking and lots and lots of stress testing). Id go with SQL authentication+pam, or even courier mysql standard authentication, then dump from the activedir from time to time. You can also use pam and kerberos i think, so you dont need courier to do kerberos itself. The only remaining issue is a policy related one. Students and or parents have to sign an Internet acceptable use policy for a student to get access to the Internet. (The person that has to sign depends on the age/grade level of the student.) If they have a signed form, we enter this in the SQL database along with their other account info. Currently, we provide email accounts to all students. If they don't have a singed form, they can only send email internally. Can postfix be configured to allow virtual users access to specific domains based on the user? Um... not shure cool idea though.
Re: Server hacked - next...?
El dom, 29 de 06 de 2003 a las 02:15, Jason Lim escribió: Okay... so supposing the whole system needs to be installed, we can make a backup of the home directory now... but after we restore everything, what is to stop the hacker immediately re-gaining access again? The server is a fully updated stable debian system. In fact, it was updated just yesterday. I'm thinking that even if we do all the trouble of a complete re-installation of the entire system, it won't fix this as it will get re-hacked again, especailly since we can't see what is going on anymore. What do you think? :-( You have to realize this is a normal step in the life of any sysadmin. So stop being worried and learn from it. 1.- Save all thats possible to save (homedirs, emails, homepages) 2.- Yeah, hard to believe an updated, all standard packages woody could be cracked. Its no normal, highschool script kiddie if he pulled that off (probably a college script kiddie though...;)...). Your box as is provides very good information, but you have to realize that, if you didnt take a couple of steps to forsee this, such as having a network flight recorder somewhere to do forensics on your dead box, its going to be hard to determine where and how did he got in. 2-1/2.- Do a list of ANY installed stuff that is not strict debian woody. I mean, web database administrators, counters, extra perl modules got from cpan (as oposed from apt-get isntall libperl...etc.). Its more probable that the first level vulnerability got in there (nevertheless, if you got hacked by a perl script, then the perl package, apache package or similar is borked). 3.- So, mirror your killed hard drive so that you can disect it later, set up the box again with certain limited things, say forbid cgi's and move to mod-perl and php, forbid ppl from having bash cgi's (since there is a good chance this is where they got in). What am i doing? I dunno, there is no checklist that will cover any site, this is what i would do and im not very experienced. But whatever you end up with, you should implement postmortem analysis capabilities to your site (couple of snort/tcpdump boxes and an actual formalization of your security policies will do). So policy is the thing here anyhow, work on that. Think of syslog-ng server, your tcpdump network capture server, snort ID analysys server, log analyzer for the syslog server. Once cracked all one can do is think better for the next time. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Server hacked - next...?
El dom, 29 de 06 de 2003 a las 02:15, Jason Lim escribió: Okay... so supposing the whole system needs to be installed, we can make a backup of the home directory now... but after we restore everything, what is to stop the hacker immediately re-gaining access again? The server is a fully updated stable debian system. In fact, it was updated just yesterday. I'm thinking that even if we do all the trouble of a complete re-installation of the entire system, it won't fix this as it will get re-hacked again, especailly since we can't see what is going on anymore. What do you think? :-( You have to realize this is a normal step in the life of any sysadmin. So stop being worried and learn from it. 1.- Save all thats possible to save (homedirs, emails, homepages) 2.- Yeah, hard to believe an updated, all standard packages woody could be cracked. Its no normal, highschool script kiddie if he pulled that off (probably a college script kiddie though...;)...). Your box as is provides very good information, but you have to realize that, if you didnt take a couple of steps to forsee this, such as having a network flight recorder somewhere to do forensics on your dead box, its going to be hard to determine where and how did he got in. 2-1/2.- Do a list of ANY installed stuff that is not strict debian woody. I mean, web database administrators, counters, extra perl modules got from cpan (as oposed from apt-get isntall libperl...etc.). Its more probable that the first level vulnerability got in there (nevertheless, if you got hacked by a perl script, then the perl package, apache package or similar is borked). 3.- So, mirror your killed hard drive so that you can disect it later, set up the box again with certain limited things, say forbid cgi's and move to mod-perl and php, forbid ppl from having bash cgi's (since there is a good chance this is where they got in). What am i doing? I dunno, there is no checklist that will cover any site, this is what i would do and im not very experienced. But whatever you end up with, you should implement postmortem analysis capabilities to your site (couple of snort/tcpdump boxes and an actual formalization of your security policies will do). So policy is the thing here anyhow, work on that. Think of syslog-ng server, your tcpdump network capture server, snort ID analysys server, log analyzer for the syslog server. Once cracked all one can do is think better for the next time.
