NON-US can anyone reach aljazeera.net?
Can anyone reach aljazeera.net or english.aljazeera.net from outside of US? Or any nameservers for it? I'm trying to determine if this is a US only issue, . cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
NON-US can anyone reach aljazeera.net?
Can anyone reach aljazeera.net or english.aljazeera.net from outside of US? Or any nameservers for it? I'm trying to determine if this is a US only issue, . cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LSB and Debian, Commercial perspective
On Thu, Oct 10, 2002 at 09:37:00AM -0700, C. R. Oldham wrote: > > On Thu, Oct 10, 2002 at 07:07:31PM +1000, Jason Lim wrote: > > > Well, I think you'd be in the minority of you don't care if vendors > > > officially support Debian. From a commercial perspective, > > what happens > > > if your tech support department calls up the vendor asking for some > > > assistance, and as soon as you tell them you're running > > Debian, they > > > go all quiet? > > > > -What- vendor? > > > > (And, yep, RMS would be proud of my servers. :)) > > Well, some of us do need Oracle for business reasons. And while I'm an > opensource advocate and choose opensource technology whenever it makes > sense, Oracle is a darned good database, with fairly good support. (if > you can afford it) > > Now, back on topic, I'm pretty sure that Oracle's unspoken policy is > that if you have Oracle on Debian (a non-certified platform according to > them) your support contract is still good up to a point. As soon as you > run into anything that might be distribution-related Oracle Support will > bill you T&M to resolve the issue. Oracle makes an interesting example. The problems I ran into installing oracle on debian were related to that goddamn [EMAIL PROTECTED] installer and the stub libs required for post (re)linking (version 8.something). IMCO an rpm would be way better than that installer. I'm not sure that a bastard installer constitutes "LSB support"; seems to me it just made life hard. YMMV, my experience is a year or so out of date. DB2, OTOH, rpm -> alien -> deb and it just worked on our "unsupported" platform. > > -- > C. R. Oldham > Director of Technology > NCA CASI > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: LSB and Debian, Commercial perspective
On Thu, Oct 10, 2002 at 09:37:00AM -0700, C. R. Oldham wrote: > > On Thu, Oct 10, 2002 at 07:07:31PM +1000, Jason Lim wrote: > > > Well, I think you'd be in the minority of you don't care if vendors > > > officially support Debian. From a commercial perspective, > > what happens > > > if your tech support department calls up the vendor asking for some > > > assistance, and as soon as you tell them you're running > > Debian, they > > > go all quiet? > > > > -What- vendor? > > > > (And, yep, RMS would be proud of my servers. :)) > > Well, some of us do need Oracle for business reasons. And while I'm an > opensource advocate and choose opensource technology whenever it makes > sense, Oracle is a darned good database, with fairly good support. (if > you can afford it) > > Now, back on topic, I'm pretty sure that Oracle's unspoken policy is > that if you have Oracle on Debian (a non-certified platform according to > them) your support contract is still good up to a point. As soon as you > run into anything that might be distribution-related Oracle Support will > bill you T&M to resolve the issue. Oracle makes an interesting example. The problems I ran into installing oracle on debian were related to that goddamn !@#$ installer and the stub libs required for post (re)linking (version 8.something). IMCO an rpm would be way better than that installer. I'm not sure that a bastard installer constitutes "LSB support"; seems to me it just made life hard. YMMV, my experience is a year or so out of date. DB2, OTOH, rpm -> alien -> deb and it just worked on our "unsupported" platform. > > -- > C. R. Oldham > Director of Technology > NCA CASI > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: UUNet down
On Fri, Oct 04, 2002 at 08:30:29AM +1000, Jason Lim wrote: > Hi all, > > Ugh... even though we're not in the USA, these UUnet problems still affect > us, because we're getting so many calls from USA clients telling us OUR > network is dead and dying, when in fact it is their own :-/ > > Are you getting the same kind of problems? > > We're reluctant to add this to our front page website, because we're > concerned people will think it is OUR problem (even if we specifically > state it is UUnet's). > > So how do you guys handle this kind of situation smoothly? > Tell them to reboot. ;^> -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: UUNet down
On Fri, Oct 04, 2002 at 08:30:29AM +1000, Jason Lim wrote: > Hi all, > > Ugh... even though we're not in the USA, these UUnet problems still affect > us, because we're getting so many calls from USA clients telling us OUR > network is dead and dying, when in fact it is their own :-/ > > Are you getting the same kind of problems? > > We're reluctant to add this to our front page website, because we're > concerned people will think it is OUR problem (even if we specifically > state it is UUnet's). > > So how do you guys handle this kind of situation smoothly? > Tell them to reboot. ;^> -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: failure notice (about relays.osirusoft.com)
On Sun, Aug 18, 2002 at 12:27:08PM +1000, Jason Lim wrote: > Dear Russel (and anyone else who is using relays.osirusoft.com), > Jared (single operator of relays.osirusoft) has a documented chip on > his > shoulder against Asia and iAdvantage (upstream, one of the largest ... > > I have communicated with Joe Jared on this (not using real > identification), and while I won't divulge the private communications > on a > public list, the general jist is "i don't get legit emails from Asia, > nor > do people that use my list. So I could block all of Asia and no one > would > care". Those of you that use joe jared's list should be aware of his > opinions. Not going to divulge private commnications, then you go on to do that, only better yet, you get to paraphrase as you wish. Assuming you even did have some "communication". Why did you feel it necessary to do that without "real identification"? Why not put your name on it? Maybe he just has a good bullshit radar. And yes, you can quote me. :-) The better your question, the better your answer. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: VPN Tools!
On Sun, Aug 04, 2002 at 01:29:08AM +0800, axacheng wrote: > i forgot one point!!! > > these package MUST free i dont have no money -_- > > > Hello List : > > Does anyone knows What is best package on VPN solution > > That package have perfect security , compatibility and friendly config file > for administrator! > > pptpd is better than freeswan or have other good package?? @_@ > > BTW, where i could find good document or howto to implement a VPN > environment ??? > > Thanks Very Much. ;-) Why not provide less information about what you need and how you would use it? Use the blue vpn. It's way better than the red one, much friendlier. > > -- > Trust & Unique ... > Axacheng's PGP Public Key http://www.navigation.idv.tw/pgpkey > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Fri, May 10, 2002 at 07:19:27AM +0800, Jason Lim wrote: > > > On Wed, May 08, 2002 at 10:56:12PM +0200, Emile van Bergen wrote: > > > > what has size got to do with it? > > > > > > Because the distinction between a customer and an ISP is not clear. > > > [...] > > > > that was a tautology. it only matters if you think size is relevant. > > > > it doesn't matter in the slightest whether an ISP's customer is another > > ISP or not. > > Using your mentality, then everything always gets escalated to the highest > point (since everyone below the top-most ISP is essentially a customer). > So... essentially, the highest point is nearly always the network > provider... UUnet, Level3, MCIWorldcom... whomever owns the actual > physical cable. > Calm down and think it through. There is a chain of responsiblity and any incident can be escalated. If ISP1 is on Sprint and ISP1 takes no action about spam from spammer-leaf-node-on-ISP1, then one needs to escalate to Sprint to take action to enforce aup on ISP1. If it turns out that sprint pipes mail to abuse@ into /dev/null, or even has a yellow contract with ISP1 that permits spam, then what? Or it might be that an ISP is trying to do something about a customer (monsterhut) or is just half-assed. Maybe you use rfc-ignorant. It's also possible that your standards might not jibe with everyone elses. Me, I think any site sending email that will not accept bounces deserves to go into RBL. Not everyone would even qualify such email as spam, but we do. You might decide that your customers cannot live without Sprint. You might decide that they cannot live **long term** with such actions. Or you might give them a choice. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, May 07, 2002 at 06:55:29PM +1000, Craig Sanders wrote: > On Tue, May 07, 2002 at 10:21:30AM +0200, Emile van Bergen wrote: > > > and assumes dialup/DSL people to be guilty by default. > > Dynamic IP address is the criteria. > > seems like a perfectly reasonable assumption to me. in my experience, > all mail which comes directly from a dynamic IP *IS* spam. > > the tiny handful of hobbyists with their own domains hosted on a dynamic > IP with linux or freebsd should quit whining and use their ISP's mail > server. or get themselves a uucp over tcp mail feed. or batched smtp > over ssh. or similar. frankly, if they're not competent to do any of > these things then they're not competent enough to be running a mail > server on the internet. We operate in one of the older RoadRunner areas and have been providing that service for years for "hobbyists". 100:1 any such hobbyist can find that equivalent anywhere in the world. > > > Making the ISP accountible for the mail sent by their customers by > > having it forced through their MTA in this way is a senseless way of > > approaching the problem, IMHO. > > making ISPs responsible for the mail sent by their customers is the ONLY > thing that actually works. Yes, and the only times we've been blacklisted was when our customers turned out to be running open relays on their shiny new NT boxes. Many cable modem systems provide static addresses. This gets really sticky, because lately we've been getting a lot of spam from them. The local abuse/postmaster@isp merely disclaims responsibility and forwards complaints to the operator. Just local here in Portland Maine there are some 3000 businesses on cable; as more and more of them start running their own SMTP servers and plugging in CDROM email databases this problem will mushroom. The damage a spammer can do from dialup is nothing compared to what he can do on a 2M cable connection with a linux box and powerful MTA. The only entity that can do anything is the ISP. They have to be responsible for the mail their customers send. cfm > > craig > > -- > craig sanders <[EMAIL PROTECTED]> > > Fabricati Diem, PVNC. > -- motto of the Ankh-Morpork City Watch > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RBL - Back to basics
