Re: [PLUG] Ban me? Ban yourselves.
On Sun, Oct 9, 2011 at 21:18, Michael C. Robinson wrote: > If you don't like me bringing up open source projects that don't involve > Linux, you don't have to read the PLUG list. You should listen to David > Mandel who says that bringing up non Linux OSS is acceptable. Y'know what? I have better things to do with my time than hang about a "Linux" list that will do nothing to prevent trolls making a mess of the place. If I wanted to watch trolls destroying community I already know where to find 4chan; I don't need this from a nominally Linux-focus group. Michael, you suck. Seriously, suck. Sadly, I know this is the reaction you want to get, but whatever. Continue to try and destroy, and hopefully any other places I run into you will take a stand against this sort of awfulness. Michael, please do not contact me privately to whine about my position, or statements. I have no interest in "discussion" with you on the subject. Daniel -- ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Android Tablets, Kindle Fire?
On Fri, Sep 30, 2011 at 08:58, Keith Lofstrom wrote: > > Probably some kind of Android tablet. Amazon just announced > the $200 Kindle Fire, based on Android - while that probably > has the appropriate hardware, it may be locked as a walled > garden media platform. Yes, but their technical folks are on paper saying that they fully expect it to get rooted, and they are not really stressed about that fact. Which suggests that they are just shrugging, probably cutting off warranty support for a rooted device, and not investing in stopping you taking full control of the system. Which, personally, I would totally do to any Android device given the ability to do so. Third party firmwares like CyanogenMOD have been much better than vendor firmwares - and while Amazon are unproven, and more invested than most, I don't have that much greater faith. Daniel -- ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] I really do need help with Asterisk...
On Tue, Sep 27, 2011 at 20:59, Benjamin Kerensa wrote: > I'm unsure when this list became a religious or political debate forum but > last I checked this is a linux user group general mailing list. Can we drop > this argument shakehands and move on. There are better places and ways to > address such. It would, indeed, be awesome if folks could keep this off-topic religious discussion off this list. Aside from anything else, this divisive and unpleasant tone drives away valuable contributions and otherwise interesting members of the list; it would be a shame if we let that happen. Daniel -- ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Old television shows and Linux...
On Thu, Sep 1, 2011 at 21:32, Michael C. Robinson wrote: > Star Trek Voyager ended in like 2001 or so. Star Trek Deep Space Nine > was over about the same time or sooner than that. My dad has lots of > recordings of episodes, but they are probably low quality and his > collection is undoubtedly incomplete. I want him to throw them out, > these VHS tapes take up a lot of space. He probably will throw them > out if I can get DVD copies of both series. I'll be happy if I can > master to mpeg4 files say 3 or 4, no more than 14 please, DVDs. That > takes up a lot less space than say 30+ VHS tapes. Question, is there > an inexpensive alternative to startrek.com's $300+ DVD sets? Ten seconds with Google and Amazon suggest that you can shave some money of that, but ultimately? Probably not. Lots of DVDs are priced at lots of dollars, new, because the owner of that content doesn't have any competition in sale, only end-point retailers do. > What do people think of http://www.free-tv-video-online.me/ ? Like many things, it is an attempt to dress up illegal activity in a veneer of legitimacy. Not quite as bad as the places that charge $50 to suckers, who receive in return the lie that downloading this content is now legal, but not too much further up the ladder. They still feature the pleasant, but untrue, lie that they do not "encourage illegal conduct", since they are knowingly encouraging people to break a bad, stupidly enforced, nasty, but very real law. > I am not so sure that I like the you have won redirects that they do, > they give you very little time to claim whatever and they want a cell > phone number. What's worse, it looks like they don't have a complete > episode set for either of the Star Trek series that I mentioned earlier. That would be because they are linking to illegal copies of the content, uploaded to the Internet, under the pretence that this somehow makes them magically legal. (Which, the courts of the world say, has a definite maybe attached, for linking.) If you are going to break the law, stop being a sucker, and just go download from somewhere that makes to bones about it violating the law. Seriously, there isn't a way, other than a Netflix subscription or equivalent, that any of what you are doing is going to be any more or less legal here. > The site seems too good to be true to me. Does anyone know of a > legitimate site where you download as mp4s specific old television shows > very inexpensively or free? There is no such site. It does not exist. Sorry. Daniel ...and, yes, I *know* that you think this *should* be legal. Which doesn't alter the fact that the law is, indeed, an ass, and what you want isn't in line with the current laws. -- ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Building an IP server in perl...
On Mon, Aug 15, 2011 at 16:20, Michael C. Robinson wrote: > So far, I have a perl script that pulls the originating IP from email > and another perl script that uses the file created by it to serve that > information. > > Question is, should I implement an IP whitelist and if so, how do I do > partial pattern matches? No, and no. You should use an RBL focused DNS server instead, if you want to maintain your own blacklist or whitelist. HTH, HAND, Daniel -- ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Blu-Ray nonsense...
On Tue, Aug 2, 2011 at 03:00, Michael C. Robinson wrote: > On Tue, 2011-08-02 at 01:57 -0700, Vincent L. Damewood wrote: >> On Sun, Jul 31, 2011 at 6:50 PM, Michael C. Robinson >> wrote: >> >> Personally? I would just buy a Blu-Ray player box if I wanted to >> >> watch the things. Any real computing platform is going to make it >> >> way, way more pain than just pirating the content would be. For your >> >> protection, of course. ;) >> > >> > I'm not trying to pirate Blu-Ray discs. I do have a legal right to >> > circumvent copy protection for making legitimate backup copies if I own >> > the Blu-Ray disc. >> >> No, you don't, if the Blu-Ray Disc is encrypted. > > I respectfully disagree with you. A judge would have to enforce your > interpretation which is ridiculous from the standpoint of fair use. I can't really comment too much about local law, and I am not a lawyer, but I can assure you that in Australia that interpretation is backed by at least some court precedent. Sad to say, these technical measures *are* effective ways of preventing people doing legitimate things with legitimate data they paid for. The concrete case, not tried to the best of my knowledge, but there have been a bunch of decisions both ways on what technical measures can or can't enforce protection. (...and we inherited your laws, as part of a treaty, so they are the same rules.) Daniel -- ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Blu-Ray nonsense...