Re: Migrating to a Compaq Proliant DL360G3
You should know that HP is debian friendly (they still wont offer support though), but they do work with debian internally and informally test. I use DELL big baddass servers and smaller (hwIDE-RAID Barracuda arrays) in HP and ive never had a problem at all... Ask the ones who want you to install redhat if they are also fine with paying the redhat service and support fees (you wont get far without it) and with major upgrades every year. Also suggest them to administer the servers themselves if they wish to have a take on the decition. All in all, be certain of what you are doing. If you know redhat better then its probably a better choice, if you know debian better (or the same as redhat) and you know why it would save time/money, then by all means use debian. El mar, 27 de 05 de 2003 a las 07:10, Tomàs Núñez Lirola escribió: Hi I must migrate my servers to Compaq Proliant DL360G3 machines. We're looking several IDCs, and all of them say Only support for RedHat, SuSE and Caldera. I want to use Debian (I don't like very much SuSE, I've not used neither Red Hat nor Caldera, and it's hard to change distro when you're happy with the one you have), but when I comment this point to the salesman, he says a lot of It's difficult It's not supported and things like that. Even I've found on a budget We don't take any responsibility on the installation, functionality or support in case you decide to install Debian. In this situation, my boss is evaluating the convenience of installing Debian on the servers, and he says he likes Red Hat. I've looked at Compaq website and I have not found any reference to Debian. As there are RAID controllers and specific server hardware that I don't know so far (I've never used hardware RAID at home ;P), I'm afraid of the difficulty I can find installing Debian in spite of everybody telling me to install Red Hat. Anyway... Does anybody have any experience with this machine (or similar) and Debian? Is there any website where I can take a look on the compatibility of this machine (or similar) and Debian? Do you recommend me to be stubborn and install Debian anyway? Thanks all -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
somehow OT - Configuring different bridged networks through dhcp
Hey ive inherited a strange networklooks like this: NET1 - Bridge | NET2 Othernets--DATACENTER Routers | | NET3 |- Bridge NET4 Okay ive been asked to provide DHCP centralized assignation to all hosts all over all the networks Its all okay until you hit the bridges. What happens is that the bridges are ethernet bridges (oxymoron?, i dont think so), this means they will come and ask for their dhcp packages looking exactly like an intranet host (to the dhcp server). This is a Bad Thing (TM) because those networks are not supposed to see each other. They are manually configured right now to achieve that same effect (why the hell did they bridge them then?, beats me, ive no use for the bridges). The dhcp clients are all win95/me/98/xp/2k mix, most shurely with 2003 coming too. What im wondering is id there is anything like the ClassIdentifier dhcp option for windows CLIENTS (i know ISC dhcp3 will work like bliss and assign different network configuration if the request carries its ClassIdi can make a dhcp.conf block based on that). Ive done it when the client is a radius server and it works, now, maybe there are other data that clients carry than can help me achieve the same effect? So, aint this a cool one? Any ideas? Lex Step One Group
Re: Migrating to a Compaq Proliant DL360G3
You should know that HP is debian friendly (they still wont offer support though), but they do work with debian internally and informally test. I use DELL big baddass servers and smaller (hwIDE-RAID Barracuda arrays) in HP and ive never had a problem at all... Ask the ones who want you to install redhat if they are also fine with paying the redhat service and support fees (you wont get far without it) and with major upgrades every year. Also suggest them to administer the servers themselves if they wish to have a take on the decition. All in all, be certain of what you are doing. If you know redhat better then its probably a better choice, if you know debian better (or the same as redhat) and you know why it would save time/money, then by all means use debian. El mar, 27 de 05 de 2003 a las 07:10, Tomàs Núñez Lirola escribió: Hi I must migrate my servers to Compaq Proliant DL360G3 machines. We're looking several IDCs, and all of them say Only support for RedHat, SuSE and Caldera. I want to use Debian (I don't like very much SuSE, I've not used neither Red Hat nor Caldera, and it's hard to change distro when you're happy with the one you have), but when I comment this point to the salesman, he says a lot of It's difficult It's not supported and things like that. Even I've found on a budget We don't take any responsibility on the installation, functionality or support in case you decide to install Debian. In this situation, my boss is evaluating the convenience of installing Debian on the servers, and he says he likes Red Hat. I've looked at Compaq website and I have not found any reference to Debian. As there are RAID controllers and specific server hardware that I don't know so far (I've never used hardware RAID at home ;P), I'm afraid of the difficulty I can find installing Debian in spite of everybody telling me to install Red Hat. Anyway... Does anybody have any experience with this machine (or similar) and Debian? Is there any website where I can take a look on the compatibility of this machine (or similar) and Debian? Do you recommend me to be stubborn and install Debian anyway? Thanks all
