Re: Offtopic: Transfer a programm from DOS to Linux

[Håkon Alstadheim]

Den 21.11.2021 15:24, skrev Håkon Alstadheim:


Den 21.11.2021 14:55, skrev Nicholas Geovanis:



On Sun, Nov 21, 2021, 7:51 AM Nicholas Geovanis 
 wrote:


    On Sun, Nov 21, 2021, 6:46 AM Thomas Schmitt 
    wrote:

    Hi,

    Hans wrote:
    > As far as I know, this application is written in C, it is
    running in
    > textmode ("ncurses-mode").
    > [...] I wondered, ho
    > difficult for an experienced coder it will be, to get a DOS
    application
    > natively running in linux.
[snip]

    Didn't Borland open-source or freeware license Turbo C++ ? The
    cheaper Borland C++ ? If I remember that right and you can find
    it, it might be the compiler that was used.

I see "graphics.h" being included in the C-code, which indicates 
Borland Turbo C (says google). Find Borland Turbo C 2.x and install 
that under FreeDos, and you should be able to compile. First step for 
porting to linux would be to get rid of references to the Borland 
graphics library I guess.


I also found this http://libxbgi.sourceforge.net/ , which claims to 
implement the graphics lib interface (google after "BGI", for Borland 
Graphics Interface) . So with that, it should be doable to tweak it to 
run natively under linux.



[snip]

Re: Offtopic: Transfer a programm from DOS to Linux

[Håkon Alstadheim]

Den 21.11.2021 14:55, skrev Nicholas Geovanis:



On Sun, Nov 21, 2021, 7:51 AM Nicholas Geovanis 
 wrote:


On Sun, Nov 21, 2021, 6:46 AM Thomas Schmitt 
wrote:

Hi,

Hans wrote:
> As far as I know, this application is written in C, it is
running in
> textmode ("ncurses-mode").
> [...] I wondered, ho
> difficult for an experienced coder it will be, to get a DOS
application
> natively running in linux.


> Is DOS C and Linux C compatible, so that such thing could be
easy?

C is not a typical programming language on DOS. Similar to
ncurses it
stems from Unix. But of course there are C compilers and
*curses versions
for DOS.


Didn't Borland open-source or freeware license Turbo C++ ? The
cheaper Borland C++ ? If I remember that right and you can find
it, it might be the compiler that was used.

I see "graphics.h" being included in the C-code, which indicates Borland 
Turbo C (says google). Find Borland Turbo C 2.x and install that under 
FreeDos, and you should be able to compile. First step for porting to 
linux would be to get rid of references to the Borland graphics library 
I guess.





Another possibility is that they used the old Glockenspiel C++. That 
was absorbed by Computer Assoc who I worked for from 1989 to 1993. It 
may be freely available. They are called CA for several years now.




Have a nice day :)

Thomas

Re: megacli help

[Håkon Alstadheim]

Den 06.01.2021 17:28, skrev basti:

Hello, I want to set all my drives to RAID0 to use mdadm.

"megacli help" have the following options:

My version of megacli gives several pages of output for the 'help' 
option. megacli is a very strange program, but there is method to the 
madness. You can google to find a pdf describing the options, but those 
descriptions are equally alien. I no longer use it, but I made a perl 
program to search and pick apart the help-text from megacli. The 
attached perl-code contains a dump of the help text from my version of 
megacli. You might wish to update it with your current output for the 
'megacli -help' command. Some bits of my perl contain norwegian text and 
comments. Sorry. Anyway, the abbreviations sort of make sense, 'adp' = 
adapter, 'a' = adapter, 'PD' = physical drive 'Physdrv' = physical 
drive, 'LD' and 'L'  = logical drive , and so on . No coherency, except 
if you squint a certain way.


Anyway, what you want to look up is 'jbod' .

Not verified recently, but back when I did use the old LSI card (my 
current one is simpler, and uses storcli) , I also used the following 
snippet:


hsp-to-jbod:---

#!/bin/bash
slot=$1
shift
megacli pdhsp rmv physdrv[64:${slot}] && megacli pdmakejbod 
physdrv[64:${slot}]



I believe hsp means "hot spare" (i.e. not currently used in a hardware 
raid config) .


I also used the following:  megacli pdlist|grep '^Device 
Id:\\|^Slot Number:' 




MegaCli -CfgEachDskRaid0 [WT|WB] [NORA|RA] [Direct|Cached] [-enblPI]
    [CachedBadBBU|NoCachedBadBBU] [-strpszM]|[FDE|CtrlBased] 
[-Default| -Automatic| -None| -Maximum| -MaximumWithoutCaching] 
[-Cache] -aN|-a0,1,2|-aALL


There is no man page for megacli.

Is there a docu where the single parameter is explained?

what mean:
[WT|WB] ?

Write through/Write back

[NORA|RA] ?

No read-ahead / Read ahead

[Direct|Cached] ?

For IO

[CachedBadBBU|NoCachedBadBBU] ?

If you have the battery backup for the cards ram (google "cache vault") 
then this allows to automatically disable write-caching (WB) when the 
battery goes bad




#!/usr/bin/perl -w
my $term;
my $all;
my $searchdesc;
my $sum = 0;
my %commands = ();
my $commands;
my @matches = ();
my $thisform = undef;
my $debug = 0;

if(defined($ARGV[0])){
foreach my $arg (@ARGV){
$term=lc($arg);
# -all and -sum du exactly the same thing. sorry.
if($term eq "-all"){
$term = "";
$all = 1;
}elsif ($term eq "-sum" ){
$term ="";
$sum =1;
}elsif ($term eq "-desc"){
$searchdesc = 1;
}
if(length($term) == 0){
$term = undef;
}
}
} else {
print STDERR "$0 Syntax: megahelp [-all|-sum|term]\n";
exit 1;
}
print STDERR "looking up $term". (defined($searchdesc) ? " in terms and 
descriptions" : "" ) .  "\n" if defined($term) ;
print STDERR "printing all terms\n" if defined($all);
while(){
chomp;
if(m(^MegaCli)){
if(defined($thisform)){
my ($megacli,$thisterm,$entry) = split(/ /,$thisform,3);
if(lc($megacli) =~ m(^megacli)){
if($thisterm =~ m(^XD)){
my $tmp;
($tmp,$entry) = split(/ /,$entry,2);
$tmp =~ s(^-)();
$thisterm .= " " . $tmp;
}
$thisterm =~ s(^-)();
$thisterm = lc($thisterm);
if(defined($commands{$thisterm})){
warn "dobbel def $thisterm" if $debug;
$commands{$thisterm} .= "\n===\t${thisterm}\t" . $entry;
} else {
$commands{$thisterm} = $entry;
push @commands, $thisterm;
}
} # else discard junk at beginning
$thisform = undef;
}
$thisform = $_;
} else  {
#   if(defined($thisform)){
#   $thisform =~ s([ \n]+\Z)( );
#   $thisform =~ s([ \n]+\Z)( );
#   }
#   $_ =~ s(\A[ \t]+)();
$thisform .= $_;
}

}

if(defined($thisform)){
my ($megacli,$thisterm,$entry) = split(/ /,$thisform,3);
if(lc($megacli) =~ m(^megacli)){
if($thisterm =~ m(^XD)){
my $tmp;
($tmp,$entry) = split(/ /,$entry,2);
$tmp =~ s(^-)();
$thisterm .= " " . $tmp;
}
$thisterm =~ s(^-)();
$thisterm = lc($thisterm);
if(defined($commands{$thisterm})){
warn "dobbel def $thisterm" if $debug;
$commands{$thisterm} .= "\n===\t${thisterm}\t" . $entry;
} else {
$commands{$thisterm} = $entry;
push @commands, $thisterm;
}
} # else discard junk at beginning
$thisform = undef;
}
my $hits = 0;
for $key (@commands){
if($all || $sum) { 
$hits = -1;
  

Re: swamp rat bots Q

[Håkon Alstadheim]

Den 03.12.2020 19:58, skrev Gene Heskett:

On Thursday 03 December 2020 09:14:29 Greg Wooledge wrote:


On Thu, Dec 03, 2020 at 09:02:47AM -0500, Gene Heskett wrote:

Yes John. But explain to me what fail2ban is sopposed to do?

It's supposed to "monitor" (tail -F equivalent) your log files, and
look for anomalies.  If it finds one, it's supposed to take action,
which is typically adding an entry to iptables.


Its running, but has failed to ban anything no matter what sort of
403's I return.

You need to configure it.  Tell it what log files to read, what is to
be considered an anomaly, and what action to take.

And where do I do that?

Cheers, Gene Heskett


If you don't know where to start with a package there are two options: 
Look at the files installed, or search the net. e.g.:




$ dpkg -L fail2ban | grep man1

/usr/share/man/man1
/usr/share/man/man1/fail2ban-client.1.gz
/usr/share/man/man1/fail2ban-regex.1.gz
/usr/share/man/man1/fail2ban-server.1.gz
/usr/share/man/man1/fail2ban-testcases.1.gz
/usr/share/man/man1/fail2ban.1.gz


Obvious choice here is the eponymous man-page fail2ban. So start there. 
Once you have scanned that short page, you will be pointed to jail(5), 
i.e. the manual page on configuration. (Config-files are in section 5 of 
the man-pages. )


For a look at the filters installed but not activated, do



dpkg -L fail2ban | grep filter.d



There are interesting filters there for your case. You will probably 
want to adjust the filters for your particular nemesis. This is quite 
quick with the aid of fail2ban-regex(1) . You will probably NOT need to 
adjust which log-files are scanned, as debian installs default patterns 
for various logs-file-names. See /etc/fail2ban/paths* .



Lastly, once you have a jail with filters you like configured, make sure 
the server is running, and watch

Re: Finding application's description

[Håkon Alstadheim]

Den 06.06.2020 17:22, skrev Richard Owlett:

On 06/06/2020 10:08 AM, Andrei POPESCU wrote:

On Sb, 06 iun 20, 09:37:11, Richard Owlett wrote:
I've just installed Buster and am selecting which apps on my Stretch 
machine

I wish to continue to use.

For some reason I had installed Gdebi.
I can't find a good description on which base a decision.
https://packages.debian.org lists no homepage.
https://manpages.debian.org links to https://launchpad.net/gdebi/ which
gives no descriptive material.
 From search engine hits I gather was developed when Ubuntu made 
installation

of deb files inconvenient.
In a straight Debian environment, does it give any advantage over 
Synaptic

&/or apt?


As per the description, gdebi is for local (i.e. downloaded .deb files)
so it provides a function that synaptic does not.

In the meantime APT can install local packages as well, so its only
advantages appear to be:



I stay with apt for that function.
Thanks.



You probably installed it to conveniently pull in dependencies in 
debian  of a .deb file from a 3rd party.

Re: MUA CLI IMAP and SMTP without ncurses interface

[Håkon Alstadheim]

Den 04.01.2020 15:54, skrev john doe:

[mail] without ncurses?

...

  I also need to configure IMAP and SMTP access,
is there a MUA which does IMAP SMTP that does not rely on ncurses?


nmh (and its various front-ends) do not depend upon ncurses. There are 
front-ends written in emacs-lisp (mh-e) and tcl (exmh) that are part of 
debian.


Take a look online https://www.nongnu.org/nmh/ or in the manual (debian 
package "mh-book" )


Drop the guys at nmh-work...@nongnu.org a line. Low traffic and helpful 
bunch.


nmh by default fetches all incoming mail to a directory under $HOME, and 
is geared towards using standard unix commands (like grep) to work with 
individual mails. Works well for filing stuff into folders, stripping 
unwanted formatting, and keeping track of mail.


nmh does not work well for accessing your mail from multiple, different 
client machines.

Re: How to have password shown?

[Håkon Alstadheim]

Den 03.07.2019 13:24, skrev Rodolfo Medina:

Hi all...

Is there any a way to have my user-password shown when logging into Debian in
tty console, or also within X system when changing to root?  It is for my old
father...  it'd be easier for him to see what he's typing.  In internet I found
some procedures to have asterisks shown; would it be possible to have a clear
text as well?  Maybe it isn't as I understand...


If the machine is physically secure, I'd find out about automatic login 
(aka autologin) to X (check the config of your display manager, you 
might conceivably want to use a different displaymanager) .


For root access, check out man sudoers, the EXAMPLES section will get 
you started, find out about NOPASSWD.


If the machine is NOT physically secure, think long and hard about what 
you will do.

Re: kvm win8 guest audio is terrible.

[Håkon Alstadheim]

Den 31.05.2019 01:51, skrev R. Ramesh:

More info needed:

- HW (cpu, graphics, soundcard)

Motherboard audio. I think it is realtek alc 887.

So, bog standard. Should work.


- BIOS (cpu power-states)
Guest cpu? Not sure how to answer this. I did not do anything special. 
My command looks something like this


No, bare metal. If the box takes a nap, sound will stop. Even 1 ns might 
be audible.

/usr/bin/kvm -usbdevice tablet -full-screen -localtime\
?? -vnc $vnc -k en-us \
?? -drive file=$diskC,index=0,media=disk,cache=writeback \
?? -vga qxl\
?? -m 2047 -net nic,model=virtio,macaddr=$mac \
?? -net tap,ifname=tap2,script=no\
?? -soundhw all &
I use pass-thru hdmi, and sound on that. Works well. Can't put my finger 
on anything you are doing wrong. I believe vnc is more light-weight than 
spice, so, good I believe.




- Host setup (power states,audio setup)

Host is core-i5 cpu. Here is the first few lines of cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family?? : 6
model : 42
model name?? : Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
stepping?? : 7
microcode : 0x18
cpu MHz : 1651.812
cache size?? : 6144 KB

Should have enough oomph. Throttled to half speed I see. Might want to 
set policy "performance". Again, check bios settings, and also power 
policy in host OS.




- VM config.
I think my kvm command line answers this. If not, please let me know 
what you are looking for.



No further questions your honour. :-) . Can't help much I'm afraid.

If you have more than one usb-"card" on your pci-bus, you might try to 
pass one directly to the guest, and use an USB sound-card, to by-pass 
all emulation. I do that for on guest I have (XEN, not kvm). Works 
OK-ish. USB-chips are finicky though, so it might not work. Different 
PCI devices might be on single chip that don't like to run on separate vm.

