Re: Keys management (SSH, GPG)

[Jeremy T. Bouse]

On 2/9/2017 11:59 AM, Shin Ice wrote:
> Hi,
>
> Am 09.02.17 um 01:20 schrieb commentsab...@riseup.net:
>> Hello,
>>
>> I am a Debian 8.7 user.
>>
>>
>> # SSH
>>
>> I would like to know if there is an efficient way to manage SSH keys?
>>
>> I have multiple SSH keys (rsa, ed25519) that I use all day long to
>> either connect to servers via ssh or to work with on remote servers.
>>
>> I would like to know if there it is possible to unlock my keys (being
>> prompted once for their passwords) when the my session starts and keep
>> them unlocked until the session is closed.
>>
>> I have found information about ssh-agent and ssh-add but it doesn't
>> provide the behavior that I would like to reach in the sense that I have
>> to manually...
>>
>>> eval `ssh-agent -s`
>>> ssh-add /path/to/my-key1
>>> ssh-add /path/to/my-key2
>>> ssh-add /path/to/my-key3
>>> ssh-add /path/to/my-key4
>> ... every time I open/close my session (while I would like to just have
>> to provide my passwords). Furthermore, it seems that my ed25519 keys do
>> not remain cached for more than a couple of minutes (while the rsa4096
>> ones remain without problem).
>>
> I'm using "keychain" on my system and it works as desired.
> You can add it to your .bashrc or create a short script to invoke with
> all your keys.
>
> Greetings
> Shin
>
I may, or may not, have been accused of going the route of overkill
and paranoid, but personally my SSH authentication key is actually on an
OpenPGP v2 smartcard and I use the GnuPG 2.x gpg-agent with ssh-agent
support.



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Jeremy T. Bouse]

On 2/18/2016 5:05 PM, Roman wrote:
> Seriously, you have to trust someone to achieve goals. So accessing
> server via ssh keys is pretty normal and secure + ldaps auth of course
> (centralized account management), so if someone leaves, just disable
> his account. sudo supports ldap auth, kind of on group level, so if
> user even got into a server for some reason, he can't become root,
> because his account was deleted and not in sudo enebled group anymore.
>
> After you configure the ldap and sudo for this scenario,  just disable
> password auth and  root login in ssh conf. Also setup firewall to
> enable ssh from known IP addresses only (here comes VPN into the game,
> if needed) and move SSH port to something else, but 22. You will be as
> safe as ldap and ssh and ssl are (exploits, exploits.. they're
> everywhere, you can't be 100% secure unless you disconnect the network
> cable from your server, remove the keyboard and USB ports)
>
> So basically security is all about trusting. You HAVE to choose whom
> (and what) you trust. 
> -- 
> Best regards,
> Roman.

I can show a couple examples of just simply having the centralized
account management can fail... in both cases the password was locked but
I had an SSH identity key already setup on the account. I was till able
to log into the server even with my account locked in the LDAP
centralized account management because the SSH keys were still
authorized. As well I had password-less sudo "NOPASSWD:" entries so I
still had full admin rights while being locked out.

All that to say, don't just assume things are secure you have to
verify and maintain it.



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Jeremy T. Bouse]

On 2/17/2016 3:31 PM, Tom Browder wrote:
> On Wed, Feb 17, 2016 at 9:33 AM, Jeremy T. Bouse
>  wrote:
>> Setting SSH "PermitRoot no" and "PasswordAuthentication no" are good
>> starts... I'd also check that "ChallengeResponseAuthentication no" is set as
>> well as some PAM modules will utilize it and be able to get around passwords
>> being entered as well as "UsePAM no"
> Okay.
>
>> I do agree locking the root password isn't advisable. As I use
>> configuration management/automation to handle my servers I simply set the
>> root password to generated password that only I know the algorithm to
>> reproduce it when I need to,
> Can you give more details on the process (at least generally)?
It's a technique I picked up from a past job... We took several pieces
of information we'd know about a machine and concatenated it together
with a delimiter character, then hashed it and cut it to length then
used that as the password. So it was then encrypted with the appropriate
password crypt routine for the host. If we needed the root password we
could regenerate it from the information but rarely needed it outside of
a DR situation.
>> but enable sudoers for all other 'root' access.
> Can one use that method and restrict use of "sudo su?"
You can restrict which commands can be executed and limit sudo to only
running certain commands at all. I don't use 'sudo su' as it's quite
redundant. When I do want a root shell I just do 'sudo -i' which I'm not
certain that can be restricted or not I'd have the RTFM on sudo to
investigate. Another thing I do on certain accounts is enable full input
and output logging so I can actually replay their sudo session in it's
entirety. I've had to do this before where we've been forced to give
sudo access to dev admins on a dev box and then they break things and
ask us to help them fix it. We grew tired of hearing "nothing" in
response to asking them what they changed, so we enabled the logging. We
use the same sudoers file site-wide as it's pushed out to all boxes.

>> I also go further by utilizing Duo Security as a MFA for SSH logins to
>> my servers for accounts authorized to log in.
> Hm, so you do allow some accounts password access?
Actually none of the user accounts have password access... All
access is via SSH identity keys that are pushed out via the config
management/automation process. Users can later add keys but the keys
managed via conf mgmt/automation are controlled exclusively from there
so they can be revoked and enforced.
> Thanks, Jeremy!
>
> Best,
>
> -Tom
>




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

[Jeremy T. Bouse]

Setting SSH "PermitRoot no" and "PasswordAuthentication no" are good
starts... I'd also check that "ChallengeResponseAuthentication no" is
set as well as some PAM modules will utilize it and be able to get
around passwords being entered as well as "UsePAM no"

I do agree locking the root password isn't advisable. As I use
configuration management/automation to handle my servers I simply set
the root password to generated password that only I know the algorithm
to reproduce it when I need to, but enable sudoers for all other 'root'
access.

I also go further by utilizing Duo Security as a MFA for SSH logins
to my servers for accounts authorized to log in.

On 2/17/2016 10:26 AM, Peter Ludikovsky wrote:
> More or less. What I wouldn't agree with is locking the root account
> completely, because, like Thomas said, you'll be locked out should you
> ever be dropped to a rescue shell due to an hardware error.
>
> Regards,
> /peter
>
> Am 17.02.2016 um 15:56 schrieb Tom Browder:
> > On Wed, Feb 17, 2016 at 8:23 AM, Peter Ludikovsky
> >  wrote:
> >> -BEGIN PGP SIGNED MESSAGE-
> > ...
>
> > Thanks, Peter.  Do you agree with Darac's solution?
>
> > Best,
>
> > -Tom
>
>




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Looking for cheap low-end VPS providers in the USA

[Jeremy T. Bouse]

I use Linode (linode.com) and Digital Ocean (digitalocean.com)
personally currently. I've looked at Vultr (vultr.com) recently as well
after a discussion without our local LUG mailing list as well. I use the
first two though because they are fully supported by SaltStack's
salt-cloud which allows me to easily provision from my salt-master.

On 1/25/2016 4:16 AM, J Mo wrote:
>
> Hello everyone
>
> I am looking for a new low-end VPS provider in the USA. Does anyone
> have any recommendations?
>
> I am dumping one of my old providers soon. It took them 6+ months to
> support Debian 8 and they just don't seem to care about supporting
> Debian in general.
>
> I don't have a preference regarding Xen, KVM, or OpenVZ.
>
> These are tiny low-end VPSes like they advertise at lowendbox.com.
> Unfortunately, this type of hosting tends to attract scammers,
> carders, and lots of trouble for the VPS providers. The result is that
> the industry has a lot of churn and providers come and go pretty
> quick, sometimes taking your VPS down and going dark without any
> notice. It's hard to find a good cheap low-end provider who won't
> disappear overnight or overload their boxes excessively.
>
> My primary concern is reliability, then cost.
>
> Any recommendations from fellow Debian admins would be appreciated.
>
> Thank you in advance
>
>

Re: OpenVPN fails

[Jeremy T. Bouse]

Actually I went back and it's not the region that is the factor... It is
the image that was used to build the droplets. The Debian 7.0 images all
require the kernel to be set in the control panel. Even though I've
upgraded a few of those to 8.x so looks like I need to just rebuild them
(thank goodness I use salt to manage them so that won't be an issue).
The Debian 8.x images do not manage the kernel through the control panel.

On 10/5/2015 2:43 PM, Jeremy T. Bouse wrote:
>
> On 10/5/2015 12:05 PM, Reco wrote:
>>> 2. I don't know when 3.2.0-4 was released; I suspect the answer is yes.
>>>
>>> 3. many reboots; the last one earlier today.
>>>
>>> I note bug=767836 describes this problem, but appears closed with 3.2.0-4
>> It was closed because the problem was not in the kernel in the first
>> place. It was closed because (see Message #43) VPS bootloader required
>> special trickery on kernel upgrade, and that trickery was not applied.
>> A classic local configuration problem (although a weird one). Thanks,
>> now I know who's VPS I should never buy :)
>>
>> Reco
>>
> It is my understanding that the kernel selection is only on the
> DigitalOcean droplets that haven't had the system update or were created
> before the change was made. I have 2 Droplets in NYC2 that have this
> kernel setting issue but are scheduled for upgrade on 10/15/15 but my
> newer instances in NYC3 if you go to the Settings->Kernel like mentioned
> it tells you that it is managed in the system not through the control panel.
>




smime.p7s
Description: S/MIME Cryptographic Signature

Re: OpenVPN fails

[Jeremy T. Bouse]

On 10/5/2015 12:05 PM, Reco wrote:
>> 2. I don't know when 3.2.0-4 was released; I suspect the answer is yes.
>>
>> 3. many reboots; the last one earlier today.
>>
>> I note bug=767836 describes this problem, but appears closed with 3.2.0-4
> It was closed because the problem was not in the kernel in the first
> place. It was closed because (see Message #43) VPS bootloader required
> special trickery on kernel upgrade, and that trickery was not applied.
> A classic local configuration problem (although a weird one). Thanks,
> now I know who's VPS I should never buy :)
>
> Reco
>
It is my understanding that the kernel selection is only on the
DigitalOcean droplets that haven't had the system update or were created
before the change was made. I have 2 Droplets in NYC2 that have this
kernel setting issue but are scheduled for upgrade on 10/15/15 but my
newer instances in NYC3 if you go to the Settings->Kernel like mentioned
it tells you that it is managed in the system not through the control panel.



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Debian on a Dell Latitude E7440

[Jeremy T. Bouse]

I have an E7420 running Debian on it for work. The 7.4 ISO was plenty 
to get it working and I used UEFI as well with GRUB bootloader. I did 
have to upgrade it to testing (jessie) however to get all the devices 
working and get the newer XORG that would support the graphics card. I 
don't have it with me currently or I could check further details but 
catch me during the work day and I can assist.


On 01.07.2014 18:35, Craig L. wrote:

On Tue, Jun 24, 2014 at 12:25:21PM -0400, ken wrote:

On 03/22/2014 01:29 PM Craig L. wrote:
> I found folks
>running other distros on the E7440, so we're going with it. If I 
have any
>problems I will pass them along for anyone else that is interested 
in this.


One of the nice things about GNU/Linux is that, if one distro works
on a particular machine, then it's at least theoretically possible
for all other GNU/Linux distros to work on it.  After all, it all
comes down to the code.  When this wouldn't be true would be when,
for example, some distro (and there are a lot of them) used
proprietary, non-FOSS code for a driver.  From my understanding,
Debian in particular shuns non-FOSS software, so such an instance
would be problematic.

How has the E7440 been working out?  Any of the hardware not
recognized or not functioning as expected?


Hi Ken

Pretty good timing on your part, and thanks for cc'ing me in. My ISP
seems to have banned me from receiving user list emails.

We received the laptops last week and other than a few minor things I
have it working. I have not installed a GUI yet, but expect no real
issues there.

First of all, I tried to install from a debian-7.3.0-amd64-DVD-1.iso
image, using uefi install, but network hardware was not detected.
However
the debian-7.5.0-amd64-DVD-1.iso image worked just fine. But 
apparently
the lilo bootloader won't work with UEFI, and I hate grub, so I had 
to
disable that in the BIOS. Other than that, the only other issue was 
the

wireless card. It is an Intel Centrino WiMax 7260, or something like
that. The firmware that was installed did not contain a driver for 
it,
and it requires the non-free iwlwifi driver. The version of the 
driver

that supports this card had to come from jessie, firmware-iwlwifi
(0.43).

I downloaded that .deb and extracted it, then copied the pertinent 
driver
files to /lib/firmware, and loaded the iwlwifi module using modprobe, 
but
the interface would not show up. Then I had an “aha!” moment and 
figured

the kernel may not support that driver. So I installed the lates 3.14
kernel from backports, rebooted, and there was my interface. I have
successfully configured it using wpa_supplicant to connect to our
enterprise wireless network.

I plan to install the XFCE DE, but I have no qualms that I will get 
that
taken care of. For the most part this laptop will be used by me to 
access
my workstation when I am in meetings and such, so I will probably 
also
make use of the display port output too. That may prove to be a bit 
more
of a challenge. I will report back with any issues, but for now 
consider

no news to be good news.

Please cc me in on replies since I no longer receive list mailings.

Regards,
Craig



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/783e55034a2e266ca8ef825995a3b...@undergrid.net

Re: UEFI install

[Jeremy T. Bouse]

On 23.04.2014 14:57, Theodore Alcapotaxis wrote:

- Original Message -
From: Steve McIntyre
Sent: 04/23/14 10:25 PM
To: Corey Blair
Subject: Re: UEFI install


Gah, yet another person using unetbootin. It's responsible for a lot 
of problem reports we're seeing these days. It's totally unnecessary
unetbootin will not start the installer in the right way, and AFAIK 
won't do the right things with UEFI either.


Well, I have to disagree with you.

I have been using Unetbootin for the past two years to "burn" Linux
distros such as Debian (Squeeze and Wheezy), Ubuntu (from versions 12
to 13) and Linux Mint on to a USB flash/thumb drive and then using it
to install on to my hard disk drive without even a single problem.


I've got 2 laptops I've recently installed with Debian 7.4 using a UEFI 
from a bootable USB. I found unetbootin was useless though I'd used it 
before in the past to make boot USB. In this instance I simply 'cp 
debian-7.4.iso /dev/sdX' where /dev/sdX was my USB drive. Seemed odd 
just doing a cp but it actually worked flawlessly and was what I found 
the release notes recommended. In the case of one of my laptops I then 
had to immediately upgrade to Jessie to get certain hardware working 
given the new hardware devices it had.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/693c2dde4215a5d4f09609e516515...@undergrid.net

Re: Can't patch Heartbleed bug?

[Jeremy T. Bouse]

On 10.04.2014 08:56, Dr. Jennifer Nussbaum wrote:

I'm running Debian Wheezy 7.4 on a server in Amazon's EC2, that i
installed, recently, from the official Debian AMI. I havent made any
changes to the package infrastructure.

I'm trying to fix the Heartbleed bug, but my system seems to think
everything is up to date. 

My /etc/apt/sources.list has:

  deb http://cloudfront.debian.net/debian wheezy main 
  deb-src http://cloudfront.debian.net/debian wheezy main 
  deb http://cloudfront.debian.net/debian wheezy-updates main 
  deb-src http://cloudfront.debian.net/debian wheezy-updates main



I believe you're missing security updates as wheezy-updates is not the 
same. If I recall, cloudfront.debian.net didn't include 
security.debian.org to keep security updates at a single location.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/1b8388fbee80fc35358a00b46d45d...@undergrid.net

Re: postfix

[Jeremy T. Bouse]

On 21.10.2013 07:56, Pol Hallen wrote:

Hey all :-)

I'm sorry for banal question but I didn't find any answer to my 
question.


In the /etc/postfix/main.cf I see many parameters like:

smtpd_sasl_auth_enable = yes

but also:

smtp_sasl_auth_enable = yes

So, what is the difference of smtpd_parameter and smtp_parameter?
(smtpd and smtp)

Thanks for help

Pol


The smtpd_* prefixed commands are Server configurations where Postfix 
is operating as the server providing the service.


The smtp_* prefixed commands are Client configurations where Postfix is 
operation as a client talking to another server.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/3ab4f6b1d7d729a6cb221566a636a...@undergrid.net

Re: GnuPG with OpenPGP card implementation

[Jeremy T. Bouse]

I actually use my v2.0 OpenPGP card daily and have just been notified 
that my new order was just shipped today.


I have a built-in smartcard reader on my laptop:

Bus 002 Device 004: ID 0a5c:5800 Broadcom Corp. BCM5880 Secure 
Applications Processor


And then I have a USB SCM331 reader I got while on a government 
contract:


Bus 007 Device 002: ID 04e6:e001 SCM Microsystems, Inc. SCR331 
SmartCard Reader


Both work fine using as my SSH authentication key and with both gpg 
1.4.12 and gpg2 2.0.19. I currently am only using 3072bit keys though 
I'm looking forward to seeing if the new cards I ordered will handle 
4096bit as I've read it is supposed to be supported with gpg2 2.0.18+ 
and newer batches of the v2.0 cards.


In my case, per my key policy, my openpgp cards are just the sub-keys 
as my primary key is kept offline on an encrypted drive in my vault.


On 09.10.2013 21:28, NIIBE Yutaka wrote:

# I'm not on this list.  Please add CC to me for your reply.

Recently, I read discussion about use of OpenPGP cards by Debian
people (for Debian development).  It would be off-topic there, I am
writing here.

Since 2010, for GnuPG development, I have been trying to improve the
support of card readers (including VASCO DIGIPASS 920 and Gemalto
PinPad Smart Card Reader) and OpenPGP card implementations (The
OpenPGP card [1], CryptoStick [2], and my FST-01 [3] with Gnuk [4]).

While it got improved and GnuPG works well with certain hardware and
configuration stably (e.g., Gnuk Token is my daily use, at least), 
the
coverage of hardware support, OS support, and its stability in 
general

are far from perfect.  I have to address that.

Especially, the support of PIN input by pinpad of card reader is very
limited, and it's difficult for standardization reason.  For example,
we need special configuration for a specific card reader with pinpad,
because of card reader's limited capability [5].

I couldn't say,

Let's use OpenPGP card implementations!

to wider audience, in general (as of GnuPG 2.0.22).  Although I'd
recommend everyone to hold his/her secret keys on one of OpenPGP card
implementations, instead of your normal PC, it's not always easy.

When a person buy a OpenPGP card/token and a random card reader, it 
is

likely that GnuPG doesn't work with them on his environment as
expected.  If the expectation is something like "out of the box" and
"fully functional", it won't be fulfilled.

