Re: Idled + SSH.
On Thu, Oct 10, 2002 at 12:05:15PM -0700, Petro wrote: I've got 2 border machines running Debian Potato, and I recently (2 days ago) did a security update on it for the first time in 4 or 5 months. On one of these machines, I also upgraded SSH. Then Idled stopped working on that machine. So I have 2 machines that are effectively identical except for the existence of the new SSH. One is running SSH Version OpenSSH-1.2.3, protocol version 1.5. The other is running OpenSSH_3.4p1 Debian 1:3.4p1-0.0potato1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f The latter one does not log out idle users. Any clues about how to get Idled to work with the newer SSH? Otherwise it's regression time. As near as I can tell this was caused by the introduction of privilege seperation in the new version of SSH. If I run with it on, idled stops logging people off. If I turn it on, idled continues to work. Bummer. -- time since last cigarette: 171d, 11h, 53m time since last dose of Nicotine: 126d, 18h, 0m This is not a .signature file. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Anyone??? HP USB DVD+RW for Woody
On Thu, Oct 10, 2002 at 03:51:32PM -0500, Ron Johnson wrote: USB2 definitely isn't in the stock 2.4 kernels (yet, if ever). I think I saw, though, that it was in 2.4.20-ac?? RH may also have backported USB2 to their latest kernels. What, if any, are the ramifications of running a RH kernel on a debian box? At worst your machine, and only your machine will collapse into a nano-blackhole. At best it will suck the rest of the world in with it. Better not take the chance. -- time since last cigarette: 171d, 11h, 56m time since last dose of Nicotine: 126d, 18h, 3m This is not a .signature file. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: capture parallel data
On Sat, May 25, 2002 at 11:11:52PM -0500, Bud Rogers wrote: Has anyone done anything like that? If I can get the data into my box I can handle it from there, but I've never tried to capture data on the fly. Any suggestions would be welcome. There is a package called logcheck that does something similar to what you want, except that it works on files rather than pipes. -- time since last cigarette: 66d, 12h, 10m time since last dose of Nicotine: 21d, 18h, 17m This is not a .signature file. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh security update and libpam-tmpdir
On Tue, Jun 25, 2002 at 02:50:15PM +0100, Colin Watson wrote: On Tue, Jun 25, 2002 at 12:18:32AM +0100, Colin Watson wrote: If you have libpam-tmpdir installed, be careful when installing the recent security update for OpenSSH; libpam-tmpdir will stop working afterwards and cause ssh logins to be dropped (I've just filed a bug report). Since you almost certainly want to install the security update if you're running an ssh server visible to the net, the workaround is to edit /etc/pam.d/ssh and comment out the line for pam_tmpdir. Also, in the hope of reducing the number of questions to [EMAIL PROTECTED] about this, don't worry that 'UsePrivilegeSeparation yes' doesn't appear in /etc/ssh/sshd_config after the upgrade. UsePrivilegeSeparation is on by default in OpenSSH 3.3. Is 3.3 or 3.4 going to appear in woody/testing? -- time since last cigarette: 66d, 12h, 25m time since last dose of Nicotine: 21d, 18h, 32m This is not a .signature file. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh security update and libpam-tmpdir
On Thu, Jun 27, 2002 at 02:52:49PM -0700, Petro wrote: On Tue, Jun 25, 2002 at 02:50:15PM +0100, Colin Watson wrote: On Tue, Jun 25, 2002 at 12:18:32AM +0100, Colin Watson wrote: If you have libpam-tmpdir installed, be careful when installing the recent security update for OpenSSH; libpam-tmpdir will stop working afterwards and cause ssh logins to be dropped (I've just filed a bug report). Since you almost certainly want to install the security update if you're running an ssh server visible to the net, the workaround is to edit /etc/pam.d/ssh and comment out the line for pam_tmpdir. Also, in the hope of reducing the number of questions to [EMAIL PROTECTED] about this, don't worry that 'UsePrivilegeSeparation yes' doesn't appear in /etc/ssh/sshd_config after the upgrade. UsePrivilegeSeparation is on by default in OpenSSH 3.3. Is 3.3 or 3.4 going to appear in woody/testing? Never mind, it appears that some of the mirrors are a little behind at this point, including mine. -- time since last cigarette: 66d, 12h, 27m time since last dose of Nicotine: 21d, 18h, 34m This is not a .signature file. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH - Privilege separation user sshd does not exist
On Thu, Jun 27, 2002 at 08:12:44AM +0800, louie miranda wrote: Im having a little difficulty on running the new ssh, any ideas on this? I tried adding UsePrivilegeSeparation yes and still no luck! Have you tried reading the error message? Does user sshd exist? -- conf file - UsePrivilegeSeparation yes # HostKey for protocol version 1 HostKey /usr/local/ssh3/etc/ssh_host_key # HostKeys for protocol version 2 HostKey /usr/local/ssh3/etc/ssh_host_rsa_key HostKey /usr/local/ssh3/etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 -- conf file - appshost2:/usr/local/ssh3# sbin/sshd Privilege separation user sshd does not exist ty, louie... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- time since last cigarette: 66d, 12h, 30m time since last dose of Nicotine: 21d, 18h, 37m This is not a .signature file. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian take on UnitedLinux?
On Fri, May 31, 2002 at 11:56:43PM -0700, Paul Johnson wrote: Them and everyone else it seems. I gotta wonder if anybody from California ever stopped to think that they're turning Oregon into what they moved away from... If they stopped to think, they wouldn't be the Californians that stereotypes are based on, now would they, Duuudde? -- My last cigarette was roughly 44 days, 16 hours, 2 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Clear HDD of old OS, etc?
On Fri, May 31, 2002 at 11:28:39AM -0600, Dave Price wrote: Hi, I am looking for a quick way to clear an HDD of old data, partitions, etc. I found this on /. thru a google search: dd if=/dev/random of=/dev/hdX When i do this from a console shell after booting from a woody install disk, It does not seem to work ... i.e. I can still see the old partition table in fdisk ... Is there maybe a better dd invocation ? Don't bother with /dev/random, just use /dev/zero. dd if=/dev/zero of=/dev/hdX, where X is *just* the letter. if you do /dev/hda1 or the like, you'll bypass the partition table and boot sector. Better would be to find the number of blocks, and the block size of the disk, then do: dd if=/dev/zero of=/dev/hdx bs=blocksize count=# of blocks This way you get them all. Of course, don't count on this as a security thing. Maybe against your little brother, or the guy across the street, but not real security. Use Thermite. -- My last cigarette was roughly 44 days, 16 hours, 7 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Foreign Language with OpenOffice?
On Thu, May 30, 2002 at 12:45:15PM -0500, Kent West wrote: Forgive my ignorance concerning internatialization . . . . At my university our Foreign Language department staff/faculty have traditionally used WordPerfect throughout the years, along with foreign language modules from WordPerfect Corp/Novell/Corel for creating German, French, etc documents and for spell-checking and the like. Now we come to learn that there is no German language module for Corel WordPerfect 2002 (and perhaps not other languages as well). How easy/hard/practical would it be to introduce Open Office for Windows to them and have that provide the features they need? Well, since they have to switch to something, OpenOffice (or StarOffice when the next version is released) would be as good as any, and better than most. -- My last cigarette was roughly 44 days, 16 hours, 31 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Sat, May 25, 2002 at 12:32:02AM -0700, Karsten M. Self wrote: on Wed, May 22, 2002, Petro ([EMAIL PROTECTED]) wrote: On Wed, May 22, 2002 at 03:16:57AM -0700, Karsten M. Self wrote: on Tue, May 21, 2002, Petro ([EMAIL PROTECTED]) wrote: Is this the first time someone has brought this up? Puhleaze: There's a bunch of people here acting like they've never heard of the idea, and the only somewhat reasonable excuse I've heard for not doing it is It's a lot of work, which lead me to believe it hadn't been discussed here. http://www.google.com/search?q=debian+statically+linked+root+shell So it has been brought up before, over 2 years ago, and it's still wrong? The point was that the answer to your question (Is this the first...) is readily available from the usual place. Your assignment is to read the earlier posts and either: There are over 100 links, many of them redundant, with the link you provided. The vast majority of them are redundant, or do have no mention of *why* such a bad decision was made. The one that does--which does happen to be the first on the list, shows a lot of navel gazing, short sightedness, and a general lack of will to actually listen to people who have an idea about how reliable, robust systems can be designed that doesn't involve fancy new widgets. - Formulate a previously unaddressed reason root should have a statically linked shell, rather than pollute the list with largely irrelevent dialog. There is no reason to formulate a previously unaddressed reason, when the previous reasons are perfectly adequate, and have not been properly addressed. As to your pollute the list comment, quite frankly it is something I, and by *the first link* on that Google query you posted, several other working Sysadmins, think is a very vaild question. My first post on this was as to *why* such a basic thing isn't being done. After all, where does /sbin get it's name? Well, /bin is binaries. /sbin is *static* binaries. Of which there are...one. All I asked was why. The answers I recieved tended to indicate a lack of previous investigation into the subject, which caused my query as to whether this had been discussed previously. - Understand why the current alternative(s) are sufficient. They aren't. They are close, and can be made proper with a little work. Which describes about 80% of linux (which is better than a lot of OSs, even other Unixes.). - Summarize findings to list and quietly exit the topic. Summary: Sash should be installed by default in /sbin/sash and as default should be the root users shell. It adds about 610k to a default install and has little or no downside in a properly set up environment. Yes, there should be a way *not* to install it, for those who are experienced and understand fully the ramifications of this decision. -- My last cigarette was roughly 36 days, 12 hours, 4 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to confirm mod_perl is functioning with apache? to run mason
On Sat, May 25, 2002 at 09:17:12PM -0400, Ian D. Stewart wrote: On 2002.05.23 20:42 justin cunningham wrote: hey list, I wanted to check out mason which requires mod_perl but it's not show as a loadable module in /etc/apache/httpd.conf I just installed libapache-mod-perl but wasn't prompted to load mod_perl.c as a loadable module like say, php4. how do I confirm it is properly configured? Hey Justin, I'm in pretty much the same boat (trying to test mod_perl installation/configuration IOT use HTML::Mason). Have you heard anything back from anybody? I'm currently going through the mod_perl guide (http://perl.apache.org/guide). Will let you know if I find anything useful. I don't use mod_perl myself, but some observations: (1) In woody, libapache-mod-perl actually installs perl_module--look in /usr/lib/apache/1.3/400mod_perl.info, you get: LoadModule: perl_module /usr/lib/apache/1.3/mod_perl.so Directives: PerlHandler PerlRequire PerlModule Perl Handles: perl-script Description: If you can do it with perl, you can do it with Apache. Which may, or may not be the same thing as mod_perl. Also there is a package apache-perl (also in woody) that has mod_perl (perl_module?) statically compiled in. apache -l will tell you what modules are currently compiled in, and the loadModule directives show what is currently being loaded. When I installed libapache-mod-perl, I had to add the LoadModule directive by hand. -- My last cigarette was roughly 36 days, 13 hours, 31 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ATI Radeon 7000
On Fri, May 24, 2002 at 08:28:45AM -0600, user list wrote: Reading with mutt makes me less likely to do the cut and paste. Anyway, if the link to which you refer is Funny, ctrl-b works for me. apt-get install urlview. -- My last cigarette was roughly 36 days, 13 hours, 55 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Thu, May 23, 2002 at 04:32:39PM -0700, Karl E. Jorgensen wrote: On Thu, May 23, 2002 at 02:38:15PM -0700, Petro wrote: major snipage Yes. Or just figuring out if there is even a wreck, how it happened etc. with the intent of restoring the wreckage rather than scrapping it. Reread the quoted text from Karl. I know what he is saying, and he's right in a limited way. If your entire ability to administer a system envolves unpacking .debs and answering the configure questions they ask, a static shell is pointless. I'm not in that position. I have to disagree with your implication (entire ability). I suspect that you have some high levels of frustration showing through here. Yes, there is some level of frustration. My previous post was assuming: a) you have hosed some essential library - ld-linux, libc, whatever. b) you want to repair it (later on it transpired that you were happy just to rescue the data before scrapping the lot, which will mean a different approach). With that in mind, you may well want to re-extract the damaged file(s) out of a .deb (e.g. one you have conveniently left floating around in /var/cache/apt/archives). If one has a small set of utilities that do not depend on external libraries, a SA with a bit of creative thinking and nimble fingers can accomplish a lot. The others (those without creative thinking and nimble fingers) are screwed blue anyway. The desire is for a small set of standard tools statically compiled so *IF NOTHING ELSE* I can determine just how badly a system is horked. There are about 37.38 billion ways a system can wind up in an unstable or stochastic state, from mv * .. in /lib (I a much more complex and lengthy equivelent of that in a shell script on a OS X box 2 weeks ago) to memory or filehandle exhaustion, to a corrupt file etc. Some of these *do* require a reinstall. Some of these just require a reboot. Others require different handling. In an installation with more than 1 computer, and the right tools statically linked, most would not require the ability to extract .debs, but if all that requires is ar and gzip, then that's not too much to ask. I'm starting a list of tools that should be available in a static format. I don't know what I'm going to so about it yet, but I have discovered a wierdness in bash debian source package. There is a define in debian/rules in that package that is: # build a statically linked bash? with_static = yes However, the default rules file doesn't use it anywhere, and adding: ifeq ($(with_static),yes) conf_args += --enable-static-link endif to what appears to be the appropriate section gives this diff: 115,117c115,117 LIBS = $(BUILTINS_LIB) $(LIBRARIES) LDFLAGS = -static $(STATIC_LD) $(LOCAL_LDFLAGS) $(PROFILE_FLAGS) $(CFLAGS) STATIC_LD = -static --- LIBS = $(BUILTINS_LIB) $(LIBRARIES) -ldl LDFLAGS = $(STATIC_LD) $(LOCAL_LDFLAGS) $(PROFILE_FLAGS) $(CFLAGS) STATIC_LD = Which, oddly enough doesn't seem to build a static bash executable. Hmmm... -- My last cigarette was roughly 32 days, 14 hours, 7 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Thu, May 23, 2002 at 01:04:17PM -0400, Rob Ransbottom wrote: On Wed, 22 May 2002, Petro wrote: So it has been brought up before, over 2 years ago, and it's still wrong? It is not wrong, it just yields little protection. Just from the disk getting corrupted under an in core shell. This will only be of benefit if you need to keep your machine up about .9 of the time. Even then I ask: You _want_ to keep your users going when your shared libs are flakey??? I don't have users in the normal sense. I run clusters of web and database servers, things that are hard to keep backed up 100%. I do have a few users, but they are mostly developers, and on their staging and dev boxes it might be necessary at some point to get in and recovery certain bits. But it's not just about *me*, I can, because of the resources I have available to me in a medium sized installation (currently around 100 servers) take a box down and replace it with another one until I have time to get down the colo and do things some other way. Not everyone has this luxury. Shared libs could implement a load_all_required_functions routine. This would let a program getuid and act like it had static libs. This sounds more complex, and unnecessary complexity is not a good thing. I just keep a rescue partition loaded with debian-base. This has lots of benefits. And having your normal root environment is nice in stressful situations. That isn't a bad idea. -- My last cigarette was roughly 31 days, 9 hours, 3 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problems with Galeon, Mozilla and ?Opera? freezing.