Re: kvm win8 guest audio is terrible.

[Håkon Alstadheim]

Den 22.05.2019 22:33, skrev Ram Ramesh:
I created a fresh install of debian stretch amd64. In that, I created 
a qemu/kvm guess install of win8. It only accepted hda as a valid 
sound card. All others show us without drivers. So, I am limited to 
only HDA as -soundhw. Further HDA sounds so broken if I try to test 
with any sound file or youtube video. It is grainy/distorted and 
outright horrible.


Google searches mentions something about MSI and those approaches are 
simply not accepted by win8. So, I could not use them. I am wondering 
if there is something fundamentally wrong with windows guests or is 
there a setting that I am missing?


More info needed:

- HW (cpu, graphics, soundcard)

- BIOS (cpu power-states)

- Host setup (power states,audio setup)

- VM config.

Most important: where have you looked trying to solve this?

---

PS: I run Xen, not qemu, but issues are same. I have max c-state 2 on 
xeon E5-2620, HDMI graphics passed thru as PCI, with good HDMI-audio in 
windows 8. Needed to drop spice because load on host got too high, 
ruined audio.

Re: text editors

[Håkon Alstadheim]

Den 26.03.2019 17:52, skrev John Hasler:

mick crane wrote:

there it is then, although I've so far managed to avoid Emacs since
heard it is more of an operating system than an editor.

  Teemu Likonen writes:

There are those who know Emacs, and there are those who know decades
old jokes about Emacs.

And there are those who avoid learning what Emacs is actually like
because they have heard decades old jokes about it.


Seriously though:

The old "arguments" against emacs are moot theese days. You can run 
Linux/Apache/Mysql on your wrist-watch, so launching an entire OS to 
edit a file would be OK, /if/ emacs was an entire OS. The semi-serious 
argument about much of emacs being run as an interpreted language is 
also moot, when people build entire operating-systems in Javascript, and 
that is not just OK, it is the best thing since sliced bread.


Emacs is NOT an OS, though, and learning just the editing commands is 
very simple. Just follow the built-in help, or do the built-in tutorial. 
Then, when you need some arcane feature you can just google it, or learn 
elisp and code it up yourself.


Having all kinds of interactive sessions available in editable buffers 
is really nice. Searching&sorting, cutting&pasting from shells to new 
command-lines, scripts or emails becomes very easy, so keeping what you 
find out and building upon your previous experiences is that much easier.


Favourite emacs command: M-x shell

Favourite emacs module: tramp

Re: sucessor for denyhosts?

[Håkon Alstadheim]

Den 09.03.2019 11:22, skrev mj:

Hi,

We are using fail2ban to do this. It offers many more options, and 
works by creating iptables rules. This gives you  much more control 
over what ports exactly are blocked.
fail2ban can run any script of your choosing as "banaction". I have a 
script that does smtp blacklist for example. My default action is a 
shorewall command. Also needs the corresponding "unban" script, 
obviously. All in all fail2ban seems fairly solid, though it /does/ 
depend on the format of your logs to work properly. Stick with standard 
config of logging from services and syslogd/systemd as far as possible, 
and fail2ban will be pretty low-maintenance. (I have only ever used it 
together with rsyslogd).


Plus I think (correct me if Im wrong) that using /etc/hosts.deny to 
block access only works with programs that are compiled to do so, and 
iptables will always work.


That is the direction things are moving in my experience also, though I 
seem to remember a recent issue i had where I needed hosts.deny to get 
proper blocking for apache, because connections were coming in via a 
multiplexer/proxy thingamajig. Had something to do with open-vpn.





MJ

On 3/9/19 9:57 AM, Hans wrote:

Hi folks,

looks like "denyhosts" is nol more in the repos. I like this tool, 
because it

blocks the IP, when the wrong password is sent n-times.

The blocked IP is added into /etc/hosts.deny, which IMO is a great idea.

I am using a script, which, cleares the hosts.deny after a certain 
time, but

this is just my behaviour.

My question: which successor for denyhost do you suggest. I found 
sshguard,
which looks promising, but maybe you got a better tool, which is 
similar to

denyhosts.

Happy hacking!

Hans

Re: An appropriate directory search tool?

[Håkon Alstadheim]

Den 20. okt. 2018 21:05, skrev Brian:
> On Sat 20 Oct 2018 at 07:19:50 -0500, Richard Owlett wrote:
>
>> On 10/20/2018 06:37 AM, Joe wrote:
>>> On Sat, 20 Oct 2018 05:28:52 -0500
>>> Richard Owlett  wrote:
>>>
 On 10/20/2018 04:44 AM, to...@tuxteam.de wrote:
> On Sat, Oct 20, 2018 at 04:32:43AM -0500, Richard Owlett wrote:
>> I think my original post needs a rewrite ;/
>>
>> I'm looking for a directory search tool with specific capabilities
>> which would fit comfortably with my work environment.
> [...]
>> I suspect that what I want would most likely be a command line
>> tool. Perhaps a script will be required. But, before reinventing
>> the wheel, I ask "Does an appropriate command already exist?"
> [...]
>
> Judging by your (second) post, I get the feeling that the answers
> given in this list haven't reached you (at whatever level).
 But they did.
 That's why I wrote 'My take away from answers so far is "A script
 will be required." '
 Perhaps we have different ideas of the definition of "script".
 I saw the examples which worked as scripts (even if written as one
 liners). If I had attempted to use bash, I would have expected to use
 an explicit pipe command between 'find' and 'grep'.

>>> Have you looked at 'zenity' for (somewhat) graphicising scripts? Not
>>> quite the full GUI experience, but quick and dirty.
>>>
>>> https://www.linuxjournal.com/content/make-your-scripts-user-friendly-zenity
>>>
>> Had never heard of 'zenity'.
>> I browsed the text of the page. To read it as intended I'll have to use an
>> alternate profile -- it expects "features" I've explicitly disabled.
>>
>> I searched for 'zenity tutorials'. The first few I found encourage further
>> investigation.
> I'd stay awy from zenity if I were you. The same advice applies to yad.
> As for dialog - don't go near it. You will be a lot happier.
>
If you want some interacivity-support for your find, emacs (and most
other coding-editors I suppose) can run find and let you pick through
the results in an editing-buffer. In emacs it is M-x find-dired, which
lets you pick the directory under which to search, hit enter, and then
enter the search criteria for find, and hit enter. If you want grep with
that, you do M-x find-grep-dired, and input directory and search-string
to look for INSIDE the files found. When you hit enter after the
criteria, it will show the results in a buffer, an you can hit enter on
any of the results to open that file.

Re: any program that search for same files?

[Håkon Alstadheim]

Den 15. okt. 2018 00:19, skrev The Wanderer:
> On 2018-10-14 at 18:06, Long Wind wrote:
>
>> given two directories, the program can print files that are in both
>> directories
>>
>> to make it easy, if file name and size are same, then they are same
>>
>> i've to admit my memory is poor, if good, who need such program?
>>
>> i'm about to write it in java, it can be completed in a few hours but
>> i think there might be simple solution
> Sounds like a perfect case for rdfind.
>
fdupes or jdupes fit the bill.

sslh and libwrap0 (tcp-wrappers and aclexec) -- [Complete version, earlier send by mistake :-/]

[Håkon Alstadheim]

(please discard the earlier misfire, I was trying to wrap the log-lines)

I have an openvpn server on stretch (with some backports stuff) in
combination with sslh so that I can multiplex https and openvpn on port
443. This is needed so clients can get through a firewall.

Simplistic setup of sslh&openvpn means that openvpn and apache see all
connects as coming from localhost, so I wanted to enable tcp-wrappers
with geoip, but I can not get it to work.

When I enable hosts.{allow,deny} I have, Starting with the symptoms and
working down to my config:

- firefox showing connection failed to httpps://

- log showing:

Sep 10 15:38:10 garbo sslh[10550]: sslh-fork 1.18-1 started
Sep 10 15:38:30 garbo geofilter: [10555] Mon, 10 Sep 2018 15:38:30\
 +0200 uid:115 /usr/local/sbin/https-geofilter 192.168.2.201
Sep 10 15:38:30 garbo geofilter: [10555] allow: ALLOW connection\
 from 192.168.2.201 (IP Address not found)
Sep 10 16:14:17 garbo geofilter: [16004] Mon, 10 Sep 2018 16:14:17\
 +0200 uid:115 /usr/local/sbin/https-geofilter 192.168.2.201
Sep 10 16:14:17 garbo geofilter: [16004] allow: ALLOW connection\
 from 192.168.2.201 (IP Address not found)
Sep 10 16:14:17 garbo sslh[10550]: warning: /etc/hosts.allow,\
 line 5: process 16003 exited with signal 126
Sep 10 16:14:17 garbo sslh[10550]: aclexec returned 1
Sep 10 16:14:17 garbo sslh[10550]: connection from\
 gt.alstadheim.priv.no.2.168.192.in-addr.arpa(192.168.2.201):\
 access denied

- Standard output where sslh is launched showing:
 /etc/init.d/sslh restart
Restarting ssl/ssh multiplexer: sslh
tls addr: localhost:https. libwrap service: https log_level: 5 family 2 2 []
openvpn addr: localhost:. libwrap service: openvpn log_level: 5
family 2 2 []
listening on:
garbo.alstadheim.priv.no:https  []
148-252-110.153.3p.ntebredband.no:https []
timeout: 3
on-timeout: openvpn
listening to 2 addresses
.
turning into sslh
capabilities: =

accepted fd 6
 writing deferred on fd -1
probing for tls
access denied

 my config: ==
---/etc/sslh/sslh.cfg:---
foreground: false;
inetd: false;
numeric: false
transparent: false;
timeout: 3;
user: "sslh";
pidfile: "/var/run/sslh/sslh.pid";
syslog_facility: "auth";

protocols:
(
 { name: "tls";service: "https"; host: "localhost"; port: "443";
log_level: 5;},
  { name: "openvpn"; service: "openvpn" ; host: "localhost"; port:
""; log_level: 5; }

);
---/etc/default/sslh---
RUN=yes
DAEMON=/usr/sbin/sslh
DAEMON_OPTS="-vv --user sslh --listen 192.168.2.2:443 --listen\
 148.252.110.153:443 --pidfile /var/run/sslh/sslh.pid --on-timeout\
 openvpn -F/etc/sslh/sslh.cfg"

---/etc/hosts.deny---
rpc.ugidd: ALL
#openvpn: ALL
https: ALL
#ssl: ALL
#anyprot: ALL
swat: ALL
#sslh: ALL
---/etc/hosts.allow---
#
rpc.ugidd: 192.168.2.0/24
#
# next line is line 5
https: ALL:aclexec /usr/local/sbin/https-geofilter %a:\
 severity auth.warning
---/usr/local/sbin/https-geofilter---
#!/bin/bash
exec>/dev/null &1

# Ansible Managed: GeoIP aclexec script for Linux TCP wrappers.
## Source: http://www.axllent.org/docs/view/ssh-geoip

# UPPERCASE space-separated country codes to ACCEPT
/usr/bin/logger -t geofilter -p authpriv.warning "[$$] `/bin/date -R`
uid:$UID $0 $*"
ALLOW_COUNTRIES="NO SE"

if [ $# -ne 1 ]; then
  echo "Usage:  `basename $0` ip" 1>&2
  exit 0 # return true in case of config issue
fi

COUNTRY=`/usr/bin/geoiplookup $1 | /usr/bin/awk -F ": " '{ print $2 }' |
/usr/bin/awk -F "," '{ print $1 }' | /usr/bin/head -n 1`

[[ $COUNTRY = "IP Address not found" || $ALLOW_COUNTRIES =~ $COUNTRY ]]
&& RESPONSE="ALLOW" || RESPONSE="DENY"
if [ $RESPONSE = "ALLOW" ]
then
/usr/bin/logger -t geofilter -p authpriv.warning "[$$] allow:
$RESPONSE connection from $1 ($COUNTRY)" || true
true
exit 0
else
  /usr/bin/logger -t geofilter -p authpriv.warning "[$$]deny: $RESPONSE
connection from $1 ($COUNTRY)" || true
  false
  exit 1
fi

--

My reading of this is that my aclexec-script gets called, and when
192.168.2.201 is not found, it logs ALLOW and returns with 'exit 0'.
Then the parent-process (as seen by the PID) then erroneously complains
that my script was terminated by a signal 126, and returns 1 (i.e.
false) to sslh.

I tried looking at the source-packages for sslh and tcp-wrappers, both
for the versions in stretch, and for tcp-wrappers also the one in
unstable, but I can not make sense of them.

sslh and libwrap0 (tcp-wrappers)

[Håkon Alstadheim]

I have an openvpn server on stretch (with some backports stuff) in
combination with sslh so that I can multiplex https and openvpn on port
443. This is needed so clients can get through a firewall.

Simplistic setup of sslh&openvpn means that openvpn and apache see all
connects as coming from localhost, so I wanted to enable tcp-wrappers
with geoip, but I can not get it to work.

