moving linux installs
Wow, so today was a weird day - I wound up moving three servers onto different hardware, and their configuration was complex enough and the downtime requirements were tight enough and the budget small enough that a re-install and re-configure wasn't in the mix - so it was a 'move the hard drives and go from there' exercise, one I hadn't done recently. I was fairly impressed (not in a good way) with how hard pulling drives from one machine and running them in another was. initrd needed new drivers, modprobe.conf's needed to be updated to make that happen, raid arrays no longer auto-detected, grub wasn't valid, kudzu doesn't seem to auto-detect hardware changes anymore, and other fun stuff. I still haven't completely wrapped my head around the hwconf database, so I've got a couple machines running on eth2 and eth3 with ghost eth0 and eth1's around. Especially vexing was that it seems that grub needs to be run on the final destination hardware because of the way it does BIOS probes, so preparing the disks ahead of time wasn't obviously possible. Oh, and before anybody else gets bitten, the Fedora 8 Live CD doesn't include md* RAID tools anymore (Live 7 did). :( So, at first blush, Windows and Mac OS X beat the pants off of us on linux, because the former has multiple hardware profiles and the latter just has everything built-in, making this kind of work reasonable to easy. However, I notice that things like LiveCD's do nice auto-detection at system start and don't suffer from baroque machinations to get the things I described above working. So, perhaps this problem is solved already and just not widely distributed. Has anybody here figured out how to plumb hardware autodetection into a Redhat-line distribution (or others, I could switch distros over this). Or, is there a better way that hasn't occurred to me? (And yes, PXE booting with NFS-mounted everything of a big storage server is a good solution, but doesn't fit in the small educational settings I'm thinking about here). Thanks, -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Spam and extra MX records
On Apr 15, 2008, at 12:20, Ben Scott wrote: > Personally, I also find these kinds of strategies very rude. You're > increasing *my* mail server's load because *you're* not willing to > implement a proper anti-spam solution. Don't be a jerk about your > mail system. That makes you part of the problem -- not much better > than the spammers. How about if we're both increasing each others' mail server loads in an effort to combat spam? At what level is that worthwhile? When I first turned on greylisting I saw about a 60% drop on false-negatives everywhere. Now it's down to about 40%. If you're seeing 10 spams a day, seeing 4 the next day is rather impressive. Personally I was of the opinion that I'd be happy for my mail server to queue for a few more minutes if I'm helping you out in a major way. > Mostly, though, I'm against these kinds of things because they are a > doomed strategy. If enough people start doing it, the spammers *will* > adapt. They've already started doing so for greylisting-- modern > botnets follow proper SMTP retry protocol, or so I've read. Doesn't that pretty much define every anti-spam technique short of per-sender whitelisting? WTTW: they still haven't figured out to generate proper hostnames in SMTP introductions...postfix has a rule to check this. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Spam and extra MX records + cool dual-db setup
On Friday 18 April 2008 09:59, Lloyd Kvam wrote: > On Fri, 2008-04-18 at 09:38 -0400, Neil Joseph Schelly wrote: > > I've resolved the performance problems with a > > really cool dual-db setup I came up with that's giving me awesome > > performance. > > That piques my interest. Is it an update server replicating to a > reporting server or something more exciting? It's a setup with a dedicate-write database and a dedicated-read database. My assumption (which seems to be going well) is that the Bayesian database can be a little out of date (hours or even a day) and still be very effective at decision-making. So I dump the writeable database to the read-only database at regular intervales and the SQL in SpamAssassin's BayesStore module was all modified to do the write queries in one DB and the read queries in the other. I documented it with more detail on my site just a few minutes ago, with graphs to demonstrate the improved performance: http://www.jenandneil.com/node/59 If anyone sees any places I should expand on that, by all means let me know. I'm pretty proud of the results. After it runs for a bit longer, I was going to send it along to Apache/SpamAssassin as a feature request, suggestion. -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Notes from MerriLUG, 17-April-2008: Dan Walsh and SELinux