On Wed, May 22, 2002 at 07:13:41PM -0700, Hubert Chan wrote: Petro == Petro [EMAIL PROTECTED] writes: [...] Petro I have a problem with Galeon and Mozilla freezing up on Petro specific pages. Some will freeze Mozilla, many (that will freeze Petro one or the other) will freeze both. As in screen redraws within Petro that window don't work any more etc. Maybe a misbehaving plugin. Do you have the same plugins installed on both computers? It happens regardless of the plugins I have or don't have installed. The only plugins I have would be (a) the default and (b) F***ing shockwave. PS. Any reason you indent all your lines by four spaces? It looks odd. Python and autoindent. I should really spend more time trying to clean up and fix my .vimrc file, but it's scary in there... -- My last cigarette was roughly 31 days, 9 hours, 17 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: 1:1 mirror for an entire hd
On Wed, May 22, 2002 at 07:29:11PM -0700, Angus D Madden wrote: Karsten M. Self, Mon, May 20, 2002 at 02:09:32AM -0700: on Mon, May 20, 2002, R. Lockhart ([EMAIL PROTECTED]) wrote: I need to transfer all my data, os, partitions, formatting, to a new hard drive. I got a lemon hd (still perfect electronicly but making ugly noises). A replacement is on the way from the manufacturer but I'm not sure about the best way to mirror a-b. $ mkdir /mnt/oldhd $ mkdri /mnt/newhd $ mount /dev/hda /mnt/oldhd $ mount /dev/hdb /mnt/newhd $ cd /mnt/oldhd $ tar cvf - . | ( cd /mnt/newhd; tar xf - ) (rsync, or cp -padR are other alternatives). Rsync be your best bet if you can determine the correct syntax. It's what system imager uses to basically do the same thing. Also, you'll need to install a new boot block (MBR) or the new disk won't boot. The LILO mini-howto explains how to do that: http://www.tldp.org/HOWTO/mini/LILO-4.html You can use fdisk -l /dev/hda to get the parition table of the old disk. sfdisk is really cool for this. Last week I had to put the exact same partition on 23 disks in a raid box I was setting up as a JBOD: for i in c d e f g h i j k l m n o p q r s t u v w x do sfdisk -d /dev/sdb | sed s /sdb/sd$i/ | sfdisk -uM -L /dev/sd$i done In this case, assuming that the drives are hda and hdc, and that they are the same size: sfdisk -d /dev/hda | sed s /hda/hdc/ | sfdisk -uM -L /dev/hdc should do it. Ain't unix wonnerful. -- My last cigarette was roughly 31 days, 9 hours, 20 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Thu, May 23, 2002 at 01:26:16PM -0700, dman wrote: On Wed, May 22, 2002 at 05:28:13PM -0700, Petro wrote: | On Tue, May 21, 2002 at 10:15:45PM -0700, dman wrote: | On Tue, May 21, 2002 at 07:08:48PM -0700, Petro wrote: | | On Tue, May 21, 2002 at 05:57:16PM -0700, Karl E. Jorgensen wrote: | | On Tue, May 21, 2002 at 05:04:59PM -0700, Petro wrote: | | Mostly just some basic copy tools. | | If you need to pick things out of .debs, then you'll need a working | | dpkg. Or ar + tar ( gzip if memory serves). | | Actually, just tar and cp. | A deb is an ar archive that contains two gzipped tarballs. Thus you | first need ar to extract the tarballs, then gunzip to decompress them, | and then finally tar and cp to do the rest. | | Yes, and with cp and tar I can either get a file from somewhere | else, or copy some files to a location where they will survive a | reinstall. Oh, you're looking to salvage something from the wreckage before scrapping it. The comment above was about pulling files out of a .deb Yes. Or just figuring out if there is even a wreck, how it happened etc. with the intent of restoring the wreckage rather than scrapping it. Reread the quoted text from Karl. I know what he is saying, and he's right in a limited way. If your entire ability to administer a system envolves unpacking .debs and answering the configure questions they ask, a static shell is pointless. I'm not in that position. | | Correction: Relatively easy, and a relatively large amount of | work... | | Doesn't sound like it. | Building tweaked binary packages from the source package is really | easy, as long as your tweaks are major rewrites of the app or | something. | No, I meant it doesn't sound like a lot of work. I didn't get that the first time. Yeah, sometimes I'm a little too terse. Less isn't always more. -- My last cigarette was roughly 31 days, 12 hours, 8 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MySQL/Query question, help.
On Wed, May 22, 2002 at 02:59:20PM +0800, louie miranda wrote: First off, if you're going to ask a new question don't reply to a pre-existing thread and just change the subject, also delete the In-Reply-To: header. Hi, i was just wondering... i have inserted 1 row on my table, how come when i did lock table. Mysql did not see one of my insert. That makes no sense. Please check mail below, thanks. mysql select * from louie2; ++---+ | id | firstname | ++---+ | 1 | louie | ++---+ 1 row in set (0.00 sec) mysql lock table louie read; Query OK, 0 rows affected (0.00 sec) Mysql did the right thing. Your expectations are wrong. Locking a table does not modify or effect rows, it just locks the table. e.g.: mysql purge master logs to 'log.128'; Query OK, 0 rows affected (2.32 sec) mysql Doesn't effect any rows either. Try reading the relevant parts of the manual (I would say read the whole manual, but it *is* a bit overwhelming in this case). -- My last cigarette was roughly 30 days, 13 hours, 43 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Tue, May 21, 2002 at 10:15:45PM -0700, dman wrote: On Tue, May 21, 2002 at 07:08:48PM -0700, Petro wrote: | On Tue, May 21, 2002 at 05:57:16PM -0700, Karl E. Jorgensen wrote: | On Tue, May 21, 2002 at 05:04:59PM -0700, Petro wrote: | Mostly just some basic copy tools. | If you need to pick things out of .debs, then you'll need a working | dpkg. Or ar + tar ( gzip if memory serves). | Actually, just tar and cp. A deb is an ar archive that contains two gzipped tarballs. Thus you first need ar to extract the tarballs, then gunzip to decompress them, and then finally tar and cp to do the rest. Yes, and with cp and tar I can either get a file from somewhere else, or copy some files to a location where they will survive a reinstall. | Correction: Relatively easy, and a relatively large amount of work... | Doesn't sound like it. Building tweaked binary packages from the source package is really easy, as long as your tweaks are major rewrites of the app or something. No, I meant it doesn't sound like a lot of work. -- My last cigarette was roughly 30 days, 13 hours, 56 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Wed, May 22, 2002 at 03:16:57AM -0700, Karsten M. Self wrote: on Tue, May 21, 2002, Petro ([EMAIL PROTECTED]) wrote: All I'm asking for at this point is something that the rest of the Unix World has done forever, a statically linked /sbin/sh for roots use. Is this the first time someone has brought this up? Puhleaze: There's a bunch of people here acting like they've never heard of the idea, and the only somewhat reasonable excuse I've heard for not doing it is It's a lot of work, which lead me to believe it hadn't been discussed here. http://www.google.com/search?q=debian+statically+linked+root+shell So it has been brought up before, over 2 years ago, and it's still wrong? -- My last cigarette was roughly 30 days, 15 hours, 21 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OT: debian-beer (was Re: wrapping [was: Re: disable paragraph flows in mozilla?])
On Wed, May 22, 2002 at 07:00:34PM -0500, Dale Hair wrote: Can you give me an example of good Aussie beer that might be available in the US. The only one I can think of is Fosters, I wasn't overly impressed with it (as in I will drink one, but I won't buy one). I'm told by natives that Fosters isn't Australian for Beer, it's Australian for Budwiser. -- My last cigarette was roughly 30 days, 16 hours, 1 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Problems with Galeon, Mozilla and ?Opera? freezing.
So, I have 2 Debian Woody systems that are pure woody systems and up to date. One of them (Home Machine) is a PII 233 with a Diamond Viper 770 video card. The other is a PIII 733 with a Riva TNT2 card in the AGP slot, and a Graphics Blaster Extreme in one of the PCI slots pushing 2 19 inch monitors with Xinerama. Windowmaker is the WindowManager. I have a problem with Galeon and Mozilla freezing up on specific pages. Some will freeze Mozilla, many (that will freeze one or the other) will freeze both. As in screen redraws within that window don't work any more etc. The odd bit is that this only happens with my work machine. My home machine is fine. The other odd bit is that some of time Opera will freeze on the same pages. One page that I have found that will reliably freeze both Galeon and Mozilla is www.apple.com/ibook. But only on my work machine. And nothing else seems subject to this (applications frequently used include GAIM (always running), Abiword and now OpenOffice, Gnumeric, DIA. No problems (or at least no similar problems) with any of those, just the browsers. Any clues? -- My last cigarette was roughly 30 days, 15 hours, 54 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: wrapping [was: Re: disable paragraph flows in mozilla?]
On Tue, May 21, 2002 at 06:05:06AM -0700, Paul 'Baloo' Johnson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 20 May 2002, Petro wrote: Now that you've probably gotten all huffy, no, I don't mean you specifically, I mean you in the Outlook using, javascript-RTF enhanced non-RFC compliant email sending twits out there. If you fall in to that category, then... Whoa! You must have to deal with superlusers more often than I do.[1] I run a few non-computer related mailing lists for some government planning types, and I'm on a few more that seem to attract the computer illiterate. Funny, my Mobile Phone came with Eudora installed on it. I'm waiting for the USB sync cable so's I can try it out. Curious how large that phone is...to have a usable screen on it, especially for a nearly real email client, it would need some serious screen real estate. It's the kyocera smart phone. It's basically a Palm with phone wrapped around it. He's a nice guy. I'd have urinated in them. Though with beer it'd be hard to tell the difference. Try something other than American beer sometime (again, Oregonian microbrews don't qualify as American here). Speaking of which, it's time for a Widmer Bros. Hefeweizen. You're assuming I haven't. Beer is beer. Budwiser makes more beer because they have bigger horses, that's all. Dude, that's rank. And until you've tried the non-US beer, don't knock it. 8:o) [1] Well, anymore. Now my boblike behaviour is limited purely to this list, ever since [EMAIL PROTECTED] went down, I've been in recovery. I was the Macintosh Hardware and System Specialist for a medium-sized almost-p0rn magazine for 18 months. Of course, that was 3 years ago. I don't do Luser interaction any more. It's too hard on the lusers. -- My last cigarette was roughly 29 days, 10 hours, 18 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Serious Bug in most major Linux distros.
This is something that has been bothering me for a while now. See, you guys who put these distributions together are pretty bright. It takes a lot of work, and I see a lot of the discussions that go in to figuring out all the nit-picky little details that give polish to a distribution. However, one thing is driving me absolutely Bug F*** crazy. I use, or have used several versions of RedHat and SuSe, and now I'm on my second version of Debian. Why the sam hell is there not, by default, no questions asked, it's installed because it's *right*, a statically linked /sbin/sh as roots default shell? -- My last cigarette was roughly 29 days, 10 hours, 27 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Where's the POP3 package?