When I enable hosts.{allow,deny} I have, Starting with the symptoms and
working down to my config:

- firefox showing connection failed to httpps://

- log showing:

Sep 10 15:38:10 garbo sslh[10550]: sslh-fork 1.18-1 started
Sep 10 15:38:30 garbo geofilter: [10555] Mon, 10 Sep 2018 15:38:30 +0200
uid:115 /usr/local/sbin/https-geofilter 192.168.2.201
Sep 10 15:38:30 garbo geofilter: [10555] allow: ALLOW connection from
192.168.2.201 (IP Address not found)Sep 10 16:14:17 garbo geofilter:
[16004] Mon, 10 Sep 2018 16:14:17 +0200 uid:115
/usr/local/sbin/https-geofilter 192.168.2.201

Sep 10 16:14:17 garbo geofilter: [16004] allow: ALLOW connection from
192.168.2.201 (IP Address not found)
Sep 10 16:14:17 garbo sslh[10550]: warning: /etc/hosts.allow, line 5:
process 16003 exited with signal 126
Sep 10 16:14:17 garbo sslh[10550]: aclexec returned 1
Sep 10 16:14:17 garbo sslh[10550]: connection from
gt.alstadheim.priv.no.2.168.192.in-addr.arpa(192.168.2.201): access denied

Re: Teeny tiny console font after firmware-linux

[Håkon Alstadheim]

Den 04. juni 2016 03:24, skrev Bob Bernstein:
> GRUB_GFXMODE=1024x768
> GRUB_GFXPAYLOAD_LINUX=1024x768
> and rem'd out
> # GRUB_TERMINAL=console
>
> The output of 'hwinfo --framebuffer' suggests I have many other larger
> and smaller resolutions available to me, but I am not one to muck
> around with undue familiarity in those far reaches.
>
> If I _knew_ that the result of setting a lesser resolution, say,
> 800x600, would render those Terminus2Bold 16x32 jobbies "bigger" on my
> monitor, I would rally round and charge into it!
>
Yes, a single character from a given font will most likely take up more
room on your screen if resolution is changed from 1024x768 to 800x600.
You could be out of luck and get a large unused border around the
output, or even not get any output at all though. LCD screens tend to
get a bit "unfocused" if run at non-native resolution. Personally I've
not had much luck messing with console resolution, but it is worth a
shot if you make sure you have an easy way to revert to the working
state you have now.

Re: What Mid-range USB Sound Cards Work with Linux?

[Håkon Alstadheim]

Den 24. mai 2016 20:27, skrev Martin McCormick:
- (see subject)
I have had good luck going to a musical-instruments store, rather than a
computer store. They know sound. Explain your intended use to them, and
they might actually understand what you want. Get a no-frills, but not
the very cheapest unit with good signal-to noise. If in doubt, bring a
smart-phone and google the brand&model&linux . Behringer has several
that work with linux out of the box.

Re: RANT: Virtual filesystems are getting out of control

[Håkon Alstadheim]

Den 18. mai 2016 06:51, skrev David Wright:
> $ mount -t ext3 ; mount -t ext4
Or, to get only real devices listed: mount | grep '^/' .
Frees you from knowing fstype.
>
> $ man bash   for info on aliases and shell functions.
>
> Cheers,
> David.
>
>
alias drives="mount | grep '^/'"

Re: View all Inboxes on a Debian mail app

[Håkon Alstadheim]

Den 19. feb. 2016 23:19, skrev Andrew Wood:
> Is there any mail program for Debian which has the option to show the
> inboxes of multiple mail accounts as one consolidated view a bit like
> the 'All Inboxes' option on the iPhone/iPad/Mac Mail?
Icedove (aka Thunderbird) has all kinds of views, incluing  unified
Inbox view (without physically moving the mails to one inbox). Menu for
setting is "View" -> "Folders" -> "Unified". Never used it, so I don't
know if like-named subfolders will also be unified, but my guess is yes.

Re: Enable SPF in postfix and Bind9??

[Håkon Alstadheim]

Den 29. okt. 2015 22:27, skrev Jochen Spieker:
> co...@crearq.co.cu:
>> To apply SPF to control mails as well as spoofing
>> users and more.
>> - I have a server with postfix mail for local users which is
>> assigned to use SASL to prevent spoofing mails.
>> - I have a postfix mail sever face as internet gateway both cases
>> Debian.
>> and Bind9 the internet facing server and enable SPF to prevent
>> from outside can send emails to my local domain as if they were
>> internal users ??
>> spamassasin use and amavisd-new also
>> As might enable it ???
> I have trouble comprehending what exactly you are saying and I am not
> sure whether you are actually knowing what you are doing, but in order
> to enable SPF for a domain, all you need to do is add a TXT record for
> this domain with content like "v=spf1 mx -all". That instructs receiving
> systems to only accept mails from the MX for your domain.
>
For the other direction (incoming), check out debian package
postfix-policyd-spf. I am currently using a locally adjusted copy, but
at least in wheezy a standard setup using that package worked as
advertised for me. Pretty sure the same holds for jessie.

Re: Bizarre issue: USB 3 disconnecting and dying

[Håkon Alstadheim]

How long are your USB-cables? What kind of power supply do you have, and what 
else is drawing power?

I just went from a PSU specced at 5x the needed sustained power to 10x . Got a 
slight but definite improvement in USB stability. Yes, my system is drawing ~ 
150w from a 1200w supply. Externally powered hubs were no help. 5v is specced 
at 30amps max. I still get drop-outs , very rarely reqiuring hard boot now, 
except if I try the multi-media-keys on my back-lit usb2.0 keyboard.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/fa2b0565-1df4-4fbc-b280-8866b2083...@alstadheim.priv.no

cloudprint Message: https://developers.google.com/accounts/docs/AuthForInstalledApps

[Håkon Alstadheim]

Trying to run cloudprintd from the cloudprint package in debian jessie
recently started giving errors like so:

Traceback (most recent call last):
  File "/usr/sbin/cloudprintd", line 9, in 
load_entry_point('cloudprint==0.11', 'console_scripts',
'cloudprint-cmd')()
  File "/usr/share/cloudprint/cloudprint/cloudprint.py", line 496, in main
sync_printers(cups_connection, cpp)
  File "/usr/share/cloudprint/cloudprint/cloudprint.py", line 330, in
sync_printers
remote_printers = dict([(p.name, p) for p in cpp.get_printers()])
  File "/usr/share/cloudprint/cloudprint/cloudprint.py", line 177, in
get_printers
r = self.get_rest()
  File "/usr/share/cloudprint/cloudprint/cloudprint.py", line 173, in
get_rest
auth = self.get_auth()
  File "/usr/share/cloudprint/cloudprint/cloudprint.py", line 99, in
get_auth
'application/x-www-form-urlencoded')
  File "/usr/share/cloudprint/cloudprint/rest.py", line 122, in post
return self.rest_call('POST', path, data, content_type, headers,
response_type)
  File "/usr/share/cloudprint/cloudprint/rest.py", line 105, in rest_call
raise REST.RESTException('REST Error', resp.status, data)
cloudprint.rest.RESTException: REST Error:404
Message: https://developers.google.com/accounts/docs/AuthForInstalledApps

The page at the link in the last line says:
" *Important:* ClientLogin has been officially deprecated

since April 20, 2012 and is now no longer available. Requests to
ClientLogin will fail with a HTTP 404 response. We encourage you to
migrate to OAuth 2.0
 as soon as
possible."

Ideas, anybody ? (preferably ideas not involving installing windows)



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/556ca65f.80...@alstadheim.priv.no

Re: Need SAS HBA for Debian Jessie

[Håkon Alstadheim]

On 23. mai 2015 03:19, Leslie Rhorer wrote:
> Oh, you're right, although I had many of the same issues in that area,
> as well. That said, I still have not definitively pinpointed the
> source of the problems. The LSI controller on the Squeeze system is
> working without a hard failure, however. A couple of the drives still
> suffer timeouts with that controller, but it doesn't barf when they
> do. It just resets the drive. I would happily buy another of these LSI
> controllers, but they don't have support for the management utility
> under Jessie (or Wheezy, for that matter). They work with the kernel,
> but without using the management software to tweak the controller
> parameters (especially the write-through cache), performance is truly
> dismal. I mean really, really bad.
>> Here I agree with you. OTOH, if this had been for a "enterprise"
>> setting, a suggestion to check out RH - with their level of commercial
>> support - would not necessarily be a bad one.
>

I'm using LSI stuff myself. If you want plug and play, you will need to
go with a supported distro.

To spell it out: the choices if you go with LSI are either a) insanity
or b) a supported distro. Myself i picked the insanity route.

I have been using the LSI command-line utitilities under debian (wheezy
and jessie) and now gentoo (slightly more plug and play). They run just
fine once you get them unpacked. I have made some script wrappers around
MegaCli, and after a couple of years my mind is so warped that MegaCli
almost makes sense. StorCli is actually slightly less insane to work
with, but supports a different set of LSI hardware. The worst mindf*ck
is the inconsistency in naming and concepts, an the resulting muddled
grouping of the commands/options. Remember, case is irrelevant and the
'-' in front of options is optional.

One script wrapper I use is :
-/usr/local/bin/megacli
#!/bin/sh
echo
/apub/hakon/lsi/8.07.14_MegaCLI/Linux/opt/MegaRAID/MegaCli/MegaCli64
"$@" a0 nolog:
exec
/apub/hakon/lsi/8.07.14_MegaCLI/Linux/opt/MegaRAID/MegaCli/MegaCli64
"$@" a0 nolog
-
Another one I call "megahelp", and is a fancy way to grep the built-in
help in the megacli. The source started out with the output from
"/apub/hakon/lsi/8.07.14_MegaCLI/Linux/opt/MegaRAID/MegaCli/MegaCli64
help". I am currently running my raid on a gentoo box, and the script
you find here:  is sort-of-ported
and halfway improved from what I used to run on my jessie box. I
discovered that "megacli help " gives a different output from
just "megacli help", so I swithced megahelp to use the former where
appropriate, without removing the old code.

Once you get something like this going, you add liberal use of grep on
the output of megacli commands to pick out the relevant information you
are after, and maintenance of LSI raid under debian is OK. Logging is
weird though.

P.S: Having a bios that allows you to tweak the settings before booting
is quite nice, on my newest rig that actually works. Take a look in the
bios screens, you might be pleasantly surprised.
--
Regards, Håkon


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/556310bf.8060...@alstadheim.priv.no

Re: about installing Java

[Håkon Alstadheim]

On 13. feb. 2015 09:46, Klaus Jantzen wrote:

On 02/13/2015 01:54 AM, Jack Chuge wrote:

I want to install the latest version of Java on my debian desktop. Is
there any quick way like using a terminal command? Though, I think
debian is the most stable Linux distro I've ever used so far, on the
other hand, I'm a newby to it. Any support is appreciated.

Goto java.com, download the jdk1.8..tar.gz for your computer
architecture and unpack it to a suitable directory as described in the
installation instructions in the download site (all takes you 5 min.).

I put my java into "/opt/jdk1.8.0_31".
I use it e.g. to work with Eclipse.

Get the distro like Klaus says, and then get the "java-package" package 
(also from backports, if needed) , containing the command make-jpkg, 
which  builds  a  Debian  package  from the given Java distribution  file.


This does not seem to handle browser-plugins though.

After make-jpkg and dpkg -i, you can do "update-java-alternatives". For 
browser-plugins you could then run e.g.  "update-alternatives --install 
/usr/lib/iceweasel/plugins/libjavaplugin.so iceweasel-javaplugin.so 
/usr/lib/jvm/jdk-8-oracle-x64/jre/lib/amd64/libnpjp2.so 2000" and 
"update-alternatives --config iceweasel-javaplugin.so"



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/54ddc882.4010...@alstadheim.priv.no

Re: Glibc 2.15 not found?

[Håkon Alstadheim]

On 29. jan. 2015 20:12, Stephen wrote:

On 01/29/2015 11:08 AM, Sven Hartge wrote:

If you are a novice user, the glibc is the _last_ thing you want to mess
with.

Grüße,
Sven.

Hmm, that is scary. I don't want to break anything. I am quite 
adventurous but I can handle not playing VV until Jessie releases 
if that is the case.





How would lxc be in this use-case? Specifically how would a container 
access a graphics display ?


Generally containers would be a great relief to have when playing with 
unsafe s^H computing :-) .




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54ccb00a.40...@alstadheim.priv.no

kernel spamming log -- "sda: unknown partition table"

[Håkon Alstadheim]

I get theese (totally benign) messages. How do I shut them up ? Running 
jessie. I suspect something is using resources scanning and re-scanning 
my drives, so the best solution would be to make that thing take a break 
and leave well enough alone. Barring that, I'd like to not have that 
noise bothering me.


Nov 11 12:20:23 garbo kernel: [352931.388078]  sda: unknown partition table
Nov 11 12:20:25 garbo kernel: [352933.668659]  sda: unknown partition table
Nov 11 12:20:25 garbo kernel: [352933.902338]  sdc: unknown partition table
Nov 11 12:21:35 garbo kernel: [353003.971818]  sda: unknown partition table
Nov 11 12:21:37 garbo kernel: [353005.803811]  sda: unknown partition table
Nov 11 12:21:37 garbo kernel: [353006.224025]  sdc: unknown partition table
Nov 11 12:25:43 garbo kernel: [353251.378973]  sda: unknown partition table
Nov 11 12:25:45 garbo kernel: [353253.749432]  sda: unknown partition table
Nov 11 12:25:45 garbo kernel: [353254.341421]  sda: unknown partition table
Nov 11 12:25:46 garbo kernel: [353254.592933]  sdc: unknown partition table
Nov 11 12:30:43 garbo kernel: [353551.930959]  sda: unknown partition table
Nov 11 12:30:45 garbo kernel: [353554.042217]  sda: unknown partition table
Nov 11 12:30:45 garbo kernel: [353554.262593]  sdc: unknown partition table

For the curious: yes I believe I know what I am doing. The drives are 
unpartitioned lvm physical volumes. The underlying raid rounds the 
physical drive sizes down to allow slightly differing drives as part of 
the raid. I don't need to partition the drives.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5461f5b1.2040...@alstadheim.priv.no

Re: Question re: updating debain stable kernels...

[Håkon Alstadheim]

On 26. okt. 2014 00:18, Brian wrote:

On Sat 25 Oct 2014 at 22:46:43 +0200, Pascal Hambourg wrote:


  I have seen at least two stable kernel
updates which changed the ABI without changing the version in the kernel
package name and resulted in some new modules not being compatible with
the previous kernel image or modules.

If it is a matter of exchanging anecdotal experiences I've never
experienced any problem booting a new kernel in nearly twenty years.

I'm unsure what it is you are recommending the OP to do.




The point is that loading kernel modules after a kernel update will not 
always work, so  a reboot is in my experience advisable before you do 
any configuration changes involving module loading.


Such config changes might e.g. be firewall changes or new hardware.

I don't know if Pascal's description of the condition is accurate, the 
effect has been real on kernel updates in the past.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/544ce564.90...@alstadheim.priv.no

Re: excessive CPU usage

[Håkon Alstadheim]

This is getting embarassing, hdparm does obvously also need to know 
which drive to read from, something like "hdparm   --read-sector 307316 
/dev/sda".

