Re: [leaf-devel] mirror
On Sun, 2004-03-28 at 22:53, Mike Noyes wrote: On Sun, 2004-03-28 at 20:43, Jack Coates wrote: My mirror script has been broken for a couple of weeks at least and it's been a long while since I've been using a LEAF distro at all or reading the mail on this list; I'm thinking it might be time to shut down my woefully outdated package archive and close the mirror. The project seems to be doing quite well without my mirror anyway :-) Any feedback? Jack, Thanks for providing a mirror for all this time. I appreciate it. :-) I'm working very hard on an upgrade to our website, and I'm nearly done. Would you tarball your http://www.monkeynoodle.org/lrp website? I'd like to keep the content in our FRS area. Examples: https://sourceforge.net/project/showfiles.php?group_id=13751package_id=11519release_id=124474 Will do shortly. Even easier, I can also just leave it online -- it's the mirror that's busted, not my lrp site. I'm just concerned about the freshness of all those packages for Eigerstein 1.0 and Oxygen 1.0 :-) -- Jack at Monkeynoodle Dot Org: It's A Scientific Venture... ** *People you've been before that you don't want around any more, they* *push and shove and won't bend to your will, I'll keep them still. * *-- between the bars from either/or by Elliott Smith * ** --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Proposed change to the Project Goal
gets my vote. On Mon, 4 Mar 2002, Steven Peck wrote: Ya know, I think it is time to change this current Project Goals. Create an inclusive environment for current developers of the Linux Router Project to release their modifications to the public. Support continued development of Linux Router Project derived LEAF images and packages. Create a new LEAF version based on an embedded Linux distribution with 2.4 kernel support, while retaining the option to install the target environment on a floppy attached to the target. end current I believe that the time on our own and the continued growth of the branches of the project cry out for a revision. We have significantly moved beyond our roots. So... For purposes of discussion, all discussions need a starting point, I'm throwing this out. It's wordy and needs editing or perhaps a complete rewrite. Proposed for discussion Project Goals Create an inclusive environment for developers of small focused distributions descended, advanced, updated and removed from the LRP. Primarily focused on specific purpose distributions suitable for use booting from floppy, CD-Rom, flash memory or Disk-On-Chip running in RAM using legacy x86 or embedded systems with a small memory footprint. To allow for ideas, improvements and extensible packages to be shared among the various LEAF-Project.org branches to the betterment of all. To maintain a central distribution point, user support mailing list, and to increase the quality of leaf-project documentation for end-users and developers. End Proposed for discussion Respectfully, -sp (It's a mixed blessing that I suddenly got ambushed by an evening class my boss approved that just unexpectedly sucked all my free time this week. Free class GD!) ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] phpWS 0.8.1.1 upgrade
On Mon, 4 Mar 2002, Matt Schalit wrote: Mike Noyes wrote: Everyone, I'm very close to completing a reconstruction of our phpWebSite. I'm just cleaning up the xhtml on our stories. Please take a look at the reconstruction, and let me know if you see any glaring problems. Note: I know there are a couple of missing menu items, but everything else should be there. When you click the link below, http://leaf.steinkuehler.net/ and start at the new home page, the logo has a weird blue line going through Tux and the word LEAF. This might be a browser issue; the current site does this too in Galeon and Mozilla. And it looks REALLY wierd in Dillo. Looks fine in Konqueror. useful bug report snipped -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Site Update (2002-02-27)
Hey, I just cleaned out my directory, saving 8M. Everything I do is now primarily on my site, secondarily in CVS. On Wed, 27 Feb 2002, Mike Noyes wrote: Everyone, I had hoped for some additional time, before we needed to address this issue, but the situation has changed. We are once again over our quota on the shell server (ref. forward from Jacob Moorman at the bottom of this message). I'm proposing the following changes to our Individual Developer Content FAQ to correct the problem. The new system I envision is this: developers commit alpha/beta content to their personal devel tree in cvs. Once it's ready for release, they commit it to the bin tree in cvs. The bin tree will have directories for each release, and packages. The bin/release trees will be controlled by the release lead developer. I'm still trying to figure out if we require kernel and image trees. Certain trees in our cvs repository will be exported daily to our pub directory on the shell server. I know I want the doc and bin/packages tree to export, but I don't think it's a good idea to export the bin/releases to the shell server. Instead, I want us to release them in the files area when they are updated. Also, note files that are 10MB should not reside on the shell server. I would greatly appreciate it if everyone started moving their files into their personal tree in cvs ASAP. Thanks. http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/ If you have questions about cvs usage/setup, please post them to the list. I'm sure the answers will help many of us. Suggestions and comments on the proposed change are welcome. snip -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] How to gzip *only* a new application's files ???
On Fri, 8 Feb 2002, Charles Steinkuehler wrote: Surely, all of you experienced LRP'ers have tackled this one! OK, I build a new application on a slink development box. Once I do `make install', how do I know an exhaustive list of *ALL* files to turn into the LRP file? There's probably an easier way, but I usually find myself crawling through the makefile, and the saved output of make install. I've also found package file lists for mainstream releases (ie rpm deb version) of whatever I'm dealing with useful in this regard... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) You can also set the product root to a specific directory (e.g. /usr/local/foobar). Even if that's not the way you want to do the final package, you can still probably get away with something like ls /usr/local/foobar package.list -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] /. link about runlevel 0 firewall
I don't like to forward links, but this is a nifty idea. http://www.samag.com/documents/s=1824/sam0201d/0201d.htm Basically, it's possible to alter the shutdown process so that the NICs remain active, the kernel remains loaded, and it continues to pass traffic with no userspace processes. Obviously dhcpcd and pppoe users need not apply. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Preferred package/filesystem location ???
On Fri, 8 Feb 2002, Matt Schalit wrote: Jack Coates wrote: Hm, so the backup process checks the list files of all other .lrps? Yup. That's how it works. Include everything listed in the .list while excluding everything listed in every other .list. Creative things like this keep LEAF interesting. I'm pretty certain that's how it's hobbled together. You can see the impetus for a new packaging system :) Matt Heh... only if the improved system is smaller :-) Seriously, one of the things I really _like_ about LEAF is that so much of it is built on elegant scripting hacks like this. About a year ago I was able to take apart an EigersteinBETA2 image and figure out the whole process from boot to prompt just by reading scripts. I'm sure the same thing can be done with the latest distributions. I've tried to do the same with some of the various Mandrake versions I've used (6.0 through 8.0) and it's a hell of a lot tougher. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Ports
On Wed, 6 Feb 2002, David Douthitt wrote: I've been working on setting up ports a little bit. I've finally gotten to installing OpenBSD (this time on intel instead of mac68k) and it uses ports like the other BSDs. Ports are really nice - basically you can download the entire ports tree, or just one. Then, you change directory into /usr/ports/net/wget (for example) and do a make - then a make install. The system automatically gets the original file, patches it and configures it, and builds it for your system. In the case of OpenBSD, it even creates the package and installs THAT when you do a make install. Considering what this could mean for LEAF, consider this: a NFS-enabled LEAF system, with / from a full system mounted somewhere. Changing directories to /usr/src/ports/net/wget, do a make (pulls the file in, patches, builds, compiles) - and a make install. After the make install is done, the LEAF system now has /tmp/wget.lrp and an installed wget binary. Another possibility: using that full Linux system again, doing the same thing - except this time a make install uses scp and a private key to copy the file over to the LEAF system, then uses ssh and a private key to install the package on the LEAF system. Thoughts? -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] I've always been attracted by this, even to the point of installed an OpenBSD 2.9 system to futz with. The BSD-Linux conversion is not something I like though -- I'm sure that there are workarounds and options for all the things that bug me, but I'm not willing to spend the time figuring it out. RPM has got to go. It's handy for point-by-point upgrades, but when the system gets out-of-date there's really no good way to upgrade the whole thing - you have to get a new distribution CD and do an upgrade, and in my experience it usually doesn't go smoothly, so you have to backup and whack the whole system. So the choices I'm looking at for my next Linux install (now that my Mandrake 8 boxen are getting out of date) are: LFS: appealing idea, but doesn't fix upgrading issues. Gentoo: leading the pack because they've brought ports to Linux. Sorcerer: very nifty, but showing a lot of rough edges. You'll note all three of these compile on your box instead of installing binaries. But now, you're discussing doing something like this for LEAF. I do not like the idea of LEAF having its own development environment at all. As it stands currently, most default LEAF installs could be hooked up to the Internet with telnet wide open and no root password without causing a lot of damage -- the only really hazardous tool in there is ping, and the SSH packages don't include scp. There's no lrzsz or uuencode or nc, so uploading all those evil packages you've made is very difficult, and there's no compiler or headers so uploading source and compiling it is impossible. All that changes if the bad guy can merely cd /usr/src/ports/net/ettercap. For a server appliance it makes more sense than for a router. But I'm really starting to lean away from the idea of using LEAF in its current form as an appliance. Doing so makes sense with special-purpose hardware designed not to have a hard disk, and LEAF compares nicely with Midori for this purpose. But on a PC or server, running an application from RAMdisk doesn't make sense to me. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Ports
On Thu, 7 Feb 2002, Charles Steinkuehler wrote: snip I absolutely agree, but I think you're missing the point regarding how I'd like to use the Gentoo portage system (or something similar). I am mainly looking for a way to co-opt a configuration/compiling environment to make it easy for developers to build and maintain packages. I currently have NO INTENTIONS of trying to turn a LEAF system into a self-hosting compile environment (and AFAIK, no one else has suggested it either). My goal is to try to take something like portage, which (hopefully) allows the specification of a variety of compile-time configuration options (like processor type, library support, c) to appropritely compile applications for inclusion on a LEAF based system, while (again hopefully) leveraging a larger community for maintainence and upgrades. Again, please don't think I'm advocating a compile enviornment anywhere *NEAR* an actual LEAF appliance. I'm simply looking for ways to make building a compile environment easier and less intrusive, while hopefully benifiting from work others are doing, rather than re-inventing the wheel. My apologies if I was misreading. A LEAF-devel (Branch? Tree?) distro CD built on portage is a nifty idea, though drawing the line between what that disk is and what Gentoo is all by itself could be very tough. It might be easier to make a Dachstein-builder CD... User Mode Linux would be a great thing here for those who don't have VMWare. Theoretically a ports system would be accessible from any system, regardless of type and without UML or VMW. This would let the developers set cross-compile architecture options ahead of time, but it doesn't get around glibc issues. still cogitating on this one... -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Preferred package/filesystem location ???
On Thu, 7 Feb 2002, Matt Schalit wrote: snip Then again, people are maintaining low level system applications, and those often get scattered into the usual directories you mentioned. LRP and LEAF variants have historically not populated /usr/local very much at all. Regards ya'll, Matthew A factor here is that most distributions will backup anything there into local.lrp, which doubles up your space usage. The lrp file format prevents many of the cleanup issues that led to a filesystem standard being attempted in the first place, so I don't see an issue with package developers making everything they do act like it's part of the distribution (or making everything live in one dir, for that matter). -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] 2 useful comments from Matt and Dave
On Mon, 4 Feb 2002, David Douthitt wrote: snip It almost sounds as if you are suggesting that a distribution have a standard set of applications included and a standard set of functions and scripts so that script writers can depend on certain programs being there and not worry these same programs will turn up missing. -- Ah-hah! Is that what this whole thread is about? LEAF-Standards-Base? That's got some value to it, I suppose... a documented set of strictures which define what is and what isn't going to work with Joe Blow's home-rolled foobar.lrp. Runs from RAM disk. Loads and backs up .lrp files. Provides ash, busybox, and a default system editor. Provides a text-menu interface. Menu supports configuration of system and packages. Seems to me anything else is an option :-) -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] DFE-570TX ?
