Re: recovering FC3 from a bad superblock
On Wed, May 18, 2005 at 01:27:45AM -0400, [EMAIL PROTECTED] wrote: From: Greg Rundlett [EMAIL PROTECTED] Date: Mon, 16 May 2005 13:23:37 -0400 My work system is a dual-boot laptop running FC3 and Windows (don't actually use it). The battery ran out, and it seems like the cache First, it's just asking for data loss to run window$ and linux on the same machine. I really have to strongly disagree there... I've been dual-booting Linux and Windows since 1996, and I've *NEVER* experienced data loss as a result. There was a recent bug involving partitioning when distros started switching to 2.6, but if you were careful and good at following directions, the problem was usually recoverable, IIRC. The fact that *this* happens is important. If mounting with the rescue disk works without complaint, your superblock is probably *in tact*. Instead, it may be mount and/or e2fsck which have somehow become corrupt That's just crazy talk. Odds are if mount or e2fsck were corrupt, they woudn't work at all, or they'd crash bigtime, probably making things a lot worse. Using the so-called backup superblocks [block-size (8192 *n) +1], it reports a 'bad magic number' e2fsck -b 16384 -n /dev/hda2 You may also want to check this formula. From what I remember, the actual formula e2fs uses isn't linear. You can determine the probable location of the back-up superblocks using mke2fs -n. Assuming the defaults were used, most likely your back-up superblock is at block 32768, which is why the e2fsck command listed above didn't work. The manpage for mke2fs gives the specifics of how to determine the primary back-up superblock. It's based on block size, as the OP says, but his formula isn't quite right. to those who have advised not to: Can it hurt to repair a filesystem while it's mounted read-only? Can it hurt? That depends on your perspective. If it's already broken, then it probably can't hurt much worse... The only real likelihood of e2fsck hurting your filesystem is if you happen to have a buggy version. It can delete files on you, but if you have a clue, you can look at root/lost+found and figure out where the went... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpRlqIiASqde.pgp Description: PGP signature
Re: Trade show banner
On Mon, May 16, 2005 at 11:40:32AM -0400, Lori Hitchcock wrote: The original quote from General John Stark was Live free or Die Patrick Henry said Give me liberty or Give me death And James Hetfield said, Don't tread on me! [I hope at least a few people get this...] Actually I kinda like that one for the banner, but I'm thinking maybe the message is a little too militant... ;-) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpkUBjVEqZZU.pgp Description: PGP signature
Re: recovering FC3 from a bad superblock
On Mon, May 16, 2005 at 01:23:37PM -0400, Greg Rundlett wrote: Using the so-called backup superblocks [block-size (8192 *n) +1], it reports a 'bad magic number' e2fsck -b 16384 -n /dev/hda2 My suggestion would be to run this: fsck -b 16384 -a -f /dev/hda2 sync reboot If your filesystem has errors that fsck can't fix automatically, There's probably not much else you can do but re-install. It's theoretically possible to recover a filesystem by fixing it manually, but I don't know anyone who can actually do this. At that point, mount your fs and get whatever data you can recover from it, and re-install. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpgq3DUi4UvS.pgp Description: PGP signature
Re: /dev/random and linux security issues (kinda long)
On Sun, May 15, 2005 at 01:07:36AM -0400, [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] dd if=/dev/urandom bs=1 count=64 | ./string2dec.pl | ./dec2base95.pl 64+0 records in 64+0 records out 64 bytes transferred in 0.001558 seconds (41076 bytes/sec) Bm ?n`zp4Rf4fC\u*HCkHRp*%%%HaM\/WW f4a94kaz* Wk4p/*Hf/*Mzz%%CC *z%MRa4pZ You seem to have used /dev/urandom for this test... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpuVzz4CF8JY.pgp Description: PGP signature
SCSI info
I'm curious if anyone has any really good references to the SCSI debugging information logged by the kernel. I see these a lot at work (we have about 15,000 machines) and I'd really like to be able to decipher them. The kernel messages are usually a bit cryptic, at best... TIA -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpjJzARlL35H.pgp Description: PGP signature
List topics (was Re: Help kill the Surveillance State Bill)
On Tue, May 10, 2005 at 11:15:31AM -0400, Ben Scott wrote: Hey people! Not too long ago we had a rather prolonged discussion about whether political stuff like this appropriate for this forum. While a formal vote was not taken, informally, a clear majority voiced the opinion that this stuff is better discussed elsewhere. Someone even went so far as to create a separate forum where this kind of stuff was explicitly allowed. If you really want it to stop, I think you're going to have to moderate the list, plain and simple. The reality is that the type of people on this list are more likely than the average bear to care about these kinds of issues, and whether any given person is personally interested in them or not, obviously a lot of people here are -- and they're interested in discussing them with the people who are here. I think if you look, you'll find that even some of the people who complain about this occasionally participate... I'm not actually trying to argue that the list shouldn't ban political discussions (though I wouldn't vote in favor of it). I'm only trying to point out the futility of it. People are going to do it anyway, and it's NOT about being rude, and it's NOT about being irresponsible. It's about doing what comes natural in an environment that lends itself to having exactly those kinds of discussions, and the passions of the people who hang out here. This particular topic was started specifically by someone, but often they arise quite naturally from something someone said in a post that was entirely acceptable to everyone. It's unavoidable. Note that as with most political issues that surface on the list, this topic IS at least tangentially related -- it's about the politics of technology. In our modern world, politics and technology are inexorably intertwined... Any and all OTHER discussions related to technology, Linux-related or not, are happily endured; personally I see no reason why these shouldn't be also, even if many people aren't interested in them. Many people aren't also interested in ham radio, but that's ok here. Linux advocacy is ok here too, but I don't see how you can separate that from politics. These discussions arise very naturally on lists like this, and asking the type of people who hang out here not to discuss them is like asking the average person not to breathe, or at least like asking someone who's devoutly religious not to talk about God. It's just something you do... Frankly it's a wonder to me that OT discussions don't happen here a lot more often than they do... I remember once when I was on the DHCP mailing list, there was this endless thread about flying turbo props. I found it annoying, but ultimately I had a lot of methods of just ignoring it, so that's what I did. Ben, you have been on mailing lists long enough to know that having topic police rarely helps... By the time someone speaks up, a dozen people have already replied, and those replies breed more replies, before anyone ever even sees the topic cop's complaints. And even after they see it, there will be those who feel passionately enough about the topic (whatever it is) to feel compeled to respond to something someone said anyway. Moving topics off list also generally doesn't work. Discussions happen where they happen, and run their course where they started, or not at all. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpQnzFDphjUh.pgp Description: PGP signature
Re: Help kill the Surveillance State Bill
On Tue, May 10, 2005 at 09:38:29AM -0400, Kevin D. Clark wrote: Bill Freeman [EMAIL PROTECTED] writes: You cannot prevent organizations, and especially government, from keeping track of you and much of what you do. Last time I checked the US government got its power from the people. The people supply it with taxes and votes. I find the assertion that citizens can't influence the government to be flawed. You're not wrong, but I guess you're not right either. The government got its power from the people originally, but have seized more and more power for themselves while more and more of us have gone to sleep. People are too busy fending for themselves and dealing with the stresses of daily life to care about government, power, and freedom. Unfortunately, we have become a nation of sheep. I think there aren't enough of us who care to change that any time soon. Yeah, and um, how 'bout them Linux? =8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpIhBZ1DtHQm.pgp Description: PGP signature
Re: List topics (was Re: Help kill the Surveillance State Bill)
On Tue, May 10, 2005 at 09:57:13PM -0400, Numberwhun wrote: Derek Martin wrote: having topic police rarely helps... Ok, so what about having it posted to the GNHLUG Off Topic mailing list that was started a few months ago. Personally there have been OT posts here to the main list, but nobody has bothered to post them there. I think it was a pretty good idea to have a place where the group can ask other questions. I think this really misses the point, which was that people want to discuss them here, with this group of people. I believe (relatively) no one will use the other list, just as no one is now. The discussions happen here. Personally, I'm already on too many mailing lists, and signing up for another just doesn't interest me. I'd imagine a lot of people would feel the same way. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgph4xMcVWhX6.pgp Description: PGP signature
Re: Rookit infections: AARRGH!
On Mon, May 09, 2005 at 10:55:02AM -0400, Bill McGonigle wrote: On May 9, 2005, at 09:38, Fred wrote: Still, what I could probably do is implement a scheme where visiting a particular webpage (and giving proper authentication) would enable that IP address for ssh. Come to think of it, that's not such a bad idea after all! That will also allow my users to ssh into from their locations should they need to. Mmmm - good idea. Please share the script when you get it done. Or if anyone has field experience with port knocking and OpenSSH http://gentoo-wiki.com/HOWTO_Port_Knocking I'd like to hear the trials and travails. The reason to disable root account ssh login is just an odds game - every unix system is guaranteed to have a root user so it's a good one for password guessers to start with. Any other account can be renamed. The converse is one could argue that people pay more attention to root account security so you're better off starting with admin/admin and doing a local exploit. Plus, it's easy - if you have your account in sudoers under ALL there's no need for a root login and you get better auditability with multiple admins. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Mobile: 603.252.2606 http://www.bfccomputing.com/Pager: 603.442.1833 AIM: wpmcgonigleSkype: bill_mcgonigle For fastest support contact, please follow: http://bfccomputing.com/support_contact.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Rookit infections: AARRGH!
On Mon, May 09, 2005 at 08:50:33AM -0400, Fred wrote: I'm about ready to pull my hair out. This is the 2nd time I've had to deal with a rootkit infection, eating up my precious time and resources away from being productive. From reading the whole thread, it's become clear that you have a number of users on your system besides yourself, and that the machine(s) in question are directly routable on the Internet (i.e. they aren't behind a firewall doing NAT). This is always problematical. It gives attackers a direct means of attacking your machines, and having users provides them with many additional attack vectors -- unless all of your users are security experts, and take their paranoia seriously all the time, they're going to do things that can get you rooted unless you FORCE them not to. It's really that simple. What I'd like to know is how my systems are being cracked. What is the port of entry(!), how are my systems broken into. What's the latest news on this. I am suspicious that they are somehow breaking in through ssh -- my logs show lots of suspicious sshd authentication failures. But my root password is pretty sound, a near random mixture of numbers and alpha characters. They must be breaking in through another account with a weaker password. But I'm not sure of this. This is certainly possible. Recent posts on bugtraq suggest that these attacks are being surprisingly successful on account of people using the same overly simplistic passwords that they've been using since the beginning of time (and I'm talking the classical age here, not Unix time). If it is how they got in, you should see evidence of it in your logs. You'll probably see a series of failures all from the same IP, and then a successful login from that same IP. Buffer overflow attacks also usually show up in logs with really strange things in the log messages, like really long, nonsensical user names followed by garbage, or some such thing like that. If you're paying attention, and you've set logging up reasonably (the defaults are usually sufficient or RH-based systems), breakins almost always leave some kind of trail for you to follow. I have taken countermeasures. Firstly, I have changed the ssh port number. Not the most secure approach, granted, but at least their automated attacks will be foiled somewhat, since they'll have to do more work at hitting all of my ports -- and will probably not bother and move on to the next server. These days, most of the attacks on your box are automated, so this probably will suffice... BUT, given that you have users and you're directly connected to the Net, you really ought not to stop there. One suggestion I'm SHOCKED no one has yet suggested will make it a lot harder for attackers to log into your machine: DON'T USE PASSWORD AUTHENTICATION AT ALL! There's no reason to, and using asymetric key-based authentication is probably a thousand times more secure. Disable password auth entirely and force your users to use DSA keys and SSH2 to log in. Secondly, on the infected machines, I use forced RPM installs to overwrite everything, then follow up with a run from chkrootkit. This seems to work, eliminating the need for me to burn down the box and restore everything cleanly. Again, not a perfect solution, but seems to work for now. This simply isn't sufficient, ever. If your machine has been compromised, everything from system libraries to the kernel itself could have been modified to prevent detection tools from working properly. If you've been compromised, the only safe way to restore your system is to wipe it clean and start from scratch. Period. This is said so often on this list that it's hard to imagine that people still believe that half-hearted efforts are sufficient... Thirdly, I have set up chkrootkit to be run daily as a cron job, with the results emailed to me. Which does nothing if the programs or the libraries they depend on (if not compiled statically) or the kernel hs been modified to prevent detection. Note that changes made to the system might not be effected until after a reboot... So chkrootkit might have found things originally, but may stop after rebooting. On Mon, May 09, 2005 at 09:06:31AM -0400, Brian wrote: 2, ONLY allow ssh connections from trusted IPs, not the whole world. This is a great idea, but usually impractical if users move around a lot. Mobile users will never know what IP they're going to be using in advance. On Mon, May 09, 2005 at 09:19:30AM -0400, Neil Joseph Schelly wrote: On Monday 09 May 2005 09:06 am, Brian wrote: 1, NEVER allow root access via SSH. You should have to login as a user, and then su - to root, or better yet setup a sudoers file. This is one of those best practices I've never really felt had merit. It seems to me that when people break in through SSH, they are doing it through exploits in the SSH or OpenSSL codebases, not through password guessing. Kevin is right on the money
Re: Rookit infections: AARRGH!
