Re: Packet Shaping
On Sun, 2003-11-16 at 14:16, Splash Tekalal wrote: > I know Debian can do packet shaping and set up rules for types of packets > to get priority and such, but I'm at a loss as to where to start on setting > it up. You might want to try shorewall. In addition to firewall stuff, it also provides a nice way of configuring QoS parameters. Worth a try. :-) -- Jeff Waugh <[EMAIL PROTECTED]> Flow Communications Pty. Ltd.
Re: Packet Shaping
On Sun, 2003-11-16 at 14:16, Splash Tekalal wrote: > I know Debian can do packet shaping and set up rules for types of packets > to get priority and such, but I'm at a loss as to where to start on setting > it up. You might want to try shorewall. In addition to firewall stuff, it also provides a nice way of configuring QoS parameters. Worth a try. :-) -- Jeff Waugh <[EMAIL PROTECTED]> Flow Communications Pty. Ltd. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Servers with X.
On Tue, 2003-08-19 at 09:28, Rudi Starcevic wrote: > Is it bad practise to use X on your Debian ISP/Hosting machines ? > Here I have 4 boxes all without X. I've always been of the impression > X on servers was not good. It's not a terrible thing to do, unless you forget to correctly firewall your machines. :-) > I have one box, a database server - PostgreSQL, which has a cool TCL > monitoring app. > I'm interested in using. This GUI app. monitors server load and running > queries etc. > I'll need to install X in order to use it - which I'm not sure is such a > good idea. You don't need to install an X server on the local machine to use it. If you install the tcl app, and ssh to the box using X forwarding (-X), you can display the program on your own local X server. [ desktop ] --> [ firewall ] --> [ db-server ] X server ssh sshno X server Fully encrypted, secure access to X software on your db-server, without running (or even having) a full X server on the machine. :-) - Jeff -- Systems Administrator Flow Communications p: +612 9263 5052 f: +612 9263 5050 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sane trouble-ticket systems
On Sat, 2003-08-09 at 09:27, Brad Lay wrote: > Anybody know of a backport of request-tracker2 from testing/unstable? even > rt3 would do, so long as it'll work in Woody. It's a very simple, uncomplicated backport. You could do it very easily yourself. rt3 is significantly more difficult, however. - Jeff -- Systems Administrator Flow Communications p: +612 9263 5052 f: +612 9263 5050 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [Help] Anybody has auth_ldap with ssl deb can share to me ??? Thanks.
> == > In file included from auth_ldap.c:20: > auth_ldap.h:33: ldap.h: No such file or directory > auth_ldap.h:34: lber.h: No such file or directory > auth_ldap.h:53: ldap_ssl.h: No such file or directory > make[1]: *** [auth_ldap.o] Error 1 > make[1]: Leaving directory `/root/source/libapache-auth-ldap-1.6.0' > make: *** [build-stamp] Error 2 > == Looks like you're missing the devel packages for openldap. Install those, try again. Make sure you check the build-depends of the package you're building. - Jeff -- linux.conf.au 2004: Adelaide, Australia http://lca2004.linux.org.au/ "In addition to these ample facilities, there exists a powerful configuration tool called gcc." - Elliot Hughes, author of lwm
Re: how to upgrade dozens of debian servers
> I have some debian servers and hav a pain when these is security > upgrade package available, for I have to check and upgrade them one by > one, making sure they are in safe status. > > I wonder how the administrator manage dozens or even hundreds of debian > servers in this case? Any tool or administration tips? *nix tools save the day. I use a for loop and ssh in a bash script. "Low tech" solutions are often highly efficient and flexible. :-) - Jeff -- So, "Jeffrey" seems to mean "the ineffectual, victimised guy in American movies" in four different languages.
Re: how to upgrade dozens of debian servers
> I have some debian servers and hav a pain when these is security > upgrade package available, for I have to check and upgrade them one by > one, making sure they are in safe status. > > I wonder how the administrator manage dozens or even hundreds of debian > servers in this case? Any tool or administration tips? *nix tools save the day. I use a for loop and ssh in a bash script. "Low tech" solutions are often highly efficient and flexible. :-) - Jeff -- So, "Jeffrey" seems to mean "the ineffectual, victimised guy in American movies" in four different languages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Maildirs in Debian
> Jeff, > please share the cons/pros with us The following document provides a good analysis of why Maildir was more appropriate to Courier IMAP's general audience and tasks (the SELECT.1 benchmarks are telling): http://www.courier-mta.org/mbox-vs-maildir/ To me, the differences can be summarised as a compromise between random access, speed and memory. On my server (I use Postfix and Courier IMAP), Maildir provides very fast random access to email, low memory usage, and no locking/access issues. On my desktop machine I use mbox because my usage patterns and requirements lean towards the use of massive, searchable mail folders and little interest in saving memory. Once the mailboxes are open, access is enormously fast. I have no serious locking issues, because it's just me and procmail writing to the mboxes. I don't think either system is ultimately (or religiously) the best, because they're appropriate for different uses. Our role as technology providers is to analyse these choices, rather than defend them. :-) - Jeff -- "Evil will always triumph over good, because good is dumb." - Dark Helmet, Spaceballs
Re: Maildirs in Debian
> > There are plenty of reasons to not use Maildir, too. > > Aren't they mostly to do with backwards compatibility? If everything in > Debian could handle it, wouldn't this be a non-issue? No. I use maildirs on my IMAP server and mboxes on my desktop because they are appropriate to each. They operate very differently, and have pros/cons for different uses. - Jeff -- "Love never misses the chance to put the boot in." - Kelly, SLOU
Re: Maildirs in Debian
> Failing that, a migration to pure maildir would probably be good, provided > the migration could be handled transperantly. There are plenty of reasons to not use Maildir, too. - Jeff -- "What's up with that word though... it's like something you did to frogs in grammar school." - Ani DiFranco on bisexuality
Re: Email header parser?
> Do you know of any better shell tools for extracting from, cc, subject etc. > from the headers than procmail/formail? How about Python and its RFC822 modules? - Jeff -- "But in the software world, that's daily business." - Kent Beck "That's pissing money away and leaving scar tissue." - Alan Cooper -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: postfix problem
> Mar 24 22:29:08 lyta postfix/master[21216]: warning: process >/usr/lib/postfix/cleanup pid 21253 killed by signal 6 > Mar 24 22:29:08 lyta postfix/master[21216]: warning: /usr/lib/postfix/cleanup: bad >command startup -- throttling > > Any suggestions? Sounds like what happens if master.cf isn't upgraded properly when updating to newer postfixes; I had this happen with the Debian packages too. Check the postinst file, or the postfix lists. - Jeff -- "Think video. Think text flickering over your walls. Think games at work. Think anything where a staid, link-based browser is useless." "This person wrote for Ab Fab, right?" - Rich Welykochy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RAID starter
> Russel, would you recommend software RAID with a production system? Have > you tried it? Curious. I would, and have. - Jeff -- He's not an idiot. The doctor said so. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antiviral checking for small server using postfx
> I'd like to do antiviral filtering but budget is low. Any > recommendations? postfix + amavis + nod32 (www.nod32.com). Happens to be the best, too. - Jeff -- There's no horse higher, no mailing list taunt lower, no developer base wider. Rock My Software in the Bosom of Debian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: user traffic accounting
> anyway, this is wicked, and i immediately want to give a virtual machine > to every single one of my users. Nice idea, but it's not going to work. Perhaps with some real love and affection from someone who purely wanted to achieve this (and wasn't primarily interested in using it as a debugging tool), it may happen, but in its current state, UML is not appropriate for this. - Jeff -- "I'm taking no part in your merry 5-way clusterfuck - sort that mess out between yourselves." - Alexander Viro
Re: user traffic accounting
> anyway, this is wicked, and i immediately want to give a virtual machine > to every single one of my users. Nice idea, but it's not going to work. Perhaps with some real love and affection from someone who purely wanted to achieve this (and wasn't primarily interested in using it as a debugging tool), it may happen, but in its current state, UML is not appropriate for this. - Jeff -- "I'm taking no part in your merry 5-way clusterfuck - sort that mess out between yourselves." - Alexander Viro -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs--talk more about rsync+ssh system
> > 3) Add this to authorized_keys for the above account, specifying the > > command that logins with this key are allowed to run. See command="" in > > sshd(1). > > I can't find the document about this section, can you show me > some reference or examples? Many thanks. man sshd, down the bottom. - Jeff -- No clue is good clue.