I think that we need to accumulate users experiences of using OpenPGP
cards.

To begin with, could you please read and add your information to this
page (if you are OpenPGP card user)?

https://wiki.debian.org/GnuPG/CCID_Driver

Recently, the site http://wiki.gnupg.org/ becomes available, too.
It's also good to share experiences there.

Other than pinpad input and card reader, most common discrepancy 
would

be key length of RSA, perhaps.  It was GnuPG 2.0.20 (released May,
2013) which fully supports RSA 4096-bit for OpenPGP card.  Gnuk Token
only supports RSA 2048-bit.  GnuPG's default is RSA 2048-bit.

Well, if you have time and some basic skill of electronics and
embedded system, I'd like to invite you to build your own Gnuk 
OpenPGP

token.  We have a good article [6].

[1] http://g10code.com/p-card.html
[2] https://www.crypto-stick.com/
[3] http://www.seeedstudio.com/wiki/FST-01
[4] https://gitorious.org/gnuk
[5] http://wiki.gnupg.org/CardReader/GemaltoPC
[6] http://blog.asmw.org/2013/09/11/gnuk-openpgp-2-0-token/
--



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/8eff4b04b32835e5ecfdbd3b1ddf2...@undergrid.net

Re: Multi WAN Routing

[Jeremy T. Bouse]

It sounds like what you're looking for is Policy Based Routing (PBR). 
The LARTC howto link you mentioned below is actually what I did when I 
setup a Linux laptop with a trunk interface connected to several 
different VLANs that I needed to route between.


On 22.08.2013 06:11, basti wrote:

Hallo,

i will try a Multi-WAN-Routing.

It look like:

LAN -- Router (Debian squeeze) -- ISP Line 1
 |- ISP Line 2

The ISP- Ip's are static.

Here some links i have found:


http://www.debian-administration.org/article/377/Routing_for_multiple_uplinks
http://code.google.com/p/muggles/
http://lartc.org/howto/lartc.rpdb.multiple-links.html

http://maltekueppers.de/wp/?p=1346
http://maltekueppers.de/wp/?p=1363

At the moment my routing table looks like:
rtr-0002:/var/log# route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use
Iface
217.0.111.222 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
rtr-0002:/var/log#
rtr-0002:/var/log# ip route show
217.0.111.222 dev ppp0 proto kernel scope link src 111.222.333.444
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
default dev ppp0 scope link
rtr-0002:/var/log#
rtr-0002:/var/log# ifconfig ppp0
ppp0 Link encap:Punkt-zu-Punkt-Verbindung
 inet Adresse:111.222.333.444 P-z-P:217.0.111.222
Maske:255.255.255.255
 UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1492 Metrik:1
 RX packets:2885981 errors:0 dropped:0 overruns:0 frame:0
 TX packets:2125651 errors:0 dropped:0 overruns:0 carrier:0
 Kollisionen:0 Sendewarteschlangenlänge:3
 RX bytes:2957960607 (2.7 GiB) TX bytes:347600931 (331.4 MiB)

nx4-rtr-0002:/var/log#

At the moment I use ppp (pon/poff) dail up.
Not clear thinks are:

- how do 2 PPPoE connections at the same time?
- where do I place the code for multiple routing
 (ip route add default scope global nexthop via 1.0.0.2 dev eth1
weight 1 nexthop via 2.0.0.2 eth2 weight 1)
- did this setup runing with SSL or SSH connections? (while the
connection is keep alive they must use the same route i think?)

Thanks,
regards Basti



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/b05aba118909c43839f3c93e2624a...@undergrid.net

HP BL460c G8 blades with 10Gb FlexibleLOM support?

[Jeremy T. Bouse]

Hey guys,

Anyone out there happen to have Debian running on a HP BL460c G8 blade 
with the FlexFabric 2-port adapter? We're running Debian squeeze and 
have issues with the P420 Smart Array that required a backported kernel 
(kmuto d-i build) to get working on DL380p G8 hardware and our current 
BL460c blades are G7 not G8 so we're trying to find outside validation 
before purchasing. Unfortunately HP party line is that Debian isn't 
supported but RHEL and SuSE are.


Any hands-on knowledge/experience?


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
http://lists.debian.org/013d45de45e6-699bed46-97d7-4bc2-ae92-d63da76b7e24-000...@email.amazonses.com

Re: LSI MegaRAID SAS 9240-4i hangs system at boot

[Jeremy T. Bouse]

On 06/12/2012 09:40 AM, Ramon Hofer wrote:
> On Sun, 10 Jun 2012 17:30:08 -0500
> Stan Hoeppner  wrote:
> 
>> On 6/10/2012 9:00 AM, Ramon Hofer wrote:
>>> A situation update: Mounted the mobo with the CPU and RAM, attached
>>> the PSU, the OS SATA disk, the LSI and expander as well as the
>>> graphics card. There are no disks attached to the expander because
>>> I put them again into the old NAS and backing up the data from the
>>> 1.5 TB disks to it.
>>>
>>> Then I installed Debian Squeeze AMD64 without problems. I don't have
>>> the over-current error messages anymore :-)
>>> But it still hangs at the same time as before.
>>
>> Try the Wheezy installer.  Try OpenSuSE.  Try Fedora.  If any of these
>> work without lockup we know the problem is Debian 6.  However...
> 
> I didn't do this because it the LSI worked with the Asus mobo and
> Debian squeeze. And because I couldn't install OpenSuSE nor Fedora.
> But I will give it another try...
> 
> 
>> Please call LSI support before you attempt any additional
>> BIOS/firmware updates.
> 
> I mailed them and got this answer:
> 
> "Unfortunately, the system board has not been qualified on the hardware
> compatibility list for the LSI MegaRAID 9240 series controllers. There
> could be any number of reason for this, either it has not yet been
> tested or did not pass testing, but the issue is likely an
> incompatibility.
> 
> It sounds like the issue is related to the bootstrap, so either to
> resolve the issue you will have to free up the option ROM space or
> limit the number of devices during POST."
> 
> This is what you've already told me.
> If I understand it right you already told me to try both: free up the
> option ROM and limit the number of devices, right?
> 
> 
> (...)
> 
>>> Thanks again very much.
>>> The air flow / cooling argument is very convincing. I haven't
>>> thought about that.
>>
>> Airflow is 80% of the reason the SAS and SATA specifications were
>> created.
> 
> You've convinced me: I will mount the expander properly to the case :-)
> 
> 
>>> It was the P7P55D premium.
>>>
>>> The only two problems I have with this board is that I'd have to
>>> find the right BIOS settings to enable the LSI online setting
>>> program (or how is it called exactly?) where one can set up the
>>> disks as JBOD / HW RAID.
>>
>> I already told you how to do this with the C7P67.  Read the P7P55D
>> manual, BIOS section.  There will be a similar parameter to load the
>> BIOS ROMs of add in cards.
> 
> Ok, thanks!
> 
> 
>>> Sorry I don't understand what you mean by "don't put partitions on
>>> your mdraid devices before creating the array".
>>> Is it wrong to partition the disks and the do "mdadm --create
>>> --verbose /dev/md0 --auto=yes --level=6
>>> --raid-devices=4 /dev/sda1.1 /dev/sdb1.1 /dev/sdc1.1 /dev/sdd1.1"?
>>>
>>> Should I first create an empty array with "mdadm --create
>>> --verbose /dev/md0 --auto=yes --level=6 --raid-devices=0"
>>>
>>> And then add the partitions?
>>
>> Don't partition the drives before creating your md array.  Don't
>> create partitions on it afterward.  Do not use any partitions at
>> all.  They are not needed.  Create the array from the bare drive
>> device names.  After the array is created format it with your
>> preferred filesystem, such as:
>>
>> ~$ mkfs.xfs /dev/md0
> 
> Ok understood. RAID arrays containing partitions are bad.
> 
> 
>>> Hmm, that's a very hard decision.
>>> You probably understand that I don't want to buy 20 3 TB drives
>>> now. And still I want to be able to add some 3 TB drives in the
>>> future. But at
>>
>> Most novices make the mistake of assuming they can only have one md
>> RAID device on the system, and if they add disks in the future they
>> need to stick them into that same md device.  This is absolutely not
>> true, and it's not a smart thing to do, especially if it's a parity
>> array that requires a reshape, which takes dozens of hours.
>> Instead...
> 
> Nono, I was aware that I can have several RAID arrays.
> My initial plan was to use four disks with the same size and have
> several RAID5 devices. But Cameleon from the debian list told me to not
> use such big disks (>500 GB) because reshaping takes too long and
> another failure during reshaping will kill the data. So she proposed to
> use 500 GB partitions and RAID6 with them.
> 
> Is there some documentation why partitions aren't good to use?
> I'd like to learn more :-)
> 
> 
>>> the moment I have four Samsung HD154UI (1.5 TB) and four WD20EARS (2
>>> TB).
>>
>> You create two 4 drive md RAID5 arrays, one composed of the four
>> identical 1.5TB drives and the other composed of the four identical
>> 2TB drives.  Then concatenate the two arrays together into an md
>> --linear array, similar to this:
>>
>> ~$ mdadm -C /dev/md1 -c 128 -n4 -l5 /dev/sd[abcd]  <-- 2.0TB drives
> 
> May I ask what the -c 128 option means? The mdadm man page says that -c
> is to specify the config file?
> 
> 
>> ~$ mdadm -C /dev/md2 -c 128 -n4 -l5 /dev/sd[efgh]  <

Re: OT: More about GPG signing

[Jeremy T. Bouse]

On 05/11/2012 08:34 AM, Rob Owens wrote:
> On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote:
>> On 10/05/12 17:16, Brad Rogers wrote:
>>> On Thu, 10 May 2012 17:59:34 +0200
>>> Ralf Mardorf  wrote:
>>>
>>> Hello Ralf,
>>>
 This resulted in "Valid signature, but cannot verify sender (Phil
 Dobbin )":
>>>
>>> Because there's no web of trust involving people that both you and the
>>> keyholder know.
>>>
>> So, the OP signs his mail to a list. I would guess that no web of trust
>> exists between him and 99.9% of the list members.
>>
>> What is the benefit of such a signature?
>>
> It establishes identity the identity associated with the signature.  If
> Ralf had been signing his emails for the last 2 years, I would feel
> confident that I have a valid public key for "Ralf, the guy on the
> debian-user mailing list, who often answers questions about audio".  Of
> course I don't know if he's "Ralf with black hair", or "Ralf who lives
> on Main St.", but for my purposes this is good enough.
> 
> If I someday want to send an encrypted message to the Ralf that I know
> (debian-user Ralf), I can do it.  For me, knowing Ralf's personal
> identity is not as important as knowing his online identity because our
> relationship is online.  As long as I don't forget that, then seeing his
> signature in emails is a potential benefit to me.
> 

GPG/PGP signatures will only ever have any real value to you if you're
part of a strong key set within the web of trust. That is to say if your
key and the other person's key have a chain of signatures from people
who have actually met and followed best practices for verifying the
identity before signing keys. Then, and only then, could you look at the
signature chain between your key and theirs and be confident in the true
identity. If I only sign the keys of people I have personally verified
and then they in turn only sign keys of people they have personally
verified then you can trust them to be an introducer. Their signature on
another key will let you know that they've verified them and because you
trust them then you can then trust this new key you've not signed.

It is a lot like getting a reference for someone. If you don't trust
their judgment are you honestly gonna trust them as a reference for
someone you haven't met? Along that same analogy, I prefer PGP/MIME
signatures as they are unobtrusive but available for verification by
those that wish to do so. Inline simply generates too much needless
noise and is a method that's at least 10 years out dated since the
PGP/MIME standard was adopted.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fad1131.4080...@undergrid.net

Re: gpg/pgp noise

[Jeremy T. Bouse]

On 05/08/2012 08:50 AM, Mika Suomalainen wrote:
> 08.05.2012 15:33, Johann Spies kirjoitti:
>> On Tue, May 08, 2012 at 01:20:21PM +0200, Jochen Spieker wrote:
> Are you receiving the missing keys from keyserver automatically? You
> can do this by adding
>> keyserver-options auto-key-retrieve
> to ~/.gnupg/gpg.conf .
> 
> PS. If anyone is interested, my gpg.conf can be found at
> https://github.com/Mkaysi/shell-things/blob/master/gnupg/gpg.conf .
> 

This is my configuration and it's never had a problem with a single
mailing list. I'm also able to retrieve any GPG/PGP key that is properly
published and publicly available. The only change I've had to make to my
configuration is removal of the "sig-keyserver-url" option after I found
that the Debian backend DAK software does not know how to properly
handle this subpacket type and would reject any package uploads. This
has still been an issue even after I've since submitted a patch which
would correct the behavior and handle the subpackets correctly per the
OpenPGP RFC and GnuPG documentation.

https://gist.github.com/2635431


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa92ba4.9080...@undergrid.net

Re: gpg/pgp noise

[Jeremy T. Bouse]

Okay, yes I'm top-posting get over it...


Are you fraking kidding me? All this fscking drivel filling up the
Debian mailing list because Ubuntu and other mailing lists don't
properly handle PGP/MIME open standard signed email messages? Is that
why my mailbox is getting the crap blown up about?

Bitch to the mailing lists to upgrade their old, broken, busted ass
software! Bitch to the mailing list software developers if their old,
broken, busted ass software doesn't properly support MIME. But for the
love of all that's holy stop this mindless bullshit thread about
something that does not affect the Debian project or mailing lists!

And my message isn't signed because my GPG key is on a smartcard and
I'm accessing my computer remotely so obviously can't put the smartcard
in the reader to sign this message.

On 05/08/2012 08:05 AM, Mika Suomalainen wrote:
> 08.05.2012 15:03, Indulekha kirjoitti:
>> On Tue, May 08, 2012 at 03:00:16PM +0300, Mika Suomalainen wrote: 
>> If I used PGP/MIME, my signatures couldn't be verified on Ubuntu 
>> mailing lists (I am on 5 of them if I recall correctly), nor 
>> Enigmail mailing list nor gnupg-user mailing lists nor many
>> others. This is small list of those MLs, which I mean with 
>> http://mkaysi.github.com/PGP/Clearsigning.html .
> 
> 
>> I see... so the people on the *proper* msiling lists will just
>> have to suffer then, eh? :\
> 
> 
> I don't understand how those other mailing lists are inproper.
> 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4fa928b7.1010...@undergrid.net

Re: [OT] Manually verifying PGP/MIME signature with GPG

[Jeremy T. Bouse]

On 04/09/2012 12:11 PM, Mika Suomalainen wrote:
> On 09.04.2012 18:44, Camaleón wrote:
>> On Mon, 09 Apr 2012 18:04:13 +0300, Mika Suomalainen wrote:
[...]
>> I recognize it's annoying to delete the extra text when replying to PGP/
>> GPG inline messages but I can live with that.
>>
>>> I have promised to move to S/MIME (with devices which support it) when
>>> someone on this list tells me how do I manually verify PGP/MIME
>>> signature in case email client cannot be used to do it. 
>>
>> You don't have to move on S/MIME if you don't want.
> 
> Oh, sorry. I am confusing with S/MIME and PGP/MIME myself too. They are
> two different things, or at least I think so. The one which I am asking
> about is PGP/MIME (those signature.asc files, which you might have seen).
> 
>>> Example case would be verifying message from mailing list archives. I
>>> will also move to PGP/MIME if anyone on this list admits my point that
>>> it's easier to verify GPG INLINE manually than PGP/MIME.
>>

The only real difference between inline PGP and PGP/MIME is that the in
PGP/MIME the signature is detached and added to the email as an
attachment, which as you mention the signature.asc. To verify PGP/MIME
vs inline is the same if you were using the GPG or PGP command to verify
a clearsigned file or not. With PGP/MIME you'd have to save the original
email which would in a multi-part MIME email be an attachment itself,
just the first one, and the signature attachment and run them through
the CLI tool to verify the signature.
Also as most mail clients these days support PGP/MIME standard either
natively or via additional plugin there should be little need to do so
manually unless this is just an exercise to better understand how it is
handled.
[...]
> 
> I think that I will start using PGP/MIME now that someone has said that
> it's annoying to remove GPG signatures from messages and that they can
> live with it. It's nicer way than telling to filter all emails from one
> sender / threading / telling what should be done in their opinions and
> then ignoring all problems in that way.
> 
> I hope that someone can still answer this question.
> 
> PS. Sorry again for typoing PGP/MIME as S/MIME.
> 
PGP/MIME just makes it easier for those that don't bother with the
signatures to ignore the attachment with the signature and not have to
deal with cutting it out in replies. The other issue I've seen with
inline vs PGP/MIME is that if the signature is not stripped out by
someone replying and including the signature in the quote it will
sometimes confuse the MUA. In most cases PGP/MIME won't have this issue
as the signature is a separate attachment and unless efforts are made to
include attachments in replies won't be included and even if it does it
still doesn't confuse the MUA.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f8312ed.3090...@undergrid.net

Re: new hard drive usb "WD My Passport essential SE" 1Tb

[Jeremy T. Bouse]

On 03/03/2011 03:27 PM, Kjetil brinchmann Halvorsen wrote:
> I have a new usb hard drive of the specs in the subject line. On
> plugging it in it shows on the desktop,
> but on clicking it nothing happens. Anybody have experience getting
> this to work on debian
> (squeeze)?
> 
> Kjetil
> 
> 

I have a 500GB WD My Passport drive and it works fine. I can't recall
the links now, though all I did was use Google, but I'd found reports
that there were problems using the 1TB model because of drivers
necessary to see the full drive that only came in WinBlow$ format.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4d702129.8020...@debian.org

Re: Versions of Debian

[Jeremy T. Bouse]

John Culleton wrote:
> I see references to various versions of Debian, including Lenny 
> etc.  For a 32 bit system, what is the latest stable and the 
> latest unstable version? 

According to the Releases [1] page on the web site... Lenny is stable,
Squeeze is testing and Sid is always unstable...