I'll not bother the entire list with that :)

On 29. sep. 2014 10:48, Håkon Alstadheim wrote:

On 29. sep. 2014 09:32, Julien b wrote:

SMART Self-test log structure revision number 1
Num  Test_DescriptionStatus  Remaining 
LifeTime(hours)  LBA_of_first_error
# 1  Extended offlineCompleted: read failure   90% 
35888 307316
# 2  Short offline   Completed: read failure   90% 
35887 330254
# 3  Extended offlineCompleted: read failure   90% 
35887 410646
Sorry for the verbiage, but you might have the clues you need to start 
reassigning sectors here, though I have on occasion seen that the LBA 
is reported erroneously by smartctl. You will find out soon enough if 
you do


$ hdparm  --read-sector 307316
$ hdparm --read-sector 330254
$ hdparm --read-sector 410646
---
If you get errors from the above commands, you need to reassign those 
sectors. If not, then smartctl may be reporting erroneously because 
the drive has not been able to store the correct value of the sector 
where the error occured in its internal log. Your numbers look good 
though (they do not look like a single "highest possible integer" that 
you would most likely get if the values are wrong).


If smartcl is in error, you need to find the error when they happened 
in your system logs. I.E. you need to find the bad sectors somewhere 
like /var/log/syslog (or is it /var/log/messages ? ) . I forget. grep 
for 'SAT' or 'ATA' in your logs.


It may also be that you have "lucked out", and the sectors have been 
written to, and thus reassigned automatically. This will make the next 
read from that sector succeed, if the drive is not totally beyond repair.


And, like I said at first, this is merely a stop-gap-while your drive 
is getting progressively worse, and %wa goes up in "top" (you never 
told us how much wait you have).


So your plan should be:

1) Back up everything
2) Order a new drive
3) muddle through while you wait for your replacement.

You should consider ordering TWO drives, and run them in a mirror. 
Then you can set error-timeout to 7 seconds and not experience such 
bad performance the next time a drive starts failing. DO NOT set that 
error timeout if you only have one drive, or chances of data-loss will 
increase.


Remember, if your drive is in warranty, a replacement is free.

Re: excessive CPU usage

[Håkon Alstadheim]

On 29. sep. 2014 09:32, Julien b wrote:

SMART Self-test log structure revision number 1
Num  Test_DescriptionStatus  Remaining 
LifeTime(hours)  LBA_of_first_error
# 1  Extended offlineCompleted: read failure   90% 
35888 307316
# 2  Short offline   Completed: read failure   90% 
35887 330254
# 3  Extended offlineCompleted: read failure   90% 
35887 410646
Sorry for the verbiage, but you might have the clues you need to start 
reassigning sectors here, though I have on occasion seen that the LBA is 
reported erroneously by smartctl. You will find out soon enough if you do


$ hdparm  --read-sector 307316
$ hdparm --read-sector 330254
$ hdparm --read-sector 410646
---
If you get errors from the above commands, you need to reassign those 
sectors. If not, then smartctl may be reporting erroneously because the 
drive has not been able to store the correct value of the sector where 
the error occured in its internal log. Your numbers look good though 
(they do not look like a single "highest possible integer" that you 
would most likely get if the values are wrong).


If smartcl is in error, you need to find the error when they happened in 
your system logs. I.E. you need to find the bad sectors somewhere like 
/var/log/syslog (or is it /var/log/messages ? ) . I forget. grep for 
'SAT' or 'ATA' in your logs.


It may also be that you have "lucked out", and the sectors have been 
written to, and thus reassigned automatically. This will make the next 
read from that sector succeed, if the drive is not totally beyond repair.


And, like I said at first, this is merely a stop-gap-while your drive is 
getting progressively worse, and %wa goes up in "top" (you never told us 
how much wait you have).


So your plan should be:

1) Back up everything
2) Order a new drive
3) muddle through while you wait for your replacement.

You should consider ordering TWO drives, and run them in a mirror. Then 
you can set error-timeout to 7 seconds and not experience such bad 
performance the next time a drive starts failing. DO NOT set that error 
timeout if you only have one drive, or chances of data-loss will increase.


Remember, if your drive is in warranty, a replacement is free.

Re: excessive CPU usage

[Håkon Alstadheim]

On 29. sep. 2014 09:55, Håkon Alstadheim wrote:

On 29. sep. 2014 09:32, Julien b wrote:
198 Offline_Uncorrectable 0x0030   198  189   000   
Old_ageOffline - 232  0

Get a new drive.
Sorry to follow up on myself, but, in the mean-time you should also 
check the logs to figure out exactly which sectors are having problems, 
and re-write those sectors (or the files occupying those sectors) to get 
them reassigned to good parts of the drive.


Read up on smartmontools if you do not know what I mean . This 
<http://linoxide.com/linux-how-to/how-to-fix-repair-bad-blocks-in-linux/> might 
be a start, but I have not studied that exact page extensively to check 
if that one is the definitive guide.

Re: excessive CPU usage

[Håkon Alstadheim]

On 29. sep. 2014 09:32, Julien b wrote:
198 Offline_Uncorrectable 0x0030   198  189   000 Old_age  
  Offline -232   0

Get a new drive.

--
Håkon Alstadheim / N-7510 Skatval / email: ha...@alstadheim.priv.no
tlf: 74 82 60 27 mob: 47 35 39 38
http://alstadheim.priv.no/hakon/

Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)

[Håkon Alstadheim]

According to 
:
Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. 
An attacker can provide specially-crafted environment variables 
containing arbitrary commands that will be executed on vulnerable 
systems under certain conditions. The new issue has been assigned 
CVE-2014-7169.

https://access.redhat.com/articles/1200223

According to the article at redhat, only bash is vulnerable, so (if you 
do not have homegrown bashisms in shells with #!/bin/sh as first line) 
you should check that ls -l /bin/sh gives "/bin/sh -> dash", and do 
dpkg-reconfigure dash if it does not.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5423c1c4.1090...@alstadheim.priv.no

Re: More FUD for everyone: Computers Are Dangerous! (Users are devs, after all.)

[Håkon Alstadheim]

On 23. sep. 2014 04:02, Joel Rees wrote:
[snipped]

Just to off-set the negative comments, I'd say Joel R. States his case 
pretty well, though I think dropping the sarcasm-bit would have improved it.


I'll paraphrase my understanding of A FEW of Joel's points, just to see 
if I read him correctly. Please let me know if I have misunderstood.


- A few of Joel's points: ---
1) Quite a few developers feel the need for training-wheels to get 
inter-process-communication and process-control right.
2) Systemd is one way of gaining said training-wheels. The way that 
seems to be the preferred among the majority,
2) Being monolithic, systemd ends up introducing inter-dependencies that 
need not be introduced.
3) Putting in an extra layer to control settings in the kernel and 
file-system introduces un-needed complexity and confusion.



Now, for the sake of argument let's take as given that my understanding 
of Joel is more-or-less correct, and furthermore that the points are valid.


** My thinking in response to theese points **
Given that systemd does have some negative side-effects, it would be 
desirable to have an alternative. One of:


a) remove the need for training-wheels (raise the bar on entry to being 
a developer, or give better training).

b) introduce an alternative set of training wheels.
c) stop debian development.

Even if neither a) or b) happens, nothing will be able to force c). 
Nothing will ever force anything in an open source project. The only 
"force" is the dynamic between number of developers willing to put in 
the work, and number of users willing to use the result.
So, I guess this comes back to "show us the code" (or the howtos for 
doing it differently).


Apparently Joel has (valid! ) other commitments. There are people 
willing and able to work on systemd. Unless someone else steps up with 
code or an online class in linux IPC, I'd say the case can be closed.


That "online class in linux IPC" would not only need to teach code that 
works, it would need to capture mind-share to such an extent that most 
people would say "that is the linux way". The situation to day, with 
e.g. the /etc/postfix/master.cf as "state of the art", while competing 
with grafted-on-crutches such as daemontools means a poor admin can not 
stay within his comfort-zone if he wishes to run any box he may 
encounter. Anything that reduces that kind of stress, will gain ground.


I think that any alternative, to succeed. would need to cover the same 
broad base as systemd, either through code, or universally accepted 
"best practice" on a number of areas. Starting a movement and getting 
the man-power to do that is no easy task.




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/54214b80.9080...@alstadheim.priv.no

Re: excessive CPU usage

[Håkon Alstadheim]

On 21. sep. 2014 20:54, Gary Roach wrote:

Hi all

For the last few months I have been plagued by very slow response from 
my system.

...
at least one of the processors goes to 100% and stays there for long 
periods 

...

no noticeable activity in the process tables.

...

hard drive indicator comes on and stays on


Are your drives healthy?
What is then number in front of "wa" in the "top" output?
Are you running smartd/smartmontools?

If you are running a raid setup with redundancy, you should shorten the 
error-timeouts on your drives to 7 seconds, with "smartctl -l scterc,70,70".

If you are not running a raid level > 0, go buy a mirror drive stat.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/541f313b.4050...@alstadheim.priv.no

Re: sid is not for newbies. (was ... Re: The following packages will be REMOVED:)

[Håkon Alstadheim]

On 16. nov. 2012 03:39, Ralf Mardorf wrote:

On Thu, 15 Nov 2012 19:51:32 -0500
Charles Kroeger  wrote:


On Thu, 15 Nov 2012 23:30:02 +0100
Chris Bannister  wrote:


Please don't run Sid, if you don't understand the risk(

I like risk, why else would I run it, how could I understand it if I
didn't?

Multiboot? Sid + Testing or another Linux distro? And backup Sid
regularly! Don't sync backups, but keep at least two backup versions,
since nobody can test all possibilities after an update.

IMO it's good, if people are willing to test something that is in
development. OTOH I didn't follow this thread. If the OP needs a
reliable system and not new software, drivers etc., I would recommend
Debian Stable. If you need new software, drivers etc. I recommend
Debian Testing. If you need it more up to date switch the distro. Since
some time ago I preferred Arch Linux, but nobody should switch to Arch
now, thanks to a switch to systemd, it's a completely borked distro.
Ubuntu and Suse each half week come with new releases ;). My choice
at the moment is Ubuntu with Xfce4 (Ubuntu Studio or Xubuntu). IMHO, if
possible a user should stay with Debian stable. Even testing or other
distros, e.g. Ubuntu, not only ship with lates development, but also a
lots of risks.

Helping the community by being a tester is good, software version
hunting is idiotic. Everybody should balance pros and cons regarding to
the needs.

I only used stable and testing and derivatives, 64 Studio, AV Linux.

0,02€


Don't forget backports. Always an option if you need the latest with a 
bit less risk. After some fiddling I'm running kernel 
3.2.0-0.bpo.3-amd64 on squeeze. Got tricked into installing multiarch 
libraries at one point, but backing out again was fairly 
straight-forward. Now I'm running latest dvb drivers and compiling 
mythtv without problems. Best of both worlds :-) . Some things take a 
while to get to backports, but waiting a couple of weeks lets me avoid 
upgrading everything. Worth it I think.




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50a5ecb8.9000...@alstadheim.priv.no

Re: DVD region codes ?

[Håkon Alstadheim]

On 13. april 2012 08:48, Mika Suomalainen wrote:

13.04.2012 01:29, Håkon Alstadheim kirjoitti:

Am I doing something wrong, or have all linux systems recently started
requiring the region-code to be set on DVD-drives to be able to play
DVDs? I struggled for a while with a drive on a newish box and could not
get it to play an old DVD. Went so far as to run DISCInfo.exe which
confirmed I had not set a region on the drive, but it was NOT region
free (says "lock detected"). So did an older machine that I am CERTAIN
has been able to play that disc before. I ran "regionset(8)" , and the
disc is now playable. I did not need this in the past. Now I guess I
will not be able to play DVDs from other regions. What gives?

For the record, this is probably upstream problem(s), since both my main
boxes, with debian and ubuntu, are affected. I should test this on my
gentoo box as well, but if anybody has any info I'm all for a shortcut.
My alternative right now is to try flashing my DVD-drive to get a
region-free drive. This involves getting the drive into a Windows-box to
get the flash utility to run. Already tried Wine and Freedos.

Disgusted greetings, Håkon.




Do you have libdvdcss2 installed? I think that it should hep with region
locks.
You can get it from http://www.debian-multimedia.org/ .


Yes, thanks, absolutely right. I think I've managed to confuse myself a 
bit, starting to wonder now which box(es) had the error. Now I've set 
the region code on all my drives, so testing without is no longer an 
option. On my debian squeeze box I've got libdvdcss2 and libdvdread4 
from debian multimedia. I'm suspecting now that the one that tripped me 
up was an Ubuntu box. Also with libdvdcss2 and libdvdread4, but the 
/etc/apt/sources.list seems to be a bit messed up there, as "apt-cache 
policy" shows no installation source for libdvdcss2. Possibly I have 
some slight binary incompatibility between my libraries.


Will fix my /etc/apt/sources* , but given that I now have the region set 
on the drive, I guess I'll never know whether I've actually found the 
culprit.


Thanks All.





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f8c86b7.80...@alstadheim.priv.no

Re: DVD region codes ?

[Håkon Alstadheim]

On 13. april 2012 03:11, Charlie wrote:

  On Thu, 12 Apr 2012 18:32:51 -0600 "Bob Proulx b...@proulx.com"
  suggested this:


Håkon Alstadheim wrote:

Am I doing something wrong, or have all linux systems recently
started requiring the region-code to be set on DVD-drives to be able
to play DVDs? I struggled for a while with a drive on a newish box
and could not get it to play an old DVD. Went so far as to run

You probably already know this but you didn't say and therefore I must
ask about it.  Please ensure and verify that you have "libdvdcss2"
installed.  Not having it may cause confusion.

Bob

I think that may now be "libdvdcss4", but I could be wrong?

Yes, and I /suspect/ my troubles have something to do with new versions 
of the dvd libraries.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f87c5f6.1000...@alstadheim.priv.no

Re: DVD region codes ?