Re: Best way to duplicate HDs--talk more about rsync+ssh system
> > 3) Add this to authorized_keys for the above account, specifying the > > command that logins with this key are allowed to run. See command="" in > > sshd(1). > > I can't find the document about this section, can you show me > some reference or examples? Many thanks. man sshd, down the bottom. - Jeff -- No clue is good clue. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: long email names
> I have a customer who wants to host his own email server, and he wants > to have long email addresses, like .@domain.com , > and map it to a local name that is less than 8 chars. This is a sensible request... > What is the best email server to do this kind of mapping? But this is just emotional blackmail! ;) Postfix has a very handy canonical_maps (also canonical_sender and canonical_recipient maps) setting. It means that you can make the switcheroo 'at the border', both ways. So everyone sees 'jeff.waugh @ perkypants.org' on the outside when you send, and it gets changed back to 'jdub @ perkypants.org' when mail comes in. Just about every MTA will do similar, or a fairly close approximation, though. (I'm just familiar and happy with postfix.) - Jeff -- I wonder how many bugs have gone unfixed due to misspellings of "FIXME".
Re: long email names
> I have a customer who wants to host his own email server, and he wants > to have long email addresses, like .@domain.com , > and map it to a local name that is less than 8 chars. This is a sensible request... > What is the best email server to do this kind of mapping? But this is just emotional blackmail! ;) Postfix has a very handy canonical_maps (also canonical_sender and canonical_recipient maps) setting. It means that you can make the switcheroo 'at the border', both ways. So everyone sees 'jeff.waugh @ perkypants.org' on the outside when you send, and it gets changed back to 'jdub @ perkypants.org' when mail comes in. Just about every MTA will do similar, or a fairly close approximation, though. (I'm just familiar and happy with postfix.) - Jeff -- I wonder how many bugs have gone unfixed due to misspellings of "FIXME". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs--talk more about rsync+ssh system
> OK. My problem is, if I use rsync+ssh with blank passphrase among servers > to automate rsync+ssh backup procedure without password prompt, then the > cracker will not need to send any password as well as passphrase when ssh > login onto another server, right? No, password and rsa/dsa authentication are different authentication mechanisms. > Is there a good way to automate rsync+ssh procedure without > password/passphrase prompt, while password/passphrase is still requierd > when someone attempts to ssh login? 1) Use a minimally-privileged account for the rsync process, disable the password on this account, so it cannot be used to login. 2) Generate a passphrase-less ssh key with ssh_keygen. 3) Add this to authorized_keys for the above account, specifying the command that logins with this key are allowed to run. See command="" in sshd(1). Thus, no one can actually log in with the account normally, you can only connect with the rsa/dsa key, and you can only run a particular process. ssh-agent doesn't really help you in this instance, it's generally used to provide single passphrase authentication for a user's session. (I use it to log in to the ~30-40 machines I have my public key on, without typing passwords every five minutes.) - Jeff -- "jwz? no way man, he's my idle" - James Wilkinson
Re: Best way to duplicate HDs--talk more about rsync+ssh system
> OK. My problem is, if I use rsync+ssh with blank passphrase among servers > to automate rsync+ssh backup procedure without password prompt, then the > cracker will not need to send any password as well as passphrase when ssh > login onto another server, right? No, password and rsa/dsa authentication are different authentication mechanisms. > Is there a good way to automate rsync+ssh procedure without > password/passphrase prompt, while password/passphrase is still requierd > when someone attempts to ssh login? 1) Use a minimally-privileged account for the rsync process, disable the password on this account, so it cannot be used to login. 2) Generate a passphrase-less ssh key with ssh_keygen. 3) Add this to authorized_keys for the above account, specifying the command that logins with this key are allowed to run. See command="" in sshd(1). Thus, no one can actually log in with the account normally, you can only connect with the rsa/dsa key, and you can only run a particular process. ssh-agent doesn't really help you in this instance, it's generally used to provide single passphrase authentication for a user's session. (I use it to log in to the ~30-40 machines I have my public key on, without typing passwords every five minutes.) - Jeff -- "jwz? no way man, he's my idle" - James Wilkinson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs--talk more about rsync+ssh system
> I am sorry I could be kind of off-topic. But I want to know how to > cross-site rsync without authentication, say ssh auth.,? That's the best way. > I've read some doc. using ssh-keygen to generate key pairs, appending the > public keys to ~/.ssh/authorized_hosts on another host to prevent ssh > authentication prompt. Is it very risky? Chances are a cracker could > compromise one machine and ssh login others without any authentication. It's not "without authentication" - you're still authenticating, you're just using a different means. There's two parts to rsa/dsa authentication with ssh; first there's the key, then there's the passphrase. If a cracker gets your key, that's tough, but they'll need the passphrase to authenticate. If you make a key without a passphrase (generally what you'd do for scripted rsyncs, etc) then they *only need the key*. So, you should keep the data available with passphrase-less keys either read-only or backed up, depending on its importance, etc. - Jeff -- "I think we agnostics need a term for a holy war too. I feel all left out." - George Lebl
Re: Best way to duplicate HDs--talk more about rsync+ssh system
> I am sorry I could be kind of off-topic. But I want to know how to > cross-site rsync without authentication, say ssh auth.,? That's the best way. > I've read some doc. using ssh-keygen to generate key pairs, appending the > public keys to ~/.ssh/authorized_hosts on another host to prevent ssh > authentication prompt. Is it very risky? Chances are a cracker could > compromise one machine and ssh login others without any authentication. It's not "without authentication" - you're still authenticating, you're just using a different means. There's two parts to rsa/dsa authentication with ssh; first there's the key, then there's the passphrase. If a cracker gets your key, that's tough, but they'll need the passphrase to authenticate. If you make a key without a passphrase (generally what you'd do for scripted rsyncs, etc) then they *only need the key*. So, you should keep the data available with passphrase-less keys either read-only or backed up, depending on its importance, etc. - Jeff -- "I think we agnostics need a term for a holy war too. I feel all left out." - George Lebl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> Sigh... and I was hoping for a simple solution like cp /mnt/disk1/* > /mnt/disk2/ :-/ This is the point at which we have one of those "Brady Bunch Moments", when everyone stands around chuckling at what they've learned, and the credits roll. - Jeff -- "And that's what it sounds like if you *download* it!" - John, They Might Be Giants
Re: Best way to duplicate HDs