1. http://www.debian.org/releases/



signature.asc
Description: OpenPGP digital signature

Re: Suggestions for VoIP software on lenny please

[Jeremy T. Bouse]

Alex Samad wrote:
> On Thu, Feb 11, 2010 at 12:42:12PM -0200, Michel wrote:
>> On Thu, Feb 11, 2010 at 12:35 PM, George  wrote:
> 
> [snip]
> 
>>> So at the moment I'm stuck with Skype, and I really don't like it. Any
>>> suggestions would be welcome.
>>>
>>>
>> I use Twinkle without problems.
> 
> me to with my asterisk server at home and also with sip providers, I
> would never touch skype 
> 
>> Michel
>>
>>
> 

I use SFLphone myself and haven't had any problems with it.



signature.asc
Description: OpenPGP digital signature

Re: looking for digital pen/tablet on Debian Squeeze

[Jeremy T. Bouse]

jeremy jozwik wrote:
> On Tue, Feb 2, 2010 at 9:49 PM, G. Jay Kerns  wrote:
>> Dear Debian users,
>> - I do not need a Cadillac or BMW, but something like a Honda/Toyota
>> might be nice.
> 
> something else to consider, the cadillac and bmw have driver support
> for sure. dont know about the hondas or toyotas.
> 
> also, wacom has a full line of tablets. from multi thousand dollar
> large screen lcd tablets, to nice and cheap 5x3 tablets. around $69USD
> https://direct.wacom.com/stores/5/BAMBOO%20PEN_P1529.cfm
> 
> more:
> https://direct.wacom.com/stores/5/BAMBOO_C137.cfm
> http://www.wacom.com/bamboo/inking.php
> 
> 

I've used a Wacom Graphire3 pen & tablet for years now and have not had
any problems with it. I used it with my desktop and replaced my usual
mouse completely with it. I think they've [Wacom] retired the Graphire3
line but I think the Bamboo line is the closest to it, I just don't know
how the support in the existing wacom kernel drivers are for the newer
lines.



signature.asc
Description: OpenPGP digital signature

Re: DELL PowerEdge-like ESM and OMSA for Debian?

[Jeremy T. Bouse]

Did ya happen to try your friend Google? A simple search for "Dell
Debian OMSA" garnered a bounty of replies and among the gems I was able
to locate
http://linux.dell.com/files/openmanage-contributions/debian/omsa5.1/ in
about 5 minutes. It's only 32-bit, but then Dell doesn't even have a
64-bit version for RedHat yet to my knowledge.

Albretch Mueller wrote:
> ~
>  DELL supports only RedHat and Suse (and Windows ...) and I was able
> to update my BIOS basically from a Debian-based live CD using the
> steps provided here:
> ~
>  http://www.ducea.com/2007/08/27/dell-bios-firmware-updates-on-debian/
> ~
>  Now I would to have the kind of management that ESM and OMSA allows,
> but the installer is complainign about missing rpm packages
> ~
>  I know I can use alien to convert rpm to deb packages and I did seach
> for such packages even though I couldn't find them, I still think
> there might be something like that in Debian
> ~
>  If there isn't. Is there such thing as a mapping of the functionality
> of rpm and deb packages?
> ~
>  I think I will need to install
> ~
>  rpm, pciutils, libc, libdl, libm. libc. libpthread, /bin/sh,
> srvadmin-omilcore, srvadmin-ipmi, srvadmin-hapi
> ~
>  Of course I' wish I would use debian packages ...
> ~
>  Any suggestions?
> ~
>  Thank you
>  lbrtchx
> 
> 




signature.asc
Description: OpenPGP digital signature

Re: Hosting in the US

[Jeremy T. Bouse]

I'll go along with mentioning Linode.com, I'm not currently using them
but have a project I'm currently starting and have picked them to go
with for hosting. I've also previously used GrokThis and had a good
experience.

m...@phillipsmarketing.biz wrote:
> Try linode.com. Inexpensive and great support.
> Mark
> --Original Message--
> From: Julien Vehent
> To: David Crampton
> Cc: Debian Users
> Subject: Re: Hosting in the US
> Sent: Jan 8, 2010 3:37 PM
> 
> Unmanaged hosting. But I want to be sure the company takes care of the
> machines properly.
> I don't have big resources requirements, so dedicated or virtual doesn't
> matter as long as some minimum bandwidth is garantied.
> 
> I'll take a look at liquidweb, thanks David.
> 
> 
> 
> On Fri, 08 Jan 2010 17:04:25 -0500, David Crampton
>  wrote:
>> Hello Julien,
>>
>> Are you looking for managed or unmanaged hosting?  Dedicated or virtual 
>> servers?  Here in Michigan, there are a few, but I've had the best 
>> experience with LiquidWeb.  There's a good forum out there as well 
>> called Web Hosting Talk.
>>
>> Good luck!
>>
>> Julien Vehent wrote:
>>> Hello Debian people,
>>>
>>> I'm looking for a good hosting service in the US. I need full root
> shell
>>> access and basic debian net installation. Do you know a good and
> reliable
>>> provider ?
>>>
>>> In France, I'm usually very satisfed with Gandi.net, they have a clear
>>> offer and they don't bullshit you when they screw up. Something similar
>>> on
>>> this side of the atlantic would be perfect.
>>>
>>>
>>> Thanks,
>>> Julien
>>>
>>>
> 
> 




signature.asc
Description: OpenPGP digital signature

Re: zen.spamhaus.org down?

[Jeremy T. Bouse]

Tom Vier wrote:
> Anyone else here having trouble? It use it with postfix. Looks like it went
> down about 5:15 EST on 12/8 for me. I've tried looking up a blocked ip using
> both level3's dns and spamhaus's servers.
> 
> 
> IP Address Lookup
> 
> 213.147.118.113 is listed in the PBL, in the following records:
> 
> * PBL264264
> 
> 213.147.118.113 is listed in the XBL, because it appears in:
> 
> * CBL
> 
> 
> 
> ~# nslookup 113.118.147.213.zen.spamhaus.org ns2.spamhaus.org
> Server: ns2.spamhaus.org
> Address:207.241.224.5#53
> 
> Non-authoritative answer:
> *** Can't find 113.118.147.213.zen.spamhaus.org: No answer
> 
> ~# nslookup 113.118.147.213.zen.spamhaus.org ns8.spamhaus.org
> Server: ns8.spamhaus.org
> Address:82.94.216.239#53
> 
> Non-authoritative answer:
> *** Can't find 113.118.147.213.zen.spamhaus.org: No answer
> 
> ~# nslookup 113.118.147.213.zen.spamhaus.org 4.2.2.4
> Server: 4.2.2.4
> Address:4.2.2.4#53
> 
> ** server can't find 113.118.147.213.zen.spamhaus.org: NXDOMAIN
> 
I suspect 4.2.2.x is blocking your queries... If you're doing lots of
queries I would put even money on it...

~$ dig ANY 113.118.147.213.zen.spamhaus.org
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.6.1-P2 <<>> ANY 113.118.147.213.zen.spamhaus.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13445
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 23, ADDITIONAL: 82

;; QUESTION SECTION:
;113.118.147.213.zen.spamhaus.org. IN   ANY

;; ANSWER SECTION:
113.118.147.213.zen.spamhaus.org. 900 IN A  127.0.0.11
113.118.147.213.zen.spamhaus.org. 900 IN A  127.0.0.4
113.118.147.213.zen.spamhaus.org. 900 IN TXT
"http://www.spamhaus.org/query/bl?ip=213.147.118.113";



signature.asc
Description: OpenPGP digital signature

Re: debian support and laptops

[Jeremy T. Bouse]

Celejar wrote:
> On Thu, 10 Dec 2009 13:28:44 +1100
> Daniel Dalton  wrote:
> 
>> On Wed, Dec 09, 2009 at 03:13:38PM +0100, tv.deb...@googlemail.com wrote:
> 
> ...
> 
>>> Squeeze right now. Pay attention to the cpu if you want to use virtual
>>> machines, mine doesn't have the required cpu flags.
>> What am I looking out for?
> 
> http://www.thelinuxblog.com/cpu-flags-and-meanings/
> http://blog.incase.de/index.php/cpu-feature-flags-and-their-meanings/
> 
> Celejar

The SVM and VMX flags are only important if you are needing to do
hardware virtualization. Running virtual machines has been available
long before these extensions to the CPU came about. The only instance
where you really *have* to have them (and you can't have them both
anyway) is usually for running Windows under virtualization hypervisors
like Xen. VMware can run Windows without it and I'm not certain about
KVM as I haven't used it myself. In the few times I've tried running
under hardware virtualization it seriously sucked in performance anyway.
 I'd be more concerned about get a CPU that supported 64-bit so I could
run the host in 64-bit mode and have the option to run virtuals in 32-
or 64-bit.



signature.asc
Description: OpenPGP digital signature

Re: Please include Adobe Air in official non free and contrib repository for lenny

[Jeremy T. Bouse]

surreal wrote:
> Adobe has released AIR runtime for debian users which enables them to run
> RIAA. Please include the debian package created by Adobe in lenny stable
> contrib or non free catagory in the official repository.
> 
> Please check this link - http://labs.adobe.com/downloads/air2.html
> 
> Regards

From the License Agreement by Adobe I don't see it making it into the
official repository. Of course this would be something to take up on
d-legal but just a casual non-lawyer-type look at the license agreement
I find this one problematic:

2.3 Distribution. This license does not grant you the right to
sublicense or distribute the Software. For information about obtaining
the right to distribute the Software on tangible media or through an
internal network or with your product or service please refer to
http://www.adobe.com/go/acrobat_distribute for information about Adobe
Reader; or http://www.adobe.com/go/licensing for information about the
Adobe Runtimes.




signature.asc
Description: OpenPGP digital signature

Re: debian support and laptops

[Jeremy T. Bouse]

Celejar wrote:
> On Thu, 10 Dec 2009 00:05:09 +1100
> Daniel Dalton  wrote:
> 
>> Hi,
>>
>> Following is a list of laptops. I've narrowed it down to 3 and am
>> considering buying one and running debian on it. How good is debian
>> support on these machines? What is good, what is worth avoiding?
>> I will be doing:
>> programming, typing, msn, irc, web, email, music, virtual machines etc.
>>
>> Here is the list:
>>
>> 1. Acer travel mate 6293 AU$1799 
>> 2. hp Compaq 6530S  AU$1279 
>> 3. hp Compaq 610  AU$999 
> 
> It's really impossible for us to assess Debian compatibility in any
> detail from just the companies' model names.  Detailed HW specs are
> essential.
> 
> Celejar

In general that is correct... I've not used any of the Acer or HP
Compaq laptops. I've had HP DV6xxx series and Dell Latitude and Inspiron
laptops and usually aside from the modem (if it even has one) and the
wifi card everything is usually well supported. Many laptops are using
the Broadcom 43xx wifi cards which work if you use the b43-fwcutter or
ndiswrapper. On my Insprion I simply ordered a replacement Intel wifi
and easily solved the problem. My work laptop (Dell Latitude D630) is
running Ubuntu 9.10 fine with a Broadcom 4312 wifi card using the b43
driver.

I would look at the tech specs for the wifi card if that's important to
you. Otherwise in general the specs (processor, RAM, HDD, ethernet,
display) are usually not a problem for support these days. If you're
wanting to run virtual machines I would make sure you have enough RAM to
support the host OS and any guests you wish to run otherwise it will
begin to slow down quickly.



signature.asc
Description: OpenPGP digital signature

Re: Is Xen for Stable/Unstable distro a good idea?

[Jeremy T. Bouse]

   Let's stop some of the misinformation within your post shall we? I 
am part of the Xen packaging team.


David Baron wrote:

1.  Is Xen mainly for sharing multiple operating systems running together,
or are there some other really interesting uses?



Xen is an advanced virtual machine. You can run one version of linux or such 
inside your installed version. Useful for testing the new version out, 
running things in a protected environment. I am no expert but I do not 
believe "sharing" is going on.


Less advanced, easy to set up and use is qemu (using the kqemu accelerator 
kernel module).


Both run off disk images, not real file systems.
  
   Xen can run off disk images or real filesystems, in the sense of 
slicing off a partition using LVM and giving it as the virtual drive for 
the virtual host (domain). You can also have one domain that uses a disk 
image and another using a partition running on the same machine. Also 
you should be able to run a domain which has both a disk image and a 
partition. I'm not as versed with qemu although I've used it's basic 
functions using a disk image and having tried the same LVM partition 
slicing to see if it works.

2.  If you want to run Etch when it is stable, but need a package in
Unstable is it better to.
  a.)   Use "unofficially" supported backports?
  b.)   Scrap stable and just go unstable?
  c.)   Use Xen to run Unstable inside of stable?



I am no expert. However, why not just install of "official" package from 
unstable. You can "test" first and see if it removes/replaces too much of 
your testing or stable installation. Backports will have similar effect but 
you have to manually build, install every piece.
  
   The "official" packages for unstable or testing are usually going to 
have a problem being installed on stable due to library version 
differences. The backports being done at the same time as the 
testing/unstable packages are being released usually and attempt to take 
into account the version differences. There are also backport sites that 
can be installed via apt-get so you're not manually building and 
installing the packages needed. You may have to 'pin' packages to get 
all the dependencies working properly as it may require other packages 
besides the one you're trying to install.
Want to try unstable without going over to it. Use the virtual machine or a 
live-CD such as knoppix.
  



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Using procmail to automatically import GPG keys?

[Jeremy T. Bouse]

Why not just use the feature in GPG to automatically retrieve keys?

Paul Johnson wrote:
I use the email method for gpg auto-key-retrieve, and I was wondering...is 
there a way to deal with importing public keys automagically in procmail 
instead of doing it by hand?


  



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: DVD install from Plextor PX-712SA

[Jeremy T. Bouse]

Actually I own a PX-712A and it works quite well for me running
Debian testing with the 2.5.15.5 kernel. The only thing I needed to do
was give the libata module the "atapi_enabled=1" option. Works great
burning a 4.5GB DVD in about 15-20 minutes.

Regards,  
Jeremy

roach wrote:

>On Mon, 03 Apr 2006 01:26:44 +0200
>[EMAIL PROTECTED] wrote:
>
>  
>
>>In fact everything is ok up to the "cd-rom" detection. Then I tried to select
>>manually the packages & the 2.6 kernel too but nothing can resolve it. I think
>>it's the fault of the crappy sata controller on the k8mm-v (msi) which is not
>>recognized by the kernel installer. Any suggestion?
>>
>>
>
>Check this: http://www.plextor.com/english/support/media_712SA.htm
>
>Don't get stuck on the the fact that your mobi isn't listed, look at the
>"SATA Host Controler" column.
>
>Also IIRC, stock Debian kernels don't handle SATA CD-ROM drives.
>
>Hope this helps.
>
>  
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: VMWare Server and Kernel? [signed]

[Jeremy T. Bouse [c]]

That would be because you needed the appropriate
{linux,kernel}-headers- package for the kernel image package
you have installed, not the source package. The source package will not
have the configured headers specific to that kernel image and will
require you to just go ahead and re-compile your kernel.

You will also more than likely have to create the symlink for
/usr/src/linux to the proper headers directory which should be
/usr/src/{linux,kernel}-headers- depending on the package.

Regards,
Jeremy

j2 wrote:

>>   I've ran VMWare Workstation 5 for some time now and it has the same
>>requirement. If you're running Debian stable this is usually not much of
>>an issue as you need only install the appropriate kernel headers package
>>which matches your linux-image package. Debian testing is a lil more
>>tricky as gcc/g++ could have been upgraded since the kernel was built,
>>but you can try the same technique as with stable. Debian unstable
>>you're most assuredly better off just compiling your own kernel image
>>and header packages using make-kpkg to save yourself a lot of grief.
>>
>>
>
>Okay, I have a "blank" system, running 2.6.8 packaged kernel, I have
>installed the source tree for 2.6.8 and I am trying to build VMWare server
>modules. I get the bwlow error, and I Wonder: How do I fix this in the best
>way? 
>
>The path "/usr/src/linux/include" is a kernel header file directory, but it
>does
>not contain the file "linux/version.h" as expected.  This can happen if the
>kernel has never been built, or if you have invoked the "make mrproper"
>command
>in your kernel directory.  In any case, you may want to rebuild your kernel.
>
>What is the location of the directory of C header files that match your
>running
>kernel? [/usr/src/linux/include]
>  
>


--
 [ SECURITY NOTICE ] 
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
For your security, [EMAIL PROTECTED]
digitally signed this message on 13 February 2006 at 21:15:41 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
--- [ CIPHIRE DIGITAL SIGNATURE ] ---
Q2lwaGlyZSBTaWcuAjhzcGFtZmlsdGVyMkBtdXBwLm5ldCwgZGViaWFuLXVzZXJAbGlzd
HMuZGViaWFuLm9yZwBqYm91c2VAZGViaWFuLm9yZwBlbWFpbCBib2R5ANcFAAB8AHwAAA
AB/fbwQ9cFAAB/BAACAAIAAgAgW23v5MfLaVMiYZoL6bm0sYGZp9HcQ/yoJY6bE6b
L2VUBACS0JVU+dq53Z6qMfAM8hwdPZrYWw1qrGjBdVF8gpvAeM6JHIuOcyvmndRoj3W5j
rJtWgIXH8hgm7Y2zpNXNushB+FIDU2lnRW5k
- [ END DIGITAL SIGNATURE ] -


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: VMWare Server and Kernel? [u]

[Jeremy T. Bouse [c]]

I've ran VMWare Workstation 5 for some time now and it has the same
requirement. If you're running Debian stable this is usually not much of
an issue as you need only install the appropriate kernel headers package
which matches your linux-image package. Debian testing is a lil more
tricky as gcc/g++ could have been upgraded since the kernel was built,
but you can try the same technique as with stable. Debian unstable
you're most assuredly better off just compiling your own kernel image
and header packages using make-kpkg to save yourself a lot of grief.

Regards,
Jeremy

Jan Johansson wrote:

>I am about to set up a new VMWare host since VMWare Server is now a free
>application.
>
>I have understood that in order to complie the various modules, you "must"
>use the exact same GCC for the kernel as for the module. 
>
>Now, if I want to grab linux-image-2.6.15-686-smp and make sure I can build
>the VMWare modules how would I go about doing that?
>
>Can I download the kernel source and make an "exact copy" of the prepackaged
>kernel somehow? As in, all modules compiled the same way and so forth?
>
>Any hints appreciated!
>  
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Branded Servers that support Debian GNU/Linux [u]

[Jeremy T. Bouse [c]]

I've got several PowerEdge 2650's running Debian. Dell won't
pre-install Debian, as they only pre-install RedHat which is the only
distribution of Linux they support. That said Debian will work and you
can just get the systems without an OS installed. My only
suggestion/caution would be to make sure that if you use one of their
PERC RAID cards that you be sure that the system BIOS and the PERC
firmware are the latest version. As well that 2nd optional redundant
power supply is not really optional.