[Håkon Alstadheim]

On 13. april 2012 03:17, Bob Proulx wrote:

Bob Proulx wrote:

Håkon Alstadheim wrote:

Am I doing something wrong, or have all linux systems recently
started requiring the region-code to be set on DVD-drives to be able
to play DVDs? I struggled for a while with a drive on a newish box
and could not get it to play an old DVD. Went so far as to run

To add some content to this...  I personally have never needed to set
the region on a DVD drive.  But I haven't bought any new DVD drives in
a while.  Certainly my old ones are still playing DVDs routinely.  If
this is true in your case I doubt it is the system but probably the
DVD drive itself that is enforcing a region code.

If you have two drives then you might consider booting a KNOPPIX live
boot disk on one of the drives and playing a DVD on the other.  That
would provde a hardware check with a different operating system.


Given that setting the region on the hardware makes it able to play 
protected DVDs, I consider the hardware OK.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f87c550.2000...@alstadheim.priv.no

DVD region codes ?

[Håkon Alstadheim]

Am I doing something wrong, or have all linux systems recently started 
requiring the region-code to be set on DVD-drives to be able to play 
DVDs? I struggled for a while with a drive on a newish box and could not 
get it to play an old DVD. Went so far as to run DISCInfo.exe which 
confirmed I had not set a region on the drive, but it was NOT region 
free (says "lock detected"). So did an older machine that I am CERTAIN 
has been able to play that disc before. I ran "regionset(8)" , and the 
disc is now playable. I did not need this in the past. Now I guess I 
will not be able to play DVDs from other regions. What gives?


For the record, this is probably upstream problem(s), since both my main 
boxes, with debian and ubuntu, are affected. I should test this on my 
gentoo box as well, but if anybody has any info I'm all for a shortcut. 
My alternative right now is to try flashing my DVD-drive to get a 
region-free drive. This involves getting the drive into a Windows-box to 
get the flash utility to run. Already tried Wine and Freedos.


Disgusted greetings, Håkon.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f875761.1020...@alstadheim.priv.no

Random grumble to anybody doing translation-work, esp. to norwegian.

[Håkon Alstadheim]

I hate it when "y/N ?" gets translated into "j/N ?", and then the proggy 
will not accept "j" as an answer. Only "y".


(pertains to norwegian translations).

--
If something is worth doing, it's worth doing well.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/4f71b037.8090...@alstadheim.priv.no

Re: Canonscan Lide 110 - anyone used this?

[Håkon Alstadheim]

Den 23. nov. 2011 17:54, skrev Michel Blankleder:

On Wednesday, November 23, 2011 18:10:24 Anthony Campbell wrote:

I need to replace my Epson Perfection 1650 which has died after many
years of faithful service. I have ordered a Canonscan Lide 110, which is
said to be fully supported by the sane page, using the genesys driver.
In my Sid installation there is an entry for the 110 in
/etc/sane.d/genesys.conf.

So it _ought_ to work, but I have come across posts in other lists
(ubuntu) where people report failure. So I have got cold feet about it
and am wondering if I ought to return it unopened. Hence my question:
has anyone used this model successfully (or not)?

AC

I doesn't use scanners very often but I used that scanner once.
At fist time, I thought that it will be a problem but for my surprise the only
thing that I needed to do was edit the /etc/default/saned to start the daemon
and then acquire the image with Gwenview.
It worked like a charm with:




I've got a scanner that says lide 110 on the top, and it performs to my 
expectations under gentoo linux with
media-gfx/sane-backends-1.0.22-r2 . Support was not in stable gentoo 
when I got the scanner, so I had to use a development version of the 
drivers until about half a year ago (I think ). The buttons don't work, 
but that goes for several (most) usb scanners I believe (don't take my 
word for that).


 sane-find-scanner -v reports:
---
This is sane-find-scanner from sane-backends 1.0.22

found USB scanner (vendor=0x04a9 [Canon], product=0x1909 [CanoScan], 
chip=GL124) at libusb:001:003
  # Your USB scanner was (probably) detected. It may or may not be 
supported by

  # SANE. Try scanimage -L and read the backend's manpage.

  # Not checking for parallel port scanners.

  # Most Scanners connected to the parallel port or other proprietary ports
  # can't be detected by this program.
done
---
scanimage -L says:

device `genesys:libusb:001:003' is a Canon LiDE 110 flatbed scanner
---


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/4ecd487d.6040...@alstadheim.priv.no

Re: Torrents killing my connection

[Håkon Alstadheim]

Den 19. juni 2010 09:38, skrev Mark:
On Sat, Jun 19, 2010 at 12:16 AM, Eero Volotinen 
mailto:eero.voloti...@iki.fi>> wrote:


> Equipment: WRT54G, Acer Aspire One

I think your torrent client is killing the router. (filling nat tables
and eating cpu). You should buy more powerful router..


Um, no.  I have the identical router and have never had problems with 
torrents.


The router config can make a difference. Switch off firewall etc in the 
router, especially statefull rules. Turn off NAT. That will save a LOT 
of memory in the router.

Re: Rebuilding RAID 1 Array in Linux with a new hard disk after a disk fault - Howto with screen shots

[Håkon Alstadheim]

Steven skrev:

How to identify which drive has failed in an array?

I have 6 disks, 4 are used in raid (mdadm), the other 2 contain /boot, /
and /home.
/dev/sdc
/dev/sdd
/dev/sde
/dev/sdf
Each have 1 partition.
/dev/md0 (raid 1) consists of /dev/sdc1 and /dev/sdd1
/dev/md1 (raid 1) consists of /dev/sde1 and /dev/sdf1

If a drive fails, how do I know which drive? This is a desktop system, not
a server.

  


Just do "ls -l /dev/disk/by-id/". The disks will have factory labels 
with serial-numbers to match.


--
Håkon Alstadheim / N-7510 Skatval / email:ha...@alstadheim.priv.no
tlf: 74 82 60 27 mob: 47 35 39 38
http://alstadheim.priv.no/hakon/ 
spamtrap: finnesi...@alstadheim.priv.no -- 1 hit & you are out




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4c191159.8080...@alstadheim.priv.no

Re: Howto recover deleted files/folders without comercial apps?

[Håkon Alstadheim]

shampavman skrev:

Johannes Wiedersich wrote:
  

Israel Garcia wrote:


Which is the easiest way to recover deleted files/folders using ONLY
commands from Debian OS?
  

The best and easiest way is to use your backup tool to recover the data
from the last backup. There are various backup methods available in
debian with different commands. It depends on your needs which will suit
you best.

In case you don't have good, reliable and working backups, I'd strongly
recommend you to put simple and reliable backup procedures in place in
order to avoid or at least limit such problems for the future.

Best wishes,
Johannes


If I were you , I would write a simple wrapper for rm.
Here is what I would do.
if rm or rm -r is encountered, create a local dir somewhere call it
'Mytrash' then mv the files over there.. instead of from the machine...
Then run a cron perhaps every month to actually remove it .

PS: Im assuming that your talking about accidentally removed files... If
not then I sorry .
  
I've seen lots of places using an alias for rm called 'del', with a 
corresponding 'undel'. Check your system default .bashrc, it might 
already be available on your system by just removing a '#' character. 
Also check your standard package-search-mechanism for stuff to do with 
bash. Most likely these aliases already exist.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: keeping the two latest files on a folder

[Håkon Alstadheim]

Matthew Smith skrev:

Quoth Håkon Alstadheim at 14/10/09 16:37...
Due to all the positive feed-back, I actually tested the "ls 
-rt"-bit, and sure enough, the 'r' makes ls list the newest files 
_last_, so you DON'T want 'r'. This makes the correct command:


rm $(ls -t | sed '1,2d')


I thought this looked like an interesting recipe, so I tried it.  
(With echo, I hasten to add.)


I get a listing of every file (and directory) in the directory, but 
all on one line.


All the sed seems to do is to convert the multiple spaces used to 
format ls -t into single spaces.


Cheers

M


Test-run:

$ mkdir tull
$ cd tull
$ touch a b c d
$ ls -l
totalt 0
-rw-r--r-- 1 hakon hakon 0 2009-10-14 08:18 a
-rw-r--r-- 1 hakon hakon 0 2009-10-14 08:18 b
-rw-r--r-- 1 hakon hakon 0 2009-10-14 08:18 c
-rw-r--r-- 1 hakon hakon 0 2009-10-14 08:18 d
$ ls | sed '1,2d'
c
d
-

Seems to work here. Standard behaviour for 'ls' is to use 
single-column-mode when output is not to a tty. Your ls command may be 
aliased to something, or it might be a different version from mine. Try 
the manual page. Try with the '-1' option to force single-column-mode.




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: keeping the two latest files on a folder

[Håkon Alstadheim]

Andrew Sackville-West skrev:

On Tue, Oct 13, 2009 at 06:46:31PM -0400, Chris Jones wrote:
  

On Tue, Oct 13, 2009 at 03:35:19PM EDT, Håkon Alstadheim wrote:


Israel Garcia skrev:
  

Hi List,

It's a simple  question but difficult to me :-).

How can I delete all files on a folder / but keeping only the two
latest (newest)  files?

  


untested, run it with 'echo' in front first to test:
rm $(ls -rt | sed '1,2d')
  

sed rocks...!




indeed. wow. 


A
  
Due to all the positive feed-back, I actually tested the "ls -rt"-bit, 
and sure enough, the 'r' makes ls list the newest files _last_, so you 
DON'T want 'r'. This makes the correct command:


rm $(ls -t | sed '1,2d')


You should _still_ test it first using 'echo ', to make sure there are no 
subdirectories in there, and on general principles. Adapt to whatever you have 
in the directory.





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: keeping the two latest files on a folder

[Håkon Alstadheim]

Israel Garcia skrev:

Hi List,

It's a simple  question but difficult to me :-).

How can I delete all files on a folder / but keeping only the two
latest (newest)  files?

  

untested, run it with 'echo' in front first to test:
rm $(ls -rt | sed '1,2d')


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: can exim reject all mail for one recipient?

[Håkon Alstadheim]

Girish Kulkarni skrev:

On Wed, 30 Sep 2009, Ric Otte wrote:

I believe it is bad to use procmail to reject mail, ...


Why is that?

You got a link with a good technical explanation in another reply. The 
importance of that info may not be apparent if you are not familiar with 
how email works. Let me try an analogy. Imagine email is just like 
regular mail exept that everything is delivered by the sender in person 
to a local post-office, which runs a truck with the mail to the 
recipient's local post-office. All recipients pick up their mail at 
their local post-office. A mail-server is a post-office. Every time mail 
enters a post-office, it puts a "Received" line on the envelope, latest 
at the top.


Say you go pick up all your mail and bring it home to sort at the 
kitchen-table. The kitchen-table is procmail. You find junk-mail in the 
pile on your kitchen-table and label it "return to sender" and bring it 
back to the post-office. On the internet all junk-mail in practice has 
forged sender address, so some innocent soul will get his mail-box 
filled with "returns" that are actually not from him. The better way to 
deal with junk-mail is to have your local post-office simply refuse any 
mail from dubious commercial mass-mailers. That way innocent by-standers 
are protected, and resources taken by bringing the junk all the way to 
your kitchen-table are saved. If the mail was in fact not junk, the real 
sender will be notified by his own local post-office of the failure, 
because local post-offices will usually notify local customers when 
their truck was unable to deliver. The recipient's post-office can in 
some cases even inspect the contens of the mail WHILE THE DELIVERY VAN 
IS WAITING and say "No thanks". This is the stage of delivery postfix 
calls "Before-queue", and you want to reject as much as possible at this 
stage, before the mail is put into your P.O.Box. Postfix can also mark 
mail to be filtered, in effect have a clerk go over the mail that is to 
be put into your P.O.Box after the delivery truck has left. At this 
stage postfix can bounce stuff back to the sender (REJECT action), but 
usually it is not advisable to do so. Just let postfix "drop it on the 
floor" (DISCARD action). I imagine exim has similar options.


P.S: One effective way to send out loads of spam, is to send it to 
non-existant adresses hosted on innocent, but misconfigured, 
mail-servers. This misguided, old-fashioned post-office will then 
proceed to deliver the entire mail "back" to the "sender" in its own 
misguided mind, while it actually is helping spread spam by using its 
good name and delivery system to deliver the spam mail to a third party. 
In this day and age incompetence is actually just another name for evil, 
and such old-timers will be summarliy put into a lot of RBL-lists.





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: command for checking executability

[Håkon Alstadheim]

Can-Hua Chen wrote:
hi, I am writing a bash script, and need a way (preferably a 
shell command) to check whether a binary file can run on

the platform before hand.

  
In addition to the permissions and the format, you also need to make 
sure that any needed dynamic libraries are present in a version 
compatible with the binary. The command "ldd /some/executable" will tell 
you what it finds, and what it does not find. A few programmes will load 
"plugins" in an even more dynamic manner. How to make sure those exist 
will depend on the app and architecture.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ssh and X display forwarding

[Håkon Alstadheim]

Jochen Schulz wrote:

Alan Chandler:
  
I ssh into my server, but when I get there the DISPLAY variable is not 
set up, meaning I can't run graphical programs.



What command line are you using?

$ ssh -Y server

should suffice.

  

On my desktop

/etc/kde3/kdm/kdmrc has the ServerArgsLocal=-nolisten TCP commented out



Not necessary.

  

/etc/ssh/ssh_config specifies X11Forwarding as yes
/etc/ssh/sshd_config on the server also allows X11Forwarding



Good.

  
I have run xhost during start up, so the server is an allowed connector 
to my display.



Not necessary.
  
In fact the point of using ssh is to not have to open up your X-server 
other than to localhost. Check the setup of your ssh server. The ssh 
server needs to create a "virtual" X display on the box you ar ssh-ing 
into, and forward that through to your real display. Then the name of 
that virtual display (e.g. localhost:10.0) needs to be allowed into the 
environment on the box you are ssh-ing into. Check the manual 
sshd_config(5).



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Connecting two computers using an ethernet cable

[Håkon Alstadheim]

Celejar wrote:

On Wed, 20 Aug 2008 08:05:35 -0600
Rick Morneau <[EMAIL PROTECTED]> wrote:

  

I have two computers that I would like to transfer files
between.  One runs Debian Etch r3 and the other runs
Fedora Core 2.  They both have ethernet boards.