> Sigh... and I was hoping for a simple solution like cp /mnt/disk1/* > /mnt/disk2/ :-/ This is the point at which we have one of those "Brady Bunch Moments", when everyone stands around chuckling at what they've learned, and the credits roll. - Jeff -- "And that's what it sounds like if you *download* it!" - John, They Might Be Giants -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> > It's called RAID-1. > > I dunno... whenever I think of "RAID" I always think of live mirrors that > operate constantly That's what they do post-sync. > and not a "once in a while" mirror operation just to > perform a backup (when talking about RAID-1). Am I mistaken in this > thinking? That's what they do when they sync (in very rough terms). > This would cause the 2 live HDs to be mirrored to the backups, and then > disengage the 2 "backup" HDs so they aren't constantly synced. > > Would the above work? Sorry if I seem naive, but I haven't tried this > "once in a while" RAID method before. It's a dirty hack to make it do what you want it to, that's all. Russell's solution was better, as at least you were getting the benefit of the running mirror if a drive failed (and buying three disks is not expensive). - Jeff -- "And up in the corporate box there's a group of pleasant thirtysomething guys making tuneful music for the masses of people who can spell "nihilism", but don't want to listen to it in the car." - Richard Jinman, SMH
Re: Best way to duplicate HDs
> Except that I've pointed out already that we're specifically NOT looking > at a live RAID solution. This is a backup drive that is suppose to be > synced every 12 hours or 24 hours. Sorry, but I don't see any benefit to having maximum 12 hour old data when you could have 0. The hardware solution you mentioned was RAID 1 anyway. Easiest thing to do is use it, and have both spare drives and spare machines ready to roll should you need to swap either. > The idea being that if there is a virus, a cracker, or hardware > malfunction, then the backup drives can be immediately pulled out and > inserted into a backup computer, and switch on to provide immediate > restoration of services (with data up to 12 hours old, but better than > having up-to-date information that may be corrupted or "cracked" versions > of programs). Well, there's your benefit to having old data. Who's to say you're going to know within 12 hours? This is not a particularly interesting problem, mostly because you're not curing the disease, you're trying to clean up after infection. - Jeff -- "The GPL is good. Use it. Don't be silly." - Michael Meeks
Re: Best way to duplicate HDs
> For example, http://www.arcoide.com/ . To quote the function we're looking > at " the DupliDisk2 automatically switches to the remaining drive and > alerts the user that a drive has failed. Then, depending on the model, the > user can hot-swap out the failed drive and re-mirror in the background.". > So it "re-mirrors" in the background... how do they perform that > reliabily? That's just RAID 1, which has done it since the dawn of time [1]. You can achieve the same thing with Linux software RAID; you just pull out one of the drives and you have half a mirrored RAID set. It's pretty neat to watch /proc/mdstat as your drives are resyncing, too. ;) The advantage you get with this hardware is the hot-swap rack... and that's about it. - Jeff [1] May not be chronologically correct. -- "A rest with a fermata is the moral opposite of the fast food restaurant with express lane." - James Gleick, Faster
Re: Best way to duplicate HDs
> > It's called RAID-1. > > I dunno... whenever I think of "RAID" I always think of live mirrors that > operate constantly That's what they do post-sync. > and not a "once in a while" mirror operation just to > perform a backup (when talking about RAID-1). Am I mistaken in this > thinking? That's what they do when they sync (in very rough terms). > This would cause the 2 live HDs to be mirrored to the backups, and then > disengage the 2 "backup" HDs so they aren't constantly synced. > > Would the above work? Sorry if I seem naive, but I haven't tried this > "once in a while" RAID method before. It's a dirty hack to make it do what you want it to, that's all. Russell's solution was better, as at least you were getting the benefit of the running mirror if a drive failed (and buying three disks is not expensive). - Jeff -- "And up in the corporate box there's a group of pleasant thirtysomething guys making tuneful music for the masses of people who can spell "nihilism", but don't want to listen to it in the car." - Richard Jinman, SMH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> Except that I've pointed out already that we're specifically NOT looking > at a live RAID solution. This is a backup drive that is suppose to be > synced every 12 hours or 24 hours. Sorry, but I don't see any benefit to having maximum 12 hour old data when you could have 0. The hardware solution you mentioned was RAID 1 anyway. Easiest thing to do is use it, and have both spare drives and spare machines ready to roll should you need to swap either. > The idea being that if there is a virus, a cracker, or hardware > malfunction, then the backup drives can be immediately pulled out and > inserted into a backup computer, and switch on to provide immediate > restoration of services (with data up to 12 hours old, but better than > having up-to-date information that may be corrupted or "cracked" versions > of programs). Well, there's your benefit to having old data. Who's to say you're going to know within 12 hours? This is not a particularly interesting problem, mostly because you're not curing the disease, you're trying to clean up after infection. - Jeff -- "The GPL is good. Use it. Don't be silly." - Michael Meeks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LVM [Was: Best way to duplicate HDs]
> Never mind, the LVM HOWTO is making sense. Must be this hour of the morning, > or the hangover or... I hope there are more hackers working on LVM than just Sistina. Another GFS snatcheroo would suck. [ Go to www.opengfs.org for the Free GFS. :) ] - Jeff -- "Can we have a special TELSABUG category, and everything gets dropped to fix them first?" - Telsa Gwynne
Re: LVM [Was: Best way to duplicate HDs]
> Any pointers appreciated. Never mind, the LVM HOWTO is making sense. Must be this hour of the morning, or the hangover or... - Jeff -- http://www.xach.com/debian-users-are-beatniks.html
LVM [Was: Best way to duplicate HDs]
> LVM. Create a snapshot of the LV and then use dd to copy it. > > LVM solves this, but adds it's own set of problems. Russell, do you know of a good (reasonably practical *and* theoretical) intro to LVM? It's just seemed overly complicated when I've looked at it in the past. Any pointers appreciated. Thanks, - Jeff -- Penguinillas Pack GNUzis
Re: Best way to duplicate HDs
> For example, http://www.arcoide.com/ . To quote the function we're looking > at " the DupliDisk2 automatically switches to the remaining drive and > alerts the user that a drive has failed. Then, depending on the model, the > user can hot-swap out the failed drive and re-mirror in the background.". > So it "re-mirrors" in the background... how do they perform that > reliabily? That's just RAID 1, which has done it since the dawn of time [1]. You can achieve the same thing with Linux software RAID; you just pull out one of the drives and you have half a mirrored RAID set. It's pretty neat to watch /proc/mdstat as your drives are resyncing, too. ;) The advantage you get with this hardware is the hot-swap rack... and that's about it. - Jeff [1] May not be chronologically correct. -- "A rest with a fermata is the moral opposite of the fast food restaurant with express lane." - James Gleick, Faster -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> I've just done some tests on that with 33G partitions of 46G IDE drives. > The drives are on different IDE buses, and the CPU is an Athlon 800. > > So it seems to me that page size is probably a good buffer size to use. Cool! Nothing like Real Proper Testing to prove a point. ;) I'm surprised the difference between 512b and 4k wasn't greater though; I'm sure I've had more spectacular differences in the past. ... and I won't bring up anything about SCSI or IDE at this point. ;) - Jeff -- "I wanted to be Superman, but all I got were these special powers of self-deprecation."