On Tue, May 21, 2002 at 05:38:34AM -0700, Paul 'Baloo' Johnson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 19 May 2002, Glen Lee Edwards wrote: Is there a way that I can search packages for a file using apt and a regexp? dselect has a search feature. dselect is easier to use than it looks. Then there is apt-cache, which actually searches more than just the title and short description. -- My last cigarette was roughly 29 days, 11 hours, 54 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Not able to connect to nvidia.com
On Tue, May 21, 2002 at 01:44:53PM -0700, martin f krafft wrote: also sprach Raffaele Sandrini [EMAIL PROTECTED] [2002.05.21.2228 +0200]: This is caused by having Explicit Congestion Notification (ECN) enabled. You can disable it using: echo 0 /proc/sys/net/ipv4/tcp_ecn Andrew. Whats that? ECN? do you know about google.com? http://www.google.com/search?q=Explicit%20Congestion%20Notification just wondering. i know it's damn easy to ask *all* questions to debian-user, they even get answered... but we shan't forget how to research ourselves... I'm having trouble with Wife 1.0, I really don't want to upgrade, as it's an emotionally problematic, and somewhat expensive a process, but doing the the weekly floral update isn't quite working as well as it used to. Any suggestions? -- My last cigarette was roughly 29 days, 14 hours, 16 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Tue, May 21, 2002 at 01:32:48PM -0700, Sean 'Shaleh' Perry wrote: Why the sam hell is there not, by default, no questions asked, it's installed because it's *right*, a statically linked /sbin/sh as roots default shell? because the days of static bins are long passed. For most things, I'd agree. For certain critical binaries, that is pure unadalterated hubris. The was to hose a system are manifold, as are the paths to recovery of that system, and to not do the simplest thing--like providing a sane and statically linked /sbin/sh for root is silly. if *you* want this, Debian makes it even easier. apt-get install sash. not only is is statically linked it also includes enough stuff to help you save a system. I want it the *default*. It will be in the next interation of my production installation. Debian is very strongly against making any decision for you we do not have to make. And almost all of our decisions can be overruled. You make *lots* of decisions for the end user. Most of them are *very* sane. This one is not. -- My last cigarette was roughly 29 days, 14 hours, 21 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Tue, May 21, 2002 at 01:32:48PM -0700, Sean 'Shaleh' Perry wrote: Why the sam hell is there not, by default, no questions asked, it's installed because it's *right*, a statically linked /sbin/sh as roots default shell? because the days of static bins are long passed. if *you* want this, Debian makes it even easier. apt-get install sash. not only is is statically linked it also includes enough stuff to help you save a system. Debian is very strongly against making any decision for you we do not have to make. And almost all of our decisions can be overruled. Also, CCing somebody who has not been so rude as to say CC me please I don't read the list isn't necessary. -- My last cigarette was roughly 29 days, 14 hours, 27 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Tue, May 21, 2002 at 10:42:53PM +, Peter Corlett wrote: Vincent Lefevre [EMAIL PROTECTED] wrote: On Tue, May 21, 2002 at 17:18:08 -0500, Ron Johnson wrote: After reading this thread, I decided to install sash. I did that too. Is there a reason why it isn't installed by default? It seems that the only merit sash has is that it is statically linked. I find it to be a horrible shell otherwise, and I'd rather not have that as the default root shell on my boxes. If the system is working fine, then you just type bash (or tcsh, if you're twisted that way) and go on about your business. I'm not sure you gain much by being able to log in if libc is shafted since it's pretty much reinstall time by then anyway... That depends a lot on how it's shafted. As well, there could be a few things to do before a reinstall that make it a lot less painful. -- My last cigarette was roughly 29 days, 14 hours, 28 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Tue, May 21, 2002 at 03:46:47PM -0700, Karl E. Jorgensen wrote: On Tue, May 21, 2002 at 12:58:48PM -0700, Petro wrote: This is something that has been bothering me for a while now. See, you guys who put these distributions together are pretty bright. It takes a lot of work, and I see a lot of the discussions that go in to figuring out all the nit-picky little details that give polish to a distribution. However, one thing is driving me absolutely Bug F*** crazy. I use, or have used several versions of RedHat and SuSe, and now I'm on my second version of Debian. Why the sam hell is there not, by default, no questions asked, it's installed because it's *right*, a statically linked /sbin/sh as roots default shell? You do have a valid point, but a statically linked root shell will not always work. At least you shouldn't rely on it being sufficient... You don't rely on your airbag (no, not your local politician, the one in your car) being sufficent, nor your seat belt (or if you ride a motorcycle, your Helmet etc.), however you want them there when you need them, right? If you were to nuke /lib/ld-linux.so* (or other essential libraries), then chances are that you won't be able to log in anyway: $ ldd /sbin/getty libc.so.6 = /lib/libc.so.6 (0x4001d000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) [OK. I admit that if you can find an already-running getty, this may be a moot point] $ ldd /bin/login libcrypt.so.1 = /lib/libcrypt.so.1 (0x4001d000) libpam.so.0 = /lib/libpam.so.0 (0x4004a000) libpam_misc.so.0 = /lib/libpam_misc.so.0 (0x40053000) libdl.so.2 = /lib/libdl.so.2 (0x40056000) libc.so.6 = /lib/libc.so.6 (0x40059000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) Besides, even /sbin/init is dynamically linked, so a severly damaged system won't be able to boot... I'm not so much worried about rebooting, as trying to diagnois and scavange an already running system. So, to follow your line of thought (i think), then at least getty login need to be statically linked too. And init if you plan on rebooting using only the existing (hypothetically damaged) root fs. And you need to prepare by having root's login shell be statically linked. Yeah, it might be a good idea to build static versions of those as well. To repair such a system you may need other tools, e.g. dpkg, ar, apt-get (which for the purposes of this, are rather inconveniently located in /usr), mount, tar and gzip. All of which (i believe) are dynamically linked. Mostly just some basic copy tools. Looks like I'm going to have to learn how to make custom debs. As others have suggested, sash will help here - assuming that you can log in... Another solution could be to boot your kernel with init=/bin/sash. And make sure that this boots with the root fs in read-write mode; as the mount command is dynamically linked... At least you should always be able to boot from the install floppies, and mount/fsck your root filesystem from there. If not, then it's time for you to create new boot floppies. The standard ones may not have a suitable kernel if you have some esoteric hardware... You say that like I can wander over and stick a floppy in. The vast majority of my machines, and the ones I worry about are 50 miles from here. -- My last cigarette was roughly 29 days, 14 hours, 30 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Tue, May 21, 2002 at 04:51:08PM -0700, Tom Cook wrote: On 0, Richard Cobbe [EMAIL PROTECTED] wrote: Debian is very strongly against making any decision for you we do not have to make. And almost all of our decisions can be overruled. True, but I really can't see any harm in making root's shell a statically-linked binary, myself. After all, how many root shells do you expect to have running at one time? One for every cron or at job... at least. /sbin/sh and /bin/sh do not have to be the same binary. -- My last cigarette was roughly 29 days, 14 hours, 38 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: regenerating the zsh completion cache
On Tue, May 21, 2002 at 03:47:00PM -0700, Chris Gray wrote: Hi, If I install a new package and it installs a new binary, how do I get zsh to complete the name of the binary when I hit tab. Obviously I could just start a new shell, but that's too easy. Here is the completions part of my .zshrc: I don't use zsh, but under bash it's hash -r. -- My last cigarette was roughly 29 days, 14 hours, 42 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Recommended tape backup software - tape vs disk - raided
On Mon, May 20, 2002 at 10:04:49PM -0700, Alvin Oga wrote: hi ya petro Morning. On Mon, 20 May 2002, Petro wrote: On Mon, May 20, 2002 at 12:10:34AM -0700, Peter Whysall wrote: On Mon, 2002-05-20 at 06:22, Alvin Oga wrote: --- if the disks is raid5'd ... give one disk --- to each of the CEO/CFO/CTO/foo/bar and no one user --- has all the data... no way for stealing corp secrets That's innovative, but impractical. No, it's a great idea, but you can do the same thing even more safely with tapes. good point.. give um tapes most people dont have an expensive drive sitting at home to go poking around on it while everybody can poke around on an ide disk Wait a minute, you're not encrypting them? smack A terabyte is 10 AIT-3 tapes. How many disks is it? 10 120 gig IDE drives. Each with lots of electronics to fail. yuppers... and with a tape drive.. you only fix one ?? When the electronics on a tape drive fail, you can use almost any other tape drive of the same media type to read the tape. In an emergency, you drive down to local computer supply store? and buy one. If the electronics on a hard drive fail, at *best* you drive down to the local clean room repair shop and perform unnatural acts on the tech while he tries to put the platters in a different unit. and i've never dropped at tape drive... nor disks... - tapes get dropped because a klutz like me is swapping out a tape w/ feeble fingers... As opposed to swaping out a drive with feeble fingers? - i get itchy when i see people dropping stuff... Disasters happen. That's what backups are for after all. - even worst when i see them with rubber shoes touching memory/disks w/o antistatic Tapes aren't as delicate. ( its hilarious when they say they got shocked... ( and wonder why the machine stopped working... In almost 20 years of messing with computers in various capacities, including living and working in high-static environments, the only time static electricity has cause a computer I was working on to die was a lightining strike. -- My last cigarette was roughly 29 days, 14 hours, 43 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Recommended tape backup software
On Tue, May 21, 2002 at 02:49:47PM -0500, Jamin W. Collins wrote: On 21 May 2002 14:31:02 -0500 Ron Johnson [EMAIL PROTECTED] wrote: I think we're well past the point where we must agree to disagree about the best way to back up enterprise databases. Agreed. Now, would it be possible to get back to the original topic tape backup software. I (for one) am very interested to hear what about people experiences, recommendations (or lack thereof) concerning tape backup software. I don't care much for a philisophical debate over whether to use tapes or hard drives. I've already made the decision to use tapes and am relatively open to hear what works and what doesn't for others out there. We use Net Backup, it's not free, it's definately not cheap. It is incredibly powerful, which means there are a *lot* of options. I don't think they have a linux server. They might. We run it off an old Sun U5. We've got 2 spectradrive tape robots hooked up to it, with 4 tape drives each, and 40 tapes in each library. -- My last cigarette was roughly 29 days, 14 hours, 50 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: wrapping [was: Re: disable paragraph flows in mozilla?]
On Tue, May 21, 2002 at 09:26:31AM +0100, Colin Watson wrote: On Mon, May 20, 2002 at 06:49:06PM -0700, Petro wrote: On Fri, May 17, 2002 at 08:34:20PM -0700, Paul 'Baloo' Johnson wrote: [1] There's a difference between American beer and Oregonian beer, though, Widmer Brothers and McMenamins are still good; Henry Weinhards used to be good until they sold out to Miller, they're brewed out of St. Louis and the formula changed: it tastes like Miller Lite now. Beer is beer. Budwiser makes more beer because they have bigger horses, that's all. No, no, no. American beer is American beer. Come to England and try a decent bitter or ale sometime ... Let me put this in a way you may understand: I don't *like* beer, Sam I Am. Not in a bottle, Not in a can. I don't like it with pizza, I don't like it with spam, And I most certainly will not drink it with green eggs and ham. -- My last cigarette was roughly 29 days, 14 hours, 53 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Serious Bug in most major Linux distros.
On Tue, May 21, 2002 at 05:57:16PM -0700, Karl E. Jorgensen wrote: On Tue, May 21, 2002 at 05:04:59PM -0700, Petro wrote: On Tue, May 21, 2002 at 03:46:47PM -0700, Karl E. Jorgensen wrote: You do have a valid point, but a statically linked root shell will not always work. At least you shouldn't rely on it being sufficient... You don't rely on your airbag (no, not your local politician, the one in your car) being sufficent, nor your seat belt (or if you ride a motorcycle, your Helmet etc.), however you want them there when you need them, right? Yep. As long as it is practical. It depends on how far you think is practical. (I wouldn't rely on my politician either). At some point, the extra effort simply isn't worth it. You seem to want to go further; that's OK. As long as I'm not forced to. All I'm asking for at this point is something that the rest of the Unix World has done forever, a statically linked /sbin/sh for roots use. Is this the first time someone has brought this up? Mostly just some basic copy tools. If you need to pick things out of .debs, then you'll need a working dpkg. Or ar + tar ( gzip if memory serves). Actually, just tar and cp. Looks like I'm going to have to learn how to make custom debs. If you really must, then it should be relatively easy to apt-get source, apply a patch, fakeroot debian/rules binary. In fact, you should end up with a quite small patch (depending on the package in question); enough to at least semi-automate the process for future versions. And you probably need your own (small-ish) debian mirror. Heck, I've already got three, or 6 if you consider non-US to be a seperate mirror. Correction: Relatively easy, and a relatively large amount of work... Doesn't sound like it. [ snip, snip, snip ] suitable kernel if you have some esoteric hardware... You say that like I can wander over and stick a floppy in. The vast majority of my machines, and the ones I worry about are 50 miles from here. Point taken. But for some types of failures, you'll *have* to get out of the chair anyway :-) Not the way I'm planning it. At this point in time I can reinstall any of my Debian and almost all of my Redhat boxes (with one exception) from either here (work) or home. I have roughly 5% spares (meaning that with the exception of some specialized hardware) I an lose and regenerate 5% of my servers w/out cutting in to my capacity. I've also got about 30% spare capacity in most of my clusters, so I can lose a box or three out of most clusters and not miss them even during peak loads. The thing is, I want to be able to get in to certain boxes and get the (money) logs off before I nuke them. However, that is *my* specific case. As I iterated earlier, and am re-iterating now, there are a multitude of reasons for a small set of statically linked programs on a network connected machine. Root's shell is definately one of those. -- My last cigarette was roughly 29 days, 16 hours, 34 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: wrapping [was: Re: disable paragraph flows in mozilla?]