Re: Apache: one or more instances
El lun, 05 de 05 de 2003 a las 18:00, Eduard Ballester escribió: hi I have an Apache with several VirtualHost and now I have a doubt. Apache is ready to scale in a multiple virtual host environments without problems. Of course, if you can separate too apache's based on function (ssl vs non-ssl), as the article pointed by Jeremy's post suggests, its better to have two or more instances (or one for each porttake a java application server in port 8081, an ssl server in 443, a soap server in 8082, a normal https server in port 80)... its a more scalable setup all of the apache's would have the same number of virtualhosts (should all the vhosts need all the functionality). Ive seen apache's with 500, normal, mysql enabled, dynamic sites virtual hosts no-problem.no hay problema ke ...:=) Course, this all depends on how well do you know apache and its scalability model to make it scale. Meaning, it depends in how well can you tune apache and how many vhosts we are talking about, what will they run...etc. I don't know if is better run all vh in a single instance or use two or more Apaches in different path. I use IP-based and Port-based vhost NO Name-based (of course). Where I can find information or server benchmark for measuring the performance of Apache (mutli-vhost) Thanks
Re: Disconnected IMAP, possible?
More easyly solvable by policy. Operative Instructions for Disconected Mail Service: 1.- Open your client 2.- Create a local folder called Emergency Local 3.- Copy all mails you want acailable for operations while disconected to Emergency Local. REMEMBER, if you dont copy them, you cannot access it while disconected. But you can also: 1.- Put a debian local server with imap capabilities. 2.- Fetchmail from the remote server (im assuming this cause of the way you described the importance of disconnected operations). 3.- Offer imap in local network for all fetched messages. You can never disconnect (if your network infrastructure is worth more than 10 bucks). Its in the local network. El vie, 14 de 02 de 2003 a las 10:30, Fraser Campbell escribió: Hi, Are there email clients in Windows that will support disconnected IMAP operation? Basically our client would like to use IMAP for all of it's advantages but they'd also like to have messages cached on the local machine so that in disconnected situations they can still read/search their email. I'd always thought this was possible but so far I haven't found the options to enable it, mail seems only to be available while connected to the server. Do other clients (Eudora, Outlook, Netscape, ???) support a feature such as this? Thanks -- Fraser Campbell [EMAIL PROTECTED] http://wehave.net/ Brampton, Ontario, CanadaLinux 2.4.20 AuthenticAMD -- Alex Borges (lex) [EMAIL PROTECTED] Step One Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Multiple servers for 1 domain name?
I recently did some searching on the topic of high availability and the service replication and stumbled across DRBD, some kind of network RAID-1. DRBD mirrors partitions between two machines in a completely transparent way. I have no idea if and how well this works (the mailing-list traffic suggests that it does work), but I find the idea brilliant. It makes rsync unnecessary and even works for services that don't have any replication functionality at all. I can vouch for this one. it even makes sense for extra-low-cost dual node configurations with a degraded server (DEGRADED=== really small PC that will provide bitch slow service, but thats better than none at all) for example, for single webmail servers. Its a whiff to configure with heartbeat and allpretty cool stuff I use it in a somehow similar (to what i described above) setup with about 10/15 thousend mailboxes and vhosted homepages. You can find some descriptions as well as a download link at the following URL: http://www.complang.tuwien.ac.at/reisner/drbd/ If you decide to give it a try, I'd be very interested to hear from your experiences. Regards, Oliver -- Alex Borges (lex) [EMAIL PROTECTED] Step One Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: phpgroupware problems