Re: LVM [Was: Best way to duplicate HDs]
> Never mind, the LVM HOWTO is making sense. Must be this hour of the morning, > or the hangover or... I hope there are more hackers working on LVM than just Sistina. Another GFS snatcheroo would suck. [ Go to www.opengfs.org for the Free GFS. :) ] - Jeff -- "Can we have a special TELSABUG category, and everything gets dropped to fix them first?" - Telsa Gwynne -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LVM [Was: Best way to duplicate HDs]
> Any pointers appreciated. Never mind, the LVM HOWTO is making sense. Must be this hour of the morning, or the hangover or... - Jeff -- http://www.xach.com/debian-users-are-beatniks.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
LVM [Was: Best way to duplicate HDs]
> LVM. Create a snapshot of the LV and then use dd to copy it. > > LVM solves this, but adds it's own set of problems. Russell, do you know of a good (reasonably practical *and* theoretical) intro to LVM? It's just seemed overly complicated when I've looked at it in the past. Any pointers appreciated. Thanks, - Jeff -- Penguinillas Pack GNUzis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> I've just done some tests on that with 33G partitions of 46G IDE drives. > The drives are on different IDE buses, and the CPU is an Athlon 800. > > So it seems to me that page size is probably a good buffer size to use. Cool! Nothing like Real Proper Testing to prove a point. ;) I'm surprised the difference between 512b and 4k wasn't greater though; I'm sure I've had more spectacular differences in the past. ... and I won't bring up anything about SCSI or IDE at this point. ;) - Jeff -- "I wanted to be Superman, but all I got were these special powers of self-deprecation." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> What do you think would be the best way to duplicate a HD to another > (similar sized) HD? dd, using a large buffer size for reasonable performance - Jeff -- "Linux continues to have almost as much soul as James Brown." - Forrest Cook, LWN
Re: Best way to duplicate HDs
> What do you think would be the best way to duplicate a HD to another > (similar sized) HD? dd, using a large buffer size for reasonable performance - Jeff -- "Linux continues to have almost as much soul as James Brown." - Forrest Cook, LWN -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LinkWalker
> > Why don't you just update your robots.txt to explicitly specify which > > files you don't or do, allow spiders access to. If it's a rule-obiding > > spider, that will be the end of it. > > I wasn't aware that there was any format to robots.txt, I thought that the > mere presense of such a file would prevent robots from visiting. http://www.searchtools.com/robots/robots-txt.html - Jeff -- "Funny, I have no trouble distinguishing my mobile phone from the others because it's in my _own fucking pocket_!" - Mobile Rage
Re: LinkWalker
> > Why don't you just update your robots.txt to explicitly specify which > > files you don't or do, allow spiders access to. If it's a rule-obiding > > spider, that will be the end of it. > > I wasn't aware that there was any format to robots.txt, I thought that the > mere presense of such a file would prevent robots from visiting. http://www.searchtools.com/robots/robots-txt.html - Jeff -- "Funny, I have no trouble distinguishing my mobile phone from the others because it's in my _own fucking pocket_!" - Mobile Rage -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FreeRADIUS issues
> > [EMAIL PROTECTED] Auth-Type := Crypt-Local, Password == "6IVIw" > > garry Auth-Type := Crypt-Local, Password == "6IVIw" > > I haven't tried FreeRADIUS, so I may be talking nonsense, but > that password does not look crypted. It should look something > like this: X.SldLTDxGIGU or abB.3AxASd29. etc. i.e. 13 > characters from the set (a-zA-Z0-9./). Sorry, should have mentioned it was censored. > > modcall: entering group authorize modcall[authorize]: module > > "preprocess" returns ok rlm_fastusers: checking defaults rlm_fastusers: > > user not found modcall[authorize]: module "fastusers" returns notfound > > This looks to me like it didn't find the user in the file. Are you sure > you have the stuff in the right file? :) Are you sure you have the syntax > correct? I hope so, thus the pastage of the above lines. There's very little in the way of documentation and examples... Thanks, - Jeff -- o/~ we all live in a yellow subroutine o/~ - auspex
Re: FreeRADIUS issues
> > [EMAIL PROTECTED] Auth-Type := Crypt-Local, Password == "6IVIw" > > garry Auth-Type := Crypt-Local, Password == "6IVIw" > > I haven't tried FreeRADIUS, so I may be talking nonsense, but > that password does not look crypted. It should look something > like this: X.SldLTDxGIGU or abB.3AxASd29. etc. i.e. 13 > characters from the set (a-zA-Z0-9./). Sorry, should have mentioned it was censored. > > modcall: entering group authorize modcall[authorize]: module > > "preprocess" returns ok rlm_fastusers: checking defaults rlm_fastusers: > > user not found modcall[authorize]: module "fastusers" returns notfound > > This looks to me like it didn't find the user in the file. Are you sure > you have the stuff in the right file? :) Are you sure you have the syntax > correct? I hope so, thus the pastage of the above lines. There's very little in the way of documentation and examples... Thanks, - Jeff -- o/~ we all live in a yellow subroutine o/~ - auspex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
FreeRADIUS issues
Hi all, Having some troubles with freeradius as packaged in woody. I'm doing a very quick auth migration for a PM3, taking usernames and crypted passwords from an old Qube, and putting them ni various files for service authentication. FreeRADIUS is not cooperating. ;) Here's an example of what I have in the fast_users file: [EMAIL PROTECTED] Auth-Type := Crypt-Local, Password == "6IVIw" garry Auth-Type := Crypt-Local, Password == "6IVIw" Many of those. I'm getting this error upon running radtest with: radtest garry blah localhost localhost pants Sending Access-Request of id 74 to 127.0.0.1:1812 User-Name = "garry" Password = "W)\204\310\316yvi\237\023(\013\027\316\336\225" NAS-IP-Address = whale NAS-Port-Id = "localhost" rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=74, length=20 The logs say: modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_fastusers: checking defaults rlm_fastusers: user not found modcall[authorize]: module "fastusers" returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user auth: Failed to validate the user. Login incorrect: [garry] (from nas local port 0) Sending Access-Reject of id 74 to 127.0.0.1:32773 Anyone have pointers? - Jeff -- The implementation of any sufficiently advanced technology is indistinguishable from pr0n.
FreeRADIUS issues
Hi all, Having some troubles with freeradius as packaged in woody. I'm doing a very quick auth migration for a PM3, taking usernames and crypted passwords from an old Qube, and putting them ni various files for service authentication. FreeRADIUS is not cooperating. ;) Here's an example of what I have in the fast_users file: [EMAIL PROTECTED] Auth-Type := Crypt-Local, Password == "6IVIw" garry Auth-Type := Crypt-Local, Password == "6IVIw" Many of those. I'm getting this error upon running radtest with: radtest garry blah localhost localhost pants Sending Access-Request of id 74 to 127.0.0.1:1812 User-Name = "garry" Password = "W)\204\310\316yvi\237\023(\013\027\316\336\225" NAS-IP-Address = whale NAS-Port-Id = "localhost" rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=74, length=20 The logs say: modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_fastusers: checking defaults rlm_fastusers: user not found modcall[authorize]: module "fastusers" returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user auth: Failed to validate the user. Login incorrect: [garry] (from nas local port 0) Sending Access-Reject of id 74 to 127.0.0.1:32773 Anyone have pointers? - Jeff -- The implementation of any sufficiently advanced technology is indistinguishable from pr0n. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to customize mbox format in postfix?