Regards,
Jeremy

Rishi wrote:

>On 1/30/06, david robert <[EMAIL PROTECTED]> wrote:
>  
>
>>i would suggest go for dell i am running 15 debian servers with dell
>>hardware simply fantastic reliability and nicely running
>>
>>
>
>Hi David,
>
>Thanks for the tip. Any specific models that you could recommend? I
>called them and asked for a quote already.
>
>Rishi
>
>
>  
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: LDAP madness! [u]

[Jeremy T. Bouse [c]]

Pete,

Without the LDAP entry you're attempting to authenticate against it
is hard to say. I have gotten Samba to work with LDAP before; however, I
don't currently have it setup as I'm re-structuring my LAN servers at
the moment. Of interest in the LDAP entries is that Samba has it's own
schema of attributes for which it looks for to authenticate and they are
not the same used for POSIX authenticates typically used for PAM & NSS
authentication. It actually maintains two (2) password attributes for
Samba IIRC.

Regards,
Jeremy

Pete Clarke wrote:

> Hi all,
>
> LDAP!
> I have successfully managed to get a working LDAP installation for
> Unix clients, nss & pam logins work fine, even alongside the current
> NIS setup for testing purposes!
>
> I am now trying to get the samba integration working for the Windows
> machines on this networkwhat a royal PITA this is proving to be!!
>
> I can get the structure into the DB alright, and "finger" returns user
> information.smbldap-useradd and smbldap-password work fine, and
> anonymous binds (when using smbclient -L ) work well too ...
> the trouble is that I cannot get authenticated logings via Samba to
> work - I am only trying on the command line for the time being..
>
> The relevant portion (I believe) from the server smb.conf file is:
>
>  LDAP authentication 
> netbios name = cholet
> enable privileges = yes
> ldap passwd sync = Yes
>
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap admin dn = cn=admin,dc=wimbledon
> ldap suffix = dc=wimbledon
> ldap group suffix = ou=Groups
> ldap user suffix = ou=People
> ldap machine suffix = ou=Computers
> #ldap ssl = start_tls
>
> ldap delete dn = Yes
>
> passwd program = /usr/sbin/smbldap-passwd -u " %u"
>
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"et
> primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>
> Logins from both the PDC and other samba boxes fail with :
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> I am using Sarge on an Intel box for the server - does anyone have a
> working installation of Samba/LDAP that could help iron these problems
> out...?
>
> Cheers,
>
>
>
> Pete.
>
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debian on PowerEdge 2850, known bugs?

[Jeremy T. Bouse]

I have three 2850's running Debian Sarge myself at work.There were a
few issues that we became aware of while working with them. The first
was with GRUB and the RAID controller not synching fast enough for the
GRUB installer to verify the files have been placed on the system
without rebooting first. The second issue we ran into was with large
partitions and using ext3 filesystems which we resolved by simply
converting all ext3 partitions to ext2 and the memory issues surrounding
this dissappeared. We have the 2.6 kernel installed but did have to
manually build the 2.6.13 kernel to get the latest RAID controller for
better reliablility so I recommend you can install with the default
kernel but upgrade the kernel to atleast 2.6.13 for the RAID controller
as well as I believe it contains an updated NIC card driver. As it has a
10/100/1000 NIC we did have to turn spanning tree "fast port" on the
switch port in able for DHCP to operate properly.

Regards,
Jeremy

Sinan Nalkaya wrote:

> Im using my poweredges as tftpserver and nfs server, and it may cause 
>problems on these services whic is related to ethernet driver, i usually buy 
>a new intel chipset nic.
>
>On Thursday 15 December 2005 11:58 am, Mickael Cappozzo wrote:
>  
>
>>Dear all,
>>
>>I'm about to install Debian Sarge on a new Server, a Dell PowerEdge 2850
>>with 2 Xeon processors. Before doing that, I'm looking for a list of
>>"known bugs"... Does anyone know if such a list exists and where I can
>>find it?
>>
>>Regards,
>>
>>--
>>Mickaël Cappozzo
>>[EMAIL PROTECTED]
>>
>>
>
>
>  
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: JPGraph won't install

[Jeremy T. Bouse]

   Umm... Has the thought to try and contact the Debian Developer 
maintaining libphp-jpgraph with more detail than this email describe 
crossed your mind? I don't think it has or I would have seen an email in 
my Inbox or a BTS filed and in my Bug folder as I am said maintainer.


   Regards,
   Jeremy

James Scott wrote:

I have just attepmted to install JPGraph on my Sarge box via the 
libphp-jpgraph package using apt-get.  The apt-get process seemed to 
work okay, and reported no errors... however the JPGraph package isn't 
working.  I have tried removing and reinstalling but I just can't seem 
to get it to work.  Any advice on where I might look?  I suspect that 
it is a configuration file that needs to be updated, but I don't know 
which one
 
Any advice would be greatly appreciated.
 



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Installing VMware on Debian 3.1 kernel 2.6.14

[Jeremy T. Bouse]

I'm not currently running 2.6.14 but I am running VMWare Workstation
5 installed on Debian Testing/Etch running on an AMD64 machine. Have you
gotten the
vmware-any-any-update94.tar.gz update and installed it?

Regards,
Jeremy

Martijn Marsman wrote:

> Hello list :D
>
> Iam installing VMware for linux on my Debian 3.1 machine
>
> uname -a --> Linux Covenant 2.6.14-686 #1 PREEMPT Mon Nov 7 16:59:27
> CET 2005 i686 GNU/Linux
>
> i have installed it before and it worked perfect, but now on my new
> system, it refuses to compile a module (vmnet). the output is this:
> /
> Extracting the sources of the vmnet module.
>
> Building the vmnet module.
>
> Using 2.6.x kernel build system.
> make: Entering directory `/tmp/vmware-config6/vmnet-only'
> make -C /lib/modules/2.6.14-686/build/include/.. SUBDIRS=$PWD
> SRCROOT=$PWD/. modules
> make[1]: Entering directory `/usr/src/linux-source-2.6.14'
>  CC [M]  /tmp/vmware-config6/vmnet-only/driver.o
> In file included from /tmp/vmware-config6/vmnet-only/vnet.h:14,
> from /tmp/vmware-config6/vmnet-only/vnetInt.h:10,
> from /tmp/vmware-config6/vmnet-only/driver.c:40:
> /tmp/vmware-config6/vmnet-only/vm_atomic.h:54:5: warning: "_MSC_VER"
> is not defined
> In file included from /tmp/vmware-config6/vmnet-only/vm_oui.h:13,
> from /tmp/vmware-config6/vmnet-only/vnetInt.h:11,
> from /tmp/vmware-config6/vmnet-only/driver.c:40:
> /tmp/vmware-config6/vmnet-only/vm_basic_asm.h:48:5: warning:
> "_MSC_VER" is not defined
> /tmp/vmware-config6/vmnet-only/driver.c: In function
> `VNetProcessOwnsPort':
> /tmp/vmware-config6/vmnet-only/driver.c:1698: error: structure has no
> member named `max_fds'
> make[2]: *** [/tmp/vmware-config6/vmnet-only/driver.o] Error 1
> make[1]: *** [_module_/tmp/vmware-config6/vmnet-only] Error 2
> make[1]: Leaving directory `/usr/src/linux-source-2.6.14'
> make: *** [vmnet.ko] Error 2
> make: Leaving directory `/tmp/vmware-config6/vmnet-only'
> Unable to build the vmnet module.
>
> For more information on how to troubleshoot module-related problems,
> please
> visit our Web site at
> "http://www.vmware.com/download/modules/modules.html"; and
> "http://www.vmware.com/support/reference/linux/prebuilt_modules_linux.html";.
>
>
> Execution aborted.
>
> Covenant:/home/tijn/vmware-distrib#
> /
> i dont know what _MSC_VER is, or what it does.
>
> is this a common problem, did more people had this issue with a newer
> kernel?
>
>
> Thanks in advance,
>
> Met vriendelijke groet / With kind regards,
>
> Martijn Marsman <[EMAIL PROTECTED]>
>
> System Engineer
> AFAB Geldservice B.V.
>
>
>
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: which debian version to host VMWare?

[Jeremy T. Bouse]

I've been running VMWare Workstation 5 under testing without any
problems myself. The only issue is making sure gcc version used to
compile the kernel matches so you can compile the modules necessary. At
the current time I'm actually looking to get rid of VMWare except for
running Windows XP and 2000 when I need to troubleshoot a clients
problem and run all my other VMs under Xen.

Regards
Jeremy

Mark Hansen wrote:

> Can anyone recommend which version (stable, testing, unstable) I
> should use as a host OS with VMWare 5?  Debian will be the host OS and
> I'll have a number of guest OS instances running under VMWare.
>
> Also, which kernel version?
>
> Thanks!
>
>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Please help: Accidentally wiped off the whole hard disk!!!

[Jeremy T. Bouse]

Quite a pickle you've found yourself in, this is a good example
for why not using root much is good. If at this time all you've done is
repartition and save the partition table then the data *should* still be
in tact on the drive. Experience with data forensics has taught me this.

As someone else mentioned if you have the *exact* partition
table configuration prior to this re-partitioning nitemare then you
should be able to simply re-parition and set it back up. In order to do
this you need to have the exact "Start" and "End" values for each
partition. If these are off you could risk losing the data in the
partition or that it may just not be available.

Let me put the disclaimer out there that partitioning is a
destructive process by it's very nature. Just re-partitioning it as you
already have done *may* lose data (again it may not), and attempting to
correct it *may* lose data (again it may not). Just saying there is no
guarantee in anything dealing with re-partitioning.

Provided the Knoppix LiveCD has fdisk available, and provided
you have the exact partition table information from before the failure
you should be able to boot off the CD and correct the partition table.
Again while running under the LiveCD you should be able to attempt
mounting the partitions *ONE-BY-ONE* in *READ-ONLY* mode without running
fsck to see if the data is still there. The read-only mode and not
running fsck is to make sure that nothing is attempted to be written to
the drive. If this all succeeds then reboot again under the LiveCD and
test the partition data again to make sure it passes a "reboot test" and
is still available before attempting to boot it up under it's own power.
You may need to have a LILO or GRUB boot-floppy available if the MBR was
modified so as to make it non-bootable.

There is a risk of data loss, which comes with dealing with
re-partitioning but if you have accurate records of the prior partition
table and proceeed methodically and logically you can limit those risks.
I do not advice doing anything mentioned if you do not feel confident in
any of the steps necessary or the information you have on the partition
table. If you have an extra machine you could test with that you aren't
worried with the data, you could attempt it on there before trying it on
the machine in question. I would try it myself here if I had such a
machine, but unfortunately the only way I could do so would be through
VMware which might not be entirely accurate.

Regards,
Jeremy

On Fri, May 13, 2005 at 01:32:01PM -0400, Deboo ^ wrote:
> I accideantally fdisked my linux hard disk  and deleted all
> partitions, created one single solaris partition. I wanted to do this
> on my second hard disk and thought I had connected the second one and
> disconnected the first, but hadn't disconnected the first one really.
> 
> Now I am unable to boot. Booting from a knpix CD, when I check what
> partition is on that hard disk, I see only one partition, a bf type
> partition (which means solaris) but is unformatted. Here's the output:
> 
> [EMAIL PROTECTED] fdisk -l /dev/hda
> 
> Disk /dev/hda: 40.0 GB, 40060403712 bytes
> 16 heads, 63 sectors/track, 77622 cylinders
> Units = cylinders of 1008 * 512 = 516096 bytes
> 
>Device Boot  Start End  Blocks   Id  System
> /dev/hda1   16253 3151480+  bf  Unknown
> 
> 
> Since it's not yet formatted, I would think there must be a way to
> recover all the data still. I could install this knoppix on the small
> 3 GB hdd and connecting the big hdd, try to recover. Is there a
> program I can use to recover the data? Is it possible without using a
> second 40 GB hard disk or it is not?
> 
> I have lots of data on it,  useful data and lots of linux things I
> wouldn't like to lose. Can someone help?
> 
> Thnks and Regards,
> Deboo
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: acidlab/php problem

[Jeremy T. Bouse]

You know another fine point to look first when having a problem
might be the developer maintaining the package itself. That would be
myself. From what I gleen from this email it's not enough and I don't
recall having yet seen a BTS entry from you so don't have any further
info to help from.

Regards,
Jeremy

On Tue, Jan 04, 2005 at 05:59:54PM -0500, Kenneth Jacker wrote:
> [sarge/testing; 2.6.8-1-686-smp 
>  snort-mysql-2.2.0-9 acidlab-0.9.6b20-10 php4-mysql-4:4.3.10-2
>  apache-ssl-1.3.33-2 mysql-server/mysql-common- 4.0.22-6 ... ]
> 
> I've tried about everything (including multiple installs of 'mysql',
> 'php4', and 'snort') I can think of, but no luck. So am turning to d-u ... !
> 
> Has anyone gotten snort-mysql and acidlab to work on 'sarge'?
> 
> The DB side is fine ... queries show that 'snort' is adding info.  The
> problem is with the initial web page (needed to initialize 'acidlab')
> of "https://acme.cs.appstate.edu/acidlab/acid_main.php";.  No matter
> what I do, I always get the following URL response:
> 
>   PHP ERROR: PHP build incomplete: the prerequisite MySQL support
>   required to read the alert database was not built into PHP. Please
>   recompile PHP with the necessary library (--with-mysql)
> 
> Note that 'phpmyadmin' works fine which suggests it isn't a 'php' problem.
> 
> Anyone know what a solution might be?
> 
> Thanks,
> 
> -- 
> Prof Kenneth H Jacker   [EMAIL PROTECTED]
> Computer Science Dept   www.cs.appstate.edu/~khj
> Appalachian State Univ
> Boone, NC  28608  USA
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


signature.asc
Description: Digital signature

Re: amanda troubles

[Jeremy T. Bouse]

On Mon, Jan 03, 2005 at 10:45:48AM -0700, Glenn English wrote:
> Amanda is installed and commands and scripts are working well from the
> command line (I did have to add the sbins to backup's path to run the
> amanda utilities). 
> 
> But when I run a shell script as a cron job as user backup, access to
> the tape drive is denied -- /dev/nst0 is root:tape, permissions are 660,
> and backup is in the tape group.
> 
First I would check that the 'backup' user is part of the 'tape'
group. If not a permissions setting of 660 owned by root:tape would give
exactly what you describe.

> If I put an "su - backup" in the script and run the job as root, I get
> error message: "amdump must be run as user backup."
> 
What I usually do is to make use of 'sudo' in order to run
amanda commands as 'backup' for testing and never run them as root.
Using sudo it's as simple as using the '-u username' option and the
 exactly as you would normally. 

> Is a command run as a cron job different from the same thing from the
> command line? It looks like there might be a difference having to do
> with real user / effective user.
>

It's been awhile since I did the actual install of amanda,
although I'll be doing it again soon to move my configuration to a new
server we just purchase to work with our Sony LIB 302/A3 library. In or
configuration the cron job entry is actually under the 'backup' users
crontab so it is run as that user and not root at all. If it helps all
we have in cron for amanda is this:

# crontab -u backup -l
0  15 * * 1-5   /usr/sbin/amcheck -m DailySet1
45  0 * * 2-6   /usr/sbin/amdump DailySet1

> Any suggestions? Know of a FM to read (man didn't help)?
> 
> TIA...
> 

Regards,
Jeremy


signature.asc
Description: Digital signature

Re: Debian and Dell?

[Jeremy T. Bouse]

The only problem I can report with Dell will probably have
nothing to affect you at all. My Dell experience has been with the
PowerEdge servers which I've recently found an issue with GRUB
installation from the boot CD when writing to a RAID5 array.

Anyone else working with a RAID array trying to install GRUB I'd
appreciate any input. Problem I'm seeing is grub-install tries to 'dump'
the files back from the /boot partition which may not be cached down to
the array yet thus errors out. I'm currently testing a RedHat 9.0
install with GRUB to see if I have the same problem as Dell supports
RedHat but not Debian.

Regards,
Jeremy

On Wed, Dec 15, 2004 at 10:30:34PM -0500, Ed Sutherland wrote:
> Hi All,
> 
> I just purchased a Dell for my home office and am interested in using 
> Debian on a partition. As my only Linux experience comes from a Mac, I 
> have some questions:
> 
> 1) Will I be able to easily dual-boot Windows or Linux using yaboot, or 
> will I need to go through some BIOS mumbo-jumbo?
> 
> 2) Does Debian support the Dell flatscreen monitors?
> 
> 3) Does the i86 side of Debian better support Web graphics and animation 
> formats -- such as shockwave?
> 
> Thanks for the answers.
> 
> Ed
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact 
> [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Apache2 and PHP

[Jeremy T. Bouse]

Did you perform the 'a2enmod php4' to enable PHP4 module support
on Apache2? If you did there should be the php4.conf and php4.load
symlinks under /etc/apache2/mod-enabled/. I have no problems with
Apache2 and PHP4 on my machine at home. I have libapache2-mod-php4 along
with php4 and the php4- packages I use locally.

Regards,
Jeremy

On Thu, Sep 23, 2004 at 05:24:28PM -0400, JoeHill wrote:
> 
> I'm almost there...
> 
> My site relies on some very minor PHP bits on the main page, index.php. I have
> installed:
> 
> node3:/var/www/apache2-default# apt-get install libapache2-mod-php4
> Reading Package Lists... Done
> Building Dependency Tree... Done
> libapache2-mod-php4 is already the newest version.
> 
> as well as the php4 package.
> 
> ...but when I try to load the page from my Mandrake box, I get:
> 
> Warning: Unknown(/var/www/apache2-default/index.php): failed to open stream:
> Permission denied in Unknown on line 0
> 
> Warning: (null)(): Failed opening '/var/www/apache2-default/index.php' for
> inclusion (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line
> 0
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ADSL/pppoe configuration problem

[Jeremy T. Bouse]

I'm not sure exactly who your ADSL provider is but having gone
through a similar error situation with SBC Yahoo DSL service I'd suggest
checking with your providers tier 2 tech support that the line is
actually properly configured for PPPOE. In my case they had the line
configured to ignore the LCP connection request packets so my system was
failing to see their access concentrator. Once the tech corrected this
problem I could see the AC using pppoe-discover or pppoeconf without a
problem. 

Now for me actually authenticating became the issue after I
could see their AC as it seems their RedBack configuration was denying
my /28 subnet configuration being handed to it via RADIUS. As of this
writing I'm still not authenticated and it's been since the 20th that
they said this order was completed.