On Sun, Jul 31, 2011 at 00:03, Michael C. Robinson wrote: > Are most or all PCI express video cards these days designed for > encrypted Blu Ray disc compatibility? You are asking the wrong question, more or less. What you need to ask is "are all the hardware components, my OS, and all the drivers in my system certified so that I could play Blu Ray?" Which... > I don't want to deal with > anything encrypted and I certainly don't want a video card that > will keep me from viewing certain content. This is one reason > why a lot of folks stay away, far away, from Windows. I'm > looking for a high end PCI express graphics or at least one > that doesn't require proprietary drivers to work under Linux. > The card must have an HDMI port and I prefer that that be all > that it has. I have an onboard vga port, so if I want a second > monitor, I can use that. ...you ain't going to get (legally) because there is no legal Blu-Ray player for Linux so far as I know. (Also, I don't believe anything with an open driver will do the acceleration you want, but I would put less faith in that assertion than the licensing one. :) Personally? I would just buy a Blu-Ray player box if I wanted to watch the things. Any real computing platform is going to make it way, way more pain than just pirating the content would be. For your protection, of course. ;) Daniel -- ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] dns monitor
On Tue, Jul 26, 2011 at 08:43, wes wrote: > Does anyone know of a tool that can monitor DNS replies and notify on > success/failure? Nagios includes the tools you need here. You could either use the whole stack (which I would recommend anyway, if you have this sort of client issue), or just use the probe and wrap your own logic around it. Daniel -- ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] From CHS to DVD to file...
On Sat, Jul 2, 2011 at 16:03, Michael C. Robinson wrote: > >> > Legally speaking, do I have to keep the original VHS tapes when done? >> >> To the best of my knowledge, you broke the law when you recorded the >> VHS content to DVD, full stop, so you are already in trouble. Format >> shifting is very restricted under most copyright law implementations. > > Is there any way to do this without breaking the law? So far as I am aware, no, but I am not an expert. However, in Australia, the answer would categorically be no: you are expected to buy the DVD versions formally, not shift the VHS ones. > I don't think > Disney is going to have the police break down my door for making a > private use copy of a private use VHS tape, but I could be wrong. Is > Disney digital copy compatible with Linux? I'm not trying to make money > off of these copies, I'm just trying to stream them so that the VCR > isn't needed. I won't copy any Blu-Ray discs. I don't honestly think you are more at risk from doing this than most people are for their less-than-legal media, or format shifting. After all, CD to iPod is more or less in the same bucket, and that doesn't seem to slow anyone down. ;) > Concerning fair use, Disney employing multiple copy protection schemes > is making it very difficult to legitimately copy content. That the law > could protect Disney's rudeness is even worse. The collection is paid > for, none of the tapes are illegal. Isn't it fair use to make the > programs compatible with modern DVD players so long as I keep the > originals and don't distribute for profit the copies? I think so, yes, but the law doesn't agree. Which is, I think, a failing of the law. > Some will scream and say that my proposal makes the copyright worthless, > but the copyright was never supposed to keep content shared with the > public under wraps forever. People will still buy commercial copies of > movies when they are out of copyright. Copying from one format to > another is time consuming and painful. Yeah. This is pretty much my view, too. I also feel that people should be aware of what the law says, even if the law is an ass. ;) Good luck, Daniel On the plus side, since I doubt it makes any difference to the legal status, IMO you don't have to find a way to store those VHS tapes. -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] From CHS to DVD to file...
On Sat, Jul 2, 2011 at 11:47, Michael C. Robinson wrote: > With a DiMax Grex I am able to copy Disney VHS tapes to burnable DVDs. > Can I go from the burnt DVD to a file on a Linux server and if so, how? dvdbackup can extract data if there is CSS protection on the DVD. If you are making it yourself, though, then 'cp' should do the trick. :) > Legally speaking, do I have to keep the original VHS tapes when done? To the best of my knowledge, you broke the law when you recorded the VHS content to DVD, full stop, so you are already in trouble. Format shifting is very restricted under most copyright law implementations. (For example, back in Australia an educational institution could format shift, unless they could buy the material in the target form already, or it was copy protected in any way, and only if they had an immediate need, and only if it didn't format shift their entire collection. Non-education format shifting was more restricted.) You probably want to consult a real lawyer if you want to know if this is strictly legal. Your lawyer will probably then tell you not to do it regardless of the law, unless you have more money for law suits than Disney does. ;) Anyway, I am not a lawyer, and don't even play that convincing a one over here. As the disclaimer usually runs. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Alternative to using split / cat for FTPing large file to remote location?