On Fri, May 17, 2002 at 06:47:25PM -0500, Richard Cobbe wrote: Lo, on Saturday, May 18, Hans Ekbrand did write: On Fri, May 17, 2002 at 03:40:47PM -0700, Vineet Kumar wrote: True; it's long been understood in the professional typesetting community that lines which are too long are difficult to read. I've even seen discussions of what `too long' means---I think it's a function of how long the font's em-space is, but I don't remember the details off the top of my head. It's a function of Typeface, leading, and kerning. Tightly set lines (little space between letters, and little space between lines) need shorter lines. Loosely set lines (opening up the space between the lines, and opening up the letter spacing a bit (but, obviously not too much)) can be longer. (Add this to the fact that most on-screen computer fonts, IMO, don't have enough leading, and you've got serious legibility problems.) The typefaces don't do the leading (well, sort of but not really), it's the application that decides it. -- My last cigarette was roughly 28 days, 16 hours, 6 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: wrapping [was: Re: disable paragraph flows in mozilla?]
On Fri, May 17, 2002 at 08:34:20PM -0700, Paul 'Baloo' Johnson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 18 May 2002, Hans Ekbrand wrote: Although I actually have a terminal (can't say I use it much though), I sometimes wonder if email conventions should be derived from limitations of such ancient hardware. In some sense, its a good practice to require as little as possible from the clients, but is 80x25 a limit that anyone is facing anymore? Yes. I'm at work right now on a VT100. People still use old hardware and will likely still use old hardware for as long as they can be repaired and pressed into service (read: indefinately, terminals are pretty damn robust). I missed this the first time around, but: I have 3 or 4 machines at home that I may use at any given time to read Usenet or Email. A PII 233 with 198 meg of ram runing Debian Woody, a P233 with 128 meg of ram running Redhat something old, a PowerMac G4 with 768 meg of ram running OSX, and usually something else, from a Windows laptop to a Tadpole to whatever. I still have the 80x25 problem, since often I'm using Mutt or SLRN. It's not your place to decide for me what software or hardware I must use to read your usenet postings, although it might be acceptable to place a certain minimal level of ability, however it most certainly is *NOT* acceptable for you to dictate what my email software must be able to accomodate beyond the requirements of the relevant RFC. Which is still 822, last time I checked. Now that you've probably gotten all huffy, no, I don't mean you specifically, I mean you in the Outlook using, javascript-RTF enhanced non-RFC compliant email sending twits out there. If you fall in to that category, then... I guess new limits come with pocket computers, mobile telephones, and whatever means people read their mail with these days. Pocket computers gracefully rewrap text (usually) so they're not an issue (though it would be nice if the email software that comes with it would respect the 72 column rule even if it doesn't display it). I don't see anybody reading on thier telephones. I mean, yeah, I'm going Funny, my Mobile Phone came with Eudora installed on it. I'm waiting for the USB sync cable so's I can try it out. Though one time I got a hold of my roommate's cellphone and subscribed him to a few high traffic lists on it. It took him a couple days before he realised it wasn't going to stop on it's own and he'd have to go for it himself. Nice part about those three days is you couldn't lose him, he was beeping every couple minutes. (He got me back by pouring out my Molsons and refilling the bottles with Coors, though everybody in the house said that was below the belt: You simply don't subject *anyone* to American beer[1]) He's a nice guy. I'd have urinated in them. Though with beer it'd be hard to tell the difference. So, a better argument for wrapping lines at 72 chars would perhaps be that it make the text easier to read (even if you have real screen estate that could handle a lot more). No, the best argument is that accessability is more important than form, and there is only one form that is considered a baseline default--80 columns width max. [1] There's a difference between American beer and Oregonian beer, though, Widmer Brothers and McMenamins are still good; Henry Weinhards used to be good until they sold out to Miller, they're brewed out of St. Louis and the formula changed: it tastes like Miller Lite now. Beer is beer. Budwiser makes more beer because they have bigger horses, that's all. -- My last cigarette was roughly 28 days, 16 hours, 10 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Identical installations on several machines
On Fri, May 17, 2002 at 06:09:03PM -0700, Petr Vanek wrote: On Fri, May 17, 2002 at 03:47:06PM -0700, David Wright wrote: A# dpkg --get-selections selections A# scp selections B: A# ssh B B# dpkg --set-selections selections B# dselect install remove Keep in mind though, this will not reproduce the CONFIGURATIONS, just the PACKAGES. You could try B# rsync -e ssh -a A:/etc / to get /etc synch'd, but some things (e.g. /etc/hostname) you don't want synch'd, and then there are some things in /var you want synch'd (and others you don't). This isn't quite such an easy problem. It is solvable (I know -- I do it with 6 machines), but it requires some thoughtful script construction. does any daemon do that? i mean, is there any other way of doing sync of packages? Check out SystemImager and FAI. They are both tools to maintain clusters of machines and do semi-automatic or fully-automatic installations. -- My last cigarette was roughly 28 days, 16 hours, 24 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Recommended tape backup software - tape vs disk
On Sun, May 19, 2002 at 05:24:55PM -0700, Alvin Oga wrote: 160GB ide disks is $150-$200 range... cheap... - 1Terabyte of backup in one 1u chassis.. no problem... and i do compressed backups of up to 3 or 6 months... dpeending on diskspace they willing ot buy and user data Pull 10 160GB disks out of your array to swap them for another set (offline DR archive). Drop one disk on a concrete floor. Pull 20 tapes out of the drive. Drop one tape on the floor. Which has a better chance of surviving? This list has gone round and round on this at least twice in the last 4 months. When you're backing up terabytes, archiving for legal reasons, etc. modern tapes are more than adequite, and less expensive (in real terms) than drives. -- My last cigarette was roughly 28 days, 16 hours, 32 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Recommended tape backup software - tape vs disk
On Mon, May 20, 2002 at 12:10:34AM -0700, Peter Whysall wrote: On Mon, 2002-05-20 at 06:22, Alvin Oga wrote: --- if the disks is raid5'd ... give one disk --- to each of the CEO/CFO/CTO/foo/bar and no one user --- has all the data... no way for stealing corp secrets That's innovative, but impractical. No, it's a great idea, but you can do the same thing even more safely with tapes. A terabyte is 10 AIT-3 tapes. How many disks is it? 10 120 gig IDE drives. Each with lots of electronics to fail. -- My last cigarette was roughly 28 days, 16 hours, 37 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Recommended tape backup software - disk failures
On Mon, May 20, 2002 at 02:25:59AM -0700, Alvin Oga wrote: hi ya a nice picture of what causes a system to fail... disks or ??? http://www.Linux-1U.net/Disks/Disk_Failure.gif ( its from an IDC survey ) ( the picture stolen/copied from http://safersite.net/NSS15AFaultTolerantUsersStoragePowerandNetworks.htm - but it seems they moved that url... That is completely outside my experience. I've had users nuke the operating system, but the computer didn't fail, the OS did. A fresh install and everything but the users data was peachy. Those 15 75Gig IBM drives OTOH... -- My last cigarette was roughly 28 days, 16 hours, 40 minutes ago. YHBW -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: alternative web browser to netscape
On Wed, Apr 10, 2002 at 03:22:14AM -0700, Phillip Deackes wrote: This message uses a character set that is not supported by the Internet Service. To view the original message content, open the attached message. If the text doesn't display correctly, save the attachment to disk, and then open it using a viewer that can display the original character set. message.txt snip I am not interested in telling web designers that they need to re-design th= eir sites so that a small percentage of extra users can access them. I know= they are wrong, but I just want to *use* the Internet to get things done. So you agree with me that forcing commercial buildings to be handicap accessible is wrong? After all, they are being forced to do *major* redesigns of the buildings (much more time consuming and expensive than simply redesigning a web site) so a small percentage of extra people can get to them. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: unsubscribe -all
On Thu, Apr 04, 2002 at 08:47:41AM -0800, Shawn McMahon wrote: begin quoting what Dennis Doeve said on Thu, Apr 04, 2002 at 06:39:54PM +0200: No, thanks, I don't want to unsubscribe. But I agree that you should. While you're at it, you should probably remove Debian, too. In fact, sell your PC and buy a Mac. Um... You do know that modern Macs run Unix, right? WebTV. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Question concerning MTAs and Databases.
Does anybody know of an MTA, plugin, or package that uses a database (Preferbly Mysql) for storage? -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ATA Raid
On Wed, Apr 03, 2002 at 12:15:07PM -0800, Vineet Kumar wrote: * Jeff J. ([EMAIL PROTECTED]) [020403 08:13]: I am looking for an ATA/100 or 133 RAID controller that fulfills these two requirements: Operates in a 66mhz PCI slot. Is (well?) supported by Debian. Somewhere in the $200 range would be nice. Does such a thing exist? I know there is very little official support for Debian from various vendors, so I thought I'd check to see what works from other Debian users before I buy a useless card. I'm not a RAIDer myself, but from what I've heard through the grapevine, software raid is the way to go. Of course, if you've a good reason for choosing hardware over software raid, more power to you, but I've heard plenty of people saying ditch that piece of junk and just use software RAID which works beautifully when asked about hardware RAID controllers. We are switching from useing 3Ware cards (6xxx series) to using a dumb 2 port + 2 onbard ports w/software raid on some fairly high bandwidth databases (150GiB of tables on one). We're doing RAID0 (we replicate the DBs at the DB level), and we seem to get *slightly* less performance, but we get a lot better error reporting. The 3Ware cards are the C rev, for which there is a firmware update, and we may switch back if that upgrade fixes the reporting problems, but i doubt it. It really simplifies a system a *lot* to do the raid in software, and simple things break in simple and predictable ways. Complex things break in complex and stochasitic ways. Simple breakages usually have simple solutions. Complex breakages are usually best solved by simplifying. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I hate printers
On Mon, Apr 01, 2002 at 07:43:45PM -0800, Sean wrote: On Mon, 2002-04-01 at 21:56, Tom Allison wrote: I am using a D-Link DL713P as the printer server. I would suggest using a PC as a printer server I wouldn't. PCs draw a lot more power, use a lot more desk/shelf space, and require a lot more attention. I've got a Netgear that works great from Linux, Windows, and MacOS 9.x. It doesn't work under OSX yet, but I assume that's because Apple broke something. It would also help if you mentioned what kind of printer it was. -- GPG Public Key available: http://sean.gutenpress.org/sean.asc -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: simple database?
On Tue, Mar 26, 2002 at 11:25:48AM -0600, dman wrote: On Mon, Mar 25, 2002 at 04:26:16PM -0800, Petro wrote: | On Mon, Mar 25, 2002 at 02:44:25PM -0800, Tom Cook wrote: | multi-user capabilities, or real scalability. Also PostgreSQL is a | What is real scalability? I've used Mysql on tiny machines | (Tadpole laptop) to dual processor x86 boxen with 2 gig of memory, | and 6 way Sun e4500s with 4 gig of memory. Database sizes from | trivial to over 150G of tables on a single machine. I couldn't find it recently when I googled, but a while back I read some articles written by someone at sourceforge. He was describing the comparision he did of several RDBMSes in the deployment of sourceforge. He found that for small dbs and light load that mysql yielded faster responses. However (at the time at least) its locking was table-level. This means that if someone is updating a row in a table, then no one else can read any other row in that table. PostgreSQL had more overhead on the small side of things, but for the many thousands of hits per minute SF had it performed much better. postgres has row-level locking. In the scenario above the users can still read their rows while the other user is modifying his. In an environment where web pages are generated from multiple queries that merge several tables the differences were very significant. The article provided much more detail, but that's mainly what I remember from the top of my head. Of course, as with any case study, the evidence is anecdotal. Ah. I read that one as well. The thing is, it *highly* depends on your database design, and intended use. If your database is read more than written, this is of (depending on the weight) minor to non-existent concern. Also clever table design can get around this. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Restore CD image equiv.