UM Sourceforge? we havent been on that for ages its on savanah.gnu.org/projects/phpgroupware and YES, some apps dont work, but ALL core apps (calendar, email, notes,todo) work fine. Check the project page at savannah for instructions.. Yes, the packages for each distro lack...umeverything (like, um, they mostly dont work)but dont give up on it if you havent checked out the real thingThat is, the latest tarball from the savanah page. We are on the verge of true palmsync, we have exchange sync modules (free as in beer), are working on hairy ldap stuff and whatnot. El mar, 11 de 02 de 2003 a las 15:58, Rod Rodolico escribió: I gave up on it. I have downloaded from sourceforge, installed Debian packages, etc... for over a year now and, have spent quite a bit of time trying to locate and fix problems. There always seems to be some app that doesn't work. However, if you check bugs.debian.org or the sourceforge site, they usually have some kind of clue as to problems and repairs for them. Rod Hi I've attempted to use different phpgroupware* packages several times in the past few months, each time (afaik) there was another file missing. chris@pflanze SRCREBUILD dpkgli *phpgrou* ii phpgroupware0.9.14-0.RC3.2 Web based GroupWare system written in PHP ii phpgroupware-admin 0.9.14-0.RC3.2 The phpGroupWare administration module ii phpgroupware-api0.9.14-0.RC3.2 The phpGroupWare API ii phpgroupware-calend 0.9.14-0.RC3.2 The phpGroupWare calendar management module ii phpgroupware-core 0.9.14-0.RC3.2 The phpGroupWare core module ii phpgroupware-email 0.9.14-0.RC3.2 The phpGroupWare E-Mail client module ii phpgroupware-prefer 0.9.14-0.RC3.2 The phpGroupWare preferences management module ii phpgroupware-setup 0.9.14-0.RC3.2 The phpGroupWare setup III module chris@pflanze SRCREBUILD dpkgli *phpgrou* ii phpgroupware0.9.14-0.RC3.3.cj Web based GroupWare system written in PHP ii phpgroupware-admin 0.9.14-0.RC3.3.cj The phpGroupWare administration module ii phpgroupware-api0.9.14-0.RC3.3.cj The phpGroupWare API ii phpgroupware-calend 0.9.14-0.RC3.3.cj The phpGroupWare calendar management module ii phpgroupware-core 0.9.14-0.RC3.3.cj The phpGroupWare core module ii phpgroupware-email 0.9.14-0.RC3.3.cj The phpGroupWare E-Mail client module ii phpgroupware-prefer 0.9.14-0.RC3.3.cj The phpGroupWare preferences management module ii phpgroupware-setup 0.9.14-0.RC3.3.cj The phpGroupWare setup III module chris@pflanze SRCREBUILD http://my.server/groupw/login.php Warning: Failed opening '/usr/share/phpgroupware//phpgwapi/inc/class.auth_pam.inc.php' for inclusion (include_path='.:/etc/phpgroupware') in /usr/share/phpgroupware/phpgwapi/inc/class.auth.inc.php on line 6 Fatal error: Cannot instantiate non-existent class: auth in /usr/share/phpgroupware/phpgwapi/inc/functions.inc.php(278) : eval()'d code on line 1 Any idea where that file has gone? Christian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- The good thing about standards is that there are so many to choose from. -- Andrew S. Tanenbaum -- Alex Borges (lex) [EMAIL PROTECTED] Step One Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ISC DHCP + Navis Radius
Okay, this is a weird one Had a client that once upon a time bought a navis raduis against my speciffic recomendation to NOT got the propietary way if they meant business in the ISP market.away they went to pay the per user licenses and such. Nowdays, they require a DHCP server to serve ip's by class to the stupid Navis box. Q: Anyone has such a beast working with our stock beloved dhcpd3 in debian? It seems navis expects the dhcpo to support something called the class identifier field shure, we support that with dhcp, but the RFC says that this is reserved for vendor speciffic stuff. Client says, Option 60! - Gimme an address from pool CLASS1, and the dhcp should return vendor speciffic information in some rfc defined way Im nervous, im not shure this is doable in isc dhcp because its explicitly where the RFC defines you should extend for your own evil purposes please lend a hand if u know! -- Alex Borges (lex) [EMAIL PROTECTED] Step One Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Large proxy-fw ipac-ng setup for ethernet clients
Hi I have a large network (to my standard...thats 500+ machines) proxied by an iptables+squid woody box. I have quite a few bw hogs but we dont want to just close the hog ports or use squidguard. we want to just detect the abusers and reduce them to squirming piles of green goo Im wondering if any of you have tested ipac-ng for this kind of thing. my rules would have to be many (like 500 logging rules, one for each client ip)... This tool is sorta made for slip access, thats why i ask... The box is ridiculously big, so procesing power is not my concern -- Alex Borges (lex) [EMAIL PROTECTED] Step One Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: tip and another question
Tip Ive allways felt sar gives the best info regarding most of what ive needed... pretty massive at it though, but sometimes its good to have bundles of info to play with. Youd be able to turn any output from sar into an inetd ran service, no problem with that im shure. Question I want to know what ip's in the inside of my squid proxy+iptables masqueraded BIG network are taking the most bandwith (RX of outside interface)... i installed net-acct and it sort of works but id like something more akin to my particular question.any ideas? -- Alex Borges (lex) [EMAIL PROTECTED] Step One Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Evolution/Courier-IMAP acting strange