On Fri, May 03, 2002 at 10:34:09AM +1000, Glenn Hocking wrote: > Hi again > > However from a 'email service provider' point of view (as per my > original email) I do not wish to block ANY legitimate email. The more > spam that is bounced the better BUT my requirement is purely 'If it > blocks legitimate email, the rbl is useless'. > > I can not afford for my customers to have legitimate email go missing, > even if a bounce message is sent, which just informs my customers that I > am dictating what mail they can and can't receive. > That is just not possible. If you run wide open, then you will get so much spam that you will lose legitimate email in the spam when the human sits down to parse it. Let alone the waste of time doing it. Let alone the DOS issues and extra bandwidth/gear. As broadband becomes more widespread, the spam mushrooms and as long as people insist on keeping the gates open it will grow. Sadly, the rbl MUST block legitimate email to be of any effect. The human animal will waste any free resource. How's THAT for starting an OT thread. :-) -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Thu, May 02, 2002 at 09:24:57AM -0400, Gene Grimm wrote: > Speaking as an ISP that has to deal with spam complaints from our clients, > most people consider it spam if it was unrequested -- thus the definition of > Unsolicited Commercial Email. It's bad enough to have to deal with junk ads > through snail mail, but now we have to deal with junk ads in electronic > mail. At least with snail mail the advertisor has to foot the whole bill of > the ads so they have to budget their advertising. What irritates me is when > the spammers try to claim that they are sending out their junkmail "in > accordance to federal legislation" and refer to some House or Senate bill. > To the best of my knowledge, there still isn't any actual statute that has > been signed into law regarding spam. There is a big difference between spam with a legitimate reply to and valid bounce address, that will in fact bounce back. spam with a forged reply to and where bounces bounce is a whole different issue. YMMV > >From Glenn Hocking: > > Problem seems to be that GE and Pizza Hut (and others) send out spam > themselves so end up on the lists. > > Seems that one persons advertising email is another persons spam. rblsmtpd -a accept list Of course when most of sprint is in the spamblock that doesn't work. > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
On Thu, May 02, 2002 at 06:52:33PM +1000, Jason Lim wrote: > > > procmail/spamassasin process mails yes "inside" the server, I just > > give you a made up example: > > > > 60 Mails incoming per Minute, > > > > 5 seconds average Spamassasin procesing time per Mail > > > > => 60-12 = 48 Mails per Minute piling up on your incoming mail > > queue = 48 new Spamassasin processes per Minute consuming your > > resources. > > > > While RBL throttles Mail Flow (and spares Disk space) thus protecting > > you in advance, Spamassasin puts the load on your side. > > Well, they are not exactly comparable, as the rule-based Spamassassin does > things based on "keywords and "keyphrases" and that kind of thing, while > RBLs do things based on actual spam activity. In my view, the collateral > damage of using Spamassassin's rule based blocks is too great. > > The only RBL a business should really use is the Spamcop.net RBL, because > is blocks only when actual spam occurs, and not just blocks "all of Asia" > as some other RBLs do. I'm not going to get into the whole RBL comparison > thing, but just wanted to point out the "collateral damage" point. Collateral damage is, however, the only leverage one has get some of these spam friendly ISPs and lazy admins to enforce reasonable use. We just got a dictionary (?) attack from sympatico.ca using forged reply addresses covering all printable characters in this range: [\001-\255][\001-255][\001-\255]@maine.com, our domain, sent all over. Response from sympatica.ca security/abuse Not their responsibility. So a fast rblsmtpd, presumably with local rbl database, set to defer not accept on overload would be preferable. Collateral damage happens if you **accept** that email too and try to filter afterwards. That amounts to DOS. Legitimate email is delayed and bounces. We don't run with a week in the queue, but only hours now - that too because of the spam that won't bounce back. We shut down our off-site MX because spam would come in through that. Yes our reliability has been heavily compromised; more collateral damage. That aaa attack generated triple bounces so it would have been approx 200*200*200*3 messages if it went to completion? We're seeing spammers running linux boxes on roadrunner cable connections; I don't want to buy the horsepower and sink the time into handling that without "damage". Seems to me it will always take an order of magnitude more power to filter accepted garbage than it will to generate that garbage. No way to win that. Anyway, the approach we are taking now is the strictest possible RBL plus an accept list and no spamfilters, precisely because it seems the lightest on resources and the most effective long term. Clients here can opt out of that (getting all email), go with our default, or pay extra for filtering after receipt. cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rblsmtpd -t?
On Thu, May 02, 2002 at 11:02:08AM +1000, Jason Lim wrote: > Hi all, > > This is a bit off-topic, but since I run a number of high volume incoming > mail servers, this applies to any ISP... > > >From http://cr.yp.to/ucspi-tcp/rblsmtpd.html > > --- > rblsmtpd opts prog > > rblsmtpd drops the limited SMTP conversation after 60 seconds, even if the > client has not quit by then. > > Options: > > * -t n: Change the timeout to n seconds. > --- > > Some of the rbls and block lists are getting very slow in responding to > lookups. So the overall performance of the mail servers is getting pretty > terrible, as each client must wait around while the mail server does it's > lookups. Yes. I've been thinking about caching rblsmtpd queries in our own local rbl. There are terms of use on the various services some say secondary ok, some not. > > Does the -t option work in such a way, that if -t 10 was inserted, then > the mail server would wait a maximum of 10 seconds for the lookup requests > to be complete, and if they aren't complete, then ignore them and let the > email through? Is the load from all those rblsmtpd process bigger than accepting the email | procmail | spamassassin? I've no idea how many times the typical spam tries to get through before it dies. What services are you using? /usr/bin/rblsmtpd -aaccept.maine.com -rrbl.maine.com -rrelays.osirusoft.com -rrelays.ordb.org -rdnsbl.njabl.org Where the default debian rblcheck uses these: 127.0.0.1 not RBL filtered by relays.osirusoft.com 127.0.0.1 not RBL filtered by relays.ordb.org 127.0.0.1 not RBL filtered by dnsbl.njabl.org 127.0.0.1 not RBL filtered by ztl.dorkslayers.com 127.0.0.1 not RBL filtered by blacklist.spambag.org 127.0.0.1 not RBL filtered by opm.blitzed.org How do those get chosen? Unfortunately dorkslayers and spambag block so much of Sprint that we can't use them, not if we want to keep any clients. > > TIA. > > Sincerely, > Jason > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Multiple Ascend connections
On Thu, Apr 04, 2002 at 08:13:24AM +1000, Jean-Francois Dive wrote: > you'll then have to serailize/buffer it somewhere, probably at the web server > side if there is only one or on another machine.. > > JeF > On Tue, Apr 02, 2002 at 11:46:14AM -0500, Sean Porth wrote: > > > > > > Hi, > > > > I have a little problem that i'm hoping Debian can solve. > > > > I have a website that needs to send text to an ascend box and the ascend > > box needs to dial out into another ascend box and transfer that > > information. I can do it one at a time via telnet, but you can only > > have one telnet session open at a time. Was hoping someone knows of any > > software that could be used to implement this. Have read through the > > ascend terminal server docs and can't find any information on having > > multiple sessions, any help would be appreciated. uucp? -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Problems building FreeSWAN kernel package.
On Wed, Feb 06, 2002 at 12:38:27PM -0800, Nick Jennings wrote: > Hello, > > Getting a VPN set up on my gateway machine. Running woody (2.4.17). > > Installed the packages: > freeswan, kernel-patch-freeswan, kernel-package, gawk > > After reading /usr/share/doc/kerne-package-freeswan/README.Debian I > also installed: > kernel-source-2.4.17, kernel-headers-2.4.17 > > gateway:/# /usr/src/kernel-source-2.4.17/ > gateway:/usr/src/kernel-source-2.4.17# make-kpkg --config=menuconfig > --revision=gateway.ipsec.1 buildpackage > <-snip-> > <** goes on for a while, then errors out: **> > <-snip-> > /usr/bin/make _sfdep_kernel _sfdep_drivers _sfdep_mm _sfdep_fs _sfdep_net > _sfdep_ipc _sfdep_lib _sfdep_arch/i386/kernel _sfdep_arch/i386/mm > _sfdep_arch/i386/lib _sfdep_arch/i386/math-emu _FASTDEP_ALL_SUB_DIRS="kernel > drivers mm fs net ipc lib arch/i386/kernel arch/i386/mm arch/i386/lib > arch/i386/math-emu" > make[3]: Entering directory `/usr/src/kernel-source-2.4.17' > /usr/bin/make -C kernel fastdep > make[4]: Entering directory `/usr/src/kernel-source-2.4.17/kernel' > make[4]: *** No rule to make target > `/usr/src/kernel-source-2.4.17/include/linux/autoconf.h', needed by > `/usr/src/kernel-source-2.4.17/include/linux/modules/signal.ver'. Stop. > make[4]: Leaving directory `/usr/src/kernel-source-2.4.17/kernel' > make[3]: *** [_sfdep_kernel] Error 2 > make[3]: Leaving directory `/usr/src/kernel-source-2.4.17' > make[2]: *** [dep-files] Error 2 > make[2]: Leaving directory `/usr/src/kernel-source-2.4.17' > make[1]: *** [stamp-build] Error 2 > make[1]: Leaving directory `/usr/src/kernel-source-2.4.17' > make: *** [stamp-buildpackage] Error 2 > gateway:/usr/src/kernel-source-2.4.17# > You don't really say what you did. Did you run make menuconfig or equiv? Missing autoconf is probably not freeswan related unless the patcher got mangled. make-kpkg built freeswan flawlessly on several i86 machines here in past couple of weeks. All running current unstable. Maybe a month ago I did have to tweak it but recent freeswan package fixed that. > > The documentation (README.Debian) is pretty sparse, and I don't know where > else to go to get info on doing this. Any comments or suggestions greatly > appreciated. Thanks in advance. Try applying patches by hand to see what happens. Then just build kernel as usual. > > -- > Nick Jennings > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: Problems building FreeSWAN kernel package.