On Tue, Apr 02, 2002 at 10:00:13AM -0500, Chapman, Matt wrote: Hi, I would like to know if anyone has something that will work for debian in the following scenario. I build a server with Debian on it as well as a filter (url) and squid for caching. I ship the box. The customer has a hardware issue and replaces bad drive etc. Then needs to restore to the factory defaults. How could I distribute a cd that installs the os and needed packages without the user needing to know linux at all. Much like a Ghost image or DriveImage.??? Any ideas? SystemImager. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: using windoze keys
On Tue, Apr 02, 2002 at 07:25:43PM +0100, Patrick Kirk wrote: Create afile called .Xmodmap using the command touch .Xmodmap then edit it to read: keycode 115 = F13 keycode 116 = F14 keycode 117 = F15 Now add the following to .xsession: modmap ~/.Xmodmap exec gnome-session Logout and login again and now you can use the F13, F14 and F15 keys represent the left-Win key, right-Win-key and context-menu key. Further question: I have a Microsoft Natural Keyboard Pro with a bunch of extra buttons all over the stinking place. When I press one I get unknown scan code xx yy, where xx yy is something like e0 6a. Is there some way to translate that into the above? -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OT Any web site that teaches how to make LAN cable connection
On Wed, Mar 27, 2002 at 12:07:03PM -0800, Nathan E Norman wrote: If you find yourself making cables regularly, get a tester that tests s/making cables regularly/in charge of a medium to large network/ continuity and attenuation - they're a lifesaver. Nothing sucks more than troubleshooting the tough network problem that's caused by an intermittent in your homemade cable. s/ttent/ttent fault/ s/homemade// Cables break or otherwise wear out. They do. Cable testers are a really good thing to have. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: simple database?
On Mon, Mar 25, 2002 at 02:44:25PM -0800, Tom Cook wrote: Don't use mySql. Eventually you will want transactions, or some real Mysql-Max already supports transactions. I'm not sure what you mean by Multi-user capabilities (I'm not a DBA, I just support a dev group). multi-user capabilities, or real scalability. Also PostgreSQL is a What is real scalability? I've used Mysql on tiny machines (Tadpole laptop) to dual processor x86 boxen with 2 gig of memory, and 6 way Sun e4500s with 4 gig of memory. Database sizes from trivial to over 150G of tables on a single machine. lot closer to Oracle SQL, IIRC. In fact, if you want enormous databases with good query speed, why not use Oracle? It is free for development (on Linux, at least - not sure about Sun or 'doze). It will cater for all your needs... Oracle? All your resources will belong to us. I'm not knocking Postgress, the little I've used it, it seemed like a nice DB. I've got a lot more experience with Mysql, and it too is a nice DB. I've also support whOracle, and, well my mother said if you can't say anything nice, don't say anything at all, but I never listened to her much anyway. Oracle is a bloated stinking pig of a money pit. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Not set up
On Wed, Mar 20, 2002 at 06:36:08PM -0600, John Bruner wrote: What does entropy mean to you? I have a IIfx. It has two hard drives. I tried, (not knowing what I am Are we talking a Mac IIFX? Seriously Antique hardware. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Small bug in dh-make-perl? [was dh-make-perl]
These days I'm completely behind on my email, so please excuse the late response. On Mon, Mar 04, 2002 at 06:34:52AM -0800, Bill Moseley wrote: At 07:43 PM 03/03/02 -0800, Harry Putnam wrote: I need some of the perl modules installed right now for a school project so am installing them directly with the CPAN shell, until I figure out if its my local technique that is the problem. I wonder if doing this without dh-make-perl, sort of behind debians back, will cause me some grief in some way later? Coming from the perl side, I'd wonder more about if not using the standard method to install modules will cause problems later down the road. I use it more to register the package with the debian package system, and to generate a .deb that can be put in our local repository and properly tracked. Then again, I'm responsible for about 100 servers, with debian slowly growing in number. -- Share and Enjoy.
Re: inappropriate racist and other offensive material
On Thu, Mar 14, 2002 at 11:16:19PM -0700, user list wrote: This will be a bit of a long message to bear with me. To keep your interest I will tell you straight off that this is not, I repeat NOT, a free speech issue. I will explain why below. I first want to point out that the package maintainer is a whole lot more reasonable than most people on this thread. Practical: Let's just say that this is a free-speech issue. The point is that free-speech does not reach into institutions. If a racist statement were part of a program that communicated with other programs, it would not be allowed on any US government machines. It would not be allowed on many corporate machines. snip I guess this means you're pulling the package Bitchx because, well, that package is offensive on it's face. -- Share and Enjoy.
Re: Mail clients (and text editors)
On Thu, Mar 14, 2002 at 08:37:06PM -0800, Craig Dickson wrote: begin Alan James quotation: I'd like to give maildir a go, so how do I convert MH to MailDir ? If you use procmail, just set up new empty maildir folders corresponding to each of your old MH folders, edit .procmailrc to use the new folders (and to know that they're in maildir format), then run all your old messages back through procmail again. I just went through this last week, and had a *lot* of hand-sorted folders. Here's the script I used. It uses a program called safecat, google's your buddy for that: #!/bin/sh SAFECAT=/usr/bin/safecat MAILD=/home/petro/Maildir/ $here=`pwd` for DIR in `ls -1` do echo doing $here/ $DIR : if [ ! -d $MAILDIR/$DIR ] then mkdir -m 2700 $MAILD/$DIR mkdir -m 2700 $MAILD/$DIR/cur mkdir -m 2700 $MAILD/$DIR/new mkdir -m 2700 $MAILD/$DIR/tmp fi cd $DIR echo Inside: pwd for FLE in `ls -1` do cat $FLE | $SAFECAT $MAILD/$DIR/tmp $MAILD/$DIR/cur done cd .. echo $DIR done done Basically safecat is just used to give the MH mail file the proper Maildir name. You could fake this by generating your own. According to the safecat man page the format for the file name is time.pid.host, where time is seconds in the Unix Epoch, pid is, well, pid, and host is, well, the hostname. Any, HTH. -- Share and Enjoy.
Re: inappropriate racist and other offensive material
On Wed, Mar 13, 2002 at 10:05:41PM -0800, Vineet Kumar wrote: * Petro ([EMAIL PROTECTED]) [020313 18:34]: Any racism you perceive in either of those two statements is purely your own ignorance and knee-jerk political correctness. Well, after reading the bug report, it looks like the statement in question was included in irssi-scripts as a kickreason. Meaning, when you kicked someone out of a channel, it might randomly say to the kickee and everyone in the channel I'm kicking you out of the channel because 'yo family's so black.' If there's a word in the dictionary that defines that better than racist, please enlighten us all. Inane, Insipid, Childish and stupid are all much better fits than racist. Tasteless is also pretty good. If the script had some way of knowing who was black and who wasn't, and actually was kicking the person for that reason, it would be racist. Since it can't, and doesn't (I presume) then it is not racist. There is a lot of racism left in the world, and it's a truely horrible thing, but that doesn't mean that everything that mentions skin color is racist, and by labelling such trivialities as racist, you lessen it's impact when used to describe much more evil and destructive packages. -- Share and Enjoy.
Re: inappropriate racist and other offensive material
On Thu, Mar 14, 2002 at 08:05:09PM +, p wrote: On Wed, Mar 13, 2002 at 02:10:46PM -0800, Petro wrote: Any racism you perceive in either of those two statements is purely your own ignorance and knee-jerk political correctness. b.s.! making fun of someone else's skin color is patently wrong, and i don't care how you want to slice it or garnish it with red herring: Sure, making fun of someone's skin color is wrong, but it's *not* racism. Racism is a serious issue, and a serious problem, but making a comment about someones skin color is *not* racism. Main Entry: rac??ism Pronunciation: 'rA-si-zm also -shi- Function: noun Date: 1936 1 : a belief that race is the primary determinant of human traits and capacities and that racial differences produce an inherent superiority of a particular race 2 : racial prejudice or discrimination - rac??ist /-sist also -shist/ noun or adjective and: rac??ism Pronunciation Key (rszm) n. The belief that race accounts for differences in human character or ability and that a particular race is superior to others. Discrimination or prejudice based on race. Personally I find racism--as defined above--to be odious, ignorant and inefficient, but that does not mean that *eveything* that mentions the color of someone's skin is a racists statement. You need a thicker skin. ...(i'm gonna let that one pass.) just because there isn't a crystalline standard as to racist statements doesn't mean that anything goes. (even free speech has limits.) No, it doesn't. any offical .deb with that type of stupidity is a waste of bandwidth. So are you volunteering to be the Censor for all packages? To write up the Debian Political Correctness Guidelines, and set up an auditing procedure to ensure they are followed? After all, we don't want any of Goldstein's writings to make their way in. -- Share and Enjoy.
Re: inappropriate racist and other offensive material
On Thu, Mar 14, 2002 at 11:25:48PM +, p wrote: On Fri, Mar 15, 2002 at 09:49:56AM +1100, John Griffiths wrote: b.s.! making fun of someone else's skin color is patently wrong, and i don't care how you want to slice it or garnish it with red herring: No! bullshit to you free speech is free. // please. in my country, yelling, fire, in a crowded theater (that is not on fire) is _not_ protected by free speech. slander. etc. // Then you don't have free speech in your country. (And yes, I realize you're probably talking about the US, and no, we do not have freedom of speech in this country. Not any more.) -- Share and Enjoy.
Re: inappropriate racist and other offensive material
On Wed, Mar 13, 2002 at 10:04:14AM -0800, Lazarus Long wrote: On Wed, Mar 13, 2002 at 12:47:25AM -0700, Adam Conrad wrote: -Original Message- From: Lazarus Long [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 12, 2002 5:55 PM Yo family's so black, when they hold hands, it looks like a stretch limo. There's no excuse for racism in Debian. So, your take is that Debian should censor upstream so we can be more politically correct? If you don't appreciate the author's off-colour humour, then don't use his script(s). (PS: Yo mama so white, when she gets naked, yo daddy's retinas burn clean off) Again, there is no excuse for racism in Debian. Other packages have elided the inappropriate material in the past, as they should. An IRC client has no business being racist. Debian is a distribution that specifically caters to children; note the debian-junior project. As it stands, your package is inappropriate to be on the box my daughter uses. Any racism you perceive in either of those two statements is purely your own ignorance and knee-jerk political correctness. Main Entry: rac??ism Pronunciation: 'rA-si-zm also -shi- Function: noun Date: 1936 1 : a belief that race is the primary determinant of human traits and capacities and that racial differences produce an inherent superiority of a particular race 2 : racial prejudice or discrimination - rac??ist /-sist also -shist/ noun or adjective and: rac??ism Pronunciation Key (rszm) n. The belief that race accounts for differences in human character or ability and that a particular race is superior to others. Discrimination or prejudice based on race. Personally I find racism--as defined above--to be odious, ignorant and inefficient, but that does not mean that *eveything* that mentions the color of someone's skin is a racists statement. You need a thicker skin. -- Share and Enjoy.
Re: Debian install for beginners?
On Fri, Mar 08, 2002 at 08:42:43AM -0800, Karl E. Jorgensen wrote: On Fri, Mar 08, 2002 at 09:27:47PM +0530, Sridhar M.A. wrote: On Fri, Mar 08, 2002 at 02:57:58PM +, Karl E. Jorgensen wrote: - Mail client - sylpheed? (there was a discussion on debian-user about this recently. I need to read up on that) Why not mutt? I love mutt. But I don't think it will be suitable for somebody who wants to learn to use computers - especially unattended. I suspect that mutt will be too daunting. Nah. It's fine. -- Share and Enjoy.
Re: Help!!! undelete for ext3fs!!!
On Fri, Mar 01, 2002 at 06:28:30PM -0600, Cheryl Homiak wrote: Well, it really is too late now, as this was my root partition and I couldn't unmount it immediately even if I had known what to do. I had already looked at Midnight commander but your additions were helpful as I only saw the information about undeleting from the command line. The information wasn't life-or-death and I learned a lot in the process. As for backups, I'm really sorry but i can't figure out what a MO disk is. Unfortunately, the only facilities I have right now for doing backup of any kind is the old floppy, and I probably should have had this data on floppy. I'd love to have a backup system, and you'll get no argument from me against its importance, but the reality is that I don't have one right now. No, it isn't. For backups that prevent against accidental erasure of a file, do a man rcsintro if you are only worried about text files, and man cvs if you have to work with binary files. This incident also points out the wisdom in having your linux system mounted on several partitions so that in cases like this you can unmount the partition immediately. As for the trash can, it wouldn't do any good if your hard disk breaks but could be an asset in momentarily slips of the fingers (or the brain) such as I had. Disks don't go bad nearly as often as people have thinkos. -- Share and Enjoy.
Re: fork: Resource temporarily unavailable
On Sun, Mar 03, 2002 at 04:31:54PM -0600, Pete Harlan wrote: I leave gnomeicu running all the time and my process table get filled with defunct gnomeicu processes. I have to stop/restart gnomeicu to get rid of them. I've had this fork: ... message happen when I had only around 300 processes running. /proc/sys/kernel/threads-max is the only relevant knob I've found, and it is set at 4095. Similarly, we could be out of file descriptors, but /proc/sys/fs/file-max (which presumably caps the number of open files?) is set at 8192; I'm sure the 300 processes didn't each have 25+ files open. Does anyone know how to increase the number of allowed processes? Do a ulimit -Su. Then read and exit /etc/security/limits.conf -- Share and Enjoy.