Regards,
Jeremy

On Tue, Aug 31, 2004 at 08:14:38AM -0700, easf cdscvs wrote:
> Hello, I just recently installed debian, and I can't
> configure my ADSL connection.
> When I run the configuration in the menu, it says it
> found the ethernet device,
> but the next step fails, something about "access
> concentrator not found" and hinting that another
> proccess may be using it.
> 
> Any idea what I might do? Right now I'm using knoppix
> and
> The adsl
> configuration tool works fine,
> just promting me for a name and password, and I can
> connect
> to my ADSL connection. And yes,
> I did load the kernel modules for my network adapter.
> I also loaded the "pppoe" module, and it still refuses
> to work.
> 
> Any ideas what I can do?
> 
> 
>   
> __
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> http://promotions.yahoo.com/new_mail
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Chosing Debian firewall packages

[Jeremy T. Bouse]

On Tue, Aug 17, 2004 at 03:25:52PM -0400, Tong wrote:
> Hi, 
> 
> I used to use iptables + wondershaper in RH. I notice there are many
> ready-made firewall packages available in Debian (e.g., Firestarter,
> FireHOL, etc). I'm wondering which one do you recommend? 
> 
> Thanks
> 
A highly biased question IMHO, but my biased opinion goes with
Firewall Builder (fwbuilder) which I maintain; hence the bias opinion. I
think it really comes down to which provide the features you feel you
need for your situation. I do a lot of firewall work on my own and
client networks so I like the multiple policy compiler option of
fwbuilder. I also like the relative ease it is for me to make changes,
be they interface names or complete firewall plaform.

Regards,
Jeremy


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Nagios vs Netsaint

[Jeremy T. Bouse]

In short, nope. I'm on the plugin development team which is
separate from the development team for Nagios itself. I've actually not
had any look at the nagios-mysql or -postgresql tables and whether or
not they were indexed or optomized. I can only speculate it was not
given a high priority at the time and would suggest making your
suggestions through a bug report on the Nagios SourceForge project.

Regards,
Jeremy

On Wed, Jul 21, 2004 at 12:17:01AM +0200, Jacob Friis Larsen wrote:
> I chose nagios-mysql.
> 
> Do you know why no tables have indexes?
> 
> Thanks,
> Jacob


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Nagios vs Netsaint

[Jeremy T. Bouse]

Well being on the Nagios plugin development team, which was
formerly the netsaint plugin development team, I can that there is no
work being done on the Netsaint product and all development and
advancement is in Nagios. For the most part the plugins are
interchangable as I don't recall any API change that make them not be
so.

Regards,
Jeremy

On Tue, Jul 20, 2004 at 12:14:55AM +0200, Jacob Friis Larsen wrote:
> I see there are both Nagios and Netsaint packages.
> Which one should I use, or can I use both on the same server?
> Is it possible to use Netsaint plugins with Nagios?
> 
> Thanks,
> Jacob
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: nvidia geforce fx-5200

[Jeremy T. Bouse]

Doing a 'lspci -v' on my system here at work that I have a FX
5200 installed on I get the following:

:01:00.0 VGA compatible controller: nVidia Corporation NV34 [GeForce FX 5200
] (rev a1) (prog-if 00 [VGA])
Flags: bus master, 66MHz, medium devsel, latency 248, IRQ 11
Memory at d600 (32-bit, non-prefetchable) [size=d7fe]
Memory at d800 (32-bit, prefetchable) [size=128M]
Expansion ROM at 0002 [disabled]
Capabilities: [60] Power Management version 2
Capabilities: [44] AGP version 3.0

If you get similar results than you may try what I use. I
actually have the nvidia-glx package along with the
nvidia-kernel- built from the nvidia-kernel-source package for
the current running kernel. I've got it running on dual 18" flat panel
LCDs with Xinerama enabled.

Regards,
Jeremy

On Mon, May 17, 2004 at 05:15:25PM +0100, Gary Munday wrote:
> Hi, i am new to debian and wondered what i should do / what drivers to use 
> to get my xserver / desktop to work on the fx-5200 graphics card.
> 
> Regards
> 
> Gary
> 
> 


signature.asc
Description: Digital signature

Re: LDAP tutorial?

[Jeremy T. Bouse]

I did check out this URL as well as the two that Nelson had
mention'd in his reply to your posting. These instructions are for the
primary purpose of authentication rather than addressbook features
although if done properly both can be accomplished in one step. It's
just a matter of making sure your entry has the proper objectClass added
to it and then adding the necessary attributes.

The one problem I've found thus far with OpenLDAP and the
various open-source LDAP management solutions is none of them produce a
proper valid LDAP entry that can pass schemacheck muster. I generaly
just use GQ and build out the entries themselves from my working
knowledge. The problem becomes very evident with the 2.1.x version of
OpenLDAP as I found out when I upgraded and had to spend a day bringing
my entire tree up to muster. The biggest problem is in the various
applications being able to follow a proper structural objectClass chain.
Many (directory-administrator and webmin) would try to include
objectClasses from two seperate STRUCTURAL objectClass chains. All the
objectClasses for an entry need to be in the same structural chain or
optionally include AUXILIARY objectClasses. Even the migration tools had
problems with this last time I recall checking on them. For me I use the
following objectClass definition for an account:

top (structural)
person  (structural)
posixAccount(auxiliary)
inetLocalMailRecipient  (auxiliary)

The person OC is stack'd on top, so to follow a proper chain any
other structural OC's must stack on 'person' not 'top' from this point.
Both of the auxiliary OC's stack on top which is fine. What you can't do
is what directory-administrator likes to try for host level access
control and include the account OC which is structural stack'd on top.
This violates the structural objectClass chain. You could add
organizationalPerson and inetOrgPerson if you wanted to include more
details as organizationalPerson stacks on person, and inetOrgPerson
stacks on organizationalPerson. That would give you a very detail'd
address book entry for a user. If they didn't need to have an account
referenced then you could get away with removing the posixAccount
auxiliary objectClass. The inetLocalMailRecipient is handy for smart
LDAP routing of email addresses.

I use my LDAP information rather extensively on my network as
user accounts are listed in there, as well my mail servers use it for
most of their configurations allowing them to be replaced with relative
ease. So my LDAP servers are hit pretty hard daily, as of me writing
this LDAP01 hashandled over 878K searches and LDAP02 another 867K and
those are just the slaves that the network rely on. My primary is just
used for management of the tree itself.

Regards,
Jeremy

On Wed, Mar 10, 2004 at 06:00:51PM +, Martin Ellis wrote:
> On Wed, Mar 10, 2004 at 04:43:45PM +0100, Nicos Gollan wrote:
> > > Is there any good tutorial on how to set up a very basic LDAP
> > > server for simple things like keeping an address book? I know
> 
> On Wednesday 10 March 2004 17:13, Jeremy T. Bouse wrote:
> > I've been working with LDAP to handle the centralized
> > authentication of my home network, and now implimenting at work.
> 
> There's a doc by Torsten Landschoff listed on the OpenLDAP pages on 
> alioth that describes this (NSS/PAM with LDAP):
> 
> http://alioth.debian.org/forum/forum.php?forum_id=771
> 
> I don't know enough about the subject to know whether the default LDAP 
> schema you'll get following this article is sufficient to form an 
> address book - but it might be a good start?
> 
> Martin
> 


signature.asc
Description: Digital signature

Re: LDAP tutorial?

[Jeremy T. Bouse]

I've been working with LDAP to handle the centralized
authentication of my home network, and now implimenting at work. While
going through the learning curve I found there was really not a lot of
good solid documentation on the subject. That's changed a lil as of
late, but not by much. I've not put together any formal document
spelling out how I've accomplished what I have setup but would be
welcome to try and field any specific questions you might have. Maybe
from that knowledge someone better at document writing could put it into
a more useful document for others.

Regards,
Jeremy

On Wed, Mar 10, 2004 at 04:43:45PM +0100, Nicos Gollan wrote:
> Is there any good tutorial on how to set up a very basic LDAP server for
> simple things like keeping an address book? I know it's overkill, but
> LDAP seems to be the only possibility to access a central addressbook
> from different applications that aren't all from either Gnome or KDE.
> 
> My searches on that topic brought up only hits like "buy this book to
> manage your enterprise-scale server", "LDAP is very complex and I didn't
> get it" and "LDAP sucks".
> 
> Where is interoperability when you need it? ;-)
> 



signature.asc
Description: Digital signature

Re: linphone in debian

[Jeremy T. Bouse]

The upstream has a package but it's really crude and not that great of
a packaging. I had put an ITP in to package it as soon as I realized
that but then in starting to work on it I found out just how bad it is.
Rather than listing what supporting packages it needs the upstream has
put all of them in his source tree and installs them as one. I just ran
out of time to deal with trying to clean it up and make a proper package
when I started getting into the legal quagmire I'm in currently. If
someone else has more time and interest to deal with it take over my
ITP.

Regards,
Jeremy

On Sat, Feb 14, 2004 at 08:42:13AM -0500, Antonio Rodriguez wrote:
> Has anyone used linphone in this list that would care to share
> h(i,e)(s,r) experiences?
> It doesn't seem that it is packaged for debian by any official
> mantainer, is it?
> 


signature.asc
Description: Digital signature

Re: unable to connect with gaim to yahoo messenger

[Jeremy T. Bouse]

The current released version of 0.75 in Unstable should be having no
problems logging into Yahoo Messenger accounts... I've been using it
since it was released without a problem...

Regards,
Jeremy

On Sat, Jan 17, 2004 at 08:07:26PM +0200, Micha Feigin wrote:
> On Sat, Jan 17, 2004 at 10:53:48AM -0600, Kent West wrote:
> > Micha Feigin wrote:
> > 
> > >I just tried connecting with gaim to a yahoo messenger account for the
> > >first time and I can't get it working.
> > >as far as I can tell I have a profile (I have a yahoo email and it
> > >seems to me that I activated the messenger profile).
> > >When I try to connect I get the error that the user has been
> > >disconnected with an error "unable to read"
> > >Any ideas?
> > >
> > >
> > > 
> > >
> > You don't say what version of Debian/gaim you're using; I know that 
> > Yahoo tends to do things behind the scenes that often breaks gaim until 
> > the gaim developers work around the issue. I've seen this error when 
> > that happens; then I wait a few days/weeks, apt-get upgrade and get a 
> > new version of gaim, and then gaim starts working again. (I'm running sid.)
> > 
>  
> I am using unstable.
> 
> > gaim was working just fine for me about a week ago, but now it won't 
> > connect; this time the error is different than I've ever seen before; it 
> > says "incorrect password". So I logged into the web browser-based 
> > version, and logged in just fine with my username/password, so I assume 
> > Yahoo has done something new to break third-party IM clients such as gaim.
> > 
> > You might try the web-based version (via my.yahoo.com), or you can 
> > download/install Yahoo's client for Linux (ymessenger - works fine; I 
> > like gaim slightly better, and I prefer it over ymessenger because it's 
> > open source), or perhaps try another 3rd party client, or download the 
> > newest gaim source and compile it yourself and hope the problem is fixed 
> > in there (or do your own reverse-engineering and fix it).
> > 
> > Sorry I didn't have a quick fix for gaim for you.
> > 
> 
> Thanx, it was more a question of whether its me missing something basic
> or gaim being faulty.
> 
> > -- 
> > Kent
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> > with a subject of "unsubscribe". Trouble? Contact 
> > [EMAIL PROTECTED]
> > 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


signature.asc
Description: Digital signature

Re: Crusoe longrun 2.6.1

[Jeremy T. Bouse]

On my Sony Vaio I'm runnin 2.6.1 on I have an ac_adpt.sh script in
/etc/acpi which is called when the ac_adpt event is called which does
the calls to longrun when it goes online or off-line...

Regards,
Jeremy

On Mon, Jan 12, 2004 at 08:57:20AM +0100, Jan Ulrich Hasecke wrote:
> 
> Hi,
> 
> I set longrun in kernel 2.6.1 on my Transmeta Crusoe Notebook. Is that
> all or do I have to use any additional program from the debian-package
> longrun, to use this option?
> 
> TIA
> juh
> 
> -- 
> Eine Weltb?rgerin zieht aufs Land
> http://www.spiegel.de/netzwelt/netzkultur/0,1518,53445,00.html
> 
> 
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


signature.asc
Description: Digital signature

Re: Anyone using Aironet or similar wireless device?

[Jeremy T. Bouse]

In my experience with my Sony Vaio laptop which I use a Cisco Aironet
350 I found with the latest firmware I was pretty much forced to move to
the 2.6 kernel for support... After the firmware update the 2.4 driver
started failing to work properly for me and updating to the 2.6 kernel
I've had no problems.

Regards,
Jeremy

On Mon, Jan 12, 2004 at 10:11:04AM +, Anthony Campbell wrote:
> I have a Cisco Aironet 4800, which I am trying to use on a Toshiba
> Satellite.
> 
> I have kernel 2.4.24, which claims to have drivers for this card.. I
> have installed all the available drivers but no device is registered.
> However, cardinfo does show the card is present and pcmcia appears to be
> working since I also have a modem card which works perfectly in the
> other slot.
> 
> /proc/driver/aironet is empty.
> 
> Any suggestions about how to proceed here?
> 
> AC
> 
> -- 
> [EMAIL PROTECTED]||  http://www.acampbell.org.uk
> using Linux GNU/Debian ||  for book reviews, electronic 
> Windows-free zone  ||  books and skeptical articles
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


signature.asc
Description: Digital signature

Re: Fas anyone gotten fwbuilder to work?

[Jeremy T. Bouse]

I'm the maintainer of fwbuilder... I just arrived home from a two week
vacation and had authorized an NMU be done but have not had a chance to
check it out myself yet. This is on my 'todo' list at this time along
with a great many other things related to Debian, work and personal
items.

Of note I've not seen any bugs filed against the version 1.1.1-0.1
which is the NMU'd version that should be in unstable at this time.

Regards,
Jeremy

On Wed, Dec 31, 2003 at 01:50:19PM -0500, stan wrote:
> I'm trying to et fwbuilder to work. I've tried on a testing machine that I
> just updated today _and_ and unstable machine. In both cases when I try to
> run it, it complains about npt finding some files. Looks like the files are
> in /usr/share/fwbuilder/*. But it can't find them. 
> 
> Is there an environment variable, or something that I need to set?
> 
> 
> -- 
> "They that would give up essential liberty for temporary safety deserve
> neither liberty nor safety."
>   -- Benjamin Franklin
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


signature.asc
Description: Digital signature

Re: Backports.org

[Jeremy T. Bouse]

17  completel.155M.DOR002.versatel.de (62.214.64.122)  166 ms  165 ms
166 ms
18  fe4-0-0-20.bbr2.ess.completel.de (195.167.210.18)  264 ms  293 ms
231 ms
19  POS9-1-0.bbr1.ber.completel.de (195.167.211.13)  177 ms  177 ms  177
ms
20  ge4-0-0-10.bbr2.ber.completel.de (195.167.209.130)  204 ms  177 ms
177 ms
21  POS9-1-0.bbr2.nue.completel.de (195.167.211.10)  186 ms  185 ms  185
ms
22  fe4-0-0-10.bbr1.nue.completel.de (195.167.210.129)  184 ms  184 ms
184 ms
23  backports.services.n-ix.net (194.8.57.10)  186 ms  184 ms  183 ms

I'm able to reach it through my verio.net -> komtel.net -> versatel.de ->
completel.de route here at work. I haven't tried from home which goes
through another provider route.

Regards,
Jeremy

On Mon, Dec 08, 2003 at 01:50:38PM -0700, Nate Duehr wrote:
> Mike Dresser wrote:
> >Anyone know what is going on with www.backports.org?
> >
> >I can get at it from a few rare hosts, but from most of the hosts I've
> >tried it simply times out.  Traceroute reveals it dies in the
> >eurorings.net, and from another host i-p-x.de
> >
> >I had to use google's cache to get a peek at the mirror listing in order
> >to find replacement deb lines that worked.
> >
> >Mike
> 
> $ traceroute 194.8.57.10
> traceroute to 194.8.57.10 (194.8.57.10), 30 hops max, 38 byte packets
>  1  199.239.11.254 (199.239.11.254)  2.297 ms  1.067 ms  1.061 ms
>  2  172.16.50.122 (172.16.50.122)  19.875 ms  8.485 ms  27.871 ms
>  3  216.183.120.154 (216.183.120.154)  22.035 ms  34.127 ms  5.123 ms
>  4  ibr0003-vlan-1.den03.inflow.net (216.183.96.3)  5.382 ms  7.090 ms 
>  5.634 ms
>  5  dvr-edge-03.inet.qwest.net (63.237.112.161)  35.734 ms *  230.727 ms
>  6  dia-core-02.inet.qwest.net (205.171.10.77)  209.510 ms  245.280 ms *
>  7  dia-core-01.inet.qwest.net (205.171.142.1)  8.621 ms  7.160 ms 
> 94.783 ms
>  8  kcm-core-01.inet.qwest.net (205.171.8.138)  55.412 ms  18.505 ms 
> 17.491 ms
>  9  kcm-core-03.inet.qwest.net (205.171.29.122)  17.557 ms  17.805 ms 
> 17.143 ms
> 10  ewr-core-01.inet.qwest.net (205.171.8.186)  49.495 ms  56.657 ms 
> 49.528 ms
> 11  ewr-brdr-02.inet.qwest.net (205.171.17.126)  61.147 ms  49.638 ms 
> 78.943 ms
> 12  ledn-rou-1001.NL.eurorings.net (134.222.254.1)  138.362 ms  138.326 
> ms  139.598 ms
> 13  ffm-s1-rou-1001.DE.eurorings.net (134.222.230.14)  144.339 ms 
> 144.669 ms  144.529 ms
> 14  nbg-s1-rou-1071.DE.eurorings.net (134.222.227.30)  151.816 ms 
> 151.368 ms  179.337 ms
> 15  * * *
> 16  * * *
> 
> Dies from my work connection.  Very slow (350+ms) from Denver, Colorado 
> InterNAP/pnap connection on one of my home boxes.  The above traceroute 
> shows the work connection.
> 
> I didn't mess with looking at any of the routing looking glass servers 
> anywhwere to see who's announcing what/where...
> 
> Nate, [EMAIL PROTECTED]
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact 
> [EMAIL PROTECTED]
> 


signature.asc
Description: Digital signature

Re: Looking for 17" TFT X11 config (mine is flickering...)