On Wed, Feb 06, 2002 at 12:38:27PM -0800, Nick Jennings wrote: > Hello, > > Getting a VPN set up on my gateway machine. Running woody (2.4.17). > > Installed the packages: > freeswan, kernel-patch-freeswan, kernel-package, gawk > > After reading /usr/share/doc/kerne-package-freeswan/README.Debian I > also installed: > kernel-source-2.4.17, kernel-headers-2.4.17 > > gateway:/# /usr/src/kernel-source-2.4.17/ > gateway:/usr/src/kernel-source-2.4.17# make-kpkg --config=menuconfig >--revision=gateway.ipsec.1 buildpackage > <-snip-> > <** goes on for a while, then errors out: **> > <-snip-> > /usr/bin/make _sfdep_kernel _sfdep_drivers _sfdep_mm _sfdep_fs _sfdep_net _sfdep_ipc >_sfdep_lib _sfdep_arch/i386/kernel _sfdep_arch/i386/mm _sfdep_arch/i386/lib >_sfdep_arch/i386/math-emu _FASTDEP_ALL_SUB_DIRS="kernel drivers mm fs net ipc lib >arch/i386/kernel arch/i386/mm arch/i386/lib arch/i386/math-emu" > make[3]: Entering directory `/usr/src/kernel-source-2.4.17' > /usr/bin/make -C kernel fastdep > make[4]: Entering directory `/usr/src/kernel-source-2.4.17/kernel' > make[4]: *** No rule to make target >`/usr/src/kernel-source-2.4.17/include/linux/autoconf.h', needed by >`/usr/src/kernel-source-2.4.17/include/linux/modules/signal.ver'. Stop. > make[4]: Leaving directory `/usr/src/kernel-source-2.4.17/kernel' > make[3]: *** [_sfdep_kernel] Error 2 > make[3]: Leaving directory `/usr/src/kernel-source-2.4.17' > make[2]: *** [dep-files] Error 2 > make[2]: Leaving directory `/usr/src/kernel-source-2.4.17' > make[1]: *** [stamp-build] Error 2 > make[1]: Leaving directory `/usr/src/kernel-source-2.4.17' > make: *** [stamp-buildpackage] Error 2 > gateway:/usr/src/kernel-source-2.4.17# > You don't really say what you did. Did you run make menuconfig or equiv? Missing autoconf is probably not freeswan related unless the patcher got mangled. make-kpkg built freeswan flawlessly on several i86 machines here in past couple of weeks. All running current unstable. Maybe a month ago I did have to tweak it but recent freeswan package fixed that. > > The documentation (README.Debian) is pretty sparse, and I don't know where > else to go to get info on doing this. Any comments or suggestions greatly > appreciated. Thanks in advance. Try applying patches by hand to see what happens. Then just build kernel as usual. > > -- > Nick Jennings > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Closest to Debian
On Tue, Jan 29, 2002 at 12:41:52PM +1100, Russell Coker wrote: > That's only an issue if the first drive dies and at the same time something > forces a system reboot. What's the chance of those two things happening at > the same time while not rendering the machine totally unusable (IE dead > motherboard or something equally serious)? High, because it's been 250 days since you last rebooted and the drive has been self-lubricating with sintered spindle. Or maybe you've updated your boot scripts or lilo without rebooting in the past year or so. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs--talk more about rsync+ssh system
On Wed, Jan 02, 2002 at 10:17:38AM -0800, Ted Deppner wrote: > > The [modules] in rsyncd.conf provide a nice way to package what you want to > > back up. You can also specify what ip addresses connect to rsyncd. So in > > theory only the backup machine can connect to the rsyncd daemons; we've set > > those to read-only. > > Ack! If you're doing file level rsync backups to rsyncd, rsyncd *must* be > running as root (DON'T DO THAT), else your perms will be useless. rsyncd > just isn't something that should run with root perms... therefore it's > rather useless for file level rsync backups. We're pulling **from** a read-only rsyncd. It has to run as root because we require the right archive, permissions, etc I'm confused; is that much different from running an rsync otherwise except for the convenience of the [modules] thing? Or is rsync wrong tool for job? We want to reduce the load on the production servers. Some clients need 4x daily backups, but for others nothing changes for months at a time. The new system is only going to snapshot and archive only the changed versions, not every day. All the zipping, sorting and file checking will take place on backup machine, not on servers so we don't care how greedy the process gets as long as the process pulling the mirror off the production machine is as light as possible. Is there something better than rsync for that? > > If you tar up the source, and send those to your rsyncd that's less of a > security risk from rsyncd itself, HOWEVER your root only file data is now > in a userland tar file, so your data is now less secure on the backup > server than it was on the source machine. Very bad backup design. I must have described it poorly: dedicated backup machine, no other services, no random users, private routing on physically separate lan, outbound connections only. I'd hope that would be better than a production server. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: Best way to duplicate HDs--talk more about rsync+ssh system
On Wed, Jan 02, 2002 at 10:17:38AM -0800, Ted Deppner wrote: > > The [modules] in rsyncd.conf provide a nice way to package what you want to > > back up. You can also specify what ip addresses connect to rsyncd. So in > > theory only the backup machine can connect to the rsyncd daemons; we've set > > those to read-only. > > Ack! If you're doing file level rsync backups to rsyncd, rsyncd *must* be > running as root (DON'T DO THAT), else your perms will be useless. rsyncd > just isn't something that should run with root perms... therefore it's > rather useless for file level rsync backups. We're pulling **from** a read-only rsyncd. It has to run as root because we require the right archive, permissions, etc I'm confused; is that much different from running an rsync otherwise except for the convenience of the [modules] thing? Or is rsync wrong tool for job? We want to reduce the load on the production servers. Some clients need 4x daily backups, but for others nothing changes for months at a time. The new system is only going to snapshot and archive only the changed versions, not every day. All the zipping, sorting and file checking will take place on backup machine, not on servers so we don't care how greedy the process gets as long as the process pulling the mirror off the production machine is as light as possible. Is there something better than rsync for that? > > If you tar up the source, and send those to your rsyncd that's less of a > security risk from rsyncd itself, HOWEVER your root only file data is now > in a userland tar file, so your data is now less secure on the backup > server than it was on the source machine. Very bad backup design. I must have described it poorly: dedicated backup machine, no other services, no random users, private routing on physically separate lan, outbound connections only. I'd hope that would be better than a production server. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs--talk more about rsync+ssh system
On Wed, Jan 02, 2002 at 03:35:43PM +0800, Patrick Hsieh wrote: > OK. My problem is, if I use rsync+ssh with blank passphrase among > servers to automate rsync+ssh backup procedure without password prompt, > then the cracker will not need to send any password as well as > passphrase when ssh login onto another server, right? > > Is there a good way to automate rsync+ssh procedure without > password/passphrase prompt, while password/passphrase is still requierd > when someone attempts to ssh login? > > > > > > > > I am sorry I could be kind of off-topic. But I want to know how to > > > cross-site rsync without authentication, say ssh auth.,? > > > > That's the best way. > > > > > I've read some doc. using ssh-keygen to generate key pairs, appending the > > > public keys to ~/.ssh/authorized_hosts on another host to prevent ssh > > > authentication prompt. Is it very risky? Chances are a cracker could > > > compromise one machine and ssh login others without any authentication. > > > > It's not "without authentication" - you're still authenticating, you're > > just using a different means. There's two parts to rsa/dsa authentication > > with ssh; first there's the key, then there's the passphrase. > > > > If a cracker gets your key, that's tough, but they'll need the passphrase to > > authenticate. If you make a key without a passphrase (generally what you'd > > do for scripted rsyncs, etc) then they *only need the key*. So, you should > > keep the data available with passphrase-less keys either read-only or backed > > up, depending on its importance, etc. Automation with keys stored on machines is better than doing it manually and forgetting to back up. :-) It **does** provide a path by which someone can gain access from one machine to another. Even accounts with minimal privs can be compromised. We happen to be in process of overhauling our backup architecture. We're installing rsyncd (daemons) on the client machines, and initiating rsync -e ssh backups from a dedicated backup machine on a private LAN with non-routable addresses. That machine packages up the backups and spools them off for storage elsewhere. The [modules] in rsyncd.conf provide a nice way to package what you want to back up. You can also specify what ip addresses connect to rsyncd. So in theory only the backup machine can connect to the rsyncd daemons; we've set those to read-only. It **seems** that even though we are pulling the data of with rsync -e ssh there is no need for a key on the server machine. Maybe I was working on it too late last night; at any rate, tcpdump will tell. Can it build an ssh tunnel without keys at both ends? YMMV. The idea is that if someone got root on the client machines, the only additional path they would have to backups is an interface on the private LAN. Not foolproof, but lower hanging fruit elsewhere would be easier picking. cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: Best way to duplicate HDs--talk more about rsync+ssh system