I dont think its de socket problem or anything. I think evolution has a way to interpret the IMAP RFC with respect to INBOX folders being able to have both messages and subfolders. Since courier establishes no limit in this respect, evo gets peeky with certain layouts.try deleting your subscription files and letting evo figure out how is it going to interpret what it sees. Going to irc.gimp.net and asking arround might help more clearly defining this problem. Ive had sometimes imap servers perfectly visible to Mozilla, Outllook, phpgroupware but not in evo. So check that out. Alex El dom, 29-12-2002 a las 15:16, Thomas Lamy escribió: Hi, just a quick guess, but maybe Evolution tries to open too many parallel imap connections. The courier default is max 4 connections per IP, you can change this is /etc/courier/imapd (parameter name is MAXPERIP) Thomas -- Thomas Lamy[EMAIL PROTECTED] Softwareentwicklunghttp://www.netwake.de/ -Ursprüngliche Nachricht- Von: Pete Billson [mailto:[EMAIL PROTECTED]] Gesendet: Sonntag, 29. Dezember 2002 20:59 An: Justin Ryan Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Betreff: Re: Evolution/Courier-IMAP acting strange Justin, 1) The extraneous files should not affect things - I just tried adding them to my ~/Maildir to confirm this and still everything works OK. 2) There should be a ~/Maildir/courierimapuiddb file that lists the contents of your INBOX. Does this exist? 3) There should also be a ~/Maildir/courierimapsubscribed file which listed your subscribed folders. 4) All sub-mailboxes should also have the new,cur,tmp directories (i.e. ~/Maildir/.debianlists/new) and they should have there own courierimapuiddb file. 5) Logs show anything? Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting On Sun, 2002-12-29 at 14:18, Justin Ryan wrote: Once again, using maildir this shouldn't be an issue. My INBOX has the least messages of all, compared to ~6 months of debian-* lists, lugs, etc.. I'm wondering if extraneous files in ~/Maildir could be a problem. There are msgid.lock and msgid.cache files from procmail/formail keeping track of duplicate messages - should these be moved to ~/.procmail ? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Alex Borges (lex) [EMAIL PROTECTED] Step One Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Forced DHCP setup
Hey... I want to tie up users to ip addresses and machines. This way i can easyly mangle bandwith, squid acls and lots of stuff through my woody box So im thinking maybe the solution is to force users to obtain ip's from dhcp and, i users take an ip for which they have no lease, bloack them with iptables or somwthing... Im thinking this is probably an old trick so im asking here for pointers and stuff as i parallely STFW for this setup... ne ideas? -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forced DHCP setup
Mangling arround and all, maybe its good to discuss this idea here... 1.- Suppose i give you a list of mac addresses and the assigned ips they should have 2.- If one makes that assumption, u guys think this would be a good way to go at it (admin wise, mantainership...etc.): a) Make a script that generates dhcpd3.conf b) Make a script that generates iptables commands like: iptables -A input -s $IP_USER -m mac --mac-source $MAC_USER -j accept #all others reject c) Have your squid rules reflect the change: #dont remember, but squid blocks by mac acl accepted_macs $MAC_USER1...$MAC_USER_N acl accepted_ips $IP_USER1.$IP_USER_N http_access allow auth_pam acceed_macs accepted_ips http_access deny Mhm... not shure if squid works that way but u get the idea it looks horrible from the admin POV, maybe u guys can think of a better way... El mié, 30-10-2002 a las 15:39, Alex Borges (lex) escribió: Hey... I want to tie up users to ip addresses and machines. This way i can easyly mangle bandwith, squid acls and lots of stuff through my woody box So im thinking maybe the solution is to force users to obtain ip's from dhcp and, i users take an ip for which they have no lease, bloack them with iptables or somwthing... Im thinking this is probably an old trick so im asking here for pointers and stuff as i parallely STFW for this setup... ne ideas? -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Forced DHCP setup
Hey... I want to tie up users to ip addresses and machines. This way i can easyly mangle bandwith, squid acls and lots of stuff through my woody box So im thinking maybe the solution is to force users to obtain ip's from dhcp and, i users take an ip for which they have no lease, bloack them with iptables or somwthing... Im thinking this is probably an old trick so im asking here for pointers and stuff as i parallely STFW for this setup... ne ideas? -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com
Re: Forced DHCP setup