If you do, get the options right: include '--partial' or rsync will *delete* the incomplete file, not retain or resume it. Daniel On Wed, Apr 27, 2011 at 10:16, Pete Lancashire wrote: > Give rsync a try. If you don't want the overhead of SSL I believe you > can still have rsync use the > r commands for the transfer. Can't remember been a long time. > > Rsync options can also take care of the file's deletion when > successfully transfered. As a success > check may want to look at the option for rsync to use a checksum vs > just the filesize. > > A question tho' does each file have a unique name ? If not after 30 > seconds a reattempt could > delete the previous file. > > -pete > > > > On Wed, Apr 27, 2011 at 9:10 AM, Tom Sharples wrote: >> Hello, >> >> We're building a wireless 3G IP camera system that will FTP a large >> (2.5Mbyte) 10 megapixel jpeg image every 30 minutes to a remote server, for >> use in a time-lapse image application. Using a cron job, we pull the image >> from the attached IP cam via curl http:///img.jpg >> >/tmp/image.jpg, and then FTP it to the remote server. This works fine when >> the 3G connection is working well (around 300-400K upload bandwidth). But >> when the 3G connection slows to a crawl, which happens multiple time each >> day, the FTP transfer hangs or times out. >> >> I tested a script that uses split to divide the 2.5Mbyte image into smaller >> 50k chunks, which are individually ftp'd, then reassembled at the server >> using cat. This works but will require a fair amount of experimentation and >> additional code to make it reasonably robust to deal with missing files, >> slowdowns, timeouts, retries, etc. etc. My question - is there a better >> apporoach or code out there (for a bare-bones slack 2.4.23 environment) that >> would automate this process and reliably handle the transfer of the large >> file to the remote server under erratic bandwidth conditions? >> >> Thanks, >> >> Tom S. >> >> ___ >> PLUG mailing list >> PLUG@lists.pdxlinux.org >> http://lists.pdxlinux.org/mailman/listinfo/plug >> > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Setting up ftp for access through port 80
On Wed, Apr 13, 2011 at 10:04, Daniel Herrington wrote: > I generally work in corporate environments that are behind firewalls. I > have documentation that I create and need to copy locally or upload > remotely. Lately, companies have been restricting usb devices to read > only so getting information back to my ubuntu laptop has been proving > more and more difficult. Other people have been telling you how this can be done; my question is: are you sure you want to? If the company is putting more and more restrictions between you and the machine you want to send the data to, they are probably not doing that *accidentally* or anything. Which means that your work-arounds here are breaking deliberately placed rules, which is, y'know, at least a written caution offence, and maybe grounds for immediate dismissal. For example, in my last job where you doing for unrelated data would potentially still have cost us the right to work with the government on health data for five years, taking half our revenue stream away in a shot? Ouch. The company would *not* be impressed. > I was using Google Sites for a while, but the 20mb limitation kicks in > on large docs with screen shots. Does anyone know how to setup a web > server with similar functionality to the file upload features of > providers like Yahoo and Google? Do they just ftp through port 80? No, they upload to port 80. Which requires appropriate software at the server end, which is actually surprisingly hard to come by. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Tracking down which drive is throwing mptsas errors...
On Thu, Mar 31, 2011 at 14:53, Larry Brigman wrote:
> On Wed, Mar 30, 2011 at 11:02 PM, Daniel Pittman wrote:
>> Hey.
Thanks for responding; sorry for taking so long to get back to you on.
>> So, my server has a fairly boring LSI JSOD SAS controller running the
>> set of SATA disks, and it has taken recently (and newly) to throwing a
>> whole pile of errors at me:
>>
>> mptbase: ioc0: LogInfo(0x3108): Originator={PL}, Code={SATA NCQ
>> Fail All Commands After Error}, SubCode(0x)
>> mptbase: ioc0: LogInfo(0x31181000): Originator={PL}, Code={IO
>> Cancelled Due to Recieve Error}, SubCode(0x1000)
>
> Which LSI SAS controller are you using?
> Have you updated to the latest firmware?
The LSI SAS 3081E-R, just in JBOD mode, and yes: I loaded the latest
version a few days ago as part of working on solving this all; it
still hits the same notes occasionally.
> The commands that are getting these errors that you are seeing are either
> being
> retried in the firmware layer of the card or in the Linux driver layer.
>
> Also if this is a 3Gb SAS system, there is many fixes in the LSI
> drivers from the LSI web site.
> Most of the fixes are related to handling SATA devices on the SAS bus.
OK, cool. The firmware update didn't solve the problem, but I am
overdue for a kernel upgrade on that machine anyway, so I will see if
that resolves things for me. It is a 3gb (well, 3/6 now, with 3gb
SATA disks) and all.
The other possibility is that one of the disks really is failing a
bit; they did get shipped across the world and all, and at least one
got beat enough to fail shortly afterwards.
Daniel
--
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman
✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285
♲ Made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Tracking down which drive is throwing mptsas errors...
Hey.
So, my server has a fairly boring LSI JSOD SAS controller running the
set of SATA disks, and it has taken recently (and newly) to throwing a
whole pile of errors at me:
mptbase: ioc0: LogInfo(0x3108): Originator={PL}, Code={SATA NCQ
Fail All Commands After Error}, SubCode(0x)
mptbase: ioc0: LogInfo(0x31181000): Originator={PL}, Code={IO
Cancelled Due to Recieve Error}, SubCode(0x1000)
I tend to get clusters of like commands, and timing varies a bunch; at
least some people report SMART commands triggering these errors, but I
can't track any down or anything.
Annoyingly, they don't seem to indicate a specific unit is
responsible, there is no useful documentation to decoding the meaning
of the message, and no utilities to indicate what on earth the root
cause is. Worse, no other visible errors from the system, so
presumably whatever it is does not propagate up to the kernel enough
to trigger any higher level problems...
So, can anyone advise on how to track down the root cause of these
problems? This is a production system, so I don't especially want to
take it offline or anything, and I can't see any specific externally
visible problems this is causing...
Daniel
--
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman
✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285
♲ Made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] another reason or two why IPv6 rocks
On Tue, Feb 22, 2011 at 21:18, Randal L. Schwartz wrote: >>>>>> "Daniel" == Daniel Pittman writes: > > Daniel> Last time I counted the CVE stuff showed that Win32 and Linux were > Daniel> about even in terms of vulnerabilities, at least, and that you were > Daniel> much more at risk if you used something outside the big three distros, > Daniel> or Win32. > > You typed "more" where I think you meant "less". No, I meant more: smaller distributions had known vulnerabilities for longer than either Win32 or the RedHat/SuSE/Debian (and immediate derivatives; Ubuntu was small enough at the time not to factor) set, which meant they were more likely to get bitten. > Linux holes are far more useful to exploit than say, FreeBSD holes, > simply because there's far more Linux out there. I gathered far less data on this, although my recollection is that the *BSD group were generally about as risky in the "real world" – once applications were installed from ports – as Linux was. Their base system was usually much smaller, so had less holes, but it didn't help the overall state. […] > See OpenBSD's completely sane claim of having had only two (three?) > remote exploits in over a decade. The average time between remote > exploits in Linux is measured in months. They carefully limit that to only their core distribution; your comparison would be the absolute minimal Debian installation, rather than the standard one. That said, they may well be more secure. I was loose in my comments above, which I mostly intended to refer to Linux, and commercial distributions. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] another reason or two why IPv6 rocks
On Tue, Feb 22, 2011 at 15:50, Russell Johnson wrote: > On Feb 22, 2011, at 3:40 PM, Randal L. Schwartz wrote: >> >> In other words, you don't need port knocking. Just be slighly uncommon, >> and you're good to go. > > Is this security through obscurity? > > Yes. > > Does it work? > > In combination with good practices, yes. It (might) reduce overall risk, but it doesn't... > The same way that Linux and other *nix based OSes are smaller targets and in > turn, not as inviting. There are a LOT of targets out there on port 22, and > if you know how to change the port sshd listens to, you probably know how to > make sshd more secure as well. ...improve security. You are frobbing the likelyhood side of the equation instead. Also, there are ... well, rather a lot of attacks on Linux out there, and it is an inviting target. The profile is different to Windows, but I don't honestly know that there are less attacks. Daniel Last time I counted the CVE stuff showed that Win32 and Linux were about even in terms of vulnerabilities, at least, and that you were much more at risk if you used something outside the big three distros, or Win32. -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Replace ethernet switch with Linux bridge?
