Re: apt and dist-upgrade
* Doug MacFarlane ([EMAIL PROTECTED]) [021116 21:30]: I thought apt-get dist-upgrade would take you from woody to sarge, or sarge to sid, and so on?? I'm obviously missing something here . . . . Not exactly. dist-upgrade is mostly like upgrade, except that it handles handles dependencies better when there are new packages and/or packages no longer in the archive. Specifically, upgrade won't automatically install any new packages required by upgraded existing packages on your system, whereas dist-upgrade will. So, as someone else already mentioned, to use testing, you have to manually add it to your sources.list, then run dist-upgrade (or better yet, do the upgrade using dselect or aptitude for a good overview of what will be upgraded, what new packages need to be installed, what packages are no longer used, etc.) good times, Vineet -- http://www.doorstop.net/ -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin msg13424/pgp0.pgp Description: PGP signature
Re: vi as a text editor
* Rob VanFleet ([EMAIL PROTECTED]) [021115 23:26]: moreover, i have spell, ispell and aspell installed. is there a way i can use them while in vi? If the file has been saved, just run :!ispell % I think there is a way to spell check an unsaved file, but I can't recall it at the moment. :%!ispell -a good times, Vineet -- http://www.doorstop.net/ -- http://www.eff.org/ msg13426/pgp0.pgp Description: PGP signature
Re: Redoing the rescue floppy...
* Darryl L. Pierce ([EMAIL PROTECTED]) [021117 15:16]: I want to upgrade my boot floppy to support 2.4.19 kernel and Ext3. Can someone point me to a HOWTO for doing so? I think mkboot will do exactly what you're looking for. Try the manpage first, make a boot disk, and test it to see if it's all you need. I don't know of a good resource on boot/rescue disk creation offhand. good times, Vineet -- http://www.doorstop.net/ -- #includestdio.h int main() { puts(Reader! Think not that \n technical information \n ought not be called speech;); return 0; } msg13569/pgp0.pgp Description: PGP signature
Re: [OT] CD-R Requirements (or Giving Back To Windows Users)
* Bill Moseley ([EMAIL PROTECTED]) [021117 14:32]: This is a rather non-specific question: Will CD writing quality be effected if the machine is doing other tasks? Does the CD Burner have any buffer underrun protection? If so, you should produce good burns on even heavily-loaded systems. If not, it's a crapshoot. Burning at slow speeds will help if you do find that the loaded machine is creating coasters due to buffer underruns. good times, Vineet -- http://www.doorstop.net/ -- One nation, indivisible, with equality, liberty, and justice for all. msg13571/pgp0.pgp Description: PGP signature
Re: [OT] CD-R Requirements (or Giving Back To Windows Users)
* Bill Moseley ([EMAIL PROTECTED]) [021117 16:11]: At 04:33 PM 11/17/02 -0700, Bob Proulx wrote: I think Clemens said something to the effect that there is nothing more annoying than the presence of an example. Your best bet would be to load up this old box (actually pretty nice hardware!) you have and burn a CD while doing other tasks and watch the fifo while you are doing that. As long as the fifo does not drop below a comfortable margin for safety you should be fine. How do I watch the fifo? The new IDE CD-R has BurnProof so I think that will indeed help. Yes, you'll be fine. This is the buffer underrun protection I was talking about in my other post in this thread. This is supported by cdrecord and works very well. Use the option 'driveropts=burnproof' with cdrecord and you should be fine, no matter how loaded the box gets. good times, Vineet -- http://www.doorstop.net/ -- #includestdio.h int main() { puts(Reader! Think not that \n technical information \n ought not be called speech;); return 0; } msg13577/pgp0.pgp Description: PGP signature
Re: (semi-OT) JPG files - Movie file
* nate ([EMAIL PROTECTED]) [021113 19:07]: nate said: perhaps something to convert to motion jpeg? or mpeg? or avi? (would prefer mpeg-1 due to it's portability but i'll take anything). well for now I think I have to settle on imagemagick. it can convert a bunch of images(even jpeg) to an animated gif. I installed ucbmpeg, and also mjpegtools but both immediately segfault when processing the first JPG file. Actually I was able to get mjpegtools to create a YUV file without errors, but once I tried to convert that to MPEG it segfaulted. imagemagick isn't fast, on my 1.3ghz athlon/768MB it takes 3 minutes 36 seconds to convert 18 23kb files into a 2.6meg animated gif. I suppose I could recompile and turn on gif compression to see how much it drops in size(yeah I know about the LZW patent).. ImageMagick does support MNG, you know. You'll get as good (if not better) compression, for Free. =) good times, Vineet -- http://www.doorstop.net/ -- http://www.debian.org/ msg13033/pgp0.pgp Description: PGP signature
Re: users still logged in
* nate ([EMAIL PROTECTED]) [021108 20:09]: Matthew Daubenspeck said: After having a mess of connection problems that caused my ssh sessions to drop, I noticed that the 'w' command still thinks there are users logged in that I know are not. check the process table to see if shells for those ttys are still open. then kill the process ids. I have found when killing dead sessions only kill -9 to the shell seems to work(at least with bash). really? kill -HUP generally works for me. It's good to try that first, before going all the way to -9, anyway. good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ msg12608/pgp0.pgp Description: PGP signature
Re: creating /dev/hd[m-t]
* Sven Heinicke ([EMAIL PROTECTED]) [021104 11:54]: With woody, I got a system with 20 IDE drives (5 IDE cards). The kernel in finding all of them but /dev/MAKEDEV seems to only know how to make up to /dev/hdl: ds2:/dev# ./MAKEDEV hdl ds2:/dev# ./MAKEDEV hdm ./MAKEDEV: don't know how to make device hdm but I need up to /dev/hdt, I think I know what the major and minor numbers to use as I have another distro (Mandrake) running on a similar system that figured out all the drive letters but I wish to bet a better way to figure this out then install another Linux and look in the docs. Where do I look, even in the code if necessary, to find this out? The best place to start is /usr/src/linux/Documentation/devices.txt (or equivalent, wherever you may keep your kernel source). Also, in case it helps: brw-rw1 root disk 88, 0 Aug 30 2001 /dev/hdm brw-rw1 root disk 88, 64 Aug 30 2001 /dev/hdn brw-rw1 root disk 89, 0 Aug 30 2001 /dev/hdo brw-rw1 root disk 89, 64 Aug 30 2001 /dev/hdp brw-rw1 root disk 90, 0 Aug 30 2001 /dev/hdq brw-rw1 root disk 90, 64 Aug 30 2001 /dev/hdr brw-rw1 root disk 91, 0 Aug 30 2001 /dev/hds brw-rw1 root disk 91, 64 Aug 30 2001 /dev/hdt good times, Vineet -- http://www.doorstop.net/ -- If we do not believe in freedom of speech for those we despise we do not believe in it at all. --Noam Chomsky msg10983/pgp0.pgp Description: PGP signature
Re: inittab and graphical login
* Lance Simmons ([EMAIL PROTECTED]) [021021 08:28]: On Mon, Oct 21, 2002 at 08:28:54AM -0500, Shyamal Prasad wrote: Paul == Paul Johnson [EMAIL PROTECTED] writes: Paul Go into /etc/rc2.d and mv S99gdm K99gdm and this should Paul prevent gdm from starting up. IMHO this is a better way (and more correct) than apt-removing gdm. update-rc.d -f gdm remove This will only work until next time gdm is installed. The above command should only be run by a package's postrm script, not by an administrator for a package which is currently installed on the system. That's why update-rc.d doesn't do anything if links arelady exist and you don't tell it 'force': it respects any changes the administrator may have made manually when being run in a package's postinst script. good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -- E.W. Dijkstra msg08168/pgp0.pgp Description: PGP signature
Re: x startup
* Billy Bump ([EMAIL PROTECTED]) [021021 12:28]: I have just completed installing debian3.0 on my laptop. The touchpad does not work so i use a microsoft usb trackball. this trackball worked in my previous linux mandrake install. When i try to startx it fails and most of the error messages are about the mouse not being present. anybody have any ideas? What kind of laptop is it? Is there something physically wrong with the touchpad, or do you mean you just haven't been able to get X configured to use it? Have you tried the GlidePointPS/2 driver? Where is the trackball plugged in? I'm guessing the ps/2 port. Where does X look for the mouse? It should probably be /dev/psaux . Are you running gpm? So there are some ideas =) good times, Vineet -- http://www.doorstop.net/ -- Extremism in the defense of liberty is no vice. Moderation in the pursuit of justice is no virtue. -- Barry Goldwater msg08169/pgp0.pgp Description: PGP signature
Re: Permissions for a FAT partition
* Rich ([EMAIL PROTECTED]) [021021 11:51]: Howdy all, I want to change the default permissions of files in a FAT partition. I understand that FAT file systems have no concept of permission or ownership. When I mount the partition ownership is set to root and permissions are set to 755. This means that only root can write to it. I'd like it to be writable by ordinary users. I've tried fiddling the permissions of the mount point, and options to the mount command, but have had no luck. Anyone know how to make my FAT partition writable? You'll have to mount it with different options. Try this: man mount | less +'/Mount options for fat' good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -- E.W. Dijkstra msg08218/pgp0.pgp Description: PGP signature
Re: expired gpg keys
* martin f krafft ([EMAIL PROTECTED]) [021016 08:52]: i regularly get mails alerting me of my expired GPG key. but i have a new (sub-)key uploaded to the keyservers since the day the old expired. now i do realize that everyone who obtained my key from the keyservers last year has that one stored, and GPG doesn't re-get a key from the keyservers if it's in the local keyring already. but i can't be the only one, and this has to be solved. why doesn't gpg try to see if there's a new version of an expired key on the keyserver before complaining that it's expired? Even better would be that gpg could re-fetch keys every so often even if they haven't expired, to get new signatures, revocations, etc. That's probably a worthy wishlist item. good times, Vineet -- http://www.doorstop.net/ -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin msg07559/pgp0.pgp Description: PGP signature
Re: gdm, log in as root? - solution and new questions
* Oki DZ ([EMAIL PROTECTED]) [021015 22:40]: On Wed, Oct 16, 2002 at 11:00:33AM +0530, Sandip P Deshmukh wrote: and yes, is there any method of changing the display manager? say from gdm to wdm to xdm to kdm etc? I believe the program is called update-rc.d. (Assuming that apt-get doesn't remove any of the dm's when the new one gets installed.) I think you mean update-alternatives. Try update-alternatives --config x-window-manager and/or update-alternatives --config x-session-manager good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/It's all about Freedom. msg07319/pgp0.pgp Description: PGP signature
Re: Uninstall non deb package
* Setyo Nugroho ([EMAIL PROTECTED]) [021011 09:47]: Hi all, how is it to uninstall a package which is install from a non deb package (eg. source in tar.bz2 format)? That depends entirely on the package. Many have a make uninstall, but many do not. Assuming you still have the build tree, you should be able to examine the Makefile and see what got put where when you did make install. What about overwriting it with deb package? As an example kdevelop. This shouldn't happen: packages you install locally should go under /usr/local, where official packages do not tread. good times, Vineet -- http://www.doorstop.net/ -- Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one. --President Thomas Jefferson. msg06553/pgp0.pgp Description: PGP signature
Re: dhclient start.
* Franck Bui-Huu ([EMAIL PROTECTED]) [021011 10:06]: Hey I'm currently try to launch dhclient in order to get an IP address at boot, but I don't know in which file I should put it. I tried in /etc/init.d/networking but kde crashed during its initialization. man interfaces You just need to set up something like the following in your /etc/network/interfaces: aut0 eth0 eth0 inet dhcp and when the interface is brought up, it will run dhclient and get your address via dhcp. It's all pretty much automatic. good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/It's all about Freedom. msg06555/pgp0.pgp Description: PGP signature
Re: dhclient start.