Can I just connect them with an ethernet cable and run
some program or other to transfer data between them?



Yes.  You'll need either a crossover cable or a switch / hub and
two patch cables.

  
These days most ethernet cards will autodetect and adapt to crossover or 
straight cable. Configure ethernet on both machines with static 
adresses. Pick any that you want, but make sure that they are two 
different adresses and on the same net. Something like:

---/etc/network/interfaces on machine 1:---

iface eth0 inet static
 address 192.168.0.1
 netmask 255.255.255.0
---/etc/network/interfaces on machine 2:---

iface eth0 inet static
 address 192.168.0.2
 netmask 255.255.255.0

-
Then do ifup eth0 on the two machines. run ping ip-adress> to test.

Check manual-pages interfaces(5) and ifup(8).

Then on to setting up sshd, nfs, samba or ftp to transfer files. In 
other words: be prepared to spend some time if you have not done this 
before. You will learn a lot of usefull stuff though.






--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Increase of un-usable PDF usage.

[Håkon Alstadheim]

Mike Mestnik wrote:

Over the past few mouths I've received more unusable PDFs then I've
ever received usable PDFs.  

... snip

I have asked senders to choose a better format, but they keep coming.
Many sites that have PDFs as part of there content do not seam to be
having this problem it's when I get PDFs send via email that there are
issues.

...snip

I have seen windows mail-clients abusing MIME in a way that makes unix 
decoders do unsavory things with line-end characters in binary 
attachments. I don't remember the details, but if you can compare a bad 
pdf with the original (get it on a direct download or on a memory-stick) 
you'll quickly see the badness. (See cmp(1)).


Anyway, if the differences are all in missing and/or mangled CR or LF 
characters, check the source of the email. to see what encoding is used. 
I know for a fact that munpack (from the mpack package) will assume text 
mode if the encoding is quoted printable.


I ended up patching munpack to dissuade it from that assumption. Search 
for \r in the sources to find where you need to patch it. I believe they 
are refusing to "fix" this behaviour upstream because QP is not supposed 
to be used for anything but text. Maybe other mail-clients ar similarly


The version I was working on was different from the one I have now 
(debian testing), but I believe changing decode.c , function fromqp to 
accept the suppressCR argument like from64 does, and changing the calls 
of fromqp accordingly, would fix it. Something along the lines of the 
attached UNTESTED patch should do it.


NOTE the patch is UNTESTED!!

--
Håkon Alstadheim


--- decode.c.orig	2008-07-02 14:00:43.0 +0200
+++ decode.c	2008-07-02 14:16:35.0 +0200
@@ -62,7 +62,7 @@
 char *getParam(params cParams, char *key);
 char *getDispositionFilename(char *disposition);
 void from64(struct part *inpart, FILE *outfile, char **digestp, int suppressCR);
-void fromqp(struct part *inpart, FILE *outfile, char **digestp);
+void fromqp(struct part *inpart, FILE *outfile, char **digestp, int suppressCR);
 void fromnone(struct part *inpart, FILE *outfile, char **digestp);
 int handlePartial(struct part *inpart, char *headers, params contentParams,
 		  int extractText);
@@ -905,7 +905,7 @@
 	break;
 
 case enc_qp:
-	fromqp(inpart, descfile, (char **)0);
+fromqp(inpart, descfile, (char **)0, 1);
 	break;
 
 case enc_base64:
@@ -966,7 +966,7 @@
 	break;
 
 case enc_qp:
-	fromqp(inpart, outfile, &outputmd5);
+	fromqp(inpart, outfile, &outputmd5, suppressCR);
 	break;
 
 case enc_base64:
@@ -1089,7 +1089,7 @@
 if (digestp) *digestp = md5contextTo64(&context);
 }
 
-void fromqp(struct part *inpart, FILE *outfile, char **digestp)
+void fromqp(struct part *inpart, FILE *outfile, char **digestp, suppressCR)
 {
 int c1, c2;
 MD5_CTX context;
@@ -1105,7 +1105,7 @@
 		c2 = part_getc(inpart);
 		c2 = HEXCHAR(c2);
 		c = c1<<4 | c2;
-		if (c != '\r') putc(c, outfile);
+		if (!suppressCR || c != '\r') putc(c, outfile);
 		if (digestp) MD5Update(&context, &c, 1);
 	}
 	} else {

Re: Recover lost (deleted) data in Debian

[Håkon Alstadheim]

Paul Cartwright wrote:

On Mon June 16 2008, Paul Johnson wrote:
  

Copy it back over from your latest backup.

Though, this would require that you are already making backups.  If
you're not, consider this a lesson about why you should, go get yourself
a big, external firewire drive (and a compatible controller if your
machine doesn't support firewire yet) and check out the faubackup
package.



ok, so my Mybook backup is a few months old.. I was using an rsync command 
line to backup my desktop.

never heard of faubackup before!
# faubackup /home /media/disk ( the Mybook 750Gb.. external USB HD)

lets see how long it takes..

yeah, but this was also too late for me:) I uh, managed to wipe out my wifes 
entire Mail folder ( kmail)... ran some stupid command that was supposed to 
do a maildir2mbox conversion. Well, it sorta did, but only the top level 
folders, and it wiped out the entire folders email, including sub folders.. 
and the mbox files were not in subfolder format...
SOOOooo, I had to do a quick mbox2maildir, humbly apologizing that I'll make 
backups more often:) at least before I do anything stupid..


  
Before I run "for d in * ; do mumble $d && rm -rf $d;done" I always 
stick an "echo" in there, so I can se that it will do the right thing. 
Then I hit up-arrow, appropriate number of ^b and ^d to get rid of the echo.


--
Håkon Alstadheim




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [OT] signing a pdf document

[Håkon Alstadheim]

Florian Kulzer wrote:

On Tue, Jun 10, 2008 at 14:30:18 -0500, Hugo Vanwoerkom wrote:
  

Hi,

People I do business with want me to physically sign a contract that  
they send me as a small pdf (22K).


I use Adobe Reader to print it, I sign the printed copy and scan the  
result and send the jpeg image back: 3 pages totalling 891K!


That is ridiculous. Is that the way everybody signs a pdf document?



It is easy to scan your own signature and convert it into a compact
vector-based PDF that can be scaled without loss of quality. I doubt
that this constitutes a true signature in the legal sense, but it is
quite handy, for example to send "signed" documents directly to a fax
pseudo-printer.

To put the signature into an original document, e.g. into a PDF
registration form, I use Latex to superimpose the PDFs, as well as to
fill in any additional data that the form requires. I know no other
approach that preserves the full printing quality of the original PDF
while keeping the final PDF small.

I can post a simple example how to do this with Latex if you are
interested. However, it would be rather obvious from the quality of
latex-produced PDF that the original or contract has not been printed,
signed and rescanned, so maybe your business partners would not accept
such a PDF.

  
Please post, it would be cool. If anybody makes a fuss about receiving 
such a document, tell them you can add a blur-effect and a sprinkling of 
dots to the image and resend it if they want ... Better keep a 
ready-made pdf of some random black dots handy in case they actually say 
yes. Take the TIFF that is produced as intermediary file when sending 
faxes, and run it through some filter in GIMP, add the dots and away you 
go !



--
Håkon Alstadheim
47 35 39 38



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: where did www.debian.org/security/key-rollover/ go?

[Håkon Alstadheim]

Joey Hess wrote:

Eduardo M KALINOWSKI wrote:
  

Here I ran /etc/init.d/ssh restart after purging the host keys, is that
enough or does dpkg-reconfigure do something extra that is necessary?



dpkg-reconfigure openssh-server generates any missing host keys, and 
restarts ssh for you.


  
You still need to remove weak ssh keys from authorized_hosts, which 
neither procedure does.


--
Håkon Alstadheim
47 35 39 38



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ircii question

[Håkon Alstadheim]

s. keeling wrote:

Jude DaShiell <[EMAIL PROTECTED]>:
  
 What package or packages need to be installed so when I connect to an irc 
 server I don't get the message Ident is disabled?



pidentd


  
I would also think something like inetd or xinetd would be good. Identd 
should not need to run all the time, letting (x)inetd fire it up as 
needed would be better.


Hot tip: consider carefully how much you reveal about your machine 
through the ident service.


--
Håkon Alstadheim
47 35 39 38



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: intel network adapter on debian 4.0

[Håkon Alstadheim]

Robert Robert wrote:

Dear All,
I have an intel gigabit ethernet card. When I install it on windows 
with the coming windows drivers, I can click on network connections 
select the card and change stuff like jumbo frames, "Receive 
descriptors" and "Interupt Moderate Rate". Now I have also a linux 
machine with debian 4.0 and kernal 2.6. When I plug in the card it 
seems that there are debian drivers already that comes along with 
debian installation. I can then set it to jumbo frames by setting the 
mtu value. But I have no clue how I should set the "receive 
descriptors" and "Interupt Moderate Rate" value in linux.
Have you checked what options the ethtool(8) command gives you? Compare 
the available options with the docs on the intel site.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How to set up a WLAN?

[Håkon Alstadheim]

Dan H. wrote:


# iwlist scan

wlan1 No scan results

# iwlist freq

wlan1 0 channels
  Current Frequency=3D2.412 GHz

0 channels? I don't get it. Shouldn't I see at least the channels this thing
/could/ do, even if I sat in an EMI-proof building?

  
That seems very wrong yes. Seems to be a problem with the usb variety of 
the driver. There is (/used to be) some mailing-lists and web-sites 
dedicated to the development ov the rt2** drivers. Probably that is 
where you need to go to pursue this issue further. Google is your 
friend, or you could check for any info in the source files (files named 
like README and INSTALL are  good places to look).


Good luck, sorry I don't have any more info.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How to set up a WLAN?

[Håkon Alstadheim]

Daniel Haude wrote:

Hello,

this message is all the more strange since I had wireless up and running
with Debian once. But that system got hosed about a year ago for some reason
or another, and now I've got it set up again and I'm completely stumped with
the WLAN thingy.

$ lsusb
Bus 005 Device 003: ID 2001:3c00 D-Link Corp. [hex] DWL-G122 802.11g rev. B1
[ralink]

OK, this is a Ralink RT2500 chipset. I've built the rt2500usb module and
loaded it. ifconfig wlan0 up worked.

  
Check out module-assistant for automatically building extra modules for 
your kernel.



I'd like to connect to the public network that's set up around the campus.
What do I have to do to make it happen? Everybody else's Windoze and Mac laptop
simply connects to whatever network it happens to find.

  
A standard command to check for available networks is "iwlist scan". Run 
as root.

There is a utility with the promising name "iwspy", but that tells me:

  wlan1 Interface doesn't support wireless statistic collection

Don't know what that means except that it doesn't work.

There are two Debian packages for this chipset: rt2500-source and
rt2x00-source. They provide different modules, but neither really seem to
work.
  
Try building with module assistant. It will help you prepare your system 
for building. run dmesg after loading the module to see any 
error-messages and other info. It should report your card detected. Post 
here if there are messages you don't understand. Never used the usb 
variety, might need something extra loaded for that to work.


Once you have the module loaded and running ok, check out the config 
file /etc/network/interfaces (which has a manual page). Together with 
the results from iwlist, you will have the info you need to make "ifup 
ra0" or "ifup wlan0" work.



For gui use, both kde and gnome have offerings, once you have the needed 
modules loaded.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: UPS question

[Håkon Alstadheim]

Jonathan Jacobs wrote:
I have a new ups and it came with a software disc with the following 
Unix software...AIX, Freebsd, HP, Linux, SCO, Solarus.  Which one do I 
use and or Is there software on the Synaptic Package Manager that I 
should look for? 
You've already got some suggestions for alternative solutions. If the 
UPS is really crappy so it won't work with standard tools, or really 
good so the accompanying software is too good to pass up, you can do the 
following:


Pick the linux software and unpack it. Depending on how it's packaged 
that might be a challenge. Tell us what the file looks like if you need 
help. Key words here are "shar" and "alien". When you've got the files 
unpacked, you'll most likely have some statically linked files that will 
run just fine on debian. Check the binaries (i.e non-scripts) with ldd 
to check that you have any necessary libaries in case it is NOT 
statically linked. If ldd does not list anything missing, you are good 
to go. If something is missing, you might need to install some extra 
packages. The names of the missing libs (possibly aided by google) will 
put you on track of which packages are needed.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: problemas

[Håkon Alstadheim]

Carlos Enrique Carleos Artime wrote:

Hello!

I have a home network with three computers (A, B and C).

Computer A has a direct connection to internet by a cable-modem.
It has interfaces:
- eth0 to internet, uses DHCP
- eth1 to computer B, static IP-address: 192.168.0.2
Its operating system is Debian etch, with default 
IPMASQ configuration.  I added:

 route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.1 eth1
to /etc/init.d/bootmisc.sh (first) and to /etc/init.d/ipmasq (then)

Computer B is connected to both A and C.
Its interfaces:
- rl0 to computer A, IP 192.168.0.1
- ural0 to computer B, IP 192.168.2.1
It runs FreeBSD 6.3, confirgured while install to be gateway.

Computer C is connected to B.  Interface:
- ural0 to computer B, IP 192.168.2.2
It has FreeBSD 6.3 and OpenBSD 4.0.

  

(snip)

One more information item to check: what range of addresses is assigned 
on eth0? Better make sure that it is not in 192.168.0.0/16 (i.e. not in 
a subnet of that /16).




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: compatibility problems

[Håkon Alstadheim]

John Hasler wrote:

Andrei writes:
  

There are modems that also do the pppoe part.



This is true.  Those ones also usually also handle NAT and DHCP.  They are
often "plug and play" with any operating system (except for entering the
username and password the ISP gave you via the Web server in the modem).
The "driver" AT&T wants you to install is just full of crapware that they
want on your computer.

  
If the modem provides straight ethernet (no pppoe or other specialities 
required), then the docs that come with your modem will usually tell you 
what ip-address the modem will have.


Plug everything in per the instructions, enable the interface with dhcp 
and browse to said address. If the docs say nothing, watch the output 
from your dhcp client to find the ip of the modem.