On Sun, Feb 13, 2011 at 02:38, someone wrote:
> Is this something that is doable to go from a dumb switch that doesn't care
> what MAC addresses are connecting to a smart switch that does?
As in, to get the "smart" switch deal without having to lay out the
money for one?
> Currently, my DSL modem is bridged and I have 5 global IP addresses.
> I use a Netgear 10/100baseTX 8 port switch to connect all my servers to my
> modem. Question is, can I simulate the switch with a Linux server and
> be more careful about which MAC addresses get service? I also want this
> bridge machine to have one of the global IP addresses. Naturally, I
> want to implement an alarm feature for when and if a foreign computer
> is detected.
>
> Is implementing a smart switch the sort of thing that the Linux
> bridging code is used for?
Well, you can, but there might be an easier solution. Anyway, first:
you absolutely can bridge multiple ethernet ports together and Linux
will behave like a big switch. You get the effect of the Linux system
having a single Ethernet card connected to that virtual switch, too.
If you do that you have to ask if the system you are deploying has
access to a sufficient number of Ethernet ports, of course, and also
if you have the bus, memory and CPU bandwidth to deliver sufficient
(ideally, full) rate across the entire switch.
You can add port locking using ebtables or iptables to limit
communication to systems that are in your whitelist (but remember that
the MAC is trivially faked), or something smarter like 802.1x
authentication.
Alerts for new arp stuff could be hung off either the {eb,ip}tables
logs, or off some arp watching daemon.
Anyway, what I would do is just lay out the couple of hundred dollars
to get a switch that would do 802.1x access control, and port MAC
locking, so that you can have fixed ports for things that have real
limits, and just use 802.1x to auth any other port that gets connected
to.
Regards,
Daniel
--
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman
✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285
♲ Made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] GB Ethernet and Cat5E Cable
On Fri, Feb 4, 2011 at 21:38, Kirk Goins wrote: > Will there be any noticeable performance hit by using Cat5e cables when the > cable lengths are in the7ft to 14ft range when using Gigabit NICs and > Switches? No. There will be no performance hit, full stop, if you use cables that meet the specification for gigabit Ethernet. (Obviously, damaged or substandard cables may not deliver. ;) So, no, that should be just fine, as would either Cat6 STP or fibre. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] another reason or two why IPv6 rocks
On Mon, Jan 31, 2011 at 09:12, Tim wrote: [...] >> Didn't you agree that a secret IP was identical to a secret port >> sequence earlier? I would certainly grant this is no worse than port >> knocking, but I can't see how it represents any improvement. > > I guess you missed the part where I mentioned clients no longer need > any special client side software or even need to take any additional > steps to access the service. They merely need to remember a secret > domain name, which I would estimate is significantly easier than > installing some special client or even taking the additional step of > logging into some web page to white list themselves. Sorry, no, but I wasn't clear about why I don't see this as any better performing than port knocking. However, on reflection, I would even grant that claim: the use of a DNS label as the password is easier, and requires less pre-configuration than port knocking. It is also much more likely to pass unmolested through the (frequently stupid) outbound filtering on various vendor networks. I would suggest, however, that it is actually less secure against eavesdroppers, since you can observe a well known and structured protocol, and even automatically scan for data that doesn't follow the standard distribution of English text to find interesting labels to consider. As you note in your thesis, adding additional cryptographic systems, or an OTP, to the protocol would secure things nicely – but it would require appropriate client software, at which point the advantage over other secure protocols is more limited. *shrug* Overall I don't think my assessment compared to port knocking has been changed, but the reasons have. I appreciate your taking the time to talk it over for that reason. :) [...] >> Sure. OTOH, it remains secure, just unavailable, and frankly: if >> someone wants to DoS your system the infrastructure to do that is >> pretty readily available and inexpensive. The attacker almost >> certainly can manage even without something like this attack. > > Maybe. Content distribution networks today do a pretty darned good > job of mitigating attacks using lots of network tricks, though it > seems to require throwing a lot of hardware at the problem. *nod* I certainly don't deny it, and I don't think this is an excuse to just throw up hands and give up. I just think that it limits the degree to which we should worry about DoS issues compared to other attacks. Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] another reason or two why IPv6 rocks
ensive. The attacker almost certainly can manage even without something like this attack. So, yes, granted: there is absolutely a DoS risk there, as well as the exposure risk of the IKE daemon, and the complexity of IKE and IKEv2 (which does address that risk), and so forth. Like any bit of security I regard this, and port knocking, as a fundamental trade-off. Incidentally: for most cases moving the service to a non-standard port would have exactly the same benefit as port knocking, which is that random scanning is less likely to find it, and no difference for targetted attacks. Done, without all the extra complexity. (Also notable: SYN cookies are not a great example of solutions, since the loss of all TCP options hurts an awful lot on modern systems. Even the extended version in recent Linux isn't that much better, and requires both ends to support the same system.) [...] > So now, consider protecting that service with port knocking or the > DNS->IPv6 system I propose. An attacker can't get the first valid > packet through without first knowing the port sequence or the secret > domain name. This doesn't provide strong authentication, but it does > provide real-world protection against several types of attacks. ...but, again, no different to using some sort of secure authentication that opens the firewall, which easily has better cryptographic properties, fairly reasonable security assurances, and uses standard tools. I don't dispute that the extended IPv6 address space makes this possible, I just don't consider it a great advertisement for the improvements in security it delivers. ;) Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] another reason or two why IPv6 rocks