Mangling arround and all, maybe its good to discuss this idea here... 1.- Suppose i give you a list of mac addresses and the assigned ips they should have 2.- If one makes that assumption, u guys think this would be a good way to go at it (admin wise, mantainership...etc.): a) Make a script that generates dhcpd3.conf b) Make a script that generates iptables commands like: iptables -A input -s $IP_USER -m mac --mac-source $MAC_USER -j accept #all others reject c) Have your squid rules reflect the change: #dont remember, but squid blocks by mac acl accepted_macs $MAC_USER1...$MAC_USER_N acl accepted_ips $IP_USER1.$IP_USER_N http_access allow auth_pam acceed_macs accepted_ips http_access deny Mhm... not shure if squid works that way but u get the idea it looks horrible from the admin POV, maybe u guys can think of a better way... El mié, 30-10-2002 a las 15:39, Alex Borges (lex) escribió: Hey... I want to tie up users to ip addresses and machines. This way i can easyly mangle bandwith, squid acls and lots of stuff through my woody box So im thinking maybe the solution is to force users to obtain ip's from dhcp and, i users take an ip for which they have no lease, bloack them with iptables or somwthing... Im thinking this is probably an old trick so im asking here for pointers and stuff as i parallely STFW for this setup... ne ideas? -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com
Re: Rare masq. problem
Solved fo the record TCP_ECN is a bad thing to have turned on by default i guess most of you already know that... just send newbies the link to this message El mar, 29-10-2002 a las 19:06, Jeremy C. Reed escribió: On 29 Oct 2002, Alex Borges (lex) wrote: connect to W can anyone help me?? Maybe. Please provide real information. Show us your IP masquerading rules. Show us your interfaces. Show us your routing table. Show us how you test. Show us when it works. Show us when it fails. Jeremy C. Reed ... BSD software, documentation, resources, news... http://bsd.reedmedia.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Rare masq. problem
Okay... i have a very extremely rare problem with iptables look here... ive an internal host I that connectos through gateway F... it attempot to contact website W and succeeds. when i attempt to do so from F, it fails to connect Now, the problem is that, if i set up a squid on F, obviously, connection to W from I fails since F cannot connect to W can anyone help me?? Of course... im masquerading all traffic from I network's in the most open way possible for now. Now, this happens with some sites (W's), not all im very worried... -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com
Re: Rare masq. problem
Solved fo the record TCP_ECN is a bad thing to have turned on by default i guess most of you already know that... just send newbies the link to this message El mar, 29-10-2002 a las 19:06, Jeremy C. Reed escribió: On 29 Oct 2002, Alex Borges (lex) wrote: connect to W can anyone help me?? Maybe. Please provide real information. Show us your IP masquerading rules. Show us your interfaces. Show us your routing table. Show us how you test. Show us when it works. Show us when it fails. Jeremy C. Reed ... BSD software, documentation, resources, news... http://bsd.reedmedia.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com
Re: Fw: VIRUS IN YOUR MAIL (W32/BugBear.A (Clam))
Um This kind of thing is simple at least with qmail, u set up a front end box that does the smtp, make it scan through qmailscan...whatever, those filters will let u decide the action to take if a virus is found. If none, then forward to smtp on your real server for delivery... Probably lost myself part of this thread, forgive me if this is redundant -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fw: VIRUS IN YOUR MAIL (W32/BugBear.A (Clam))
Um This kind of thing is simple at least with qmail, u set up a front end box that does the smtp, make it scan through qmailscan...whatever, those filters will let u decide the action to take if a virus is found. If none, then forward to smtp on your real server for delivery... Probably lost myself part of this thread, forgive me if this is redundant
Re: LSB and Debian, Commercial perspective
El jue, 10-10-2002 a las 03:07, Jason Lim escribió: And think of the bigger picture. How do you expect a university, a largish business with hundreds of employees, etc. to select Debian over Redhat (or one of the so-called compliant distros)? Remember most purchases have to run by non-tech people, so it doesn't matter how good Debian is behind the scenes... if they ask the critical question is it supported by our vendors, which do you think they'll choose, Debian or Redhat? Well... that is the thing i work for the vendor... there is a market for support in the debian platform u know? And its business case against vendor-supported 'standards-compliant' distribution is as good as the OSS vs. Propietary simply, the cost of mantaining a debian box is lower than running a redhat boxen, thus if you sell say, managed servers for datacenters, you are better using debian as a platform. Also, HP still supports debian now, one thing is true, debian is for vertical markets and infrastructure... it will never be a Joe User box cause Joe likes to share software back and forth... hes better off with a RH based distro (somehow, since he can more reliably install rpms that his haXor friends pass him). Now, if you run your servers like Joe here, then debian is definitely not for you. Lex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: LSB and Debian, Commercial perspective