* Vineet Kumar ([EMAIL PROTECTED]) [021011 10:20]: * Franck Bui-Huu ([EMAIL PROTECTED]) [021011 10:06]: Hey I'm currently try to launch dhclient in order to get an IP address at boot, but I don't know in which file I should put it. I tried in /etc/init.d/networking but kde crashed during its initialization. man interfaces You just need to set up something like the following in your /etc/network/interfaces: auto eth0 iface eth0 inet dhcp and when the interface is brought up, it will run dhclient and get your address via dhcp. It's all pretty much automatic. good times, Vineet -- http://www.doorstop.net/ -- One nation, indivisible, with equality, liberty, and justice for all. msg06559/pgp0.pgp Description: PGP signature
Re: Finding files to back up
* Mark Carroll ([EMAIL PROTECTED]) [021009 10:37]: Being of the belief that a fresh reinstall can help to spring-clean my machine, my usual approach to backups is to preserve my package selections Leave that belief behind. You're using debian now! =) A good backup strategy is always important, though, always. I think Karsten's page provides good guidelines and advice about how to craft your own backup solution: http://kmself.home.netcom.com/Linux/FAQs/backups.html good times, Vineet and the files that I've added (e.g. in /home/) and modified (e.g. in /etc/) that wouldn't be recovered in a simple package reinstallation. I see that dpkg can tell me about associations between files and packages. Can I somehow get a list of the md5sums of the package maintainers' version of the files so I can tell if they were modified? Maybe things aren't as simple as I'm imagining? Probably even simpler than you're imagining. Just grab your conf files (they're listed in the packages' metadata); it's unlikely that you've changed anything else. good times, Vineet -- http://www.doorstop.net/ -- http://www.eff.org/ msg06428/pgp0.pgp Description: PGP signature
Re: I accidentally deleted the root superuser How to reinstall
* John Foster ([EMAIL PROTECTED]) [021009 15:26]: First off the search facility does not seem to be working at Debian.org just now, so I could not check there...I did check the mail archives but they also seem to be handicapped. Oh Well! Here's the problem... I wanted to try some new installation techniques doing them completely off the internet. Yes it is possible :-) I also wanted to install the new (unstable) system to an ext3 file structure. Everything went according to plan until I started to reboot from the newly installed disk. The kernel loaded O.K to the console screen but then I could not log in as root. I also noticed the the system hostname seemed incorrect. I can deal with the hostname but the root login problem has me stumped. I removed and added a new user from my host system using chroot and mounting the new file system. I then 'very brightly' (read as brain fart) decided to do the same with rootand that really screwed it. I welcome any suggestions as to how to get the root superuser reinstalled. Yeah, just do what you did to remove them in reverse ;-) Seriously, if you have another means of booting, mounting, and editing the password file (which you demonstrated that you do) just do it again and add the following line back in: root:x:0:0:root:/root:/bin/bash If you don't know the root password, this is also a good time to reset it, by blanking it out in /etc/shadow. good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ msg06228/pgp0.pgp Description: PGP signature
Re: debian emacs policy and configuring mutt
* Robert Wilhelm Land ([EMAIL PROTECTED]) [021008 00:02]: In both cases, mutt overrides these settings in .muttrc and uses vi for composing mail. Does mutt read anything else in your .muttrc ? When running mutt, what does it give you if you type :set ?editor ? Also, try issuing :set editor=vim from within mutt. Does this work? good times, Vineet Irritating enough - man mutt reports about a system wide configuration file /etc/Muttrc which I thought would contain anything causing mutt Mutt should read /etc/Muttrc first, then your ~/.muttrc , so your personal settings will override anything in /etc/Muttrc. good times, Vineet -- http://www.doorstop.net/ -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin msg05925/pgp0.pgp Description: PGP signature
Re: ssh and running command
* Patrick Hsieh ([EMAIL PROTECTED]) [021006 19:37]: Hello list, I'd like to execute a certain command upon someone connect to my server with ssh [EMAIL PROTECTED]. I will not authenticate the visitor in the ssh session, that is, anyone can do ssh [EMAIL PROTECTED] in order to execute my self-defined command or shell script. Is there any Are you running a web server? Just create a little CGI to do what you want, so that anyone can just GET that URL and the command will run. This should be much less headache than trying to figure out if all of your bases are covered with ssh, since you're not trying to authenticate anyway. You can still get transport-layer security if you run the CGI only on HTTPS. If you want it so that web spiders won't automatically launch your command all the time, just don't put any links to it. You could also do something that's trivial for a human but next to impossible for a search engine cache, like require that the script get today's date as an argument or it won't do anything. This scheme fails when it's not an interactive command, but works great if you just need to run a command and see the output; it can be displayed in the browser when the CGI is run. good times, Vineet -- http://www.doorstop.net/ -- A: No. Q: Should I include quotations after my reply? msg05669/pgp0.pgp Description: PGP signature
Re: network - notwork! unable to access lan and net
* Sandip P Deshmukh ([EMAIL PROTECTED]) [021005 03:31]: On Sat, Oct 05, 2002 at 11:28:56AM +0530, Sandip P Deshmukh wrote: ifconfig: eth0 Link encap:Ethernet HWaddr 00:50:BA:3C:C0:93 inet addr:192.168.1.21 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:21 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:252 (252.0 b) TX bytes:2486 (2.4 KiB) Interrupt:11 Base address:0xa000 and ping just stops there. i interrupt it with control - c. here is output of ping ping: - PING 192.168.100.1 (192.168.100.1): 56 data bytes --- 192.168.100.1 ping statistics --- 15 packets transmitted, 0 packets received, 100% packet loss The address you're trying to ping is not on your network. This could mean your router isn't working. I guess you have tested that the router is indeed working; I just mean to point out that the above test isn't a good place to start to try to figure out why you can't access your LAN and/or the Internet. First try pinging yourself, then try pinging another host on your network (i.e. your router), then try pinging a host outside your network. What does 'route' print? good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -- E.W. Dijkstra msg05675/pgp0.pgp Description: PGP signature
Re: Gnome session errors
* Antonio Rodriguez ([EMAIL PROTECTED]) [021006 12:27]: Similar here, but looking for a more drastic solution: I want to re-install gnome for a specific user in a box (several users have access to same box) due to several reasons, without affecting the settings for any other user. What should I do? Just remove (or, safer, rename) that user's .gnome directory. good times, Vineet -- http://www.doorstop.net/ -- A: No. Q: Should I include quotations after my reply? msg05685/pgp0.pgp Description: PGP signature
Re: apache-2.0.42 in debian3.0
* damar thapa ([EMAIL PROTECTED]) [021002 00:05]: Jan Ulrich Hasecke wrote: damar thapa [EMAIL PROTECTED] writes: but when I try mozilla localhost or mozilla ipAdress, I get connection refused message. Does apache listen on port 80? Yes, it is listening at port 80, at least as per httpd.conf. What about per 'netstat -lt' ? good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -- E.W. Dijkstra msg04815/pgp0.pgp Description: PGP signature
Re: Viewing avi files
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [021002 09:32]: Install mplayer :) here : http://mplayer.nmeos.net/ It's good that somebody made debs available because mplayer is the opensource project from hell, at least it was last time I looked. The mplayer team reminds that any precompiled binaries are 'unsupported' (whatever that means) because most of mplayer's configuration is done at compile time. They suggest that the only way to get mplayer to perform decently on your machine is to compile it on your machine. I've also heard that the source tree includes a debian directory so that building your own debs is simple, but I'm kinda talking out my ass because I've never used mplayer ;-) I just thought that info might be of interest to anyone considering using precompiled debs instead of 'dpkg-buildpackage'ing them themselves. good times, Vineet -- http://www.doorstop.net/ -- Extremism in the defense of liberty is no vice. Moderation in the pursuit of justice is no virtue. -- Barry Goldwater msg04817/pgp0.pgp Description: PGP signature
Re: home ethernet IP addresses
* Jeff Maxson ([EMAIL PROTECTED]) [021002 19:31]: gotten to the point where ifconfig gives me... eth0 Link encap:Ethernet HWaddr 00:04:5A:87:11:5E UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:358 errors:0 dropped:0 overruns:0 frame:0 TX packets:233 errors:786 dropped:0 overruns:0 carrier:1572 collisions:0 txqueuelen:100 RX bytes:83417 (81.4 KiB) TX bytes:79686 (77.8 KiB) Interrupt:5 Base address:0xe000 like to print stuff (using samba) from my computer (sarge) to my wifes' printer (windows). don't I need an IP address to do that? Yes. And btw, afaik, polygyny is illegal (but IANAL). Perhaps you mean wife's instead of wifes'? ;-) But anyway, yes, you do need an IP address to participate on your LAN. know DHCP has to do with dynamic IP addresses, right? or am I out there? Yes, DHCP is the protocol by which dynamic IP addresses are assigned. It probably does a DHCPREQUEST and/or DHCPDISCOVER. That means it's trying to contact a DHCP server to ask for an address. Is there a DHCP server on your network? How does the windows machine get its address? IIRC, windows gives the option to get an address automatically or specify an address manually or something. If it's set to automatic, then DHCP should probably work for your debian machine as well. Is there a router or something that on your network that runs a DHCP server? If it's set to something manually, let us know what those settings are and we can help you figure out what address you can use for the debian machine and tell you how to set it up (TFM in that case is 'man 5 interfaces'). In order to print to a windows computer, you will probably need to set up samba, but let's get walking before we try to run =) good times, Vineet -- http://www.doorstop.net/ -- http://www.debian.org/ msg04935/pgp0.pgp Description: PGP signature
Re: Mutt and mailboxes
* David P James ([EMAIL PROTECTED]) [021002 20:05]: interest in checking it. What I would like is to have Mutt default to opening up Mozilla's mbox at ~/.mozilla/default/.slt/Mail/pop.my.isp/Inbox . I can force mutt To specify your spoolfile, put set spoolfile=~/.mozilla/... in your .muttrc . Alternatively, set your $MAIL environment variable in your shell's startup scripts. solution. I've also noticed that there is no .mutt or the like file or directory in my home directory, which is somewhat perplexing. Mutt will read a .muttrc if you write one, but it won't write one on its own. Further places to look for help are the mutt manual (in /usr/share/doc/mutt, or on the web), and the [EMAIL PROTECTED] archives, the mutt homepage, Sven Guckes' mutt site, and (of course) google. good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/It's all about Freedom. msg04936/pgp0.pgp Description: PGP signature
Re: Symlink clarification needed (vi - vim)
* Robert Ian Smit ([EMAIL PROTECTED]) [020928 06:58]: I know that some programs react differently depending on how they are called. When you create a symlink to a program, does the program know that it was started by using a symlink? For instance when I create a vi symlink to vim, will vim start up normally or will it mimick vi? Vim can always be coerced to do whatever you want it to do via ~/.vimrc . Setting nocompatible will make it act like 'vim' even when invoked as 'vi' (via hard or soft link). good times, Vineet -- http://www.doorstop.net/ -- http://www.debian.org/ msg04400/pgp0.pgp Description: PGP signature
Re: apache-perl vs HTML::Mason
* will trillich ([EMAIL PROTECTED]) [020929 21:30]: okay, apt-get is wonderful and all that -- but when sticking with a tried-and-true potato setup, it's hard to get feature updates without some extra-apt activity... such as perl -MCPAN -e shell install Bundle::HTML::Mason to get a version newer than 0.72 of HTML::Mason -- and of course the current version of mod_perl is 1.2103 and the new Mason needs 1.22 or better. aaugh! is there a quickie-like fix without having to do a full to-woody upgrade? :( i'd like to have a semi-modern HTML::Mason and apache-perl, without having to overhaul the whole schlabotnik... What about grabbing woody's apt and set up an /etc/apt/preferences that will allow you to selectively choose packages from woody? This way you should be able to bring in woody's apache-perl and dependencies while leaving most of the schlabotnik alone. But come on, woody is so much cooler! I highly recommend the upgrade, if you're just talking about a desktop system. I do understand the reluctance if we're talking about production machines, but it sounds to me like this is a development box or something. good times, Vineet -- http://www.doorstop.net/ -- #includestdio.h int main() { puts(Reader! Think not that \n technical information \n ought not be called speech;); return 0; } msg04402/pgp0.pgp Description: PGP signature
Re: ext2 ext3 ?