On Thu, 31 Jan 2002, Robert Sprockeels wrote: I can confirm that. I have two systems running at a customer location with dual ethernet (Intel) on the motherboard and two DFE-570TX's totalling 10 ethernet ports per system, running Dachstein. No problem whatsoever What on earth do you use 10 interfaces for? And what does your routing table and ruleset look like ?!? I could guess, but I'll wait for an answer :) Matt Hi Matt, You're right, it *is* a rather complicated-looking config (does this sound like an understatement?). The routing table is not too complicated, but the ruleset now has 250+ rules in it (and counting). There still is no performance problem. Of course, we used a P3 1GHz for it... :-) Oh, and I forgot to mention a 2-cpu Sangoma WAN card with 3 out of 4 ports used for leased lines... relax, just 128k ones ;-) The two systems are configured in a fail-over setup to provide high availability, and are housed in 19 4U cabinets with an extremely nice feature: the bracket area is on the front side... There is one external segment, one for DMZ, one for internal servers, a couple for customers connecting through their lines or needing direct access to their database servers, the leased lines are SMS feeds from our local mobile phone operators, there are a bunch of internal segments and some VPN tunnels. Quite some population... But - that's why I like LEAF - it WORKS!!! Just *TRY* to do the same with Cisco and a limited budget... Robert Well, I love a challenge and a laugh, so I just fired up Cisco's configurator to see what a comparable setup would look like. To be fair, your PIII would chew through IPSec like it was oatmeal, so we'd better add an AIM VPN accelerator to the Cisco... also, I went ahead and notched up the DRAM and flash selections one option at a time instead of specifying the most it will hold like I normally would. I selected Enterprise IOS since LRP can speak nearly any protocol known to man, but did not use the Cisco FW set since that includes a stateful inspection engine. I'm assuming you're on site and will get new parts to the router within 1 day, and I'll give you a 20% discount from list. Drumroll please: Product # DescriptionQuantity Price Lead Time CISCO2650 10/100 Modular Router 1 2,636.00 5 days CAB-AC Power Cord,110V1 0.00 S26AK9-12202XT IOS ENT+ IPSEC 3DES1 1,440.00 MEM2650-32U64D 32 TO 64MB DRAM Upg1 1,520.00 MEM2600-8U16FS 8 to 16 MB Flash Upg 1560.00 NM-16ESW 16p EtherSwitch NM 1 1,196.00 13 days WIC-1DSU-T1T1/FracT1 DSU/CSU WIC 2 1,600.00 AIM-VPN/EP DES/3DES VPN Module1 1,600.00 15 days CON-OS-26XXSMARTnet Onsite8x5xNBD 1392.00 Total Lead Time: 15 days Total Price: 10,944.00 X2 - 21,888.00 This is 18 Ethernet ports, but once you get past the backplane blocking speed it really doesn't matter how many physical interfaces you hook up. Hope that was fun for you too. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] A name for LEAF 2.4.16
On Thu, 24 Jan 2002, Jacques Nilo wrote: Hi Eric ! It's time for us to get a name for the LEAF 2.4.16 distro. Mike wants one :-) I have finally opted (suggestion from Jack Coates, thank Jacks) for the Strait concept. I thought I had mentioned gods, but hey, I'll take credit where it's not due :-) I'll add Panama for all the below reasons and an amusing Van Halen song, then my favorite (and closest body of water), the Golden Gate. 1/ Straits are very representative of what is happening in a router/firewall: lot of traffic, strict rules, sometimes traffic collisions ... 2/ They make me think about sea. It happens that I am crazy about sea sailing (sorry for the personnal note) 3/ They have nice and evocating names Few suggestions: Bering Hormuz Malacca Gibraltar Dover Bering Hormuz are my favorite ones: 1/ Bering symbolises the frontier between Europe and the US: quite relevant for our distro is not it ? My Number 1 choice 2/ Hormuz is more complicated with an exotic flavour. Political context also more difficult... I like Bering What do you think ? What the devel list think ? Jacques ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Announcement: LEAF 2.4.16 + Shorewall 1.2.2
On Wed, 23 Jan 2002, Mike Sensney wrote: At 12:00 PM 1/23/2002 -0600, Charles Steinkuehler wrote: Unfortunately ticker_1.0 compiled under uClibc weighs in at 57396 bytes (stripped). That's probably quite a bit more than its worth. I'd definately agree to that! If it can't be shrunk substantially, ticker should just go away... Do it as a shell script: #!/bin/sh echo -n while : ; do echo -e -n \b echo -n \\ sleep 1 echo -e -n \b| sleep 1 echo -e -n \b/ sleep 1 echo -e -n \b- sleep 1 done weighs in at 172 bytes on my system... :-) -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New LEAF user Choose version FAQ
On Tue, 8 Jan 2002, Scott C. Best wrote: that you can make from old spare parts or find laying out in the trash or a friends garage? Well...it's not as if you build it from paint cans and nerf footballs. :) It does turn the doorstop of an old PC into something that becomes one of the most important pieces of a broadband network, though. Do you need a cheap VPN gateway solution without the thousands of dollars in licensing fees? Akshally, the low-end LinkSys and Sonicwall stuff do VPN passthru and one-notch up they do VPN endpoint, without the licensing that (say) Cisco or Watchguard would charge. these days, the opportunity cost of building a LEAF system instead of buying an OTS unit for $100 is getting to be arguable... I'd focus on flexibility rather than cheapness. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] More on LEAF Repository
On Thu, 6 Dec 2001, David Douthitt wrote: Now I've gone and done some more... Go to http://leaf.sourceforge.net/pub/oxygen/repository/ ...and tell me what you think. The files are all in that dir, but you can't get there with the index.html in the way. You ought to be able to slogin and go to that dir or I can change things around tomorrow... Now if I could get the packages into group directories, or that could be a separate action: Applications/Editors/e3.lrp Languages/Scripting/lua.lrp Text/Utils/sed.lrp ...and so forth... Great end result, but how scalable is it? Did you write the HTML by hand? I'm thinking this sort of data in a text .desc file in the package, then a web app that grabs the .desc when you upload the package and generates this sort of page on the fly. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] More on LEAF Repository
On Thu, 6 Dec 2001, David Douthitt wrote: On 12/6/01 at 7:48 PM, Jack Coates [EMAIL PROTECTED] wrote: Great end result, but how scalable is it? Did you write the HTML by hand? No. Both the index and the individual pages are computer generated. I'm thinking this sort of data in a text .desc file in the package, then a web app that grabs the .desc when you upload the package and generates this sort of page on the fly. That's basically what this does - but it's based on scanning files. The individual pages are generated by a Lua program, and the index by a sh script. -- David Douthitt Way cool! Congratulations! -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] packages and filesystems
On Tue, 4 Dec 2001, Charles Steinkuehler wrote: snip Yeah, I think it's pretty big, plus I believe most of these packages require openssl and other huge add-ons to run. The basics of public-key cryptography, however, are pretty simple, so I think it'd be possible to make a small (a few K, perhaps) binary that would simply calculate and verify signatures, as long as there arn't too many various options to deal with (ie no cert chains, or fancy stuff, just plain-old crypto signing). [jack@felix jack]$ ll /usr/bin/gpg -rwsr-sr-x1 root root 611132 May 30 2001 /usr/bin/gpg* [jack@felix jack]$ ll /usr/bin/gpgv -rwxr-xr-x1 root root 283932 May 30 2001 /usr/bin/gpgv* pretty hefty for a floppy, but not bad for CD. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] packages and filesystems
On Mon, 3 Dec 2001, David Douthitt wrote: On 12/2/01 at 9:59 PM, Jack Coates [EMAIL PROTECTED] wrote: there are two problems with this scenario: 1) It's a PITA to look all over the place for packages. The leaf.sf.net site is not exactly good guidance since the packages page is empty and they're all under pub/ which isn't linked from the navigation. No complaints here, I have a login with write access but I haven't fixed it either. Ahhh, but the pub/oxygen/packages/ directory is FULL :) And recursive wget didn't work, so it took a hell of a long tome to get all those packages :-) 2) There is no way to tell the difference between Jacques' SSHD and David's SSHD and Charle's SSHD. This is because LEAF uses FAT16 as its filesystem instead of VFAT. I forget, why no VFAT support? Longer filenames would be helpful. I toyed with getting VFAT support in Oxygen; I forget what happened. I remember one problem was that not all systems support VFAT - so if there is a DavidBigSSH and CharlesTinySSH they get chopped in a system that only supports FAT... And for this reason I'm thinking that versioning in the filename is a convenient nice-to-have. If the version and author attributes are kept on the web server that should be enough to enable accurate downloads, though there are still troubleshooting issues. Determining what version an end-user is using will require looking at package sizes. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] packages and filesystems
so, when I was looking for PPP packages I found that there are tons of
locations for package downloads, and many packages have two or three
versions.
there are two problems with this scenario:
1) It's a PITA to look all over the place for packages. The leaf.sf.net
site is not exactly good guidance since the packages page is empty and
they're all under pub/ which isn't linked from the navigation. No
complaints here, I have a login with write access but I haven't fixed it
either.
2) There is no way to tell the difference between Jacques' SSHD and
David's SSHD and Charle's SSHD. This is because LEAF uses FAT16 as its
filesystem instead of VFAT. I forget, why no VFAT support? Longer
filenames would be helpful.
I'm trying to find useful ways to work with these issues, and have put
some stuff on http://www.monkeynoodle.org/lrp -- the reason being that I
have Zope on this server and the code to generate a page of any
length is:
dtml-var standard_html_header
h2dtml-var title_or_id/h2
table
dtml-in REQUEST.PARENTS[0].objectValues('File') sort=title
tr
td
a href=dtml-var titledtml-var title/a
/td
td align=right
Uploaded: dtml-var bobobase_modification_time fmt=aCommon
/td
/tr
/dtml-in
/table
dtml-var standard_html_footer
Of course, attributes could be set for packager and version as well,
then stuck in with another dtml-var tag. And of course, this sort of
trick can be done with a lot of other webserver package as well. The
problem is that the attributes must be entered manually in Zope, though
I might be able to figure out another angle.
But first, is it an interesting angle of pursuit? My assumption is that
sourceforge.net would be the ultimate host of whatever got done.
--
Jack Coates
Monkeynoodle: A Scientific Venture...
___
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] [Leaf-user] Testing help needed
On Sat, 1 Dec 2001, Tony wrote: I guess I don't completely understand why you need a JFFS for something that under normal circumstances, isn't written to physically. If you have a crash/powerdown situation, with resumtion of service, you just reload your image and continue to firewall/route. Would the JFFS be in play to preserve the logs? If so, wouldn't it be easier/safer/more secure to forward them to an internal syslog server? I like doing this, but there are concerns with doing it in anything less than a perfectly trusted environment: If your log host is unavailable, you're not logging; if malicious listeners are on the LAN, they can see everything you log (could be quite useful when scanning or rooting a server); if malicious users are on the LAN, they can flood the listening syslog server and prevent real logs from getting through. syslog-ng is supposed to fix a lot of these problems, but I've never gotten around to taking a look at it. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] [Leaf-user] Testing help needed
On Sat, 1 Dec 2001, Charles Steinkuehler wrote: I like doing this, but there are concerns with doing it in anything less than a perfectly trusted environment: If your log host is unavailable, you're not logging; if malicious listeners are on the LAN, they can see everything you log (could be quite useful when scanning or rooting a server); if malicious users are on the LAN, they can flood the listening syslog server and prevent real logs from getting through. syslog-ng is supposed to fix a lot of these problems, but I've never gotten around to taking a look at it. Or just grab a bunch of multi-port serial cards from e-bay, and setup a log-host using serial links. You can keep the log host disconnected from the net entirely (or more likely, keep it's interface un-configured, and bring it up/down manually if you ever need to network). I saw this suggested in one of my paranoiac books (maybe Network Intrusion Detection Analyst's Handbook?) -- but they went one better by suggesting that you then copy everything to lp on the loghost. Hook up an old dot matrix printer with a Costco-sized case of paper, and you've got court-admissible documentation of everything that happens on your network. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] ReiserFS
Hey Charles, David, have either of you ever compiled the Reiser utilities (e.g. mkreiserfs)? I'm working on a mail spool on ES2B, and the reiserfs.o module loads fine, but there's no mkreiserfs. Not a big deal since I can just mkbootdisk from one of my other machines and take care of it, but thought I'd ask. In other news, I'm just about to give up with my year-long attempt to get forward-by-port with multiple Internet pipes working. It's turning out to be a serious PITA to handle when MASQ'ing is involved, and when I've gotten it to work (partially) it's been too complicated to document in a nice and easy HOWTO. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] ReiserFS
On Thu, 15 Nov 2001, Charles Steinkuehler wrote: have either of you ever compiled the Reiser utilities (e.g. mkreiserfs)? I'm working on a mail spool on ES2B, and the reiserfs.o module loads fine, but there's no mkreiserfs. Not a big deal since I can just mkbootdisk from one of my other machines and take care of it, but thought I'd ask. Hmm...I may do this soon. I need to add more disk storage to my LRP webserver, and I may just try switching to reiserfs at the same time...I wonder what sort of speed penalty there will be on my 486 with a VLB SCSI controller? I've used it on a P75 with no serious performance penalty. I'm sure a benchmark would see a difference. In other news, I'm just about to give up with my year-long attempt to get forward-by-port with multiple Internet pipes working. It's turning out to be a serious PITA to handle when MASQ'ing is involved, and when I've gotten it to work (partially) it's been too complicated to document in a nice and easy HOWTO. ??? Can you explain a bit more about exactly what you're trying to do? Will do tonight under separate cover when I've more time; thanks, Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] ReiserFS
On Thu, 15 Nov 2001, Charles Steinkuehler wrote: have either of you ever compiled the Reiser utilities (e.g. mkreiserfs)? I'm working on a mail spool on ES2B, and the reiserfs.o module loads fine, but there's no mkreiserfs. Not a big deal since I can just mkbootdisk from one of my other machines and take care of it, but thought I'd ask. Looks like the user-space tools are setup to require 64-bit file support, which isn't in the debian c libraries :( I can't tell if there's a quick-fix or not... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) mkbootdisk on my Mandrake system :-) I'll put a disk image up tonight. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] ReiserFS (forward by port)
On Thu, 15 Nov 2001, Charles Steinkuehler wrote: In other news, I'm just about to give up with my year-long attempt to get forward-by-port with multiple Internet pipes working. It's turning out to be a serious PITA to handle when MASQ'ing is involved, and when I've gotten it to work (partially) it's been too complicated to document in a nice and easy HOWTO. ??? Can you explain a bit more about exactly what you're trying to do? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) Situation: (1) Sprint broadband wireless w/fixed IP. (1) mom-n-pop ISP w/fixed IP, Tsoft. (2) ES2B systems, one for each circuit. (1) small NAT'd LAN. Tsoft lets me have a reverse DNS statement, so that's where I want mail to go, but Tsoft is also just a dedicated 56K modem until DSL is available next year -- so I don't want any web services going that way. I serve mail, DNS, web, and the occasional IRC from here, using two machines. Goal: One router handles both connections. Outbound mail and DNS use the Tsoft modem route, outbound web service and client activities use the Sprint wireless route. Problem 1: The servers are also workstations, so it would be a big pain to make one of them use the modem line as its default gateway. For the same reason, I can't route by source IP. Problem 2: Mail, DNS, and web are being served to the entire Internet, so I can't route based on destination IP. Problem 3: Mail really needs to go out of the tsoft line in order to take advantage of the RDNS assignment there. So I've gotten it to route _inbound_ from either pipe or both at the same time; but the return traffic of course always follows the default route. Setting up forward by port seems to work, but doesn't do anything. Here's what I've done: edit /etc/iproute2/rt_tables and add a table for each of your two external ISPs: 100 isp-a 101 isp-b now create the fwmark rules which will tag each matched packet with a number: ip rule add fwmark 100 table isp-a ip rule add fwmark 101 table isp-b now add the rules to do the tagging (look in /etc/ipfilter.conf for examples). Here are some rules I wrote: ipchains -A output -p tcp -d 0/0 6667 --mark 100 ipchains -A output -p tcp -d 0/0 25 --mark 100 ipchains -A output -p tcp -d 0/0 53 --mark 100 ipchains -A output -p udp -d 0/0 53 --mark 100 ipchains -A output -p tcp -d 0/0 80 --mark 101 finally, add the routes which will handle the tagged packets: ip route add default via 1.2.3.4 dev eth1 table isp-a ip route add default via 5.6.7.8 dev ppp0 table isp-b Now, I'm currently thinking that the output chain must be the wrong place to put things, because the weblet status page has an area named fwmark, which remains empty. I'm thinking such a thing exists because someone more knowledgeable thought it oughta be there. Any ideas? -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Anyone heard from....?