> They have various kinds of reasons. Some are reasonable, some not. > If they just insisit on mbox format and ask for imap service with mbox > support. Is there any compatible method to take? What are the reasons? It's not a worthwhile thing to change if it's not entirely necessary. You have a good setup already, there should be no reason to change it if it is providing good service. - Jeff -- "One World, one Web, one Browser." - Microsoft promotion "Ein Volk, ein Reich, ein Fuhrer." - Adolf Hitler
Re: how to customize mbox format in postfix?
> They have various kinds of reasons. Some are reasonable, some not. > If they just insisit on mbox format and ask for imap service with mbox > support. Is there any compatible method to take? What are the reasons? It's not a worthwhile thing to change if it's not entirely necessary. You have a good setup already, there should be no reason to change it if it is providing good service. - Jeff -- "One World, one Web, one Browser." - Microsoft promotion "Ein Volk, ein Reich, ein Fuhrer." - Adolf Hitler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sf-debian
> Warning: LDAP: Unable to bind to server: Invalid DN syntax in > /usr/lib/sourceforge/www/include/ldap.php on line 50 > > * The distinguished name of the search base: dc=dev.uprint.web Should be: dc=dev,dc=uprint,dc=web - Jeff -- We're passe with class, eh?
Re: sf-debian
> Warning: LDAP: Unable to bind to server: Invalid DN syntax in > /usr/lib/sourceforge/www/include/ldap.php on line 50 > > * The distinguished name of the search base: dc=dev.uprint.web Should be: dc=dev,dc=uprint,dc=web - Jeff -- We're passe with class, eh? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail
> Does anyone have the slightest clue how to host mail for multiple domains > such that every domain has a unique namespace? Thinking about the matter, > I realized I don't quite know how to accomplish this. Postfix virtual domains operate like this by default, however you can make it operate like sendmail virtual domains if you want to. - Jeff -- "It's only ironic because it's true." - Reflexive irony, overheard
Re: Mail
> Does anyone have the slightest clue how to host mail for multiple domains > such that every domain has a unique namespace? Thinking about the matter, > I realized I don't quite know how to accomplish this. Postfix virtual domains operate like this by default, however you can make it operate like sendmail virtual domains if you want to. - Jeff -- "It's only ironic because it's true." - Reflexive irony, overheard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: stable vs testing
> Anyway, thats our take on it... and its never failed us so far. Takes > quite a bit of effort though... so watch out. Just to chime in, we use stable only, with quite a few backports. [1] Often enough there's a package I'd really like - right now it's a fresh postfix - but I find greater stability and less trouble sticking with known good software for as long as possible. For environments in which change management is a big task, it is *far* saner to stick with stable. - Jeff [1] deb http://solutionsfirst.com.au/debian potato sol1 -- "A rest with a fermata is the moral opposite of the fast food restaurant with express lane." - James Gleick, Faster
Re: replicating, balanced web-server with *write* access?
> On Sun, Nov 11, 2001 at 02:09:01PM +1100, Jeff Waugh wrote: > > RAID on Network Block Devices. You get the benefits of RAID, but over a > > number of different machines, perhaps even on different networks if the > > topology allows for the performance requirements. > Does it really allow writing in *both* directions? I mean both servers > should be able to write to the same "filesystem" so they would have to > mount each other as nbd... Else it would only be good for one-way failover > service. Okay, how about this... It's ASCII ART TIME! _ _ _ | | | | | | | ND1 | | ND2 | | ND3 | NBD device machines: 1, 2 & 3 |_| |_| |_| \ / _ _ | | | | | FS1 | | FS2 | File server machines: 1 & 2 |_| |_| \ _ | | | CL1 | Client machine: 1, for the sake of the image. :) |_| The RAID member machines all run an NBD server, so let's say we have three network devices to make our RAID with. The two fileservers are for failover, so we really only use one. It uses the NBD devices, and operates the RAID. Our client machine uses the filesystem on the fileserver (however it needs it, it could be samba, nfs, appletalk, etc). If an NBD device machine goes down, the fileserver handles this as it would any other RAID situation. When the machine comes back up, the NBD can be resynced with the others. If a fileserver machine goes down, bring up the other one on the same IP address with heartbeat. It can also bring up the NBD devices and get the RAID going again. If the client goes down, thwack them on the head. ;) > > It's A CRAZY SCHEME, but it MIGHT JUST WORK! [1] > yeah, that's what I want to have on my production servers That's the spirit! LINUX UBER ALLES! ;) - Jeff -- "Basically my philosophy on release management is that it should be like police brutality." - Maciej Stachowiak
Re: replicating, balanced web-server with *write* access?
> Much is written about High-Availability servers but I still didn't find a > good solution how to build two load-balanced webservers _without_ > connecting them both to one RAID (single point of failure). RAID on Network Block Devices. You get the benefits of RAID, but over a number of different machines, perhaps even on different networks if the topology allows for the performance requirements. It's A CRAZY SCHEME, but it MIGHT JUST WORK! [1] - Jeff [1] It does. ;) -- http://www.xach.com/debian-users-are-beatniks.html
Re: replicating, balanced web-server with *write* access?
> On Sun, Nov 11, 2001 at 02:09:01PM +1100, Jeff Waugh wrote: > > RAID on Network Block Devices. You get the benefits of RAID, but over a > > number of different machines, perhaps even on different networks if the > > topology allows for the performance requirements. > Does it really allow writing in *both* directions? I mean both servers > should be able to write to the same "filesystem" so they would have to > mount each other as nbd... Else it would only be good for one-way failover > service. Okay, how about this... It's ASCII ART TIME! _ _ _ | | | | | | | ND1 | | ND2 | | ND3 | NBD device machines: 1, 2 & 3 |_| |_| |_| \ / _ _ | | | | | FS1 | | FS2 | File server machines: 1 & 2 |_| |_| \ _ | | | CL1 | Client machine: 1, for the sake of the image. :) |_| The RAID member machines all run an NBD server, so let's say we have three network devices to make our RAID with. The two fileservers are for failover, so we really only use one. It uses the NBD devices, and operates the RAID. Our client machine uses the filesystem on the fileserver (however it needs it, it could be samba, nfs, appletalk, etc). If an NBD device machine goes down, the fileserver handles this as it would any other RAID situation. When the machine comes back up, the NBD can be resynced with the others. If a fileserver machine goes down, bring up the other one on the same IP address with heartbeat. It can also bring up the NBD devices and get the RAID going again. If the client goes down, thwack them on the head. ;) > > It's A CRAZY SCHEME, but it MIGHT JUST WORK! [1] > yeah, that's what I want to have on my production servers That's the spirit! LINUX UBER ALLES! ;) - Jeff -- "Basically my philosophy on release management is that it should be like police brutality." - Maciej Stachowiak -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: replicating, balanced web-server with *write* access?