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Finding the name server owning a domain name

[Håkon Alstadheim]

Micha Feigin wrote:

Is there a way to find which domain name server owns a given domain name? I
don't want to lookup the IP address but rather where the name is defined.
  

whois(1)


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: view the exit status from command line

[Håkon Alstadheim]

Ken Irving wrote:

On Wed, Aug 15, 2007 at 04:21:17PM +0200, Sven Joachim wrote:
  

Kamaraju S Kusumanchi <[EMAIL PROTECTED]> writes:



I want to know if the command exited with status zero or non-zero. Can
this be done in a simple way?
  

$test -x debian/rules; echo $?



Thanks. Exactly what I am after!
  

Here's a $0.02 recipe from my ~/.bashrc:

if [ "$PS1" ]; then
   PROMPT_COMMAND='echo -n "$? "'
fi

This way, an interactive bash will print the exit status of the last
command before its prompt, so you can _always_ see it.  Very handy,
IMO. :-)



Thanks for this great idea!

  


You don't need a command (at least with the versions of bash I've used 
the last 10 years), just make sure the variable does not get expanded 
before it is assigned to PS1. Like so: PS1='$?\$ '. now try executing 
/bin/true and /bin/false.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How Can I Setup procmail to deliver into /var/mail

[Håkon Alstadheim]

Orestes leal wrote:

Hi Folks!

I have a simple configuration that trouhg fetchmail procmail deliver all mail to
/var/spool/mail, the thing it's that I want procmail deliver all mails to 
/var/mail.
Only that, thanks to all of you folks.

  
Why ? Why not just make a symlink? If you must, you can set $DEFAULT to 
/var/mail/$LOGNAME.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: why linux?

[Håkon Alstadheim]

(mail sent both to list and OP)
S C wrote:
> I agree that you have to apply yourself, but when you
> are simply applying yourself to run in circles it gets
> frustrating.
Take a deep breath, regroup and attack from a different angle :-)
>   Plus, my computer needs a device to
> switch it off when I get overtired.
I'm looking for one to switch me off...
> As mentione, I need a jumping off place and a
> methodology to follow and a way to know that the
> information I am getting is current or applies to 2.8
> or something worse.
>   
The current information starts in your machine, ...(read on)
> It'll come.  I used to program IBM mainframes; in many
> ways that was worse.  If you don't believe me, try
> reading IBM documentation.
>
>   
This is a good starting point. You should be comfortable using the tools
described in "The Unix Programming environment", which is a gem of a
book by Kernighan and Pike. ~300 pages. Well written without being
chatty. (A more modern descendant exists, i forget its name. At this
level being modern is not important). ANY well stocked library should
have it. Assimilate the contents and add one or two modernizations like
using "less(1)" instead of "more(1)". Sit down and READ the manual page
for less. This will give you the necessary tools to find your way around
YOUR machine. Learn a text-editor, either vi or emacs (descendant).
Getting this far will equip you to follow the workings of your machine,
find the point where it does not do what you want and ask pertinent
questions in forums such as this.

An alternative approach is to get someone to set up the machine for you,
or get a more user-friendly distro, like ubuntu (which I've never used).

A third approach (orthogonal to the two first) is: try a bootable CD,
like knoppix. See what they offer in their menus and see how they do
things. Take the tips you like back to your work on your debian machine.
Debian almost always offers a package of anything that catches your
fancy in some other distro.

-- 
Håkon Alstadheim / N-7510 Skatval / email:[EMAIL PROTECTED]
tlf: 74 82 60 27 mob: 47 35 39 38
http://alstadheim.priv.no/hakon/ 
spamtrap: [EMAIL PROTECTED] -- 1 hit & you are out


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: list running applications

[Håkon Alstadheim]

BartlebyScrivener wrote:
> Hello,
>
> I have been play with the ps command and trying various options. Is
> there an option combo that will show me just the running applications:
> firefox, gvim, mutt, etc? Or another Linux command that will show me
> just the applications I have opened in various terminals? I'm looking
> for the equivalent of what you get on Windows XP when you triple
> finger and select the applications tab instead of the processes tab.
> Oh, using fluxbox for a window manager, if that matters, but I also
> know gnome pretty well.
>
>   
The wmctrl command with the -l option will list windows on your current
display, given a supportive window-manager. fluxbox is one such. Other
options _might_ get you the name of the command owning (a) window(s),
but that is entirely up to the command. The kernel knows nothing about
what process has a window open. For non-X apps, check the tty field of
the ps output. Interactive commands will have a controlling tty.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: undelete from XFS

[Håkon Alstadheim]

Roberto C. Sanchez wrote:
> On Tue, Mar 06, 2007 at 02:56:48AM +0530, Siju George wrote:
>   
>> yes the sad fact is there is no undelete for XFS! - is it so?
>>
>> restoring from backup then :-(
>>
>> 
> Yep.  A recent backup is your only hope, unless you want to spend
> thousands of dollars on a data recovery service, which may or may not
> recover your data.
>
> Regards,
>
>   
(only half-joking):
dd if=/dev/ | strings | lpr

Be ready with lots of paper. Get out scissors and glue. Invite all the
puzzle buffs you know over, offer pizza and prizes to whoever finds the
data you need.

You might want to spend some time working on that command-line before
you commit to spending all that money on paper, glue, pizza and whatever.

If any of the data you are after was encrypted, or even just zipped, or
even in MS-Word format, you might want to give up right away.

-- 
Håkon Alstadheim 
spamtrap: [EMAIL PROTECTED] -- 1 hit & you are out


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: XP Blocking CD Boot

[Håkon Alstadheim]

Joe Hart wrote:
> Thomas H. George wrote:
> > I built a new computer with two hard drives and installed XP Home
> > Edition on the first drive.  The second drive contains my Debian system
> > - kernel 2.6.17 and Testing.  I intended to use disc 1 of a Sarge
> > installation set as a rescue disk to access hdb and run lilo to convert
> > this box to a dual boot box.
>
> > After XP was installed the system will no longer boot from a CD.  Even
> > after I entered BIOS setup and changed the first, second and third boot
> > choices to CDROM the system still persists in booting from the hard
> drive.
>
> > What can I do to regain control?
>
> > Tom George
>
>
> It has to be your BIOS.  XP cannot change how your computer boots other
> than modifying the MBR of the primary HD, which _could_ cause your
> computer not to see your Debian, but you still should be able to boot
> from CD.  Unless your BIOS is messed up.
True, however if the CD is bad (scratched ?) , the bios might have some
hidden, automatic fallback which makes it boot from the first
hard-drive. Make sure the CD is still bootable, e.g. by trying it on
some other machine. Also, check the cables on your CD-drive.
-- 
Håkon Alstadheim
http://alstadheim.priv.no/hakon/
spamtrap: [EMAIL PROTECTED] -- 1 hit & you are out


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: why is grep behaving this way ?

[Håkon Alstadheim]

Salvatore Iovene wrote:
> On Fri, Mar 02, 2007 at 03:07:37PM +0530, Bhasker C V wrote:
>   
>> [EMAIL PROTECTED] ~]$ who | grep `logname`
>> logname: no login name
>> Usage: grep [OPTION]... PATTERN [FILE]...
>> Try `grep --help' for more information.
>> 
>
> Weird. Consiedering that this works:
>
> who | grep `whoami`
>
> Where's the catch?
>
>   
I'm running SuSE, and can reproduce the problem here. Seems logname does
something weird when stdin is not your tty. Check this out:

[EMAIL PROTECTED]:0$ logname

Re: Kernel install problem

[Håkon Alstadheim]

Roberto C. Sanchez wrote:
> On Thu, Mar 01, 2007 at 12:09:49PM -0500, Kevin Mark wrote:
>   
>> why do you use "/boot/boot/grub/" and not the default "/boot/grub/"?
>> what is in /boot/grub/menu.lst vs /boot/boot/grub/menu.lst ?
>>
>> 
> Using /boot/boot/grub is necessary when /boot is its own filesystem.
>
>   
I'd think most people with that setup have /boot/boot symlinked to /boot ?

-- 
Håkon Alstadheimtlf: 74 82 60 27 mob: 47 35 39 38
7510 Skatval
http://alstadheim.priv.no/hakon/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: question about dns server at home

[Håkon Alstadheim]

Jordi wrote:
> Thanks to all for the suggestions
>
> As I am beginning, I find some confusing.
>
> I have static ip, bought it to my provider.
>
> As I use it for my server, as I want to have my domain name not
> depending on dyndns or others, and find more reliable a static ip, I
> bought a static ip.
>   
Good, especially if you want to run a mail-server. You might still need
to use your upstream provider as smarthost (a.k.a relayhost), but a
static ip is definitely good if you want to be taken seriously. (btw, I
believe dyndns also do static IPs).
> So I need that IP for my home server.
>
> If I need another IP for a dns server, and must have the dns server in
> another place or pc, I think I should not do a dns server. For I need
> my IP for my WEB server and can't have other pc in other home ( I just
> have only ONE home lol!)
>
> Now this will be a home server but maybe I try to make some business
> with it, so I must not use a free service that forbides wining money
> or use commercialy.
>
>   
Check out Zoneedit.com. They do both free and very cheap. I have no
affiliation, I'm just a happy customer. They have just recently started
doing registrar-business, I haven't tried that part, but I am happy with
the rest of what they provide.
> Tell me if there is something wrong in what I said!
>
> By the way, I think I missed something...what more do I need now to
> have my server ?
> Is this? :
> 1) Contract a domain name
>   
I.e. you need a registrar.
> 2) Contract someone to deal internet traffic from that domain name to
> my static public ip ??
>
>   
I.e. you need a DNS-service.
> Can these 2 things be done by the same company for a reasonable year
> price?
>   
Yes. Like I said, check out Zoneedit.com. Others have given you other
suggestions. Shop around. At the same time, I recommend reading up on
TCP-IP networking, DNS etc. It helps a lot if you understand exactly
what it is you are paying for.
> Does it matter if I am in Spain ? Should I go to a spanish domain
> seller or can I sell this services anywere?
>   
If you want .com or .net, you need a US-based registrar. If you want
.es, you need a spanish one. There are probably spanish
registrars/domain-resellers that will help you register .com or .net
domains, but it will probably be cheaper to go with a US-based one. No
matter which registrar you pick, it is technically possible for them to
set SOA to a DNS-server at a completely different company. The policy of
certain registrars or DNS providers might be more restrictive though.
-- 

Håkon Alstadheim



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: question about dns server at home

[Håkon Alstadheim]

Jordi wrote:
> Hello.
>
> I would like to ask questions about DNS servers:
>
> 1) What is needed to host my own domain name at home? Do I need 2
> static public ip? Or just one? If I need 2, do I need 2 dsl
> connections?
>   
A zone needs 2 or more name-servers. To the outside they will look the
same, internally one will be slave. For full control you might want to
run the master nameserver yourself. A slave should be be at a different
location. Either get somebody to reciprocate (you serve his domain, he
serves yours), or get some cheap/free outside service. I'd opt to not
serve as public dns server myself. Rather go to a place like
zoneedit.com. It is easy and virtually free. To assess your options,
install bind and get familiar with it. Run it to serve names locally.
Get a book on DNS&bind.
> 2) Does it consume many resources? Is the access to my web server
> faster or slower if I host my domain name in it than having others
> doing it?
>
>   
If somebody wants your ip-adress they are going to send you an email or
request a web-page or whatever. A DNS lookup is insignificant in comparison.
> Resume:  is hosting my domain name a good idea? Or just simply stupid?
>   
At least it is a learning experience. If you only have one public
ip-adress there is not really any point, since that one public ip has to
remain static. If it ever were to change, the glue-record in your
parent-zone would have to change so you would need to involve outside
people, i.e. the independence would be illusory. If you have more than
one public ip-adress, you would be able to implement changes to that
second address without involving outside parties (execpt for the
automatic zone-transfer to your secondary DNS-server).

-- 
Håkon Alstadheim



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Number of OT Posts

[Håkon Alstadheim]

Paul Johnson wrote:
> Andrew Myers wrote:
>
>   
>> When you're on the digest that is not an option.  Please consider us. :-(
>> 
> Yes, actually, it is, the same as it is for everybody else.
>
> You're supposed to undigest digests back into their component messages after
> receiving the digest, where you can then manage the list as if you received
> every message individually.  You can find out how to do this in the
> procmailex(5) man page.
>   

Good call on the manual page. I forgot the '+1' argument to formail,
which would make my example create an infinite loop ... Chalk it up to
my agitation at seeing "not an option". :-/. Forgetting the -d would
also make the whole thing not work. Consider me duly chastised.

Still, these days with pop3 and imap, i believe most people will be
happier with re-inserting the split digest to the mail-queue than just
dumping to an mbox file, so my post was not entirely without merit.
-- 

Håkon Alstadheim


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: updated iceweasel firefox now hijacked from homepage to ads!

[Håkon Alstadheim]

Michael Marsh wrote:
> On 2/27/07, Nyizsnyik Ferenc <[EMAIL PROTECTED]> wrote:
>> http://firefox/ redirects to http://www.mozilla.com/en-US/ .
>> (Using Firefox 1.0.4 in Sarge.) This feature may be (likely) missing
>> from Iceweasel.
>
> No, it's a DNS issue.  If "firefox" isn't found, the browser will
> generally try "firefox.com", which sends you to the appropriate
> mozilla server.  It's possible that some ISPs are responding to all
> lookups with a "valid" address, which just happens to be an
> advertising site if there's no actual resolution.
>
I recently stumbled over a partial work-around if you are running your
own cacheing named, don't remember where I saw it. Set up bind as usual,
forwarding requests to the (broken) DNS-server at your ISP, then put the
following in named.conf:
zone "COM" { type delegation-only; };
zone "NET" { type delegation-only; };
This will make named not accept resource-records directly in top-level
zones ".com" and ".net", i.e. if there is no forwarded authority, named
will not accept the greedy ISPs suggestion that their advertising-server
is the correct address of your mistyped-url.

Now, zone "FIREFOX" is not mentioned there in my snippet above, so the
erroneous "domain" firefox would still slip through. I don't know if
`zone "." { type delegation-only }' would mess you up and/or give you
the desired NXDOMAIN (i.e non-existent-domain) reply. There are maybe
some legitimate records served directly by the root name servers that
you would loose access to. I believe it is worth a try though. Try
googling on the snippet, that should give you more info such as which
version of bind is required for this to work.