El mié, 09-10-2002 a las 21:03, Todd Charron escribió: If I recall correctly part of the LSB requires using the rpm package format... if that's a requirement preventing debian from being certified i'm not too sure i'm interested in the LSB... apt-get install rpm I dont know what all this fuss is about... probably noone has gotten together to submit debian to the necesary process for certification same thing happens with linux and posix, didnt stop it at all though. more, the oposite, unixes are trying to see if they are linux compliantso lets wait and see how it goes shall we? If u install the LSB packages, youll see debian can run all the tests the lsb provides. I dont care if vendors wont support it, i support itmore business for me. Todd On Wed, 2002-10-09 at 21:21, Jason Lim wrote: Dear Joey, This package provides an implementation of version 1.1.0 of the Linux Standard Base for Debian on the Intel x86 architecture with the Linux kernel. Future revisions may support the LSB on additional architectures and kernels. The intent of this package is to provide a best current practice way of installing and running LSB packages on Debian GNU/Linux. Its presence does not imply that we believe that Debian fully complies with the Linux Standard Base, and should not be construed as a statement that Debian is LSB-compliant. That does not address what I was talking about. _EVEN IF_ Debian had a hack or such which allowed it to appear compatible/compliant, it isn't certified, is it? And back to my original topic... if it isn't officially compliant, vendors won't support it. - Original Message - From: Joey Hess [EMAIL PROTECTED] To: debian-isp@lists.debian.org Sent: Thursday, October 10, 2002 6:48 AM Subject: Re: LSB and Debian, Commercial perspective Jason Lim wrote: What are your thoughts on this? I think you should perhaps apt-get install lsb and read the README.Debian. -- see shy jo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Alex (Lex) Borges Software Engineer Step One Group www.sogrp.com
Re: LSB and Debian, Commercial perspective
El jue, 10-10-2002 a las 03:07, Jason Lim escribió: And think of the bigger picture. How do you expect a university, a largish business with hundreds of employees, etc. to select Debian over Redhat (or one of the so-called compliant distros)? Remember most purchases have to run by non-tech people, so it doesn't matter how good Debian is behind the scenes... if they ask the critical question is it supported by our vendors, which do you think they'll choose, Debian or Redhat? Well... that is the thing i work for the vendor... there is a market for support in the debian platform u know? And its business case against vendor-supported 'standards-compliant' distribution is as good as the OSS vs. Propietary simply, the cost of mantaining a debian box is lower than running a redhat boxen, thus if you sell say, managed servers for datacenters, you are better using debian as a platform. Also, HP still supports debian now, one thing is true, debian is for vertical markets and infrastructure... it will never be a Joe User box cause Joe likes to share software back and forth... hes better off with a RH based distro (somehow, since he can more reliably install rpms that his haXor friends pass him). Now, if you run your servers like Joe here, then debian is definitely not for you. Lex
Re: failure notice (about relays.osirusoft.com)
if you really cared about the issue, you'd be a lot more productive if you spent your energies explaining to chinese-speaking sysadmins what the spam problem is, why they've been black-listed and what they can do to get off the list. that would be far more effective than whining on english-speaking mailing lists and newsgroups. Now. this answer is not acceptable i think. Although, well, everyone is free to speak their mind. IF This guy is indeed internally blocking, for personal reasons, a list that is community supported (in the sense that the community trusts it), then Lim's accusation is valid and serius i think. I mean, there should be no hidden records of a list like this one, they should all be open. Otherwise its like a trojan horse to put ppl out of business. Now, i dont know whos spamming who, i hate spam as well. I know most of spam abusers and spam itself comes from Asia, speciffically tw and hk. But even in the shady LUG of my Mexican home town, actually last saturday (anyone else thinks there is a Jungian effect in debian-isp?), we were discussing ways to stop spammers at the mailing lists, or what policies should the group enforce to reduce spamming. Someone actually suggested blocking all of Asia to which every single member objected. Cant do that, ONE lost mail directed to us by a lost mexican newbie living in Hong Kong is reason enough to not block this way. So actually, being told that an important, widely accepted tool as osiru is being secretly controled and changed by one guy is not a hapy thought. I will object to its use if the guys at the LUG propose it as an option to our spam problem. Alex given the SPEWS listing, though, it looks like you're possibly a spammer or spamhaus rather than just an end-user suffering collateral damage. i hope that's not the case. BTW, I'd be very happy if iAdvantage was owned by me... it being a multimillion dollar, publically listed corporation and all. I'm actually kind of flattered that SPEWS thinks I'm running the show there. We're one of their customers using their bandwidth... they are one of the highest performance bandwidth facilities in HK which is why we use them for our bandwidth. whether you like it or not, anyone can block email on their own servers using whatever criteria they choose. you do NOT have a right to have your mail accepted. nobody does. that choice rests with the recipient server. you have two choices: 1. explain to your ISP why they shouldn't be supporting spammers and get them to enforce an anti-spam policy. 