On Fri, 12 Oct 2001, David Douthitt wrote: Anyone heard from Morgan Reed? If I'm not mistaken, he's near the U.S.Capitol - which means the terrorist attacks were very close, and had a Big Impact on Daily Life. Anyone know how he's doing? I sent an email, and got nothing. Didn't want to bother him too much... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel There was an interview request with him on Slashdot last week -- check their search engine -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Where IS everybody?
On Fri, 14 Sep 2001, David Douthitt wrote: Used to be a dozen messages a day; yesterday there were NONE. Is everybody sleeping? Or you all job hunting? I just upgraded Oxygen in development (not yet released) to use ncurses5 (5.2), and am getting lcdproc going - I've got a nice 20x2 display with a nice mount for the 5.25 half-height drive bay. Plug it in and go. Now I'm hacking (mercilessly!) on lcdproc (specifically LCDd)... I'm leaning towards releasing a 1.6pre1 to get the releases going; then after things have been pounded on I'll release 1.6 -- or I could be like nmap and keep releasing betas until I get to 1.6pre209 :) ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel I've been working like a slave - no time to spare. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New Packages!!
On Fri, 7 Sep 2001, David Douthitt wrote: Now added to http://leaf.sourceforge.net/pub/oxygen/packages/ New versions of many things, and new packages entirely. snip john.lrp ..john - password security testing tool snip Man, thinking of john on a 486/33 makes my teeth itch. It takes hours to run on my K62-500. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Re: [LRP] Midori Linux, LRP?
On Tue, 24 Jul 2001, Daniel Quinlan wrote: On Fri, 16 Mar 2001, mike marseglia wrote: Has anyone taken a look at Midori Linux?? It has just been released by Transmeta and has been built w/ internet apps in mind. It's got cool support for stuff like.. a Flash ROM-based filesystem, a RAM-based filesystem and a boot/runtime system that can run from Flash ROM. I haven't read the whole doc on it yet.. but maybe some other people would like to take a look?? http://midori.transmeta.com/ Jack Coates replied: it sounds cool, and there was talk on leaf-devel about using cramfs and ramfs for LRP. Don't know where it ended up. I haven't got time to look at it right now, unfortunately. Just curious - did anyone ever get the chance to look further into using Midori Linux for the LRP? I've been thinking it would be a pretty good fit. Some minor modifications would have to be made, of course: no partitioning since you're using floppies, some reduced-size packages for some things, etc. - Dan Never got past talk I'm afraid -- the core usage being old PCs rather than embedded systems at this point. But Midori's packaging system would be pretty handy in the current conversation on leaf-devel, which is how to add dependencies and versioning to the packaging sys. There was some talk about ramfs and cramfs, but IIRC they both rely on kernel 2.4 and would like to see glibc 2.0. There's devel work on both, but the space requirements are a big issue. You guys should join the list, there's a lot of active discussion on these issues and everyone would like to see some fresh perspectives. -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Open Wall Question
On Tue, 24 Jul 2001, Dale Long wrote: I was wondering... How much more secure does the Open Wall patch really make Linux in real terms and not academic terms? Finding a line between real and academic is pretty tough when the academics write exploits and root kits :-) Some of the SSH1 holes are pretty academic compared to buffer overflows, but sshmitm makes them pretty real. -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Licensing (specifically, djb)
On Tue, 17 Jul 2001, David Douthitt wrote: Jack Coates wrote: Now that would rock :-) especially if one could simply snarf/apkg the packages into place from sourceforge.net. Major potential for security risk, but there are ways to work it out. Couldn't one use scp to copy from SourceForge to the local LEAF box? Might require full ssh I suppose... Also, with a Lynx interface, one could just use lynx on the LEAF system and select an URL (of the package) to download it... I was thinking of an automated update utility... scp with dsa keys for automatic operation (as in click the cgi button or issue the patchme command and get all your packages bugfixed). -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Licensing (specifically, djb)
On Tue, 17 Jul 2001, David Douthitt wrote: With the addition of tcpserver and tcprules to the ever growing list of packages, I went and looked at their licensing (always of interest). I was dismayed to find out it was under the same licensing as the other djb tools (I didn't realize that these were one of them). According to his page http://cr.yp.to/distributors.html the licenses to distribute daemontools and ucspi-tcp expires on December 31, 2001 - so after that date we can no longer distribute the packages or programs from them. He also quotes Red Hat's Bernard Rosenkraenzer as saying (on April 16, 2001): qmail and djbdns are not open source, so we aren't going to ship them unless the license changes. I'm not comfortable with his license, and I don't expect that any of these tools are contained in Debian either, what I consider to be the purest of OpenSource Linux distributions on the planet. Thoughts from you all? Jacques? Andrew? I don't use djb products on any platforms for this reason. -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Updated LEAF Documentation Pages
On Sat, 30 Jun 2001, Tom Eastep wrote: snip On your Linux box, if you are using kdm, you may need to make a couple of changes in /etc/X11/Xaccess. If you use gdm, you may need to enable XDMCP in /etc/X11/gdm/gdm.conf. This is true on RedHat -- other distros may enable XDMCP by default. these should only be required if you actually want to run your entire X session remotely -- if you login via SSH then start X apllications from that remote shell, the login manager won;t be touched. I have to install it on a laptop this weekend, so I'll document the setup. If you're going to use Exceed make sure you have a 100mb ethernet switch. I run X over IEEE802.11b (11mb) and it works fine. I have Exceed installed on my laptop and routinely use it as an X terminal for my Linux boxes. -Tom Depending on color depth, X can run well in regular Ethernet. It's slow on ISDN and unusable on modem (well, maybe in 8bpp). -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Updated LEAF Documentation Pages
On 29 Jun 2001 [EMAIL PROTECTED] wrote: On Thu, 28 June 2001, Jack Coates wrote: On 28 Jun 2001 [EMAIL PROTECTED] wrote: I used to go around this by remoting into my Windows box and browsing from there. I'm rapidly trying to figure out how to do X Window over ssh from my work WinNT box to a friends Red Hat 7 box. -sp I've done this -- if you can get your friend to use VNC over SSH it will make your life a lot easier. If you can get a commercial X server like Hummingbird or Exceed, then TTSSH is a good way to go. Just install both, set up a connection in TTSSH and click the 'forward X' button. Done. But if you can't get a commercial X server, you might want to look at Cygwin. I'm using it on Win2K now to provide CLI. I've started X from Cygwin once or twice to make sure it worked, but realize you're working with twm until you can compile something else (easier said than done wih Cygwin). You used to be able to get a free server from Metro, MI/X or some such, but it was really quite awful. -- Jack Coates Monkeynoodle: It's what's for dinner! I happen to have Hummingbird Exceed. There is a lot about XWindow stuff I don't understand though. I downloaded TeraTermpro and tissh and checked the forward box, but not having used Exceed much, it is not been a quick pick up for me. I shall persist though. Any pointers to a how to or faq? -sp Hummingbird Exceed, that's right. The other one I was thinking of was WRQ Reflections. The important thing to remember about X is it's all backwards. At the X layer it's you - server - ssh - Internet - sshd - gcalc (client) which is confusing if you're used to thinking you - client - Internet - server Make sure Exceed is running. Hopefully it won't need anything special, I haven't used it. WRQ needed nothing extra. SSH to the Linux box. When you get a prompt, try typing gcalc. If you get an error about $DISPLAY, check your /etc/sshd.config for X11Forwarding yes. In the meantime, simply type export $DISPLAY=your.public.host.name.or.ip:0.0 or whatever similar phrases your shell requires to initialize and export a variable. Then try again. If you're not getting anywhere, start a second SSH session and use tcpdump | grep -v ssh to monitor (or get jiggy with tcpdump's options). -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Updated LEAF Documentation Pages
On 28 Jun 2001 [EMAIL PROTECTED] wrote: Tell me about problems with connections. I don't have one from home right now and where I work is about to start 'per user logon filtered' access. sigh I used to go around this by remoting into my Windows box and browsing from there. I'm rapidly trying to figure out how to do X Window over ssh from my work WinNT box to a friends Red Hat 7 box. -sp I've done this -- if you can get your friend to use VNC over SSH it will make your life a lot easier. If you can get a commercial X server like Hummingbird or Exceed, then TTSSH is a good way to go. Just install both, set up a connection in TTSSH and click the 'forward X' button. Done. But if you can't get a commercial X server, you might want to look at Cygwin. I'm using it on Win2K now to provide CLI. I've started X from Cygwin once or twice to make sure it worked, but realize you're working with twm until you can compile something else (easier said than done wih Cygwin). You used to be able to get a free server from Metro, MI/X or some such, but it was really quite awful. -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: OT [Leaf-devel] linuxrouter.org draft?
I've seen MCS sent home with their tails between their legs more than once*, and tech support knows even less :-) It's a great example of how the corporate closed source model allows for higher quality software and a stronger support system. * Exchange 5.5 (one of the first deployments in the SF bay area), Windows Clustering Service, and SQL 2000 (poor performance, bungled failovers, and data corruption on a 35 GB database? Simply send us a copy and we'll recreate in our labs...). -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 15 Jun 2001, Luis.F.Correia wrote: Great, no problem. I'm used to it... BTW, wanna have a good laugh? Here @ work, we use Exchange 5.5+Outlook 2000 as a std. When a guy sends a HTML message using a Portuguese Outlook Express, our mail gateways cannot understand the encoding.. Funny, even Microsoft's eng. do not who to solve the problem :) -Original Message- From: Jack Coates [mailto:[EMAIL PROTECTED]] Sent: Friday, June 15, 2001 4:35 PM To: '[EMAIL PROTECTED]' Subject: RE: OT [Leaf-devel] linuxrouter.org draft? you're on Exchange 5.5 too. I did some quick searching but couldn't find any good reason for the problem. Will keep looking. ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Apparent Directions
as good a division as any, but I think I'd add a distinction: -- Jack Coates Monkeynoodle: It's what's for dinner! On Thu, 14 Jun 2001, David Douthitt wrote: This is where I see the two LRP derivatives heading, based on the mails from developers, and in other cases, my own view. These are LONG views. Eigerstein: * Boot from floppy, flash disk, and other tiny things * Ease of use improvements and focus: boot it and use it * Leaner, smaller * Further specialized as a router and firewall * Built against uClibc or similar Oxygen: * Mini-distribution * Bootable CDROM with live CDROM fs * Variety of non-router images: bridge for example Or to put it quite succinctly, Eigerstein = smaller, Oxygen = bigger :-) Sorry if I'm putting words in mouths. I do think it's useful, maybe even important, to distinguish the two systems. -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New Development Platform?
* Portage - this is used by Gentoo, and basically brings a form of the FreeBSD ports tree to Linux. The concept is this: you change into a directory, perform a build, then the system fetches the source file and compiles it for your environment. This has the benefit of compiling the code for *YOUR* environment rather than relying on a central packaging authority which may or may not run the same things that you do. I took a look at the Gentoo site, and I like what they're doing. Portage might be useful as a big chunk of the compile environment, if it's flexible enough (likely) and easy enough to setup/install. That would rock, speaking as one who's been bitten by many an rpm-related problem... Does picoBSD have anything like that? Could be a good place to raid. -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Suggestion for improvement
better -- Jack Coates Monkeynoodle: It's what's for dinner! On Thu, 14 Jun 2001, Mike Noyes wrote: Everyone, Are our home page and releases page easier to navigate now? Note: I still need to work on our releases page, but I think our home page is alright. ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: OT [Leaf-devel] linuxrouter.org draft?
did anyone else have trouble with my message? I'm using Pine 4.3 with US-ASCII as the character set. -- Jack Coates Monkeynoodle: It's what's for dinner! On Tue, 12 Jun 2001, Steven Peck wrote: Jack. tch tch tch :) In any case, the draft looks pretty good. I haven't had time to mull it over in detail yet, but I think I would sign it. Of, course 30 odd folks signing off LRP seems to have made an appropriate statement already, so the point may now be moot. I redid my personal web page. Now to redo some other stuff. Sigh, what a pain! It's a real pity, I was proud of participating in the list. Ah well, we'll just have to build the leaf-user list up. -- Steven Peck [EMAIL PROTECTED] Sacramento, CA http://leaf.blkmtn.org -Original Message- From: Jack Coates [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 12, 2001 10:48 PM To: [EMAIL PROTECTED] Subject: Re: OT [Leaf-devel] linuxrouter.org draft? This message uses a character set that is not supported by the Internet Service. To view the original message content, open the attached message. If the text doesn't display correctly, save the attachment to disk, and then open it using a viewer that can display the original character set. ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Monta-Vista Hard-Hat Linux
I've used HardHat in lab systems (Ziatech Ketris, sweet boxes) when I was at Rainfinity. From an admin/hack perspective, it feels like RedHat with some kernel patches. It was a pleasure to work with compared to a regular embedded system, but I doubt it would run nicely on a 486/33. -- Jack Coates Monkeynoodle: It's what's for dinner! On Tue, 12 Jun 2001, Charles Steinkuehler wrote: In light of my recent decision to abandon waiting for Butterfly, I am taking a long, hard look at working with Monta-Vista's Hard-Hat linux. I think this would make an excellent base distribution for the next generation of internet appliance releases. Of course, the proof is in the pudding (or so they say), so I'm downloading their (free) Journeyman release to play with. I've also e-mailed the HardHat linux folks, to see if they have any interest in a project like LEAF using their distribution. While I don't think we currently need sponsership from Monta-Vista, an alliance (or similar) might be nice. It would at least be good to know things like if they plan on keeping a free development platform available, be informed of major upcoming changes to the distribution ahead of time, and similar. Another benefit of using something like HardHat is multi-processor support. This will mean absolutely nothing to 99.999% of our users, but several folks are embedding LRP into 'black boxes' which may or may not run an Intel architecture CPU. I personally would LOVE to play with something like HardHat on the new IBM NPe405 CPU with 4 built-in 10/100 ethernet ports and multiple T1/E1 support. That would make a pretty cool LEAF platform... NOTE: I'm still very open to suggestions on what to use as the base of the next generation of LRP like functionality. I'm mainly looking at starting with an existing distribution because 'out of the box' you get a working cross-compile environment (no more dedicated Debian Slink boxes just to compile an application or two), and much of the software will be pre-packaged. While the pre-packaged stuff will likely be in RPM format, it should be possible to easily convert the RPM's to a tar.gz file or something else shell-scripts can deal with. A lot of the hard work (that requires maintainence and debugging) goes into making sure the packages all work well together...we should be able to leverage this work from a mainstream distribution and speed our time to solution. I really don't want to try to create or maintain a complete, from the ground up distribution...it seems like too much duplication of existing work. Thoughts/commments welcome, as always Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: OT [Leaf-devel] linuxrouter.org draft?