On Mon, May 09, 2005 at 01:15:06PM -0400, Neil Joseph Schelly wrote: That is an interesting perspective I hadn't considered. I can think of more than a time or two that would have been helpful in retrospect. So perhaps it's more of an administration best practice than a security best practice? Auditing access to a resource it a huge part of managing its security. This is definitely about security. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp8rOMd3Ih31.pgp Description: PGP signature
Re: (really stupid) Zone file question
On Sat, Apr 30, 2005 at 05:45:30PM -0400, Bill McGonigle wrote: On Apr 30, 2005, at 06:09, Fred wrote: I can't be the only one with this need. Too often we just accept the status quo without challenging (with patches, of course). Sometimes the staus quo really is better than proposed solutions... If anyone hasn't read the ArsTechnica review of Mac OS X 10.4 http://arstechnica.com/reviews/os/macosx-10.4.ars/1 I recommend doing so, especially for this crowd the stuff they've done to fix historical Unix deficiencies. I haven't finished the article yet, but I've read enough to be able to provide an example of the above (and point out factual errors in the article). Premise: ACLs are needed, because (in the words of the article), it's still not hard to construct scenarios in which they do not offer enough control. Arguments can be made, but I'll go ahead and strongly disagree with that statement. Don't worry, I'll explain why. The article provides an example scenario to support this premise. For example, imagine trying allow a single user, Bob, to read one of your files. With traditional Unix file permissions, the only way to do it is to make a new group (say, friends) with just two people in it, you and Bob. Then you'd change the file's group to be your new two-member group, and enable the group read permission. This part is basically true. On systems which allow a user to give away ownership of files (some older Unix systems fall into this category), it's possible to create a directory to hold the file, then give the directory away to the user, providing read access to all on the FILE, and no access to all on the DIRECTORY. It's also possible to do this on all existing Unix systems with intervention of the system administrator. That was awkward, but now imagine that you want to let a third user, Ray, write to the file, but not read it. Now you're stuck. If you put Ray into the friends group, he'll be able to read the file. And if you grant write access to the friends group, then Bob can write to the file. Since a file can only have one owner and one group, there's nothing you can do. The Unix permission system is not flexible enough to accommodate these needs. This part is patently false, though the solution may not be obvious to people who are not REALLY familiar with how Unix permissions work. First, it's worth noting that Unix permissions can be used to grant privileges, and also to TAKE THEM AWAY. For example, note the following file: -rwx---rwx 1 ddm ddm 0 May 1 03:40 zero In this case, users who are in the ddm group, other than ddm himself (the owner of the file) have no access to this file, EVEN THOUGH FULL ACCESS IS GRANTED TO WORLD. Unix checks the permissions in order: first the owner, then the group, and finally world. It stops checking as soon as the user matches one of those categories in that order. Thus if the user is in group ddm, the permissions for world will never be checked... Now, let's return to our example. You have a file, my_file, which you want Bob to have read access to. You want Ray to have write access, but not read access. This case isn't even all that hard. Unix solves this problem with ease and quite regularly. An example is the system logs... any user can write to them (using the syslog command, or the syslog() function call implemented in the C libraries, etc.) This is done by having the user write to the file indirectly through the syslog daemon, which runs as root. It need not be syslog though, and it need not be SUID root. A daemon can be created to allow users to write to such files, and it can be owned by any regular user, so long as the files in question have write access by the same user or group the program will run as. Another way to solve this problem is by creating a simple SUID wrapper program. SUID programs can be dangerous, but the required functionality is quite simple and easy enough to code without causing security problems. Most importantly, if the file is owned by a regular user, the script need not be SUID root... only SUID that user. It should have group execute permissions, and a special group should be created for users who should be allowed to run this wrapper script. This method can also be used to provide append-only privilege, much as syslog does. The drawback to this method is that it does require that someone create a special-purpose wrapper program to handle these kinds of operations for each group which needs that kind of access. On the other hand, the need for write-only access to files is unusual, with limited applications -- mainly logging and auditing -- and those can and should usually be handled by specialized programs anyway. So it's not so unreasonable that it should be handled this way. The far more common case is that one group of users should need read and write, but another should only be able to read files. There is
Re: (really stupid) Zone file question
On Fri, Apr 29, 2005 at 09:03:10AM -0400, Fred wrote: I have a name server running on computer A. I've just acquired computer B, and I want that to be a slave NS to computer A. There is a *per zone* way of doing this with Bind. Problem is, I am adding domain names -- zones -- frequently to computer A, and want a way to slave *everything* automatically to computer B. On cursory look into the Bind docs, I see no obvious way to set this up. AFAIK there is no such animal. Rather than doing your rsync solution, I think you're better off writing a script to update the zones in named.conf by parsing the zones on the master and converting them to slave zones, and doing a proper zone transfer. Let DNS work for you. If your slave is a 1 for 1 coopy of the zones on the master, this should be easy. This is an excellent idea for a feature request. A slave should have the ability to contact a master and ask what zones it should slave, so that a minimal config can be installed without requiring any maintenance... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpLcctPlEO3p.pgp Description: PGP signature
Re: [OT] Computer fatalities (was: Linux Made Easy: Linspire 5.0)
On Thu, Apr 28, 2005 at 11:12:41AM -0400, Bill McGonigle wrote: On Apr 27, 2005, at 13:47, Derek Martin wrote: So he doesn't pay property, sales, or social security taxes? No tolls on the road, and certainly no gas taxes? The cost of said taxes and other regs aren't built into the cost of everything he buys? He doesn't have to meet building code when he renovates the house? etc. etc. etc. These points are specious So refute them. I did already. The manufacturer's costs for manufacturing a particular part don't change whether they're manufacturing it to be included in a new unit, or to be used as a replacement part. The cost of shipping replacement parts manufactured overseas should be roughly proportionate to that of sending the whole unit; they're shipping in bulk, and the unit cost is based on either weight or volume, which will be proportionate to that of the whole unit. There will be variances , but not enough to account for a 1000% mark-up. It would cost a lot more if they boxed the parts up individually for shipping, but they're not that stupid. They ship the parts packed in bulk. The only other cost which differs is the cost of distributing it to the dealer. That cost is passed on to the dealer in the form of shipping and handling charges. So where's the 1000% mark-up coming from? It's vapor. All the taxes and such that you're talking about don't factor into the cost in a significant way... They are personal taxes that certainly affect whether my family can eat, but have zero to do with whether the business is profitable. They're not business expenses. Overhead costs for my dad's business basically include my dad's van (which he'd have anyway even if he didn't have a business), the cost of fueling it, his tools, and a business phone. The only sales tax he pays is on the tools and gasoline. These costs are almost negligible when compared to the cost of parts sold. Taxes for materials are paid by the customer. It's primarily the cost of the parts that /forces/ appliance repairs to be expensive. My dad's labor rate is much lower than say Sears's labor rate, and for a large percentage of jobs is much less than the cost of the part or parts being replaced. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpCEWXv01Xy8.pgp Description: PGP signature
Re: [OT] Computer fatalities (was: Linux Made Easy: Linspire 5.0)
On Wed, Apr 27, 2005 at 12:06:32PM -0400, Bill McGonigle wrote: On Apr 26, 2005, at 12:23, Derek Martin wrote: Often that's true, but it's largely irrelevant. My dad runs his own repair business, and he's his only employee. He doesn't have to follow labor regulations... He makes little enough that after expenses and retirement account deductions, he isn't paying any income tax either. So he doesn't pay property, sales, or social security taxes? No tolls on the road, and certainly no gas taxes? The cost of said taxes and other regs aren't built into the cost of everything he buys? He doesn't have to meet building code when he renovates the house? etc. etc. etc. These points are specious; ultimately, the individual parts come from the same place, and have the same taxes, etc. associated with them. [Note also that those prices are EXCLUDING shipping costs... they're only dealer list prices.] In fact, some parts which are manufactured in the USA must be shipped overseas to be assembled there, increasing the cost (of course, ecomomies of scale come into play). Regardless, he ought to be able to buy them for a reasonable mark-up over what the manufacturer's cost is, but in reality the mark-up (from the manufacturer to him -- dealer cost) is often 1000% or more. That's way, way beyond any taxes associated with the part, and again, doesn't include distribution costs, which are charged seperately. I'm talking purely about the cost of goods sold. Repairs are expensive because big business wants it that way. Period. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpWzAnr6Gd8G.pgp Description: PGP signature
Re: Zone file question
On Wed, Apr 27, 2005 at 02:06:00PM -0400, Travis Roy wrote: This is from a windows server and I've scrubbed it of customer data, but is it just me or is this zone file really screwed up: Aside from the fact that it has no $TTL declaration (prolly cuz it's Windows), and the fact that it has CNAME rr's (I hate CNAMEs), it looks fine to me... What makes you think it's screwed up? Actually the record for webserver. seems like it prolly shouldn't be here (since this file seems unlikely to be for the the webserver. zone), but there's nothing really wrong with it, per se, AFAIK. I guess that could be a Windows-ism. I believe BIND would just ignore this record... There seems to be a small error with the SOA record too, but an inconsequentioal one. The client.com is supposed to be the person responsible for managing the webserver, where the first dot should be replaced by an @ to get the e-mail address. That'd give us [EMAIL PROTECTED], which obviously is useless. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpnWp9Ut6M6R.pgp Description: PGP signature
Re: Zone file question
On Wed, Apr 27, 2005 at 02:18:58PM -0400, Ben Scott wrote: On 4/27/05, Travis Roy [EMAIL PROTECTED] wrote: This is from a windows server and I've scrubbed it of customer data, but is it just me or is this zone file really screwed up ... And the mail RR is a CNAME for itself. That's a loop a loop... a loop... a loop... It depends on what zone the file is for... If @ = otherclient.com then it's OK. Good point though. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpX82IV3O3p2.pgp Description: PGP signature
Re: Computer fatalities (was: Linux Made Easy: Linspire 5.0)
On Tue, Apr 26, 2005 at 10:48:48AM -0400, Kevin D. Clark wrote: Benjamin Scott writes: The practical upshot is that if you have to pay a professional to fix your computer, the bill can easily come to $300 or $400. When a brand new system costs not much more then that, why bother? One good reason might be because you'd prefer not to see more perfectly good stuff end up in a landfill. You might come to the conclusion that a throwaway society isn't sustainable. I guess I'm a cynic, but I believe most people aren't that thoughtful or responsible. Most people only concern themselves with their own bottom line, in my experience... It isn't sustainable, and our collective grandchildren are screwed. But then they probably were anyway, for any number of other reasons. This kind of business is becoming pervasive. My dad fixes appliances, when he can get calls. These days the appliance vendors are charging so much for replacement parts that a single major repair frequently costs significantly MORE than replacing the thing outright. I personally don't understand the economics of it, but I guess maybe it helps the appliance vendors from having to manufacture and stock parts for a zillion lines of machines from now back to antiquity... That must be it. or maybe we as a society just enjoy being economically raped... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpmkTerY64y2.pgp Description: PGP signature
Re: [OT] Computer fatalities (was: Linux Made Easy: Linspire 5.0)
On Tue, Apr 26, 2005 at 11:47:35AM -0400, Bill McGonigle wrote: On Apr 26, 2005, at 11:14, Derek Martin wrote: That must be it. or maybe we as a society just enjoy being economically raped... I'm guessing that new appliance is shipped in from overseas. There the American company who makes it doesn't have to pay significant taxes or follow labor regulations. Often that's true, but it's largely irrelevant. My dad runs his own repair business, and he's his only employee. He doesn't have to follow labor regulations... He makes little enough that after expenses and retirement account deductions, he isn't paying any income tax either. Actually the point I should have made is that if you ordered all of the parts it requires to build a given appliance, and paid DEALER prices for them (not retail, and not wholesale), it would cost typically something like 5x the cost of the entire built appliance bought from a store. No labor, no taxes (he's reselling the parts, so he doesn't pay sales tax), just HIS cost of the parts. In fact I asked, and he said that 5x would be a very conservative estimate... It's probably more like 6-10x depending on how complicated the device is. A typical example: for him to order a replacement control board (i.e. the main circuit board) for a microwave oven typically costs about as much, or even more, than the entire microwave oven would cost at Best Buy. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpFiK0NZFhcs.pgp Description: PGP signature
Re: Why I hate MS
On Tue, Apr 26, 2005 at 04:34:56PM -0400, puissante wrote: I could find the info if I needed to, but certifications, along with other forms of credentialsim, is largely a waste of time I think. You either know what you are doing or you haven't a clue, and a stupid piece of paper proves nothing one way or another. I largely fall into this camp also, but I think they can be occasionally useful. An example is someone in my position... I've got a good amount of experience, and I'm a bright guy, but I've been away from IT for about 3 years. If I had the cash to get myself some certs before I re-entered the job market, I think I could have leveraged that to get back into a more senior position than the one I'm currently in... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpo90L9rcu8a.pgp Description: PGP signature
Re: [OT] Computer fatalities
On Tue, Apr 26, 2005 at 08:44:33PM -0400, Paul Lussier wrote: Derek Martin [EMAIL PROTECTED] writes: In fact I asked, and he said that 5x would be a very conservative estimate... It's probably more like 6-10x depending on how complicated the device is. A typical example: for him to order a replacement control board (i.e. the main circuit board) for a microwave oven typically costs about as much, or even more, than the entire microwave oven would cost at Best Buy. Err, so why not but the oven at Best Buy, and resell those parts to the customer. Stock the extras for later... I'm sure there's something which makes that impractical... Yup. How many different models of Microwaves are there? How many different COLORS of those models are there... You need to do a very high volume of business for this to be practical. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpWRpSRMt04b.pgp Description: PGP signature
Re: Linux Made Easy: Linspire 5.0
On Sun, Apr 24, 2005 at 11:43:30PM -0400, David Ecklein wrote: Derek- I would not be particularly interested in running Linspire on high end systems, but there may be some who are. You are among that group, perhaps, and the Lynch review methodology may be appropriate. But if you have a high-end system, you might aspire beyond Linspire, don't you think? Personally, I have no specific interest in running Linspire at all. I can't speak for your interests in it, but from reading their website, your interests don't seem to match up with what they see as their target audience. It's not designed to run on old systems. It's designed to be easy to use. It's desinged to be a replacement for Windows XP and MacOS X. It's a modern Linux distro, designed for running modern applications on modern systems, and the test system is reasonably representative of the apparent target market. The website includes games as a target application... By practical necessity that means you need a modern system. Also, I admit I don't personally understand how people can get so emotionally invested in games that they will lay out $200 or more just for a graphics card. Regardless, lots of them do. Even so, the review did not compare running with a plain vanilla VGA (whatever that might be), or contrast the performance of the FX5900 under Linspire with anything else. And Lynch presumably gets paid for this! Yeah, and my point is I think that's perfectly reasonable, given that it's a modern distro designed to run on modern systems. You keep insisting that the test system was a high-end system, and the essential point I think you're missing is that by today's standards, it really isn't. It's a slightly-better-than-middle-of-the-road system, and reasonably representative of the apparent target audience of Linspire 5.0. If you want to resurrect your ancient hardware, use an ancient distro, or choose your applications very carefully. Linspire 5.0 is not intended for you. Are there really new systems that cost not much more than what it will cost you to dispose of the old one? I used hyperbole. Even still, in my town, I think it would cost about $50 to dispose of a computer system (monitor and computer). I forget exactly, but I know it's a lot more expensive than I think it should be. You can buy a brand new one for about $200 if you're willing to go low end and/or pay for an Internet service subscription with it, and that might even include a printer. Close enough. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpQLV00Mg12Z.pgp Description: PGP signature
Re: Linux Made Easy: Linspire 5.0
On Sun, Apr 24, 2005 at 11:43:30PM -0400, David Ecklein wrote: Derek- I would not be particularly interested in running Linspire on high end systems, but there may be some who are. You are among that group, perhaps, and the Lynch review methodology may be appropriate. But if you have a high-end system, you might aspire beyond Linspire, don't you think? In case this hasn't been made perfectly clear, I think the question you're asking is a reasonable and interesting one... All I'm saying is it's equally reasonable that a review wouldn't try to answer it. I think I can also take an educated guess and answer your question. Linspire 5.0 is a desktop-oriented distribution, and as such it would perform lousy on old hardware. GNOME needs lots of memeory, and a 200MHz Pentium system just won't have enough. You won't have enough CPU power to say, listen to MP3s in the background while you are running much of anything else. You might be able to tweak it to run OK for just e-mail and web, by running a basic window manager like xfce or fvwm (the latter of which which you'll almost certainly need to download and install yourself), but it's not intended to be run on such configurations, and required tweaking totally misses the point of Linspire, which is ease of use. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpbmSWV7bJ5A.pgp Description: PGP signature
Re: Ripping wav files from iso image
On Mon, Apr 25, 2005 at 01:13:45PM -0400, Whelan, Paul wrote: Does anyone know how to rip tracks off an iso image? I'm pretty sure that just won't work. IIRC, cdparanoia uses SCSI commands to read the disk directly. An ISO image isn't a SCSI device... Not only that, but as I understand it, if you tried to burn the resulting image to a CD, it would not produce a working copy of the original. Music CDs are not ISO filesystems at all... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpjsm1Eybxsa.pgp Description: PGP signature
Re: Linux Made Easy: Linspire 5.0