On Sat, Jan 29, 2011 at 18:47, Tim wrote: > >> So it seems my issue is with the immensity. This immensity will dull the >> enormity of some net citizens. No longer will it be possible for them to >> scan >> address ranges checking for exploitable targets. With the sheer size of the >> IPv6 space random probes just won't be efficient. ...but don't count on that helping you in the slightest. Various approaches to remote host discovery have already floated about, and once any local device is compromised scanning the local network becomes fairly trivial. > Yes and there are some interesting tricks you can play with this if > you get clever. Here is an example of one: > > Ever heard of port knocking? This is a strategy whereby clients > intentionally probe (for example, port scan) certain services in a > certain order as a secret code in order to instruct a firewall to open > up service to them. It provides a simple way to mask a service from > potential attackers while still allowing users from any source IP > address to access it. Port knocking is not a replacement for good > authentication, but it can help mitigate vulnerabilities in certain > critical services. ...though it has exactly the same security properties as sticking a web page in place that accepts a password, and then opens a hole in the firewall to the client. [...] > Let us now consider the enormous address space of IPv6. Every person > can easily obtain a /48, or 80 bits of address space. The only way to > find services on a hidden address would be if they were explicitly > advertised or shared in a secret way. So, you could simply tell your > trusted associates what your random IP address is that provides a > service and then you achieve what you had achieved with port knocking > without the need for a special client. Er, no you didn't. Port knocking at least required a password (probably sent in the clear, and trivially weak, but whatever) before it granted access; this model counts only on obscurity. You might as well advocate picking a random high port to run the service on in IPv4 land. [...] > So instead, let's improve this by creating a smart DNS server that we > control. Whenever we ask about any valid name, it returns us a signed > cryptographic token which contains some limited information. This > token is embedded as the last 80 bits of the IP address itself. > The DNS server can be instructed to place anything it wants in that > token, within space limits. When the firewall receives a request for > an IP address, it statelessly validates the cryptographic token (much > like we already do in TCP SYN cookies) and passes traffic on according > to predefined rules. So, rather than actually authenticating, or using the *mandatory* IPSec features in IPv6 which are a cryptographically strong way to provide both authentication and encryption, you want create a shiny new protocol based on cryptographic tokens. That has all the drawbacks of building a new cryptographic protocol (how are you preventing replay attacks?), and all the drawbacks of requiring custom client-side software, *and* avoids an existing solution. > So now we can create ourselves a special, secret domain name like > "mysecretSSHservice.example.org" which returns a cryptographic cookie > containing an indicator for what services should be opened to the > client. ...which is equivalent to the bad versions of port knocking, if you don't have custom client-side software, since you are transmitting your "secret" in the clear, and worse: now you are using an even more MITM-able protocol to do it. Without DNSSEC there is no way at all to validate that an attacker hasn't manipulated your secret, and even DNSSEC can't stop them sniffing it out of the air. Do you really want to be the next target of FireSheep? > The domain name is easy to remember, there is no client > software required, and we have a very strong guarantee about how > hidden our hidden services are. A strong guarantee of zero, there. It isn't even vaguely well hidden. You would do a universe better by layering your authentication token on something robust, like HTTPS, or even better, ssh. (pfauth, all is forgiven. Please come back.) > Sorry if that's long-winded, but I just wanted to illustrate that > there are some fundamental changes in how the Internet can work, > simply due to the very large address space. ...but that isn't a change, except in the perception of difficultly. Now, if you said "IPv6 changes the game because it mandates functional IPSec" you would be totally on a winner! Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] What provides execvp???
On Fri, Jan 28, 2011 at 16:31, Michael C. Robinson wrote: > > I have gotten glibc to recompile for LFS temporary tools, but where is > execvp and the other variants? Looks like none of the packages provide > an execvp binary and it appears to be missing on the fedora 9 host > system as well. Is execvp merely part of a C library that links in > to C programs? O_o Um, yes. execvp is one of the libc wrappers around system calls used to replace the running process with another process. What on earth were you looking to do with an execvp binary? Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] ifconfig
On Fri, Jan 28, 2011 at 07:36, Sean Whitney wrote: > I've been working with some virtualization technologies and I keep > seeing commands like > > ifconfig eth0 0 > > I'm wondering what the 0 does? Google isn't very helpful, nor is the > man page. Gives the IP address 0 to the interface; you can extend that to the full 32 bits as 0.0.0.0 This is likely to be used as part of bringing up the interface as part of a software bridge, to which later the virtual machines will also be attached. Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] IPtables vs .htaccess
On Jan 27, 2011 3:27 PM, "frankhunt" wrote: > > Which method of blocking large numbers of IPs is the least consumptive > of system resources? Getting your ISP to block them. Next down would be iptables with an efficient "match many hosts" module - thousands of rules are relatively costly. Don't forget to send an "admin prohibited" back, though, or they will keep sending SYN packets at you. Htaccess is about the least efficient way - at the far end of efficiency in Apache, which is way out in user-space. Does it really matter, though, given how over-powered your CPU is likely to be compared to your network bandwidth? Regards, Daniel I also second the "are you sure"; personally I use fail2ban to block hostile addresses more selectively. -- Puppet Labs Developer – http://puppetlabs.com Daniel Pittman Contact me via gtalk, email, or phone: +1 (503) 893-2285 Sent from a mobile device; please forgive brevity and typos. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Anyone Using Google Voice with T-Mobile?
On Wed, Jan 26, 2011 at 13:33, Sam Hart wrote:
> On Wed, Jan 26, 2011 at 1:11 PM, Rogan Creswick wrote:
>
>> I'm pretty certain that Google Voice does not use VOIP for the last
>> leg.
>
> Actually, now that you mention it, I'll admit I've never actually
> *looked* under the covers to see what's going on in the Google Voice
> app on the phone...
No VoIP, just regular mobile phone (or fixed line) voice traffic.