my, what a thread. Opinions are opinions, but: screwing with semipublic infrastructure because of your opinions is over the line, especially when the infrastructure was donated to you by companies wanting to further progress of the semipublic project. (The LRP code may be GPL, but the web site and mailing list are firmly Dave's -- ask anyone who's offered to help with them). I happen to fervently disagree with the opinions at hand -- I don't think killing people is ever a solution, whether you're wearing a white hood, military uniform, or judge's robe. There are too many layers of wrong-doing here for simple judgements. I may not contribute a lot, but I don't want my contributions tied to this sort of stupidity. I will consider signing Morgan's letter and I am definitely signing off the linux-router list. -- Jack Coates Monkeynoodle: It's what's for dinner! On Tue, 12 Jun 2001, Morgan Reed wrote: This is an inital rough draft that I think/hope represents all of the ideas mentioned here. Again, I agree with Bao, Ray and Dave, that treading cautionsly is best, and I agree, to a limited degree, with Ray's most recent assertion that silence does not always = agreement, but, as I think you may see from my draft, Dave's decision does represent a breach of overall trust. I agree with Ray that some notibles have reamined silent, and if there cannot be a consensus, then so be it, and a statemnt dies on the vine. My intent in suggestion a letter was to avoid an nudrectd counterstrike made in haste. All of that niceness aside, soem times, ya gotta say BULLSHIT, or the unchallenged comment goes on to become accepted. Anyway, it is late, this is very rough, and probably sucks toilet water. Here goes: Dear fellow LRP supporters, users and friends, Recently, one of the common web sites for Linux Router Project information was used for a purpose that was decidedly unrelated to LRP; instead, the domain name was exploited to make a political statement that had no bearing , except in the broadest interpretation, on anything connected to LRP. While we all support the concept and practice of free and open political speech, we do not, and cannot condone the use of an open source, community based project to support an individual member of the communitiesÂ’ political position. We believe that the global attention drawn to the LRP website is there because of all the participants, not just a single developer. We understand that the holder of the domain name can technically do as he/she wishes with the domain, but insofar as an open source project is conceptualized, written, supported and expanded by a truly diverse community, it seems wrong at the very core to essentially hijack the work of many to serve a single personÂ’s political goals. We hope this letter can serve a dual purpose; to let others know that the message that appeared on the website was not shared by (any/the vast majority) of us, and to show our disapproval for the abuse of the community trust placed in the domain name holderÂ’s hands. If a project is truly open source, then it can know no single political position, no single political ideology. It should, we believe, represent to everyone an example of how people from all places and walks of life can focus on a project that has no clear material gain, no self serving purpose and produce a remarkable product free for everyone to use and benefit from. Signed __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ray Olszewski Sent: Tuesday, June 12, 2001 12:24 AM To: [EMAIL PROTECTED] Subject: RE: OT Re: [Leaf-devel] linuxrouter.org At 08:25 PM 6/11/01 -0700, Mike Noyes wrote: ... I agree with Scott's wording. I recognized my mistake as soon as I read his message. I think we should give Morgan a chance to write a draft. He may come up with something we can all agree on. ... We need to be careful here. Silence does not equal assent, and many of the important participants in LEAF have been most notable for their silence on this thread. Some of them may not share the sentiments of those of us who have spoken up, but hesitate to start a confrontation here on this list. Understandably. Others may share the general sentiment but feel that it is not a proper topic of discussion here. Again, understandably. In other contexts, I've been in both of these positions, and they are uncomfortable ones. Personally, I'm not too worried about trying to do something effective. I think Dave's efforts are trivial in any real political sense. My personal goal is to respond in a way that lets me feel OK about living with myself. This is, for lack of a better word, a moral concern, not a political one. As I've said in other contexts, one cannot control the world, but one can at least try to control one's own reaction to the world. If Morgan comes up
Re: [Leaf-devel] Scanning - A Task In Security (#25528)
i'm up for it, but I'm low bwidth - pls contact me offlist before starting anything, as I'll be rebuilding my rtr today or tonight -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 4 May 2001, Dale Long wrote: I will be starting a Task In Security (#25528). I am looking for LEAF sites/gateways that I can scan legaly with permission. If anyone on this list would like me to portscan and check for vulnerabilities, please let me know what address I can scan against. We can organise times for scans of dynamic addresses and 'audits' that may bring a server down. I will be using the suggested audit tools, including Nessus and Nmap. Dale. ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] SVLUG meeting and Midori presentation
Just got back from this (sorry I missed anyone else who was there, it was a spur of the moment thing and I didn't get a chance to plan hooking up). Midori is definitely aimed at the end user or developer of handhelds and mini-laptops. No surprise there. The Transmeta guys doing the presenting seemed a little thin on info w/r/t cramfs and ramfs, but they had lots of interesting stuff about Crusoe processors. They also say that a base build of Midori compiles to about 6 MB without Netscape, which ain't half bad for a modern system with X 4.0.3. -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Found my development platform.
I've played -- err, managed processes -- with this tool. It's extremely amusing, but a little nerve-wracking unless you have a top window nearby to translate pid-to-process. Killing X or the shell you started psdoom from puts a quick end to the game :-) -- Jack Coates Monkeynoodle: It's what's for dinner! On Sun, 29 Apr 2001 [EMAIL PROTECTED] wrote: On 26 Apr 2001, at 19:34, Scott C. Best wrote: Forgive the off-topic moment of levity but...Oooo. http://www.jp.playstation.com/linux/image/main.jpg I can see it now...a Missle Command like interface to zap incoming packets of questionable origin... :^) Someone (or two) somewhere adapted Doom to be used as a Linux sysadmin tool. Processes were the enemy; important processes were hard to kill; and each enemy had a process number on it. Nasty... ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] A little less mail, a little less Oxygen development....
On Sun, 29 Apr 2001 [EMAIL PROTECTED] wrote: There is a new baby in the house so I'm not going to be doing a lot in the next week or so... Heh heh. You really think everything will be back to normal in a week :-) Andrew James was born 22 April 2001 at 7:25 am, and was 9 lbs. 4 oz. (ask your wives if that's big :-) My goodness, that's large! Kudos and congratulations to the mom!! Current outstanding development concerns: * Both Oxygen versions (glibc 2.0.7 and 2.1.3) have problems with insmod: the kernel in both is a kernel with the bridge patches installed and compressed with UPX. -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Northpoint refugees?
In this territory ISDN is actually more expensive than a DS-0 if you're going to have it up for business hours, and more expensive than a 128K Frame PVC if you're up 7x24. The wireless stuff has some good gee-whiz, but I don't want to change ISPs or purchase potentially incompatible equipment in a season of consolidation. So, I just bought a good Courier modem off of Ebay and arranged dedicated dial with my existing ISP. It's not like I play a lot of games anymore anyway :-) Thanks everyone for the tips, and look forward to some PPP images. -- Jack Coates Monkeynoodle: It's what's for dinner! On Sat, 28 Apr 2001, Paonia Ezrine wrote: Jack, I a few ideas one is atleast in Massachusetts isdn with dovbs (provisioning ths circuit as voice and then sending data over it is pretty cheap) no per minute costs. Also when I was looking for bandwidth awhile back I come upon some satellite options in your price range one was oneway and the other Galat@home (sp?) was two way. If you want me to track down the pointers let me know. good luck Paonia Satellite, Frame Relay, and ISDN -- ridiculously expensive. I can justify about $100 a month for =128 Kbps. I did think about sharing with the neighbors for a few minutes, but I don't really need to add bill collection and technical support to my list of extracurricular activities. Anything I overlooked, or should I just buy a better analog modem and get used to dedicated dial-up? -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Northpoint refugees?
Okay, so it's been a month at 14.4 Kbps now. I have spent much of that month helping Pacific Bell find out that my loop is 23 Kft as opposed to 19 Kft, and that Project Pronto won't hit my neighborhood for another year. Other IDSL providers in the area appear to be reselling Rhythms, which is rumored to have very little life left in it. $0.29 is not a sign of rosy prospects: http://finance.yahoo.com/q?s=RTHM Cable modem is not available in my neighborhood now, though the flyer recently came out and they've been climbing the poles. However, I'm not thrilled about using cable since my understanding is that you can't run services from it. Additionally Excite@Home is having difficulties, meaning ISP change is imminent. Wireless via Sprint Broadband Direct -- line-of-sight, worth a try. Asking them about fixed IP and services now. Wireless via Metricom -- via www.wwc.com I could get fixed IP, but latency is famously bad and their health is also quite questionable. Satellite, Frame Relay, and ISDN -- ridiculously expensive. I can justify about $100 a month for =128 Kbps. I did think about sharing with the neighbors for a few minutes, but I don't really need to add bill collection and technical support to my list of extracurricular activities. Anything I overlooked, or should I just buy a better analog modem and get used to dedicated dial-up? -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Vulnerabilities dot org
snip running, as echo test file won't work if the disk is full. So...be cautious turning Nessus loose on your own LRP box. :) I think this is a problem. I believe the ramdisk shouldn't fill up under any circumstances. Can we change log rotate to trigger on file size in addition to periodically? It's got the ability in multicron, but commented out by default. I haven't formally tested it, but it seemed to worked on my old low-memory router. Still, a check every few minutes to start action seems like a kludgy way to handle it. Makes me wonder though. At the start of the scan, /var/log/syslog, messages and kern.log were 15k, 13k, and 13k respectively. After the scan...all *three* of them were over 980k before I ran out of disk space. Sure, a brute-force DOS attack but...what am I doing wrong where each packet log gets recorded in 3 places? Also...I noticed my cable-modem connect thru the LRP was sluggish after the disk was filled. I checked with www.bandwidthplace.com/speedtest and it confirmed: 671 kpbs with a full disk, and 1293 kbps immediately after a reboot. Perhaps the next time someone on the LRP lists mentions that their LRP box is acting slow we should ask if they recently unleased Nessus on it. That's strange. -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] diskspace check
On Fri, 27 Apr 2001, Mike Noyes wrote:
Jack Coates, 2001-04-27 07:12 -0700
snip
running, as echo test file won't work if the disk is
full. So...be cautious turning Nessus loose on your own
LRP box. :)
I think this is a problem. I believe the ramdisk shouldn't fill up
under any circumstances. Can we change log rotate to trigger on file
size in addition to periodically?
It's got the ability in multicron, but commented out by default. I
haven't formally tested it, but it seemed to worked on my old low-memory
router. Still, a check every few minutes to start action seems like a
kludgy way to handle it.
Jack,
Is there an elegant solution to the problem?
Uhhh quotas?
Uhhh at least using a cat /proc/whatever instead of df?
Here's the code from /etc/multicron-p:
periodic () {
checkfreespace
pingcheck
}
...
updatefree () {
IFS=$SP$TAB%
set -- $(df | sed -n 2p)
IFS=$OIFS
bfree=$4
pfree=$((100 - $5))
}
ckfree () {
[ $bfree -le ${lrp_SC_MINKB:--1} ] return 1
[ $pfree -le ${lrp_SC_MINPER:-101} ] return 1
return 0
}
the annoying thing is that I don't see where it's getting called from --
it's not in crontab, but I do know it's getting called because the ping
check goes off about hourly.