> Much is written about High-Availability servers but I still didn't find a > good solution how to build two load-balanced webservers _without_ > connecting them both to one RAID (single point of failure). RAID on Network Block Devices. You get the benefits of RAID, but over a number of different machines, perhaps even on different networks if the topology allows for the performance requirements. It's A CRAZY SCHEME, but it MIGHT JUST WORK! [1] - Jeff [1] It does. ;) -- http://www.xach.com/debian-users-are-beatniks.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Journaling FS for Production Systems
> Are there many xfs users our there? Is the development active? > If not is it because the xfs is stable, or has the xfs initiative > lost momentum? My home machine: :r! mount | grep hd /dev/hda2 on / type xfs (rw,noatime) /dev/hdc2 on /var type xfs (rw,noatime) /dev/hdc3 on /home/music type xfs (rw,noatime) Remember that XFS has had a long time to mature as part of IRIX. Only the port to Linux could be seen as unstable, the filesystem itself is long proven. XFS lost a bit of momentum as Linuxcare pulled out of the porting efforts, but I still use the SGI CVS kernels, which are regularly updated. XFS is really good stuff, has good tools (reiser does not), and has a long track record of stability. Add POSIX ACLs and the other advanced features, and you have a kickarse filesystem (particularly good for a reliable SAMBA machine, as it happens). - Jeff -- "Can we have a special TELSABUG category, and everything gets dropped to fix them first?" - Telsa Gwynne
Re: customizing debian apache
> Look in the the debian dir of the src deb. The rules, post*, pre*, and > apacheconfig files are all hardcoded to assuming the Debian Layout. You haven't mentioned what's wrong, or requires customisation... > That's all fine and good, but it restricts customization. I'm not sure > how foobarred everything would get if a package that depends on apache > being in a certain spot, either. The package requiring apache to be in a certain place would be foobarred, in this instance. Specifics! What is wrong with it? - Jeff -- She said she loved my mind, though by most accounts I had already lost it.
Re: customizing debian apache
> Has anyone managed to customize (as in "use your own Layout on") an > apache build from .deb source? I can't stand the debian Layout and want > to customize it (or even use an existing layout that comes with apache). > The problem is that all of the build scripts and whatnot assume you use > the Debian layout. Define "layout"? If it's just a matter of "where served files are on the filesystem" you can do that very easily post-install. I'm surprised you'd have any issues with the apache packages - they are one of the most well put together and administrator-friendly sets of packages I've ever seen. Please point out specific issues. - Jeff -- Cette menace est très sérieuse.
Re: Mail server
> I'm going to be setting up a mail server (Exim + uwimapd + IMP webmail) > that will serve about 300-500 users. > > There will not be a major amount of traffic being put through it and was > wondering if anyone had any cost effective hardware recommendations for > CPU/RAM/HD space? You can reduce the recommended hardware a bit if you use Courier IMAP, which is far more performant than uwimapd. :) - Jeff -- "In addition to these ample facilities, there exists a powerful configuration tool called gcc." - Elliot Hughes, author of lwm
Re: RAID & Hard disk performance
> There's a number of guides that tell you about hdparm and what DMA is, but if > you already know that stuff then there's little good documentation. "Oh bum." :) > Then on the rare occasions that I do meet people who know this stuff > reasonably well they seem to spend all their time trying to convince me that > SCSI is better than IDE (regardless of benchmark results). :( Heh, there's a religious war waiting to happen. > > [1] http://people.redhat.com/alikins/system_tuning.html I've just found that iostat (in unstable's sysstat package) supports extended I/O properties in /proc if you have sct's I/O monitoring patches. Unfortunately, the last one on his ftp site is for 2.3.99-preBlah. I sent an email to lkml last night to see if there's a newer patch - I'll follow up here if so. Thanks Russell, - Jeff -- Wars end, love lasts.
Re: Mail server
> I'm going to be setting up a mail server (Exim + uwimapd + IMP webmail) > that will serve about 300-500 users. > > There will not be a major amount of traffic being put through it and was > wondering if anyone had any cost effective hardware recommendations for > CPU/RAM/HD space? You can reduce the recommended hardware a bit if you use Courier IMAP, which is far more performant than uwimapd. :) - Jeff -- "In addition to these ample facilities, there exists a powerful configuration tool called gcc." - Elliot Hughes, author of lwm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RAID & Hard disk performance
> There's a number of guides that tell you about hdparm and what DMA is, but if > you already know that stuff then there's little good documentation. "Oh bum." :) > Then on the rare occasions that I do meet people who know this stuff > reasonably well they seem to spend all their time trying to convince me that > SCSI is better than IDE (regardless of benchmark results). :( Heh, there's a religious war waiting to happen. > > [1] http://people.redhat.com/alikins/system_tuning.html I've just found that iostat (in unstable's sysstat package) supports extended I/O properties in /proc if you have sct's I/O monitoring patches. Unfortunately, the last one on his ftp site is for 2.3.99-preBlah. I sent an email to lkml last night to see if there's a newer patch - I'll follow up here if so. Thanks Russell, - Jeff -- Wars end, love lasts. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RAID & Hard disk performance
> RAID-5 is another issue though. But then you have to consider that Linux > software RAID kills the performance of most hardware RAID controllers. Run > an Athlon 800 with two IDE drives in RAID-1 and expect 2-4 times the > performance for bulk IO that an entry level Mylex RAID controller with Ultra2 > SCSI 10K rpm drives. I expect that a top-end Mylex controller will perform > well (but who can afford one of them?). Wow! Russell, do you know of any Linux I/O and hard disk performance guides? I've recently read Adrian Likins' system tuning page [1] and am interested too see if there's anything more specific. Thanks for bonnie++ btw, - Jeff [1] http://people.redhat.com/alikins/system_tuning.html -- o/~ we all live in a yellow subroutine o/~ - auspex
RAID & Hard disk performance
> RAID-5 is another issue though. But then you have to consider that Linux > software RAID kills the performance of most hardware RAID controllers. Run > an Athlon 800 with two IDE drives in RAID-1 and expect 2-4 times the > performance for bulk IO that an entry level Mylex RAID controller with Ultra2 > SCSI 10K rpm drives. I expect that a top-end Mylex controller will perform > well (but who can afford one of them?). Wow! Russell, do you know of any Linux I/O and hard disk performance guides? I've recently read Adrian Likins' system tuning page [1] and am interested too see if there's anything more specific. Thanks for bonnie++ btw, - Jeff [1] http://people.redhat.com/alikins/system_tuning.html -- o/~ we all live in a yellow subroutine o/~ - auspex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Project 2000 on Debian (under Wine) ?
> There is a Company at > http://www.bynari.net/Products/TradeServer/trade_server.html that has > info on using Outlook with Linux. I have never used it but it looks > interesting. Bynari are (trying to avoid libel suits and things like that)... very silly. - Jeff -- Money can't buy me grok.
Re: Project 2000 on Debian (under Wine) ?
> There is a Company at > http://www.bynari.net/Products/TradeServer/trade_server.html that has > info on using Outlook with Linux. I have never used it but it looks > interesting. Bynari are (trying to avoid libel suits and things like that)... very silly. - Jeff -- Money can't buy me grok. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Project 2000 on Debian (under Wine) ?