-- 
Håkon Alstadheim


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Number of OT Posts

[Håkon Alstadheim]

Andrew Myers wrote:
[somebody wrote "filter filter filter"
> When you're on the digest that is not an option.  Please consider us. :-(
Well, duh, you run some kind of *nix don't you ?

Assuming you have procmail and formail available, you set up a procmail
rule to feed the digests to formail, and from formail you get each
individual mail so you can filter them, e.g. with procmail. -s is the
option to formail to get it to split the digests.

Something like this in .procmailrc:


:0w
* ^Subject: 
| formail -s some-script-or-app-to-filter

some-script-or-app-to-filter might be as simple as "sendmail
". In that case you do not need a script, you
just put the sendmail command directly in the procmail rule. Then you
can have a second set of filters either in procmailrc or in your MUA to
handle the individual mails according to subject or thread-id or whatever.

-- 
Håkon Alstadheimtlf: 74 82 60 27 mob: 47 35 39 38
7510 Skatval
http://alstadheim.priv.no/hakon/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [OT] Re: help with debian

[Håkon Alstadheim]

Ron Johnson wrote:
> Well, there's mutt which is TUI.  GNOME Evolution has Reply To List,
> and Icedove has an extension which adds Reply To List.  That's what
> I use.
I've tried (several times) finding that extension. Care to tell what it
is called?
-- 
Håkon Alstadheim


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Old Computer Parts

[Håkon Alstadheim]

Joe Hart wrote:
[snip]
> I even sometimes use links to browse the web.  grml is one of my
> favorite distros because of the 'text tools' approach.  If I could
> somehow merge a few different distros into my own, well that would be
> the ultimate, but I have a few years to go before I can take something
> like that on.
A sensible middle ground is to keep debian on your produciton machines
and run grml (or whatever distro catches your fancy) on your
"toolbox"-machines. Then, as you go along and learn the toolsets of grml
(or whatever), you will almost always be able to find a package for
debian with that tool. In essence you can tweak your package-selection
in debian in any direction, be it grml-ish, SuSE-ish or whatever.

This is where I think the debian package system really shines, debian
will adapt to your way of working. You just need to know the names of
the apps/tools you need to get there.
-- 
Håkon Alstadheim tlf: 74 82 60 27 mob: 47 35 39 38
7510 Skatval
http://alstadheim.priv.no/hakon/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: How to tell if a Linux machine is a zombie?

[Håkon Alstadheim]

Kamaraju Kusumanchi wrote:

On Monday 08 January 2007 14:13, Russell L. Harris wrote:

  

So, before I preach about the dangers of spyware and zombies to my
buddies using Window$, how can I be certain that my own Debian machine
has not been compromised and has not become a zombie?  Is there a
simple test which I can run on a weekly basis?




You can use senderbase statistics to see if there is a huge increase in email 
activity from the IP address under consideration.


For example, if you visit

http://www.senderbase.org/search?searchString=204.13.69.220

It says that on average the machine sends 10^2.9 emails per day. In the last 
30 days, it sent 10^3.6 emails per day. Last day (ie yesterday) it sent 
10^4.9 emails. The trend clearly indiciates that there has been an increase 
in email activity which might correlate with the machine being a zombie.


This is not a fool proof test. But I have seen people being referred to this 
website on spamcop forums, news groups.


  
Also check dshield to see if your machine has tried to get in anywhere. 
Go to http://www.dshield.org/ipinfo.html?ip=.


Some entries are benign noise, but if you see several thousand hits on 
port 22, you are probably owned.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: postfix relay smtp authentication

[Håkon Alstadheim]

Martin Fuzzey wrote:

Hi,

I have been succesfully running postfix on Sarge as a local mailserver 
relaying all outbound mail (from multiple internal accounts) to my ISP.


However my ISP has just decided to require SMTP authentication.

I have set up SASL following the postfix documentation and the 
authentication phase succeeds, *however* postfix does not include the 
authenticated sender address in the AUTH section of the MAIL FROM 
message and my ISP is still refusing the message :((



...patch snipped ...


This works BUT only for a single user since the postfix version in 
sarge (2.1.5) doesn't implement the 
smtp_sender_dependent_authentication option and my ISP actually wants 
the correct password for each email address (not just a single one for 
all addresses associated with the account.


Are you sure about that? I tested a couple of weeks ago, and mail from 
me went through without trouble. If you are right, handling bounces for 
your users (and mine) might become tedious. Do you have a solution?


Anyway, to get around the whole thing you can set smarthost like so, to 
use the gateway for commercial customers:


relayhost = [smtp.tele2bedrift.no]

Caveat: I talked to their support-staff before setting this up, so they 
may have added my IP to some "allowed senders" list. I don't think so 
though.


The gateway for commercial customers does not require authentication 
when you are coming from inside their network. They run spamassassin on 
everything going through there, so they have managed to keep that server 
off most rbls.


--
Håkon Alstadheim  priv: +47 74 82 60 27
7510 Skatval   mob: +47 47 35 39 38
http://alstadheim.priv.no/hakon/   job: +47 93 41 70 55

Re: backup archive format saved to disk

[Håkon Alstadheim]

Mike McCarty wrote:


Peas also fall into this category. I don't know whether I could
find examples which are not related to food, but believe me, the
issue is if you ask "how many" then you want an actual count,
and anything not counted is not a "many", but rather a "much".



How much timber, how many logs.
How much water, how many litres
How much pain, how many wounds.
How much confusion, how many words, how much verbiage.

--
Håkon Alstadheim  priv: +47 74 82 60 27
7510 Skatval   mob: +47 47 35 39 38
http://alstadheim.priv.no/hakon/   job: +47 93 41 70 55

Re: seting up outgoing mail (smtp) on home system (adsl)

[Håkon Alstadheim]

ae roy roy wrote:

I would like to send system-mail (mail that otherwise is sent to [EMAIL 
PROTECTED]) to my real mailadresse, which I read all the time. My outgoing 
smtp-server that I use is mail.lyse.no.
I'm not going to recieve mail on this, only send mail out.

Anybody have an url to some easy documentation?

  


Depends on the MTA you choose (postfix or exim are good choices) . 
Basically you want a single configuration entry, usually goes in 
/etc/aliases (at least if you are using sendmail or postfix for MTA). 
The entry should be 'root: \root, [EMAIL PROTECTED]'. The 
'\root,' thing makes it also put a copy locally. It is optional, but it 
is a good idea for when you are off the net and doing emergency 
maintenance.


Extra: for setting up an MTA, you want to find an option called 
smarthost, this should be configured to whatever your internet provider 
says is your "server for outgoing mail". This is nessesary if you ever 
use your local MTA to deliver mail outside your ISP's network.


--
Håkon Alstadheim  priv: +47 74 82 60 27
7510 Skatval   mob: +47 47 35 39 38
http://alstadheim.priv.no/hakon/   job: +47 93 41 70 55

Re: Recent spam increase

[Håkon Alstadheim]

Mike McCarty wrote:
[about the penny-stock image spams]

Yes, I get several a day myself. The actual "text" of the message is
often actually an image, while the body of the message is randomly
selected sentences or words from a collection which would make a
Bayesian filter delete most of my e-mail.

I delete them by hand, to prevent messing up my other filter which
is working reasonably well ...(snip)

I use a statistical filter (aka "bayesian") that seems to do a 
reasonable job. I block most of the spam I get directly by other means, 
but I submit some of the stock-peddling image spams I get through 
mailing-lists to the filter. Since I began running the filter I've 
received 30453 non-spam messages, caught 882 spams and had 36 false 
positives, and it has been ages since the last false positive. This is 
while submitting 202 mails for training puposes., that were missed by 
the filter. Like I said, the spams I want to catch is just from a couple 
of mailinglists that have been particuliarly badly hit, hence the low 
spam ratio.


The filter I use is known as dspam <http://dspam.nuclearelephant.com/>. 
I believe you might be pleasantly surprised by the other implementations 
aswell. The filter has more than the message text to work with. 
Everything from the MIME headers to the message headers contribute in 
characterizing the mail, so even though the text is random dspam will 
catch the spam.

--

Håkon Alstadheim

Re: spamcop

[Håkon Alstadheim]

s. keeling wrote:

Here's some
aliases to help you look up the originator's complaint address which
you can Cc: in the same mail to get the originator's account killed
(there may be others, and I'd appreciate hearing about them :-):

   afnic='whois -h whois.afrinic.net'
   apnic='whois -h whois.apnic.net'
   arin='whois -h whois.arin.net \+'
   brnic='whois -h whois.registro.br'
   jpnic='whois -h whois.nic.ad.jp'
   krnic='whois -h whois.krnic.net'
   lacnic='whois -h whois.lacnic.net'
   ripe='whois -h whois.ripe.net'

  

Check out the gwhois package in debian, the /etc/gwhois/pattern file.

--
Håkon Alstadheim  priv: +47 74 82 60 27
7510 Skatval   mob: +47 47 35 39 38
http://alstadheim.priv.no/hakon/   job: +47 93 41 70 55

Re: How to perform search in gnome terminal?

[Håkon Alstadheim]

Jochen Schulz wrote:

Roberto C. Sanchez:
  

Rodolfo Medina wrote:


Search for a word or an expression in the whole terminal `history'.
This is very useful, almost indispensable in some cases.
I used to use that quite often with KDE graphical environment,
before switching to Gnome.
  

Assuming you are using bash, you can use Ctrl-R to search back through
your command history.



I suppose the OP wants to search the output history. But except from
using screen I have no solution either.

J.
  

Emacs. M-x shell.
Run C-h t to get a tutorial, including terminology and key-bindings.


(apologies for having sent this to Jochen and not the list on my first try)


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Hello Nethelpers [SSH / PUTTY]Strange behaviour with telnetd

[Håkon Alstadheim]

JB MORLA wrote:

Hi,
 
I have installed sshd on Debian and PuTTY on XP.
 
PuTTY only connects via SSH when the line: telnetd is in 
inetd.conf not commented.
Are you sure putty is connecting via SSH? I have sometimes seen putty 
come up with telnet as the default protocol. Make sure you click to use 
SSH rather than telnet in putty before you try connecting. Watch the 
logs on the linux side to see what your client is actually doing. 
/var/log/auth is the place to look, or /var/log/messages if your system 
is not to busy. Use "less -S /var/log/messages".  Hit "F" to get a 
running display as the file updates. Make sure you read the help at the 
bottom of the screen.
 
There is something else I don't understand
 
Suppose I generate a key on one pc using keygen, how do I copy it to 
the other machine?
 
So far I understand that both pc must have the same private key in 
order to

encrypt/decrypt data traveling over ethernet?
Read "man ssh-keygen" on the linux side. At the end, in the end of the 
"Files" section it tells you what to do.  Just add the public key from 
the windows-box to the authorized_keys file. Paste it in. Create the 
file if it does not exist. You can find an "scp" file-transfer program 
for your windows box the same place you found putty.
 
Please help if you can
 
John B.
 
 
 



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Poster to this lists email address not obfuscated? If so it makes this list a heaven for spam bots...:-(

[Håkon Alstadheim]

s. keeling wrote:


Incoming from Florian Kulzer:
 


s. keeling wrote:
   


Consider joining my (ad hoc) "Poison The Well" project:

http://www.spots.ab.ca/~keeling/emails.html
 


Maybe I misunderstand what you are doing, but aren't you increasing the
spam load for people whose real email addresses are used/forged as the
sender address by the spammers? How do you make sure not to include any
addresses of legitimate users in your list?
   



They're already being used.  I receive spam addressed from
[EMAIL PROTECTED], which doesn't surprise me.  "My posting them ...
isn't going to let any cats out of any bags that aren't already out."

I'll happily remove any entry from the list when requested, and so far
I've not received any such request.  I'm just trying to increase the
noise in their S/N ratio, that's all.


 

Pardon my bluntness, but yor scheme is just dumb. The vast majority of 
sender-adresses on spam emails are spoofed. Look up e-mail spoof in any 
online dictionary. The poor people you are displaying are probably 
already getting so much spam (since by necessity must exist in the 
spammer databases to be used as from-adresses) that they cannot imagine 
contacting you to get removed if they ever knew of your list in the 
first place.


Spamcop does not list sites based on sender address, they use the 
hostnames of the machines the mail has passed through, tracing back to 
where the email entered your network. Then every host before that 
becomses suspect. Cross referencing several reports, they find 
entry-points into the global mail-system that are bad. Those hosts get 
listed if they keep offending. See www.spamcop.net.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Proposed change for subscriptions...

[Håkon Alstadheim]

Dave Sherohman wrote:


On Sun, Mar 12, 2006 at 07:03:03PM -0500, Gene Heskett wrote:
 

However, I am still doing the destination sorting via kmail, so I could 
pick d-u off before it checks the headers SA adds, but I see little or 
nothing to be gained by that in the real world.


But that is one way I suppose.  I suppose one could write a procmail 
rule to bypass the SA run there, but again, to what real world effect?
   



One of Steve's major issues appears to be a concern that spam coming
from d-u could train his bayesian filters to establish a positive
correlation between d-u and spam, causing d-u to generate false
positives.

This does happen, but after a while firefox' filters will learn that 
this was a mistake. I find it much easier to get firefox' filters into 
shape by letting it just mark the messages it deletes, but still show 
them in the mailbox. That way it is easy to press "del" on the mail to 
undelete it, and then click the junk icon to mark it as non-spam. The 
red Xes also serve as a reminder to do a "compact folders".



 Ignoring SA's headers on d-u mail would do nothing to
prevent this (mis)training of the filters, which would be the reason
to bypass SA entirely for mail from the list.

 

SA or no, the filter will learn that some and only some of the mail from 
a specific sender is junk. At first it will tend to mark all list-mail 
as good, then it might swing over into marking all list-mail as bad, but 
after a while it does stabilize on basically ignoring the sender info if 
it is from a list.


I also have to say that debian-users is pretty low on junk-content 
compared to some other lists I frequent.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]