Eleven people attended the April meeting of MerriLUG, the Merrimack Valley chapter of the Greater New Hampshire Linux User Group. Heather called the meeting to order at 7:30 PM, noted the that attendees were pretty much The Usual Suspects, and dispensed with the long-winded announcements for new members. http://www.gnhlug.org will tell you all you want to know. Dan Walsh [1] was the main presenter tonight. Dan had a very special visit from the Demo Gods, just before he was to start. His hard drive decided that his boot partition wasn't. Never heard of ext3. Ouch. Ever the good showman, he borrowed my laptop, downloaded his presentations from the web [2], and put on a great show. Dan mentioned that he'd lost his previous laptop during his recent tour in Europe when it was stolen and that maintaining your home directory encrypted [3] was a Good Idea. Dan reviewed the history of SELinux and the iterations we saw in Fedora 3 though 8 and RHEL 3 through 5 and what to expect in 9. He talked about the evolution of the policies, the different feature sets available, how the SELinux architecture can meet the stringent requirements of DoD level organizations (with bullet points like: "RHEL5: MSP Policy: EAL4+, LSPP, RBAC" - who wouldn't be impressed?) to the Significant Others at home who really just want a machine to use the browser on. Dan showed off the new kiosk policy, xguest [4], which was essentially a minimal-permissions user (no setuid, no executables in the home directory, no installation abilities, etc.) extended to run FireFox. Perfect when someone wants to borrow your machine for a second! In the default settings (installable in F8 or 9 with sudo yum install xguest), it creates a fairly 'safe' user that can't do a lot of harm and whose directories are temporary RAM-based and vanish when the user logs out. (You can modify it to keep a persistent home to store cookies and bookmarks.) Ideal for a library or public kiosk situations. Yes, the evil minded boys in the room could come up with some work-around exploits, but this is a promising start! Thanks to Dan for a great presentation under trying circumstances, to Heather Brodeur and Jim Kuzdrall for managing and promoting the meetings, to Martha's Exchange for providing the facilities, and to all who attended and participated. [1] http://people.redhat.com/~dwalsh/ [2] http://people.fedoraproject.org/~dwalsh/SELinux/Presentations/ [3] http://fedoraproject.org/wiki/Releases/FeatureEncryptedFilesystems [4] http://fedoraproject.org/wiki/Interviews/SELinux?highlight=%28xguest%29 -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
RE: Bill McGonigle speaks at FOSS VT!
A google search turned up the following: http://www.tedroche.com/Present/2005/Speaking.html On Fri, April 18, 2008 11:27 am, Labitt, Bruce said: > Got a copy of that talk, "How to Speak Good"? ;-) I need to give a > presentation 2 weeks from now. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bill > McGonigle > Sent: Friday, April 18, 2008 1:26 AM > To: [EMAIL PROTECTED] > Cc: Greater NH Linux User Group > Subject: Re: Bill McGonigle speaks at FOSS VT! > > On Apr 14, 2008, at 10:29, Ted Roche wrote: > >> Congrats, Bill! Sounds like quite the success! > > Thanks, Ted. Fortunately I had attended a talk a while back by some > guy about "How to Speak Good", which was fundamental in preparing my > talk. :) > > -Bill > > - > Bill McGonigle, Owner Work: 603.448.4440 > BFC Computing, LLC Home: 603.448.1668 > [EMAIL PROTECTED] Cell: 603.252.2606 > http://www.bfccomputing.com/Page: 603.442.1833 > Blog: http://blog.bfccomputing.com/ > VCard: http://bfccomputing.com/vcard/bill.vcf > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- John Abreau / Executive Director, Boston Linux & Unix IM: [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED] Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Mono/.Net/C sharp/SuSE/Novell
>Working with a embedded platform using a TI part and >Monta Vista Pro embedded linux. A programming utility >was offered for this platform Flasher.tar.gz. Aha. Yes, that makes rather more sense than anything I came up with while I was stuck on the meaning of "flash", as the other person had guessed... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
RE: Bill McGonigle speaks at FOSS VT!