___
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] diskspace check
On Fri, 27 Apr 2001, Mike Noyes wrote: Jack Coates, 2001-04-27 08:25 -0700 On Fri, 27 Apr 2001, Mike Noyes wrote: Jack Coates, 2001-04-27 07:12 -0700 snip running, as echo test file won't work if the disk is full. So...be cautious turning Nessus loose on your own LRP box. :) I think this is a problem. I believe the ramdisk shouldn't fill up under any circumstances. Can we change log rotate to trigger on file size in addition to periodically? It's got the ability in multicron, but commented out by default. I haven't formally tested it, but it seemed to worked on my old low-memory router. Still, a check every few minutes to start action seems like a kludgy way to handle it. Jack, Is there an elegant solution to the problem? Uhhh quotas? Jack, How large are the quota utilities? Wouldn't be a good solution unless we chrooted and service accounted everything -- which is something I'm planning to do with Ladybug when development restarts. On that note, got CVS going here and have started to check it out (pun intended). Uhhh at least using a cat /proc/whatever instead of df? Would that be proc/stats? no, I think that's aggregate activity, or else it doesn't do ram disk: willard: -root- # df Filesystem 1024-blocks Used Available Capacity Mounted on /dev/ram0 60764557 1519 75% / # grep disk /proc/stat disk 0 0 0 0 disk_rio 0 0 0 0 disk_wio 0 0 0 0 disk_rblk 0 0 0 0 disk_wblk 0 0 0 0 Here's the code from /etc/multicron-p: snip the annoying thing is that I don't see where it's getting called from -- it's not in crontab, but I do know it's getting called because the ping check goes off about hourly. A Nessus scan can add enough log entries in less than five minutes to exceed free ramdisk space. This is on a box with 16M of memory. If I remember correctly, David solved this problem in Oxygen by creating a separate partition for /var/log. He recommends 18M for Oxygen though, and I don't know if this fixes the performance slowdown. -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] The Continuing Efforts of Micronization
I rather like this idea. Might be a pipe dream, but would be nice. -- Jack Coates Monkeynoodle: It's what's for dinner! On Tue, 24 Apr 2001, Mike Sensney wrote: At 09:34 PM 04/23/2001 -0400, George Metz wrote Okay. I got the basic-level kernel compiled. Here's what we have: -rw-r--r-- 1 wolfstar root 470k Apr 23 16:14 kernel.standard -rw-r--r-- 1 wolfstar root 404k Apr 23 16:15 kernel.upx Before we get too excited, I'm stating for the record that there is next to NOTHING in this kernel. What's been pulled: Loopback/Network block device support IDE and SCSI support Hot-pluggable device support Watchdog timer support Token-Ring support TOS-Routing A few other random goodies. This is strictly for a eth-to-eth router. I plan on doing more with it in the near future, and looking to see what I can put back in. This does have IPChains and IPTables support; both are modularized. Thoughts? Questions? Would it possible to create a base .config then create a series of patch files to modify the .config file? Would this be manageable or would it be a can of worms best not visited? I was thinking of a script, call it LRPkernel that first copies a base .config to /usr/src/linux, then applies the patches listed on the command line. It would look something like: LRPkernel IDE IPSEC PPORT etc. Then compile the kernel as usual. I'm not familiar enough with the diff and patch programs to know what happens if different patches end up contradicting each other... ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] IP-Masq'ing question
The only way I can see this working is if you: a) know and define the subnet the fixed addresses will be in b) don't ever need to get to that subnet on the Internet (or at least not at the same time as you're using a wireless device). Better ways: DHCP. It's pretty easy to write a .bat or .sh which releases and renews -- with a little more work and snort you could probably autosense when that sort of activity was required? I'll assume you know about the big ugly holes recently discovered in WEP and have heard the stories about driving around with a laptop and an antenna... The risks aren't new (WEP == wired equivalent protocol and imagine a hub with a patch cable reaching out to the street for anyone to use), but they are recently publicized which means lots more script kiddies know about it. -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 20 Apr 2001, Scott C. Best wrote: Heyaz. Curious for any leads, pointers, suggestions, patient explanations here. Here's the situation: given a Linux based NAT'ing firewall/router in between a modem and a 802.11 access point, I'd like to support an 802.11 network device that arrives on the network which is preconfigured "incorrectly". That is, suppose my LAN is 192.168.x.y, but a new device is configured with a static IP# (and static DNS, and even a static proxy) in some *other* range (say, in 206.184.139.137/24 somewhere). Presuming the firewall ruleset is flexible enough, how much of this would common IP-masquerading be able to handle already? Certainly the DNS and and proxy stuff would require some careful forwarding...but what about the NAT'ing and the routing? I've been noodling on this most of the day, and have fairly well convinced myself that it should be fairly straightforward with the NAT'ing, but a bit trickier with the ad-hoc ip-aliasing of the internal interface (so it would appear as the default gateway, DNS, and proxy for multiple devices differently). Anyhow...thanks in advance for any thoughts on this. cheers, Scott ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] IP-Masq'ing question
I don't think it's going to work, then. "On the fly" reconfiguration would mean downing the interface everytime a new machine joined the wireless LAN, which would get really annoying to the users. But if you treat the LAN like the Internet (0.0.0.0/0) then you can't route to it. Actually, that could work, I think, with proxy arp. wireless int - 192.168.254.254, bridging enabled def route forwards all traffic to eth1 masquerade as 192.168.1.1 eth1 - 192.168.1.254 another LRP is the Internet gateway. Double-NATing is goofy as hell and will probably break something. -- Jack Coates Monkeynoodle: It's what's for dinner! On Sat, 21 Apr 2001, Scott C. Best wrote: Jack: Hurm. I know that I can't assure you of "a". In fact, quite the opposite: I have no idea what people will be bringing into the wireless LAN. On the other hand, I can safely assure you of "b". Can see your point: if I alias the internal interface to some other subnet's gateway or DNS IP address, it'd be tricky to ever trying to send packets thru the router to the "real" one. Regarding DHCP, I agree completely. That'd be best, and it's certainly going to be the default. But, I'm not sure I can force a user's laptop (say) to use DHCP if it started life in my LAN as a statically configured device. I think I just gotta deal with it, somehow detecting "lost" packets and adapting the interfaces, on the fly, accordingly. Or, as you suggest, run an active LAN scanner (perhaps an ARP watcher?) to see what just joined and make some guesses as to how to handle it. Risk wise, 802.11 certainly has that limitation with the independent-BSS mode. My understanding is in that "software access point" mode, everything on the LAN is essentially a peer, and so an illicit user can see and affect legitimate users directly. In "real" access points, there's a normal BSS mode, in which the AP mediates all of the traffic, and so peers are safer from each other. My understanding, though, is that none of the open-source projects support this second mode -- not until an Orinoco access point gets reverse engineered. -Scott On Fri, 20 Apr 2001, Jack Coates wrote: The only way I can see this working is if you: a) know and define the subnet the fixed addresses will be in b) don't ever need to get to that subnet on the Internet (or at least not at the same time as you're using a wireless device). Better ways: DHCP. It's pretty easy to write a .bat or .sh which releases and renews -- with a little more work and snort you could probably autosense when that sort of activity was required? I'll assume you know about the big ugly holes recently discovered in WEP and have heard the stories about driving around with a laptop and an antenna... The risks aren't new (WEP == wired equivalent protocol and imagine a hub with a patch cable reaching out to the street for anyone to use), but they are recently publicized which means lots more script kiddies know about it. -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 20 Apr 2001, Scott C. Best wrote: Heyaz. Curious for any leads, pointers, suggestions, patient explanations here. Here's the situation: given a Linux based NAT'ing firewall/router in between a modem and a 802.11 access point, I'd like to support an 802.11 network device that arrives on the network which is preconfigured "incorrectly". That is, suppose my LAN is 192.168.x.y, but a new device is configured with a static IP# (and static DNS, and even a static proxy) in some *other* range (say, in 206.184.139.137/24 somewhere). Presuming the firewall ruleset is flexible enough, how much of this would common IP-masquerading be able to handle already? Certainly the DNS and and proxy stuff would require some careful forwarding...but what about the NAT'ing and the routing? I've been noodling on this most of the day, and have fairly well convinced myself that it should be fairly straightforward with the NAT'ing, but a bit trickier with the ad-hoc ip-aliasing of the internal interface (so it would appear as the default gateway, DNS, and proxy for multiple devices differently). Anyhow...thanks in advance for any thoughts on this. cheers, Scott ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] IP-Masq'ing question
actually, better depiction and idea improvements: wireless area Internet | | LRP LRP | | ---LAN- Both LRP's masq, both LRP's treat the top interface as default network. Wireless LRP forwards everything into the LAN, masqing it as a single IP. The hard part now is Internet access from the wireless LAN, because you can't give the LRP two default routes pointing in two different directions :-) Nor can you use the massively annoying "static routes supernetting the whole Internet" trick because you're likely to get registered addresses on the wireless net from time to time. Routing into the LAN is easy, but routing from the wireless area to the Internet is going to be challenging. I think you're better off changing people's IP addresses. -- Jack Coates Monkeynoodle: It's what's for dinner! On Sat, 21 Apr 2001, Jack Coates wrote: I don't think it's going to work, then. "On the fly" reconfiguration would mean downing the interface everytime a new machine joined the wireless LAN, which would get really annoying to the users. But if you treat the LAN like the Internet (0.0.0.0/0) then you can't route to it. Actually, that could work, I think, with proxy arp. wireless int - 192.168.254.254, bridging enabled def route forwards all traffic to eth1 masquerade as 192.168.1.1 eth1 - 192.168.1.254 another LRP is the Internet gateway. Double-NATing is goofy as hell and will probably break something. ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] File Systems (was: CVS structure)
ext2fs would be handy, but it makes things harder on the Windows users. I think vfat is the best thing to do. I use vfat in my kernel -- it's 15K in 2.2, 16K in 2.4. UPX would turn that into .003 bytes, right :-) -- Jack Coates Monkeynoodle: It's what's for dinner! On Sat, 21 Apr 2001, Mike Noyes wrote: [EMAIL PROTECTED], 2001-04-20 18:03 -0700 On Fri, 20 Apr 2001, Mike Noyes wrote: This still doesn't explain why Debian is trying to do the following for their boot floppies. http://lists.debian.org/debian-boot-0102/msg00435.html ~ Build in crams and ramfs. We're going to boot off of a cramfs initrd ~ and then set up and pivot_root into a ramfs filesystem. I;m not really familiar with the details, but I think the cramfs initrd is both disk- and ram-efficient, and pivoting the root means switching the root over to a writeable filesystem while maintaining access to the old filesystem. For a boot floppy there is no customization, but it is convenient to have a writeable root. Jeff, You have a better grasp of the details than I do. :) If I have this right, cramfs isn't flexible enough for our needs. That means that Midori isn't useful for a base, and we're back to vfat or minix for long file name support. The MontaVista rep. seemed to think ext2 wasn't out of the question for our needs. -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] File Systems (was: CVS structure)
I just hunted through my module archives and I've never built it as a module... I also did a google search, but the only ones I turned up in reasonable timeframe were compiled for NetBSD. Those are 51K (!). -- Jack Coates Monkeynoodle: It's what's for dinner! On Sat, 21 Apr 2001, Mike Noyes wrote: Jack Coates, 2001-04-21 08:31 -0700 ext2fs would be handy, but it makes things harder on the Windows users. I think vfat is the best thing to do. I use vfat in my kernel -- it's 15K in 2.2, 16K in 2.4. UPX would turn that into .003 bytes, right :-) Jack, It may make things a tad harder, but I believe winimage supports ext2. Do you know how much room ext2 takes? -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Patched kernel 2.4.3 (about to be) available.
I would definitely put serial back in for those of us who use serial console. Everything else looks like a good idea. -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 20 Apr 2001, George Metz wrote: Okay gang, got the FTP security patch from the Netfilter boys and applied it. Kernel is compiled and I'm about to tar and gzip it. I also took the opportunity to go weeding. The final result is as follows: 1. Kernel is no longer able to mount filesystem images on the loopback device. 2. There is no longer a PCI Device Database, so PCI devices are listed in /proc/pci by card ID. 3. The Network Block Device was removed, as I couldn't really see a need for it on a secure system. 4. Modularized serial support. Some of these are a little questionable in my own mind, to be honest, so I'd like some feedback from people on whether or not the tradeoff is acceptable. However, the final results are impressive. Here's the previous Standard and UPX-Compressed 2.4.3 kernels: -rw-r--r-- 1 wolfstar root 552k Apr 11 03:45 kernel.standard -rw-r--r-- 1 wolfstar root 481k Apr 11 03:46 kernel.upx Here's the current one: -rw-r--r-- 1 wolfstar root 474k Apr 20 02:38 kernel.standard -rw-r--r-- 1 wolfstar root 411k Apr 20 02:39 kernel.upx So we're looking at about 70-75k of space savings, and that's TRULY spectacular. I might go back in and try putting back the Serial support and see how that affects kernel size, but this is a LOT of space saving. On another note, I was also going to add the ipchains and ipfwadm compatibility modules, but I discovered that that would require building the default conntrack module and the iptables module AS modules, instead of built in. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] CVS structure (was: Patched kernel 2.4.3 (aboutto be) available.)
Man, I am so swamped. Ladybug needs to be whacked against the new Oxygen release -- this shouldn't be too big of a deal, since the new Oxygen has a fair number of the architectural changes I was working on built into it (only better). So the work at this point is a matter of kernel customization, removal of the routing-specific stuff, editing of menus, packaging the applications to be run, and testing. Let's say it's far from release. I would love to put it in CVS, and will follow whatever scheme is used by everyone else. -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 20 Apr 2001, Mike Noyes wrote: snip Jack, How close is Ladybug to release? Is it ready for CVS? Scott, I think Echowall should be added to CVS. Do you agree? -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Unified Embedded Platform Specification
that sounds like a good thing. -- Jack Coates Monkeynoodle: It's what's for dinner! On Wed, 18 Apr 2001, Mike Noyes wrote: Everyone, I belive this ELC announcement is significant. Opinions? Unified Embedded Platform Specification Established and Promoted by Embedded Linux Consortium Board http://www.embedded-linux.org/pressroom.php3#66 -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] fresh offa /.