* Gerard Robin ([EMAIL PROTECTED]) [020929 00:44]: but how can I change from ext2 to ext3 without breaking my actual installation and how to do this ? tune2fs -j /dev/hda1 (for example.) good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/It's all about Freedom. msg04247/pgp0.pgp Description: PGP signature
Re: help compiling everybuddy-0.4.3 on Woody
* Mike Pfleger ([EMAIL PROTECTED]) [020929 18:24]: * Vineet Kumar ([EMAIL PROTECTED]) wrote: If it's still just not working, how about downloading the debian package source (apt-get source everybuddy) and looking at how it's done there? That makes me think of something, and pardon me please if this is an obvious question. Is there anything that stops me from grabbing the source from unstable (assuming it's new enough) and trying to build it on Woody? And the stumbling block would be lib dependencies, I'd guess based on my limited experience building packages. Although I'd expect that I'd have gotten errors about that when I tried to configure the upstream source... (?) It should work fine. The only reason I didn't suggest it straightaway is that Debian only yet has 0.4.2, not 0.4.3 . If you don't mind being one minor number behind, using the debian package should be fine. You then have 2 routes to choose between: (1) Just install the package from sid. This will work if you are comfortable with running a mixed sarge/sid system, and are reasonably comfortable with /etc/apt/preferences (2) build your own .deb from the sid source package. You should be fine downloading the source package from sid and building it locally. If there are any dependencies, apt-get -t unstable build-dep everybuddy should let you know about and get around them. good times, Vineet -- http://www.doorstop.net/ -- http://www.debian.org/ msg04339/pgp0.pgp Description: PGP signature
Re: help compiling everybuddy-0.4.3 on Woody
* Mike Pfleger ([EMAIL PROTECTED]) [020927 23:29]: Hello. I'm having a bit of trouble building this package, and I was wondering if anyone on the list has built it for Woody. It barfs during make like this: proxy.c:34: gtk/gtk.h: No such file or directory make[1]: *** [proxy.o] Error 1 There is a complaint while running configure, but the complaint makes not a lot of sense. It can't find gtk-config and glib-config, but the correct packages are installed. It suggests setting the GTK_CONFIG and Are they? apt-get install libgtk-dev libglib-dev You probably have the runtime libraries but not the development packages. I could be wrong (can't tell exactly in your case) but this is the most common problem. good times, Vineet -- http://www.doorstop.net/ -- http://www.eff.org/ msg04137/pgp0.pgp Description: PGP signature
Re: How stable is testing?
* Neal Lippman ([EMAIL PROTECTED]) [020928 15:35]: I am wondering how stable people are finding testing for use on their workstations. I am running woody, and very happy with it. However, I would like to be a bit more up to date with some of my software - for instance, I'd like to be using KDE 3 instead of 2.2, and the newest evolution, so I was thinking about doing a dist-upgrade to sarge. I don't, however, look forward to severe breakage now that I finally have my system configured and working. At least as stable as any redhat release. /me ducks good times, Vineet -- http://www.doorstop.net/ -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin msg04230/pgp0.pgp Description: PGP signature
Re: help compiling everybuddy-0.4.3 on Woody
* Mike Pfleger ([EMAIL PROTECTED]) [020928 08:48]: I did the search for the files sought by configure, and found them, but not where it expected them. My attempts to convince it to look in the correct place (/usr/bin) have so far failed. I take it you mean gtk-config and glib-config, yes? Are they not in $PATH? Does configure not just look in $PATH? It should find them there, and the -config executables should generate the proper -I and -L flags for compiling and linking. I think so far I probably haven't told you anything you don't already know. How about as an idea of how to proceed, try giving options to configure, something like ./configure --with-gtk-prefix=/usr/lib (that's just OTTOMH; look at configure to see what option it might like instead.) What did you try setting GTK_CONFIG to? If it's still just not working, how about downloading the debian package source (apt-get source everybuddy) and looking at how it's done there? good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ msg04232/pgp0.pgp Description: PGP signature
Re: Help mailserver used to mirror spamming !!!
* Ricardo Fitzgerald ([EMAIL PROTECTED]) [020926 09:56]: Hi to all, Recently I had a very bad news one of my clients mail server was blocked due to spamming !!! Well, the thing is they are not spamming at all, but their ip was used by some unscrupulous spammer, now I have the task to write some security to prevent that but I don't know much about the subject, where can I find some info to develop a good firewall or sendmail rules to prevent that from happen again ? I've recently started to use sendmail and it's somewhat obscure, due to my personal situation I can't even afford to buy a book on sendmail so I need free sources. Any suggestions from experienced users are welcomed, now I have sendmail, and fetchmail, procmail and squid as proxy to serve the internal lan of 5 windows computers. Start here: http://www.google.com/search?q=sendmail+open+relay and read read read read read. I don't speak sendmail fluently, but it should be an easy task to close an open relay. If you can't do it easily with sendmail, and you're not rather too attached to sendmail (sounds like you don't understand it anyway (but don't take that comment the wrong way)) install exim instead, and be merry. It's easy to set up and easy to configure, and the default install is not an open relay. (I don't mean to imply that sendmail's default install is; in fact I doubt that that is the case. But $OP's current sendmail setup is configured as such, and a new default exim's configuration would be at least one notch better in that regard.) good times, Vineet -- http://www.doorstop.net/ -- Extremism in the defense of liberty is no vice. Moderation in the pursuit of justice is no virtue. -- Barry Goldwater msg03795/pgp0.pgp Description: PGP signature
Re: Security problem: rbash isn't working on initial invocation
* Bob George ([EMAIL PROTECTED]) [020926 11:40]: I'm using bash on Debian 'testing'. I've created a symlink /bin/rbash that points to /bin/bash, and prior to upgrading to 3, it worked as expected. Users could not do cd .. and other restricted functions as described in the manpage. I only recently noticed that this is NOT currently working. Notice that although rbash is shown as the current shell, the user can move up the directory tree. Also, /bin/date (etc.) can be executed with no problems. Now, what's really maddening, if I call /bin/rbash, it works properly:rbash-2.05b$ -rbash-2.05b$ /bin/rbash rbash-2.05b$ pwd Well, there's a clue about why it's not working the way you expect: bash enters restricted mode when invoked as 'rbash', but it's being invoked as '-rbash' from login. So that's the why, but unfortunately I don't know the proper way to set it up. good times, Vineet -- http://www.doorstop.net/ -- As we enjoy great advantages from inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously. --Benjamin Franklin msg03817/pgp0.pgp Description: PGP signature
Re: Changing a .deb name consistently. Easier to build from source?
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [020926 03:36]: How can I change a deb name in a consistent manner without building it from source? Will it be easier then building it from source? For example, can I extract it with dpkg-deb, modify a few files and repackage it? The problem I have at hands is that I have a kernel image kernel-image-2.4.19-486custom.3_486custom.3_i386.deb and I want it to become kernel-image-2.4.19-custom.with.aic7xxx.probing.3_custom.with.aic7xxx.probing.3_i386.deb Unfortunately, it's not as simple as that. Generally speaking, you should be able to open up a deb, edit some files, and re-package it as a deb with a new name, but this won't be good enough for your kernel package. The kernel info like -486custom.3 is actually built into the kernel. As evidence of this, look at the output of uname -r, and also watch where the kernel will look for modules under /lib. You could probably get around the module problem with some symlink hackery, but you're probably best off avoiding headaches by just recompiling it. good times, Vineet -- http://www.doorstop.net/ -- Extremism in the defense of liberty is no vice. Moderation in the pursuit of justice is no virtue. -- Barry Goldwater msg03837/pgp0.pgp Description: PGP signature
Re: X popup client sought
* martin f krafft ([EMAIL PROTECTED]) [020926 04:57]: i would like to implement a service in the LAN which pops up a window on a workstation computer in response to an event generated on a central server. ideally, the popup window should be displayed for a configurable amount of time before being destroyed again. rather than using the X protocol, xmessage, and a timeout on the server's process (it would run there, display on the workstation, and get killed by something like the timeout package), i would love to have a system specifically crafted for this purpose. do you know anything of that sort? note that samba is not running and is not an option. Maybe you can just leave and xconsole running and use remote logging? Maybe you can make use of some colorizing script, too, to highlight these messages in the xconsole window, or just configure syslog to only send those particular messages to the /dev/console. Actually, that gets me to an even better idea: create a new FIFO just for this purpose, have syslog send just those messages to that FIFO, and start xconsole with -f pointing to it. and if not, could you help me make something like xmessage -display workstation:0 work? it always fails with Cannot open display even though I set `xhost +` on the workstation's running X process. i am thinking that it's related to X not binding port 6000 on startup, but am clueless as Have you confirmed that X is not listening on tcp/6000? If so, that would certainly be a problem ;-) netstat and nmap are your friends. to how to enable that. removing '-nolisten tcp' from /etc/X11/xinit/xserverc on the workstation and restarting X didn't work. That oughta do it. As an alternative, how about setting up an ssh key with command=xmessage and environment=DISPLAY=:0 in the authorized_keys file and let that take care of it? Then the server just runs ssh -i passphrase-less identity file workstation xmessage The workstation allows it, and you don't have to open it up with xhost. Well, if you just want to do it the old-fashioned way, just using X and no ssh, how are you starting X? Removing the nolisten tcp as you did should work if you're using startx, but from *dm you might also have to edit the appropriate config file (e.g. /etc/X11/xdm/Xservers or similar). good times, Vineet -- http://www.doorstop.net/ -- Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one. --President Thomas Jefferson. msg03840/pgp0.pgp Description: PGP signature