Got a copy of that talk, "How to Speak Good"? ;-) I need to give a presentation 2 weeks from now. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill McGonigle Sent: Friday, April 18, 2008 1:26 AM To: [EMAIL PROTECTED] Cc: Greater NH Linux User Group Subject: Re: Bill McGonigle speaks at FOSS VT! On Apr 14, 2008, at 10:29, Ted Roche wrote: > Congrats, Bill! Sounds like quite the success! Thanks, Ted. Fortunately I had attended a talk a while back by some guy about "How to Speak Good", which was fundamental in preparing my talk. :) -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Mono/.Net/C sharp/SuSE/Novell
--- Michael ODonnell <[EMAIL PROTECTED]> wrote: > > > > I had a few lines of C Sharp in a flash > programming utility > > written for linux, (beats all I've seen to date). > > My brain couldn't quite lock on to whatever it was > you said > there - care to elaborate? > Working with a embedded platform using a TI part and Monta Vista Pro embedded linux. A programming utility was offered for this platform Flasher.tar.gz. Working on a SuSE workstation for this project I un-tar this host independent tool, and the readme.txt tells me it was built with Windows .net and to build it for linux I need to run 'mono Flasher.exe'. Sure enough the Flasher.cs source file mostly written in C++ style, hooks a couple of mono library builtins. After tying 2 versions of mono to get the correct one I was finally able to build a resulting binary executable, certainly I had to run 'dos2unix' on the un-tared source. My head is still swimming with Windows<->Linux issues around this. With the resulting executable you can program flash memories with a new u-boot executable. I decided I didn't want to program my u-boot image with this utility after all. Hope this helps. Mike > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > Michael Nolin Embedded Solutions Unlimited, LLC 3 Bradford Street Windham NH 03087 Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Spam and extra MX records + cool dual-db setup
On Fri, 2008-04-18 at 09:38 -0400, Neil Joseph Schelly wrote: > I've resolved the performance problems with a > really cool dual-db setup I came up with that's giving me awesome > performance. That piques my interest. Is it an update server replicating to a reporting server or something more exciting? -- Lloyd Kvam Venix Corp DLSLUG/GNHLUG library http://www.librarything.com/catalog/dlslug http://www.librarything.com/profile/dlslug http://www.librarything.com/rsshtml/recent/dlslug ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Mono/.Net/C sharp/SuSE/Novell
> I had a few lines of C Sharp in a flash programming utility > written for linux, (beats all I've seen to date). My brain couldn't quite lock on to whatever it was you said there - care to elaborate? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Spam and extra MX records
Thanks for everyone's responses here. I wanted to reply with some responses after having a chance to review everyone's ideas. > I was told by a few people to use a proper blacklist I'm not sure how this was related - I wasn't asking about blacklists and I never meant to suggest that this would be a lone spam-blocking measure. Blacklists are part of the calculation, for sure. Ben Scott said: > These may or may not work right now. I suspect they'll foil some > spam attempts right now. > > Mostly, though, I'm against these kinds of things because they are a > doomed strategy. If enough people start doing it, the spammers *will* > adapt. That was the goal, yes. Any particular spam prevention technique is at best a temporary measure. Spam and viruses filtering is and always will be a moving target unfortunately, so techniques that work now are all that you can ever really implement. One thing that makes this false MX idea rather interesting in terms of effectiveness longevity though is that it increases the costs of the spammers somewhat. Spam is motivated by tremendously low cost of distribution and high message counts. They do depend on the ability to send as many messages as possible as quickly as possible. This technique could slow them down a lot, at a minimal cost to legitimate senders, though I do recognize that the legitimate senders may be further inconvenienced if this idea becomes popular. Brian Chabot said: > I once added an high numbered MX entry in a few domains which pointed to > localhost. > While it really did reduce the incoming spam, I recall someone getting a > bit irate about spooling my mail on a GNHLUG server till my server was > back up... My intention was not to do a false MX record until I had redundant MX hosts to accept incoming mail to begin with. But since the RFCs only really require you to check a second MX and not go through all possible MXs to deliver a message, this false MX idea can cause problems with some hosts finding your backup MX, if it becomes necessary. The real MX may already be the second try if you have a false MX. > I've heard a 5 second connection delay helps, too. (Whatever the SMTP > "wait" response is...) I've heard that as well, but generally, I find that a reverse DNS check offers enough of a delay to confuse a lot of incoming spam hosts. It's really _any_ amount of delay that traps those guys. I use Exim and it by default rejects SMTP synchronization issues, where a sender sends in the EHLO information before the server sends its banner. Any spam bot that doesn't follow proper send/response protocol won't get through. Mark Mallett said: > even has a name: "nolisting", see http://nolisting.org/ . I hadn't known there was a name or a site. Thanks for that. Anyway, I've decided to forgo this experiment. I was having trouble getting SpamAssassin to use Bayesian filtering and not self-destruct at the traffic load it put through the BDB, then the MyISAM, then the InnoDB tables. I noticed without it that I was still getting some through and I was looking for something to fill the gap. I've resolved the performance problems with a really cool dual-db setup I came up with that's giving me awesome performance. Especially when Bayesian filtering is involved, the motivation to prevent spam from hitting my spam filter is gone, because the Bayesian filtering will learn from it. So the false MX records may prevent some spam from coming in, but with good Bayesian filtering again, I'd also be at a loss. I would say a new first-priority MX records seems like a bad idea, since it could very well interfere with ever having a backup MX at all. But a false second MX when you have only one MX server yourself could probably work as a good stop-gap in the meantime. And to prevent Ben from getting mad at you if you do that, make it point to something that isn't localhost. ;-) -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Intro and Questions...