interesting idea -- I need another mailing list like I need a hole in my head (~600 messages a day and I'm totally backlogged) but here's the dirt: http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26mid%3D175494%26fromthread%3D0%26start%3D2001-04-08%26end%3D2001-04-14%26threads%3D0 -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] German LRP Faq
sure thing. Would it accept symlinks? I'm hoping to get rsync working in order to put stuff onto sourceforge.net. -- Jack Coates Monkeynoodle: It's what's for dinner! On Sat, 7 Apr 2001, Mike Noyes wrote: Jack Coates, 2001-04-06 21:18 -0700 use whatever you need, by all means. Note that this permission only applies to things I wrote :-) Jack, May I publish your howtos on our phpWS in the section link below? If so, do you want a admin/author account for phpWS? This would allow you to update them in the future. http://leaf.sourceforge.net/content.php?menu=1103page_id=13 If not, may I link to them in your devel directory? -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] macunix
beowulf! beowulf! Cluster them and you'll have all the blinding speed of a 486/33! :-) -- Jack Coates Monkeynoodle: It's what's for dinner! On Mon, 9 Apr 2001, David Douthitt wrote: Jack Coates wrote: well, http://www.mac.linux-m68k.org is probably a better fit for David -- ain't nothing running on a Mac Plus except what it came with. I think PalmOS might be a good fit, but the HCI issues would bite :-) Heh heh. Yet I don't have a Mac Plus in MY house :-) I do have three 68040's though :-) ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Kernel 2.4.x
Don't feel too stupid, my server's been filling up its log files for 29 days with mingetty complaints because I forgot to include support for virtual consoles. I keep meaning to fix it but a week out of town here and a kid who won't sleep there... besides, I don't want to mess with it until I can take time to mirror the disks. -- Jack Coates Monkeynoodle: It's what's for dinner! On Sun, 8 Apr 2001, George Metz wrote: snip Oh wow. That'll teach me to compile when I'm tired. Okay gang, skip the kernel, I need to do a recompile. Forgot to include support for MS-DOS filesystems. Boy, do I feel stupid... -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] German LRP Faq
use whatever you need, by all means. Note that this permission only applies to things I wrote :-) -- Jack Coates Monkeynoodle: It's what's for dinner! On Mon, 2 Apr 2001, Eric Wolzak wrote: Hello all, especially Mike, charles,Ray, Steven, Jack, Rick, and all others that provided Documentation to this Project on the Leaf site. I started to make a new German Documentation for the LRP with an guide howto setup an lrp for dsl, isdn,ppp etc. A part of this step by step guide i will setup as a faq. I found a lot of the Documentation parts of our doc site at leaf very clear, and compact. (better than I can explain it ;) ) So my question is. Is it okay to use some parts of this explanation for a free translation ? I will put the names of the original contributors to a section "people who contributed to the original english faq" with a link to the documentation site. So your names will be mentioned, but not for every question the specific name. Has anybody anything against this approach. BTW. The final documentation will be in my developer page on the leafsite replacing the ISDN specific introduction, there is now. Greetings Eric Wolzak http://leaf.sourceforge.net/devel/ericw ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Packaging
I expand the lrp's as a regular user to avoid that. -- Jack Coates Monkeynoodle: It's what's for dinner! On Thu, 5 Apr 2001, Scott C. Best wrote: Actually I like .lrp as well, though my complaint with it is different. I find it difficult to extract files from a .lrp without potentially overwriting important system binaries on the development box. What'd be *much* nicer is if package.lrp expanded to /tmp/package, and then /tmp/package/package.list would be queried to find out where to put everything. -Scott On Thu, 5 Apr 2001, David Douthitt wrote: I seem to be somewhat alone in that I *LIKE* the *.lrp packaging; there is only one change I would make: rename the files from *.lrp to *.tgz. This adds the ability to know what the file format is, and allows Windows hosts to decipher the file automatically. However, there is support for unpacking RPM and DEB files within busybox; I haven't played with them yet, but perhaps a new distribution might find a need for them. I don't know about Debian packages, but RPMs are very nice for a full system, work fast, upgrade well, have dependency checking. and also a huge database, lots of CPU overhead, and aren't usable with generic UNIX utilities like tar, gzip, and cpio... Debian probably has a similar problem, yet I don't like their dpkg hardly at all. I've also used Unixware packages and HP-UX depots; none of them share the fundamental simplicity that the *.tar.gz file for LRP supports. UNIX originally did EVERYTHING in files; I understand that Plan 9 (an ATT post-UNIX OS development) goes even FARTHER with this idea. Why not use it in our packaging? ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [Leaf-devel] Functional Admin -kudos
Looks like I'm late to the party (man, it's been a long, long week) but I have to agree: Mike's done a fabulous and professional job of project management. -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 30 Mar 2001, Steven Peck wrote: I have to go with David here and I think it deserves a mention. You are coordinating work on an Open Source project. You have been driving force and crucial to installing and maintaining the website (you then found a better solution and made it happen :getting help counts), coordinating and writing documentation, doing the backend administrative work on getting a CVS tree going, setting up/manageing multiple mail lists, ftp permissions, Sourceforge updates and issues. Gathering a consensus on a variety of disparate issues (color, theme, logo, style, directory structure, now CVS) from a set of developers, and misc contributors of varying techinical levels and interests.) You have 'brought' in folks (Pim) by making them aware of what we are doing here. Regular updates/notification of Sourceforge issues. Prompting for standards in Documentation, etc. This is a synopsis. I've been on paying contracts that were not as well managed/coordinated. This is something that you can probably add to your resume in some fashion. Heck, I'll give you a reference letter if you want. :) -- Steven Peck [EMAIL PROTECTED] http://leaf.blkmtn.org -Original Message- From: David Douthitt To: [EMAIL PROTECTED] Sent: 3/30/2001 7:50 AM Subject: Re: [Leaf-devel] Packages in PatchManager CVS Mike Noyes wrote: David Douthitt, 2001-03-30 09:23 -0600 I'm a barely functional admin for this project. I disagree vehemently! This project has better documentation than I've seen almost anywhere else on Sourceforge; the PHPWebSite is phenomonal. ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Languages
Every time I've tried to learn C or C++ the instructor or author lays out all the basics of the language and I do fine. We do a few example programs like helloworld.c and add/subtract calculators, and I do fine. Then the excersises jump into geometry or calculus problems, because of course anyone interested in programming took lots of math in school, right? And then it's all over. I'm learning, but so far shell script is where it's at for me. -- Jack Coates Monkeynoodle: It's what's for dinner! On Thu, 5 Apr 2001, David Douthitt wrote: [EMAIL PROTECTED] wrote: People who are good at C say that C is easy. Every time I attempt to learn C, I fail miserably... Sounds like what happens to me every time I try to learn LISP or Smalltalk. The thing I always find fascinating is the textbooks show you how to add 5 and 6, but not how to scan a configuration file; or they show you how to do a bubble sort, but not how to react to user input. It seems as if general disk I/O is a no-no. Thus, I never seem to be able to find a way to do anything useful in languages like LISP or Smalltalk - or even Scheme - I wound up with TI PC Scheme on 5.25" once - still have it :-) Of course, having an expert you can pester helps too ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [OT] Re: [Leaf-devel] Mirrors and upcoming Oxygen CDROM
I prefer radiocasts, which is fine since they transmit well over the internet -- majorleagebaseball.com and soon to be non-free. Go Giants! -- Jack Coates Monkeynoodle: It's what's for dinner! On Thu, 5 Apr 2001, George Metz wrote: On Wed, 4 Apr 2001, Scott C. Best wrote: Goerge: Got it from Tom on the LRP list, thanks. One of those days when amost everything I said out loud was dead wrong. :) But then, if this is what it takes to get a no-hitter outta my Red Sox, I can get used to it... Yeah, that was nice. Trade ya telecasts if you get the Mets though; best I get is the Sox - not bad, but when you're not a fan and the stations around here refuse to show any of the Other League's games, it's mighty annoying. And lemme tell ya, ESPN's coverage doesn't cover it. =P Ah well, at least I can get WFAN out of New York up here. Sort of. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Oxygen CDROM Developments
my god, how do you do it? I'd ask the usual question, except I don't sleep much any more and I still can't keep up :-) I strongly agree with chucking the syslinux parameters in favor of a config file -- ideally a single config file that handles anything dsitribution-specific (as opposed to configuration which is present in or mimics "regular Linux" or belongs to an application). -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 6 Apr 2001, David Douthitt wrote: The CDROM is pretty cleaned up and almost ready. I'm currently testing a floppy-disk representative of the CDROM boot image, and am having problems with network loading. I hope to get this fixed, then test the loading of packages from CDROM, then burn and release. I had hoped to be able to use a standard Oxygen floppy as a CDROM boot image, but that is not the case: CDROM support modules are just too big (ide-cd.o, cdrom.o, isofs.o) - they add up to about 100k or so. The only thing I won't be able to do (at least I don't think so) is to be able to load arbitrary user-chosen packages from CDROM at boot time - well, somewhat maybe... My next development I think will be to chuck all of the parameters (LRP=, PKGPATH=, PKGLIST=, ...) in favor of a text-based configuration file on the disk. This will allow *MUCH* greater flexibility - including specifying parameters on disk-by-disk basis. I'm pretty sure this will be AFTER the CDROM is burnt... Well, see you all later ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Languages
thanks for the tip! I'll be looking into some more training/cert stuff in the next month, so hopefully this will fold in well. -- Jack Coates Monkeynoodle: It's what's for dinner! On Sun, 8 Apr 2001, Ray Olszewski wrote: snip Jack -- You might look for better instructors (or better self-paced teaching books). Although I rather enjoy advanced math myself, I don't think it the obvious place to go soon after "Hello World", and not all courses follow that route. Certainly not community college courses around here (Palo Alto, CA), where many of the students take the intro sequence (now taught in C++) before they take calculus (if they ever do). Although I've programmed in C for ages, I only learned C++ a couple of years ago. I did it by signing up for a community-college course in Data Structures and Algorithms that was taught in C++. I knew much (though not all) of the DSA stuff already, and I figured (correctly) that doing exercises the involved implementing linked-lists, associative arrays, custom String classes, and the other usual suspects in the DSA world would hold my interest while I picked up the language peculiarities. It worked for me. Something similar, perhaps with different content, would work for you. The ORA book "Practial C++ Programming" (Steve Oualline) isn't a bad place from which to pick up the language in a non-GUI setting. -- "Never tell me the odds!"--- Ray Olszewski-- Han Solo Palo Alto, CA [EMAIL PROTECTED] ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Nifty CD Idea
On Thu, 29 Mar 2001 [EMAIL PROTECTED] wrote: On Thu, 29 Mar 2001, David Douthitt wrote: Charles Steinkuehler wrote: The technique I'm using to run LRP off a HDD root partition is to acutally run the LRP startup scripts in a chrooted environment, creating a root environment that is then simply mounted at the next boot (linuxrc is modified to just exit after loading bootstrap modules if root is set to something other than the ramdisk). Huh? I don't understand. You and others run just fine off of a MSDOS formatted hard disk to which syslinux has been applied. I've a IDE RAM disk that boots Oxygen right now, and it doesn't need a fancy chrooted environment or anything else. You must get something out of this unusual configuration and I'm just too dense to see it. Can you say "no ramdisk"? Let's all say it together... No Ramdisk. Some people have other plans for ram. The usual response has been "not worth it... use a different distro." I think Dave C's patches would be inappropriate for such a system, so I tend to think adapting LRP backward probably doesn't make sense. However, there was a post awhile back by someone who figured out how to run an unpatched kernel with LRP, so it may make sense at some point to omit the patches, and make non-ramdisk startups a configuration option. Depends on what you're trying to do -- to me the ramdisk is a huge advantage: system runs from a very fast medium which is just barely big enough to do the task at hand. Good for security, good for performance, bad for administrator ease. -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] deep thoughts
difference between page-swapping and disk-caching -- my bad terminology. Anyway looks like there's no problem. -- Jack Coates Monkeynoodle: It's what's for dinner! On Mon, 26 Mar 2001, David Douthitt wrote: Jack Coates wrote: This got me thinking -- does LRP have a disk cache? And if so, why? Caching one hunk of system RAM in another is not sensible. Why not? As I understand HP-UX, "swap" involves swapping files to buffers in memory (first anyway) - so that ZERO swapping is normal. Of course, when you measure memory in Gigabytes instead of Megabytes, it may be a little different :-) ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New Disk images name
Yeah, Mandrake. Oxygen was 7.0, Helium was 7.1. They ran out of elements too and 7.2 is Odyssey. Don't know what 8.0 will be, but I'm rooting for Bloody-Jihad-of-Death. You could use that for your next release though, I don't mind. Or maybe my favorite subway sign: Emergency Third Rail Power Trip. :-) -- Jack Coates Monkeynoodle: It's what's for dinner! On Mon, 26 Mar 2001, David Douthitt wrote: George Metz wrote: I at one point was - while I was still a dreamy schmuck and thought I knew something (right before I tried to puzzle out Oxygen's scripts =) - planning on doing a release that combined features of Oxygen with those of a few other things here and there. I was gonna call it Helium. Feel free to use it, since it's a lot less cumbersome than Nitrous Oxide, Carbon Dioxide, or any of a half-dozen others. =) When I picked the name Oxygen, I was thinking of High Altitude elements like Oxygen and Helium - but Helium is already taken by one of the major distribution's nicknames for their released versions. Wasn't it Mandrake who released a Helium version? ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] LEAF documentation
unless project pronto is still moving forward, IDSL and wireless are my only choices. When I left SBC there was some question about the FCC allowing pronto to continue... -- Jack Coates Monkeynoodle: It's what's for dinner! On Sat, 24 Mar 2001, George Metz wrote: On Fri, 23 Mar 2001, Jack Coates wrote: thanks for the kind words -- looks like I'll be writing a dial-backup HOWTO next, my IDSL line is through NorthPoint and I'm starting to see spotty service related to this press release: http://www.northpoint.net. I don't know if you're aware of this or not, but this is a little bit nastier than it looks. Northpoint has a website that ISPs who resell their lines can go to for general info, updates on trouble tickets, and the like. That website is prc2.northpoint.net. Two days ago, about 10pm EST, it started redirecting to the press release on the Northpoint main page. This was about 2 hours AFTER their phone systems - ALL of them - started being answered by a recording stating that the US Bankruptcy Court had frozen all assets, and then hung up on you. The few Northpoint techs that we had AIM ScreenNames for, tell us that they don't know what's going on, or if they'll even be employed tomorrow. ATT is purchasing Northpoint's assetts; Northpoint Customers are not considered assetts at this time, only equipment and facilities. Run, don't walk, to Covad. Even then, you're going to be down if you go for IDSL. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New Disk images / Distributions
now that's a really good idea. Leaves of different genus... es? genii? for platforms. Bugs of different families for applications. And then there's Dave... everything's in the air!! -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 23 Mar 2001, Charles Steinkuehler wrote: On Thu, Mar 22, 2001 at 01:42:00PM -0800, Mike Noyes scribbled: Charles, My two cents. MML - Mountain Maple LEAF Mountain Maple Leaf http://wcd.saultc.on.ca:8900/dendro/webpages/mmtnleaf.html OK, the Eiger part of EigerStein needs to go because the new images will be based on LRP 2.9.8. The Stein part of EigerStein needs to go because even though I may do lots of work on the new images, I don't want to convey the impression that I'm the only one working on them...in fact, I'd like to play as small a role as possible (got 'bots to build, you know). So...How about major releases indicated by a particular family (genus?), like Maple, and individual releases indicated by specific variety (species?...I'm forgetting how the 5 latin catagories fit with common names...). This would give something like: 1st major release: Silver Maple Incremental releases: Sugar Maple Red Maple Japanese Maple etc... 2nd Major release: White Oak Incremental releases: Burr Oak Pin Oak Live Oak etc... If this seems OK to everyone, we just need to start fighting about which plant family to start with, or just let me (or my wife the landscape architect/gardener) pick one. Of course, each release would also have a numeric version/revision ID to avoid ambiguity, but names are easier to remember market. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Something to watch?