2. move to an ISP which doesn't support spammers. if enough people did this and told them why, your current ISP might finally acquire a clue and change their ways. i recommend trying option 1 first and then, if that fails, option 2. iAdvantage provides bandwidth to many hundreds of large corporations in HK... overall i'd say many thousands of websites are hosted there (mostly Chinese probably). So with one fell swoop all these sites can no longer send email properly. Can we say collateral damage to the max? so what? telstra and ozemail (the latter is owned by uunet) here in australia host thousands of legitimate businesses, and actually show some signs of pursuing an anti-spam policy. they still get black-listed (and rightly so) when they're caught running open relays or refuse to terminate a spammer's account. the truth is that it is ONLY the fact that various RBLs will list them that has forced them to have an anti-spam policy and actually enforce it. unless it affects their bottom-line (i.e. when the costs of supporting spam are greater than the profits from supporting spam), they don't care and they're not going to do anything about it. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: VPN Tools!
El sáb, 03-08-2002 a las 12:26, axacheng escribió: Hello List : Does anyone knows What is best package on VPN solution That package have perfect security , compatibility and friendly config file for administrator! Wahahahaha. NO!. 1.- FreeSWAN --- IPSEC perfectly compatible with...um...'true' IPSEC, that is compliant routers and vpn boxes pptpd is better than freeswan or have other good package?? @_@ 2.- PPTPD compatible with windows clientsSUCKS... slow, bitch ass security BTW, where i could find good document or howto to implement a VPN environment ??? Many STFW google.com VPN Howto .. also apt-cache search vpn, apt-cache search ipsec 3.- Depending on your needs, consider ssh ppp tunnels, VTUN, stunnel as those are generaly easyer to implement than most other stuff Alex Thanks Very Much. ;-) -- Trust Unique ... Axacheng's PGP Public Key http://www.navigation.idv.tw/pgpkey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Courier imap packages acting up
Mhm weve been using imap forever, generaly we use the tarbalsive been braging about how using the debian packages or maybe even just the system (like, just apt-get source) could save us so much time... In evaluating this, i found out that debian stock courier is buuilt --without-authvchkpw ...okay, no problem, i can just apt-get source, change that without to with in debian/rules file and off we gowe would have debian wooody debs with vchkpw built in therewell no... This is the output from the attampted dpkg-buildpackage : dpkg-source: building courier using existing courier_0.37.3.orig.tar.gz dpkg-source: building courier in courier_0.37.3-2.1.diff.gz dpkg-source: cannot represent change to conftest: binary file contents changed dpkg-source: building courier in courier_0.37.3-2.1.dsc dpkg-source: unrepresentable changes to source Now that sucksanyone knows what is this??? Alex
Re: Courier imap packages acting up [DISREGARD PREVIOUS]
Mhm It works if U edit debian/rules and remove the vchkpw line :) A master is one that teaches himself and shows off to others...sorry for the noise Alex
RE: Maildirs in Debian [OFFTOPIC-JOKE]
Mark Crispin hates Maildir. Mark's feelings may not have a bearing on the final decisions, I just include that as a datapoint. LOL . I hate round robin and divide and conquer strategies, i loathe chalenge-response authentication, the very thought of heap-sort techniques make me shiver Dear me, we need to get a life geeks NOTE: And, when i woke up, the algorithm was still there. Alex P.S. I just woke up this way, i realize how offtopic this is
Re: my firewall
sorry for my english, never study Not bad at all U have a typo on the log_martians part
Re: Admin for E-MAIL users only
Wide questionthis is refering to riddle If all can be done through webmin, then through webmin it is /riddle El jue, 04-07-2002 a las 11:55, rj escribió: What is the best way to delegate some root privileges for a user which could only create e-mail accounts and make newaliases? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Admin for E-MAIL users only
Wide questionthis is refering to riddle If all can be done through webmin, then through webmin it is /riddle El jue, 04-07-2002 a las 11:55, rj escribió: What is the best way to delegate some root privileges for a user which could only create e-mail accounts and make newaliases? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