Google assign a proxy number on the mobile network to individual
callers, or have their general purpose number call you. The same on
the way out to your recipient.
[...]
> I do know that on the desktop there is no VOIP with Google Voice
> (which is something many people have wanted) so it stands to reason
> the same can be said for the Android App.
You can list Google Talk as a "phone" in GV now, which gives desktop
VoIP. Not SIP, but at least something.
Regards,
Daniel
--
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman
✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285
♲ Made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Anyone Using Google Voice with T-Mobile?
On Wed, Jan 26, 2011 at 12:53, Mark Phillips wrote: > On Wed, Jan 26, 2011 at 1:42 PM, Daniel Pittman wrote: >> On Wed, Jan 26, 2011 at 12:34, Bill Barry wrote: >> > On Wed, Jan 26, 2011 at 12:25 PM, Mark Phillips >> > wrote: [...] >> As far as I know the wifi calling thing lets you be billed minutes, >> indeed. GV definitely does. > > If I understand correctly, there is a cost to use GV, so I pay for that. And > I get billed minutes from my carrier to use GV. Am I correct? So, I just checked my bill, which T-Mobile helpfully sent yesterday, and it confirms my understanding: I am paying "minutes" for Google Voice calls, at least some of the time. (I think it is just like someone calling me would cost minutes, but am not actually certain enough of how US mobile plans work to be sure of that. :) [...] > If GV is actually calling my Tmo number, then where does the wifi come in? It doesn't. GV uses the regular phone network at both ends, and VoIP in the middle... > With T-mobile, any minutes that I talk over Wifi, and not their network are > free - no charge against my plan minutes. It doesn't sound, from your > description, that GV works within that framework. ...but if your T-Mobile wifi calls are free then so too would be GV calls while the wifi calling was active. It is probably easiest to think of the "call" part of GV as being *three* phone calls: you <=> Google Voice <=> your caller / caleee Those first and last steps work just like regular phone calls as far as you are concerned; they happen to proxy through GV, but you can't really tell. [...] Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Anyone Using Google Voice with T-Mobile?
On Wed, Jan 26, 2011 at 12:34, Bill Barry wrote: > On Wed, Jan 26, 2011 at 12:25 PM, Mark Phillips > wrote: >> >> Wifi calling on my android phone with T-mobile is not very reliable. Some >> wifi points connect, some don't, those that connect drop calls, etc. I think >> google voice is VoIP, so it sounds as if it would be a replacement for the >> wifi calling app on my phone. But some boards say that T-mobile customers >> get charged minutes even when using GV. As far as I know the wifi calling thing lets you be billed minutes, indeed. GV definitely does. >> Anyway, I was wondering if anyone on the list uses GV + Android + T-mobile >> and what their experience has been. Solid. My partner and I have very occasional quality issues, typically low volume, when calling to or from Australia, but local stuff has been dead on. >> Also, in reading about GV, it says I have to get a new phone number. How >> does that number relate to my mobile number, or is it something in the >> background that the world does not see? The google docs are not very helpful >> in explaining just what GV provides. So, the best way to use Google Voice is that you have people call the GV number, and it then calls whatever set of phones you tell it to. Those phones need their own number, but that is hidden from the rest of the world. AFAIK, GV actually intercepts the request to call from Android, talks over the Internet to their servers, has GV call your mobile, picks that call up silently, and then connects you through on the outbound leg. Anyway, you can also just redirect your voicemail stuff into GV, but that isn't nearly as nice. Finally, if you port your number it *stops* working on your current mobile; you would need to establish a new mobile service with T-Mobile for GV to be able to call through to the bit of hardware. If you have more specific questions feel free to add 'em on, though I am pretty busy right now so might be high latency in responding. :) Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] SATA2 not faster - was Re: Fixed T60 slow ...
On Mon, Jan 10, 2011 at 15:21, Keith Lofstrom wrote: > On Mon, Jan 10, 2011 at 10:18:58AM -0800, Keith Lofstrom wrote: >> I expect the SATAII connection will be quite a bit faster, >> since I will be using different buses to stream the data >> from drive to drive. > > Uh ... no. The SATAII stuff arrived. While hdparm -t for the > SATA2 interface says 90.7 MB/s, the dd command runs at 50.7 MB/s > with the SATA2 hardware, as opposed to 47.7 MB/s with the Ultrabay > and translator. So my expectation was false. Or perhaps there > is a faster way to run "dd" than merely setting the blocksize to > 8M (handling the data in larger chunks tends to save time). Nah, not really – it sounds like you have found the sustained transfer rate of the drive, rather than the burst transfer rate. (The link rate in SATA 1 was enough for anything production until SSD made a big showing, and SATA 2 is still has some headroom compared to the non-enterprise stuff.) Regards, Daniel -- ✉ Daniel Pittman ⌨ dan...@rimspace.net (XMPP) ☎ +1 503 893 2285 ♻ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Caution on RHEL 6 on Laptops
On Mon, Jan 10, 2011 at 13:20, MJang wrote: > I know a number of people here run RHEL (or rebuilds such as CentOS) on > their systems -- wanted to share a problem I've apparently had on my > T410 / 500G hard drive since I installed RHEL 6. I reported it at > https://bugzilla.redhat.com/show_bug.cgi?id=667485 > > Bottom line, I think a default RHEL 6 setting caused my hard drive to > fail in less than 2 months Well, it didn't override the defaults set by the drive manufacturer, which in turn led to that: at best, a failure to act on a stupid default by RH, rather than something they actively did. The real blame sits with the hard disk or laptop BIOS vendor, and I mention this because it is highly likely that you will encounter the same situation regardless of which distribution you are using. Regards, Daniel -- ✉ Daniel Pittman ⌨ dan...@rimspace.net (XMPP) ☎ +1 503 893 2285 ♻ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Geolocation in HTML
On Mon, Jan 10, 2011 at 09:20, Michael wrote: > Daniel Pittman wrote: >> On Jan 10, 2011 6:27 AM, "Michael Rasmussen" wrote: >>> >>>> I'm reading Dive into HTML5 http://diveintohtml5.org/ >>> >>> There's a chapter on HTML5 features including Geolocation. >>> Clicking through the test link Firefox pops up a warning "website wants >>> Geolocation. Tell them?" kinda thing. >>> >>> I click yes and a Google map showing my exact location pops up. >>> Repeat with Chrome, same results including getting my permission first. >>> Konqueror doesn't support the feature. >>> >>> This raises two questions: >>> >>> How? I'm doing my web browing through my laptop -> home WiFi -> DSL >>> linkage. >> >> Do you remember the Google wifi capture that their streetview cars did? >> Most of the location providers use the physical presence of wifi networks as >> part of how they locate sites. >> >> They also use the Android phones to feed back this sort of location data, so >> they can compute location mappings and all. Apple presumably do the same >> with their phones, too. [...] > None of those methods would require any browser interaction at all. > My IP address would give me away. Do you mean that the browser could calculate the location without asking for permission? Absolutely, and it is only courtesy from the browser authors that mean that they do, which is worth keeping in mind. I don't believe that, for example, the CoreLocation service from Apple requires permission requests to do this sort of geolocation in OS-X. HTML content, of course, can only do what the browser permits because it doesn't have a direct bridge to run native code, which means it can't read the visible wireless network list or anything like that. (Absent security violations and the like, of course. :) Your IP address, though, is much more error prone: it will give you a city-scale location, typically, rather than a street address location which you can obtain through wifi or cell sniffing (if you have a big enough database of device locations that you trust and the processing power to search it). [...] > I'm going to redo this with a sniffer and see what the traffic actually is. Cool. Keep us up to date on the results. :) Regards, Daniel -- ✉ Daniel Pittman ⌨ dan...@rimspace.net (XMPP) ☎ +1 503 893 2285 ♻ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Geolocation in HTML