Intel's pushing Linux some too, but not as well as IBM (or at least not publicizing it). I'm pissed, I missed a chance to meet a buncha luminaries including Linus this week because I got sucked off on an emergency :-( -- Jack Coates Monkeynoodle: It's what's for dinner! On Thu, 22 Mar 2001 [EMAIL PROTECTED] wrote: On Fri, Mar 23, 2001 at 04:49:50PM -0600, Charles Steinkuehler scribbled: Looks like IBM will be giving away free linux access (based on their S/390 mainframes, which can run thousands of independant virtual linux boxes): http://www-1.ibm.com/servers/eserver/zseries/os/linux/freeaccess.html It's so cool that IBM is pushing linux...I can't wait for JFS to stabalize. It's a beautiful thing. Maybe I should push my resume on some IBM divisions and see if they'll hire me... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] deep thoughts
Just thinking here, generally a bad idea... I've been reading the Postfix list lately, on which Linux is dissed for a couple of reasons: a) asynchronous flushing in ext2fs causes lost mail This is a good reason to diss, and I've been avoiding ext2fs for a while now. It looks like ReiserFS is a good choice for a mail queue, but I need to verify that. b) over-aggressive disk caching in 2.2 kernels causes unneccessary churn. This got me thinking -- does LRP have a disk cache? And if so, why? Caching one hunk of system RAM in another is not sensible. So: willard: -root- # free total:used:free: shared: buffers: cached: Mem: 23310336 16236544 7073792 4526080 6193152 4861952 Swap:000 MemTotal: 22764 kB MemFree: 6908 kB MemShared: 4420 kB Buffers: 6048 kB Cached:4748 kB SwapTotal:0 kB SwapFree: 0 kB willard: -root- # df Filesystem 1024-blocks Used Available Capacity Mounted on /dev/ram0 60764441 1635 73% / /dev/fd0u1680 16621496 166 90% /mnt /dev/fd1u1680 1664 970 694 58% /mnt1 My entire 6 meg ramdisk is being buffered?!?!? Any ideas about how to turn off buffering, or bad effects from doing so? -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New Disk images / Distributions
at my last job about half the servers were named after Teletubbies -- nunu was the backup server, IIRC. -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 23 Mar 2001, Dale Long wrote: On Thu, 22 Mar 2001, Charles Steinkuehler wrote: The irony in all of this is, before joining this list and LEAF, I already had a personal server called 'Leaf'. And to add to the irony, one called 'Ladybug'. Both were named by my daughter. Perhaps you daughter has already named the next release...any other servers around your house? ;-) Green Nunu, also known as: Ami Sailormoon (her box, of course :-) ). Then there is a another box waiting to be a LEAF test box which has not been named. Dale. ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] LEAF documentation
I think I tried to learn SGML once and decided it wasn't worth my time. I write in ASCII text, then use txt2html to convert the doc, clean it up by hand, and post it. -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 23 Mar 2001 [EMAIL PROTECTED] wrote: Jack Coates LRP-QoS How-to document makes me think about the question of how-to LEAF documentation should be structured. There are obviously two aspects to this question: 1/ A technical one This one is already solved from what I understand from the list: DocBook (XML version ?) is the way to go. As far as I am concerned it just means spending some time in the doc to understand how that works :-) 2/ A document organisation issue Is there any direction / standard document structure we should try to adopt as far as the different chapters are concerned ? I think it would be a great help for the LEAF users to find some kind of structured documentation especially for the different packages(considered traditionnally as a weak point of LRP project) What do you think ? Jacques ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] LEAF documentation
thanks for the kind words -- looks like I'll be writing a dial-backup HOWTO next, my IDSL line is through NorthPoint and I'm starting to see spotty service related to this press release: http://www.northpoint.net. My ISP (http://www.rawbandwidth.net, they're great!) is aggressively pursuing other options, but it's going to be a rocky road for the next few months... between power and Internet access, San Jose is getting to be a tough place to be a geek :-( -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 23 Mar 2001, Mike Noyes wrote: Jack Coates, 2001-03-23 07:55 -0800 I think I tried to learn SGML once and decided it wasn't worth my time. I write in ASCII text, then use txt2html to convert the doc, clean it up by hand, and post it. Jack, That's fine. I found that trying to force people to use something they're not familiar with isn't a good idea. If they want to learn to use DocBook XML that's great. If they want to use something else that's fine too. As long as the document is in a transparent form, it can always be converted to DocBook XML with a little effort. :) BTW, nice job on the QOS HowTo. Everyone, SourceForge ssh access to shell1 is off line. I'll let everyone know when it's working again. -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Website traffic
lynx sux, links roolz :-) Check out my links.lrp package, and yes, I do use it. -- Jack Coates Monkeynoodle: It's what's for dinner! On Thu, 22 Mar 2001, Pim van Riezen wrote: On Thu, 22 Mar 2001, Mike Noyes wrote: Everyone, We received 4196 visitors since moving to phpWebSite (includes data from the old phpWebSite too). The SourceForge statistics page is incorrect. Here are the stats from the phpWebSite "Client Stats" page. Browsers Internet Explorer 27.87 % (1170) Netscape 69.33 % (2910) Opera 0.929 % (39) Lynx0.738 % (31) Unknown 1.119 % (47) Hmm, funny how big netscape is on the leaf site. This is the stats I'm seeing on tarball for this month so far (which targets basically the same audience): Netscape48.31 % (35511) IE 37.77 % (27765) Konqueror6.42 % (4715) Opera1.33 % (997) "contype"1.04 % (768) (...) lynx 0.10 %(78) What makes me very happy is that, although netscape is below the 50% mark these days, part of that marketshare seems to be going to alternative browsers. The popularity of Konqueror, in particular, is a very positive thing even though I myself don't really feel at ease with KDE software at the moment. What amazes me, on both the leaf and my stats, is that so very few people actually access the site with lynx. You'd expect that the h4xx0r-value of running an embedded router/firewall is something which would attract all the "I'm too leet to do X, console owns" people in flocks :) Cheers, Pi ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [Leaf-devel] Website traffic
webalizer can work on the logs wherever they happen to be and then upload results. Cron, rsync, webazolver, and rsync. Of course, since we're all LRPer's no one has anything better than a 486 around anyway :-) -- Jack Coates Monkeynoodle: It's what's for dinner! On Thu, 22 Mar 2001, Mike Noyes wrote: Steven Peck, 2001-03-22 09:41 -0800 Mike, Are these 'unique' visitors or page hits? Steven, I believe they're hits. :( It's still a significant jump from the prior traffic on the site. It's getting close to the old linuxrouter.sourceforge.net site, which averaged about 3000 hits a day. Not having gotten to far into Sourceforge's setup yet, I take it you have access to the leaf.sourceforge logfiles? Would something like Webalizer work if so? Yes, but the SF staff has disabled Webalizer cron jobs because of the excessive load placed on the shell server. I've never setup Webalizer, so any information you have is welcome. :) -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] phpWebSite Vote
1 vote for me. Guess I better get back to work on Ladybug :-) The for-money job kicked up in the last few weeks, and I've had to do another round of upgrade-and-swap with some family computers. Despite any documentation to the contrary, the AMD K6-2 and K6-3 have a 95MHz frontside bus, not a 100MHz. Anyway, once I get hardware acceleration going on the new nVidia card in my wife's Mandrake box I'll be able to get Ladybug restarted. I think I'll be starting from scratch again, from the latest and greatest Oxygen, unless anyone has any opinions to the contrary. Hmm. time for a new thread on that one... -- Jack Coates Monkeynoodle: It's what's for dinner! On Mon, 12 Mar 2001, Mike Noyes wrote: Mike Noyes, 2001-03-09 08:21 -0800 We still have a potential security problem with this software. I'm investigating possible solutions at this time. Everyone, Eric and I now feel that the phpWebSite security is sufficient for our needs. Please vote on whether we should change over to phpWebSite, or remain with our current site. phpWebSite http://leaf.sourceforge.net/phpwebsite/ Current site http://leaf.sourceforge.net/ -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Poll: Ladybug Architecture
Background, for those who haven't downloaded it yet: Ladybug is based loosely on Oxygen, and the conversion from Oxygen to Ladybug has proceeded with these tenets in mind: 1) The "idiot image" main system should be dirt simple. a) two .lrp's, root and etc. b) "the minimum" of system configuration files. In my dreams, that's two files: linuxrc and ladybug.conf. c) any package related configuration is going to go here, so the disk needs to have as much spare room as possible. d) Full support for packages isn't necessary. They need to be unpacked and backed up, and that's all. 2) Support for server hardware should be easy. a) RAID, SCSI, and so forth modules need to be available, along with all the config tools. b) a CD-ROM with all the support goodies and server packages needs to be available, or else you're looking at 30 floppies :-) c) a local harddisk is assumed, which the /var directory will be written to. c1) persistence of /var means lrpkg/ needs to move elsewhere. 3) Security should be as good as possible. a) only serial and ssh access are supported. b) out of the box bastion - it comes up safe. c) only local media supported for package load. d) packages updated and kernel patched. Some of these ideas are no brainers, but others are tougher and I'd like to ask for some help. 1-b) This is somewhat hard to do, given the progression from Debian through a few versions of LRP to Oxygen. However, the work is 90% done in the files that are up on my page. My question is, am I violating The Unix Way(TM) by going this direction? Would tons of little config files tied together with lrcfg menu be better? 2-b) If I'm assuming a CD-ROM and a box with lots of RAM, why not get away from the glibc issue and use a newer Linux as my base? Pros and cons? 3-d) Easier said than done. Any ideas or feedback? -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Poll: Ladybug Architecture
c) a local harddisk is assumed, which the /var directory will be written to. c1) persistence of /var means lrpkg/ needs to move elsewhere. Why? No real good reason - just trying to keep system and data separate. If /var is reserved for log and spool and pid files, it just seems cleaner to me. 3) Security should be as good as possible. d) packages updated and kernel patched. 1-b) This is somewhat hard to do, given the progression from Debian through a few versions of LRP to Oxygen. However, the work is 90% done in the files that are up on my page. My question is, am I violating The Unix Way(TM) by going this direction? Would tons of little config files tied together with lrcfg menu be better? I think you are, but I'm biased :-) Part of what I like doing with Oxygen is making it behave like any other UNIX out there. So if one looks for /etc/rc* there they are 2-b) If I'm assuming a CD-ROM and a box with lots of RAM, why not get away from the glibc issue and use a newer Linux as my base? Pros and cons? I've been thinking about the same for my CDROM off and on. Here are some of my ramblings: * Using a new glibc means you are no longer able to use a floppy (probably). Or it means that root.lrp is on a CD-ROM and all you're getting from the floppy is /etc * Linux 2.4 is not really yet fully solid and stable; wait for 2.4.9 :) * Many patches are not yet available for 2.4 - patches I've been watching include: linux progress patch, proconfig, linuxrc-always, initrd, VPN+Masq, and openwall many of these are not yet available for 2.4. Yet the availability may be much more scarce for 2.2.19... I'm definitely sticking with 2.2.18 for now -- gotta draw a line in the sand somewhere, and I don't see a point in going to 2.4 unless going whole hog (devfs and USB support and a bunch of other stuff I don't care to deal with at this time). There really is two issues here (and my opinions with them): * using a more up-to-date glibc - this is something to seriously consider, methinks. * using Linux 2.4 - this may be worth avoiding for production systems right now... but keep watching. 3-d) Easier said than done. Not that hard, I thought. Once you've upgraded that which is necessary, things don't change much. I updated everything in sight for Oxygen originally. ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Poll: Ladybug Architecture
On Mon, 12 Mar 2001, George Metz wrote: On Mon, 12 Mar 2001, Jack Coates wrote: Background, for those who haven't downloaded it yet: Didn't know it was that far along. Will see about taking a peek. I wouldn't say far along, but thanks for the peek :-) Snip! 1-b) This is somewhat hard to do, given the progression from Debian through a few versions of LRP to Oxygen. However, the work is 90% done in the files that are up on my page. My question is, am I violating The Unix Way(TM) by going this direction? Would tons of little config files tied together with lrcfg menu be better? Regardless of the Unix Way, which I can definitively say I am NOT an expert on, I'd say having EVERYTHING in a ladybug.conf file is a bad way to go about it. Your IPChains rules - I know, it's not a firewall and a router, but you still want chains to lock down the box totally, and it works as an example - shouldn't be in the same file as you're specifying your network settings and kernel modules. If I'm misinterpreting, let me know. No ipchains. You need two interfaces and ip forwarding enabled, and since this is for a single-nic server I'm relying on minimal network access and portsentry. 2-b) If I'm assuming a CD-ROM and a box with lots of RAM, why not get away from the glibc issue and use a newer Linux as my base? Pros and cons? Pro: REALLY easy development, probably more secure, definitely more obtainable. Yup. I especially like the idea of compiling software on Mandrake instead of VMWare :-) snip ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Oxygen Dec2000 comments