Re: Odd Path issue
* Kent West ([EMAIL PROTECTED]) [020926 12:00]: I did a chown +x test. From my home directory (/home/westk), I can run test and I get no output. However, if I specify bin/test, I get the expect message (This is a test). If I do a which test, it reports /home/westk/bin/test. Yet another reason to use 'type' instead of 'which': vineet@pianoman ~ % type test test is a shell builtin vineet@pianoman ~ % type which which is a shell builtin Oops, I cheated: I use zsh =) vineet@pianoman ~ % bash vineet@pianoman:~$ type test test is a shell builtin vineet@pianoman:~$ type which which is /usr/bin/which vineet@pianoman:~$ file /usr/bin/which /usr/bin/which: Bourne-Again shell script text executable For a more complete discussion, try: man bash / *type good times, Vineet -- http://www.doorstop.net/ -- #includestdio.h int main() { puts(Reader! Think not that \n technical information \n ought not be called speech;); return 0; } msg03841/pgp0.pgp Description: PGP signature
Re: X popup client sought
* Vineet Kumar ([EMAIL PROTECTED]) [020926 13:59]: Actually, that gets me to an even better idea: create a new FIFO just for this purpose, have syslog send just those messages to that FIFO, and start xconsole with -f pointing to it. After consulting xconsole(1), I realize I meant '-file', not '-f' above. good times, Vineet -- http://www.doorstop.net/ -- Extremism in the defense of liberty is no vice. Moderation in the pursuit of justice is no virtue. -- Barry Goldwater msg03842/pgp0.pgp Description: PGP signature
Re: supersuer by a normal user with chmod
* Raffaele Sandrini ([EMAIL PROTECTED]) [020925 00:30]: I tested the following: As a normal user i crated a file in my homedir. % touch test I changed it to a exec file. % chmod 700 test No i set the superuser bit % chmod +s test It worked(!). That means that a user can download for example a BASH binary and set the superuser bit for it ans has root privileges ??!! Am i missing here something? Yes. =) +s is the setuid bit, not the 'superuser bit' (there is no such thing). man chmod, take a deep breath, and test that your u+s binary does not in fact run with root privileges. good times, Vineet -- http://www.doorstop.net/ -- #includestdio.h int main() { puts(Reader! Think not that \n technical information \n ought not be called speech;); return 0; } msg03458/pgp0.pgp Description: PGP signature
Re: OT: Alternatives to ls for sorting files by modification time
* Holger Rauch ([EMAIL PROTECTED]) [020925 00:47]: Hi! I admit that this is off-topic since it's a general shell scripting question, but what alternative commands instead of ls can be used to sort files by modification time? I'm not interested in the modification times, just the file names. So, actually in something that emulates ls -lt1 behavior. (When I used ls -lt1 I got an argument list too long error, so I need to use something else, but to be honest, I don't know what.) I'd say ls is the right tool for the job. If you're getting an error about a list being too long, maybe you can rework the way you're processing the list, i.e. with xargs? It's hard to make suggestions without seeing what you're trying to do... good times, Vineet -- http://www.doorstop.net/ msg03463/pgp0.pgp Description: PGP signature
Re: idiosyncratic ln not making hard links
* Elizabeth Barham ([EMAIL PROTECTED]) [020925 09:24]: Noah L. Meyerhans [EMAIL PROTECTED] writes: --zOcTNEe3AzgCmdo9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 25, 2002 at 10:33:15AM -0500, Elizabeth Barham wrote: | :~$ touch k | :~$ ln k y =20 Any idea of what might be causing ln not to work correctly on my system? Try running strace on it: strace ln k y execve(/bin/ln, [ln, k, y], [/* 21 vars */]) = 0 uname({sys=Linux, node=shelby, ...}) = 0 brk(0) = 0x804d9a8 open(/etc/ld.so.preload, O_RDONLY)= -1 ENOENT (No such file or directory) Should /etc/ld.so.preload be here? Yes, that's fine. (I mean it's fine that it tries to read it, and it's fine that it doesn't exist.) stat64(y, 0xb1fc) = -1 ENOENT (No such file or directory) lstat64(k, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 lstat64(y, 0xb18c)= -1 ENOENT (No such file or directory) lstat64(y, 0xb18c)= -1 ENOENT (No such file or directory) link(k, y) = -1 ENOENT (No such file or directory) write(2, ln: , 4ln: ) = 4 write(2, creating hard link `y\' to `k\', 29creating hard link `y' to `k') = 29 write(2, : No such file or directory, 27: No such file or directory) = 27 write(2, \n, 1 ) = 1 _exit(1)= ? The only thing that seems odd in the stat64(y, 0xb1fc) in that the file does not exist when, apparently, it should have been created by then? No, that's not so. That first stat64 call is to see whether y already exists (in which case you'd get some error like ln: 'y': file exists). If it didn't already exist, y is created as a link at the call to link(k,y) below that. The strange part (where it's failing) is that the call to link gives ENOENT instead of succeeding with 0. I did have some sporadic memory errors with this machine but corrected them although I have not run memtest in a while (the mmap). This could be it; it does do some 'mmap'ing, so memory errors could be affecting it. They can affect everything, in fact =) For lack of a better pointer, I'd say memtest86 should be the next thing to try. RAM's cheap these days, so don't sweat it too much. Tried the fsck; it's still buggy. I take it you mean the fsck said the filesystem was fine, but ln still doesn't work? Is this the only symptom, or ar other things acting screwy on this machine as well? good times, Vineet -- http://www.doorstop.net/ -- http://www.eff.org/ msg03560/pgp0.pgp Description: PGP signature
Re: OT: M$ Proxy Server
* Robert Vazan ([EMAIL PROTECTED]) [020925 09:29]: If they are all-from-MS, then ask them if they could kindly provide Microsoft Linux distro. :-) It's possible, it's legal, it's going to be popular, then why not? Well, they've been telling managers for years now that Linux is anti-business, anti-profit, and anti-american. They intentionally use terms like open source vs. commercial software (instead of ... vs. proprietary) to cultivate the misconception that Free software is somehow antithetical to running a successful business. They've called it a virus, and I'd not be surprised if the next wave of propaganda somehow associates it with terror. Besides, we don't need another MS Linux distro -- we already have RedHat ;-) good times, Vineet -- http://www.doorstop.net/ -- As we enjoy great advantages from inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously. --Benjamin Franklin msg03561/pgp0.pgp Description: PGP signature
Re: OT: Alternatives to ls for sorting files by modification time
* Holger Rauch ([EMAIL PROTECTED]) [020925 01:07]: [...] processing the list, i.e. with xargs? It's hard to make suggestions without seeing what you're trying to do... You're right ;-) What I'm doing is FILES=`$LS -lt1 $BACKUP_DIR/arc/*.arc | $TAIL -$NUM_OF_FILES` for i in $FILES; do $RM -f $i done As others have pointed out, the * expansion is causing the line too long problem. Also, ls -l gives you more than just filenames: you get permissions strings, refcounts, owner, group, size, date as well. AFAIK, -l always lists in a single column, so -1 doesn't matter, either. here's another way of doing this, though: instead getting the whole list, sorting it and chopping off all but the end, try this: /usr/bin/find $BACKUP_DIR/arc -type f -maxdepth 1 -name \*.arc \ -mtime +30 -exec rm \{\} \; (that's one long line; note the \-escaped newline). Anyway, my point is that find may be able to help you achieve what you want. My example isn't exactly the same as yours: mine removes files older than 30 days, yours removes the 10 oldest files. But anyway, it's something you might want to look into. good times, Vineet -- http://www.doorstop.net/ -- Those who desire to give up freedom in order to gain security will not have, nor do they deserve, either one. --President Thomas Jefferson. msg03569/pgp0.pgp Description: PGP signature
Re: idiosyncratic ln not making hard links
* Mark L. Kahnt ([EMAIL PROTECTED]) [020925 10:55]: On Wed, 2002-09-25 at 13:34, Vineet Kumar wrote: * Elizabeth Barham ([EMAIL PROTECTED]) [020925 09:24]: link(k, y) = -1 ENOENT (No such file or directory) I'm going to toss in a *wild* question, but given that the actual link attempt is failing, this wandered through the chasm I use as a mind: What filesystem is on the partition on which the link is being made? There isn't a chance that it is fat/vfat, is there? Not a bad question. Ordinarily, I'd expect that to give an error like Permission denied instead of No such file The latter I'd expect to see if the current working directory (the target in which to create the new link) had been deleted, or if it refers to a dangling symlink to a deleted directory. From the simple example given: touch x ln x y It looks fine at first glance, unless some other process on the machine came and wiped out the directory we were working in between the touch and the ln commands (otherwise touch would have gotten the ENOENT in the first place). Now that it mysteriously works again, I guess we may never know ;-) good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/It's all about Freedom. msg03572/pgp0.pgp Description: PGP signature
Re: imap
* Joyce, Matthew ([EMAIL PROTECTED]) [020916 22:50]: Out of the available Deb'd emailing solutions can anyone recommend a good SMTP-IMAP combo ? I have heard good things about postfix, although I seem to have got exim doing pretty much what I want. But which IMAP package is favoured ? I recently set up exim with courier-imap, and the setup is very slick. I set up SMTP AUTH to use the same userdb database I use for courier imap authentication, which is nice. I just posted my exim setup for this last week on exim-users. Feel free to ask for help setting it up. I've always liked exim, and I've tried setting up a few different IMAPs, (cyrus, UW) and this combo has been my favorite. good times, Vineet -- http://www.doorstop.net/ -- If we do not believe in freedom of speech for those we despise we do not believe in it at all. --Noam Chomsky msg02648/pgp0.pgp Description: PGP signature
Re: ide-scsi
* Michael Olds ([EMAIL PROTECTED]) [020920 15:08]: OK I think I know what will do it. Go to modconf which is the module installation dialog you saw when installing, go to scsi modules and find the ide-scsi module which should have a plus beside it. Select it and click ok. You should be asked if you want to remove it, etc. modconf is a frontend to editing /etc/modules. OP reported that he grepped through all of /etc, so I doubt that this suggestion will make any headway. good times, Vineet -- http://www.doorstop.net/ -- Satan laughs when we kill each other. Peace is the only way. msg02765/pgp0.pgp Description: PGP signature
Re: 3com 905B-TX won't work?