On Wed, Jan 02, 2002 at 03:35:43PM +0800, Patrick Hsieh wrote: > OK. My problem is, if I use rsync+ssh with blank passphrase among > servers to automate rsync+ssh backup procedure without password prompt, > then the cracker will not need to send any password as well as > passphrase when ssh login onto another server, right? > > Is there a good way to automate rsync+ssh procedure without > password/passphrase prompt, while password/passphrase is still requierd > when someone attempts to ssh login? > > > > > > > > I am sorry I could be kind of off-topic. But I want to know how to > > > cross-site rsync without authentication, say ssh auth.,? > > > > That's the best way. > > > > > I've read some doc. using ssh-keygen to generate key pairs, appending the > > > public keys to ~/.ssh/authorized_hosts on another host to prevent ssh > > > authentication prompt. Is it very risky? Chances are a cracker could > > > compromise one machine and ssh login others without any authentication. > > > > It's not "without authentication" - you're still authenticating, you're > > just using a different means. There's two parts to rsa/dsa authentication > > with ssh; first there's the key, then there's the passphrase. > > > > If a cracker gets your key, that's tough, but they'll need the passphrase to > > authenticate. If you make a key without a passphrase (generally what you'd > > do for scripted rsyncs, etc) then they *only need the key*. So, you should > > keep the data available with passphrase-less keys either read-only or backed > > up, depending on its importance, etc. Automation with keys stored on machines is better than doing it manually and forgetting to back up. :-) It **does** provide a path by which someone can gain access from one machine to another. Even accounts with minimal privs can be compromised. We happen to be in process of overhauling our backup architecture. We're installing rsyncd (daemons) on the client machines, and initiating rsync -e ssh backups from a dedicated backup machine on a private LAN with non-routable addresses. That machine packages up the backups and spools them off for storage elsewhere. The [modules] in rsyncd.conf provide a nice way to package what you want to back up. You can also specify what ip addresses connect to rsyncd. So in theory only the backup machine can connect to the rsyncd daemons; we've set those to read-only. It **seems** that even though we are pulling the data of with rsync -e ssh there is no need for a key on the server machine. Maybe I was working on it too late last night; at any rate, tcpdump will tell. Can it build an ssh tunnel without keys at both ends? YMMV. The idea is that if someone got root on the client machines, the only additional path they would have to backups is an interface on the private LAN. Not foolproof, but lower hanging fruit elsewhere would be easier picking. cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mini ISP
On Thu, Nov 22, 2001 at 09:50:44AM +1100, Iain wrote: > Hi, > > I have been running a mini ISP with what I could only describe as a pretty > 'unique' setup: > > It is all running of a Debian 2.2 box. > > It has 5 Stallion 8 port serial cards providing 40 PPP dialin lines. (I had > to patch the kernel to add support for more than 4 boards) > > I am running Squid with transparent proxy on the same box. > > It is also running ipchains firewall / masquerading. > > The hardware specs are as follows: > > Intel Pentium III - 933 mhz > Inbuilt sym53c896-1 SCSI controller. > Inbuilt eepro100 ethernet controller > 512 MB Ram > > I am a little concerned that I may be overdoing things. In particular I am > worried that I/O might not be keeping up. Some users have complained about > slow download speeds and timeouts. Of course they do. When we started as ISP years back a local BBS operator shared a secret with me: "I didn't change a thing on my machine" and "It always works on (the other system)" Microsoft continued that with all their "Server OTL" messages. More likely it's honking graphics, broken user boxes, filled c:\WINDOWS directories and the like. Diagnose the problem; do NOT believe the users wihout verification. > Does this sound like a ridiculous way to run dialup? Is there any way I can > diagnose I/O usage, etc. On the face of it, running a dialup is ridiculous so I'll assume you have your reasons. With 40 dialups you should look at separate terminal servers; that's what they are for. Hell, last time we rebooted ours was 2000-01-01 just to be on the safe side. > > thanks, > > Iain. > > P.S. Please CC replies to me. > > > -- > public key available at http://www.minihub.org/~iain/iain.asc > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: mini ISP
On Thu, Nov 22, 2001 at 09:50:44AM +1100, Iain wrote: > Hi, > > I have been running a mini ISP with what I could only describe as a pretty > 'unique' setup: > > It is all running of a Debian 2.2 box. > > It has 5 Stallion 8 port serial cards providing 40 PPP dialin lines. (I had > to patch the kernel to add support for more than 4 boards) > > I am running Squid with transparent proxy on the same box. > > It is also running ipchains firewall / masquerading. > > The hardware specs are as follows: > > Intel Pentium III - 933 mhz > Inbuilt sym53c896-1 SCSI controller. > Inbuilt eepro100 ethernet controller > 512 MB Ram > > I am a little concerned that I may be overdoing things. In particular I am > worried that I/O might not be keeping up. Some users have complained about > slow download speeds and timeouts. Of course they do. When we started as ISP years back a local BBS operator shared a secret with me: "I didn't change a thing on my machine" and "It always works on (the other system)" Microsoft continued that with all their "Server OTL" messages. More likely it's honking graphics, broken user boxes, filled c:\WINDOWS directories and the like. Diagnose the problem; do NOT believe the users wihout verification. > Does this sound like a ridiculous way to run dialup? Is there any way I can > diagnose I/O usage, etc. On the face of it, running a dialup is ridiculous so I'll assume you have your reasons. With 40 dialups you should look at separate terminal servers; that's what they are for. Hell, last time we rebooted ours was 2000-01-01 just to be on the safe side. > > thanks, > > Iain. > > P.S. Please CC replies to me. > > > -- > public key available at http://www.minihub.org/~iain/iain.asc > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: stable vs testing
On Sun, Nov 11, 2001 at 10:30:56AM +1100, Craig Sanders wrote: > On Fri, Nov 09, 2001 at 03:32:29AM +1100, Jason Lim wrote: > > We run unstable on our production servers. That means we must be very > > vigilant in making sure no one else has had a problem. We download > > the updates, and install them a day or two later after other people > > have tested it and made sure it doesn't totally destroy the box. The > > reason we run unstable is because quite a few times we've needed new > > software, and it just wasn't in stable. > > another good idea is to install the same packages that your server > requires on another machine (e.g. a development box or your > workstation). then test every upgrade on that box before doing it on > your production server. if the upgrade works smoothly on the workstation > then it's probably OK to run on the production server. if not, then wait > a few days and run a test upgrade again. > > once you've done this a few times, you get a feel for what kinds of > problems to look out for, what to keep an eye on during & after the > upgrade. ... > in my experience, there is far less risk in upgrading regularly & often > than there is in upgrading only when there is a new stable release. you > get small incremental changes rather than one enormous change...one > advantage of this is that if something does go wrong, it's generally > only one or two problems at a time, which is much easier to deal with > than dozens or hundreds of simultaneous problems. ... > here's a good rule of thumb for deciding whether to run unstable: > > if you are highly skilled and you need the new versions in unstable then > it's worth the risk to run unstable. > > if not, then stick to stable. most packages in unstable can easily be > recompiled for stable (depending on which dependancies you also have to > recompile for stable...if there's too many, then it becomes more work > and more risk to recompile than it is to just upgrade to unstable) Yes, I can second that. Excepting only that if you are skilled enough to recompile unstable source on stable you are probably more than skilled enough to run vanilla unstable. :-) We typically upgrade all our development machines first. For the most part, that catches most of the issues. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: stable vs testing
On Sun, Nov 11, 2001 at 10:30:56AM +1100, Craig Sanders wrote: > On Fri, Nov 09, 2001 at 03:32:29AM +1100, Jason Lim wrote: > > We run unstable on our production servers. That means we must be very > > vigilant in making sure no one else has had a problem. We download > > the updates, and install them a day or two later after other people > > have tested it and made sure it doesn't totally destroy the box. The > > reason we run unstable is because quite a few times we've needed new > > software, and it just wasn't in stable. > > another good idea is to install the same packages that your server > requires on another machine (e.g. a development box or your > workstation). then test every upgrade on that box before doing it on > your production server. if the upgrade works smoothly on the workstation > then it's probably OK to run on the production server. if not, then wait > a few days and run a test upgrade again. > > once you've done this a few times, you get a feel for what kinds of > problems to look out for, what to keep an eye on during & after the > upgrade. ... > in my experience, there is far less risk in upgrading regularly & often > than there is in upgrading only when there is a new stable release. you > get small incremental changes rather than one enormous change...one > advantage of this is that if something does go wrong, it's generally > only one or two problems at a time, which is much easier to deal with > than dozens or hundreds of simultaneous problems. ... > here's a good rule of thumb for deciding whether to run unstable: > > if you are highly skilled and you need the new versions in unstable then > it's worth the risk to run unstable. > > if not, then stick to stable. most packages in unstable can easily be > recompiled for stable (depending on which dependancies you also have to > recompile for stable...if there's too many, then it becomes more work > and more risk to recompile than it is to just upgrade to unstable) Yes, I can second that. Excepting only that if you are skilled enough to recompile unstable source on stable you are probably more than skilled enough to run vanilla unstable. :-) We typically upgrade all our development machines first. For the most part, that catches most of the issues. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Quata Support with MySQL