On Sun, Apr 24, 2005 at 08:03:08PM -0400, David Ecklein wrote: OK, so Jim Lynch's system is not a hot rod to Jenkins and some others. But it is far enough beyond the average system in current mass deployment (let alone those obsoleted by M$'s high cholesterol XP) that it really isn't an appropriate test bed for a product like Linspire, given its particular ambitious target. I reallly can't agree with you. Linspire 5.0 is today's software, written to be run on today's computers. The average system in current mass deployment is probably something like 3-4 years old, and definitely not spec'd to run today's software. Newegg has 160 Gb Samsungs for $80. I wouldn't touch one, given my own experience with Samsung. I don't know what your experiences were, but I do know from experience that people often make irrational decisions based on anecdotal experiences... AFAICT, Samsung generally makes good products. They make some of the best rated LCD panels and DVD burners around, for example (though I haven't seen any reviews on their high capacity hard drives). The fact is, even well-designed hardware can fail, and no hardware vendor is immune. You have to look at overall failure rates, and how the company responds if you do experience a failure. Any video card that sells for over $200 better be not merely good but insanely so. This comment also seems unrealistic to me... It's extremely common in the computer hardware industry to pay a BIG premium for an extra 10% (or less, even) of performance at the top end. Graphics cards are one example of this phenomenon, and CPUs are another. There are plenty of others... That's more than the Walmart Linux machine sells for. A card like this might be found in a serious gamer's box. It's been said by smart people in the computer industry that gaming is what drives home PC sales... This is precisely what makes people willing to pay that extra 100% of price for an extra 10% of performance... People are willing to pay big money to be entertained. If you don't believe me, try buying Sox tickets for you and your family... The problem is pervasive throughout our society. Whatever the shortcomings of my post, I do not feel Jenkins addressed the core spirit of it. That is, how will some variety of Linux (Linspire or others) rescue these older but useable machines? The question is a useful one, but probably not very relevant to the review previously metioned. You can buy these new systems for not much more than what it will cost you to dispose of the old one at your town's landfill. These older systems ARE still usable, depending on how you want to use them... A 486 with 16MB RAM still could make a decent firewall, but simply isn't capable of running a full-blown modern desktop environment. A 300MHz pentium II system is still fine if all you want to do is read e-mail and surf the web... But don't expect to play any sort of modern games, and listening to MP3's might make things a bit choppy for you. And again, if you want to run a serious desktop environment, lots of RAM is what you need. Older systems just can't keep up with today's software, plain and simple, whether we're talking about Linux or MS or anyone else's products. If you want to run systems of that vintage for general use, download Slackware 3 and you'll be all set. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpVgGHeRS9cp.pgp Description: PGP signature
Re: Linux Made Easy: Linspire 5.0
On Sun, Apr 24, 2005 at 08:15:49PM -0400, Paul Lussier wrote: Dan Jenkins [EMAIL PROTECTED] writes: Having said that, in-house most of our systems aren't as fast. (I'm sending this from a 1 GHz with 256 MB.) Heh, this is coming from a dual PIII-450Mhz w/ 756MB! Of course, I've always lived on the decaying edge of technology. Heck, my TV still has knobs and isn't cable ready! :) If you primarily use your system for e-mail and web browsing, or even developing code, that's still more than enough. 756MB RAM is a lot for that kind of system! Actually that's 256MB more than I have in my 1.5GHz Pentium M laptop which I bought last year... (the RAM will almost certainly be upgraded as soon as I receive my first paycheck though)... ;-) But, running big, bloated desktop environments like GNOME or Windows XP takes lots of RAM. Using all those cool features like menu animations takes some CPU power, as does playing 3D games, of course. Etc. Essentially, you're paying for flash (or the ability to have it) when you're buying the latest and greatest. But, if your system dies tomorrow, you can get a new one that's 5x as powerful for about $500 (including the cost of the RAM upgrade from 128MB to 512MB). And it will run Linspire 5.0 just fine... ;-) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp1QHRVLQkUg.pgp Description: PGP signature
Re: Linux Made Easy: Linspire 5.0
On Sun, Apr 24, 2005 at 09:21:12PM -0400, Paul Lussier wrote: Derek Martin [EMAIL PROTECTED] writes: But, if your system dies tomorrow I'm always curious when people use this phrase. I mean, who's ever had a system die such that it required a complete replacement? Ignoring the fact that I *have* actually had such an experience, it's a hyperbole. :) The point is, even if you DO experience some sort of catasrophic failure of an older system, replacing it outright is cheap, and the performance will be vastly superior. [Actually the system in question was quite repairable, but the cost of repairs would have been similar enough to buying a new system that the new system was a better option. Same difference.] -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp4osidy9po1.pgp Description: PGP signature
Re: x2x
[cross-posting to GNHLUG, since some of this is relevant there.] On Thu, Apr 21, 2005 at 01:19:42PM -0400, Grant M. wrote: Derek Martin wrote: I'm surrounded by systems. Having multiple displays is cool, but having to use multiple keyboards and mouses to access them is not. [SNIP] sshd_config: # X11 tunneling options Of course, I'm well familiar with X forwarding over ssh. This is not at all what I want to do. On Thu, Apr 21, 2005 at 01:25:31PM -0400, David Kramer wrote: This doesn't bring up a desktop, though. You can open up a text window and run X commands, and the output will end up on your display, but you don't get any menus or buttons or anything. I'm not trying to bring up a desktop, either. As I said, I'm sitting in front of several machines. I want to take advantage of the fact that I have 4 LCD panels sitting in front of me, and USE all that screen real estate... I just don't want to have to use 3 keyboards and mouses[1] to do it (one of the machines is dual-headed). x2x allows you to connect to the X server of a remote machine and control the input (i.e. the keyboard and mouse events) of the remote machine from the local machine's input devices. It's way cool. The trouble is that the X protocol sends the keyboard and mouse events in the clear. That means if you type a password on the local machine, destined for an input box on the remote machine's display, it travels over the network unencrypted. That's bad. So, I want to run x2x over an encrypted tunnel. It can be done with ssh, but figuring out how is a little brain-twisting. Matt B. provided a solution on GNHLUG, but it was one that I had already tried, and it produced no results for me. Originally I thought it might be because iptables rules were getting in the way (one of my test machines is my firewall, for lack of better options). But I eliminated that from the picture, and it still didn't work. It actually locked up my display, and I had to kill the SSH session to regain control. Yucky. On Thu, Apr 21, 2005 at 01:25:38PM -0400, Gordon Marx wrote: Why not just use vnc over ssh? That also doesn't achieve what I want to do... But there is another nifty program called x2vnc which allows you to control a Windows desktop from the keyboard and mouse of a machine running an X server, in a similar fashion1[2]. Also very cool. Also not encrypted. Stunnel to the rescue. It could be done with ssh also, if you prefer. In case I haven't been clear about this, NEITHER x2x NOR x2vnc DISPLAY THE REMOTE DISPLAY, OR ANY PART OF IT, ON THE LOCAL DISPLAY. They simply allow the user to control the remote machine with the local keyboard and mouse, which generally assumes that you can see the physical display of the remote machine. It's kinda like a kvm without the 'v' part, except that you can control all of the machines at the same time, by simply scrolling the mouse off the side of the display you're currently controlling. -=-=-=-=-=-=- [1] This is a Derek-ism. Mice live in fields, mouses are input devices for computers. =8^) [2] [The X server can theoretically also be on a windows system, but if so it's better to just run RealVNC 4 on both machines, which has support for strong encryption.] -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpdBFN0w9Zn8.pgp Description: PGP signature
Re: x2x
On Sat, Apr 23, 2005 at 02:14:28PM -0400, Paul Lussier wrote: Derek Martin [EMAIL PROTECTED] writes: That means if you type a password on the local machine, destined for an input box on the remote machine's display, it travels over the network unencrypted. That's bad. So, I want to run x2x over an encrypted tunnel. It can be done with ssh, but figuring out how is a little brain-twisting. Another solution to this problem would be to establish an IPSec SA between all the machines in question. With that, there's no need for ssh at all, not need for X forwarding, etc. Just run x2x however you want. Of course, this means that you need to futz with IPSec, which is no trivial matter, but once it's established, you really don't even need to bother with ssh at all for this type of thing. Indeed... And this is on my list of things to do with my home network. At work, however, that's another matter... And that's primarily where I want to do this. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgphf4YrzSS6Y.pgp Description: PGP signature
x2x
I'm surrounded by systems. Having multiple displays is cool, but having to use multiple keyboards and mouses to access them is not. I want to use x2x to solve the problem, but I have some concerns about typing passwords and such over unencrypted X session. Anyone know how to run x2x under ssh and make it work properly? My attempts so far seem to have been futile... Thanks! -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpBQLwqPag0K.pgp Description: PGP signature
Re: x2x
On Thu, Apr 21, 2005 at 01:19:18PM -0400, Matt Brodeur wrote: On Thu, Apr 21, 2005 at 12:41:59PM -0400, Derek Martin wrote: I'm surrounded by systems. Having multiple displays is cool, but having to use multiple keyboards and mouses to access them is not. I want to use x2x to solve the problem, but I have some concerns about typing passwords and such over unencrypted X session. Anyone know how to run x2x under ssh and make it work properly? My attempts so far seem to have been futile... It's been a few months since I've done this, but something like: remote.host$ ssh -Y control.host control.host$ x2x -east -to localhost:10 This is what I tried first, sans the -Y option. No love. Tried with the -Y option. It doesn't exist. Is it new? I'm on FC2 running openssh-3.6.1p2. The machines at work are ancient, running RH7.3... Actually I tried it in the other direction as well, but that also didn't work. I also tried searching, and found nothing. The search you offered turned up nothing useful... only package repository entries. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpGOPt6K4Bt3.pgp Description: PGP signature
Re: x2x
On Thu, Apr 21, 2005 at 03:04:06PM -0400, Matt Brodeur wrote: This is what I tried first, sans the -Y option. No love. Tried with WORKSFORME. I just tried it with no ssh options, and it works fine. I already have ForwardX11 yes in my ~/.ssh/config, though. My testing environment was a little wacked... I'll try it again when I have a more sane environment (and time). Thanks for trying. ;-) the -Y option. It doesn't exist. Is it new? I'm on FC2 running openssh-3.6.1p2. The machines at work are ancient, running RH7.3... Upgrade. Seriously. FC2 was a steaming heap of... Other than kernel problems, I didn't have any troubles with it at all... That said, I've already downloaded the DVD image of FC3. I was held up before due to lack of useful amounts of bandwidth. $ ssh remote.host 'x2x -east -to :0' This also works for me. Are you sure the remote hosts have X11 forwarding enabled? I think the default for OpenSSH is to have X11Forwarding no in /etc/ssh/sshd_config. I'll double-check, but yeah I think so. Oh, and to respond to your earlier comment about my work load (sendmail smarthost thread): I must have something REALLY important that I'm avoiding if I'm troubleshooting YOUR minor inconvenience. ;) ;-) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpuKxLlgPeqy.pgp Description: PGP signature
Re: sendmail SMARTHOST
On Thu, Apr 14, 2005 at 09:20:43AM -0400, Paul Lussier wrote: Michael ODonnell [EMAIL PROTECTED] writes: But I also can't tell waldo that it's in some other domain (either real or fictitious) because that ain't true, either. So, where's waldo? This is where it gets hairy. You can do this, but it's a whole lot easier if the domain you make waldo part of, does in fact exist. It also depends upon your motivation for having a different domain behind your firewall. It doesn't, really -- the steps are essentially the same whether the domain exists or not -- only the specific configuration data (mainly the domain name) changes. You can set up your systems to be in a separate domain that doesn't exist, but you'll still tell your mailer to pretend to be in comcast.net. Actually this is the normal case for e-mail software on PCs... That is, it makes no assumptions about what domain the sender is in based on the name or domain of the host -- the user can and usually MUST configure it. It's really no different with sendmail on Linux; the only difference is that if you have your own real domain, you can use it instead of using your ISP's domain. Case A: If you're just fooling around, and want to have a little network behind your firewall and have e-mail to/from family members on that network appear to be from some pseudo/make-believe domain which you haven't registered, yet you want mail outbound to the world to still work, it's a little complicated. It's not, really, as you yourself said later in the same post. Just configure sendmail to masquerade as comcast.net, as you mentioned before. Everything else is done as if you were using your own real domain, with respect to inside hosts. Done. There's no DNS to set up for outside hosts (i.e. you don't need MX records and such)... I think this option is actually slightly simpler. What you need to run this domain is some way to do hostname-IP address resolution[1] and a way to send mail. For simplicity, we'll just use host tables on each system[2] and assume all the other network parameters are correctly and statically assigned[3]. Host files are easy to configure, but hard to maintain. Every time you add a host, you have to update the files on every existing system. Still, if your network is going to stay small, you can avoid learning about how to set up DNS if you'd rather not bother... By contrast, DNS is a nice way to go. You have two options here, too: let your name server do all its own look-ups of host that aren't yours, or have it forward requests to your ISP's servers. Both options have advantages. Do it yourself: If your ISP's name servers stop working, you don't care. Yours keep working, as long as your connection to the Internet keeps working. Forwarding: The reality is that this option will probably give you better performance. BIND caches data, so any recently used host names will be in the cache. Your ISP's servers will be a lot busier than yours, so the odds of the host you're trying to visit being in the cache will be much, much greater. The real down side of forwarding is that DNS search order breaks (this might be fixed in BIND 9, but was definitely broken with BIND 4.x -- I haven't tried it since then). Say you have this in your resolv.conf: search pizzashack.org example.com dancer.net nameserver ns1.example.com nameserver ns2.example.com You want to look up a host called funky, in dancer.net. Usually this would sufice: $ nslookup funky Server: 192.168.0.1 Address: 192.168.0.1#53 Name: funky.dancer.net Address: 192.168.1.69 But if your server is configured for forwarding, it would only ever check for funky.pizzashack.org, and never find funky.dancer.net unless you gave the FQDN. Again, this may have changed since bind 4.x, but I haven't used forwarding name servers since then... Oh and BTW, the example is totally fictitious... Er, I mean it isn't as it turns out, but I have nothing to do with that domain, and pulled it out of... You get the idea. =8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpG9qN5GiBae.pgp Description: PGP signature
Re: sendmail SMARTHOST
On Thu, Apr 14, 2005 at 09:54:57AM -0400, Paul Lussier wrote: Any or all parts of the previous message may be factually or fictionally incorrect, will no doubt, be dutifully harped upon, picked apart, mercilessly disected, analyzed, and used to harass me by the likes of Ben Scott, Derek, Matt, and probably countless others. hehehehe... Hey! I'm not doing any of that... only AUGMENTING what you already said. ;-) By sending any mail with any or no content whatsoever to this list, it is implicitly understood and agreed upon by the sender that they could be submitted to the mind-numbing torture described above without any apparent provocation on their part, and absolutely no warning from the above mentioned list pedants. Oh, come now. To be fair Matt rarely does anything of the sort -- he has no time for such things... He's too busy WORKING. This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. Have a little too much free time today Paul? -8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpmAUNDj22Ut.pgp Description: PGP signature
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 09:25:58AM -0400, Travis Roy wrote: Since you are sending your email through their network, couldn't they find out this information anyway? How does not using their mail server prevent them from seeing the info you listed there? Not necessarily. Paul and I both run Sendmail, which is capable of doing all its transactions in an encrypted session via SSL (or TLS, or whatever it's called today)... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpqCdHO9xLjl.pgp Description: PGP signature
Re: Dereferencing links
On Fri, Apr 08, 2005 at 10:48:50AM -0400, Jim Kuzdrall wrote: Is there a command line function to collapse a group of symbolic links, replacing them with the files they reference? I tried: (cd /dir1 ; tar cf - .) | (cd /dir2 ; tar xf -) You need the -h option to tar. See the man page... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpQ7bSOTZC4z.pgp Description: PGP signature
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 03:18:23PM -0400, Bob Bell wrote: Isn't this scheme somewhat similar to SPF or DomainKeys? At least to the degree that it attempts to validate the domain of the sender? Yes. It's been a while since I looked at either, so I'm not sure about specific similarities and differences, but the ideas are pretty similar. I seem to recall that SPF has some serious limitations, but I can't recall what those might be (though I suspect searching for problems with spf or spf limitations would turn something useful up). I never really looked into DomainKeys in detail, but it probably works more or less like I described. How would this work with all the compromised Windows machines out there? Couldn't a spammer use such a network of compromised machines to send out emails through Outlook, etc.? (This appears to be a problem with most anti-spam approaches) There are, of course, those viruses which send themselves to everyone in your address book, and use your ISP's servers to send the mail. None of these schemes (including blocking the IP addresses of dynamic customers) do anything to solve that problem. As such, I'll exclude that class of compromises from the rest of the discussion. Aside from those, AFAIK, compromised windows systems don't generally use Outlook, they usually come with a small, basic smtp engine bundled into the malware. I suspect they do it because sending lots of spam through your ISP's servers is likely to get your account terminated, shutting down that channel for delivering spam. Blocking mail from these nodes might help, but probably not... At least not for long. As more and more ISPs block these addresses, the spammers will simply find other attack vectors. They always do. These could include setting up new, temporary open relays, attacking valid servers, etc. Ultimately, as I've said many times before, there is no method of fighting spam which will be truly effective. The best you can do is let the client deal with it by running spamassassin or similar. The only way to put a stop to the spam problem is to make it unprofitable for the so-called advertiser, by fining offenders a substantial amt. per individual spam message, and jail time for people who facilitate spam. But GW made sure that'll never happen with the bogus anti-spam bill... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpwkrwEaAtK6.pgp Description: PGP signature