* Bram Jessen ([EMAIL PROTECTED]) [020917 11:27]: hey, my network card won't work in debian (the card itself works under redhat/mandrake and windows) so I was wondering if I have to anything special to make it work under debian (it ain't on the driver module list, at least, I can't find it) Try the 3c59x (vortex) kernel module. This is in the list in modconf, or you can simply modprobe 3c59x. modconf is the Right Way to do it, and will also ensure that the module is loaded automatically at boot. (I am a linux n00b, but I ain't learning anything from mandrake, so trying debian now :) You're lucky; you found the One True Distro early. Once you discover Debian, you get spoiled and you never want to use anything else. good times, Vineet -- http://www.doorstop.net/ -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin msg02246/pgp0.pgp Description: PGP signature
Re: How to check a set of Woody CD's for integrity
* Peter Hugosson-Miller ([EMAIL PROTECTED]) [020917 11:38]: I have just purchased a complete set of 14 Woody CDs (7 binary, 7 Does anyone have a suggestion of how to check the integrity of the complete set? I first thought of a recursive directory listing, which can't figure out a foolproof method myself. My only vague idea was to make a chacksum of all the files on the disk, but I don't know how (yet) and I'd need som real checksums to check them against ;-). Get the checksums for the entire disc images from the cdimage site and check that. Don't bother with trying to check each individual file and directory, just check that the whole image matches. If it doesn't, then think about digging deeper to find out what differs, or simply contact the vendor to see why they differ, and if your checksum matches what they think it should be. good times, -- Vineet http://www.doorstop.net/ -- Satan laughs when we kill each other. Peace is the only way. msg02249/pgp0.pgp Description: PGP signature
viewing gzipped files inline with less (was Re: FW: kernel source patching)
* Russell ([EMAIL PROTECTED]) [020831 20:30]: Do you use midnight commander? You can read compressed .gz text files without having to first unzip them. less can do this as well from the commandline, given that the environment is properly primed with eval $(lesspipe). It can view many different types of files. Try it on a .deb! Have fun. good times, Vineet -- http://www.doorstop.net/ -- As we enjoy great advantages from inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously. --Benjamin Franklin msg00792/pgp0.pgp Description: PGP signature
Re: newsgroup readers
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [020902 10:56]: Hei I have only ever accessed newsgroups using netscape under windows. I was wondering whether anyone would be so kind as to give a novice some advice on what clients are worth looking trying under linux. If you're familiar and comfortable with the netscape newsreader, fire up mozilla on linux and go nuts. Pan is also a very good gtk-based newsreader. good times, Vineet -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: moves dot files to different directory
* Steve Juranich ([EMAIL PROTECTED]) [020628 10:49]: ls -ad ~/.[^.]* I prefer: ls -ad ~/.??* Many less keystrokes, but to each his own. ... but not quite the same effect. This shell glob won't catch a file called, say .g -- it requires 2 characters after the '.' . That's probably usually good enough, but not quite correct. Also, the -a isn't required to ls to see the dotfiles if they're supplied explicitly as in ls -d .*. I'm not sure why it wasn't working for $OP. Another thing to note that's very convenient (and fewer still in the keystroke count) is 'ls -A', which lists all files (including dotfiles) except '.' and '..' . Also, since you're not specifying the directories on the command line to ls, it doesn't expand them by default, so no -d is necessary either. good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgpKHnMIEfJ58.pgp Description: PGP signature
Re: new ssh and Accepted hostbased in logs
* Raghavendra Bhat ([EMAIL PROTECTED]) [020626 21:42]: Vineet Kumar posts : since upgrading to the woody/updates ssh package (3.3p10.0woody1) ^ As of now `ssh_1:3.3p1-0.0woody4_i386.deb' has come up in security.debian.org. Does this give a fix to this issue among others ? Nope. good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgpI9hFr6ilKJ.pgp Description: PGP signature
Re: new ssh and Accepted hostbased in logs
* Vineet Kumar ([EMAIL PROTECTED]) [020627 00:09]: * Raghavendra Bhat ([EMAIL PROTECTED]) [020626 21:42]: Vineet Kumar posts : since upgrading to the woody/updates ssh package (3.3p10.0woody1) ^ As of now `ssh_1:3.3p1-0.0woody4_i386.deb' has come up in security.debian.org. Does this give a fix to this issue among others ? Nope. I just upgraded to 3.4p1-0.0potato1, though, and it seems fine there. good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgpHIs045I1aR.pgp Description: PGP signature
Re: new ssh and Accepted hostbased in logs
* Ralf G. R. Bergs ([EMAIL PROTECTED]) [020627 00:44]: On Thu, 27 Jun 2002 00:23:57 -0700, Vineet Kumar wrote: I just upgraded to 3.4p1-0.0potato1, though, and it seems fine there. Did you compile it yourself, or where did U get it from? came from stable/updates/main on security.debian.org . Do you have this line in your sources.list: deb http://security.debian.org/ stable/updates main contrib non-free ? that should do it. I'm running sid, but the potato update got chosen due to its higher version number (a very odd situation indeed!) good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgpFjoXt4Om4d.pgp Description: PGP signature
Re: SSH and compression
* Angel L. Mateo ([EMAIL PROTECTED]) [020626 23:40]: El jue, 27-06-2002 a las 07:54, nate escribió: i dont think SSH's compression should affect security either way. I use it mostly out of habbit, it can sometimes improve the responsiveness of a connection. I would expect if compression did affect SSH's security it would be documented and well known ... Why it hast to be a problem? Finally, you have an encrypted message, so what is the problem? If ssh encrypts first and then compresses, you can uncompress the message, but then all you've got is an encrypted message. By other side, if ssh compresses first and then encrypts, you can't even uncompress the message because you have to decrypt it previously. It doesn't make any sense to encrypt first and then compress. A good cipher will produce non-compressible output: it will look like random data and not have distinguishable patterns in it. Compression is generally used with encryption because it reduces the redundancies in the plaintext, which can make cryptanalysis harder. English text is regarded at somewhere near 1-1.5 bits per letter. Compression can greatly improve this randomness by reducing the redundancy. Also, encryption is generally expensive CPU-wise, so compressing first reduces the amount of work to be done. good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgpHCMfvXGaxF.pgp Description: PGP signature
new ssh and Accepted hostbased in logs
Hey everybody, I've noticed that since upgrading to the woody/updates ssh package (3.3p10.0woody1) My logs show Accepted hostbased instead of Accepted publickey whenever a user logs in with a public key. This is using protocol version 2, with clients of the same version (running on sid), and also for other users whose client versions I haven't yet checked. I've never used hostbased authentication before, and I'm wondering if this is just a logging error, or if I've somehow mucked up the configs so that it is using hostbased. When I connect without an agent, it does ask for my key passphrase, and ssh -v looks to me like it is using public key: debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: userauth_pubkey_agent: testing agent key /home/vineet/.ssh/identity debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x8094400 hint -1 debug1: ssh-userauth2 successful: method publickey And here's excerpts from sshd_config on the server: # rhosts authentication should not be used RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication #IgnoreUserKnownHosts yes Also, this is happening on 3 different machines (but all with the same version). So that leads me to guess that it's less likely a configuration error. So it looks to me like it's just logging it incorrectly. Has anyone else noticed this behavior? Any other incorrectly-reported auth methods you've seen? I just tried password (just to test) and it does show up as Accepted password in auth.log . I'll file a bug; I was just curious whether anyone else saw something similar. good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgpiLnHjHRqsj.pgp Description: PGP signature
Re: new ssh and Accepted hostbased in logs
* Ralf G. R. Bergs ([EMAIL PROTECTED]) [020626 11:47]: On Wed, 26 Jun 2002 11:28:29 -0700, Vineet Kumar wrote: I'll file a bug; I was just curious whether anyone else saw something similar. ACK. I'm seeing the same on several different systems (Debian 2.2 and pre-3.0.) Thanks for the confirmation. It's here now: http://bugs.debian.org/151097 good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgp5xZbp80HzM.pgp Description: PGP signature
Re: logging question
* Geoff Ludwiczak ([EMAIL PROTECTED]) [020624 22:11]: I'd like to know about what you people use for monitoring logs. Like for instance, I know in Debian, that all logs are put into /var/log. So I have a shell script that does sudo tail -f /var/log/*.log to keep track of changes. I'm wondering, what progams or what kind of setup do you have for monitoring logs? I use the X window system a lot, so I guess what I'm also asking is, what are the best programs for keeping these logs visible? Do you have a transparent term or xconsole or some other root window writing program open? I'm curious how it should be setup. Does anyone have links on this subject? Logcheck is awesome. You specify regexes for things that are normal, and it emails you if anything else shows up. Also, if you're in X a lot and want to keep an eye on things, look at xconsole. good times, Vineet -- http://www.doorstop.net/ -- I disapprove of what you say, but I will defend to the death your right to say it. --Beatrice Hall, The Friends of Voltaire, 1906 pgpQ8hX1UIsxl.pgp Description: PGP signature
Re: Centralized /etc/passwd ?
* Paladin ([EMAIL PROTECTED]) [020624 16:00]: On 24 Jun 2002 15:01:47 -0500 Ron Johnson [EMAIL PROTECTED] wrote: I've heard that NIS isn't very robust. Might LDAP be a better choice? Or is there an important integration between NIS NFS? Funny... I think I've heard something about NFS being kind of old... I may be wrong though! :/ NIS LDAP... I'm on the good track now! Thanks everyone! =) BTW, what's more secure? Putting everything in the firewall PC or on The general answer to this is that it's more secure to keep your firewall machine as minimal as possible. The less it has on it, the fewer possible holes there are. any other one that's inside the firewall? Another thing (I haven't got the time to read the documentation, I'm sorry...), can the root account be centralized too? I don't know about this, but I'd urge that your firewall machine have nothing to do with it: it should have its own local root account and (probably) one local user account, and that's all. This is, of course, idealism, and assumes that you have servers (or at least a server) to spare. In my home network, I only have one always-on machine, so its duties are slightly more expanded than the paranoid firewall should be. Even with just one extra machine, it's easy to make one a stripped-down firewall-only box and the other your all-serving internal box (which can also run dmz-type services, such as web, mail, etc. via DNAT). good times, Vineet -- http://www.doorstop.net/ -- I disapprove of what you say, but I will defend to the death your right to say it. --Beatrice Hall, The Friends of Voltaire, 1906 pgp9ZuI791HZv.pgp Description: PGP signature
Re: Centralized /etc/passwd ?
* Carel Fellinger ([EMAIL PROTECTED]) [020625 02:49]: On Tue, Jun 25, 2002 at 02:05:38AM -0700, Vineet Kumar wrote: * Paladin ([EMAIL PROTECTED]) [020624 16:00]: .. BTW, what's more secure? Putting everything in the firewall PC or on The general answer to this is that it's more secure to keep your firewall machine as minimal as possible. The less it has on it, the fewer possible holes there are. The more liberal stance would be to have no external services open on the firewall (blocking them at the ip level), and run only a few local only services that you really can't live without on the firewall. .. spare. In my home network, I only have one always-on machine, so its duties are slightly more expanded than the paranoid firewall should be. Even with just one extra machine, it's easy to make one a stripped-down firewall-only box and the other your all-serving internal box (which can also run dmz-type services, such as web, mail, etc. via DNAT). IMHO it's stupid to mix dmz-type services with local only services as the point of DMZ is to shield your own network and your firewall from the hostile net. I really believe it's better to have the DMZ machine do DMZ services only, and lacking an extra server to put the local only services on the firewall. The change of breaking in into the firewall seems less than the chance of breaking in into the DMZ with all it's flacky services running. Sure, and that's just the point. If I have a firewall machine running on an Inet address and a server machine doing apache and sendmail for the outside and also bind and samba inside, it's harder to catastrophically break into the system. Say a remote exploit is found in sendmail which allows the attacker to open a listening port that goes straight to a root shell. Without also breaking something on the firewall (which is running nothing but iptables) they can't ever connect to that backdoor. Again, the ideal assumes availability of spare servers, but my point is that with only 2 servers the setup can be much better than with only 1 doing firewall + services. In this case, it still shields your firewall from the hostile net, if not your LAN. putting them all on one box has no such shielding effect. I guess my fault was using the term DMZ which implies a degree of protection that this arrangement does not afford. good times, Vineet -- http://www.doorstop.net/ -- Satan laughs when we kill each other. Peace is the only way. pgpgdWZYxEDws.pgp Description: PGP signature
mutt's thread editing (was Re: Thread stealing )
* Hans Ekbrand ([EMAIL PROTECTED]) [020625 05:03]: On Tue, Jun 25, 2002 at 07:41:42AM -0400, christophe barbé wrote: Could you avoid posting to a mailing list by doing a reply to a current thread and changing the subject ? I don't know for pine but on MUA able to display the threads, it's boring to see a thread in another simply because you can type the ml address by yourself or save it in your address book. Agreed. It makes it harder than it ought to be to manage this high-volume list (Deleting a whole thread is very convenient, but thread stealing undo the gain of an intelligent MUA). Of course, we all wish they'd stop doing that, but there will always be people who do. Mutt's thread editing patch works wonders for this. It's included by default in mutt 1.4. Then you can just hit '#' on the offending messages and voila! It breaks the thread. good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgpygw2X3JHeI.pgp Description: PGP signature
Re: Unix 101: ls with file count
* Kent West ([EMAIL PROTECTED]) [020625 05:51]: Here's my alias, which I believe works like I want it to: alias dolsa='ls -la --color | more ; echo ---; echo `ls -la | grep ^d | wc -l` Directories; echo `ls -la | grep ^- | wc -l` File(s) ; echo `ls -la | grep ^l | wc -l` Symbolic Link(s); echo 1 Byte Count ; echo `ls -la | wc -l` Total Items' Thanks, everyone! Glad you got that working! But it's a bit hairy, and would be a headache to change, if the need ever arose. How about this, instead: make a script called ~/bin/dolsa that looks like this: #!/bin/sh ls -la --color | more echo --- echo `ls -la | grep ^d | wc -l` Directories echo `ls -la | grep ^- | wc -l` File(s) echo `ls -la | grep ^l | wc -l` Symbolic Link(s) echo 1 Byte Count echo `ls -la | wc -l` Total Items EOF Then 'chmod a+x ~/bin/dolsa' and ensure that ~/bin/ is in your path, by uncommenting the appropriate section in your ~/.bash_profile . The above is equivalent to your alias, but much easier to read, no? You could also optimize it (though I'm sure it runs fast enough that the time is trivial) by storing the output of ls -la instead of calling it 3 times and by using grep -c instead of piping to wc -l . You could also wrap the whole thing in $( ) | more instead of just piping the ls output to more. Better yet, use less. Better still, use ${PAGER:-/usr/bin/pager} . But don't stress out about it. These suggestions are the type that a software engineer sees but that really don't make much difference to the user. If you got it working, that's what counts! good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgpKQydSZn27i.pgp Description: PGP signature
Re: wheel mouse wheel not working
* Vikki Roemer ([EMAIL PROTECTED]) [020625 09:37]: My version of XFree86 is 3.3.5 . From my /etc/X11/XF86Config file: Section Pointer ProtocolIntelliMouse Device /dev/mouse BaudRate1200 Emulate3Timeout 50 Resolution 200 EndSection Was that the right file? It looks different than what everyone else is posting. I notice you said you were using /dev/gpmdata. IMO, that's the right thing to do. It's the only thing to do if you also want to be able to use your mouse on the text consoles as well as in X. If not, just remove gpm and use /dev/psaux. To keep gpm around and use X, and use the wheel, make your gpm.conf look like this: device=/dev/psaux responsiveness= repeat_type=raw type=imps2 append= sample_rate= and set X to use ImPS/2 on /dev/gpmdata good times, Vineet -- http://www.doorstop.net/ -- I disapprove of what you say, but I will defend to the death your right to say it. --Beatrice Hall, The Friends of Voltaire, 1906 pgpdDCUPRV3X7.pgp Description: PGP signature
Re: Problem connecting app to X display server--more failed efforts
* Sivea Key ([EMAIL PROTECTED]) [020625 09:45]: [additional efforts] I did some further research and typed: set DISPLAY hostname:0.0; export DISPLAY That looks like a mixture of csh-style and sh-style syntax. try isntead DISPLAY=:0 export DISPLAY That's the matter of syntax. As for the matter of semantics, you shouldn't be resetting DISPLAY to use X apps across a network. You should be using ssh with X11 forwarding. The reason is that sending an X connection in the clear is like using telnet: anything you type can be sniffed from the network. ssh helps protect you from that by tunneling the connection through an encrypted tunnel. Debian helps you stay secure by not enabling tcp listening by default in the X server installation. The best way to do this is to start on the machine you want the app to be displayed on, and go ssh -X otherhost application For this to work, the ssh server on otherhost must allow X11Forwarding in /etc/ssh/sshd_config as well. good times, Vineet -- http://www.doorstop.net/ -- I disapprove of what you say, but I will defend to the death your right to say it. --Beatrice Hall, The Friends of Voltaire, 1906 pgpOjpENDpKax.pgp Description: PGP signature
Re: ssh 3.3p1-0.0potato2 not in potato?