On Sun, Nov 04, 2001 at 09:59:28AM -0800, Jeremy Zawodny wrote: > On Fri, Nov 02, 2001 at 02:10:38AM -0500, Keith Elder wrote: > > Greetings, > > > > I was wondering if anyone had any type of hints as howto setup > > virtual mysql accounts with quota support. > > There's no really good way to do it yet. MySQL itself has no quota > system. And if you use OS quotas, you risk table corruption when a > user goes over quota. > > You could have a cron jobs to compute each users usage once a day and > let them know if they're over. You could dump their tables into their userland periodically. Of course, then they would be double overquota for the mySQL data even though it would only get counted once. :-) > > Jeremy > -- > Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, WCNet, Yahoo! > <[EMAIL PROTECTED]> | http://jeremy.zawodny.com/ > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: Quata Support with MySQL
On Sun, Nov 04, 2001 at 09:59:28AM -0800, Jeremy Zawodny wrote: > On Fri, Nov 02, 2001 at 02:10:38AM -0500, Keith Elder wrote: > > Greetings, > > > > I was wondering if anyone had any type of hints as howto setup > > virtual mysql accounts with quota support. > > There's no really good way to do it yet. MySQL itself has no quota > system. And if you use OS quotas, you risk table corruption when a > user goes over quota. > > You could have a cron jobs to compute each users usage once a day and > let them know if they're over. You could dump their tables into their userland periodically. Of course, then they would be double overquota for the mySQL data even though it would only get counted once. :-) > > Jeremy > -- > Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, WCNet, Yahoo! > <[EMAIL PROTECTED]> | http://jeremy.zawodny.com/ > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
policies for securing privacy systemwide against random wiretap/nettap
Given recent passage of the Patriot Act here in US, I'm re-evaluating privacy policies at the ISP I run. I'm curious what mechanisms and policies we might keep/implement to preserve the privacy and integrity of our clients. Some are obvious: * gnpgp/pgp email * quick and regular deletion of logs after our system security checks What about protecting client data? Suppose someone with a name like "Saddam" signs up for a mailing list; what can be done to protect everyone else on that mailing list. (I did not make up that example.) Are there ways of handling data like that mailing list that would keep it private?o What about customer databases? This may not be the place for this; can someone suggest other resources? Thanks, cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
policies for securing privacy systemwide against random wiretap/nettap
Given recent passage of the Patriot Act here in US, I'm re-evaluating privacy policies at the ISP I run. I'm curious what mechanisms and policies we might keep/implement to preserve the privacy and integrity of our clients. Some are obvious: * gnpgp/pgp email * quick and regular deletion of logs after our system security checks What about protecting client data? Suppose someone with a name like "Saddam" signs up for a mailing list; what can be done to protect everyone else on that mailing list. (I did not make up that example.) Are there ways of handling data like that mailing list that would keep it private?o What about customer databases? This may not be the place for this; can someone suggest other resources? Thanks, cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
lynx, news.bbc.co.uk, DNS failures
Re lynx failing to follow CNAME I've got users finding that lynx is failing to find news.bbc.co.uk. It happens most of the time, but not always. Seems to relate to the TTL on the A record to which news points. Works fine with mozilla, netscape and wget so I'm thinking it is lynx specific but I suppose it could be something in the way bind caches queries. Can anyone tell me why this is happening and/or suggest a work around? ;; ANSWER SECTION: news.bbc.co.uk. 1556IN CNAME newswww.bbc.net.uk. newswww.bbc.net.uk. 283 IN A 212.58.240.38 cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
lynx, news.bbc.co.uk, DNS failures
Re lynx failing to follow CNAME I've got users finding that lynx is failing to find news.bbc.co.uk. It happens most of the time, but not always. Seems to relate to the TTL on the A record to which news points. Works fine with mozilla, netscape and wget so I'm thinking it is lynx specific but I suppose it could be something in the way bind caches queries. Can anyone tell me why this is happening and/or suggest a work around? ;; ANSWER SECTION: news.bbc.co.uk. 1556IN CNAME newswww.bbc.net.uk. newswww.bbc.net.uk. 283 IN A 212.58.240.38 cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Accounting software
appgen, www.appgen.com On Thu, Oct 11, 2001 at 04:17:49PM +0200, Craig wrote: > Hi Guys > > Does anyone know of accounting software that can run on Linux, > with Point of Sale capabilities ?> > > ..Craig > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux
Re: Accounting software
appgen, www.appgen.com On Thu, Oct 11, 2001 at 04:17:49PM +0200, Craig wrote: > Hi Guys > > Does anyone know of accounting software that can run on Linux, > with Point of Sale capabilities ?> > > ..Craig > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Linux.Lion Virus
On Mon, Sep 03, 2001 at 08:54:21PM -0400, Gene Grimm wrote: > As usual, not given enough time to keep up on updating servers properly (two > Redhat and one NT), one of our servers has been infected by the Linux.Lion > virus. I keep my personal Debian system updated by dselect all the time, but > have not been able to migrate our existing Linux servers (set up before my > arrival) to Debian. How can you "unprotect" the "read-only" files set up by > this virus so they can be removed and/or cleaned? Huh? Linux.Lion? What's that? > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: help with site+database
On Wed, Jul 18, 2001 at 05:41:11PM +0200, Russell Coker wrote: > On Wed, 18 Jul 2001 13:25, Peter Billson wrote: > > > Oracle will do the trick, but the installation on linux seems so fragile: > > > > My experience with Oracle has been great under Linux. I have a > > client that is running a couple of beefy Dell Poweredge servers (2-zenon ... > A few months ago I tried installing Oracle on a Debian system, I didn't even > want Oracle itself, I only wanted the client libraries for talking to an > Oracle server and the software development kit. So I wanted the libraries, > Perl libraries, and the SQL interpreter. > > There were no tarballs, RPM, or Deb packages, so I had to run the install > program. It was an ELF format executable that gave a strange error message. > Stracing it showed that it was trying to run a shell script that ran a java > program which then ran another ELF binary!!! I spent a few days trying to > track down what was going on (and hack in extra environment variables to the > scripts etc). I encountered a number of problems including inexplicable > failures if I used native threads through Java (Green threads worked). ... > The installation and maintenance of Oracle is a tricky thing. Oracle > consultants are also very expensive (and generally not excessively skillful > in my experience). For these reasons I'd recommend Postgres over Oracle for > serious applications. yes, that is pretty much what I've concluded. I remember the pain. If it is necessary to run the installer on a working system because one did not install everything just right the first time with 100% foresight, one risks taking down everything. Much worse than the old linux 'make config' on a slow alpha. Unset LANG, ignore all the errors, relink with the stub libraries, don't install the sample database so you have install minimum, then run installer again to add custom features, ignore errors, relink libraries. Get everything right. Oh damn, I forgot to patch the makefiles this go around, might as well symlink /usr/bin/hostname /bin/hostname: cruft. A couple hour "interactive" process by the time one actually gets a database configured and running (dual PII350, 512M, SCSI) - assuming one did everything right and followed a good install guide. (SUSE and arsdigita) It's not "apt-get install oracle". The A-E set in 1994 was **way** easier. cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content management, electronic commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: help with site+database
On Wed, Jul 18, 2001 at 09:07:53AM +1000, Craig Sanders wrote: > On Wed, Jul 18, 2001 at 12:37:05AM +1000, Jeremy Lunn wrote: > > On Tue, Jul 17, 2001 at 11:52:14PM +1000, Craig Sanders wrote: > > > > Expecially if you have a dinamic PHP site, for me, MySQL and PHP, > > > > is the better and faster solution. > > > > > > actually, it's not. mysql is faster (these days, only marginally ... > one database user-id is normal. but in a web environment you can get > any number of actual users. with mysql, if one of them happens to be > writing something to the table (e.g. to a sessions table, such as for > Apache::Session) then the whole table is locked and no-one else can get > access. this effectively serialises access. > > this is absurd for a web site database. it won't scale beyond about 5 > simultaneous users without a lot of very ugly client-side tricks (such > as using multiple tables to do a job that should be done by one table). ... > > btw, with postgres, only the row that is being updated is locked which > allows simultaneous use. hmmm, where did I see --skip-locking...? I'd be curious to hear more about the effects of locking under a "typical web" load. The locking strategies seem crucial. Any database using crude and "pessimistic locking" is just going to die under a web type load if it has to lock at all. I know oracle has "optimistic" locking and "versioning". I **think** postgres does too? Comments? I'd bet many sites are not complex enough to read and write from the same tables. Yeah, they write orders, they read parts. Once or twice a day they batch load parts or modify one or two but generally there is not a conflict. It amounts to a RO database; mysql has worked fine for us in those circumstances. Sessions, logins, clicktracks and so forth are the most likely problems, where one will be writing and reading from the same table, with indices and lots of fast moving data. That's not the usual small business brochureware site, but a small business with an active call center/internet would have that and need good transaction support + data mining too. I'm not sure the issue is mysql vs postgres, but what does it take to run a particular site. If the site is heavily interactive with complex queries and transactions, the choice seems limited. Oracle will do the trick, but the installation on linux seems so fragile: I'd not dare touch anything for fear I'd never recover. The only other choice seems to be postgres. Oh well... have they got a history in their cli yet? cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content management, electronic commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: WAN Adapters...Wan in general