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 04:22:49PM -0400, Derek Martin wrote: only way to put a stop to the spam problem is to make it unprofitable for the so-called advertiser, by fining offenders a substantial amt. per individual spam message, and jail time for people who facilitate spam. Note that what I meant to say here was that the OFFENDER should be considered the COMPANY whose PRODUCTS are being advertised. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpBbFkMBZRtA.pgp Description: PGP signature
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 05:10:17PM -0400, Kevin D. Clark wrote: Note that what I meant to say here was that the OFFENDER should be considered the COMPANY whose PRODUCTS are being advertised. No, the offender is the group or individual who causes the spam to be sent, not necessarily the company whose products are advertised. Ah, right. THAT's what I meant. ;-) The person who is selling whatever's being sold in the spam... including figurative uses of the word sell in the case that nothing is directly being sold for money. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpebH54Z9XEp.pgp Description: PGP signature
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 05:47:47PM -0400, Kevin D. Clark wrote: If I decide to send out bulk email urging people to buy Coca-Cola, who is at fault, me or the executives at Coke? Let's say that I have nothing whatsoever to do with Coke. OK I get it... I was being dense bot I got it now. ;-) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpzXFn5lsIyw.pgp Description: PGP signature
Re: I find this *really* annoying
On Thu, Apr 07, 2005 at 03:24:18PM -0400, Travis Roy wrote: Where did he say that he did not have business class? I had business class DSL and my IP range was still considered within a dynamic pool. Well, I happen to know that he doesn't, but your point is well taken. Some RBLs are careful to only block mail from IPs which are reasonably verifiable as spammers, but SORBS method is completely arbitrary. Just because an address is in a range that is served by DHCP doesn't necessarily mean that the user is a home user, nor does it necessarily mean that their ISP disapproves of them sending e-mail from their own systems. Some time should probably also be spent on explaining why SORBS is sometimes used as the sole factor in deciding whether to block e-mail. The fact is, using SORBS from within the MTA/MDA requires only a very low commitment of system resources, whereas using most other filtering techniques require substantially more system resources. Especially for very high volume sites, it's more cost effective. Or at least it seems that way... Businesses need to also factor in the cost of lost business due to legitimate mail which was blocked by SORBS, which is hard to do... If I sent mail to a company requesting services to a business, and their mail server blocked my e-mail, I'd personally be strongly inclined to turn to a competitor without making any further inquiries. I suspect I'm not alone... Filtering all mail through spamassassin or a similar filter requires substantial CPU cycles (potentially, depending on how it's configured), whereas relying solely on SORBS only costs a single DNS lookup. I think the cryptographic signature method is a decent trade-off. It requires DNS lookups to get the keys, and some CPU cycles to verify the signature, but it's harder to forge than a single DNS entry, making it more reliable than other DNS-based methods, and virtually guarantees no false positives, so long as site admins for any given domain do their job... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp9Ow6WHlhFp.pgp Description: PGP signature
Re: I find this *really* annoying
On Thu, Apr 07, 2005 at 05:04:43PM -0400, Steven W. Orr wrote: I just read your message and all the other replys that sprang forth. I am running a sendmail server off my cablemodem as well. Anytime I get a message delivery failure because of reason of coming from a dynamic address pool, I just add them to my mailertable and rebuild. Here's my mailertable: [SNIP disappointingly long mailertable entries] Sure, you can do that, and I'm sure Paul knows you can do that... But the point is, many of us run our own mail server specifically because we don't want our e-mail going through our ISP's servers, for whatever reason. So every time you have to add a mailer table entry such as these, you lose. The other thing that you should be aware of is that there are *lots* of rbls in this great big wide world. Some rbls are used to say that someone is a spammer, but not all. This is true, but it's largely irrelevant. Knowing what a particular black hole list does, and/or why it does that, doesn't do anything to erase the frustration of being unable to send mail to a site without resorting to means which are undesirable. The mail is being blocked, and that fact is completely out of your control. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgphPsLinWFes.pgp Description: PGP signature
Re: I find this *really* annoying
On Thu, Apr 07, 2005 at 10:31:39PM -0400, [EMAIL PROTECTED] wrote: From: Derek Martin [EMAIL PROTECTED] Date: Thu, 7 Apr 2005 15:14:45 -0400 and block that domain. Do it by having outgoing mail servers cryptographically sign messages with keys registered in DNS, and reject mail if the signatures don't match, or if the domain is known to mass mail spam. But DON'T do it by blocking everyone in the known I'm afraid signing SMTP won't help the spam problem. Sure it will, if implemented well. Even spammers have signatures. :) This would just provide connection-level security a la IPsec. The point is that you can block known spammers based on their domain, without needlessly penalizing the innocent. Reject if: 1) the message is not signed with the domain's published key 2) the signature matches, but the domain is a known spammer 3) there is no published key Otherwise accept. It would work like current RBLs work, except that you have pretty solid proof that the sender is or isn't coming from where they say they are. It adds documentable accountability. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
On Thu, Apr 07, 2005 at 10:53:46PM -0400, Derek Martin wrote: Reject if: 1) the message is not signed with the domain's published key 2) the signature matches, but the domain is a known spammer 3) there is no published key Otherwise accept. The problem, of course, is this requires 100% participation. But I think it definitely would work. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
On Thu, Apr 07, 2005 at 11:34:29PM -0400, [EMAIL PROTECTED] wrote: How do you propose a message would get signed with the domain's published key? By going through the domain's outgoing mail server? Relaying through your ISP already works... You're completely missing the point. My ISP's server is NOT my domain's mail server. The problem of being forced through official relays still remains. The difference is that *I* get to decide that *MY* server is official for my domain. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpVwUbc71NmW.pgp Description: PGP signature
Re: AAARRRGGGHHH!!! Re: USB CD Burners? - Problem
On Thu, Apr 07, 2005 at 12:31:15AM -0400, Brian Chabot wrote: A reboot (either a reboot command or an init 6 or 0) now hangs. This sounds very similar to problems I was having, except that I actually saw kernel oopses. Try a different kernel. I had the most success with Fedora's 2.6.8-1.521 kernel. pgp1gVOsg5wAa.pgp Description: PGP signature
Re: USB CD Burners? - Problem
On Mon, Apr 04, 2005 at 02:46:34AM -0400, Brian Chabot wrote: Now I burn a CD. Any CD. I like to make sure it burns well, so I have k3b check the disk and it gets about 70% of the way through and hangs for a few minutes. Then it errors out that the verification could not complete. Ben's suggestion is a good one. Also, what version of the kernel are you running? I've had a LOT of problems with my USB devices on different versions of the 2.6 kernel... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpUy7JP2nDF8.pgp Description: PGP signature
Re: USB CD Burners?
On Sat, Apr 02, 2005 at 10:46:21AM -0500, Brian Chabot wrote: Has anyone here had any good results with any USB CD burners running under Linux? Well, I have an HP dvd630e USB DVD burner that I'm quite happy with... FWIW it's about twice what you're looking to spend, but I think it's worth the extra money to get the DVD burner. Huge amounts of data, fast fast fast. And it burns CDs too, if that's all you really want. I'm hoping to pick one up soon, but the online documentation as to what works and what doesn't is kind of scarce. In theory, any drive should work fine, since they all pretty much just implement SCSI over USB. That's well supported in the Linux kernel. But as with everything else, YMMV. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpzwXLrW2YNb.pgp Description: PGP signature
Re: Annoying screen backspace problem
On Wed, Mar 30, 2005 at 07:18:13PM -0500, Dan Jenkins wrote: Derek Martin wrote: ... snipped a long, informative post ... Thank you for that good explanation. It reminded me of so much I had forgotten. (Pushed from my mind might be the better phrase.) bow You're welcome. :) On Wed, Mar 30, 2005 at 08:34:28PM -0500, Paul Lussier wrote: Derek Martin [EMAIL PROTECTED] writes: So really, there are two problems which have lead to the sad state of affairs bollixing up the backspace key. One is bad coding practices -- programs which assume that ^H is supposed to be backspace, or that ^? is, instead of letting the terminal driver do the translation as intended. The second is lazy or ignorant system administrators who have misconfigured termcap/terminfo databases. And the second has largely been relegate to ignorant/lazy system *vendors*, as most sysadmins nowadays don't even know the termcap db even exists! In my 10+ years as a sysadmin, I've *never* had to touch the termcap db (unless I was completely replacing it). If it's been horked, it came that way from the vendor :) Sure, but OTOH there's a lot the vendor can't account for. For example, if you bought a bunch of HP 900XX terminals, you'd find that they can be configured to emulate a VT100, vt220, vt320, and/or possibly others. You'll find that a number of terminal capabilities can be turned on or off in the terminal's configuration screen. And, last but not least, you'll find that the backspace key can be configured to one of several settings... Over time, the vendor might change the default settings, or the terminals might be configured differently to suit different applications which expect certain specific behavior. In the end, it's going to be the system admin's responsibility to make sure the terminals are configured correctly/consistenly, and that the termcap entries are defined properly/consistenly, etc. For those who might think, But no one uses terminals anymore, so it doesn't matter... I know of at least one company which still has thousands of dumb terminals in use (or at least did when last I had contact with them, which wasn't all that long ago), and I think it's not all that uncommon to find them still in places like government offices, schools, and libraries... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpC6ZhyJPvFH.pgp Description: PGP signature
Re: Computer Stupidities
On Wed, Mar 30, 2005 at 11:50:01AM -0500, Cole Tuininga wrote: A particular individual in a company I work for (not Code Energy) has semi recently been put in the position of being in charge of the marketing department. The downfall is that this person is one of the most technically inept people I've ever met. And even more unfortunate is that they are in the position of making far too many decisions involving technology. Hey, I think this person deserves a lot of credit! If a 5.3MB qt movie was file was reduced to 800 bytes, that's quite an accomplishment! Hmm... OTOH, something like ... fd = open(movie_file, O_WRONLY); ftruncate(fd, 800); ... would do the job. Though I can't say that the results would be all that useful... OTOOH, if your marketing user managed to do something like that, I'd still be pretty impressed! =8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpUF8T6v7xln.pgp Description: PGP signature
Re: Annoying screen backspace problem
On Wed, Mar 30, 2005 at 04:51:24PM -0500, Bill McGonigle wrote: On Mar 29, 2005, at 22:02, Ben Scott wrote: One thing I've always admired about Unix is that it no other system has more trouble going backwards It's true - why is this so hard? Is there a design deficit or just a common programming mistake? I think it's not a design deficiency at all -- in fact I think the design is quite good. The design takes into account that historically people connected a wide array of (potentially) vastly different terminals to Unix machines, and still had get them all to generate more-or-less the same characters. The problem of handling input from terminals of various design is a surprisingly complicated one... On one level, you have the terminals themselves: what keys generate what key codes. Then at the system level, you have to interpret what those key codes are supposed to mean. In many cases (such as with the X Window System) you have a third layer of terminal emulation that gets stuck in the middle. It's amazing that any of this works at all! The idea is that different terminals have different feature sets, and also use different character sequences to represent any given feature. In order to make this all work, you need a layer of abstraction in between the signal generated by the keyboard or terminal (the key code generated by pressing a given key) and the terminal feature it is meant to activate. If you didn't have this layer of abstraction in between, only one brand of terminal would ever work on a given system at one time... Your keyboard generates some key code when you press the backspace key. This code can vary depending on the model of the keyboard you have. The Linux console, and also the X window system, have a key map which translates these hardware-generated key codes into logical characters. Above that layer, you have the terminal driver, and the termcap/terminfo libraries. These interpret which terminal features those logical characters are supposed to activate. So, if your keymap has the wrong key code mapped to the backspace key, it sends the wrong logical character sequence to the terminal driver. Or, if your termcap or terminfo databases list the wrong character sequence for a particular terminal feature (or capability, which is where termcap comes from -- TERMinal CAPability), then your I/O will be flummoxed. If both are wrong, well... So really, there are two problems which have lead to the sad state of affairs bollixing up the backspace key. One is bad coding practices -- programs which assume that ^H is supposed to be backspace, or that ^? is, instead of letting the terminal driver do the translation as intended. The second is lazy or ignorant system administrators who have misconfigured termcap/terminfo databases. NOTE: for those who might be inclined to be offended by the use of the word ignorant -- I've used the word in its literal sense, meaning to be unknowing, rather than its popularly bastardized sense meaning roughly, to be rude, or to be inept or inadequate. I first remember having to put stty erase commands in my .tcshrc on an VAX running ULTRIX c. '91. It hasn't really improved since then (though my FC3 machines seem to behave better). I disagree... discounting the bug under current discussion, I think the situation with backspace has improved dramatically since when I first started using Unix 10 years ago... In recent memory, in homogenous environments, nary an occasion can I recall which the backspace problem has gotten in the way of me accomplishing whatever I was working on. [Again, save this bug in screen...] On the other hand, it does tend to happen when going between different Unix systems, because vendors can't seem to agree on which key sequences the backspace, erase, and/or rub keys should send, nor even what exactly should be done when they have been pressed. And that's assuming the given vendor hasn't decided to call those keys something entirely different... Sigh. Anyway, I think it's much better than it used to be. =8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpA32ikbbZwu.pgp Description: PGP signature
Annoying screen backspace problem
If you log in to remote machines frequently, you've problably used screen. If so, you've probably run into cases where backspace doesn't work properly sometimes, even though most of the time it does. I finally got annoyed enough that I tracked this down, and I thought I'd share my solution with you. Rather than type it all again, I'll just provide a link to the bugzilla report I filed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152474 -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpvjZVg76ZT1.pgp Description: PGP signature
Knoppix (was Re: Custom live CD)
On Mon, Mar 28, 2005 at 01:45:32PM -0500, Donald Leslie {74279} wrote: I have tried KNOPPIX 3.7 and 3.7 which both offer 2.6 kernels. I have had a number of problems in trying update the KNOPPIX copied to a local directory. Only tangientially related to this... While I was in Korea, my old Dell laptop experienced catastrophic failure (well, what REALLY happened was the power cable got caught on something, forcefully yanking it out of the power receptacle on the laptop, and breaking off the pins--making it impossible to power the machine or charge the battery)... So I set out to replace it. I went to a local electronics superstore (a place which is a bit like a computer show, with many different vendors, except that they sell a lot more than PCs, and it's a permanent business fixture), and I brought Knoppix with me on CD. I managed to pursuade several of the vendors to allow me to boot it, in order to test hardware support under Linux. I ended up getting a Toshiba Tecra M2, which I was able to determine was 100% compatible with Linux (albeit with a 3rd-party driver for the winmodem)... Knoppix is great... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpOHPJVPzy74.pgp Description: PGP signature
Re: Knoppix
On Mon, Mar 28, 2005 at 02:58:18PM -0500, Neil Joseph Schelly wrote: On Monday 28 March 2005 02:03 pm, Derek Martin wrote: Only tangientially related to this... While I was in Korea, my old Dell laptop experienced catastrophic failure (well, what REALLY happened was the power cable got caught on something, forcefully yanking it out of the power receptacle on the laptop, and breaking off the pins--making it impossible to power the machine or charge the battery)... You hit a soft spot on me here... I'm a big fan of my old Dell laptops I like them too... except that the keyboard on this particular machine is unusually clunky. But then, I normally connected an external keyboard to it, so it wasn't a huge problem. I much prefer a full-sized keyboard to any laptop's keyboard I've ever used... Anyway, my power connector on my last motherboard was screwed up just the same and I found a good cheap fix for it is the docking station. An excellent suggestion. I'll have to look into that when I get the chance... Thanks! -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpgEOjmmwIuS.pgp Description: PGP signature
Re: automount on debian help
On Fri, Mar 18, 2005 at 10:34:28PM -0500, Paul Lussier wrote: Derek Martin [EMAIL PROTECTED] writes: ...which is precisely what I wanted to know! He seemed unsure which he was running... The command I gave was tailor-made to determine that, and revealed that he was running autofs, but not amd. There's no point in looking at amd stuff, if he's not using it. And it's important to know what's /supposed/ to be running, especially if it isn't. Which it wasn't... Right, but he could have had it installed, and not configured to start, in which case, neither would have shown up in the rc3.d directory. Which would have been very helpful to know, don't you think? =8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpVoYCqfhyth.pgp Description: PGP signature
Re: now I did it ..
On Sat, Mar 19, 2005 at 11:21:07AM -0500, Mike Medai wrote: Okay, I guess I wasn't clear enough: this is -expected behavior-. There is *NO WAY* to access an audio CD with Konqueror, Nautilus, or most any other file browser. But that is the rub .. previously using Konqueror I WAS able to access the music cd and browse it. Verified. I'm not a KDE user, but I do have it installed... I fired up Konqueror, fed it the pseudo-URL audiocd:/ which was mentioned earlier in this thread, and was shown a view of the CD which included the actual CDDA tracks, as well as a series of pseudo-folders which contain the tracks listed by name (presumably requiring the ability to connect to a CDDB database), and also MP3 and OGG files. Pretty neat, though I'd never actually use it, myself... It would seem that you have somehow caused your system to become misconfigured, though I guess you already figured that... =8^) My first and best guess is that your symlink from /dev/cdrom is wrong... Normally one doesn't use /dev/srX -- I've often thought it was unfortunate that this sort of nomenclature shows up in the kernel messages... Most likely (since you said you're on a 2.4 kernel) your CD was originally configured to use SCSI emulation. You can try this command to fix it: # ln -sf /dev/scd0 /dev/cdrom If I'm mistaken, and you're on a 2.6 kernel, then most likely this command would be better: # ln -sf /dev/hdc /dev/cdrom Note: the '#' represents your system prompt, and signifies you should run the command as root. You should not type the '#' character! =8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpaWDsiib8oq.pgp Description: PGP signature
Re: now I did it ..