> I am looking for a Linux based tool that is designed to help manage a > variety of projects. This tool needs to be able to schedule and track > tasks MrProject from CodeFactory (codefactory.se) is kicking arse at the moment; perhaps you could pitch in and help out? > and interface with Outlook clients. Anybody know one? Interface with Outlook? Ain't going to happen. Unless everything is done via iCal, etc. I don't believe Project and Oulook use this as their primary interface on Windows anyway. You won't be getting this feature any time soon. - Jeff -- "A rest with a fermata is the moral opposite of the fast food restaurant with express lane." - James Gleick, Faster
Re: Project 2000 on Debian (under Wine) ?
> I am looking for a Linux based tool that is designed to help manage a > variety of projects. This tool needs to be able to schedule and track > tasks MrProject from CodeFactory (codefactory.se) is kicking arse at the moment; perhaps you could pitch in and help out? > and interface with Outlook clients. Anybody know one? Interface with Outlook? Ain't going to happen. Unless everything is done via iCal, etc. I don't believe Project and Oulook use this as their primary interface on Windows anyway. You won't be getting this feature any time soon. - Jeff -- "A rest with a fermata is the moral opposite of the fast food restaurant with express lane." - James Gleick, Faster -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
FreeRADIUS, starting ISP learning curve
Hi all, So, I'm beginning the ISP learning curve. I have to get my head around RADIUS, and I've been looking at FreeRADIUS given Russell's recommendation. I'll be interfacing with a couple of PM3s. Where's a good place to read up on this from a beginner's perspective? The documentation is reference material rather than descriptive. [ Both portslave (using this on another project, but need radius anyway) and freeradius backported pretty nicely. ] - Jeff -- "I believe in true love. But I am easily satisfied." - Miguel de Icaza
FreeRADIUS, starting ISP learning curve
Hi all, So, I'm beginning the ISP learning curve. I have to get my head around RADIUS, and I've been looking at FreeRADIUS given Russell's recommendation. I'll be interfacing with a couple of PM3s. Where's a good place to read up on this from a beginner's perspective? The documentation is reference material rather than descriptive. [ Both portslave (using this on another project, but need radius anyway) and freeradius backported pretty nicely. ] - Jeff -- "I believe in true love. But I am easily satisfied." - Miguel de Icaza -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: User mode linux...
> Does anyone try the User Mode Linux to do virtual hosting? Is the UML > enought secure for this? In the web page said that virtual hosting is posible > but he doesn't know of anyone who's doing this... When I described doing this as "batshit insane" at linux.conf.au earlier this year, Jeff Dike smiled and nodded. :) I wasn't expecting him to pick up the Australian lingo, but I think he had a fair idea of what I was saying. You're honestly better off running simple chrooted systems or something like that. UML is great for various things (such as kickarse kernel debugging), but at this stage, it's not ready for doing something like this. Really CPU intensive. - Jeff -- She said she loved my mind, though by most accounts I had already lost it.
Re: User mode linux...
> Does anyone try the User Mode Linux to do virtual hosting? Is the UML > enought secure for this? In the web page said that virtual hosting is posible > but he doesn't know of anyone who's doing this... When I described doing this as "batshit insane" at linux.conf.au earlier this year, Jeff Dike smiled and nodded. :) I wasn't expecting him to pick up the Australian lingo, but I think he had a fair idea of what I was saying. You're honestly better off running simple chrooted systems or something like that. UML is great for various things (such as kickarse kernel debugging), but at this stage, it's not ready for doing something like this. Really CPU intensive. - Jeff -- She said she loved my mind, though by most accounts I had already lost it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: portslave for potato
> I have put a copy of the latest portslave compiled for potato online at > http://www.coker.com.au/portslave/ . I don't have a potato system to test it > though... Also it is a new version... Oh cool! I will test it for you! :) Thanks heaps Russell, - Jeff -- "Anyway - I need something more James Bond than Banana Man, if you know what I mean..." - Tom Gilbert
Re: portslave for potato
> I have put a copy of the latest portslave compiled for potato online at > http://www.coker.com.au/portslave/ . I don't have a potato system to test it > though... Also it is a new version... Oh cool! I will test it for you! :) Thanks heaps Russell, - Jeff -- "Anyway - I need something more James Bond than Banana Man, if you know what I mean..." - Tom Gilbert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Smaller dial-in systems [was: portslave]
> > > > Is that like sending in the tanks? :) > > > > > > I like tanks! ;) > > > > Not on my phoneline, thank you. ;) > > Why? The latest version is only an 80K deb! It's small, resource friendly, > fast, etc. I meant the tank. ;) > Well the latest version of Portslave (the one that is too experimental for > upload to Debian) has got some new code for direct authentication without > RADIUS (which hasn't been properly tested yet)... Very cool - I'm just getting my hands dirty with the current version as we speak. - Jeff -- "The GPL is good. Use it. Don't be silly." - Michael Meeks
Re: Smaller dial-in systems [was: portslave]
> > Is that like sending in the tanks? :) > > I like tanks! ;) Not on my phoneline, thank you. ;) > Sure. AFAIK every RADIUS server in the Unix world supports PAM in some way. Cool. I've never really looked at it, as I've always thought, "oh no, that's for like, *lots* of modems." :) > I recommend FreeRadius, although last time I checked the Debian package was > still in limbo. :( I might pick it up if I get to like it. - Jeff -- "NASCAR is not race per se. It's just a contest about who can turn left the best." - Unknown
Re: Smaller dial-in systems [was: portslave]
> There's nothing stopping you from running Portslave with a single dial-in > line! Is that like sending in the tanks? :) > If your dial-in setup is serious enough to use a RADIUS server then it's big > enough for Portslave. > > Setting up the RADIUS server is likely to be the most difficult part of a > Portslave installation. Can I authenticate with PAM, etc. somehow? - Jeff -- "Trying to get a PC to analyse one of the most abstract forms of language - the poem - is like trying to drill for oil with a banana." - The Register
Re: Smaller dial-in systems [was: portslave]
> > > > Is that like sending in the tanks? :) > > > > > > I like tanks! ;) > > > > Not on my phoneline, thank you. ;) > > Why? The latest version is only an 80K deb! It's small, resource friendly, > fast, etc. I meant the tank. ;) > Well the latest version of Portslave (the one that is too experimental for > upload to Debian) has got some new code for direct authentication without > RADIUS (which hasn't been properly tested yet)... Very cool - I'm just getting my hands dirty with the current version as we speak. - Jeff -- "The GPL is good. Use it. Don't be silly." - Michael Meeks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Smaller dial-in systems [was: portslave]
> > Is that like sending in the tanks? :) > > I like tanks! ;) Not on my phoneline, thank you. ;) > Sure. AFAIK every RADIUS server in the Unix world supports PAM in some way. Cool. I've never really looked at it, as I've always thought, "oh no, that's for like, *lots* of modems." :) > I recommend FreeRadius, although last time I checked the Debian package was > still in limbo. :( I might pick it up if I get to like it. - Jeff -- "NASCAR is not race per se. It's just a contest about who can turn left the best." - Unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Smaller dial-in systems [was: portslave]
> There's nothing stopping you from running Portslave with a single dial-in > line! Is that like sending in the tanks? :) > If your dial-in setup is serious enough to use a RADIUS server then it's big > enough for Portslave. > > Setting up the RADIUS server is likely to be the most difficult part of a > Portslave installation. Can I authenticate with PAM, etc. somehow? - Jeff -- "Trying to get a PC to analyse one of the most abstract forms of language - the poem - is like trying to drill for oil with a banana." - The Register -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Smaller dial-in systems [was: portslave]