On Fri, Jun 08, 2001 at 06:08:17PM +, Alex wrote: You are not very clear. Do you mean "cable" as in cable tv? Then you will almost certainly want the cable modem that goes with the service. Or do you mean "cable" like any old wire cable running into the building? You will help yourself most by clarifying the question. Then jump up and down and ask your new provider to give you the gear. :-) cfm > A question to you all: > > Im sort of in a tight spot here. I want to connect my enterprise through > a cable line provided by a big carrier. They call it "an internet > link".well a modem can be an internet link but ive never needed a > 1,200 dls. device to route it (yeah, they want me to buy a router as > well). Now, i dont want to buy the router, i want to implement a linux > router for this kind of network. Some call it WAN link ups.some > call it Direct inet links. im just calling it WAN > > Now, as far as ive gotten by my research, one needs to buy a WAN card > that understands the HDLC protocol or the SyncPPP protocol (depending on > your provider). Ive foung at least three that run under linux. > > Now something made me nervous my provider said he can get me a V.35 > line or a g207 line (i dont know what does that mean), i cant find docs > on bridging from this kind of interface to ethernet. > > Anyway, some of this cards support this kind of interface and they range > from 500 to a 1000 dollars. I dont know what to buy, i cant find further > documentation, i dont know dick (pardon me). > > I want to make a bridge between this kind of interface (this HDLC or > SyncPPP or WAN connection) and my internal networko yeah, by the > way, I need this to give internet access to all the people here...if > your answer is "go buy the router, quit posting here" then please at > least point me to some docs on WAN's and currently available protocols > and stuff... > > Sincerely > Alex > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content management, electronic commerce, internet integration, Debian linux
Re: WAN Adapters...Wan in general
On Fri, Jun 08, 2001 at 06:08:17PM +, Alex wrote: You are not very clear. Do you mean "cable" as in cable tv? Then you will almost certainly want the cable modem that goes with the service. Or do you mean "cable" like any old wire cable running into the building? You will help yourself most by clarifying the question. Then jump up and down and ask your new provider to give you the gear. :-) cfm > A question to you all: > > Im sort of in a tight spot here. I want to connect my enterprise through > a cable line provided by a big carrier. They call it "an internet > link".well a modem can be an internet link but ive never needed a > 1,200 dls. device to route it (yeah, they want me to buy a router as > well). Now, i dont want to buy the router, i want to implement a linux > router for this kind of network. Some call it WAN link ups.some > call it Direct inet links. im just calling it WAN > > Now, as far as ive gotten by my research, one needs to buy a WAN card > that understands the HDLC protocol or the SyncPPP protocol (depending on > your provider). Ive foung at least three that run under linux. > > Now something made me nervous my provider said he can get me a V.35 > line or a g207 line (i dont know what does that mean), i cant find docs > on bridging from this kind of interface to ethernet. > > Anyway, some of this cards support this kind of interface and they range > from 500 to a 1000 dollars. I dont know what to buy, i cant find further > documentation, i dont know dick (pardon me). > > I want to make a bridge between this kind of interface (this HDLC or > SyncPPP or WAN connection) and my internal networko yeah, by the > way, I need this to give internet access to all the people here...if > your answer is "go buy the router, quit posting here" then please at > least point me to some docs on WAN's and currently available protocols > and stuff... > > Sincerely > Alex > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content management, electronic commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Accounting Software
On Wed, May 02, 2001 at 09:36:35AM -0400, Robert Brown wrote: > What are other ISPs running for financial accounting software? We are running > Peach Tree 7.0 with a customer base of 3000 users. Printing invoices is now > over 30 hours. A call to Peach Tree informs us that our software is only made > for 1000 or less accounts but they will be glad to sell us their bigger > product > for $2000. "Oh, but it won't import your old data." So, anyone have any > recommendations? Thanks. Are you printing invoices from Peach Tree? Can you automate dumping a "pre-invoice" or some sort of structured data dump to files and generate your own invoices as a separate process? What takes the time? The physical printing or is someone manually doing File->Print? > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content management, electronic commerce, internet integration, Debian linux
Re: Accounting Software
On Wed, May 02, 2001 at 09:36:35AM -0400, Robert Brown wrote: > What are other ISPs running for financial accounting software? We are running > Peach Tree 7.0 with a customer base of 3000 users. Printing invoices is now > over 30 hours. A call to Peach Tree informs us that our software is only made > for 1000 or less accounts but they will be glad to sell us their bigger product > for $2000. "Oh, but it won't import your old data." So, anyone have any > recommendations? Thanks. Are you printing invoices from Peach Tree? Can you automate dumping a "pre-invoice" or some sort of structured data dump to files and generate your own invoices as a separate process? What takes the time? The physical printing or is someone manually doing File->Print? > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content management, electronic commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: get school connected to the inet
look up CHIPA at google. You will find various half-assed programs listed. Realistically, if the school is not willing to use this as a learning experience for the students about the big bad world, then you might be better off just unplugging the box. $.02, cfm On Sun, Apr 22, 2001 at 11:14:21PM +0200, Joachim Schiele wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Sunday 22 April 2001 22:48, Tim Sailer wrote: > > On Sun, 22 Apr 2001 16:26:26 Joachim Schiele wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > hello dear list members: > > > i have to connect a school to the internet but i have to avoid that the > > > users(kids) look at certain webpages with criminal and sexual backgrounds > > > > > > is there a possibility to stop that, maybe on the firewall (debian linux) > > > to > > > block requests like www.sex.de and things (words maybe) like sex, drugs > > > and > > > so on? > > > > > > are there any good, non-cost-intensive tools for ding that? > > > if so, please let me know ;-) > > > > Use squid, with the associated filters, and authentication methods. > > > > Tim > yes tnx for this advice but, i should have said it, i don't have the > computer-power for running a squid :P > we have a 486 with about 32mb or 16mb ram and 200mb harddrive > > isn't there a program or a filter for this? > - -- > From: > Joachim Schiele > [ http://www.dune2.de || Linux - my way! ] > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iEYEARECAAYFAjrjSbEACgkQeGYPq/O+yepNuwCeOFQttS7xocJeehm4sphJOtH8 > LZkAnjuZR09Ua2hjNBXXJYPDLKScl6iF > =f7P+ > -END PGP SIGNATURE- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content management, electronic commerce, internet integration, Debian linux
Re: get school connected to the inet
look up CHIPA at google. You will find various half-assed programs listed. Realistically, if the school is not willing to use this as a learning experience for the students about the big bad world, then you might be better off just unplugging the box. $.02, cfm On Sun, Apr 22, 2001 at 11:14:21PM +0200, Joachim Schiele wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Sunday 22 April 2001 22:48, Tim Sailer wrote: > > On Sun, 22 Apr 2001 16:26:26 Joachim Schiele wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > hello dear list members: > > > i have to connect a school to the internet but i have to avoid that the > > > users(kids) look at certain webpages with criminal and sexual backgrounds > > > > > > is there a possibility to stop that, maybe on the firewall (debian linux) > > > to > > > block requests like www.sex.de and things (words maybe) like sex, drugs > > > and > > > so on? > > > > > > are there any good, non-cost-intensive tools for ding that? > > > if so, please let me know ;-) > > > > Use squid, with the associated filters, and authentication methods. > > > > Tim > yes tnx for this advice but, i should have said it, i don't have the > computer-power for running a squid :P > we have a 486 with about 32mb or 16mb ram and 200mb harddrive > > isn't there a program or a filter for this? > - -- > From: > Joachim Schiele > [ http://www.dune2.de || Linux - my way! ] > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iEYEARECAAYFAjrjSbEACgkQeGYPq/O+yepNuwCeOFQttS7xocJeehm4sphJOtH8 > LZkAnjuZR09Ua2hjNBXXJYPDLKScl6iF > =f7P+ > -END PGP SIGNATURE- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content management, electronic commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: High Availability.. (SQL server)
On Fri, Oct 06, 2000 at 11:24:25PM +0200, Christian Hammers wrote: I believe this is a project between RedHat and TCX, building multi server redundancy. (So shoot me if I am wrong.) You might want to search sourceforge and mysql sites before going too far. > Hello > > Has anyone ever tried to make a webserver host with a mysql database > (used for a session database that gets updated on every click) redundant > by adding an exactly same computer and do DNS-load balancing? > > If there were no SQL database this would be no problem, two web-servers > that access a shared NFS Raid for data. But you can't have two MySQL > daemons access the same files and if you have only one SQL server for > both web servers there is no redundancy. On the other side if you have > two seperate mysql servers there is no synchronising between them, I > know about that update-log method but when serving a couple of clients > per second I doubt that the two servers syncronise fast enough to allow > using a session-db (imaging first request on A, then second request on B > but B's mysql server hasn't updated the mysql db and so the session > information are lost). > > Any ideas? > > bye, > > -christian- > > -- > Research is what I'm doing when I don't know what I'm doing. > -- Wernher von Braun > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Talking to a POP server.