On Wed, 7 Mar 2001, Matthew Schalit wrote: David, I had a chance to boot Oxygen for the first time the other night, and I like it. You've done a great job. A few things came to mind: 1) Requirements. I guess I couldn't find them, but I saw this: Check the requirements: verify you can run Oxygen on your PC. I guess one of the requirements is 32 MB of RAM? I only have 16. Do I need 2 diskette drives, also? 2) Tiny. I read "F4: What Should I Do Now." Very useful! Thanks for making the initial setup user friendly! But I had a problem because it suggested I load from two diskettes. I decided on the base and network-tools-1. But the tiny option, which I figured I needed, said that the second diskette drive would be /dev/fd1. I don't have an fd1. How do I run tiny with only an fd0? Have a look at syslinux.cfg and all will become clear... the options like tiny just choose alternate sections of syslinux configuration. One of your options is pkgpath, and another is diskwait. 3) 132x25 columns, Sweet ! Vi emulation in e3, Sweet ! 4) Setup (y or n). I was enjoying the 132 columns and the initial configuration messages so much that I was still taking it all in when the boot paused for the 10 second, Do You Want To Setup Now (y or n). I didn't even get down to reading that and my 10 seconds expired :( So I missed the setup phase and I became concerned. Luckily reseting the computer caused it to boot in the same fashion and it gave me the setup option again. Whew. How about no timeout for the first boot? agreed -- I keep choosing something that comes up microscopic in VMWare and then I can't read as quickly. 5) I ended up just hitting return at the boot prompt to use only one floppy because I knew I didn't have enough memory. So I poked around from that perpective. 6) /etc/hosts. The configure script that runs the first time didn't give me the chance to edit /etc/hosts. Would you agree that file is significant to the initial setup? IIRC it's dynamically created by linuxrc, isn't it? 7) acfg usage. I thought it was very helpful to have the apkg and acfg usage pop up during the boot process and at other various times. I felt that there was an issue with that, though. First of all, being new to Oxygen, I kept getting apkg confused with acfg. It took me awhile to realize that there were two commands. Secondly, I realized that I wanted to see apkg usage, but I kept seeing acfg usage. I guess I didn't see the logic of seeing the acfg usage right after the message was telling me how I'd want to load and backup packages very soon - acfg can't help that. 8) acfg bug. I got a syntax error in acfg -i, and I guess there's a bug in it. I loaded dialog and libm and then ran acfg -i. I then chose one menu option, and then another and it erred. I think it was on the Network menu. I can't give more information because I can't boot Oxygen right now. But what I saw was a quick message about a syntax error in the lower left corner. That's all I could read, as it disappeared too fast. 9) eepro100 module. I run dual Pro100+'s these days and I wanted to modify the /etc/modules command, eepro100, to read: eepro100 debug=2 options=0x40,0x30 but that module is not loaded from /etc/modules. Where is it loaded from? What file do I have to edit? Look under /var ... I don't remember the exact path, but linuxrc loads a bunch of stuff out of /var/run/lrp/boot/modules or some such. There's a modules.conf in that area which loads a handful of "normal" NIC modules, such as: 10) 8390.o.This module was loaded somehow, but it's not needed for the Pro100+'s so I'd like to NAK it. Where are the default modules loaded from? The idea is that you put system modules in there so that they're loaded before the inittab is processed. Soo. Other than those cosmetic issues, I think you did a great job. Do you feel like it's nearly what you wanted it to be? It seems like it. Oxygen is definitely nice -- I haven't messed with the packaging system, and I have issues with the snarf utility being built into a router, but as a thin server platform or general butt-kicking "look what I can do with two floppies" microdistribution it's really good. Regards, Matthew ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Re:
One of the still half-implemented goals in Ladybug is to kill POSIXness. As for symlinks, the only ones I have left are in the rc.* area and for busybox. -- Jack Coates Monkeynoodle: It's what's for dinner! On Wed, 28 Feb 2001, George Metz wrote: On Wed, 28 Feb 2001, David Douthitt wrote: going to be worth it to wait a week for Busybox 0.50? I suspect that LRP 2.9.7 used busybox 0.47pre and I got the version wrong. If you want busybox 0.50, you can wait a couple of days or go to CVS. Also, while we're talking, Tinylogin is very soon to be at 1.0. Heh. I haven't gotten that far. I'm just trying to figure out what the hell POSIXness is needed for at this point, and why I seem to have many more symlinks than anyone else. =) -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Ladybug Alpha on the stinkingpig web page
It doesn't work properly yet, but it's up there. I'm going to focus on upgrading my router so I can use a VPN session from work and get a few more hours per week to get things done (my work blocks outbound SSH, annoying, huh?). The big design changes from standard LRP: 1) No routing means that network code is greatly simplified and firewall stuff is removed from the kernel. 2) Everything goes into the root package. modules.lrp is supported but not required - modules can just be put on the floppy, as with Oxygen. 3) linuxrc is in the root and handles a lot more responsibility -- by final release it should be the only file required to get you to init. I'm evaluating sourcing ladybug.conf at the head of this script so that all tweakable system variables are in one file. 4) lrp.conf and a raft of little conf and rc files in the /etc directory will be replaced by ladybug.conf. By final release this should be a single file which provides all the variables required by the base system's init scripts and cron scripts. The remaining issues are pretty minor with the exception of ladybug.conf, menu systems, and a potential packaging change. 1) exporting the variables from ladybug.conf needs to be considered from a security perspective -- could there be a risk in making settings like log rotation schedules and depth available to the shell? 2) I haven't looked at menu systems -- I think lrcfg would be plenty, haven't tried acfg. One of them needs to be stripped down to: 1) configure linuxrc 2) configure ladybug.conf 3) configure packages - submenu 4) backup root. 3) Interactive packaging can go, but I don't feel comfortable enough to make the change yet -- first I want to stabilize the boot procedure. 4) assorted cleanup and evaluation of default behaviors. 5) catch up to changes that have occured during work (some updated kernel patches, newer SSH). 6) start packaging services. any ideas or feedback welcome, -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Routing Headaches
have to say I'd reconfigure the net first, but if you can't you can't... I don't understand what you mean when you say that Oxygen took the place of the DNS/NTP server -- as in replace or proxy or took its IP address or what? Also pseudo network addresses would be helpful. -- Jack Coates Monkeynoodle: It's what's for dinner! On Wed, 21 Feb 2001, David Douthitt wrote: I always seem to find my way into funny configurations sigh and find myself getting headaches because of it. I'll probably wind up changing the configuration anyway, but here it is: * * DNS/NTP * * Server 3 * * | | +--- Private Net ---+ | | * * Server 1 * * Oxygen/LRP * * | | --+--- Corp Net --+--- | | * * My Wstn * * DBA Wstn* * Server 1 (and three others like it not shown) do *NOT* route, and have ip forwarding turned off (they are HP-9000s). The LRP box does routing and firewalling. The problems I'm having one by one don't seem to be a big deal; add them all up and they add up to a BIG headache. Here are the "rules": MyWstn - PrivateNet: UnrestrictedAccess DBAWstn- Server3: UnrestrictedAccess Those aren't too hard. The more difficult part is that the Oxygen/LRP took the place of the DNS/NTP server listed above (and includes syslog and ssh too). So I want to do this: CorpNet NTP - Oxygen - NTP CorpNet NTP - Oxygen - NTP The headache comes in that I'm using this rule: ipchains -A forward -j MASQ So the firewall gets two packets: CorpNet - Corp-ServerIP ..redirected to protected server DNS/NTP-IP - CorpNet .response... On top of all this, I'm trying to build a sort of toolkit that will help myself and others do this easily. On top of all that, this means that there are "servers" on the firewall. The way I see it, there's about a million boundaries: WildNet - firewall firewall - WildNet TameNet - firewall firewall - TameNet WildNet - TameNet ...this is actually WildNet - firewall - TameNet (two crossings!) TameNet - WildNet ...this is actually TameNet - firewall - TameNet (two crossings!) Now add in forwarding - and maybe redirection - and that can triple all of these. How do you all handle such things and other very strange configurations without losing your MIND? ...or do you just reconfigure the net :-) ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Ladybug kernel and modules posted
On Mon, 19 Feb 2001 [EMAIL PROTECTED] wrote: On 17 Feb 2001, at 18:33, Jack Coates wrote: The tree is 2.2.18 based and the kernel is compiling to 413002 bytes. Not bad! ... Patches are: linux_brfw_2.2.17.diff Do you have the bridgex or whatever it was compiled to an *.lrp? No, nor reiserutils. linux-2.2.17-ow1.diff This is now at linux-2.2.18-ow4 cool, I'll check it out patch-int-2.2.18.3 Is the crypto really available to release in the U.S.? Or is it still a dangerous thing? I asked on a mailing list a while back and got ZERO responses - so I removed my Oxygen kernel with crypto support. I think it's okay if you put a disclaimer on, which is something I forgot to do. Off to sourceforge... ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Ladybug kernel and modules posted
thet could be very handy for service images, but router/fw images are not likely to have a need (except for VPN which AFAIK doesn't use kerneli.org stuff). -- Jack Coates Monkeynoodle: It's what's for dinner! On Mon, 19 Feb 2001 [EMAIL PROTECTED] wrote: On 19 Feb 2001, at 15:58, Mike Sensney wrote: At 07:03 AM 02/19/2001 -0800, Jack Coates wrote: On Mon, 19 Feb 2001 [EMAIL PROTECTED] wrote: Is the crypto really available to release in the U.S.? Or is it still a dangerous thing? I asked on a mailing list a while back and got ZERO responses - so I removed my Oxygen kernel with crypto support. I think it's okay if you put a disclaimer on, which is something I forgot to do. Off to sourceforge... Check out Charles' page toward the bottom in the section titled Cryptographic Software. http://lrp.steinkuehler.net Can we put this onto the SourceForge web site and put up some precompiled crypto kernels? Also, what is required to post images using crypto kernels? Anyone actually using (or have used) crypto kernels? ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Crypto
exactly - w/ exception of swap, none of these are router/fw functions, but rather service image functions :-) prolly shouldn't quibble semantics when I only have five minutes 1 hand to read email... -- Jack Coates Monkeynoodle: It's what's for dinner! On Mon, 19 Feb 2001 [EMAIL PROTECTED] wrote: On 19 Feb 2001, at 17:02, Jack Coates wrote: that could be very handy for service images, but router/fw images are not likely to have a need (except for VPN which AFAIK doesn't use kerneli.org stuff). Possibly true. However, crypto does enhance security. My main purpose is to expand flexibility and so on; for the crypto kernel it would be useful for accessing crypto filesystems on a hard drive, especially if the full Linux distribution on the hard drive does NOT support crypto file systems (TOP SECURITY!). It could also be used for hard drives, providing a fully encrypted (nonbootable) filesystem - provides physical security if the hard drive is removed. It could also be used to render any swap space useless if someone decides to go wandering through the swap file/partition. This was recently suggested in one of the security forums I'm a part of - you encrypt the swap space each time you use it; when the drive is removed the swap space is jibberish - no more scanning swap for passwords :-) NOTE: this is apparently only possible under the patch for Linux 2.4. ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Device files in /tmp
I'd be inclined to stick to your existing system -- it seems sick and wrong to put device files in /tmp and I don't understand what they'd be doing there instead of /dev. There may well be a good reason (permissions? why not chmod the /dev entry?) but until one comes forward... -- Jack Coates Monkeynoodle: It's what's for dinner! On Fri, 16 Feb 2001 [EMAIL PROTECTED] wrote: I'm reconsidering the mount restriction I have for /tmp, which amounts to the fact that /tmp is mounted with the nodev option - preventing device files from being created. The reason I'm reconsidering is because it would seem that pdnsd also creates device files there. If I were to do this, I would create a separate /tmp (no more folding /tmp into the / volume) and mounting it without the nodev option. Is this a reasonable way to go? Are there other programs that will want to create device files in /tmp? ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Device files in /tmp
what, having device files in the root? Seems good to me, or rather, I don't see what's wrong with it. If you or the program have permissions and access to mknod you can stick a device file anywhere in the filesystem I suppose. Seems to me their location in the filesystem is more a matter of convenience than necessity, so if you wanted to put them elsewhere (say on a ramdisk filesystem which doesn't get backed up?) that shouldn't be a bad thing. Not sure if it's a good (meaningful, effective) thing, though. -- Jack Coates Monkeynoodle: It's what's for dinner! On Sat, 17 Feb 2001 [EMAIL PROTECTED] wrote: On 17 Feb 2001, at 6:49, Jack Coates wrote: I'd be inclined to stick to your existing system -- it seems sick and wrong to put device files in /tmp and I don't understand what they'd be doing there instead of /dev. There may well be a good reason (permissions? why not chmod the /dev entry?) but until one comes forward... I noticed too, that /tmp defaults to being built into / which includes /dev; thus unless /tmp is separated out it can have device files created in it. Is THIS a bad thing? ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Ladybug release?
well, I'm hung up on a execution order problem right now anyway, hopefully will fix tonight and get something in the public tomorrow night. -- Jack Coates Monkeynoodle: It's what's for dinner! On Sat, 17 Feb 2001, Mike Noyes wrote: At 11:10 PM 2/14/01 -0800, Jack Coates [EMAIL PROTECTED] wrote: maybe -- I know very little about CVS and it may not be the best tool for providing a LEAF distribution (mixed script and binary files, symlinks, etc). Jack, I found this information on binary files and symlinks. 9. Handling binary files http://www.cvshome.org/docs/manual/cvs_9.html#SEC80 http://www.cvshome.org/docs/manual/cvs_16.html#SEC138 L file The file is a symbolic link; cvs import ignores symbolic links. People periodically suggest that this behavior should be changed, but if there is a consensus on what it should be changed to, it doesn't seem to be apparent. (Various options in the `modules' file can be used to recreate symbolic links on checkout, update, etc.; see section C.1 The modules file.) -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Ladybug kernel and modules posted
kernel source tree and compiled goodies for 586 users are up now... http://leaf.sourceforge.net/stinkingpig for the goods. The tree is 2.2.18 based and the kernel is compiling to 413002 bytes. Patches are: initrd-archive_3.2_2.2.18.diff linux_brfw_2.2.17.diff ip_masq_vpn-2.2.17.patchlinuxrc-always_2-2.2.18-diff linux-2.2.17-ow1.diff patch-int-2.2.18.3 linux-2.2.18-reiserfs-3.5.29-patch stealth-2.2.18.diff Enjoy! -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Ladybug release?
maybe -- I know very little about CVS and it may not be the best tool for providing a LEAF distribution (mixed script and binary files, symlinks, etc). I am pretty close to needing a place to put packages, though. -- Jack Coates Monkeynoodle: It's what's for dinner! On Wed, 14 Feb 2001, Mike Noyes wrote: At 05:00 PM 2/14/01 -0800, Jack Coates [EMAIL PROTECTED] wrote: the only one i understand is cbq, the leaky-buckets. I just did all of them as modules :-) hopefully this weekend i can get my act together, learn cvs and put some stuff out there for download... Jack, Are you suggesting a new tree in our CVS repository for Ladybug? Also, are you going to need a new Package area in the Files section for Ladybug releases? http://cvs.sourceforge.net/cgi-bin/cvsweb.cgi/?cvsroot=leaf https://sourceforge.net/project/showfiles.php?group_id=13751 -- Mike Noyes [EMAIL PROTECTED] http://leaf.sourceforge.net/ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