On Jan 10, 2011 6:27 AM, "Michael Rasmussen" wrote: > > I'm reading Dive into HTML5 http://diveintohtml5.org/ > > There's a chapter on HTML5 features including Geolocation. > Clicking through the test link Firefox pops up a warning "website wants Geolocation. Tell them?" kinda thing. > > I click yes and a Google map showing my exact location pops up. > Repeat with Chrome, same results including getting my permission first. > Konqueror doesn't support the feature. > > This raises two questions: > How? I'm doing my web browing through my laptop -> home WiFi -> DSL linkage. Do you remember the Google wifi capture that their streetview cars did? Most of the location providers use the physical presence of wifi networks as part of how they locate sites. They also use the Android phones to feed back this sort of location data, so they can compute location mappings and all. Apple presumably do the same with their phones, too. SkyHook, one of the competing groups, actually have a little form where you can submit your network details and location to vimprove their database. Regards, Daniel ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Strange feature wanted...
On Tue, Dec 28, 2010 at 18:32, someone wrote: > Quoting drew wymore : >> On Mon, Dec 27, 2010 at 8:22 PM, Michael C. Robinson < >> plu...@robinson-west.com> wrote: [...] > As far as the comment that a login has to be required by OpenDNS to > protect the system, if the system tracked the host name registered with say > dyndns.org, logging in to achieve an update would be completely unnecessary. With the detail supplied, indeed that is true. I wasn't aware of the details of how it was being used when I made the comment. :) > An alternative approach is to modify ddclient so that it saves the password > in salted form instead of unencrypted in a text file. This way, the password > has to be unsalted by a random person for that person to know it. That isn't "salted" - which is a couple of random plain-text characters at the start of the password, so that the hash is not recoverable with a simple dictionary / rainbow table attack. What you probably mean is "hashed", which is a one-way transformation that cannot reasonably be reversed. Which, for this sort of service, is useless: if it is recorded and useful without someone entering the password, it is a password-equivalent, so you don't need to steal the original, just grab that. If it does require a password entered, why bother asking? For what that is worth. :) Daniel -- ✉ Daniel Pittman ⌨ dan...@rimspace.net (XMPP) ☎ +1 503 893 2285 ♻ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Palimpsest v. e2fsck v. ?
On Tue, Dec 28, 2010 at 18:02, John Jason Jordan wrote: > Having just finished various dist-upgrades of my desktop from Intrepid > to Lucid, and healed a sick RAID in the process, after booting to Lucid > I am presented with a warning that disk failure is imminent. The disk > in question is not part of a RAID; it is a 1 TB disk that I added > separately. The disk has always been empty, so there is no worry about > losing stuff. > > The warning comes from Palimpsest, the new GUI disk utility that comes > with Lucid. I launched Palimpsest as root so I could use its GUI to see > if I could fix the drive. After unmounting it I clicked on the Check > Filesystem button. Palimpsest then reported in a popup window > that the disk was clean, while the main window still insisted that disk > failure was imminent. According to the Smart Data window the > Reallocated Sector Count is in red and labeled as failing, also the > Airflow Temperature, which it reports as 49C. > > While wondering about these reports I reformatted the drive as ext4 (the > Lucid default, evidently). The reformat went fine without errors. The answer to that is simple: the "Reallocated Sector Count" is the number of failed sectors on the disk surface that the firmware has replaced with good sectors from the pool of spare space it uses. The airflow temperature is, as you would imagine, the highest temperature the disk has run at. Both of those are properties of the physical hardware, not of the content - so checking the file system does nothing about those underlying faults. > At that point I concluded that Palimpsest was given to prevarication. Nope. It is honestly telling you that this disk has run hotter than the manufacturer thinks is safe, and that it is showing significant problems with the disk surface. > But just to be sure I decided to run e2fsck on the disk. This gave me > a strange error message: > > Superblock invalid, trying backup blocks ... > Bad magic number in super-block while trying to open /dev/sdc > The superblock could not be read or does not describe a correct ext2 > filesystem. If the device is valid and it really contains an ext2 > filesystem (and not swap or ufs or something else), then the superblock > is corrupt, and you might try running e2fsck with an alternate > superblock: > e2fsck -b 8193 > > First, note that e2fsck thinks it is looking for an ext2 filesystem. I > read all the way through the e2fsck man page looking for an option to > specify a particular filesystem, but couldn't find it. ext2, 3, and 4 are occasionally referred to as ext2 by the tools because they all descend directly from each other, so are close enough that the code is common. Don't worry about that tiny mislabelling. > Second, "8193" is the number to use if the block size is 1K, 16384 for > filesystems with 2K block sizes, and 32768 for 4K block sizes. So > before I try to fix the superblock I need to figure out what the block > size is. The Palimpsest GUI doesn't say, and I don't know how to find > out from the command line. My magic says '4K', because everything gets formatted that size these days. Theoretically you can use tune2fs to ask ... but that needs the superblock. Your best bet is to throw away the faulty disk ^W^W^W^W try a non-destructive fsck with 4K, and then try 1K if that doesn't work. > This is not an urgent matter, but if the drive is really failing I'd > like to know so I can return it to Maxtor for replacement. It absolutely, without question is: every increment of that "Reallocated Sector Count" is another bad sector on the disk. (My guess is that your fsck failure was another bad sector, unluckily placed, and another format would "fix" it for a while, but there are other causes.) Anyway, the disk is really dying, and the software format is way too high level to ever come close to touching the root of the problems. :) Regards, Daniel -- ✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Strange feature wanted...