On Sat, Mar 19, 2005 at 03:45:39PM -0500, Neil Joseph Schelly wrote: On Saturday 19 March 2005 10:33 am, you wrote: Just for kicks, what is the output for this command then? ls -l /dev/cdrom /dev/sr0 /dev/scd0 lrwxrwxrwx ? ?1 root ? ? root ??3 2005-03-15 17:59 /dev/cdrom- sr0 brw-r-1 root disk 11, 0 2003-09-23 13:59 /dev/scd0 brw---1 mikemdisk 11, 0 2003-09-23 13:59 /dev/sr0 That's a bit odd there... I assume your username is mikem, but it's odd that the device would be owned by you if you didn't specifically set it that way - It's not odd at all: [EMAIL PROTECTED] ddm] $ ls -l /dev/cdrom /dev/hdc /dev/scd0 lrwxrwxrwx 1 root root 8 Mar 13 16:46 /dev/cdrom - /dev/hdc brw--- 1 ddm disk 22, 0 Feb 23 2004 /dev/hdc Linux has various software, such as PAM modules, which change the owner of devices commonly used by users. Most commonly, a PAM module called pam_console is utilized to change these ownerships when a user logs in on the consloe or an X session running on the local display. This allows such users to access these devices securely, without risking exposure of sensitive data which might be on those devices to other users. do you recall playing with these files' permissions before? Anyway, this ought to correct matters... as root: # chown root /dev/sr0 # chmod 664 /dev/sr0 # chmod 664 /dev/scd0 # ln -sf /dev/scd0 /dev/cdrom # adduser mikem disk I would advise against doing that, particularly if other users are able to access the system remotely, as it will allow them to read whatever is on the CD. If you ever mount sensitive data on the CD, it will be susceptible to being intercepted. If your system is strictly accessible only by you, this may not matter, but it is bad practice and totally unnecessary. On the up side, if you did take these actions, pam_console /should/ fix them for you after you log out... See the man pages for pam_console(8), console.perms(5), and maybe console.apps(5) for details. What IS odd is that with those permissions, he wasn't able to access the CD via konqueror. Mike, I /now/ suspect that your KDE Sound settings to be at fault here. Your system seems to prefer /dev/sr0, which is odd in my experience, but should work fine. However, your KDE settings, IIRC, were set to choose device automatically. It may be trying to use /dev/scd0, which you don't have permissions to use, because it's owned by root. If you change this explicitly to /dev/sr0, it may work again... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpkCJNllw6oQ.pgp Description: PGP signature
Re: High memory kernel support
On Fri, Mar 18, 2005 at 08:23:47AM -0500, Kenneth E. Lussier wrote: There is also the cryptography support. Gone are the days of having to patch the kernel for IPSec. Interesting indeed. I recently got wireless working on both my laptops, though I don't currently have any enryption going on the wifi network. I believe the Linux driver for the Intel 2100 doesn't support WPA, meaning the best I could do anyway is WEP, which isn't very good. I was thinking about using IPSec to solve that... Are you using IPSec now? I heard that FreeS/Wan forked... What code base are you using? Pointers would be useful. =8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpow6fMj7iKF.pgp Description: PGP signature
Re: automount on debian help
On Fri, Mar 18, 2005 at 12:15:24PM -0500, Kenny Donahue wrote: Hi all, I just switched from RH 7.2 to the latest debian. Everything seems to be fine except that I can't seem to automount to the Solaris exported directories on our network. So you're probably using autofs and NIS, right? Google searches have been useless. Tons of hits, zero content. I have access to a machine with working automount so if I had a list of files that need to be changed, I could figure it out from there. First, look at /etc/nsswitch.conf and check the entry for automount. If you're using NIS, you'll probably have to insert nis at the beginning of the line. Of course, your system will need to be an NIS client... If you're relying on files, you'll need to copy /etc/auto.* from a working machine. It's been a long while since I supported autofs and NIS, but I think that'll do it. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpJyK0KoEsfC.pgp Description: PGP signature
Re: automount on debian help
On Fri, Mar 18, 2005 at 02:00:37PM -0500, Kenny Donahue wrote: I know diddly about network stuff so I'll do my best to answer. I'm using NIS, autofs and amd (I think). That seems really unlikely; autofs (automounter) and amd are two different methods of accomplishing the same thing... It would be strange to be using both at the same time. autofs is generally considered to be the better of the two, so chances are that's what you're using, not amd. What is the output of the following command on both boxes? ls /etc/rc.d/rc3.d |egrep autofs|amd I don't have a debian box handy to check, but the path might be /etc/rc3.d on Debian... If the above gave you an error, try that instead. automounting is configured to use files. How was it configured on your old box? Can you look in /etc/nsswitch.conf on the old machine? -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp9hdXcHB3sC.pgp Description: PGP signature
Re: automount on debian help
On Fri, Mar 18, 2005 at 02:06:58PM -0500, Kenny Donahue wrote: If you're relying on files, you'll need to copy /etc/auto.* from a working machine. It's been a long while since I supported autofs and NIS, but I think that'll do it. That's what I did I even copied his /etc/nsswitch.conf. No good. Ok, let's backtrack a couple of steps... Can you mount the exported filesystems manually? Is automounter running on your system? What is the output of this command: ps aux |grep '[a]utomounter' What is the output of this command: ypwhich We'll get it solved, eventually! -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpRKxHGM16lS.pgp Description: PGP signature
Re: automount on debian help
On Fri, Mar 18, 2005 at 09:27:58PM -0500, Paul Lussier wrote: Derek Martin [EMAIL PROTECTED] writes: What is the output of the following command on both boxes? ls /etc/rc.d/rc3.d |egrep autofs|amd Hmm, personally I would have just done: ls /etc/init.d/a* especially since an ls of /etc/rc3.d is likely to reveal only a bunch of symlinks, which may or may not exist for either autofs or amd depending upon whether they're configured for that run level. ...which is precisely what I wanted to know! He seemed unsure which he was running... The command I gave was tailor-made to determine that, and revealed that he was running autofs, but not amd. There's no point in looking at amd stuff, if he's not using it. And it's important to know what's /supposed/ to be running, especially if it isn't. Which it wasn't... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpFamsmyV7vi.pgp Description: PGP signature
Re: High memory kernel support
On Fri, Mar 18, 2005 at 09:15:16PM -0500, Paul Lussier wrote: Derek Martin [EMAIL PROTECTED] writes: Are you using IPSec now? I heard that FreeS/Wan forked... What code base are you using? Pointers would be useful. =8^) OpenBSD.org :) It's the most secure, most stable OS out there right now, and IPSec is built-in to the default kernel. I'm in the process of building a VPN concentrator right now, and it's turning out to be pretty simple with OpenBSD. Far more so than if I had used Linux. All of that may be true, but at the moment I've no desire to run OpenBSD... Even if I did, given my current situation, it's a practical impossibility. At some point I want to get cozy with the BSDs, but today is not the day... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpCNnGYjH843.pgp Description: PGP signature
Re: High memory kernel support
On Thu, Mar 17, 2005 at 06:05:29PM -0500, Kevin D. Clark wrote: Derek Martin [EMAIL PROTECTED] writes: On Thu, Mar 17, 2005 at 05:27:25PM -0500, Ken D'Ambrosio wrote: In addition to that, IMHO, the 2.6 kernel is, BY FAR, the most stable .0 (and subsequent) release I've ever seen. Gone are the days of the 2.4.9 debacle, the 2.2.0 debacle, etc. It just goes to show that, as with everything else, YMMV. My experience has been quite diferent. I've had innumerable crashes and oopses related to USB in particular... My mileage does vary. USB has been quite a bit more stable for me with 2.6 than with 2.4. For me, it depends upon exactly which 2.6 version I'm using... I'm currently sticking with Fedora's 2.6.8-1.521 kernel, because the 2.6.9-X and 2.6.10-1.9_FC2 updates gave me problems with all of my USB devices. Specifically, when I connected an/or disconnected them, the kernel would frequently (but not always) oops, and the system would eventually stop working after that (not surprisingly). If I tried to shut down at any time after the oops, the kernel would invariably get wedged before the shutdown was complete. I think the 2.6.10-1.12 update was better, but I discovered that my (win)modem driver won't work with the 2.6.10+ kernel, so I haven't really had opportunity to test it extensively. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpnTV1NIG1ul.pgp Description: PGP signature
Re: now I did it ..
On Wed, Mar 16, 2005 at 07:53:04PM -0500, Mike Medai wrote: First, is the drive an IDE drive or a SCSI drive or an IDE drive using SCSI emulation? And what kernel version (2.4 or 2.6 is enough for me...). Looking through my devices, it seems to be listed under the SCSI area. The Kernel version is 2.4 (as returned via the kernelversion command). What does the output of this command show: $ ls -l /dev/cdrom Note: don't type the '$' character... It symbolizes your command prompt. Yes, data CD's are readily accessed. And yes, I was trying to mount an audio disc. You can't do that. ;-) I'd make sure the CD drive isn't being used by anything. Then, make sure you have all the libraries/binaries for lame/ogg/etc/ installed. How can I easily verify this? I've run the update(s) methods and checked packages .. but can't readily determine how to verify that I have everything needed. What distro are you using? Are you installing packages for grip, etc.? If so, where are you getting them from? If you were able to install grip, and you didn't have to specify --force (for rpm) on the command line, you have everything you need to use it. The rpm command (and the GUI programs that use it) won't normally allow you to install packages if you don't have the right prerequisites... Dropping a audio CD back into the drive, the icon again changes, and using Konqueror to look at audiocd:/ I find this instead: Why are you trying to use Konqueror to open your CD? Can't you just use KDE's CD player to play it? If you right-click on the CD icon, do you get a menu option to play the CD? [I'm not sure such an option should exist, though it seems logical... It's been literally years since I've tried to play CDs on my comptuer... I normally just play MP3s/OGGs these days.] The way I would normally think to start playing a CD would be to go to the system menu (The K icon on your KDE taskbar, or whatever they call it), go to the Multimedia menu, or Sound Video menu, or whatever seems closest to that, and run the CD player application. Does that not work for you? Rummaging around with the terminal I cannot locate the audiocd:/ anywhere. It's a fictional construct that KDE uses to represent an audio CD. There isn't anywhere on the file system which would correspond to an audio CD. In other words, you're never going to find it on the command line! It doesn't really exist... Kinda of .. I at least learned one new command today! Kernelversion .. which has to be run as superuser, though my Linux in a Nutshell book did not specify this. That's because you don't really need to be root to run it. You do, however, need to have /sbin in your $PATH, and by default non-root users usually don't have /sbin in their $PATH. LiaN should have a nice section on the $PATH variable, and what to do with it... But basically it tells the shell (the command interpreter) where to look for commands... If you add /sbin and /usr/sbin to your $PATH, lots of other commands will be available to you. Or, if you don't want to add /sbin to your PATH, you can just type the whole command path: $ /sbin/kernelversion 2.6 FWIW, the usual way to get the kernel version you're running is with the uname command, like this: $ uname -r 2.6.8-1.521 This, or some variation of it, normally works on other Unix variants, too. More or less... [The meaning is similar but may be subtlely different on other Unix systems.] For ripping CDs to MP3 or OGG, I second grip (and lame and oggenc). It doesn't matter if you're using KDE, so long as the GNOME stuff is installed on your system. If you got it to run at all, you should be ok. But you may need to configure it properly before it will do what you want it to do... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpGYsrB4MSHC.pgp Description: PGP signature
Re: ip vs. if{up,down}
On Mon, Mar 14, 2005 at 09:21:39PM -0500, Ben Scott wrote: On Sun, 13 Mar 2005 22:19:29 -0500, Derek Martin [EMAIL PROTECTED] wrote: Alexey's original code had almost no comments whatsoever... Duh. If it was hard to write, it should be hard to understand. Don't you know that? ;-) No, and I still don't! ;-) ... you can use ifup to bring up your dial-up connections on the command line. Yup. It's been this was since at least as far back as RHL 6.2. I suspect it's even older, but anything before that and I'd have to pull archive tape for my brain. Having never tried to use Red Hat's tools to configure dial-up networking until recently, I was unaware that they set all that up for you... I'd been configuring dial-up by hand since the Slackware 3 days, and I just toted my chat scripts with me when I moved to a new release/distro. I even hacked together a way to handle multiple dial-up connections, though it wasn't as slick as what RH does. All ifup foo does is look for a file /etc/sysconfig/network-scripts/ifcfg-foo Indeed. While I have understood how ifup worked since shortly after starting to use Red Hat (I was first aware of it in the 6.0 days), the part that surprised me is that someone had the bright idea to pretend that dial-up connections were the same as interface names, and make ifup do it all... Even more surprising was that it apparently came from someone at Red Hat. =8^) I'm slightly reluctant to ask the question, lest I start another flame war, but... How does Debian deal with dial-up connections? Or does it, even? Last time I used it, I had to set up my own chat scripts manually, IIRC. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpi02v6yMeht.pgp Description: PGP signature
Re: ip vs. if{up,down}
On Sun, Mar 13, 2005 at 07:34:32PM -0500, Ben Scott wrote: The traditional command to configure an interface on nix is ifconfig. [snip] The newer command is ip, which is part of the iproute2 suite. It provides a single interface to IP configuration, and breaks things nicely into the datalink and network layers, eliminating the trouble with multiple IP addresses per interface that ifconfig had. Another big difference is how these two tools interface with the kernel. ifconfig uses the older method of calling SIOC* ioctls on a socket associated with the interface, whereas ip uses a newer interface designed to provide cleaner mechanisms to handle multiple addresses, address families, routing, etc. Around the time when the ip tools first appeared, I was interested in re-writing the ifconfig and route commands to address some bugs and shortcomings in their functionality. I got about half way finished with (IPv4 support for) ifconfig when I learned there was a newer, better mechanism to handle everything. I stopped working on the project at that point, because Alexey's code wasn't well documented, and I felt some futility at having put in all that effort to learning the old method... I still think it would be nice to have working, fully-functional versions of ifconfig and route (for the sake of a reasonable amount of compatibility with other Unix variants), and I may continue work on it at some point, but there doesn't seem to be a lot of interest from what I guaged at that time... The iproute2 project now has a new maintainer -- perhaps the code is better commented. Alexey's original code had almost no comments whatsoever... The ifup/ifdown bit originated with Red Hat, I believe. They are configuration automation scripts which read config info from /etc/sysconfig/network* and act on it. ifup foo brings up an Interface profile, which might invoke ifconfig, ip, ipx_interface, wvdial, or any number of other tools. So ifup/ifdown function at a higher level then ifconfig/ip. Interestingly, if you use Red Hat's networking GUIs to configure dial-up access (for those of us unfortunate enough that we still have to use dial-up), you can use ifup to bring up your dial-up connections on the command line. For example, if you created a dial-up connection called ziplink, then # ifup ziplink will bring up your ziplink connection. At least, it does on FC2. It may or may not work on older RH distros. like virtual hosting). Finally, if portability is one's goal, ifconfig would be the best answer. I'm not sure I really agree with that... I think HP-UX and Solaris (not necessarily in that order) are the most popular Unix variants in use today, based on what I've seen in job postings. Their syntax for ifconfig (IIRC) is quite different than that for Linux. Is it based on BSD's ifconfig? I haven't managed a system which had the same syntax, AFAIK. It has some unusual options/flags/whatever, and the syntax parser is a little, um, eccentric... For example, it sets options as it parses them... so if you make a typing mistake, you could leave your interface in an invalid state, potentially cutting yourself off from the machine (possibly necessitating a trip to a remote facility to fix the problem)... This is one of the problems my re-write was designed to deal with. It parsed the entire command line before the state of the interface was changed. If an error occured, no change occured. IIRC, ifconfig will also let you do strange things like specify any number of addresses on the command line (which will change the address of the interface once for each address, leaving the last one you gave it. But I digress... I guess what I'm trying to say is that those just learning the network configuration utilities, it's probably best to do so using the ip tools. I believe the distros are generally switching to using ip in their rc scripts, too. ifconifig and route are broken, lack various functionality that ip has, and may even eventually not work at all, as ip becomes the standard way to configure networking on Linux systems. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpff1lvZ6Mqq.pgp Description: PGP signature
Re: Anyone else see USB keyboard problems on FC2 with the new '770' kernel?
On Tue, Mar 08, 2005 at 09:41:10PM -0500, Bill Freeman wrote: Fedora truly loads a lot of dreck: rfcomm, bluetooth, battery, other stuff I don't recognize. (What's the point of having modules FWIW, I'm running FC2 and I don't have those modules loaded, except for battery (which is good, since I'm on a laptop with a battery). Poking through the output of lsmod, I don't seem to have any modules loaded which I'm not actually making use of... Or at least, to say it a better way, I have hardware which corresponds to every hardware- related module, and I'm using all the software modules (like filesystem drivers, etc.). -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpDWg9hLVVzn.pgp Description: PGP signature
Re: Anyone else see USB keyboard problems on FC2 with the new '770' kernel?