[Jeremy T. Bouse]

Have you tried having it autoscan without trying to add your own
custom mode lines? I don't have the same LCD but I do have two NEC
MultiSync LDC1800 running in Xinerama mode off a nVidia GeForce FX 5200
runnning quite nicely at 1280x1024 without any flicker. All I set for
the "Monitor" section was the HorizSync, VertRefresh and the DPMS
option. I got the hsync and vsync from the NEC web site and it seems you
have the appropriate values for your model. All mode lines are detected
by XF4.3 on it's own.

    Regards,
    Jeremy T. Bouse

On Tue, Nov 25, 2003 at 02:52:57PM +0100, Christian Hammers wrote:
> Hello
> 
> My brand new LG "Flatron L1715S" TFT display with max resolution
> [EMAIL PROTECTED] and recommended resolution "[EMAIL PROTECTED]" is flickering
> like hell in the first and at least a bit in the second resolution.
> 
> A collegue of mine uses the same TFT with Windows and has, surprise,
> no problems at all with 75Hz. I have just a "ATI 3D Rage IIC" but this
> should be enough, or?
> 
> Can anybody give me a hint what to tune to get a clean picture?
> 
> thanks in advance,
> 
> -christian-
> 
> 
> My relevant XF86Config-4 so far:
> 
> Section "Device"
> Identifier  "ATI 3D Rage IIC AGP (rev 7a)"
> Driver  "ati"
> EndSection
> 
> Section "Monitor"
>  Identifier  "LG Flatron L1715S"
>  HorizSync   30-83 # According to manual on CDROM
>  VertRefresh 56-75
>  Option  "DPMS"
>  # 1280x1024 @ 60Hz (VESA) hsync: 64.0kHz (not better without it)
>  ModeLine "[EMAIL PROTECTED]" 108.0 1280 1328 1440 1688   1024 1025 1028 1066 +hsync 
> +vsync
> EndSection
> 
> Section "Screen"
>  Identifier  "Default Screen"
>  Device  "ATI 3D Rage IIC AGP (rev 7a)"
>  Monitor "LG Flatron L1715S"
>  DefaultDepth16
>  SubSection "Display"
>   Depth   16
>   Modes   "[EMAIL PROTECTED]" "1280x1024" "1280x960" "1152x864" "1024x768"
>  EndSubSection
> EndSection
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: sendmail question

[Jeremy T. Bouse]

By default sendmail should try to redeliver every 4 hours for up
to 5 days... After that it should start sending back undeliverable
messages to the sender... This of course is configurable but is pretty
much recommended defaults... I've not found it to be a problem for any
of the many sendmail servers I admin.

As for space you just need to make sure that the filesystem with
the spool directory (usually /var/spool/mail by default) has plenty of
available space as if it gets too full sendmail will stop accepting
email completely. I tend to make sure the mail spool directory and my
system logs are on seperate partitions for this reason.

Regards,
Jeremy

On Fri, Nov 14, 2003 at 01:22:42PM -0500, Vivek Kumar wrote:
> Hi ,
> 
> All the incoming mails comes to Debian Linux box and get s forwarded to
> Exchange server for distribution. IF the MS exchange server is down for
> few hours then what happens to the mail ?? If Linux box keeps it then
> how long it can keep the mails ?? Will there be any disk space issue for
> the incoming mails ??
> What should I do in such case. Any help is appreciated.
> 
> Thanks
> -- 
> Vivek 
> 
> 
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact 
> [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: Preventing Forkbombs

[Jeremy T. Bouse]

Unilateral toltarian rule of the system ulimits... Set the max
for the system and the user can set it higher than that... This will
just make the forkbomb seg fault when it's hit the limit...

Regards,
Jeremy

On Wed, Nov 12, 2003 at 02:56:37PM -0800, Tom wrote:
> How does one prevent a non-root user from locking up the system with:
> 
> perl -e "while(1){fork}"
> 
> System seems to become utterly unresponsive.  (It's a loaded question, I 
> know.)  Please no answers like: "don't do that" or "working by design".
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: Nagios Error CGI

[Jeremy T. Bouse]

This is a known issue in the configuration of the Nagios package... It
among others are currently being worked on to also allow for the Nagios
plugins package that I am working on to install properly. Delay on the
plugins package has been due to my development machine crashing on me
recently...

Regards,
Jeremy

On Mon, Oct 13, 2003 at 10:42:18AM +0200, Geller, Steven wrote:
> Hi Mailing List!
> 
>  
> 
> I have a problem with the installtion and configuration of nagios.
> 
> I install the nagios 1.1 on a Debian 3.0 with apt-get ( testing) 
> 
> Version nagios-text 2:1.1-1
>   
> 
> And apache 1.3.27.0-2
>    
> 
>  
> 
> I have read the Documentation and tried it out and I received this error
> :
> 
>  
> 
> It appears as though you do not have permission to view information for
> any of the services you requested...
> 
> If you believe this is an error, check the HTTP server authentication
> requirements for accessing this CGI
> and check the authorization options in your CGI configuration file.
> 
>  
> 
> I have change 
> 
> use_authentication=1 to use_authentication=0
> 
>  
> 
> but I get this error too.
> 
>  
> 
> Thanks for help 
> 
>  
> 
> Steven 
> 
>  
> 
>  
> 
>  
> 
>  
> 


signature.asc
Description: Digital signature

Re: Sendmail and SMTP AUTH

[Jeremy T. Bouse]

Umm... If you're installing the Debian sendmail packages getting this
setup should be a matter of maybe 5-15 minutes at the most... The
sendmailconfig script already notifies you if it detects SASL is
available and mentions what packages to install and then re-run the
sendmailconfig...

Regards,
Jeremy

On Mon, Oct 06, 2003 at 09:01:19PM -0500, James W. Thompson, II wrote:
> I am trying to get Sendmail setup with SMTP AUTH for send mail from my 
> powerbook. I have tried to follow the directions I have found but I am 
> new to sendmail and Linux administration in general and am having 
> problems, I want a strong authentication setup so that only users of my 
> system can use SMTP services to send mail. Also I need a recommendation 
> of a secure POP system for receiving mail.
> 
> -Dubbs
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact 
> [EMAIL PROTECTED]
> 


signature.asc
Description: Digital signature

Re: superfreeswan on Debian

[Jeremy T. Bouse]

Just grab the Debian freeswan source debs as they install all
the patches that superfreeswan incorporates already... I'm running it
myself on my woody/stable box... I just grab'd the source deb and
recompiled on stable...

Regards,
    Jeremy T. Bouse

On Mon, Sep 15, 2003 at 03:30:42PM -0400, Fraser Campbell wrote:
> Hi,
> 
> I found some backported freeswan packages for woody at 
> http://people.debian.org/~nobse/deprecated/backported/freeswan/
> 
> They are based on freeswan 1.99 and work well for basic vpns.  I was hoping to 
> find packages for superfreeswan since I require some of the many patches that 
> the superfreeswan guys apply.  Anyone know of any superfreeswan packages for 
> Woody?
> 
> Thanks,
> -- 
> Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/
> Halton Hills, Ontario, Canada   Debian GNU/Linux
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: best laptops for debian linux

[Jeremy T. Bouse]

Given recent versions (ObReference: I normally run Unstable on
my laptops) of Debian I've had no problems with either my Toshiba
Satellite Pro 4600 or my Sony Vaio PCG-C1MWP...

I should note that I say "no problems" but it really means
nothing that has been a show stopper... Neither can use the internal
modem, and the Vaio is unable to make use of the internal webcam at this
time... BUt they both function properly and I work off them daily...

Regards,
    Jeremy T. Bouse

On Fri, Sep 12, 2003 at 09:25:30AM -0800, Andy Firman wrote:
> On Fri, Sep 12, 2003 at 01:12:47AM -0700, Jon wrote:
> > I'm looking to buy a laptop that can easily be set up to run debian
> > linux.  I do not need a high end graphics card, nor is there a real
> > need for a big screen.   Being light weight is not a primary factor,
> > whereas rugged reliability would be.  Can anyone suggest particular
> > brands and models that fit this description?  Top priority is that
> > debian linux can be easily installed on the machine, while the other
> > requirements are less important.
> 
> I am on my 3rd IBM Thinkpad and ALL of them ran Debian perfectly.
> There is a huge range of Thinkpads so you will easily find one that
> fits your requirements.
> 
> First was a Thinkpad 390e, second was a Thinkpad A21e, and now I am
> on a very nice and powerful Thinkpad A31.
> 
> If you are brave, you can get one off Ebay for a reasonable price.
> I usually buy brand new from PCMall.com.
> (hate paying the Microsoft tax though...ugh!)
> 
> This page has been a great help to me:
> http://www.linux-on-laptops.com/ibm.html
> 
> Good luck with your purchase.
> 
> Andy
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

GTK Firewall Control Center

[Jeremy T. Bouse]

Apologizes for the cross-posting but wanted to be sure I made the post
to get the best response...

I am currently the gfcc maintainer; however I've got two choices on my
mind regarding the future of the package... Currently there is
absolutely no active upstream for gfcc and there are several wishlist
bugs (5 of the 7 current bugs), three of which were forwarded upstream
but no response and upstream has not been active for over 2 years and
the URL for the software is no longer active. Also gfcc only works with
an ipchains firewall which hasn't been a high priority since iptables
came out...

I'm also the maintainer for fwbuilder (Firewall Builder) which I have
been recommending over gfcc. Fwbuilder could effectively have a new
ipchains policy compiler written although upstream drop'd it about 6
versions ago...

So my decisions are to either throw it up for adoption and orphan it,
or request it's removal... However I'm not certain if it's being used
or not... In which case if it's being used removal may not be the right
choice... So I'm looking to get some input on this matter...

Regards,
Jeremy T. Bouse


pgp0.pgp
Description: PGP signature

Re: Nagios on Debian

[Jeremy T. Bouse]

On Thu, Sep 04, 2003 at 02:34:42PM +0100, Gerhard Venter wrote:
> Hi Jeremy
> 
> Thanks for the reply - It is nice to hear from an actual developer, and 
> we will wait for  the plugins to appear.
> But I think there is an additional issue.  Our setup is with Apache2.  
> The binary characters appearing in the right-hand frame of the Nagios 
> web interface must be un-interpreted CGI.  This seems to be Apache2 
> related, or can it be explained by the fact that no plugins are installed?
> 
> Gerhard
> 

You're welcome, I'm still working to fix some install issues
that have been found with the packages I currently have so I hope to
have them resolved shortly and be available... 

As for the issue with Apache2 I haven't actually tried setting
up on Apache2 at this time; however I would hazzard a guess that Nagios
web interface should operate whether you had plugins or not... Nagios
merely operates as the framework controlling the execution of plugins
and displaying the results... As such it should operate fine prior to
the plugins being installed just not really able to check anything...
Currently both of my production Nagios machines are runnin Apache 1.x
and Nagios 1.1 rebuilt for woody/stable... I'll see about installing
Apache2 on my workstation runnin unstable and try to work on the issues
regarding the Apache2 setup... 

Regards,
Jeremy


pgp0.pgp
Description: PGP signature

Re: ..dead ext3 journals, was: Nagios on Debian

[Jeremy T. Bouse]

On Wed, Sep 03, 2003 at 07:00:42PM +0200, Arnt Karlsen wrote:
> On Wed, 3 Sep 2003 08:22:22 -0700, 
> "Jeremy T. Bouse" <[EMAIL PROTECTED]> wrote in message 
> <[EMAIL PROTECTED]>:
> 
> > On Wed, Sep 03, 2003 at 04:55:53PM +0200, Arnt Karlsen wrote:
> > > On Tue, 2 Sep 2003 09:48:40 -0700, 
> > > "Jeremy T. Bouse" <[EMAIL PROTECTED]> top posted in message 
> > > <[EMAIL PROTECTED]>:
> > > 
> > > > Nagios itself is necessary... Also I've worked out the
> > > > dependencies so that Nagios can be setup in a distributed fashion
> > > > as documented in the Nagios docs where you only need the central
> > > > server to have a web server installed... It didn't make sense to
> > > > have it "recommend" the plugins but "depend" on the web server
> > > > which meant you couldn't install nagios as a probe-only server
> > > > with no web interface and installing Nagios without the plugins
> > > > doesn't make much sense at all...
> > > 
> > > .."a web server" == "an Apache webserver"?  There are _several_ out 
> > > there, even some lightweight...
> > >
> > 
> > Well it's put as "apache | apache-ssl | httpd" which should
> > allow any web server package to be used however the packaging at this
> > time only knows how to try and configure itself to run on apache or
> > apache-ssl...
> 
> ..ah, so with boa or monkey webservers I just have to figure out 
> config stuff myself.  ;-)
>
Well I'm not the official Nagios maintainer I'm just working on
a NMU for it to get the plugins package working since maintainer hasn't
had time to work on it... I also don't run boa or monkey webservers so
I'm the last person you'd want trying to figure out the config stuff :)
 
> > By changing debian/control so that it "Suggests" the web server
> > rather than depends on it you could setup a distributed monitoring
> > system with Nagios as listed on the Nagios documentation[1]. Also it
> > made more sense to change the "Depends" to "nagios-plugins |
> > netsaint-plugins (>= 1.2.9.4-7)" rather than as a "Suggests" or
> > "Recommends" as Nagios doesn't make much sense without them... 
> > 
> > Regards,
> > Jeremy
> > 
> > [1]http://nagios.sourceforge.net/docs/1_0/distributed.html 
> 
> ..thanks, while I got your attention:  there _are_ ways to monitor 
> ext3 and other journalling fs'es for journalling failures?  Had a 
> few ext3 go ro on /var and /home and trigging a kernel panic is 
> usually overkill, especially on raid-1, I would have expected the 
> "journal demon" bail out the "bad disk" and do fsck and restart 
> the journal and resync etc, but with Red Hat 7.3-9 and Debian, it's 
> "at best" "errors=remount-ro".
>
This could be handled by Nagios in theory... I'm not aware of
any plugin at this time that checks journal status but I'm sure one
could be written and with the assistance of a properly written event
handler script auto-correct the solution... In the production systems
I'm runing Nagios in we have some event handlers which restart hung
processes before they cause problems... 

Regards,
Jeremy
 
> -- 
> ..med vennlig hilsen = with Kind Regards from Arnt... ;-)
> ...with a number of polar bear hunters in his ancestry...
>   Scenarios always come in sets of three: 
>   best case, worst case, and just in case.
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: Nagios on Debian

[Jeremy T. Bouse]

On Wed, Sep 03, 2003 at 04:55:53PM +0200, Arnt Karlsen wrote:
> On Tue, 2 Sep 2003 09:48:40 -0700, 
> "Jeremy T. Bouse" <[EMAIL PROTECTED]> top posted in message 
> <[EMAIL PROTECTED]>:
> 
> > Nagios itself is necessary... Also I've worked out the dependencies so
> > that Nagios can be setup in a distributed fashion as documented in the
> > Nagios docs where you only need the central server to have a web
> > server installed... It didn't make sense to have it "recommend" the
> > plugins but "depend" on the web server which meant you couldn't
> > install nagios as a probe-only server with no web interface and
> > installing Nagios without the plugins doesn't make much sense at
> > all...
> 
> .."a web server" == "an Apache webserver"?  There are _several_ out 
> there, even some lightweight...
>

Well it's put as "apache | apache-ssl | httpd" which should
allow any web server package to be used however the packaging at this
time only knows how to try and configure itself to run on apache or
apache-ssl...

By changing debian/control so that it "Suggests" the web server
rather than depends on it you could setup a distributed monitoring
system with Nagios as listed on the Nagios documentation[1]. Also it
made more sense to change the "Depends" to "nagios-plugins |
netsaint-plugins (>= 1.2.9.4-7)" rather than as a "Suggests" or
"Recommends" as Nagios doesn't make much sense without them... 

Regards,
Jeremy

[1]http://nagios.sourceforge.net/docs/1_0/distributed.html 

> -- 
> ..med vennlig hilsen = with Kind Regards from Arnt... ;-)
> ...with a number of polar bear hunters in his ancestry...
>   Scenarios always come in sets of three: 
>   best case, worst case, and just in case.
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: Nagios on Debian

[Jeremy T. Bouse]

Nagios plugins have been held up with issues in the Nagios
package itself... Hopefully these will be fixed shortly (I have a
possible NMU at this time being tested) and the plugins can be uploaded
and get into the archive mirrors later this week or by next week at the
latest... The problem is the plugins package will not install properly
with the current Nagios packages so the update to Nagios itself is
necessary... Also I've worked out the dependencies so that Nagios can be
setup in a distributed fashion as documented in the Nagios docs where
you only need the central server to have a web server installed... It
didn't make sense to have it "recommend" the plugins but "depend" on the
web server which meant you couldn't install nagios as a probe-only
server with no web interface and installing Nagios without the plugins
doesn't make much sense at all...

Regards,
Jeremy
nagios-plugins maintainer
Nagios Plugin Development Team member (http://nagiosplug.sf.net)

On Tue, Sep 02, 2003 at 04:26:18PM +0100, Gerhard Venter wrote:
> Hi
> 
> I have installed Nagios using apt, and restarted Apache2. I can access 
> http://myserver/nagios, and get the left side frame
> However, if I click on anything other than Documentation (eg Tactical 
> Overview ), I get ELF.. 
> (lots of binary)
> I have also downloaded and installed the plugins from Sourceforge, which 
> did not change a thing (but this is source, not a Debian package- 
> because there are no Debian Nagios plugins that I can find)
> Perhaps someone could let me know where the plugins are supposed to go, 
> or what else I might have missed
> 
> Gerhard
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact 
> [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: PCI Wireless NIC question.

[Jeremy T. Bouse]

On a recent trip to Frys, armed with a print-out of the
"supported cards" from the linux-wlan project, I found the only PCI
based wifi card still with a supported chipset was the Netgear MA311
which still uses the prism2 chipset... I later confirmed this by
contacting Netgear and pointedly asking them regarding the chipset of
the card... The early DWL-520 were prism2 chipsets but not the newer
revisions or the 520+... LinkSys WMP11 is now a BCM4301 and many others
have switched to the Broadcom chipset which there is still no driver
support for... Much like the support for Centrino...