You've got one major issue there, yes. ;^) Seriously though, a number of these packages already exist. Search freshmeat or your local /var/state/apt/lists/*. On Wed, Oct 04, 2000 at 11:08:19AM -0700, Scott Thompson wrote: > Hello once again list. I am currently writing an online mail service similar > to hotmail or yahoo mail. I have all the elements in place except for one. > In C, how do I talk to a POP server? Is there something like 'sendmail' that > I use to easily send all my mail messages, but for receiving mail from a pop > server? > > Thanks in advance! > > Scott Thompson > Programming & Server Admin > Internet Brokers Group > [EMAIL PROTECTED] > http://www.internetbrokers.ab.ca > Office: (403) 232-1032 > Fax: (403) 265-2843 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: e-commerce
On Mon, Jul 24, 2000 at 11:08:21AM -0500, J-Mag Guthrie wrote: > On Sun, 23 Jul 2000, Dariush Pietrzak wrote: > > > > > > a good solution to implement a virtual store? > > consider minivend > > And then find a better alternative. Unless you have more free time than > sense stay *away* from minivend. Far, far, away. It is quirky. > > -- > J-Mag Guthrie/"\ Brokersys > \ / > 281-580-3358 (voice) X Now offering DSL in Houston. > 281-586-0628 (fax) / \ http://www.brokersys.com Can you share with us why? I'll agree Minivend is not for the faint of heart and not for people that only need an order blank for half a dozen items. I've steered a lot of people away from it that lack system abilities and/or have poor infrastructures. However, Minivend is very powerful. Ultimately, you can do pretty much anything with it. Better might be what, OpenMarket? If part of your business as an ISP is online commerce, minivend is a good option; if you are a merchant running a single store, it might be overkill. IMCO minivend is better suited to ISP than individual. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux.
Re: e-commerce
On Mon, Jul 24, 2000 at 11:08:21AM -0500, J-Mag Guthrie wrote: > On Sun, 23 Jul 2000, Dariush Pietrzak wrote: > > > > > > a good solution to implement a virtual store? > > consider minivend > > And then find a better alternative. Unless you have more free time than > sense stay *away* from minivend. Far, far, away. It is quirky. > > -- > J-Mag Guthrie/"\ Brokersys > \ / > 281-580-3358 (voice) X Now offering DSL in Houston. > 281-586-0628 (fax) / \ http://www.brokersys.com Can you share with us why? I'll agree Minivend is not for the faint of heart and not for people that only need an order blank for half a dozen items. I've steered a lot of people away from it that lack system abilities and/or have poor infrastructures. However, Minivend is very powerful. Ultimately, you can do pretty much anything with it. Better might be what, OpenMarket? If part of your business as an ISP is online commerce, minivend is a good option; if you are a merchant running a single store, it might be overkill. IMCO minivend is better suited to ISP than individual. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Virtual Domain Solution
On Sat, Jul 08, 2000 at 04:11:03AM +0300, [EMAIL PROTECTED] wrote: > > > On Fri, 7 Jul 2000 [EMAIL PROTECTED] wrote: > > > Our system is build around mysql and an ncurses interface. It's really > > just selecting account records and passing arguments to perl scripts. > > The front office can register domains, add users, change passwords, > > install mailmaps and so forth. Trust me, they are not technical. :^) > > > We definetaly need somethin general like this for Linux/Unix - > web/ftp/mail system based on some SQL database, with good interface - from > this point, any other interface could be writtenthe problem is, > everybody designs it for himself and never releases it, just because it > wouldn't be of any use to anyone else And because it's the gnarliest, most patched, most incomplete and ill conceived piece of legacy mission critical software running on their system they are embarrassed to show it to anyone, let alone support it. Just speaking from my experience. ;^) cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux.
Re: Virtual Domain Solution
On Sat, Jul 08, 2000 at 04:11:03AM +0300, [EMAIL PROTECTED] wrote: > > > On Fri, 7 Jul 2000 [EMAIL PROTECTED] wrote: > > > Our system is build around mysql and an ncurses interface. It's really > > just selecting account records and passing arguments to perl scripts. > > The front office can register domains, add users, change passwords, > > install mailmaps and so forth. Trust me, they are not technical. :^) > > > We definetaly need somethin general like this for Linux/Unix - > web/ftp/mail system based on some SQL database, with good interface - from > this point, any other interface could be writtenthe problem is, > everybody designs it for himself and never releases it, just because it > wouldn't be of any use to anyone else And because it's the gnarliest, most patched, most incomplete and ill conceived piece of legacy mission critical software running on their system they are embarrassed to show it to anyone, let alone support it. Just speaking from my experience. ;^) cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Virtual Domain Solution
> > Then program to that conceptual model so that the staff only interact with > that > model, manipulating it to do what they want. The software should then handle > the > "real" systems underneath to produce the result that they want. > > For example, they might want to: > > "Add a new domain and virtual web server". > > The software could handle that. They don't necessarily need to know that this > task involves manipulating DNS zone files and adding a virtual host entry to a > web server. The software should handle those real things. That's really not too hard. Tedious yes because there are endless things to do. And we've been at it seven years. Our system is build around mysql and an ncurses interface. It's really just selecting account records and passing arguments to perl scripts. The front office can register domains, add users, change passwords, install mailmaps and so forth. Trust me, they are not technical. :^) It is the accounting system too, so all the account data is there. You need that. DO also invest in designing libraries. When you change those the whole thing goes to hell. And yes, there is always something broken because you are always changing. Every system is different; it is unlikely you will find much in common with someone elses system. I can share with you our huge mistake: we started with account=unix userid. Don't do that! Now we have master accounts that have secondary accounts; those may have any number of services attached. Billing, master and secondary accounts all have their own contact information; so do some of the services. Probably elementary to an accounting person but a rough lesson for us. cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux.
Re: Virtual Domain Solution
> > Then program to that conceptual model so that the staff only interact with that > model, manipulating it to do what they want. The software should then handle the > "real" systems underneath to produce the result that they want. > > For example, they might want to: > > "Add a new domain and virtual web server". > > The software could handle that. They don't necessarily need to know that this > task involves manipulating DNS zone files and adding a virtual host entry to a > web server. The software should handle those real things. That's really not too hard. Tedious yes because there are endless things to do. And we've been at it seven years. Our system is build around mysql and an ncurses interface. It's really just selecting account records and passing arguments to perl scripts. The front office can register domains, add users, change passwords, install mailmaps and so forth. Trust me, they are not technical. :^) It is the accounting system too, so all the account data is there. You need that. DO also invest in designing libraries. When you change those the whole thing goes to hell. And yes, there is always something broken because you are always changing. Every system is different; it is unlikely you will find much in common with someone elses system. I can share with you our huge mistake: we started with account=unix userid. Don't do that! Now we have master accounts that have secondary accounts; those may have any number of services attached. Billing, master and secondary accounts all have their own contact information; so do some of the services. Probably elementary to an accounting person but a rough lesson for us. cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: secret data for php pages
On Wed, Jun 07, 2000 at 09:05:29PM +0200, Robert Varga wrote:
>
>
> On Wed, 7 Jun 2000 [EMAIL PROTECTED] wrote:
>
> > On Wed, Jun 07, 2000 at 08:23:18PM +0200, Robert Varga wrote:
> >
> > > > Store the mysql connection information in a PHP file in the webspace. I
> > > > often create a file db_config.php3 and it looks like this:
> > > >
> > > > > > > $dbhost = "localhost";
> > > > $dbuser = "someuser";
> > > > $dbpasswd = "somepassword";
> > > > mysql_connect ($dbhost, $dbuser, $dbpasswd) or
> > > > die("Unable to connect to mysql server ($dbhost) ...");
> > > > ?>
> > > >
> > >
> > >
> > > The problem is that anyone who can put up a php page can download every
> > > php page _source_ there is on the webserver (see my initial post).
> > > Therefore the password is retrievable this way.
> >
> >
> > Nor would the above script be persistent no? I don't do any PHP.
>
> It would be persistent if invoked from the mod_php3 and not from php3 cgi.
>
> >
> > What we do is generate an initial connection to db when server starts
> > up as root. The server then changes uid/gid to nobody:nogroup. Now
> > that is with WN. Hardly stock debian setup. ;^) Nor do we let users
> > onto the machines with that setup; it's staff only. Period.
> >
>
> How can this be carried out and what is WN? :)
WN is another web server. We use that and Roxen. Both will start up
as one user and then change uid/gid to another. This give you an opportunity
to connect to db **before** the change. Presumably, you could
do this with any server. They all start as root, at least if they are
starting at boot. Make your db connection before changing uid; just how
you pass that connection handle to php, well
Frankly, if you have users running php scripts like this they should be
on their own boxes. We'd never let them on a shared server. If your staff
is writing the scripts, then don't let users modify them. chown staff.
> > As an alternative, you might be able to set server id read only depending
> > on how much updating and run the updates suid, etc
> >
>
> I don't understand this part, but reads are also dangerous, think on
> retrieving other user's sensitive data :)
There are a lot of different degrees to that. You may not care who
reads, but only who updates or you might care who reads. There is no
general solution; you need to establish your own policy. If the data is
truly sensitive, than simply depending on server hostname is unrealistic;
you would have additional passwords, ip restrictions, cookies We
use all of those. A cookie user will see only data qualified
"WHERE cookie_id='etc'", an intranet user will see data (or pages)
conditionally served to IP range, so forth and so on. You probably can't
do that with php but need some sort of page building infrastructure.
--
Christopher F. Miller, Publisher [EMAIL PROTECTED]
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
1.207.657.5078 http://www.maine.com/
Database publishing, e-commerce, office/internet integration, Debian linux.