On Tue, Mar 08, 2005 at 09:48:45PM -0500, Bill Freeman wrote: FYI, my USB keyboard, mouse, and flash drive all work fine with kernel-2.6.10-1.12_FC2 and kernel-2.6.10-1.14_FC2 (and all the FC2 and RH 7, 8, 9 kernels over the last couple of years). I have managed to get pictures off of my girlfriend's camera, but otherwise I don't use USB much, so maybe I've just had lucky choices. That's reassuring... Maybe I'll try to move to a more recent kernel and see if the other devices work. OTOH, right now I'm stuck on dial-up, and the winmodem driver I'm using doesn't seem to compile against kernel-2.6.10-1.12_FC2, so I may be stuck on 2.6.8-1.521 for a while yet... Incidentally, the new naming scheme seems to be an old naming scheme, with the -X.XX_FC2 being fairly recent, AFAIK... Or maybe they can't decide between the two and keep waffling... Mmmm, waffles. Gotta get something to eat. =8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpCSCYCwY98v.pgp Description: PGP signature
Re: id3v2 tag editing
On Wed, Feb 23, 2005 at 12:22:17PM -0500, Travis Roy wrote: Does anybody know of any id3 tag editors for the console that do v2 editing. I tried mp3info and id3ed, they are both id3v1 only :( Try id3v2. I seem to have gotten it from one of the semi-official Fedora APT repositories. I'm sure freshmeat or goole will turn it up. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpHxWUCCOWiu.pgp Description: PGP signature
Re: Speaking of SATA...
On Tue, Feb 22, 2005 at 11:26:13AM -0500, Bill McGonigle wrote: A point of order for the membership - I feel, at least in part, that reporting these into RedHat's bugzilla is inefficient as this is more of a kernel problem than a Fedora/RedHat problem. I suspect the appropriate kernel developers are probably not haunting RedHat Bugzilla. Two points... First, Alan Cox works for Red Hat, as do a number of other kernel developers. Red Hat has clout in the Linux world, and things that get their attention get addressed. That said, any given bug report may or may not get their attention. ;-) Secondly, if you're using Red Hat kernels, it's entirely possible that the bug you're seeing is not present in the Linus-blessed kernel. Red Hat adds a lot of patches to increase functionality/compatibility, improve performance, and fix bugs... These patches may not make it into the mainstream kernel for quite some time (if ever). Depending on your problem, Red Hat may be your ONLY recourse. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpboBY5MiHyt.pgp Description: PGP signature
Re: Debian flamewar (was: OpenOffice doc...)
On Thu, Feb 17, 2005 at 07:13:32AM -0500, Neil Joseph Schelly wrote: My shiny new (hypothetical) server hardware is only supported by the 2.6 kernel... What do I do? You're just being silly now. No, I'm not. If my server has a new mass storage controller that isn't recognized by the 2.4 kernel, but is recognized by the 2.6 controller, then debian stable won't install on it, but other more curent distros will. I'm not saying that such hardware exists right now, today, but it could, or it could tomorrow, and this kind of situation has existed in the past. Debian potato was impossible to install for a time on some hardware that wasn't recognized by the 2.2 kernel. The same will be true of sarge at some point, if it isn't already. Historically, IIRC, just downloading an ISO was not easy to do. If it is now, that's a welcome change. But I still don't want to spend 4 hours downloading a bunch of software that's 3 years old... How was it hard? You follow the links, visit the mirrors, and download it. I believe that's wrong. In the Bad Old Days, Debian didn't provide ISO images. You had to download all the files from the repositories, download some scripts, and make them yourself. Perhaps a long-time debian user here can confirm that this is correct? I'm talking maybe 1999 or 2000, but my memory's really unclear on this. APT does not and can not do this for you. At least, not all by itself. That's why configuration management doesn't depend on the package manager. So what then do you use for this? I can actually already see doing this with APT without issue. But maybe I'm missing something still. If you use APT by itself, you can't guarantee that all the systems will have the same versions, because APT doesn't schedule jobs. You need to use cron to schedule updates. Then, you need to have a local repository that you must build and maintain from which you can update, because if you use Internet mirrors for your updates, then you run the risk that some servers will get updated and others not due to circumstances outside your control. You probably can't update all your 1000 systems at one time, because it will overload your Internet connection. Then, since you're doing automatic updates, you need a process to update onto a test machine, run some automated tests to make sure that your next update won't blow up your environment in your face. And of course, you need a human to set all this up and make sure it doesn't break... APT alone can't do all that. No package management system can... That's why I use Debian. And Ben seems to make much more grounded arguments for his stance, for the record. I have trouble following yours and you continually keep jumping back and forth in your points. Bens's arguments and my arguments are the same. But how would you know? You already said you didn't understand what points Ben was trying to make... Essentially, there are three points here: Stability: Both Woody/stable and Sarge/testing have stability at this point. Testing doesn't always have stability, I'll admit, but right now, Sarge does. This point is useless, unless you're only going to administer your systems righ now. It doesn't work that way in real life. And how can you guarantee me that the next updates to sarge won't break it? Regardless of what you say about testing being stable, my experience prevents me from trusting it in production. Reliability: Both Woody/stable and Sarge/testing have reliability. They aren't going to be seeing any significant changes, software versions, revisions from here on out. Upgrades are safe with Sarge and very safe with Woody. And I've already said a dozen times or so that I consider Woody too old to use for most purposes, when you consider that all of the other major distros' stable releases have much newer, better performing, security enhanced, more featureful software. Will Woody: install on my new hardware which requires a 2.6 kernel? support NFSv4? support mapping UIDs on NFS? support selinux out of the box? configure my X display properly on well-supported hardware? support running a PDC and BDC using samba (requires Samba 3.0)? support my neat web app that needs Apache 2.0? The answer to all of these is no, or in the case of X maybe. Yes, you can upgrade and upgrade and upgrade until it does, but that totally defeats the point of using a distro, IMO. Cutting edge stuff: Woody is outdated and I've already accepted that. For servers, this generally isn't an issue, It's only not an issue if you're willing to settle for sotware that isn't as powerful as you could be using. And sometimes, even then, it can be an issue. The bottom line is Debian's cycle is just too damn slow to be useful in production. That doesn't make it bad, it just makes other distros better choices IMO. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This
Re: Debian flamewar (was: OpenOffice doc...)
On Thu, Feb 17, 2005 at 06:30:10AM -0500, Neil Joseph Schelly wrote: So use those kernels? It's still the same code. Pick your kernel from kernel.org or from various patchsets or what have you. The kernel really doesn't have to do with the distro. What part of the installer doesn't have the kernel I need to install this bloody distro on my hardware are you not comprehending? You keep telling me about mission critical systems in your business. You insist that stable is necessary for that, but turn the argument around when it comes to the shiny bleeding edge desktop and say that Sarge isn't close enough. You're suggesting that bleeding edge can't be stable... I think this is where you're going wrong. A new release of Red Hat Linux was generally pretty stable. There were always a few gotchas after it was first released, but no more than with Debian stable. Oh yes, as stable as stable is, it still has bugs, and requires updates. FC3 is probably a bad example, because Fedora Core is more bleeding edge and less reliable than stable releases of Red Hat Linux used to be, but that's intentional. So let's say Suse Pro instead. It's more current than Woody, and I believe more so than Sarge also, but it's still considered stable and by all acounts very reliable. At Mission Critical Linux, we used the latest stable releases of Red Hat for all new installs. Only the kernel guys ran Debian, they all ran unstable, and it was fine for them. But fixing problems they found was their job... so it worked for them. For everyone else, we had a lot of banging going on at our door whenever there was a slight glitch. Risking bugs in testing or unstable was not an option. Pick one point of view and stick with it. Once again, you're completely missing the point. Only Debian takes 3 years to put out a stable release. Other distros HAVE stability while also being more up-to-date. And because of that (and support reasons too), they are better choices than Debian for production environments. I am not saying Debian is bad software, it isn't. Nor am I saying you are a bad person for choosing it. There simply are better distributions for production environments. Your sysadmin team seems to agree with me, you've already said they use RH in production... Pick the right release for whatever you're using. Don't keep coming back to me and saying Stable is too old for a desktop and Testing is too unstable for a server. I'm not saying that at all. I'm saying Stable is too old for nearly ANYTHING, in a production environment, and Testing is too unstable for nearly ANYTHING, in a prooduction environment. The reason is simple: other distros have just as much stability while at the same time being newer and more featureful than their Debian counterparts. As a side issue, they also usually come with vendor support, though Red Hat seems to have dropped the ball on that account. If I were evaluating distros for production environments TODAY, I'd probably give Suse a good hard look before I even considered Debian. It's been a long time since I've seen what they have to offer. And if I didn't go with Suse for some reason, I'd almost certainly pick RHES or its counterparts over Debian. I'm well aware of that, but you're using that argument as a means of describing how neither is useful at all. No, they're plenty useful. But for the vast majority of production environments, other choices make more sense from both a usability perspective and a configuration management perspective. Most distros have a lot of their own bells and whistles to make a variety of things a lot easier. In my experience, Debian lacks in this department also, requiring a lot of things to be done manually and in some cases even painstakingly. New development happens in unstable/sid. I've said it way too many times now that, this close to a stable release, testing is just as solid on a desktop. Even if that's true (which I dispute), so what? The problem is that you are dependent upon being at a specific stage of a development cycle for that to be the case, and SANE businesses can't and won't depend on that. It's clear that you still don't grasp the ideas and importance of configuration management. I must not be required to change the software on my machine simply because the developers are entering a different phase of development... Reconfiguring systems must be done on MY terms, and my terms only. In other words, changes need to be able to be planned solely on busines need, not because of what the vendor is doing. You simply don't have that with Debian. To call it stable as an adjective is not lying. Calling it by the stable/testing/unstable release names is just semantics. That's preposterous. It's called testing because it's being tested. When problems are found, changes are made. I also occasionally write free software, and I had software which was in Debian testing, which was pulled from testing
Re: OpenOffice query: shutdown
On Wed, Feb 16, 2005 at 08:37:51AM -0500, Kevin D. Clark wrote: It looks like the thing that I want to mess with is gnome-session and gnome-session-properties. OO already has an entry in gnome-session-properties under FC2. Something must be going wrong in the interaction between gnome-session logout and OO. I'm still looking into this -- OO runs under the normal style, but I wonder if trash would do what I want? Kevin, what I'm trying to say is that the code is buggy, and it doesn't matter how you have gnome session configured for Open Office. You said yourself that the behavior seems to be variable... I think you're not going to fix this with a configuration setting. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpazp3gdL9sR.pgp Description: PGP signature
Re: OpenOffice query: shutdown
On Wed, Feb 16, 2005 at 08:37:51AM -0500, Kevin D. Clark wrote: It looks like the thing that I want to mess with is gnome-session and gnome-session-properties. OO already has an entry in gnome-session-properties under FC2. Something must be going wrong in the interaction between gnome-session logout and OO. I'm still looking into this -- OO runs under the normal style, but I wonder if trash would do what I want? My earlier comments were, I think, all too terse. Let me say that I am in no way trying to accuse you of being unreasonable, or to insult you in any way. If you have taken offense (as it seems you have), it is very likely that I have said what I wanted to say poorly, and so you have misunderstood my intentions. If that's the case, then allow me to apologize. I will attempt to clarify my intentions, and provide some useful information about gnome-session in the process. You have posted a problem and asked for a specific sort of solution, and, with respect, I'm only trying to point out that the kind of solution you're looking for in all likelihood simply doesn't exist, due to the natue of the problem. I have been a gnome user for a very long time, and I'm pretty familiar with gnome-session and what it's supposed to do. There are basically three main things that it attemps to do for a user: 1. Remember programs that a user is running, and start those programs in some specified order when a gnome session starts. This corresponds to the normal style setting in the session properties GUI. 2. Watch certain programs, and restart them if they are killed. This corresponds to the restart style setting in the session properties. 3. When the user decides to terminate their session, the session manager sends some sort of message to gnome-aware applications to tell them to clean up their act and exit. It does this to all gnome-aware applications, regardless of what setting is set in the session properties GUI. I believe it also tries to kill non-gnome-aware programs, but I am not certain if this is true. Presumably it would send SIGTERM to those apps, if it did, but I obviously don't know that for sure either. In my experience using gnome, since the 0.something days, it's this #3 which I have NEVER seen work reliably 100% of the time. This is the guy that's giving you the trouble. There is no setting in the gnome session properties GUI which has any affect on this behavior, to my knowledge. To make matters worse, it could be the session manager which is buggy, or it could be the program itself, or both. This is why I said the solution would come after debugging multiple source trees... In the gnome session properties GUI, there are two additional settings for style. The first is settings, which behaves very much like normal except for some subtle difference that I don't recall exactly. I think it has to do with the sequence in which these programs are started; probably they are started earlier than normal style programs, because those programs may depend on settings being set to operate properly. The second of the remaining styles is trash -- you said OO might behave as you want if you use this style. It won't -- or at least there's no logical reason why it would. This option is intended only to tell the session manager that it should not remember this program, and not start it when future sessions are started. If changing the style thusly does in fact change the behavior, it is almost certainly due to a bug somewhere. I have seen GNOME's session manager misbehave in various ways when terminating applications after the user logs out since the beginning of time (in GNOME terms, that is). The only reliable way to ensure that an application, gnome-aware or otherwise, terminates gracefully and saves data properly has always been to use that program's provided mechanism for exiting (and in some cases even that doesn't work reliably! ;-). Based on what I have seen during my many years experience using and supporting computers, it would seem that it remains so today. I agree with you entirely that this should work, and quite often it does; but in practice it just doesn't work reliably, and in my experience no configuration setting is going to fix that. It doesn't even matter if the application is gnome-aware or not. HTH. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpE3AVhKEM82.pgp Description: PGP signature
Re: Debian flamewar (was: OpenOffice doc...)
On Wed, Feb 16, 2005 at 09:01:13PM -0500, Neil Joseph Schelly wrote: Similarly, most packages don't rely on more packages. So another maintainer responsible for another package means he or she will do what is necessary to keep track of its dependencies and that will be the same number of dependencies as most apps, namely just one or two. Your example assumes that all packages interfere or interact with all others and that's unnecssary complexity. Anyway, I'm not a math guy and this is a null argument here anyway. It isn't a null argument; you're missing the point. It isn't that the package depends on all the other packages, clearly that's not the case. The point isn't even that it does or does not interfere with some other package. The point is that it *MAY* interfere with other packages unexpectedly, and you have to test them all in order to be certain that it doesn't. This slows the testing process down, and is a big part of the reason it takes 3 years to release a stable release. Exactly my point. testing and unstable are moving targets. It's in flux. To test something, it needs to be *unchanging*. [SNIP] Testing doesn't change significantly that fast. And by the time stable is outdated, testing is good enough that it can be safely used instead. My experience has been different. I once installed testing on my workstation at work, and nothing worked. Granted this situation isn't normal, but it illustrates the point. That hypothetical example I gave about glibc wasn't hypothetical at all... Though it may not have been glibc specifically, I don't remember. Something made my system unusable. I didn't have time to mess with it, so I promptely re-installed RH... feel fine with Testing running in production. You shouldn't; and if you keep doing it, and run regular updates, I'd bet big money that eventually you'll get bitten by it. And when Testing is unreliable, that means a new Stable has just been released that will be modern enough for at least a year for all intents and purposes... especially in a business environment where the latest/greatest toys aren't necessary. Newer software may not strictly speaking be necessary, but it's often desireable, because it's just plain better. Faster. Less buggy. Have nice features that make life easier. What have you. If performance is a factor, newer software usually performs better, because the developers have had the chance to do more optimizing (however notable exceptions abound). Newer software often has done a lot more than just plugged up old security holes; often it has re-designed the entire security model to make it inherently better. Sometimes, newer software just has happy bells and whistles that make managing it a lot easier than in old versions... Right, but now I just can't type apt-get install foo and magically have everything work. And one will quite quickly get into the dependency hell that people are all too quick to blame on RPM. I do this all the time for this or that package on my KnoppMyth install and haven't run into a problem yet. That doesn't mean you won't; it only means you've been lucky thus far. I have done similar things and been bitten by them. Cool. Wanna tell me how I use it? I've got Debian 3.0r2 images on my hard disk. (I see 3.0r4 is out now, but they keep telling me not much has changed...) I've attempted installs of this Debian before, but my HD is When you get to the bootup, there's a choice of kernels and you choose the bf24 one for a 2.4 kernel rather than a 2.2 kernel. My shiny new (hypothetical) server hardware is only supported by the 2.6 kernel... What do I do? The Debian zealots I know have been telling me the installer is going to get much better Real Soon Now for over five years. You'll pardon me if I don't hold my breath. :) It is. It's not coming soon - it's here. Download a Sarge ISO and see for yourself. I have... I admit it was much better than the potato installer, but that didn't take much. It still seemed to me like it was a bit behind the times... As for X being configured in a grossly sub-optimal state, that seems absurd. All the other major distros have been getting that pretty much right for a LONG time now. If nothing else, Debian could just steal code and have it working tomorrow... If you're looking for a GUI, then you'll still be disappointed, but I don't care about eye candy for something I see so rarely. If you're a sysadmin for a large site, you tend to see it quite often. I don't care about the eye candy that much anyway, but I still found it to be, um, let's say my least favorite installer of all the major distros. :) You could... I'd just download a Sarge ISO. Historically, IIRC, just downloading an ISO was not easy to do. If it is now, that's a welcome change. But I still don't want to spend 4 hours downloading a bunch of software that's 3 years old... I don't
Re: Debian flamewar (was: OpenOffice doc...)