> Anything that can be done by getty, mgetty, radius-client, etc can be done > better by Portslave. Is portslave appropriate for a smaller system, say with only three dial-in ports? mgetty is not exactly the most polite software to administer, and there are lots of times I'd like a simple, easy to install, sub-10-port dial-in system. Thoughts or pointers? - Jeff -- "jwz? no way man, he's my idle" - James Wilkinson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache
> Is there a module or package that lets apache run > asp files ? It varies depending on whether you are talking about the ASP platform (which there are proprietary packages for Apache migration purposes) or just using VBScript, which there are faux-interpreters and some converters. It's important to distinguish between the ASP platform and VBScript before having a serious hunt for these products. - Jeff -- "Everyone says they like Free Software - not everyone is ready to make the tough choices to make it happen." - Maciej Stachowiak -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: vmailmgr issue
> I hate admining email... no wonder I've never had to do this before. found in headers: X-Motto: Fuck you, I'm smart! X-Saying: Could not connect to database Might want to revise your motto. :) - Jeff -- make: *** No rule to make target `whoopee'. Stop. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Webalizer
> Ah -- OK. Thanks for clueing me in -- I hadn't realised. deb http://solutionsfirst.com.au/debian stable sol1 > Is the difference worth it? (I.e. what can't-possibly-do-without > goodies am I going to get that will persuade me to roll my own before > >= v2.01 makes it into testing?) I reckon: http://mrunix.net/webalizer/news.html :) - Jeff -- "You know, the crunchy, folk-singer part of me wants to believe that a performance is a dialogue, but I can't hear a fucking thing you're saying." - Ani DiFranco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache/PHP
> This is managable. You just have to keep one root shell open while trying > a second login, if you can't login again in another session then you still > have the first session open to fix things. Also have busybox-static (or > something similar) installed to fix problems with shared libraries. I like not having to have these considerations when administering a production machine. :) - Jeff -- No clue is good clue. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache/PHP
> I think the next step will probably be my own distro, like LFS > (http://www.inuxfromscratch.org/). I guess we should end the thread with a laugh, then. - Jeff -- Australians don't dislike Americans, we just dislike the sight, sound and thought of them. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Clustering mail servers - Cyrus or Courier ?
> LMTP would be the best if talking about Cyrus). > It should support LDAP database. Postfix supports both of these. It is an *awesome* MTA. - Jeff -- I must be getting old... Buying toothpaste with gel in it is no longer an Absolute Necessity. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Clustering mail servers - Cyrus or Courier ?
> Hmmm, I can see it's in early stage of developement. Yes. :) > Does postfix support ldap nativly ? Absolutely! - Jeff -- Is Murphy's Law constitutional? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Clustering mail servers - Cyrus or Courier ?
> However, AFAIK it can be done only with Cyrus with its IMAP Aggregator, or > with qmail-ldap + Courier-IMAP... You ought to check out Scalemail, which is being developed expressly for this purpose. It is a combination of Courier POP/IMAP and postfix. Very powerful combo. - Jeff -- "Funny, I have no trouble distinguishing my mobile phone from the others because it's in my _own fucking pocket_!" - Mobile Rage -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rsync and named-xfer
> i hope this is useful to someone...there was no information at all on > the topic when i searched for it on google yesterday. Craig, that's very cool. I don't have an immediate use as yet, but thank you for publishing your hack to the list for everyone! - Jeff -- "And the beanbag is a triumph of modern day eclectic colourism..." - Catie Flick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: help with site+database
> I know oracle has "optimistic" locking and "versioning". I **think** > postgres does too? Comments? Postgres has better than row level locking (I'm sure Craig was just simplifying earlier), plus reading and writing are independent. See: http://postgresql.planetmirror.com/devel-corner/docs/postgres/mvcc.html Very groovy stuff. > I'm not sure the issue is mysql vs postgres, but what does it take to run > a particular site. If the site is heavily interactive with complex > queries and transactions, the choice seems limited. There aren't too many websites that would run with a "read only" style approach to their databases, as you mentioned earlier in your email. This is why I can't imagine using MySQL for anything truly useful. > Oh well... have they got a history in their cli yet? Heh. Time for you to catch up with newer Postgres releases, methinks. :) - Jeff -- "Boys will be boys, hackers will be hackers, geeks will be geeks, and cyberpunks will always just be ravers with Macintoshes." - Monkey Master, Crackmonkey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: help with site+database
> I've found varying reviews to be mixed. Just by searching for "postgres > mysql comparison" like you said I found this: > http://phd.pp.ru/Software/SQL/PostgreSQL-vs-MySQL.html Any comparison should take note of PostgreSQL's incredible leaps in speed with version 7.1, and even more features that MySQL can't do (OUTER JOIN for example). For anyone who hasn't tried it out - it's quite different to MySQL, but it rocks very, very hard. Definitely worth learning and porting! :) - Jeff -- "If your life was a movie, would you pay to see it? Would you pay to see an advertisement for it?" - James Morris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: help with site+database
> Slashdot uses mySQL as its database and I don't think that anyone > could plausibly argue that /. isn't an intensive use of a database by a > very busy, and very successful, Web site. It's also a very botched job. The code that slashdot runs - the previous generation of SlashCode - is at best, shocking. They still run MySQL because the site was never designed with database abstraction in mind, and that's all they had at the time. They run it, because they're stuck with it, so it's not a good advertisement for MySQL at all! :) > The answer to the "which is better" question seems to depend on what > you are using the database for. My suggestion is to grab both databases, > populate them with your data and manually run some of your "typical" > queries on them. See which works better for *your* needs. The only problem with this is that you simply cannot do things in MySQL that you can with PostgreSQL - if you had to do anything remotely complicated it would be a comparison between PostgreSQL and MySQL (with a lot of glue and bodge code to fix up everything it doesn't do). - Jeff -- I was there when geek became chic. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Active Directory Vs GNU
> Is the domain function in Samba the way to provide logon scripts to those > clients? Samba supports Windows NT domains in version 2.2, and this will allow you to set up login scripts, etc. Note that earlier versions only support "pseudo-domains" for Windows 9x clients. - Jeff -- "From my observation, when it comes to porting Linux to a particular device, a point doesn't appear to be necessary." - mpt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FreeSWAN VPN
> The gateways can't ping eachother Please read the documentation -> the gateways will *not* be able to ping each other. FreeS/WAN only routes the traffic to and from each subnet behind the gateway. - Jeff -- Toothpaste is the most important meal of the day. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: websites, clusters, and other pets...
> What is the better solution for one cluster (beowulf, etc)? I don't want a > warflame for this eh? ;) The clusters will run Apache and a dynamic site > with php and mysql. By the documentation I'm reading, I think the best > option is Mosix... Have a cluster /web more difficult for administration > than a "tradicional sort"?? What are the most adventage/disaventage of a > web based cluster? MOSIX is not going to help you much. Your best bet is to use round-dobin DNS on the low end, and various solutions like Ultra Monkey [1] on the high end. http://www.ultramonkey.org/ - Jeff -- "Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember? GOOD MORNING" - Andre Hedrick, Linux ATA Dude -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]