* justin cunningham ([EMAIL PROTECTED]) [020625 11:31]: Hi list, Please respond to the email address in addition to the list. I just pulled this package down via apt-get upgrade on a testing machine though, on the stable boxes, after dselect update, dselect shows the 1.2.3 version for openssh as the most current. packages.debian.org seems to be a version behind as well. Assuming the package above is part of the stable branch and I wanted to upgrade it; how do I do this while leaving the rest of my current config the same? Do you have this line in your sources.list? deb http://security.debian.org/ stable/updates main contrib non-free Technically, it's not part of potato, so I guess it makes sense that packages.debian.org doesn't show packages from there listed in the stable dist. good times, Vineet -- http://www.doorstop.net/ -- I disapprove of what you say, but I will defend to the death your right to say it. --Beatrice Hall, The Friends of Voltaire, 1906 pgpftg8PSEPL5.pgp Description: PGP signature
Re: Problem connecting app to X display server--more failed efforts
* Sivea Key ([EMAIL PROTECTED]) [020625 11:42]: Now, how do I set the DISPLAY (and other variables I had to set for this program) permanently? And do I set them as root, su, or my normal user account? Put them in your ~/.bashrc . Although this will make the apps display on the other machine even when you're sitting at the one! You could instead put an alias in your .bashrc that sets it up for you, something like alias otherhost='export DISPLAY=otherhost:0' good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgpLHs9lJTppb.pgp Description: PGP signature
Re: can't upgrade apache -- apt-get problem?
* Jakob Fix ([EMAIL PROTECTED]) [020625 15:18]: Hi, I am relatively new to debian ... I would like to upgrade my apache server to 1.3.26. I do: - [EMAIL PROTECTED]:~$ sudo apt-get upgrade apache That's not the right way. You want 'apt-get update' followed by either 'apt-get install apache' or 'apt-get upgrade'. good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgp1qWeePypcP.pgp Description: PGP signature
Re: allowing telnet for only a few users?
* Johann Spies ([EMAIL PROTECTED]) [020624 08:55]: On Fri, Jun 21, 2002 at 08:21:58PM -0700, Eric G. Miller wrote: Looks like pam_listfiles can do this... I can't find pam_listfiles on my system using locate, auto-apt search -f or apt-cache search. What is it? Part of which package? It's /usr/lib/pam_listfile.so , part of libpam-modules good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ pgpvtGDiO6Uc9.pgp Description: PGP signature
Re: Centralized /etc/passwd ?
* Paladin ([EMAIL PROTECTED]) [020624 11:38]: Is it possible to have a centralized /etc/passwd (plus all necessary MD5 password files) as well as the home directories in a network? What you're looking for is NIS. Start out by reading the HOWTO: http://www.google.com/search?q=nis+howtobtnI=I good times, Vineet -- http://www.doorstop.net/ -- Computer Science is no more about computers than astronomy is about telescopes. -E.W. Dijkstra pgpMXJbruft3t.pgp Description: PGP signature
Re: automatic poweroff
* Patrick M ([EMAIL PROTECTED]) [020622 22:00]: My machine wont power off when shut down from Linux. Yet, it will do so properly when shut done from Windows. I tried 2 things: 1- I insmoded APM module, ran apmd, and gave apm=on parameter to the kernel. 2- I compiled a new kernel with ACPI enabled. None of them work. I went through the list archives and asked the folks on #debian irc channel. My motherboard is an Asus CUV4x (fully ACPI compliant). You guys have any ideas? Well, I read through the rest of the thread so far and didn't see any mention of it, so maybe it's something as simple as # apt-get install acpid ? good times, Vineet -- http://www.doorstop.net/ -- Satan laughs when we kill each other. Peace is the only way. pgppRCPonkOLW.pgp Description: PGP signature
Re: `which` and infinite recursion
* Bob Proulx ([EMAIL PROTECTED]) [020623 14:19]: You were using /bin/ash not /bin/sh. I know nothing about ash, please Well, you're not going to find the real /bin/sh Free anywhere, so that's about as close as it gets. educate me. Is ash ever a possible /bin/sh? Does ash claim POSIX shell syntax compliance? Yes, ash is POSIX compliant, and debconf asks if you would like ash to be installed as /bin/sh when you install it. good times, Vineet -- http://www.doorstop.net/ -- I disapprove of what you say, but I will defend to the death your right to say it. --Beatrice Hall, The Friends of Voltaire, 1906 pgpvxx0BCsQ6D.pgp Description: PGP signature
Re: exim smtp auth with PAM
* Rainer Ellinger ([EMAIL PROTECTED]) [020622 01:06]: Is there anybody out there having exim (woody) running with smtp auth based on PAM (pam_unix.so)? It seems not to be possible without recompiling exim, using a special pam_exim.so or some other hacks. I have exim 3.35-1 working with PAM, but not specifically pam_unix . Is the trouble specific to that module? That would be surprising; if exim talks to PAM, it shouldn't care (or even be aware, really) of the underlying PAM modules in place. FWIW, I'm using it with pam_pwdfile to success. I point it at the same file I use to authenticate for my cyrus IMAP server, so users use the same login info for incoming and outgoing mail. Let me know how far you've gotten and what you need help with. You can use exim -d9 to get more info on how the authenticators are being used and what information is passed to and returned from PAM. good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ pgpX5WFP004xH.pgp Description: PGP signature
Re: netatalk stopped working. help/advice needed
* Michael Heldebrant ([EMAIL PROTECTED]) [020620 20:51]: On Thu, 2002-06-20 at 22:30, Paul E Condon wrote: What is the stuff about minimum uid? Explain what considerations affect the value I choose for this. Must I choose? Or may I ignore? I have no idea what that means. I didn't use it. Perhaps a more security conscious debian-security list lurker might know. Well, I'm no security guru, and I haven't set up netatalk in ages, so take this with a cc of salt. My guess would be that this would be something like specifying the lowest UID that is able to access shares. You should probably use 1000 by default, which is where adduser starts adding regular user accounts by default. The setting would be used to prevent someone from trying to connect and assume the identity of a system account like mail, www-data, or root. Again, that's just a vague guess. good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/ pgpFrxjhtBgMp.pgp Description: PGP signature
Re: More modem problems with kernel 2.4.18
* Paul Johnson ([EMAIL PROTECTED]) [020620 19:43]: price doesn't seem to play a factor in, and the last thing I want is a device I plug into a line I know goes to the top of telephone poles subject to lightning strikes slapped directly on my motherboard. Another advantage with externals is you have some hope of destroying the modem before the strike voltage goes on to the computer... You should be able to find a surge protector with RJ11 jacks on it for around $9.95 at circuit city... good times, Vineet -- http://www.doorstop.net/ -- Satan laughs when we kill each other. Peace is the only way. pgp5Z3ue6t4lF.pgp Description: PGP signature
Re: Exim authentication
* Derrick 'dman' Hudson ([EMAIL PROTECTED]) [020620 20:43]: On Thu, Jun 20, 2002 at 07:57:17PM -0700, ben wrote: | On Thursday 20 June 2002 06:56 pm, Derrick 'dman' Hudson wrote: | Is linux a system that requires root access to use PAM? If so, then | pam can't be used directly by exim. You can, however, use a different | lookup for users (eg look in a passwd file made just for exim, or use | LDAP or SQL or something else). | | I hope PAM can be used on linux ... someone please tell me if root is | required. The question is : Can exim, running as user mail (uid=8?), perform user authentication via PAM or must other methods be used? This is to provide SMTP AUTH service. I know it won't affect other aspects of exim. The answer is yes, exim can use pam with uid==8. I'm using SMTP auth with the debian-packaged exim, running under the default uid and gid, making use of pam authentication (with a separate user list via pam_listfile instead of with regular user accounts, but that's below the abstraction line as far as exim is concerned.) good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ pgpbQMIAT2HxK.pgp Description: PGP signature
Re: More modem problems with kernel 2.4.18
* Paul Johnson ([EMAIL PROTECTED]) [020620 23:28]: On Thu, Jun 20, 2002 at 11:24:50PM -0700, Vineet Kumar wrote: You should be able to find a surge protector with RJ11 jacks on it for around $9.95 at circuit city... These tend to introduce a considerable amount of line noise and you end up plugging your modem into two things that can get hit by lightning... Really? I've actually found that surge protectors generally decrease line noise, but that's speaking of home stereo equipment. I've never done any testing on phone lines through it. You've also lost me on how this is adding any points of potential lightning. Sans surge protector, you'd have: [CPU]--serial-cable--[modem]--phone-line--wall | | | power cord | | +-[surge protector]---wall With a surge protector, you have this: [CPU]--serial-cable--[modem]--phone-line-+ | || | power cord | | || | +--[surge protector]--wall | | | +---power-cord-+ | | wall In either case, lightning comes in from the wall, but in the second case, you're protected wherever it comes from. Where's the misunderstanding? good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/ pgpdLIT7S4vpG.pgp Description: PGP signature
Re: potato security?