On Wed, Feb 16, 2005 at 09:15:29PM -0500, Neil Joseph Schelly wrote: And so what if it's ludicrously rock-solid, if it doesn't recognize my hardware? Not so useful, regardless of how stable it may be... Debian uses the same kernels as everyone else. In point of fact, no it doesn't. For example, Red Hat kernels contain many performance enhancements, bug fixes, and functionality enhancements that other distros don't have. I don't know what Debian's kernel devel process is, but they either use Linus kernels, or more likely they apply their own set of enhancements. Either way, they're not using the same kernels as Red Hat. And business desktops by the way, since you brought it up, rarely have need for things past stable. You keep talking about need... It isn't always about need. If I'm running Sarge, and the guy next to me has FC3, but his system can do neat things that mine can't, I'm gonna want what he has... If Debian Testing is unsuitable as business desktop OS, then I'd say nothing in the Linux world is particularly ready yet. just close. Well, I'd say I don't agree; see above. I never said it was impossible to use Sarge as a desktop distro; there are simply better choices. You're missing the point, which is something like, If it ain't stable, it ain't usable. This doesn't mean that YOU can't use it, it means that the management of an organization can't risk using it, because if there's a problem, it could mean a serious loss of work/time/money/etc. In practice, so-called stable releases of certain software may be no better, but you're never going to convince a non-technical manager type that it's a good idea to use something which is not considered production- quality by the people who are developing it... And you're missing the point. Don't ask your manager to approve the use of testing/unstable because it's just a name. Call it Debian Sarge and call it a solid release that is under modern development and always up to date, within a reasonable few weeks timeframe to work out any bugs in new development. I'm sorry, but your point is just wrong. I can't do that, because it would be lying. It ISN'T stable. THERE IS NO NEW DEVELOPMENT IN A STABLE RELEASE. When everyone's systems break because we apt-get upgrade to broken changes in testing, I'd get fired. You can't try to tell me that it wouldn't happen; I've SEEN it happen. These are tired arguments... Testing is quite stable and reliable and up-to-date. It isn't stable ENOUGH. I refer you to my last post re: configuration management and my comments above. Take that assumption and you realize that everything you said above is meaningless. That assumption is patently false. If you haven't tried running Sarge though, then you're really not qualified for further telling me I don't know what I'm talking about. I have tried it, and it was in fact Sarge which caused the problem I was refering to above , when it was testing. I installed it last year when I was in Korea, also. I found it lacking features that I was accustomed to, so I got rid of it. Incidently, around the time I had my troubles with testing, one of my coworkers actually tried selling the idea of using Sarge/testing on all our systems... If we had done that at that time, the whole environment would have become useless that day, and I'd have been out of a job. Fortunately, a different coworker pointed out that at that specific point in time, Debian unstable was actually more stable (i.e. reliable) than testing was. We decided to stay with Red Hat. ;-) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgptDpEw05tR4.pgp Description: PGP signature
Re: Debian flamewar (was: OpenOffice doc...)
On Tue, Feb 15, 2005 at 06:26:46AM -0500, Neil Joseph Schelly wrote: No, it takes a **LOT** longer. If the number of components in a Configuration Management scenario is N, then the number of potential interactions is (N^2)-N. Think about that for a minute. I don't buy that. It takes a LOT longer for it to hit stable, but by that time it's ludicrously rock solid. Um, huh? It strikes me that you said, I don't buy that, and then proceeded to agree with everything Ben said... And so what if it's ludicrously rock-solid, if it doesn't recognize my hardware? Not so useful, regardless of how stable it may be... This assumes they are too slow, but I don't feel too limited by that release cycle anyway. There's an appropriate Debian release for every machine out there, 90% of the time. I can't agree with that, and just the fact that you said it suggests to me that you're not a system administrator. Ignoring for the moment the lack of vendor support options from Debian (being not a company), most businesses have little tolerance for unstable software. The non-stable branches of Debian update far too often to be useful as a standard desktop platform for support reasons at most companies who have their heads on straight. Notable exceptions for companies whose business is directly Linux-related... At any given moment, both testing and unstable may be completely broken by a recent change (such as a glibc update). To system administrators trying to manage 100 or 1000 desktop systems, that's just unacceptable. The stable branch isn't current enough to support the newest hardware, even on the day it's released. It too is unacceptable as a choice for deskopt OS, IMO. Debian isn't a good choice for corporate desktops in typical environments, IMO. As soon as you switch to a spin-off, you lose the benefit of the huge Debian repository. Not true. KnoppMyth does a great job of running my TV. And they manage their own repository (in addition to the Debian testing/unstable ones and a few others). If I really want, I can install anything from there, but then again, I don't need that on my TV. If I needed the full repositories, then a spin-off wasn't the right choice I'd say. You appear to be contradicting yourself... Once more, servers don't need the latest greatest KDE and Gnome ... No, but it would be nice if they could install. At this point in time, the current stable is so badly out-of-date that I can't even depend on it to see most of the mass storage devices I work with. That's sorta what I said above, but a different kernel, even for the install, is rather painless and can fix your storage problems. Maybe. Upgrading the kernel may require the upgrade of additional support software too, such as for example updated NFS tools, raid tools, and others. It may also require upgrading packages that aren't related to the reason for the change, such as firewall tools. At that point, you've got a maintenance nightmare, and you're much better off just choosing a more modern distro which has what you need. In the world I work in, just use testing/unstable/etc. is not an acceptable answer. I like to say that CM is basically taking the aphorism Better the devil you know and turning it into a science. When you're deploying tens, hundreds, or even thousands of computers, you need to be able to keep track of what is where, and when. Stable/Testing/Unstable are just names. If you don't like them called that, then call them Woody/Sarge/Sid. You're missing the point, which is something like, If it ain't stable, it ain't usable. This doesn't mean that YOU can't use it, it means that the management of an organization can't risk using it, because if there's a problem, it could mean a serious loss of work/time/money/etc. In practice, so-called stable releases of certain software may be no better, but you're never going to convince a non-technical manager type that it's a good idea to use something which is not considered production- quality by the people who are developing it... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp8QRuvnzrB1.pgp Description: PGP signature
Re: OpenOffice query: shutdown
On Tue, Feb 15, 2005 at 11:39:40AM -0500, Kevin D. Clark wrote: Is there any action/configuration that I need to take in order to get OpenOffice to exit more cleanly in this situation? Use file-exit from the menu? In all seriousness, while I would agree with you if you made the argument that OO should responsibly handle signals and exit cleanly, I don't think it's a tenable position to argue that you should be able to depend on a clean exit when you essentially crash the program by forcibly disconnecting it from the X server to which it's connected... I know nothing about the code, but I can imagine that a program which is so large and complex might make for tricky proper handling of signals... Like the doctor said, Don't do that. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp4LyWksLtRO.pgp Description: PGP signature
Re: Problem with terminal line wrapping
On Tue, Feb 15, 2005 at 01:39:47PM -0500, Ed Robbins wrote: I'm having a problem with line wrapping in SuSe 9.2 and I'm hoping someone can help me out. [SNIP] Any ideas or possible fixes? Switch to Red Hat? =8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp3q1Rpx0FhR.pgp Description: PGP signature
Re: OpenOffice query: shutdown
On Tue, Feb 15, 2005 at 10:43:57PM -0500, Benjamin Scott wrote: The thing is, from what the OP is saying, OOo *used* to prompt him if he was sure he wanted to do that. Obviously, X11 hasn't shut down at that point, or he wouldn't get the prompt. I assume that before OOo and GNOME were speaking to each other, and now they're not. I have no clue as to how they did then or why they're not now, though. That's a good point, but I still stand by what I said... This is not the normal way to exit a program, and I don't think it's a good idea to rely on it working properly. Gnome has come a long way, but I still find there are quite a few things about it which behave strangely and/or unreliably. For example, the panel often forgets to autohide... Sometimes when I exit my session, it just sits there and hangs... I can move my mouse and use windows which are on the desktop, excpet for the panel. And all nautilus functions stop working (presumably because it's been killed). Sometimes, if I kill all the apps on my desktop, the session exits. Other times, I actually need to hit ctrl-backspace to kill X. My point is, I don't think exiting gnome is reliable, period. Expecting it to make your apps die gracefully is, IMO, expecting too much, regardless of past performance... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpOUvQy88k4s.pgp Description: PGP signature
Re: OpenOffice query: shutdown
On Tue, Feb 15, 2005 at 11:11:09PM -0500, Kevin D. Clark wrote: In all seriousness, I don't think that I am being unreasonable when I expect a program to shut itself down cleanly. I don't think you're being unreasonable either; just unrealistic. I have a sneaking suspicion that the solution you're looking for will come at the back-end of a long debugging session involving the source trees for multiple programs... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpZlzif3UKGE.pgp Description: PGP signature
Re: Debian flamewar (was: OpenOffice doc...)
On Wed, Feb 09, 2005 at 10:42:15PM -0500, Benjamin Scott wrote: On Wed, 9 Feb 2005, at 4:27pm, [EMAIL PROTECTED] wrote: Debian's equivalent of rpm is dpkg. Apt is sort of like up2date on a large quantity of steroids. 8) I've never, ever been that impressed by the functionality of apt-get vs anything else. Yes, it manages package dependencies. So do/did yum, up2date, rpmfind, and autorpm. I've been having my RPM dependencies solved for me for years and years. It just really ain't all that impressive. Get over yourselves. The size of Debian's main package repository (the distribution, really) is really what most Debian zealots like when they say they like apt-get. I couldn't agree more. Unfortunately, it appears to me that Debian people, apparently as a universal rule, have no concept of software configuration management at all. Here again, I couldn't agree more. And I also get a little incensed when I hear people tlalking about how superior Debian software is than Red Hat (or choose your favorite other distro to beat on). I've managed both of these, and others, both on my own personal systems and in corporate environments, big and small. By and large, the software is the very same software. Despite Debian's long testing cycles, they still ship with loads of strange bugs, and I seem to be good at finding them all. ;-) Red Hat isn't better; they're just different. Frankly, I'm not even all that impressed with apt's dependency resolution skills... I've come across several situations where it was impossible to install a package I wanted, because its dependencies had been removed from or otherwise didn't exist in the repository. I've also come across situations where doing a dist-upgrade completely broke my system. Red hat isn't better here either, and admittedly probably worse. But then, regardless of OS, I'd much rather do a fresh install than an upgrade any day. It's kind of like moving; it's a PITA, but it gives you a great opportunity to do house cleaning. ;-) One reason I always shied away from Debian is because it was hard to download CD images... you had to build them yourself. While I've heard that they provide all the tools to make it easy to build the CDs, I have to confess that I spent long enough wandering around the maze of their documentation that I just gave up. Regardless, it's an extra step that frankly, I want my distro to do for me. I've also seen Debian packages configure things in strange ways that (IMO) no self-respecting system administrator would ever imagine... In that regard, I do actually think Red Hat is better, but that may just be a matter of personal preference. Another really impressive but usually overlooked feature of Debian is the general attitude that Free Software and community development are the way to go. Things like the Debian Social Contract and the Debian Free Software Guidelines. No other major distribution has anything like that. Debian takes the Free Software mindset (the bazaar if you're an ESR fan) and applies it to the entire distribution. That's cool. Agreed too. I also like Debian's emphasis on accountability. Each package has an official maintainer, who is ultimately responsible for that package. You're not dealing with a faceless corporate entity. Got a problem, contact the maintainer. Maintainers need credentials (signed keys or a photo ID), and have an existing maintainer vouch for them. Nice. Red Hat has something similar in their development team, but the difference is that the assigned maintainer is YAUPOWE (Yet Another Under-Paid Over-Worked Employee). But I'm not sure if there's any practical difference here. A lot of times the RH guys push stuff off on the official maintainers, who often are the Debian maintainers too. The bottom line is the better distribution is the one you find easiest to work with for whatever purpose you have in mind... Inherently, they're all about the same. -8^) [-- I'm going bald...] -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpjrW4nLW1WA.pgp Description: PGP signature
Re: cron job verification
On Wed, Feb 02, 2005 at 10:45:31AM -0500, Bob Bell wrote: On Wed, Jan 12, 2005 at 12:15:46AM -0500, Derek Martin wrote: #!/bin/sh # NEVER start shell scripts as #!/bin/bash -- it can lead to strange # and unintended results. Like what? I've never had a problem. If I specifically am using bash features, I always say /bin/bash, as /bin/sh could mean Bourne shell or POSIX shell. If you invoke bash as /bin/bash, it will source all your environment files (usually just your .bashrc, since normally it won't be invoked as a login shell in this manner). This can cause unintended effects. I ran into this problem when I installed Debian 2.2 on one of my systems. When I logged into the system, IIRC X started up but I couldn't do anything in any of the xterms I started... That is, I never got a prompt, and the system came to a grinding halt. I was able to log in at a virtual console and see what was going on. In my .bashrc file, I had some code that used the which command to set some variables. On Debian 2.2, the which command was a shell script which was invoked as #!/bin/bash. This was causing an infinte loop, where a bazillion /usr/bin/which processes were running and not completing. IIRC the most bizarre part of this was that if I logged in (as myself) on the console, the effects were different than if I logged in under X. I was never able to determine why. Note that I set the resource XTerm*loginShell: true in my .Xdefaults file, so there should be no difference (that I can think of) between my xterm shells and one started on a VC. rsync options if ! $? ; then echo -e \nrsync completed successfully!\n else echo -e \nrsync failed!\n! fi That won't work. As you said, $? will evaluate to an integer, which the shell will then (unsuccessfully) try to execute. You want either: You're right, sorry! My shell coding is a bit rusty these days. :( This is the one I meant: if [ $? -eq 0 ] ; then -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpXPIKSxdCpV.pgp Description: PGP signature
Re: cron job verification
On Wed, Feb 02, 2005 at 08:41:23PM -0500, Bill Sconce wrote: P.P.S. On many systems if you do an ls -l /bin/sh you'll find that this isn't an actual executable but a symbolic link. On my (Debian) systems it's a symbolic link which points to ...surprise, bash: Sure. But I think it's important to realize that bash behaves differently when invoked as sh than it does when invoked as bash... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgp2y6eGBcHF2.pgp Description: PGP signature
Re: mail archives
On Thu, Jan 27, 2005 at 03:31:35PM -0500, Travis Roy wrote: When this came up before (with Derek) many found having the email addresses available to be useful. At this point I feel the need to interject. A number of people have pointed fingers at me for bitching, but a number of other people also complained about it. I'm not the only one who feels strongly about this issue, even if I did squeak the loudest. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: mail archives
On Tue, Jan 25, 2005 at 08:33:21AM -0500, Travis Roy wrote: Indeed, there was no discussion of whether this was an actual problem or not before this change was made. No discussion at all. Oh no.. I have a feeling this is going to start the whole public/private email crap.. More emails from an invalid email address I assume :) For a moment there, I thought I was reading Slashdot... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpeAB8mtGx5n.pgp Description: PGP signature
Re: mail archives (was: Another ACPI anecdote, plus footnotes)
On Mon, Jan 24, 2005 at 03:44:52PM -0500, Tom Buskey wrote: Seriously, if you can remove all email addresses from the archive, I'd bet you'd solve 90% of the problems people have with creating an archive. I'm pretty sure I've historically been the most vocal complainer, and I've followed the arguments pretty closely. I can say that - I have no problem whatever with archives existing - I have no problem with /my/ posts being archived [but see below] - I do not feel that any such archive need be protected by passwords My one single objection has always been to the fact that my e-mail address appears in a public forum which is very easy to harvest, and that this unquestionably leads to an inflation of received spam (i.e. at the mail server, before any filtering). This includes cases of my e-mail address being included in attributions and quotes in other people's posts, which I have no control over. The above 3 statements are true, PROVIDED all references to my e-mail address are removed before inclusion in any such archive. As things stand, purely from the standpoint of self-interest, I no longer care about this issue. The reason for that is the address with which I post is not a valid e-mail address. Mailman allows for certain tricks which facilitate this. From the perspective of my view of how things should be in the universe, I do still think that the archive should not be established unless references to e-mail addresses are removed. However for obvious reasons, I no longer feel the need to argue the point quite so vocally. Actually, I'd like to see this behavior on the physical messages which are sent out by the mailing list software to the subscribers also; but I'm not even going to go there... The other 10% will beat the topic to death with (a few) real and (many many many ) hypothetical situations until you give up in frustration. Based on my recollection of the discussions, I believe removing addresses will remove much closer to 100% of the complaints. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpDuzwbIwecy.pgp Description: PGP signature