Re: secret data for php pages
On Wed, Jun 07, 2000 at 08:23:18PM +0200, Robert Varga wrote:
> > Store the mysql connection information in a PHP file in the webspace. I
> > often create a file db_config.php3 and it looks like this:
> >
> > > $dbhost = "localhost";
> > $dbuser = "someuser";
> > $dbpasswd = "somepassword";
> > mysql_connect ($dbhost, $dbuser, $dbpasswd) or
> > die("Unable to connect to mysql server ($dbhost) ...");
> > ?>
> >
>
>
> The problem is that anyone who can put up a php page can download every
> php page _source_ there is on the webserver (see my initial post).
> Therefore the password is retrievable this way.
Nor would the above script be persistent no? I don't do any PHP.
What we do is generate an initial connection to db when server starts
up as root. The server then changes uid/gid to nobody:nogroup. Now
that is with WN. Hardly stock debian setup. ;^) Nor do we let users
onto the machines with that setup; it's staff only. Period.
As an alternative, you might be able to set server id read only depending
on how much updating and run the updates suid, etc
cfm
--
Christopher F. Miller, Publisher [EMAIL PROTECTED]
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
1.207.657.5078 http://www.maine.com/
Database publishing, e-commerce, office/internet integration, Debian linux.
Re: Transfer data between two comps without network
Have you looked at the swappable disks broadcasters use? > > - Original Message - > From: Dariush Pietrzak <[EMAIL PROTECTED]> > To: > Cc: ; > Sent: Wednesday, May 17, 2000 9:37 PM > Subject: Transfer data between two comps without network > > > > Welcome, > > my problem is that I have to transfer large amount of data (20~50 Gigs) > > daily. > > And it can't be done via network due to 'secret' nature of that data. > > I considered IDE disk put in hot-swap bay, but I found that's not the > > best way to do that: > > i got system on scsi disc, compiled ide-disk support as module > > and when I want to remove ide-disc i unmount it, rmmod the module > > then swap the discs, modprobe ide-disk, mount it. > > That scheme works ... but sometimes it fails.. and when it fails I have > > to reboot the system to be able to mount ide disc. that situation > > is unacceptable. > > > > Does anyone have any suggestions on this? > > (data should be moved via some physical way, not using network as that's > > what bossess fear the most, zip drives could be nice, but they > > B are too small, streamers seems to be to slow ) > > > > regards, > > Dariush Pietrzak > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux.
Re: it's safe to run a web hosting server with the unstable distributions ?
On Mon, Apr 10, 2000 at 07:15:40PM +0200, Phil Pennock wrote: > Typing away merrily, John Haggerty produced the immortal words: > > Is there say a test that can be implimented that would test to determine > > wheather the program you are running will work under perl and > > then pick that version of perl? That would really rock and would possibly > > be quite easy considering perl is a great tool for text manipulation and > > analysis. > > At run-time of request? Erk! Actually, all of the scripts we maintain do "register" their existence and location in syslog each time called. This is not just a perl issue. What about header files, /usr/src/linux and so forth? What if client linked to libc4 krb4 libs? (No that is not made up.) At a certain point, a customer that does NOT want to upgrade is increasing your costs and complexity. That complexity (and associated costs) apply to all users. Worst case, imagine the extra expense caused to 1500 perl users because just one doesn't want to upgrade from legacy /usr/bin/perl -> perl4 to current. I'd guess that ASPs might have contracts that addressed this fairly well. H. Anyway, management of legacy code is WAY OT from can you run "unstable" server. ;^) > > If you're using a web-server which pre-determines mime-types, such as > wn, you could conceivable use perl_version -c script, making sure that > you handle -T (taint-checking) on the command-line. > > But if the script is syntactically valid in a version where it would > actually fail, then your "test" becomes a competent human perl > programmer. Or non-human, if you employ such. > > The best way IME is to not have /bin/perl exist - always encode the > version number, and let the #! line be your switch for picking the perl > version. > > > Oh, and the boss says that we have a large proportion of 1,500 customers > of the relevant service whose scripts all date from perl4-only days and > if I want to phase out /bin/perl as perl4 then I can do it all by > myself. I think that fairly neatly ends that discussion - I'm already > trying to juggle too many things at work. Be careful next time you quote a job to make a minor modification; you might end up rewriting the entire package! -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux.
Re: it's safe to run a web hosting server with the unstable distributions ?
On Mon, Apr 10, 2000 at 07:01:04PM +0200, Phil Pennock wrote: > Typing away merrily, [EMAIL PROTECTED] produced the immortal words: > > You **need** clients to complain loudly when something breaks; otherwise > > how will you know? As for the lawyers, you'll hear from them > > if you upgrade or if you fail to upgrade. ;^) We've just found > > it easier to maintain consistent upgrades as a matter of **policy**. > > We found with experience that this doesn't scale all that well. Mind, > I work for a reasonably large ISP. > > When you have large corporate customers who make money from their sites, > they can be _very_ reluctant to make changes. Policy be damned if it's > not utterly and clearly specified in the contract and your customers > lose a few cents. :^( > > Result: despite trying to ensure /bin/perl5.003_03 etc, the fact that > we'd previously had /bin/perl as perl4 means that we had to give in and > put it back as just that. Unfortunately, this means that customers who > don't read the docs and just type /bin/perl get perl4. :^( Legacy > support is a problem, and a large one, which applies to more than just > web-sites. This is part of what support-departments are for, though - > pointing out to customers the stuff which is already documented clearly. > *coughs* > > I tried suggesting a phase-out policy for the contracts. I don't think > our contracts have that, unfortunately. Certainly not the oldest ones, > who are the ones most likely to be using perl4, etc. > > Hrm .. time to talk to the boss about having another go at phasing out > perl4 on the servers ... So perl is perl4. That creates problems for users typing in perl and expecting it to work. At a certain point it is simply cheaper for you to bite the bullet and upgrade them for free, no? Because you are starting to twist everything else too. And then when you do that free upgrade all of a sudden you own everything else that goes wrong too, even if you made **less** go wrong. Been there - we start year 7 on May 1. :-) I think you are on right track with phase-out policy. It really is a business service issue and needs to be addressed that way. What do you provide, etc -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux.
Re: it's safe to run a web hosting server with the unstable distributions ?
We run unstable and make a point of upgrading frequently. It is our job as ISP to maintain the environment and make improvements. We tell our clients that old scripts will break as that environment changes. Either they pay us to maintain the scripts or they take it on themselves. The most recent breakage that comes to mind was change of path for imagemagick from /usr/X11R6/bin to /usr/bin. There was something with a2ps too that broke our catalogs momentarily. Those would have wreaked havoc whether stable or unstable. AFAIK that only affected systems scripts that we maintain, so it was our responsibility to fix it. That's our job. Personally I'd rather fix a few now and then than find everything reduced to rubble at once! Most breakages are our own changes in infrastructure, eg drop msql for mySQL, etc We've always been able to warn clients and give them a grace period to convert or they will have us do it for them. There have been a few clients unwilling to pay for that and we have given them a grace period to go away. Others won't do anything and leave broken perl4 and libc4 binaries kicking errors. You **need** clients to complain loudly when something breaks; otherwise how will you know? As for the lawyers, you'll hear from them if you upgrade or if you fail to upgrade. ;^) We've just found it easier to maintain consistent upgrades as a matter of **policy**. cfm On Mon, Apr 10, 2000 at 10:28:27AM -0400, John Haggerty wrote: > Is there a good example of something in debian breaking a general > script/program server side? > > On Mon, 10 Apr 2000, Phil Pennock wrote: > > > Typing away merrily, John Haggerty produced the immortal words: > > > I think that would work quite well. Just make sure to upgrade the system > > > regularly. That will keep you abreast of all the problems and allow for a > > > nice system. > > > > Customers can complain quite loudly when something which used to work > > has suddenly stopped working because of an upgrade. > > > > How likely are your customers to have lawyers? > > > > Another approach is to go for something stable, specify perl versions > > with an embedded version number (watch out for the libperl linking) and > > put something in the customer contract about being allowed to make > > changes which break their scripts if there are security reasons for > > doing so - this allows you to patch your system or temporarily disable > > certain functionality. > > > > If you have, eg, /bin/perl5.005_03 etc within the customer-facing root > > and maintain those properly, you can introduce new versions and allow > > the customers to manage the migration themselves; if you want to be able > > to retire older versions which are broken, make sure that the customer > > is aware of this fact and that they agree to a time-limit for phasing > > out older versions (contracts time again). > > > > Of course, if you're dealing with smaller customers on a more informal > > basis, where they're more likely to rely on you for direct technical > > assistance with scripting and stuff, then you're much less likely to > > need to bother with this in contracts (IANAL, please don't not use a > > contract on the basis of this paragraph). > > > > Larger ISPs sometimes have customers who _seem_ hostile to the ISP and > > like to carp a lot, even with no real justification. Although when > > something which did work stops working and the customer starts losing > > revenue because of this, they do have a point. Try to make the customer > > environment as stable as possible if there's money involved in the > > websites. > > > > You could always have two types of web-service. One with a server which > > is stable in the way I describe, one which is a current OS, regularly > > upgraded and which has latest-and-greatest, but the customer assumes > > some responsibility for changing their scripts appropriately. > > > > All this IMnsHO. HAND. > > -- > > HTML email - just say no --> Phil Pennock > > "We've got a patent on the conquering of a country through the use of force. > > We believe in world peace through extortionate license fees." -Bluemeat > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux.