--- Bill McGonigle <[EMAIL PROTECTED]> wrote: > On Apr 16, 2008, at 11:22, Coleman Kane wrote: > > > Novell has been the "Sun Micro" to the mono > project and seems to be > > very > > very good to it. > > > Yeah, if you're doing mono work you better be using > a SuSE-based > distribution, since only Novell has a > patent-indemnification pact > with Microsoft, and mono is likely patent-encumbered > by Microsoft, > and Microsoft has already promised to take action > against those it > feels are abusing the patents it holds which are > being used by FLOSS > software. > > I'd say running anything non-SuSE would be > dangerous, but ask your My own experience with mono on a SuSE 10.2 10.3 fizzled. It seemed that SuSE was trying to provide a migration path for Windows GUI's into Linux and embedded platforms. I had a few lines of C Sharp in a flash programming utility written for linux, (beats all I've seen to date). I had to try a couple of versions of mono on SuSE before I got the right one for the source I was looking at. When I moved forward on to the embedded GUI portion of the project I found it was easier to implement an embedded GUI in almost any other language GTK+.., freedesktop.org ... http://www.linuxjournal.com/article/4870 I was not able to find any significant ongoing development of mono based projects, like SuSE thought there would be a demand for GUI projects moving from MS to Linux but it never materialized. Mike Michael Nolin Embedded Solutions Unlimited, LLC 3 Bradford Street Windham NH 03087 Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Intro and Questions...
On Fri, 2008-04-18 at 01:41 -0400, Bill McGonigle wrote: > On Apr 16, 2008, at 11:22, Coleman Kane wrote: > > > Novell has been the "Sun Micro" to the mono project and seems to be > > very > > very good to it. > > > Yeah, if you're doing mono work you better be using a SuSE-based > distribution, since only Novell has a patent-indemnification pact > with Microsoft, and mono is likely patent-encumbered by Microsoft, > and Microsoft has already promised to take action against those it > feels are abusing the patents it holds which are being used by FLOSS > software. I remember there being a large amount of fear surrounding the project. >From what I can tell, the patent-sensitivity mainly pertains to the following components: * ASP.NET * ADO.NET * Windows Forms The community at-large seems to accept that there are probably no enforceable patent claims on the Base system and the compiler. This is, for instance, what is used for Gtk# software such as Tomboy and F-Spot. > > I'd say running anything non-SuSE would be dangerous, but ask your > council for a real opinion. :) I suppose I'd probably need to read up on their agreement to see what Novell considers a "customer" or a "developer". If I download an install SLED, am I covered forever? How does this not also cover me if I run the software on other OSes (as long as I run one SLED install somewhere)? So the question is, if I can install SLED and become covered, then why can't I become covered by downloading Mono and installing it? > > My non-legal opinion is that this is a good reason to stay away from > mono; it's a patent trap. It's also, unfortunately why I've been > moving away from GNOME after more than a decade of using and testing > (to KDE). If somebody points out to me that mono has gone under > GPL3, I'll take back everything I said. > > -Bill > I'll keep reading up on it, thanks for the pointers... -- Coleman Kane ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