Re: [OT] How to get calling number when CallerID reports unknown
On Fri, Jan 14, 2005 at 12:23:20PM -0500, Larry Cook wrote: How do I go about getting the calling number from the phone company when my CallerID reports it is unknown? Actually, it's my office's internal phone system reporting it as External Call - Unknown Number, but since I see all other numbers I assume this has something to do with CallerID blocking. Well, from the research I did into this when I started to think about issues with caller ID, the short answer seems to be that you don't. If you have a legal issue which is prompting your request, the number can be gotten with a court order, but you don't get it, law enforcement does. Usually, a number comes up as unknown if the caller's phone system doesn't communicate caller ID info to your phone system. This can be for any number of reasons. Incidentally, if someone is using caller ID blocking, there is a feature you can use to prevent them from being able to call you -- that is, their calls won't get through unless they disable caller ID blocking. Don't remember how to activate it, though. I'm sure the phone company can give you details. Don't know if it would work with business phone systems (i.e. on the receiving end), but I imagine so... But caller-ID-blocked calls show up as private, not unknown. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpwtyGgcm7TN.pgp Description: PGP signature
Re: cron job verification
On Tue, Jan 11, 2005 at 10:37:04AM -0500, Ed Lawson wrote: I have several cron jobs that I have written to sync various directories and to do backups. I did this via crontab -e as root. My question is how do I verify the operation of the these jobs. I thought there would be mail sent to root or its alias upon completion, but there is none. Cron normally only produces e-mail if the script/command you ran had output. The mail will go to the user as which the commands ran, in this case root. What is the best way to receive verification or otherwise check on whether or not the job ran and if it ran to completion properly? Well, rsync conveniently provides an exit status which indicates its success or failure, which you can use to good effect. Wrap your cron job in a shell script, which looks something like this: #!/bin/sh # NEVER start shell scripts as #!/bin/bash -- it can lead to strange # and unintended results. rsync options if ! $? ; then echo -e \nrsync completed successfully!\n else echo -e \nrsync failed!\n! fi # end of script $? is always an integer which holds the exit status of the last completed command (so there's never a need to put it in quotes, unless you want to be sure the shell will treat it as a string). The if statement basically says if the exit status is zero (success), indicate success. Otherwise indicate failure. The ouput should be mailed to root. There are a variety of ways to make your normal user account get this mail, but the best is to simply alias root to your normal account, as mentioned by someone else. HTH! -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpoq255f4onG.pgp Description: PGP signature
Re: [OT]America. The land of the not-so-free (economy)
On Sat, Jan 08, 2005 at 10:44:11AM -0500, Fred wrote: The fact is, the average American can't be trusted to manage their money. Case in point: the ever-rising credit card debt owed by American citizens... Hold it right there! What is this can't be trusted statement? Can't be trusted by whom? Why is it even an issue of trust? It was a turn of phrase... It's not an issue of trust, but one of an unfortunate reality. Average people aren't good at managing their money, and they never will be. In principle, I agree with you -- people should make their own choices, and live with the consequences of them. In practice, the world doesn't work that way anymore. If you try to make that happen, you're condemning a whole lot of people to poverty, misery, and/or even death. Our society has this idea that, because we are civilized (whatever that means) and intelligent (for some definition thereof), and our civilization is wealthy, we have a moral obligation to care for those who need it. We can not allow people to die just because they have made bad choices in life, or are much less fortunate than some. This is an idealism which I think nearly everyone agrees with, at least in some capacity. However, idealism aside, there are practical issues to contend with. In today's modern world, there are an abundance jobs which don't pay enough that those doing them can actually afford to feed and house themselves. These people absolutely CAN'T manage their own retimrement -- they can't even eat dinner some days. Someone who cleans toilets at McDonalds in Boston probably falls into this category. But we need people to do these jobs, too. In the old days, things were a lot different. All you needed to do was find a plot of land which no one had claimed already, build a little house there from the abundant forestation, and grow stuff. Life was relatively easy. If you ran into trouble, your neighbors would probably help you out. More of that moral obligation idea at work. These days, people are too busy working 12 hours a day to feed their families (and their excesses) to hve time to help you. So instead we collect taxes, and redistribute the money in as fair a manner as we can manage. It's not a perfect system, by any means, but most people (even many people who call themselves libertarians) find this preferable to letting people starve to death on account of some misfortune. Libertarians and Socialists. Libertarians feel that everyone should be responsible for their decisions -- and live and die by the results. Socialists feel that everyone must be protected from themselves. Even I don't think people should be protected from themselves; but at the same time, I don't think it's unreasonable to be compassionate to people who have experienced hardship. If you've ever collected unemployment, you'd probably have starved to death if this extreme libertarianism that you're describing ever had come to pass. Which raises an interesting point. Have you ever collected unemployment? If so, one might go so far as to suggest that you are being hypocritical... [This is rhetoric. I'm not really interested in the answer, just making a point.] at gunpoint, which brings a supreme irony to that view. I will protect you from yourself, even if I have to kill you to do it! The other fact is, even smart invenstors screw up -- big time. So what? So, most people aren't smart investors. Left to their own devices, most people WILL lose their nest egg. I can't see any way in which this is good for society. How many people committed suicide after losing all their money in the financial markets during the Great Depression? So what? So, if you get rid of SS, and force people to fend for themselves, a lot of them will starve to death when they get to retimrement age. It already happens more often than it probably should... I don't believe you're so callous that you think nothing of that. If you go about protecting people from themselves, they never learn how to live. Trump was able to recover *because* he learned a valuable lesson from having been at the top before and failing. Now, he knows not to repeat the same mistakes again. Nonsense. Trump was able to recover because he had rich friends who had enough confidence in him that they were willing to lend him millions of dollars (at a profit, of course) to effect his recovery. And because he is (and always was) extremely business-savvy. I doubt he learned anything from his bankruptcy, other than PERHAPS some small measure of humility. We all must be allowed to fail and fall flat on our faces. Only through that do we learn to become more efficient at how we handle our affairs. I think that's nonsense too. Most people who are rich today got that way because daddy and mommy were rich. They never had a chance to fail. Granted, the modern markets and the technology boom made more new millionaires than in any other period in history; but if
Re: Looking for a good portable linux system
On Tue, Dec 21, 2004 at 08:16:08PM -0500, Benjamin Scott wrote: On Mon, 20 Dec 2004, at 10:57am, [EMAIL PROTECTED] wrote: Personally, I think running slocate via cron is a waste of time on a personal machine. ... To be honest though, I never use locate, so for me it's pretty much pointless to have the cron job. Heh. I use it all the time. I know I downloaded/saved a copy of a file that had info on/does that Ah, well... that's what hierarchical directory trees are for... ;-) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpiy03PXQr2u.pgp Description: PGP signature
Re: Looking for a good portable linux system
On Mon, Dec 20, 2004 at 10:29:37AM -0500, Bruce Dawson wrote: On Mon, 2004-12-20 at 09:50, Kevin D. Clark wrote: Bruce Dawson [EMAIL PROTECTED] writes: Essentially, I want one processor to handle a request while the other processor is busy. If Linux and hyperthreading can do that, then a hyperthreading CPU would be fine. Context switching is an issue on this traveling workstation - there will be some realtime visuals that must not blip when a (for instance) cron job starts - especially when slocate starts. Would it be more cost-effective/prudent to use a standard single-CPU laptop? When you start your realtime visual you could simply disable cron. You could audit any at jobs beforehand as well, as well as write a script to kill off any already running cron jobs. Etc. No. This can't be a dedicated-task system. Also, the app uses things like cron and sendmail to exchange survey data with a satellite - which unfortunately needs to be done via email. Personally, I think running slocate via cron is a waste of time on a personal machine. I think you can avoid that particular problem by just removing it from cron. If you use locate, then when install a bunch of new software, or whatever, you can always run slocate manually at a more convenient time. To be honest though, I never use locate, so for me it's pretty much pointless to have the cron job. I was just using slocate as an example to give people an idea of what I'm up against without having to describe the entire app. If you have other cron jobs that are like slocate, that you need to run, a dual proc system may be of only limited help. If your cron jobs are I/O intensive, and your application is I/O intensive, then your disks may be your bottleneck. I don't know too much about hyperthreading CPUs, but it seems like that might be sufficient to remedy the kinds of problems you're trying to counteract. I believe I heard that linux had hyperthreading support before Windows did... But I could be mistaken. ;-) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpJ28kOlLLqB.pgp Description: PGP signature
Re: hot spot managment
On Mon, Dec 13, 2004 at 08:14:27PM -0500, Steven C. Peterson wrote: I am working with a client of mine that owns a restaurant in Nashua he is looking to add a free hotpot to his restaurant but does not want people not in the restaurant using it You could try encasing the restaurant in lead... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpRWeFgpozYW.pgp Description: PGP signature
Re: I have a network problem with my hosts file :-(
On Mon, Dec 13, 2004 at 10:16:05AM -0500, Steven W. Orr wrote: Is there such a thing that tells me how the resolver decides which szource it got its answer from? Yes, the resolver man page does that. Try this: $ man 5 resolver If you mean to ask if there is a way to determine from what source the resolver received a particular answer, I no of know way to make it report that information, though you probably will be able to reveal it by watching the process in question with the strace/ltrace command(s). -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpmCbxUF4EZx.pgp Description: PGP signature
Re: Linux appliance?
On Wed, Nov 24, 2004 at 07:40:23PM -0500, Michael ODonnell wrote: Here's a query direct from a German relative when he heard that I know something about Linux: [my mother] is dying to be able to use the Internet, but is very afraid of computers. At home she cannot even correctly use her cell phone or Funktelefon. Dare I ask? What is a Funktelefon? ;-) Isn't there a simple little Idiot-proof LINUX- Systeme bootable from something like an e-prom which cannot be invaded by viruses, trojans, dialers, spyware, etc? (Sort of like the old ATARI-PC?). That would be a super sales hit for our parents, in fact a business idea. Don't you think so? I herewith establish my claim as being first with this idea. Any recommendations? Sure... boot knoppix from CD. But she'll need a writable disk partition for storing mail related files, which introduces some (probably minute) measure of vulnerability. And, not being very familiar with knoppix, I'm not sure how you would have it automatically mount her home directory, except perhaps by custom-modifying the iso image an editing the fstab. The Knoppix people are pretty clever though; there is probably already a way to do it... I just never needed to know what it was. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpfscHPhL2RQ.pgp Description: PGP signature
Re: valid usernames
On Wed, Nov 10, 2004 at 09:07:52PM -0500, Bill McGonigle wrote: Now, granted, that's a problem with chown and utilities that accept similar syntax, and chown has been changed lately to honor/prefer: chown charlie:brown somefile Hmm? The Linux chown utilities have accepted both forms as long as I can remember... The difference is that one is the historic BSD behavior, and the other is the historic ATT behavior. As for one being prefered, I don't know what makes you say that. The only possible explanation seems to be that the man page sometimes mentions both ':' and '.', and other times omits the '.' when refering to the separator. I don't think this can really be interpreted to indicate a preference though... It just seems like an oversight to me, probably caused by the author of the man page favoring the colon. but until lots of current software and system scripts are updated you're going to potentially hit some problems with first.last usernames, so the redhat scripts are probably trying to protect you. As wei said, there's always vipw. But another question is, why would anyone want to use such long usernames? It makes for lots of typing, and generally has no benefit. One possible answer might be, We want to use e-mail addresses of the form first.last at my site. Well, if that's what you want, you can (and I think probably should) get it by using a more reasonable username, and mapping the first.last form in sendmail's virtusertable, or in the aliases file. If you're not using sendmail, your MTA probably has a similar feature, though I wouldn't know what it is... So, what do I think makes a reasonable user name? Well, it should be short, and obviously it should be unique. For small sites, the user's initials usually work quite well. They're short, and the chances of a namespace collision are relatively small, compared with schemes that use the first initial and last name, or vice versa. It's easy to have two John Smiths at your office, but chances are their middle initials will be different... For larger sites, I've come to like the idea of initials plus a unique identifier, such as an employee number (or last 4 digits, or phone extension, etc.). This is still short, and still avoids namespace collisions. If your organization is large enough, eventually you will start having namespace collisions, if you only use names as the basis of the user name, no matter what kinds of contortions you use to make it. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpE3dzFTKVU4.pgp Description: PGP signature
Re: valid usernames
On Thu, Nov 11, 2004 at 11:37:12AM +0900, Derek Martin wrote: One possible answer might be, We want to use e-mail addresses of the form first.last at my site. Well, if that's what you want, you can (and I think probably should) get it by using a more reasonable username, and mapping the first.last form in sendmail's virtusertable, or in the aliases file. I meant to also mention that, in general, I don't think this is a good idea. It's true that such a scheme makes it easy to guess people's e-mail addresses, in order to get in touch with them... But from a security perspective, I think that's undesireable. It also causes problems when namespace collisions occur. The fact is, no one really cares what your address is, except for marketing types. At most, they'll have to type it once, and after that they just select it from their address book. As often as not, they don't need to type it even once, because they can just reply to an e-mail that you sent, or cut-and-paste it from somewhere else (IM window, someone else's e-mail, or whatever). I think most of the time, no one even notices what your address is, and if they do, they usually forget it immediately. Marketing types tend to see this as an issue, because they think it makes their site seem more professional, or easier to reach, or some other such nonsense. But it's just another cartload of pig manure that typically comes from such organizations... =8^) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: valid usernames
On Wed, Nov 10, 2004 at 10:16:27PM -0500, Michael ODonnell wrote: Hey, Derek - I'm getting two copies of each of your msgs because you're sending one to [EMAIL PROTECTED] and one to [EMAIL PROTECTED] - would you consider sending to just one or the other, please? Sorry to you and to the list... My client was just honoring the headers in the messages to which I was replying. The list management software includes a List-Post: mailto:[EMAIL PROTECTED] header in each message, which my mail client finds and includes on list replies. Some people also send messages to [EMAIL PROTECTED] (because IIRC that was what Bruce said to use when he initially migrated to Mailman), and so my mailer also picks that up and includes it. I'll try to watch out for that in the future, but to be honest, I probably won't notice much more often than I will. It would be nice if there were one correct address for posting to the list, that everyone used, and then this wouldn't be an issue. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpdBeVGMhRmI.pgp Description: PGP signature
Re: vacation with sendmail.
On Tue, Nov 02, 2004 at 01:07:12PM -0500, Jason wrote: All, I'm tryingI really am. I am now bouncing between O'reilly Sendmail, RH Linux 9 Bible, sendmail.org and various other linux/sendmail websites. I JUST want to set a vacation message for a client and I am losing my work day over it. So here's the deal. O'reilly says (page 241) simply change to the vacation directory and run ./Build. The closest I find to that is /usr/share/man/ja/man1/vacation.1.gz. I have unzipped vacation.1.gz and now have /usr/share/man/ja/man1/vacation.1. The O'Reilly book is talking about building from official Sendmail sources. For some reason, Red Hat's sendmail RPM does not include the vacation program. It may (or may not), however, have a separate vacation RPM. I'm too lazy to look. What's next? Check to see if you have a vacation package. In not, download one. Or get the Sendmail sources, and build it yourself. The latter will probably be a lot of work, involving configuring the sendmail sources to match the sendmail package on your system (and reading up on how to do that)... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpHJu3M25TzG.pgp Description: PGP signature