Regards,
Jeremy

On Thu, Aug 21, 2003 at 08:03:50AM -0700, Percival, Ray wrote:
> I recently decided to go wireless at home. I bought a Dlink dwl-520 thinking
> it was a prisim2 chipset. Well it turned out that when I got it it is not a
> prisim2 but rather a realtek.
> 
> No problem they seem to have drivers.
> http://www.realtek.com.tw/downloads/downloads1-3.aspx?software=True&compamod
> el=RTL8180L#2002121Unix%20(Linux)
> 
> So after looking at the drivers and playing with the Makefile for a bit I
> get them to compile well. Insmod well and the driver shows up when I do
> lsmod. I then did this.
> 
> ifconfig wlan0 192.168.1.4 netmask 255.255.255.0
>   ifconfig wlan0 up
>   route add default gateway 192.168.1.1
> 
> ifconfig shows wlan0 as up and all looks well. When I attempt to ping
> 192.168.1.1 I get no response and after playing with it for some time I
> notice that everytime I try to ping out the wlan0 that the loopback
> interface's tx and rx are incrementing. I have confirmed that there is a
> route for 192.168.1.0 using wlan0 as it's interface and when I down wlan0 I
> get hardware errors when trying to ping 192.168.1.1 just like I would expect
> with a wired card. 
> 
> I'm at wits end and have read everything I can find and none of it seems to
> be working. Also just as a another datum pump -i wlan0 fails also. 
> 
> Thanks for any help. 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: airo problem

[Jeremy T. Bouse]

I'm not running the same model but with the 2.6.0-test? series I've
been running into problems with the airo/airo_cs drivers with my 350
pcmcia card... Sometimes it'll work, sometimes it will load the driver
but won't initialize and other times it just locks the whole machine
up... I did have to take the card to a co-worker with a Windows machine
and flash it to the latest firmware release to get it to be somewhat
more stable and reliable...

Regards,
Jeremy

On Sat, Aug 16, 2003 at 06:52:44PM -0400, Nathan Michaels wrote:
> I have a cisco/aironet 340 pci carrier for a pcmcia card that's giving 
> me issues.  I installed woody on a Pentium II/300 with this card.  I 
> then installed the pcmcia-cs package and wireless-tools from stable 
> (pcmcia-cs from the woody r1 cd and wireless-tools from a mirror).  Now 
> when I modprobe airo, I get this:
> airo: Probing for PCI adapters
> airo: MAC could not be enabled
> airo: Finished probing for PCI adapters
> 
> I tried the same machine with knoppix and it worked fine.  Any ideas?
> 
> ~Nathan
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact 
> [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: Nagios cgi login fails

[Jeremy T. Bouse]

If the error is not being able to see that status of any of your
devices you have configured then you need to check the permissions on
cgi.cfg and htpasswd.users in /etc/nagios to make sure they are owned by
'nagios' and in the 'www-data' group with atleast 0640 permissions...

This is one of several problems I have in a 1.1-1.1 package of Nagios
as I'm working to get the Nagios-plugins 1.3.1-1 ready for upload to the
mirrors... I'm just waiting to hear back from Turbo if he wants me to
upload as an NMU after testing it myself or forward to him and let him
deal with uploading... Unfortunately the Nagios-plugins will have a
problem installing until Nagios package is fixed thus the reason I have
not uploaded the plugins yet... 

        Regards,
Jeremy T. Bouse

On Thu, Jul 03, 2003 at 07:39:04PM -0700, Dale Miller wrote:
> I am trying to confgiure nagios and get it working and
> am having problems at the login to get to the main
> page. I am using the unstable distribution. The
> following are the versions of the packages I am using.
> 
> apache 1.3.27.0-2
> nagios-mysql 1.1-1
> mysql 
> 
> __
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Wireless access point association daemon?

[Jeremy T. Bouse]

For using my Cisco Aironet 350 on my Sony Vaio laptop that goes
between several WiFi networks using WEP I just created a script that I
use in /etc/network/interfaces that handles the mapping for me... The
script basically scans the network and tries to match an ESSID it finds
from scanning to a mapping config line...

What I end up with in the interfaces file is along the lines of:

mapping eth1 wifi0
script /path/to/get-essid.sh
map ESSID-Office wifi-office
map ESSID-Home wifi-home

iface wifi-home inet dhcp
wireless_mode managed
wireless_esside ESSID-Home
wireless_key <10 or 26 hexadecimal key>
wireless_enc on

iface wifi-office inet dhcp
wireless_mode managed
wireless_esside ESSID-Home
wireless_key <10 or 26 hexadecimal key>
wireless_enc on

I am not writing this from the laptop at the moment so I don't
have the get-essid.sh script handy but if there is interest I'll try to
get it posted later...

Regards,
Jeremy

On Thu, Jul 24, 2003 at 10:18:25PM +0200, Thomas Hood wrote:
> I have a laptop with an 802.11b card.  When I am in the vicinity
> of an access point (AP) I can see the AP's details by running
> "iwlist IFACE scan".  However, in order to associate to APs 
> with encryption switched on I need to set the encryption key
> using "iwconfig IFACE enc KEY".
> 
> My question is: has someone written a utility that will do this
> automatically -- a utility that will set the encryption key 
> according to the access points that show up in the scan?  
> 
> I have searched the web for a while and what I find are sniffing
> and cracking programs.  That is not what I am looking for.   I
> am not interesting in collecting packets and I know the
> encryption keys I need to access these networks.  I just want
> a program that will automate the process of association.
> 
> I could write this program myself.  In its simplest form it can
> be done in one line of shell script.  However, making the
> program work reliably would take more work.  I would like to
> know if anyone has already done this work for me.
> 
> TIA for any tips you can provide.
> --
> Thomas Hood
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Wireless PCMCIA Recommendations

[Jeremy T. Bouse]

I've had good luck with Orinoco Gold cards and Cisco Aironet
350... In fact I'm writing this email over a 350 now...

Regards,
    Jeremy T. Bouse

On Mon, Jul 14, 2003 at 12:09:28PM -0400, dhobner wrote:
> I have WG511 Netgear 54 Mbps Wireless PC PCMCIA card but there are no Linux
> drivers available.  I need some recommendations as to a different card and
> driver.
> 
> Dan Hobner
> NTC-OIS
> Lockheed Martin Information Systems
> Bldg E1-2 464
> 407-306-1529
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: best imap daemon ?

[Jeremy T. Bouse]

I've actually been using cyrus-imapd for some time now... But for my
environment the custom mailbox format it uses is fine as I have it
installed on a server that has no user accounts except the administrator
accounts. All email user accounts are handled by cyrus-imapd itself...
Also was a breeze to get IMAPS and POP3S working...

Regards,
Jeremy

On Thu, Jul 10, 2003 at 11:31:43AM +0200, juan wrote:
> i need an mbox imap serveur, which one should i use ?
> imap, uw-imapd, mailutils-imap4d ?
> 
> thanks
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: pdf creator

[Jeremy T. Bouse]

I routinely write using LaTeX and use pdflatex to generate the
output in PDF format... I've actually found I get better results doing
this than producing the LaTeX to PS and then run it through ps2pdf...

Regards,
    Jeremy T. Bouse

On Tue, Jul 08, 2003 at 08:30:53PM +0200, LeVA wrote:
> Hello!
> 
> Is it possible to create new, clean .pdf files under linux? If it is, 
> then which program do I need to use?
> 
> Thanks!
> 
> Daniel
> 
> -- 
> LeVA
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact 
> [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: SBC/Yahoo DSL with Debian?

[Jeremy T. Bouse]

Having worked in several ISPs it's not that the tech support staff is
not being honest... It is that most of them are considered "tier 1" and all they
go by is a series of questions & answers in a book to solve problems... If they
get through the book and haven't solved the problem then they escalate it...
Most of them don't have any real expertise other than basic computer usage
know-how... It's the higher tiers of tech support that have actual knowledge...

Regards,
Jeremy

On Sun, Jun 22, 2003 at 01:09:16AM -0400, Bijan Soleymani wrote:
> Many of those wireless hubs run embedded versions of Linux :) Or so I
> have heard.
> 
> Just another reason to assume that tech support isn't being entirely
> honest.
> 
> Bijan


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: SBC/Yahoo DSL with Debian?

[Jeremy T. Bouse]

My DSL connection is a SBC Yahoo DSL line... It was originally ordered
as an SBC Enhanced DSL package... I have 5 static addresses so a lil different
than the regular DSL package offering... In my case since they are statically
assigned address block there was no pppoe or dhcp configuration involved... 

As someone else mentioned ask the local LUG and get input... Having
worked in the ISP venue myself I know a lot of times they say it's not supported
but it really just means they won't be able to offer Tech Support assistance...
With my enhanced DSL package they want'd to send a SBCIS technician out to do
the install and wouldn't give me the self-provision kit... I finally after they
missed 2-3 appts to install it told them send me the self-provision kit as I am
a network administrator by trade and "wouldn't let their trained monkeys touch
any of my computers"... I had my self-provision kit and DSL line active in 2-3
days... I had reverse DNS control delegated within a week...

Regards,
Jeremy

On Sat, Jun 21, 2003 at 01:10:06PM -0700, Ric Otte wrote:
> Hi,
> 
> I saw that SBC/Yahoo had a DSL offer of $30 a month, and I called them
> up to ask if it would work with Linux.  The woman at tech support
> confidently assured me, over and over, that it would not work with
> Linux.  I spoke to her a long time, trying to figure out why it wouldn't
> work.  She said that since they use pppoe and not dhcp, I couldn't get
> an ip address with a dhcp client.  But Debian has a pppoe package, and
> there are also things like rp-pppoe.  Although she could not explain to
> me why it wouldn't work, she was absolutely positive it wouldn't.
> 
> The modem/router they give out as part of the deal is a Homeportal
> 1000sw.  I checked that on the web, and it looks to me as if it uses
> pppoe to connect to SBC, and then assigns either static or dynamic ip
> addresses to computers plugged into it.  It also says that it is Linux
> compatible.
> 
> So I find it very difficult to believe that Linux will not work with SBC
> DSL service, unless they are intentionally doing something to prevent
> Linux users from using their service.  So I was wondering if anyone is
> using SBC DSL, or knows if it will work.  Any info would be appreciated;
> thanks.
> 
> Ric
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: wireless access point

[Jeremy T. Bouse]

I've been using a WAP11 model here on my network without any problems...
I can't recall what I paid at Fry's for it but I believe it was under your $120
threshold, as much more than that I would have rather been a 'gator's dentist
than try to get my wife to agree to it... The one caveat I have for it is it
does not have a web configuration interface and instead uses a Win32 config
program either over TCP or USB direct connection... You can configure it using
SNMP but the device does not respond to an snmpwalk so you have to know exactly
which MIB OID to set/read... The good part is they do provide on the CDROM that
comes with it the MIB that is used on the device and the instructions do mention
configuring from a UNIX environment but not too detail'd as they assume you know
what you're doing...

Been using it for over a year now for my laptop with a Cisco Aironet 350
card and my wife's PC using a LinkSys PCI 802.11b card...

Regards,
Jeremy

On Fri, Jun 20, 2003 at 09:04:04PM -0500, matt zagrabelny wrote:
> hi,
> 
> what wireless access points (wap) are linux users using?
> 
> obviously cost, administration ability, reliability are all factors.
> 
>  * i would like it to cost less than $120 (US), new or used
> 
>  * i would like to be able to administer it via a the web. (ie web based
> configuration via http or snmp) or have some decent linux based
> configuration
> 
>  * i would like it to be a reliable 802.11b wap and if lucky 802.11g
> 
> am i dreaming?
> 
> i have read some poor reviews of the linksys wap54g, it sounds nice, but
> seems to be lacking in the operation and reliability category. can
> anyone comment on this? has firmware upgrades improved its performance?
> 
> thanks for the answers.
> 
> -matt zagrabelny
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: fwbuilder-doc useless

[Jeremy T. Bouse]

Had you bothered to contact the maintainer first or checked on
any open bugs regarding this before making a rant on -devel? No, because
I am the maintainer and haven't heard anything form you and the fact
you posted this clearly shows that you were unaware of the 2 bugs
already opened regarding this... Had you done either of those you might
have been aware that as of fwbuilder 1.0.10 (ready to be uploaded as
soon as libfwbuilder5 is accepted) fwbuilder-doc will no longer exist
and a bug report will be made to have it removed from the
distribution...

Regards,
    Jeremy T. Bouse

On Fri, May 30, 2003 at 12:09:16PM -0400, Rick Pasotto wrote:
> The fwbuilder-doc package contains nothing remotely resembling any
> documentation. Why does the package exist?
> 
> -- 
> "Reality will not be fooled." -- Richard Feynman*
> Rick Pasotto[EMAIL PROTECTED]http://www.niof.net
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Netsaint or Nagios?

[Jeremy T. Bouse]

With minor changes to the debian/control file for the Nagios
unstable source deb you can get it to compile fine for stable... As for
the plugins... I am part of the nagios plugin development team and I've
been discussing with Turbo to handle the nagios-plugins packaging... I
don't have anything together that would be usable but hope to have
something together soon... I've spent most of my time working on the
AF-independent patching so the plugins can support IPv4 and IPv6... This
will be in the next release of the plugins (post-1.3.0)..

Jeremy

On Wed, Apr 02, 2003 at 12:14:45PM -0800, Mark Ferlatte wrote:
> Matthew Daubenspeck said on Wed, Apr 02, 2003 at 01:31:57PM -0500:
> > I am in the process of building a dedicated Netsaint/Nagios box to host
> > a slew of client/server stats.
> > 
> > What exactly should I use? I have no problems running unstable if I have
> > to, but what do I need to install? Netsaint or Nagios?
> 
> I wanted to use Nagios, but wanted to run stable, so I downloaded the source of
> the nagios debs, and built them for woody.  It works very well; you just need
> to use the netsaint-plugins package in addition to the nagios package.
> 
> M



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Setting mtu value in eth0 config files?

[Jeremy T. Bouse]

Add the following to you /etc/network/interfaces file

iface eth0 ...
...
up ifconfig eth0 mtu 1450

I do this on several of my machines that are on DSL with an
IPv6 tunnel that needs a lower MTU...

Jeremy

On Wed, Mar 26, 2003 at 06:50:36PM +, Joao Pedro Clemente wrote:
> 
> How can I set u the mtu valeu that I want in my eth0 interface?
> 
> I need this cause I am behind a DSL line with a ICS sharing..
> MTU needs to be set lower than 1500 to work properly, so I'm setting it to
> 1450 by hand every time I boot..
> 
> Any ideia wher I can add MTU to a config file? Or I need to hack some
> "if-up" script??
> 
> Thank you
> 
> -- 
>   Joao Pedro Clemente
>   jpcl @ rnl.ist.utl.pt
>   (when not working out)
>   (when not sleeping)
>   (when not surfing)
>   (when not ... ;)
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Remote Monitoring

[Jeremy T. Bouse]

*Disclaimer - This is from personal experience in my workplace and is
not representing Debian in anyway even though I'm posting under my
Debian.org email address...

If you have a lot of machines that have a lot of similar
configuration settings with only minor changes Nagios does have the
template configuration option that allows you to make the generic
template for both services and hosts and use that to fill in the bulk of
the data for each service or host rather than having to add it for each
one... We've been using netsaint/nagios to monitor or network (both IPv4
and IPv6) for over the past years... The IPv6 support has been because I
actually went and patched the code locally, the next release of the
nagios plugins (post-1.3.0) will be including completely AF-indepedent
functionality... Currently CVS version has most network based plugins
using AF-independent with some exceptions for those that call external
programs...

Prior to using this we had a previous old install of Big
Brother which everyone on the admin team hated with a passion... Our
personal opinion netsaint/nagios has been the best and more featureful
open-source monitoring package I've used... I know on the appropriate
nagios mailing lists there are some discussion going on regarding a
better web based configuration system for it...

Jeremy

On Wed, Mar 19, 2003 at 08:31:49PM +, Rus Foster wrote:
> Hi All,
> Can anyone recommened a a monitoring package that isn't to hard to setup.
> I've got nagios working but the config is a pain and I need to setup a
> load more machines and don't fancy speding all my time typing out configs
> 
> Rgds
> 
> Rus
> 
> --
> http://www.65535.net | MSN: [EMAIL PROTECTED] | e: [EMAIL PROTECTED]
>   "More bits for your bite"
> Lifetime FreeBSD + Linux Hosting and Shell Accounts
>  Please respect RFC1855 and don't top post
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: ssh & sshd

[Jeremy T. Bouse]

I'm curious if you're getting confused with it adding new hosts to the
known_hots file not the authorized_keys file... I've yet to see an sshd process
in Debian (or any system for that matter) that automatically touched the
authorized_keys file... That file has always had to be created by me personally
using the public key file (*.pub) that I want'd to make authorized... 

Jeremy

On Fri, Mar 14, 2003 at 10:04:11AM -0800, linux learner wrote:
> hi all,
> 
> i just started using sshd on my two debian boxes at
> home. 
> 
> i understand that i can log into any computer that has
> my public key in ~/.ssh/authorized_keys 
> 
> but when i log into my computer running sshd it
> automatically adds me to the authorized_keys list for
> that user. How do i turn it off?
> 
> Also, what is the function of private key locking pass
> phrase? 
> 
> Say i am physically logged into my home account and my
> pub and private keys are in ~/.ssh/ now when i log
> into a remote host, i give my log in and password on
> the remote host and it logs me in and if my public key
> isn?t there in authorized_keys list it is added, my
> private key pass phrase is never asked, is this
> normal?
> 
> thanks for the patience n everything!
> 
> __
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://webhosting.yahoo.com
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: restarting slapd and slurpd

[Jeremy T. Bouse]

I can confirm this as I've seen this behavior since the earlier
version that was in potato. I do however notice that it does actually 
stop the slurpd processes and that the messages are merely an annoyance
of an unclean check... I don't believe the slurpd process itself creates
a PID file and thus start-stop-daemon must use something along the lines
of a 'pidof slurpd' call which will return multiple PIDs due to the threading
issue...