Re: Apache on Debian - high loads?
On Mon, Mar 04, 2002 at 10:49:36AM +0200, George Karaolides wrote: Hi all, Does anyone have experience of running Apache on Debian successfully with high loads? Define High. I've been asked about the possibility of running a webserver with up to five thousand concurrent users. I would, of course, prefer to do it with Apache on Debian. Would Debian be up to the task? Any pointers on what I have to look out for? HTTP is a stateless protocall, and as such doesn't *really* have the concept of concurrent users as such. It has concurrent connections, but as it's stateless, those connections may or may not map to a given user. You're not likely to see 5000 users connecting all at once. Ok, we've got that bit out of the way, on to the next bit. There's not going to be a significant difference in preformance--all things being equal--between a Debian/Redhat/Slackware/Fooblatz distribution, as they are using the same software (more or less) underneath (yes, you may see a 3-5% difference on specific hardware because of compiler optimizations etc.) and because if you're looking at massively loaded systems, you're going to customize bits of the software anyway (if your looking at that many users, you're either doing something domain-specific, which equals custom code, or you're serving porn). To answer your question in a very short way, yes, debian+apache will handle it. The question is how. Will one machine handle it? Well, that depends on a lot of other factors: 1) Static content vs. dynamic content. a) If dynamic, is the web server the front end to a multi-tiered system, or is everything running on one box. 2) The machine: There is a significant performance delta between a 1CPU PIII500 with 10 Gig ATA33 IDE drive, a 10bT card, 128 meg of ram running a competely stock kitchen sync install, and a dual CPU PIII 1.2 Ghz with 4 100bT ports, 2 gig of ram, a 1Terabyte FCAL RAID with a carefully tuned install--this delta could be three orders of magnitude difference in real term. Then we get into clustering--If you're going to be serving that much traffic, it makes sense for lots of reasons not to have a box, but rather serveral boxes to distribute the load across (this also lets you handle hardware outages gracefully etc). This is not a simple question and the answers are even more difficult. -- Share and Enjoy.
Re: Enough time wasted, moving on
On Fri, Mar 01, 2002 at 11:48:18PM -0800, Harry Putnam wrote: You can keep right on with the `hard guy' routine, but I think its only fair to warn you that my whole body is a weapon. Hands registered on 3 continents. The last guy that called me a juvenile banterer is pushing up daisies on a vacant lot in Chicago. :-) Crap. There are no vacant lots in Chicago with daisies in them. -- Share and Enjoy.
Re: fork: Resource temporarily unavailable
On Mon, Mar 04, 2002 at 12:08:54PM -0800, Angus D Madden wrote: Karsten M. Self, Mon, Mar 04, 2002 at 11:28:18AM -0800: For a fork, I'd suspect you're out of user processes, though checking other resource limits (generally memory and filehandles) is adviseable. There are hard-compiled limits of 256 user, and 512 system, processes, in the 2.2.x kernels. These limits are raised in the 2.4 kernels, though I don't know the values offhand. IIRC, the 2.4 limits can be configured at runtime. I think it's in /etc/security/limits.conf. Yes, I think I just posted about this last week. In the 2.4 kernels, the hard limit is unlimited, the soft limit (for threads) is 256. You can change the defaults with a fair degree of granularity in limits.conf The value can be raised, but you have to edit sources to do so at least through 2.2.x -- there is _no_ configuration option for this value. NR_TASKS in include/linux/tasks.h I ran into similar issues with exim, procmail, and spam-filtering software a few weeks ago. I tuned my mail configuration to keep from launching a large number of exim processes and the problem went away. Multi-threaded applications are particularly prone to this issue. I use ulimit to do this in init.d startup scripts. Works pretty good. g -- Brought to you by Debian 3.0 Linux took 2.4.16 #1 SMP Sat Jan 5 12:52:24 EST 2002 i686 unknown -- Share and Enjoy.
Re: Another update on The Kernel that Wouldn't Boot
On Thu, Feb 28, 2002 at 10:14:01PM -0600, Timothy R. Butler wrote: Hi, I believe--and I'm sure others will correct me on this if I'm wrong, that there is a file /boot/config-kernel-version that you Great! Thank-you. Now my kernel actually boots. :-) I do have one other weird problem though. My new kernel has a lot of modules (especial input modules such as hid, usb-uhci, etc.) that have unresolved symbols (normally they do not). Any idea what might cause this? Not off the top of my head. -- Share and Enjoy.
Re: question about Acrobat
On Fri, Mar 01, 2002 at 01:00:40AM -0800, Karsten M. Self wrote: Little reason to support Adobe's mindshare. Well, which other consumer software vendors have ported their one of their applications to Linux, and continued to support it even when not making a dime? Word perfect got ported--then dropped. Netscape--well... We've got AOLs AIM client, great friends to the Freedom Of Information movement they are. What Adobe did to Dimitri is well and truely fucked--there's no other word for it, but Acrobat Reader has been avaliable for Linux for a *long* time, Adobe got it before many other companies where Linux was concerned. They dumped a bunch of resources into porting Framemaker, but decided that it wasn't a viable product (probably because they realized that there was little commercial demand for it). It's a tough call, pissing on them publically would only have the effect of making them drop Acrobat, which still renders better than XPDF for many of the files I've looked at, and has a better user interface. While not doing anything is a little distasteful as well. Personally, I'll stick to using Acrobat under linux and moving to Freehand etc. on my Mac. -- Share and Enjoy.
Re: Setting Ulimits by default.
On Mon, Feb 25, 2002 at 04:57:34PM -0600, Debian User wrote: My questions are: 1) Is this limit established by the kernel, or the shell. The limit is definitly extablished by the kernel The operating system controls and schedules the processes 2) Given the answer to 1), what is the best way to re-set it to 1024 reliably--meaning that I need to do this currently to 10 machines, then over the next couple months roll this out across 80 or 90 machines. I've never actually had to do this so I'll point to where I believe you can do this Have a look at /etc/security/limits.conf I think * soft nproc 1024 will do what you need I hope this helps Yes, I found this about an hour after sending the email. This is exactly the file that needs changing. Now I can get 900 apache's running at once... -- Share and Enjoy.
Re: Local packages
On Thu, Feb 28, 2002 at 03:19:15PM +0300, Sergey Lapin wrote: Hello, all!!! I have big collection of self-made packages, which I would like to distribute through my network via usual apt-get methods while allowing them to update from Debian sites. Connection is only by http, so I have to install http server somewhere. Could you tell me, how I could produce file tree as automajically as I can, and to simplify adding packajes to the tree in future? System is 'stable'. Here's what I did to solve the same problem. added a line like: deb ftp://package-server/misc-packages packages aw to /etc/apt/sources.list on all the machines. Then I created a directory structure like: -mirrors |_misc-packages |_apt-ftparchive.conf(file) |_override (dir) | |_override(file) |_dists (dir) |_packages(dir) |_aw (dir) |_binary-i386(dir) |_host (dir) |_kernel (dir) |_etc. (dir) Then I found a apt-ftparchive.conf file, and modified it for my machine: // $Id: apt.conf,v 1.43 1999/12/06 02:19:38 jgg Exp $ /* This file is a sample configuration file with a few harmless sample options. */ Dir { //Standard directories needed to locate files during generation //process ArchiveDir /export/mirror/misc-packages/packages/aw/; OverrideDir /export/mirror/misc-packages/override/; CacheDir /export/mirror/db-cache/misc-packages/; }; Default { Packages::Compress . gzip; FileMode 0664; } Tree dists/packages { Sections aw; Architectures i386; BinOverrride override; } Then I created the overrides file: hostrequiredbase mysql-3.23.43-pc-linux-gnu optionalmisc syncup recommended base php4-cgioptionalweb php4-curl optionalweb php4-devoptionalweb php4-domxml optionalweb php4-gd optionalweb php4-imap optionalweb php4-ldap optionalweb php4-mcal optionalweb php4-mcrypt optionalweb php4-mhash optionalweb php4-mysql optionalweb php4-pear optionalweb php4-sablot optionalweb php4-snmp optionalweb php4-sybase optionalweb Then I wrote this script: #!/bin/sh #This is the directory where we will store customized and non-distribution #packages: MISC_DIR='/export/mirror/misc-packages/' override='/export/mirror/misc-packages/override/override' basedir='dists/packages/aw/binary-i386' cd $MISC_DIR; apt-ftparchive packages ./$basedir $override 'packages/aw/binary-i386' \ ./$basedir/Packages gzip -c ./$basedir/Packages ./$basedir/Packages.gz So then when I compile a new package (usually a new kernel) I stick it in some_path/mirror/misc-packages/dists/packages/aw/binary-i386/kernel and run that script (called make_packages_list.sh) and it creates the Packages and Packages.gz files in binary-i386. -- Share and Enjoy.
Re: Another update on The Kernel that Wouldn't Boot
On Thu, Feb 28, 2002 at 01:46:17PM -0600, Timothy R. Butler wrote: Hiya, I tried to cook up another kernel, this time without 686 optimizations, and unfortunately it _still_ won't boot. Is there some way I can use the Debian default configuration rather than my custom kernel configuration, and just modify that config to my needs? It seems that the original source code defaults to the kernel.org configuration rather than the Kernel config that is used in stock Debian kernels. It'd be great if I could just go with the debian settings on my optimized kernel - I bet that would clear up the problem. I believe--and I'm sure others will correct me on this if I'm wrong, that there is a file /boot/config-kernel-version that you can copy into your linux source code tree as .config, then run a make menu-config to make any modifications necessary. Then make dep; make etc. -- Share and Enjoy.
Re: Enough time wasted, moving on
On Thu, Feb 28, 2002 at 12:28:52PM -0800, Harris, Jason wrote: I've scores of Debian boxes that are used for revenue generating ventures. Downtime is not an option for me nor for who I answer to. I thought it was basically understood in the IT world (whatever os or software you use) that you would never *ever* use something called testing for production use. What? shhh... Don't tell my boss that. We're using a snapshot of Debian Unstable from last June in production--at least until the stuff we need is in Stable (i.e. when woody goes stable *maybe*). Even though I have heard 1000's of Debian woody users say its great and stable, 1000s is a small part of the Debian community, including coders, packagers users. I'm not going to say it's great, but after some patching it's working. -- Share and Enjoy.
Re: Which mail suite
On Wed, Feb 27, 2002 at 05:52:50AM -0800, Alex Malinovich wrote: On Wed, 2002-02-27 at 07:39, Stefan Bellon wrote: I'd like to set up my Debian box to fetch mail from my ISP with POP3S. Then, the fetched mails should be made available to a local IMAP server so that I can read them from all machines in my local network. I'm using unstable and I'd like to know which packages are best suited for this task. And one further question: If I want to be able to see log copies of outgoing mail sent from computer A when working with computer B, does this work with IMAP as well? I.e. can I put log copies into the IMAP server as well? Or what route should I take there? Sounds like you want my system. :) Use fetchmail to get POP3 mail and dump it into your IMAP inbox. I use imapd for the actual IMAP server. Any IMAP server should work though. After you're done with this, make an IMAP folder (I call mine Sent) and set up your mail client(s) to put copies of sent messages into that folder rather than a local one. With the exception of an address book, no matter where you access your mail from, it'll be exactly the same as using it from your home machine. Quite handy. Now if only I could figure out a way to make my address book accessible from anywhere... httpd. -- Share and Enjoy.
Turning on kernel debugging.
Other than compiling in debugging support: # # Kernel hacking # CONFIG_DEBUG_KERNEL=y CONFIG_DEBUG_HIGHMEM=y CONFIG_DEBUG_SLAB=y # CONFIG_DEBUG_IOVIRT is not set CONFIG_MAGIC_SYSRQ=y # CONFIG_DEBUG_SPINLOCK is not set CONFIG_DEBUG_BUGVERBOSE=y What do I need to do to make sure that oopes such are (if possible) logged in the most verbose (information rich) way possible? We're trying to track down a minor little bug in the kernel that keeps crashing our DBs. -- Share and Enjoy.
Re: hardware quote comments?
I'm a little behind here due to an old procmail recipe I had forgotten about, but I wanted to reiterate and expand on something Mr. Wehland writes about: On Mon, Feb 25, 2002 at 08:26:15PM -0600, Matt Wehland wrote: At 11:29 AM 2/25/02 -0800, you wrote: Save some money and buy the biggest/best monitor you can afford. People 98% agreement with this statement, the only quibble I have is that *better* is more important than *bigger*. Unless you are doing fairly high end graphic design and layout, a 19 monitor is about all your eye can really deal with--this is from a couple years doing technical support for the graphic designers at a medium sized...mens entertainment magazine, and just a lot of years working as a graphic designer. I've used, and continue to use everything from crappy 12 monitors (for very specific uses) to 15s, 17s, Dual 19's (xinerama is your buddy) at work and 21's. Bigger, past a certain point is not better. In fact, for the way most people work 2 17s will give them more usable space than a 21--and be about the same cost. never listen to me and like to drool over performance numbers of CPU's and HD's, but in reality most systems probably aren't even utilized 2%-10% of the time, the rest is just sitting idle while I type or read or something. On the other hand you spend every second with the computer looking at your monitor. Also get your self a good chair. I'd rather have to wait for my computer for a couple of seconds but be comfortable the rest of the day. Yup. And a good comfortable keyboard. And mouse. Ergonomics. Ergonomics. Ergonomics. This goes to things like how loud are the fans (high levels of noise are a major source of stress), the relationship between your typing height and your chair, and the height of your monitor (which is why most laptops suck so badly--they put your neck at a bad angle, the keyboards are marginal at best etc.). -- Share and Enjoy.