* Rick Pasotto ([EMAIL PROTECTED]) [020620 13:16]: On Thu, Jun 20, 2002 at 06:02:30PM +0100, James Troup wrote: Rick Pasotto [EMAIL PROTECTED] writes: deb http://security.debian.org/debian-security/ potato/updates main contrib non-free deb http://security.debian.org/debian-non-US/ potato/non-US main contrib non-free ^^^ I am now getting 404 errors. Don't do that then. change 'security' to 'non-US' for the non-US line and it'll work. I have my doubts that you know what you're talking about. 1) I have been doing an 'apt-get update' every day for several months with no error (as I pointed out in the part you snipped). What has changed? Not my system. Debian has changed. 2) If I change 'security' to 'non-US' will I get the non-US security updates? I already have the line that your change would result in and there *is* a security.debian.org:/debian-non-US directory tree. Hopefully someone more knowledgeable will correct me if I'm wrong, but I believe the confusion here is that you're trying to add a line for security updates and another for non-us security updates, which is unnecessary. I believe the one line for security.debian.org is all you need to get potato's security updates including updates for packages found in non-us. So rather than trying to change that second line to something correct, just remove it. James' suggested change would make that line a valid non-us line, which you say you already have. I hope I helped clear up the misunderstanding; in any case, forgive me for butting in. good times, Vineet -- http://www.doorstop.net/ -- [T]he ad skips It's theft Any time you skip a commercial... you're actually stealing the programming. - Turner CEO Jamie Kellner Is fair use dead? Help the EFF help you! http://www.eff.org/ pgpYd4zkvooQK.pgp Description: PGP signature
Re: More modem problems with kernel 2.4.18
* Paul Johnson ([EMAIL PROTECTED]) [020621 00:17]: On Thu, Jun 20, 2002 at 11:44:21PM -0700, Vineet Kumar wrote: Where's the misunderstanding? On my part, to be sure. (Re-reading this I realize that I didn't word it so as to imply that that was my guess; apologies if it sounded rude.) The line noise isn't worth it on the phone line. Yeah, it cleans up the power lines pretty well, but it takes a bit more to keep a phone line noise-free and [external] modems a bit more tollerant to phone line voltage changes from my experiance. You can go with a surge suppressor on the phone line, but you won't get quite the same speed, especially past 28.8kbps. I hadn't any experience here; thanks for the info. good times, Vineet -- http://www.doorstop.net/ -- Satan laughs when we kill each other. Peace is the only way. pgpAc8luIrBDD.pgp Description: PGP signature
Re: Exim authentication
* Mike Mimic ([EMAIL PROTECTED]) [020621 02:18]: I have used: plain: driver = plaintext public_name = PLAIN server_condition = ${if pam{$2:$3}{1}{0}} server_set_id = $2 my plain authenticator looks identical to the above, but my login is different from the one below. login: driver = plaintext public_name = LOGIN server_prompts = Username:: : Password:: server_condition = ${if pam{$2:$3}{1}{0}} server_set_id = $2 Mine looks like this: login: driver = plaintext public_name = LOGIN server_prompts = Username:::Password:: server_condition = ${if pam {$1:${sg{$2}{:}{::}}}{yes}{no}} server_set_id = $1 The sg bit is to double any colons in the password string (s/:/::/g). That's just a quoting thing. The main difference I see is that you're calling to pam with $2 and $3, where I'm using $1 and $2 (and server_set_id = $1). as is written in Exim specifications. And I use MIME encoded '\0user\0password' (\0 are NULL). Is this correct? Will mail clients use such line too? Unfortunately, we can't count on client mailers to go by the standard in this case, especially when the client uses MS mailers. Your best bet for testing is to test with the mailers your clients will be using. I believe you're on the right track for testing, though; you just need to base64 encode \0user\0password. Trying it with exim -d9 will let you know if exim is interpreting the username and password as you expect it should be. 2) Is linux a system that requires root access to use PAM? As Vineet Kumar said it is. Well, actually I said just the opposite: it can be done on linux without running as root, but I think you understood that to be what I meant, just said it wrong. So what is wrong? As I see exim uses correct strings for username and password and use PAM which returns that password isn't correct. Still not sure exactly what's going wrong. Here's my pam.d/exim: # PAM configurtion file for exim smtp auth auth required /lib/security/pam_pwdfile.so pwdfile /etc/imap.passwd accountrequired /lib/security/pam_permit.so That authenticates against a username:crypted_password file instead of the regular unix authentication. This enables my imap users to relay through the machine (and they don't have shell accounts). I don't think you should need a session group in your pam file for smtp auth, and I just use pam_permit for account since I manage the password file manually. (Otherwise you could use pam_unix for auth and something else for account to control whether the user should be allowed to use exim for smtp auth). I hope that helps. If not, I can post more details about why it's set up the way it is -- just ask. good times, Vineet -- http://www.doorstop.net/ -- [T]he ad skips It's theft Any time you skip a commercial... you're actually stealing the programming. - Turner CEO Jamie Kellner Is fair use dead? Help the EFF help you! http://www.eff.org/ pgpgF9S6vkQjR.pgp Description: PGP signature
Re: potato security?
* Carlos Sousa ([EMAIL PROTECTED]) [020621 15:18]: I'd rather my lines mentioned stable instead of potato. Would that be OK? Just watch out for when that symlink changes to point to woody instead of potato. I'd say it's probably safer to keep them saying potato, at least right now, when that symlink will be changing in the near future. good times, Vineet -- http://www.doorstop.net/ -- I disapprove of what you say, but I will defend to the death your right to say it. --Beatrice Hall, The Friends of Voltaire, 1906 pgpGgsSxiHPD8.pgp Description: PGP signature
Re: /dev/dsp: No such device
* Ernst-Magne Vindal ([EMAIL PROTECTED]) [020620 09:18]: On Thu, 2002-06-20 at 16:32, Jerome BENOIT wrote: I had the same prop. Can you run it as root? if so just do chmod a+x /dev/dsp better still: # adduser user audio and leave the permissions alone: crw-rw1 root audio 14, 3 Mar 14 13:51 /dev/dsp good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/ pgpLq2oZw4vNF.pgp Description: PGP signature
Re: groups.google festoons PGP SIGNATURE
* Dan Jacobson ([EMAIL PROTECTED]) [020621 15:46]: The following message is a courtesy copy of an article that has been posted to news.groups,google.public.support.general as well. I see the news professionals on google have a hard time dealing with all the PGP SIGNATURE stuff that is all the rage say on muc.lists.debian.user there. It's like festooned all over the place. Probably it should only be seen when one clicks on original format. It seems like in going from the mailing list to the newsgroup the MIME Content-Type header is lost (the one that says multipart/signed and gives the boundary lines). Not sure if the header is lost in the mail-news gateway or in google's archiving, or even, really, how it's supposed to work in USENET. good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/ pgpwbKmZIQYK6.pgp Description: PGP signature
Re: What is happening to testing/unstable?
* Richard Cobbe ([EMAIL PROTECTED]) [020620 15:59]: Lo, on Thursday, June 20, Colin Watson did write: If you care about dpkg's available file being up-to-date, you need to run 'dselect update', which runs 'apt-get update' for you. You don't need to run 'apt-get update' as well. Pardon the somewhat elementary question, but what is dpkg's available file used for, and why would I need it to be up to date? My understanding is that dpkg is the debian package manager, and apt is a tool used for downloading debs. dpkg can use various methods for getting debs: they can be sitting on your hard disk, on a cdrom, can be downloaded by ftp, etc. But pretty much everyone uses the apt backend to dselect. Apt knows how to keep track of debs available from various sources, and knows how to ask dpkg to install them once they've been downloaded. But it doesn't mess with dpkg's database of what versions of what packages are available. That's how I see the system working, but be warned, I'm just a user, too! =) In any case, it seems like you can pretty safely manage a system using only apt, but that it's slightly more proper to use dselect update instead of apt-get update because then dpkg's database contains current information as well, so that things like dpkg -p and dselect will work. If you're one of many people who fears dselect and vows never to use it, and uses apt-cache instead of the dpkg tools, then you can probably just keep using apt-get update and be no worse off for it. Myself, I like to use dselect update, pretty much just because it doesn't cost me anything extra, and I always have the option of using dselect or dpkg -p (or anything else that uses dpkg's available database that's not on the top of my head right now...). I guess _that_ was really the question you asked, though: what is it used for. Well, at least dpkg and dselect use it, maybe other things, too. Hopefully someone else can expand on that point. good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ pgpLiX8vJgIHo.pgp Description: PGP signature
Re: trying to copy the / (root) partition
* Erik Mathisen ([EMAIL PROTECTED]) [020620 16:06]: Hello, I made a post yesterday, but I still have not been able to resolve this issue. I am putting a brand new hard drive into my system. I would like to totally remove my my original drive. I have copy and successfully made /home and other partitions and they are working great. Now the only challenge is to try to copy over the root partition, and make a boot loader boot to it. If anyone could give me a procedure to follow or a reference to read, it would be greatly appreciated. Your best bet is probably to boot to a rescue disk, such as a debian install CDROM. Then you can just mount it and copy it over like any other non-root partition. In your new root partition, just edit (if necessary) your lilo.conf and run lilo, and you're all set! A little more detail on that last step: I'd recommend 'organizing the drives the way you intend to keep them finally: if the new drive will be hda, put it as hda now, and keep the old drive somewhere in the system (say hdb). Boot off of the rescue disk and copy stuff over. This way you probably won't even need to change lilo.conf, just run lilo. Then you can reboot to the new drive and just be up and running, and still have the old drive in there to be able to get at it in case you need it, or just remove it after you've confirmed that the new drive is working fine and you've copied everything from the old drive over. good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ pgpNMR5GIH0km.pgp Description: PGP signature
Re: Where are the GAIM sounds?