Jeremy

On Wed, Mar 05, 2003 at 02:55:10PM +0200, Alexey Chetroi wrote:
> 
>   Dear All,
> 
>   I've configured slapd and slurpd on my woody box and everything
> works fine, except when I restart slapd, init script complains about
> missing pid of slurpd:
> 
> lexa:/home# ps -ef|egrep 'slapd|slurpd'
> root 21418 1  0 13:37 ?00:00:00 /usr/sbin/slapd
> root 21420 1  0 13:37 ?00:00:00 /usr/sbin/slurpd -t /var/spool/slurpd
> root 21421 21418  0 13:37 ?00:00:00 /usr/sbin/slapd
> root 21422 21420  0 13:37 ?00:00:00 /usr/sbin/slurpd -t /var/spool/slurpd
> root 21423 21422  0 13:37 ?00:00:00 /usr/sbin/slurpd -t /var/spool/slurpd
> root 21424 21421  0 13:37 ?00:00:00 /usr/sbin/slapd
> root 21425 21422  0 13:37 ?00:00:00 /usr/sbin/slurpd -t /var/spool/slurpd
> root 21477 17672  0 14:39 pts/000:00:00 egrep slapd|slurpd
> lexa:/home#
> lexa:/home# /etc/init.d/slapd restart
> Stopping OpenLDAP: slapd slurpdstart-stop-daemon: warning: failed to kill 21423: No 
> such process
> start-stop-daemon: warning: failed to kill 21422: No such process
> start-stop-daemon: warning: failed to kill 21420: No such process
> .
> Starting OpenLDAP: slapd slurpd.
> lexa:/home#
> 
>  I think it kills 1st slurpd (which are threads actually?) start-stop-daemon
> tryes to kill other slurpds which are gone already. Just want to know if
> it is normal behavior.
> 
> -- 
> 
>   Best regards,
>   Alexey Chetroi
> 
> ---
> Smile... Tomorrow will be worse.   (c) Murphy's law
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: Firewalling under Debian

[Jeremy T. Bouse]

Actually my firewall has no X installed on it... I use
fwbuilder on my workstation behind the firewall and copy the script over
via scp... My firewall is a dedicated head-less machine with a 4-port
switch card for the external interface and a 10/100 NIC for the
internal...

Jeremy

On Mon, Mar 03, 2003 at 08:03:50AM -0600, Jamin Collins wrote:
> Interesting...  I had always steered clear of fwbuilder because of it's
> need for X.  I didn't want X on my firewalls (for various reasons) and
> as a result didn't look any further into it's functionality.
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Firewalling under Debian

[Jeremy T. Bouse]

On Tue, Mar 04, 2003 at 01:38:01AM +1100, bob parker wrote:
> Now that is appealing, I run 3.0r1, so I can build the fw script on my m/c.
> Does it support iptables? I am a complete newbie at this but I think I should 
> go for the latest techniques.
> 
> Thanks
> Bob
> 
Firewall Builder has support to build firewall rules for
iptables, ipf, pf and ipfw... Covers Linux, *BSD, and Mac OS X...

Jeremy


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Firewalling under Debian

[Jeremy T. Bouse]

Well if you have atleast one machine running with X11 you could
install Firewall Builder (fwbuilder)[1] which has a relatively straight
forward GUI that will allow you to drag and drop to create the rules you
want for the firewal... It then compiles to build a shell script which
you can then just upload to your Debian firewall and modify the
/etc/network/interfaces file to have it run the script when it brings up
the internal interface... 

Jeremy

[1]http://www.fwbuilder.org

On Tue, Mar 04, 2003 at 12:11:12AM +1100, bob parker wrote:
> My son's proposed network is to be this:
> 
> Firewall / NAT / Gateway machine connected to cable using 1 nic.
> Connects to hardware router / switch using 2nd nic.
> He has the switch and will be buying a PIII 400 2nd hand for the fw.
> We both know it's overkill but spares for PIIIs are cheaper than earlier 
> models apparently.
> 
> Switch connects to 2 * dual boot Mdk/Win XP machines and 1 network printer.
> 
> The fw machine is to run Debian with 2.4 kernel and iptables.
> My question is, what is the best way to go about setting up the Debian fw 
> machine?
> 
> I have the 7 cds for 3.0r1.
> 
> Thanks
> Bob Parker
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


pgp0.pgp
Description: PGP signature

Re: nagios usable?

[Jeremy T. Bouse]

Nagios plugins have not had a stable release yet so the
maintainer is holding off on packaging them however the Netsaint plugins
still work with Nagios... 

Jeremy

On Tue, Jan 14, 2003 at 04:41:00PM +0200, Johann Spies wrote:
> I am trying to setup nagios on unstable.  I don't see any plugins for
> it.  Do I have to install the plugins from www.nagios.org in
> /usr/local?  Or is there a debian package available.
> 
> Johann
> -- 
> Johann Spies  Telefoon: 021-808 4036
> Informasietegnologie, Universiteit van Stellenbosch
> 
>  "If we confess our sins, he is faithful and just to 
>   forgive us our sins, and to cleanse us from all  
>   unrighteousness."  I John 1:9 
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



msg24074/pgp0.pgp
Description: PGP signature

Re: restricting wireless access

[Jeremy T. Bouse]

Does the AP have anyway to stop broadcasting it's SSID? If it
doesn't broadcast then they would have to know your SSID in order to
make use of your AP... Another idea is if you have a firewall in place
already as it seems, what are the chances of being able to put a
seperate NIC in the firewall and have the AP connect to it then you
could use iptables MAC support to allow traffic through...

Jeremy

On Fri, Jan 10, 2003 at 11:56:13PM +0100, martin f krafft wrote:
> i have a cheap-ass wireless access point which doesn't even do
> MAC-based authentication, and neither can I get WEP64 to work between
> it (Addtron AWS-110) and the Orinoco Silver card.
> 
> I would like to have wireless in my appartment, but I need to prevent
> folks on the street from linking into the network. The question is
> how. I want to prevent them from using my internet connection just as
> much as accessing local computers behind the firewall.
> 
> Is there a tools that will send TCP resets to anything coming from an
> unknown MAC address? this isn't 100% secure, but it's better than
> nothing. Or is there a tool that uses a client program to establish
> the identity of the host (like they have in some internet cafes to
> prevent you from using the cables for laptops, even if you change the
> MAC), and if someone connects without the client program, then s/he is
> TCP reset for every packet sent?
> 
> or is there a better solution? maybe someone can help me get WEP to
> work...
> 
> -- 
> Please do not CC me! Mutt (www.mutt.org) can handle this automatically.
>  
>  .''`. martin f. krafft <[EMAIL PROTECTED]>
> : :'  :proud Debian developer, admin, and user
> `. `'`
>   `-  Debian - when you have better things to do than fixing a system
>  
> NOTE: The pgp.net keyservers and their mirrors are broken!
> Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc





msg23455/pgp0.pgp
Description: PGP signature

Re: Exim, SpamAssassin and AV-advice needed

[Jeremy T. Bouse]

Yeah I just realized spamd was having problems on the razor
checks and I've not just proceeded to run spamd with the -L option and
it seems to be having no problem at all... I've got 6 MX servers running
SpamAssassin with the Sendmail spamass-milter and they have all seem to
have problems with Razor checks and causing the milter to begin to
timeout for quite some time now...

I also now run 1 spamd/spamass-milter on one of my faster
machines and have 3 of the MX servers use that one central SA server
over inet and it appears to be working great... Specially since the
three MX servers are not really powerful CPUs and moderate amounts of
RAM which SA was eating up...

Jeremy

On Fri, Jan 10, 2003 at 11:30:47AM -0500, Alan Shutko wrote:
> DEFFONTAINES Vincent <[EMAIL PROTECTED]> writes:
> 
> > This answer is maybe non-appropriate, but it seems razor servers
> > have been broken for a while (more than 24 hours at the time I am
> > typing this email).  This might be a reason for your server to get
> > stuck...
> 
> That's why mine got stuck.  Spamassassin is supposed to have a
> timeout on the razor check, but it didn't seem to be working.  I just
> removed razor for the time being.
> 
> -- 
> Alan Shutko <[EMAIL PROTECTED]> - In a variety of flavors!
> Oh, he based that scene on the cabbage sequence in `Mighty Mouse'...
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



msg23387/pgp0.pgp
Description: PGP signature

Re: LAN IPv6 global connectivity HOWTO

[Jeremy T. Bouse]

Jim,

The only comment I woudl make on your howto is in section 6.2
"Setting up the router's LAN interface" you appear to be trying to setup
an EUI-64 address that other machines on your LAN will build on their
own if autoconf is enabled... However your construction of the EUI-64 is
off a bit...

If you have the prfeix 3ffe:b80:17e2::/48 and the MAC of your
ethernet is 00:10:5A:66:DC:33 then your EUI-64 based IPv6 address would
be 3ffe:b80:17e2::210:5aff:fe66:dc33 not
3ffe:b80:17e2:fffe::10:5a66:dc33... This is generated by taking the
first three octet of the EUI-64 generated from the first three octests 
of the MAC (00:10:5A), followed by forth and fifth octets of the EUI-64
address as FFFE, followed by the last three octets of the EUI-64 filled
in by the forth, fifth and sixth octets of the MAC address thus giving
you 0010:5AFF:FE66:DC33 or shortened to 10:5AFF:FE66:DC33... Finally to
set the "Universal/Local" (U/L) bit you set the lowest order bit in the
first octet (00 is the first octet in your example) from 0 to 1 for a
globally unique IPv6 interface identifer which gives you your first
octet as 02 giving you 210:5AFF:FE66:DC33 for your EUI-64 interface...

If you have ipv6calc installed on your computer you can verify
this by the following:

undrgrid@tank:~$ ipv6calc -i 3ffe:b80:17e2::210:5aff:fe66:dc33
Address type:  unicast 6bone
Address type has SLA: 
Interface identifier: 0210:5aff:fe66:dc33
Interface identifier is an EUI-64 generated from EUI-48 (MAC):
00:10:5a:66:dc:33 MAC is a global unique one

undrgrid@tank:~$ ipv6calc -i 3ffe:b80:17e2:fffe::10:5a66:dc33   
Address type:  unicast 6bone
Address type has SLA: fffe
Interface identifier: :0010:5a66:dc33
Interface identifier is probably manual set or based on a local EUI-64
identifier


Now if you wanted to subnet this the the :: between the
prefix and the EUI-64 interface identifer could be changed to
whatever subnet you wanted to use... Remembering you only have 16 bits
for subnetting giving you everything from :: to :: for subnets...

As well if you use the "template" option of freenet6 client
config (tspc.conf) it can automatically configure your router interface
using ::1 and configure radvd.conf to broadcast your prefix to
your LAN via router advertisements (RA) thus removing the need to
configure the routers interface at all in /etc/network/interfaces or
radvd...

If you have any further questions regarding this feel free to
contact me directly... I currently work as an IPv6 network administrator
for NTT Multimedia Communication Laboratories, Inc in Palo Alto, CA and
run IPv6 both at home using freenet6 and at work...

Jeremy T. Bouse
 
On Thu, Dec 19, 2002 at 05:42:42PM +0100, Jean-Marc V. Liotier wrote:
> Hello, I am a Debian user and I recently set up IPv6 access for my LAN.
> Finding easily accessible documentation targeting the neophyte that I am
> was quite difficult so I decided to document my setup.
> 
> http://www.jipo.org/jim/Jims_LAN_IPv6_global_connectivity_howto.html
> 
> I hope it will be useful to some. I welcome any comments.
> 





msg20114/pgp0.pgp
Description: PGP signature

Re: chrooted sid install

[Jeremy T. Bouse]

You could take a look at pbuilder... I have both a Woody/stable
and Sid/unstable chroot using it for building packages as my main devel
machine runs testing... 

Jeremy

On Thu, Dec 19, 2002 at 04:41:39PM +0200, Alexey Chetroi wrote:
>  Hello,
> 
>  Is there any howto or Debian specific way to install
> SID in a chroot. All I want to do is to compile winex-light,
> but it warns me that GLIBC 2.3 is required and I don't want
> to install unstable distribution on my desktop machine.
> 
>  Is it possible to install SID into a chroot and compile wine
> from there?
> 
> -- 
> 
>   Best regards,
>   Alexey Chetroi
> 
> ---
> Smile... Tomorrow will be worse.   (c) Murphy's law
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



msg20082/pgp0.pgp
Description: PGP signature

Re: SMTP standards : needs outgoing SMTP server be MX for my domain?

[Jeremy T. Bouse]

This could be an internal policy decision on their part... In
which case I would assume that the proper response back would be an
x.7.1 which states it's policy... Either 4.7.1 if it's not fatal or
5.7.1 if it is... 

There is nothing that I am aware of that stipulates what an MTA
administrator can and can not set as internal policy for mail they are
willing to receive... In fact I'm in the process of designing a Sendmail
milter for our network at work to enforce the policies we're putting
into place... One idea for it is to actually lookup the MX server for
the incoming domain and very the FROM address really is valid... Now if
everyone accepted VRFY this would be easy but is not the case thanks to
spammers which have caused many MTA admins to turn that feature off... 

Another simple way to catch many spammers is to actually check
the HELO arguments and either later reject the message or just discard
it if the argument is not either 1) a valid FQDN, 2) domain name or 3)
IP address in proper notation... I've found many spammers just sending
random characters, as well as yahoo.com, hotmail.com, etc are popular
and even a few give my MTA my MTA's own IP address... 

Internal policy is internal policy and you can't really twist
their hand to change it... 

Jeremy

On Wed, Dec 18, 2002 at 04:08:59PM +0100, DEFFONTAINES Vincent wrote:
> An organization refuses emails from my domain, under this reason :
> My domain's mailer that connects to their SMTP server is not MX of my
> domain.
> 
> Indeed it is not, I have different hosts for ingoing and outgoing email
> traffic.
> Actually, I see no good reason why outgoing mailer should be the same as MX.
> 
> I am wondering if SMTP standards require that email sender of a domain be
> its MX? I find that really surprising.
> 
> I'll be glad to know if anyone can enlight me.
> 
> Thanks,
> 
> Vincent
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: bind9: Dynamic dns updates?

[Jeremy T. Bouse]

To allow for the updates you need only add the allow-update
option to the zone file you want to allow updates to be made to... You
can either setup and IP based ACL or you can use TSIG keys... It's very
well documented in the BIND9 ARM resources...

As for iptables following the names vs the IP... As I
understand it iptables will resolve the hostnames when the command is
executed and maintains the IP address that it resolves to when it was
executed... I do not believe it holds on to the hostname...

Jeremy

On Mon, Dec 16, 2002 at 10:36:26AM -0800, Paul Johnson wrote:
> How does one configure bind9 to accept dns updates from the local
> network, and will iptables follow the names as opposed to the IP
> numbers?
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: php4 with apache2 under debian testing

[Jeremy T. Bouse]

According to www.php.net 4.3.0 will be the first version of
PHP4 to support Apache 2.0.43... There are release candidates of PHP4
4.3.0 but it has not been released yet so you can run something
developmental by compiling it yourself... PHP4 team recommends waiting
for the release for anything that needs to be stable...

Jeremy

On Fri, Dec 13, 2002 at 08:06:45PM +0100, daniel meier wrote:
> does somebody know how to get this running?
> 
> thx
> 
> daniel
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Cracked cracker?

[Jeremy T. Bouse]

As it's already been mentioned this is the Nimda worm that only
affects IIS and anyone who has been running a web server in the last
year has been hit with it countless times... I know I have... If you
feel inclined to try and deal with this you can start by trying to get
in contact with Starstream Communications in Rocklin, CA... Now this
block of address (63.205.212.0/23) was assigned to them from SBC
(formally SBC Pacific Bell) but I can tell you trying to get SBC to take
any action is about the same as sitting and watching paint dry... It's
useless to try contacting them as their Abuse phone number says to email
their abuse department but those emails I believe hit /dev/null and
never a person to actually deal with them... You should be able to start
trying to reach Starstream at (916) 652-9479 which is listed as their
main office number however they have no contact information specifically
for abuse...

Jeremy

On Thu, Dec 12, 2002 at 07:55:31AM -0800, Michael Olds wrote:
> This is a small sample from my access log. Can someone explain to me why
> this person would repeatedly attempt access to my computer using the same IP
> and the same requests over and over? This isn't to the point of being a DOS
> attack; can't they see I don't have any of these things that they think will
> enable them to crack my machine? Or is there something else going on here?
> 
> 
> 63.205.213.16 - - [11/Dec/2002:13:16:07 -0800] "GET /scripts/root.exe?/c+dir
> HTTP/1.0" 404 270 "-" "-"
> 63.205.213.16 - - [11/Dec/2002:13:16:07 -0800] "GET /MSADC/root.exe?/c+dir
> HTTP/1.0" 404 268 "-" "-"



msg18706/pgp0.pgp
Description: PGP signature

Re: Realmedia's Helix Producer Basic

[Jeremy T. Bouse]

On Thu, Nov 14, 2002 at 02:26:15AM -0500, lameth wrote:
> Has anyone tried realmedia's helix producer basic yet? And if you have, 
> did you have any luck getting it to actually work?
> 
I have tried it to see how it had changed from the previous
Producer product... Biggest change I found was it was console based as
opposed to GUI and it didn't seem to like my Creative Labs WebCam III
USB video camera that Producer 8 would work with... 

Jeremy



msg12939/pgp0.pgp
Description: PGP signature

Re: nvidia and X with 2.4.19

[Jeremy T. Bouse]

Why install the RPM package for the nVidia GLX driver and not
get the nvidia-glx-src package and build it along with the
nvidia-kernel-src package for the kernel patch... 

That is what I have working here on my AMD 1Ghz Athalon at work
with a nVidia GeForce2 MX card... I haven't upgraded the kernel yet as
I'm preparing to do a re-install because of some harddrive issues but I
currently have nvidia-glx-src and nvidia-kernel-src 1.0.2960-1 compiled
against a custom 2.4.18 kernel with EVMS and VLAN patches applied...
This is working wit XFree86 4.1.0 as well... I haven't install'd any of
the 4.2 pre-release packages on this machine...

Jeremy

On Thu, Sep 26, 2002 at 09:54:57AM -0700, Jack Pistachio wrote:
> I just recently tried to get XFree86 4.1 working with the
> newest nVidia drivers (1.0-3123).  I'm running a custom
> 2.4.19 kernel and compiled the nVidia kernel drivers
> against that.  Seemed to work fine and the NVdriver modules
> installed ok (after some troubleshooting since I keep my
> kernel source elsewhere than /usr/src).  Got the rpm
> package for the nVidia GLX driver and installed that with
> alien. X starts fine now (at first run it COMPLETELY
> crashed... couldn't even do --Bksp... found out later
> that was because I needed to restart the system first when
> changing from non AGP drivers to AGP drivers).
> Anyhow, the skinny is that 2-D works fine but 3-D (in quake
> 3 at least) doesn't do texturing (I assume) correctly at
> all.  I get a strange sci-fi like image of everything.
> /var/log/XFree86.0.log doesn't show any errors that would
> give any insight, and the nVidia FAQ/Troubleshoot doesn't
> specifically help either.
> Any suggestions?
> Also, X takes a lot longer to start up now.
> - jackp
> 
> __
> Do you Yahoo!?
> New DSL Internet Access from SBC & Yahoo!
> http://sbc.yahoo.com
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]



msg03789/pgp0.pgp
Description: PGP signature