Setting Ulimits by default.
We're having a bit of a problem with our debian machines on heavily loaded servers relating to the number of threads or processes that can be spawned. Currently the default is set at 256 processes (soft) and unlimited hard. I need to set the default to 1024. We are currently running a 2.4.17 variant of the kernel, and the rest of the OS is a snapshot of debian-unstable. My questions are: 1) Is this limit established by the kernel, or the shell. 2) Given the answer to 1), what is the best way to re-set it to 1024 reliably--meaning that I need to do this currently to 10 machines, then over the next couple months roll this out across 80 or 90 machines. The stuff I've seen -- Share and Enjoy.
Re: hardware quote comments?
On Mon, Feb 25, 2002 at 01:58:59PM -0800, Noah Meyerhans wrote: On Mon, Feb 25, 2002 at 12:21:33PM -0700, Jason Majors wrote: Also, I'd recommend a 40GB or so IBM ATAPI hard drive instead of the SCSI option. It'll cost you less and provide about the same access speed. Maybe even faster access, if you get a 60 or 80 GB drive. Just make sure it's a 7200RPM drive. No way! Those drives are very much worth the money. How can you compare a 7200 RPM IDE disk to a 10k RPM SCSI disk? IDE is cheap for a reason. It's junk. Don't put junk in such a nice machine! There are several reasons that IDE is cheaper that SCSI: (1) Buffer sizes--I haven't seen any IDE drives have 2 MB or less, while comparable SCSI drives have 4 MB (2) Seek times--usually twice as high on IDE. (3) Rotational speed--usually higer on the more expensive drives. (4) Warranty period--IDE drives usually have a 1 year warranty, while SCSI tends to be 3 years. Now, look at the cost deltas. For what it costs to get a SCSI drive, I can usually get 2 larger IDE drives. With software mirroring, I can get at least as good a read performance, with write performance suffering only a little (if at all). And I've got a mirror for when I loose one. It's not about which technology is better--SCSI is clearly a better technology (we'll see what serial ATA brings), it's about which is more cost effective. I have several systems in my colo which have 300-500 GiB of storage in them, some of which (the 300 GiB systems) would have been inordinately expensive to do with SCSI (4 73 GiB scsi drives==Lotsabucks), and the larger (490GiB) systems would have been all but impossible--these are 5 drive 2u rack systems. I wish SCSI were 1/2 the price, then it would be easier to justify, but with the current price points, it's often cheaper to build 2 complete systems off of IDE than 2 out of SCSI. -- Share and Enjoy.
Re: hardware quote comments?
On Mon, Feb 25, 2002 at 03:11:43PM -0800, Alvin Oga wrote: hi ya comparing ide vs scsi. an age old problem... ?? i sayin my opinion.. you cannot compare an 5400rpm ata-133 ide against a 15krpm scsi-3 u160.. ( well at least definitly not a 5400 rpm 10GB against a 15K rpm 80GB scsi3) Sure you can, but you cannot extrapolate that one comparison to all SCSI/IDE comparisons. - if you do compare ... use tiobench or bonnie... for real life performance differences with real data ?? Which even then may not be an accurate representation of the real live usage. - not raw basic numbers comparson of feature/characteristics - raw rpm speed by itself doesnt matter ... - 7200rpm ide disks runs hotter than 5400 rpm ide disks :-) Oh yeah they do, but fans are cheap, and (for my application) noise is irrelevant. If the machines are running too hot, I yell at facilities to pump more cold air into the cage. - ata-33 ( 33MB/sec) vs scsi-3 (20MB/sec ) comparason doesnt matter ?? - its comparing different numbers ... ( but actual data transfer of the same test program is a It also matters what kinds of transfers you are doing. Streaming a 2 GB media file into memory (for editing) or out onto the network is a lot different that making 2GB of changes to a 130GB database. - if one disk is spinning at 5400 rpm... and the other is spinning at 15k rpm ... guess which one will seek faster on the same cylinder ?? All else being equal, the faster. Of course, if you're comparing a 120GB 5400 RPM IDE against a 9GB 15K RPM SCSI drive, your *real life* seek times might be faster on the bigger drive (head latency, seek distances etc.). - transfer speeds are comparable ??? In the real world? Probably. YAMV. -- btw IBM 40GB and 60GB are pure junk !!! all the disks that failed are IBM drives... We've been killing the 75GB Deskstars like flies in a bug zapper. 10 coming in off RMA this week, 10 more next week etc... -- hott scsi disks are also sitting on my desk... higher death rates of scsi disks vs ide disks as a ratio of number of numbers in use... I've had the opposite experience recently. (25% failure rate after a month on Maxtor 120G (sample size 4), 40-50% failure rate on the Deskstars after about 6 months use (although not until they were put into production on DB machines, none had failed previously). About 5% or less failure rate on the 9G IBM and Quantum drives that have been in production for 18 months to 2 years (sample size roughly 200). None of the 34G IBM SCSIs (sample size 20) have failed yet. -- Share and Enjoy.
Re: hardware quote comments?
On Mon, Feb 25, 2002 at 05:14:29PM -0800, Alvin Oga wrote: hi ya petro good you;ve got feedback.. - raw rpm speed by itself doesnt matter ... - 7200rpm ide disks runs hotter than 5400 rpm ide disks :-) Oh yeah they do, but fans are cheap, and (for my application) noise is irrelevant. If the machines are running too hot, I yell at facilities to pump more cold air into the cage. hey.. thats cheating :-) No, it's getting my job done. When you've got 5 racks of 2CPU 2u boxes racked to the point where the bottom of one effectively acts as the top of the one below it (100 machines in 5 racks, you do the math), you need lots of fans, and you need lots of cool. There is a 15 degree tempature difference between the front of our cage and the back. (oh, and I've got 10 racks, some of them aren't quite that dense tho'.). - ata-33 ( 33MB/sec) vs scsi-3 (20MB/sec ) comparason doesnt matter ?? - its comparing different numbers ... ( but actual data transfer of the same test program is a It also matters what kinds of transfers you are doing. Streaming a 2 GB media file into memory (for editing) or out onto the network is a lot different that making 2GB of changes to a 130GB database. yuppers.. streaming servers is way different than db servers See petro install test hardware configuration. See configuration put into production. See io subsystem fall over and die. Die subsystem, Die. - transfer speeds are comparable ??? In the real world? Probably. YAMV. yup...and the benchmarks can be tailored to suit ones needs As above, our benchmark is to throw the freaking thing into production and watch it die. There just isn't a better test of man or machine than live fire. have been in production for 18 months to 2 years (sample size roughly 200). None of the 34G IBM SCSIs (sample size 20) have failed yet. ouch 40GB IBMers ( deskstar series ) has about a 2% failure rate for us we donno why people still keep insisting IBM ide disks... :-) I forgot to mention another set--limited sample (10 disks) but the IBM 20GB deskstars work fine. We put a rather strenuous load on them (4 drives in a sw stripe) and they are running fine. The load blew up the 3ware controller every day or two, it was taking out the 75gig GXPs like no body's business, but now the 20 gig drives are humming along attached to the ata33 controllers on the MB, and a 39 dollar ATA100 card. thats across several hundred of um 60/80GB deskstars seems lots better... - seagates, maxtors, quantums, fujitsu... would be better IDE choices?? - no failures on them... so far... also over a 2 year sample period Several years ago I had really bad luck with Fugitsu, 200% failure rate in 6 hours. Bought a drive, plugged it in. Ran for 2 hours then blew up. Took it back to the store, brought replacement home. DOA. The third drive sounded like crap and ran for about 6 months before giving up. not many people buying them 120GB/160GB disks 6 or 8 at a time in a 1U server... Well, if I could figure out how to get 5 drives in a 1u box, with a good power supply and motherboard, I would. Anything that let's us shrink a monthly recurring cost (figure roughly 750 to 1k per rack per month) shrinking from 10 racks to 5 would save us (using ball park figures, I don't know the details of the finances) 4k a month. For a small startup, that can be the difference between red and black ink. Which is really what the debate about IDE v.s. SCSI comes back to. Yes, SCSI drives are almost certainly better in terms of build quality and speed than IDE disks, but what is the price/performance ratio? Just about everything comes down to economics, and when your talking about business, the just about goes away. -- its fun to ship P3-1.0G without cpu fan we take them puppies off of the heatsink... and it runs cooler with just our itty-bitty side fans - guess blowing air straight down has no benefits??? It should, but those CPU fans are designed for any case, but if you've got external air blowing straight across the processor, that's going to work better. -- Share and Enjoy.
Re: Default DHCP client
On Sun, Nov 25, 2001 at 01:50:56AM -0800, Karsten M. Self wrote: on Sat, Nov 24, 2001 at 02:14:11PM -0500, Mike Kuhar ([EMAIL PROTECTED]) wrote: What is Debian's default DHCP client, pump, dhcp-client or dhcpcd? AFAIK, pump. Though you can install others via apt as you wish, or from other sources if you really want. Depending on your needs pump may be broken. The version that shipped with Redhat didn't like dealing with 2 interfaces. Of course, that's not a normal setup (doing dhcp on eth0 and 1), so you may be ok. -- Share and Enjoy.
Re: Misc topics (was Re: ISP asking about switching to Debian from Op enBSD)
On Fri, Nov 23, 2001 at 06:51:16PM -0800, Karsten M. Self wrote: on Fri, Nov 23, 2001 at 04:59:12PM -0800, Petro ([EMAIL PROTECTED]) wrote: On Thu, Nov 22, 2001 at 09:40:37PM -0800, Karsten M. Self wrote: on Thu, Nov 22, 2001 at 02:12:17AM -0800, Petro ([EMAIL PROTECTED]) wrote: On Wed, Nov 21, 2001 at 11:04:32PM -0800, Karsten M. Self wrote: ... Oh, and walking through that flicker? That was your power supply, Actually, I checked -- it's a power strip, not a surge protector. I think it's the heavy electrons, they take longer to slow down ;-) No, not the strip, THE SUPPLY, you know that little tin box in the back of your machine that the long black cable sticks into? The one that leads from the powerstrip to the the machine? Most modern powersupplies can handle flickers fairly well. (and yes, that was a little more smartass than needed. I know from another list that Karsten isn't an idiot). Heh. I'm a smartass though, when I can get away with it. I'd meant to clarify that the box wasn't on a surge protector. And I'm a bit surprised at the ability to handle current flux. Well, go live in a 50 year old apartment building in Chicago. You'll be truely amazed. Modern power supplies are pretty good. 4. Application of fix. Software patch is widely applied. Number 4 is wishful thinking. It's a numbers game. Debian makes accomplishing # 4 far easier than any other system I'm familiar with. The problem is the space between 3 and 4. Mr. Schneier left out a step: 3.5 Broadcasting of fix availablility. Which again Debian speaks to with the apt process. *If* you're updating your systems regularly, you're being informed of the updates (or your system is), and they're being updated. This works really well when you have a small number of systems, or a large number of systems with a dedicated/semi-dedicated security guy. When you've got half a buttload of production servers and too few admins to do a decent job, it's tough, and it's not something I'd want to script out of my life either. I hope I wasn't taken to be attacking either Debian/Linux or oBSD. Both are good systems and both have their place. Agreed, and no, it's not taken as an attack. I use oBSD. I somewhat like it. I'm not besotted by it. Well, as I mentioned, I replaced one of my oBSD boxes with a webramp 700s. (rebadged SonicWall. Good enough for home). OpenMail's one of HP's worse failings. The company really ought to pick up the product and run with it, free software if at all possible, and put the squeeze on MSFT. The current best bet is the OpenOffice team. They seem to be working with the PHPGroupware guys, which is a decent enough project that just isn't good enough yet, and with the 90/10 rule, I don't know if it will be. I've sort of tracked this stuff, but not closely. Evolution's doing some interesting things, and I'd prefer a modularized, single-app approach to the monolithic design of OpenOffice. There's also a largely The Calendaring/Mail/Groupware stuff is completely seperate from the rest of OO. OO/SO 6 isn't that bad. A little on the slow side starting up, and some annoying little bugs, but far better than anything else out there at the price. moribund OpenFlock project which is aimed at implementing the IETF calendaring standards. There's just not many interesting problems in the calendaring arena, it's almost all UI and druge work. -- Share and Enjoy.