* Nick Traxler ([EMAIL PROTECTED]) [020618 17:32]: Subject says it all. I listed gaim, gaim-common, and gaim-gnome. None of them seem to have any sounds, so am I missing a package, or are they not in the debian version? I'm using unstable. They're built-in. they come in a sounds directory in the source as .au's, but are compiled into the binary with something called au2h.c also there. So when gaim sees (default), it uses sounds which are compiled in the gaim binary. (Why? who knows! It seems it would make more sense to include the sound files in the distribution and reference them via pathnames in .gaimrc, but that's just me...) Anyway, if you want the sound files, just download the source. good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ pgpSTpEKUK2UH.pgp Description: PGP signature
aptitude vs. dselect
Hi, I'd heard that it's better to use dselect update than apt-get update because the former also updates dpkg's available database (which seems to me is pretty important). I've started using aptitude, but have gotten myself in the habit of running deslect update, and wonder if this is still necessary? Given that the aptitude man page says that aptitude's update is equivalent to apt-get update, I'm guessing that I should continue with dselect update as I've been doing. Can anyone with some more knowledge confirm or deny that? I did download the source, but (as the comment says) that particular section is a little hairy, and so I thought I'd ask here if anyone knows off-hand before getting myself tangled up in the inner workings of apt. Thanks. good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/ pgpiuCC8BJsDa.pgp Description: PGP signature
Re: see shutdown messages without hitting alt ctrl F7
* Dan Jacobson ([EMAIL PROTECTED]) [020619 15:15]: I notice upon shutdown -h now I miss all the neat messages about what its shutting down, because I am sent to tty1 instead of remaining on window 7, the xwindow, and I must manually do alt ctrl F7 to go back and see them. I suppose this is for my own good, in case I want to type any last words or requests into tty1 before power is cut. However I miss the orderly turning off of services messages, and feel that I should get to see them without having to do alt ctrl F7, especially since that's where I was in the first place. Well, you could exit X, and then shutdown from the console. In that case, the messages would spew to your current console, (tty1, say) and you'd see them right there. Alternatively, you can specify a particular console to always be the console that the kernel spews messages to: add a console= parameter to your kernel command line. You can try that once by entering Linux console=/dev/tty8 at LILO's boot prompt, and if you like it, make it permanent by adding 'append=console=/dev/tty8' to your lilo.conf and re-running lilo. (Needless to say, these examples only work if you're actually using lilo, not grub or something else.) If you use one of those methods, all kernel messages will be sent to tty8 instead of /dev/tty0, which always refers to the current virtual console. (Of course, adjust tty8 to tty1 or tty12, or whatever you prefer). good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ pgp5LKHpKtqLC.pgp Description: PGP signature
Re: OGG wont do
* Florian Struck ([EMAIL PROTECTED]) [020617 13:54]: On Monday 17 June 2002 22:44, Steve Juranich wrote: Have you tried just playing the .ogg files with ogg123? Do you have any KNOWN GOOD-type of .ogg's? I'd test with those first to see if it's a problem with your player or with the encoder. Hehe just tryed playing with ogg123 it says: Error opening mp3/joplin_janis/greatest_hits/piece_of_my_heart.ogg using the oggvorbis module. The file may be corrupted. and ogginfo says: -snip- stream_integrity=fail stream_truncated=true header_integrity=fail stream_integrity=fail stream_truncated=true header_integrity=fail -snip- curious; what does $ file mp3/joplin_janis/greatest_hits/piece_of_my_heart.ogg say? as i sayd i tryed gogo and lame both times it wont play (using sid) How about just using oggenc on those wavs? good times, Vineet -- http://www.doorstop.net/ -- [T]he ad skips It's theft Any time you skip a commercial... you're actually stealing the programming. - Turner CEO Jamie Kellner Is fair use dead? Help the EFF help you! http://www.eff.org/ pgpBlUSTDB7Pm.pgp Description: PGP signature
Re: Exim Vs Sendmail
* Ronald Castillo ([EMAIL PROTECTED]) [020617 16:45]: Hello.. I currently have Exim installed but I have a script that needs sendmail (so it can mail me the results for a web-page form). Is there any way I can make the script work without having to install sendmail? It calls sendmail like this: /usr/lib/sendmail -i -t The script documentation says -I is to indicate sendmail that a single You mean '-i', not '-I' (right? That's what you said above, and that's what exim's sendmail(8) says -i should do.) period will not end the email and -t instructs sendmail to read the recipients list from the message text. exim's /usr/sbin/sendmail should work fine. The package also creates /usr/lib/sendmail as a link to the former, so this should all Just Work for you. I'm curious why it doesn't? You did install exim from the debian package, no? What version? good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ pgpO8mPwBslaR.pgp Description: PGP signature
Re: xine wants /dev/null - why?
* umidori kamome ([EMAIL PROTECTED]) [020615 16:54]: Hey Yo Hoh! Sound doesnt work with xine here (its an es1371, does work under kde, xfce and progs like mpg321). In the setup window, audio the default driver is null - not too cool! But even changing it to dsp or /dev/dsp (is the device wanted here or really a driver?) or es1371 doesnt have any effect at all. No sound and again null as soon as I change the tabs in the window (or restart the setup or the whole app). Whats going wrong here - is it my fault or something ugly? Try 'xine -help'. It'll tell you the list of available audio drivers. It should be something like: null oss esd Look for the line describing -A or --audio-driver to see what I mean. You probably want to use oss. good times, Vineet -- http://www.doorstop.net/ -- http://www.aclu.org/ pgpi2Do0ywMEl.pgp Description: PGP signature
Re: debian is neat but how do I turn the computer off?
* Paul Johnson ([EMAIL PROTECTED]) [020613 15:54]: On Thu, Jun 13, 2002 at 04:51:02AM -0500, Nick Traxler wrote: Everyone has been recommending APM for this, but my motherboard (Abit VP6) wouldn't turn the power supply off until I turned on ACPI in the kernel. Check up on this as well as APM. Depends on the board. Some use that [weird] ACPI standard instead of APM like the rest of the world. Weird or no, it's pretty nice when you have it set up right. Just press the power button, and it shuts everything down cleanly and powers down. Can APM do that? (that's a legitimate question, not a smarmy nah-nah remark.) If your board supports it, I'd recommend enabling ACPI in the kernel and installing acpid to get that working. good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgpt9FySVxhdj.pgp Description: PGP signature
Re: Why does Mozilla modify /etc/alternatives/netscape?
* Jeronimo Pellegrini ([EMAIL PROTECTED]) [020607 14:52]: Two banks on which I have accounts, for example... One of them will only allow IE or Netscape 4.*, and the other just won't work with Gecko (the browser just dies after a certain applet is used). Bank #2 just doesn't care. Well, when I was in exactly the same situation, I put my money where my mouth was and told them they were losing my business and my money because of the problem, and I closed the account. Then I came back here and told everyone to stay away from that bank (F you, citibank!) I know your situation is probably different from mine, and you may have strong reasons to stay with the bank. They may listen better if you make sure they know it's a customer service issue rather than just a tech support issue. good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgpdSV9nNyo9D.pgp Description: PGP signature
Re: Force password change on first logon on Debian Box
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [020607 20:40]: I need to force the users to change their password on first logon. How can I do this on a Debian Box? Taken from passwd(1): If you wish to immediately expire an accounts password, you can use the -e option. This in affect can force a user to change their password at their next login. You can also good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgpmawQRwRQ8D.pgp Description: PGP signature
Re: apache and suexec breaks my cgi script
* Derrick 'dman' Hudson ([EMAIL PROTECTED]) [020607 22:10]: [2002-06-07 23:55:40]: emerg: cannot get docroot information (/home/dman) drwx--x--x 92 dman dman 4096 Jun 8 00:13 /home/dman These 2 lines seem to make me think the problem is somehow related to not having +r on /home/dman. Does changing that permission alleviate the problem? IIRC, it does something like traverse back up the directory tree to see if the request is within a ~userdir, to see if it matches a Directory directive, I think. Just a shot in the dark. A look at the source would reveal exactly what the problem is (or at least where that error message comes from). good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgp6ga4nE0UKm.pgp Description: PGP signature
Re: mount of /boot partition not in /etc/fstab
* Thomas Kral ([EMAIL PROTECTED]) [020608 00:53]: hello there, i use potato as a production system on my box, and i have just installed woody 3.0p8 unofficial in a seperate partition for testing. i switch between these two using lilo, they both have boot images in the common /boot partition. thing is woody has mount /boot entry in fstab, but potato does not, yet both systems boot successfully. is this all right? Yep. You'll just need to make sure /boot is mounted when you run lilo. So remember to mount it before you try to install a newly-built or -downloaded kernel! good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgpQ3Y6Z91H0F.pgp Description: PGP signature
Re: Why does Mozilla modify /etc/alternatives/netscape?
* Bruce ([EMAIL PROTECTED]) [020607 09:01]: I am running Debian Woody/SID. I generally use Konqueror for browsing, though for some sites, I use Netscape v. 4.77, as Konqueror doesn't work well with them. I had Mozilla 1.0RC-2 installed, but had never run it until today. Looks great. Unfortunately, many sites I need to access EXPRESSLY DO NOT WORK with Mozilla or Netscape 6.0. These are unfortunately some of the most important sites I need to access, including some online banking sites, subscription based legal research sites, and others. They all work with Netscape 4.77. Most do not work with Mozilla/Netscape 6. Well, in reality, most of them probably do work, but the people responsible for supporting the applications don't want to have to officially support additional browsers. So, they put in a browser check to box you out. The User-Agent sidebar available from the Mozilla Evangelism site should help you work around it. good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgppqJblpyc22.pgp Description: PGP signature
Re: Spam mail question - yuppers
* prover ([EMAIL PROTECTED]) [020604 10:56]: I'M NOT MEMER OF YOUR MAILING LISTS. (...ad nauseum) I gotta say, I'm disappointed in spamassassin's default config in this case. I blacklisted the moron and the mails keep coming through. It seems he's managed his way into my auto-whitelist, and even blacklist isn't enough to mark it spam? Surely, I can change the scores on my own, but I would have expected that adding someone to the blacklist would, well, blacklist them. It should be something strong enough to overpower the other checks. Anybody else have an opinion on that? Should I file a wish? In the same vein, a question: What's the easiest way to remove this joker from my AWL? good times, Vineet P.S. I've replied to prover in the manner of Wade Richards' reply to Layne, back in the day. Hopefully that'll have gotten rid of him (though probably not; he's already demonstrated his inability to read this: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] ...so I don't know why I expect he might be able to read and reply to the unsubscription ping from the membership bot.) -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgpkz062JXEbr.pgp Description: PGP signature
Re: Spam mail question - yuppers
* Vineet Kumar ([EMAIL PROTECTED]) [020604 12:53]: In the same vein, a question: What's the easiest way to remove this joker from my AWL? Nevermind. I had spamassassin(1p) open in another xterm as I was writing this email; I should have finished reading it first! -R Remove all email addresses, in the headers and body of the mail message read from STDIN, from the automatic whitelist. good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgpq5b4xGQzP7.pgp Description: PGP signature
Re: port forwarding
* Paul Johnson ([EMAIL PROTECTED]) [020603 08:34]: iptables just confuses me at times. I'm trying to figure out how to forward all packets hitting this machine on one port to a port on another machine inside my network. I'm kinda stumped. $IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --dport $PORT \ -j DNAT --to-destination $OTHER_IP Should do it. The reason I give $EXT_IF up there is I'm assuming that the machine doing the DNAT is a gateway of some sort. If you're trying to get it working for machines within your network, it won't work: Machine A - just some machine on your network Machine D - the machine doing the DNAT Machine B - the $OTHER_IP listed above When A tries to connect to D on $PORT, the packets are re-sent to B. B sees a connection from A, and tries to respond to A, but A says wtf? I'm not trying to talk to B! and sends an RST, meanwhile waiting, retransmitting, and timing-out trying to connect to D. I works when D is a gateway between the machines because the return packets from B to A go through D where they are un-natted so that A sees them as part of the original connection. Perhaps you already know all this, but your exact setup was unclear in your original post. We can probably tell you exactly what's not working and how to make it better if you give us: a little bit of the network topology you're trying to use. (i.e. D is a gateway on the Internet, B is a machine in my private 192.168 LAN, and I want to DNAT requests coming from other Internet hosts, or something equally brief, but accurate to your setup) What commands you have tried and what results and/or log entries (if any) you have gotten. A bit of info about the rest of your firewall setup. Are you filtering as well? If D is a gateway as above, is all of the necessary traffic being allowed through FORWARD ? good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgpLmiWGwvm5K.pgp Description: PGP signature