Re: ISP asking about switching to Debian from OpenBSD
On Thu, Nov 22, 2001 at 09:40:37PM -0800, Karsten M. Self wrote: on Thu, Nov 22, 2001 at 02:12:17AM -0800, Petro ([EMAIL PROTECTED]) wrote: On Wed, Nov 21, 2001 at 11:04:32PM -0800, Karsten M. Self wrote: on Tue, Nov 20, 2001 at 01:38:11PM -0800, Mark Ferlatte ([EMAIL PROTECTED]) wrote: My own experience running GNU/Linux and OpenBSD (2.7) side-by-side is that I get the odd freeze and restart on oBSD, but not GNU/Linux (unless it's something I've done myself, usually involving crashing X). Typical uptimes on both systems run months. UPS on the GNU/Linux box, I've watched the oBSD walk straight through power flux that flickers the lights, with nothing more than a surge protector. Not to slam oBSD, as it's really good at what it aims to be, but it's a niche product aimed at a specific target, and it's really good at that. Heavy Lifting isn't that target. Depends on the heavy lifting involved. For a wide range of public-facing network services, it's perfectly acceptable. Heavy lifting is of course a relative thing, but the site I help run pushes an average of 40Mbits a second. Of course, this is an average over the whole site, but we've only got about 25-40 machines facing the public. That's what I think of when I think of heavy lifting. Oh, and walking through that flicker? That was your power supply, Actually, I checked -- it's a power strip, not a surge protector. I think it's the heavy electrons, they take longer to slow down ;-) No, not the strip, THE SUPPLY, you know that little tin box in the back of your machine that the long black cable sticks into? The one that leads from the powerstrip to the the machine? Most modern powersupplies can handle flickers fairly well. (and yes, that was a little more smartass than needed. I know from another list that Karsten isn't an idiot). Red Hat's gee, we could use another three levels of indirection, let's put them in crap, and makes starting, stopping, and restarting services completely straightforward. Uh, not to be an argumentative drunk, but what about /etc/alternatives? I don't think that's terribly complex. It's not much more than is already done in /lib and /usr/lib to point to the proper libraries. Symlinks. No, but it's a little hard to follow the first time. Were you refering to Redhat's habit of writing init-scripts that are somewhat arcane and source other scripts for functions? My contact with RH boxen is pretty limited these days, but I know there's a bunch of cruft under /etc/sysconfig for networking that's sourced in multiple places. I've had headaches trying to work out what goes where with RH's MySQL startup scripts. I find that the /etc/init.d (or /etc/rc.d/init.d) script frequently invokes at least one level, and sometimes two or more, of other scripts. Tracing execution through this path is tortured. Debian does far better at localizing everything to the /etc/init.d script itself, or, where it doesn't, to localizing the additional cruft to a minimal number of locations (/etc/network/interfaces). Ah. yes, you are refering to that. In some places that's refered to as code reuse and greatly recommended. And yeah, it's driven me bugfuck more than once. oBSD is pretty clear that it's a full *system*, not merely an assembly of packages as is the case for many GNU/Linux distros (Debian included). However, the collection of packages approach means that Debian can offer many things to many people. oBSD is pretty much secure Unix clone, primary network services orientation. Not a bad thing. But limited choice. Every network, every sub-net, every cluster has different requirements. Debian/Linux offers a much wider variety than BSD. Not that this is always a good thing, but it allows you to customize for your own needs. Agreed. Bruce Schneier identifies four periods of concern for security issues: 1. Introduction of vulnerability. It exists, but is unknown. 2. Awareness. It is known, but not necessarially patched. 3. Introduction of fix. A software patch is available. 4. Application of fix. Software patch is widely applied. Number 4 is wishful thinking. It's a numbers game. Debian makes accomplishing # 4 far easier than any other system I'm familiar with. The problem is the space between 3 and 4. Mr. Schneier left out a step: 3.5 Broadcasting of fix availablility. What oBSD does is try to minimize factor 1. What Debian does is address 3 4. They're somewhat orthogonal approaches (Debian also addresses 1 a bit), but both have significant impacts on the security of *your* system. I find the Debian approach to be more compelling
Re: ISP asking about switching to Debian from OpenBSD
On Wed, Nov 21, 2001 at 11:04:32PM -0800, Karsten M. Self wrote: on Tue, Nov 20, 2001 at 01:38:11PM -0800, Mark Ferlatte ([EMAIL PROTECTED]) wrote: On Tue, Nov 20, 2001 at 01:28:36PM -0600, David Batey wrote: STABILITY: is Debian a good choice for heavy lifting? There are some legit concerns regarding the Linux kernel as opposed to the *BSD kernels as far as heavy lifting goes, but if you're considering Debian, then you probably feel that those concerns are addressed to your satisfaction. As far as distributions go, Debian's packaging quality is very high, and if you go with stable that's exactly what you get: serious stability. My own experience running GNU/Linux and OpenBSD (2.7) side-by-side is that I get the odd freeze and restart on oBSD, but not GNU/Linux (unless it's something I've done myself, usually involving crashing X). Typical uptimes on both systems run months. UPS on the GNU/Linux box, I've watched the oBSD walk straight through power flux that flickers the lights, with nothing more than a surge protector. Not to slam oBSD, as it's really good at what it aims to be, but it's a niche product aimed at a specific target, and it's really good at that. Heavy Lifting isn't that target. Oh, and walking through that flicker? That was your power supply, not the OS. If the CPU doesn't get enough juice, it doesn't get enough juice and all the clever, proper code in the world won't help. I know about apt-get for easy installation of bug/security patches; does the ease-of-install ever compromise security or functionality? Not in my experience. I'll hit this point more specifically. I'm going to swap out my OpenBSD system for a very light stable Debian install. I replaced mine with a webramp 700. Mostly to get rid of the noise (fans and disk drives). But all it was doing was firewalling and DNS. The DNS got moved to a MacOS X box (no, I'm not an open source zealot) and my wife sleeps better. OpenBSD offers a very tight, very secure, by default, system. What you lose in the process are: - Flexibility of configuration and modification. I like SysV init. Theo rants how it sucks and is more complex. The Debian implementation is damned good for GNU/Linux, is worlds better than Red Hat's gee, we could use another three levels of indirection, let's put them in crap, and makes starting, stopping, and restarting services completely straightforward. Uh, not to be an argumentative drunk, but what about /etc/alternatives? While I have *lots* of problems with RedHat, their init stuff isn't all that bad. - Choice. You can choose the software you want to install. Much of it is packaged for Debian. That which isn't you can install from RPM (via alien) or compile from sources (use equivs to satisfy deps). You can run the oBSD mods if they'll build, though there may be compiler tweaks they've effected, I haven't dug into the system that deeply. The *BSDs offer ports (and from what I've heard, they're cool), but this puts you outside the envelope of security audits provided by the oBSD core. apt-get source puts you near the equivalent functionality of ports. Having used the ports system, and the .deb package system, I like the .deb system much better for large installations. I no longer put a compiler on each machine, I have an internal debian mirror with a tracking section (tracking unstable and such) a snap-shotted section (basically a snapshot of unstable at a certain point in time) and a misc-packages section. When I want a new package (for instance the upgraded lvm stuff) I moved it from the tracking directory to the misc-packages directory, and the next time I run dselect on a machine, it gets installed--if I want. Any custom software gets .debianized and shoved in there. It's nifty, and works much better than having to make; make install on 100 machines. oBSD is pretty clear that it's a full *system*, not merely an assembly of packages as is the case for many GNU/Linux distros (Debian included). However, the collection of packages approach means that Debian can offer many things to many people. oBSD is pretty much secure Unix clone, primary network services orientation. Not a bad thing. But limited choice. Every network, every sub-net, every cluster has different requirements. Debian/Linux offers a much wider variety than BSD. Not that this is always a good thing, but it allows you to customize for your own needs. Bruce Schneier identifies four periods of concern for security issues: 1. Introduction of vulnerability. It exists, but is unknown. 2. Awareness. It is known, but not necessarially patched. 3. Introduction of fix. A software
Re: managing multiple machines
On Mon, Nov 19, 2001 at 01:17:29PM -0800, David Wright wrote: I manage a cluster used for computational neuroscience at a University. The number of machines is starting to get to a point where it is difficult to maintain software synchronization across machines. Any tips? www.systemimager.org Also take a look at cfengine. I've never used the latter. I have considered sharing /usr via NFS as well, but since configurations are stored in /etc, I'd have to share /etc too. But that won't work, since machine-specific information like an IP address and name is stored in /etc. (Whatever happened to the very intelligent policy of configuring programs in /bin in /etc, configuring programs in /usr/bin in /usr/etc, and configuring programs in /usr/local/bin in /usr/local/etc?!) That's the nice thing about standards, there are so many to choose from. -- Share and Enjoy.
Re: managing multiple machines
On Mon, Nov 19, 2001 at 02:38:56PM -0800, Robert Waldner wrote: On Mon, 19 Nov 2001 16:35:21 CST, hanasaki writes: Is there some way to have: - Machine is assigned a DHCP random IP - Use the MAC to map to a hostname and then push the assigned IP into Bind with the hostname? uargh, you're thinking of something like MSs Active DNS (or whatever it's called ATM)? Is this what they do... Um. I can understand wanting Dynamic DNS on the internet (well, sort of. No, I can't. If you want a static IP, insist your provider provide you with one, or use a different provider. Yes, it's more expensive. Life ain't free (as in beer).) but within a defined network where all of the nodes are known, this is... Sick. Very sick. Why would you want to do it when you've got sane alternatives? Why would you want to do that even if you didn't have sane alternatives? That way lies much chaos and confusion. Oh. Job security. I guess chaos and confusion are job security for some types. Fortunately I have developers to provide me all the chaos and confusion I need. -- The PROPER way to handle HTML postings is to cancel the article, -- then hire a hitman to kill the poster, his wife and kids, and fuck -- his dog and smash his computer into little bits. Anything more is -- just extremism. - Paul Tomblin -- Share and Enjoy.
Re: interfaces and ip addressing
On Mon, Nov 19, 2001 at 03:37:43PM -0800, Tom Goulet wrote: Can I also untar linux-2.2.19.kernel.source.tar.gz under /usr/src and do the same stuff I've been doing for a long time? make menuconfig dep clean modules modules-install bzImage. Should I also copy the compiled kernel to /boot and edit lilo.conf then run lilo? That works for me. Man make-kpkg. It rocks. Where can I find rc.local? What is the similar redhat init scripts /etc/rc.d/init.d in debian? Debian has no exact equivalent to rc.local. You can use put a script into /etc/rc.boot/ to have that run, though. The equivelent of /etc/rc.d/init.d in redhat 6 is /etc/init.d in Debian/Redhat 7. -- Share and Enjoy.
Re: managing multiple machines
On Mon, Nov 19, 2001 at 03:49:05PM -0800, nate wrote: hanasaki said: Is there some way to have: - Machine is assigned a DHCP random IP - Use the MAC to map to a hostname and then push the assigned IP into Bind with the hostname? i don't know how you'd use the MAC to map to a hostname. you can use it to map to an ip ..but how would you determine the hostname ? With a table. Look at dhcpd.conf, it does the same thing. You put the MAC, and the name of the machine (you can put the IP number, but we've always used the name). Then the machine makes a DNS lookup for that name and gets it's IP number. i personally like static ips. they work best for unix/linux. i have my isp assign me 8 ips. and at the office i have 2 routed /27 subnets 1 for each of my 2 t1s. You can use DHCP to assign static IPs, we did this for, at our peak, about 200 linux servers. It's nifty because you can make your start-up scripts que off of name for clustering, and dynamically re-assign hosts to clusters by simply changing the dhcpd.conf file and rebooting. -- Share and Enjoy.
Question about dselect:
I have a little...issue with dselect. I'm trying to set up a base configuration for a fleet of servers, and I want certain software, and *only* certain software on them. At least one of these pieces of software is a perl modules that wants to have libc6-dev, which is fine as far as that goes, but it seems that libc6-dev recommends that I install gcc, and it's rather most insistent that I install it, even if I tell dselect _ (purge) and shift-q (Do what I tell you numbskull). Is there a way to tell dselect ONCE AND FOR ALL that I have no wish to install gcc on this machine? -- Share and Enjoy.
Re: Linux LDAP problem
On Tue, Aug 28, 2001 at 09:23:47AM -0400, Sunny Dubey wrote: Hey, I've got a slight problem, at school we run two major networks, one half is Novell Netware based, and the other half is unix based. We basically one centralized system of authentication, so that user don't have to remember two different passwords to use either system. We been trying to get linux to use ldap to authenticate with the novell ldap server, and have had no luck. We know the novell ldap server is fine, however something seems fishy with the linux side. The problem is that when using the PAM_LDAP modules, is that when a user tries to login, they are asked for a password twice, once the normal password, and the second one being the ldap based password. However, even if you type in the correct passwords, LDAP says permission denied, or authentication failed. What makes it really odd is how at the same time the novell netware server states it has seen the authenticated user, and even gives it an OK to login. Anyone have any clue as to how to make it work? Are there any docs about getting Netware+linux+ldap to work? thanks for any info that you might pass along. have a nice day. You might want to try asking on the PAM list, which I have the address for somewhere around here if you need it. -- Share and Enjoy.