On Tue, Dec 28, 2010 at 17:04, drew wymore wrote: > On Mon, Dec 27, 2010 at 8:22 PM, Michael C. Robinson < > plu...@robinson-west.com> wrote: > >> Standard on Linux is that root can read any file on the local file >> system. Unfortunately, to get OpenDNS to update via ddclient, you >> have to know the username and password of the account that needs >> updating. Is it possible to connect a password to ddclient.conf >> or better yet require entry of the password in the file before it >> can be opened? No. At least, not without something like SELinux, which root would ultimately be able to work around anyhow unless you invest ... an awful lot of time and effort in security. (eg: also lock down any way to bypass SELinux, and raw device access, and segment off software for security, and prevent network sniffing, and so on and so on. Not impossible, just a *lot* of work.) >> Basically, what I am interested in is password >> protecting a single file and requiring that even the super user >> enter that password to access it, unless the super user wants to >> delete it. This way, in a sense, there can be more than one superuser >> and it becomes possible to delegate maintenance of OpenDNS for example >> to someone else. >> >> Frankly, I think it is stupid that you can't ask the OpenDNS servers >> to update an account without logging in to that account, hint hint. If they permitted that, and didn't use some password-equivalent, then anyone could change your settings, right? I could do that just by guessing your non-secret account name or whatever... > That's the whole idea behind sudo. Well, the whole "delegate limited authority" thing is, yeah. It doesn't solve the protection of the file, but it allows you to write something that has limited capabilities that you can give to another user so that they can interact with OpenDNS but not obtain access to the credentials. Not that this is trivial to do either, but less hard than securing the file itself. :) Regards, Daniel -- ✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] x86 package on Linux
On Sun, Dec 19, 2010 at 17:05, Mark S. Townsley wrote:
> Thanks for the link and it has good info.
> Next question then is what is the proper #86 type I should using for any
> processor if I need/want to compile with the optimal performance? I have
> several boxes and they are various Intel and AMD processors. Is there a way
> to find out for each one of them?
You should simply ignore the problem. (No, seriously.)
There is close to zero detectable performance difference between
software tuned for an i686 and whatever recent 32-bit system you use;
you actually get better results just using the amd64 mode and taking
advantage of the much higher baseline system spec.
Anything that is going to benefit significantly will tune itself at
runtime to the system, automatically, so you don't need to do anything
by hand. (Which is basically the kernel, libc, and a couple of crypto
libraries.)
Regards,
Daniel
--
✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Controlling DNS with cable...
On Wed, Dec 15, 2010 at 17:52, Russell Johnson wrote: > On Dec 14, 2010, at 10:46 PM, Michael C. Robinson wrote: > >> An inferior solution is to set my Netgear RP614v4 router to use a DSL >> based static ip subnet as the source for DNS queries. This will work >> unless the DSL is down. Oops! I need a better solution. Getting any degree of redundancy with multiple links is really hard, sorry. The easy answer would be to purchase one of the end-user routers (often sold for small businesses) that offer the ability to use multiple Internet connections, and often 3G these days, with fail-over or even load balancing. The not-buying-a-solution answer is that you should probably run your own DNS server on one of your systems internally, and delegate it the responsibility of communicating with the outside world. That would give you the same advantages as running the widget with a DNS cache, without the penalties of inflexibility. You could also just have your DHCP server tell the clients to talk direct to OpenDNS and bypass any local DNS caching. :) > Regardless of everything else. > 1> What is the problem you are trying to solve? He wants multiple Internet connections to let him still connect when one is down. > 2> Why does it matter than DNS isn't working when the connection is down? > Where will you be going when the DSL is down? If it's internal, then you need > a DNS inside your network. If you are resolving external addresses, you don't > need to know until the DSL is back up. That would defeat the purpose. ;) Regards, Daniel -- ✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Multiple Internet Links...
On Mon, Dec 6, 2010 at 16:49, Michael C. Robinson wrote: > I'm set up via two gateways to route a lan onto the Internet via a DSL > connection. I'm adding Comcast temporarily to get a feel for the service > and possibly be able to order a month or so of service in case of DSL > outages or need. I want to route through Comcast on demand. To effect this > change, I'm thinking of adding a physical nic on each gateway that will > connect to the cable modem. > > First question, how do I set the default gateway properly? Second question, > how do I set the name servers I want, not Comcast's? This is actually a *really* hard thing to do right, I fear. Linux doesn't do "link health" detection or anything, so if you have a gateway on the dead device listed in the routing table it will get used even if a perfectly good second path exists. So, you actually need something on your router to sit there, keep an eye on the state of the connection, and update the routing table. > Do I really need to add another nic or can I alias a second address on an > existing nic and use free ports on my DSL connected ethernet switch for the > cable modem? You should be able to configure all the devices into the same internal range, and use the gateway server(s) to manage that appropriately. You certainly can run different network ranges as well, though that can sometimes require additional work to make routing do the right thing. Anyway, the basic list of things to do looks something like this: 1. Hook up both Internet routers so they can talk (somehow) to the gateways. 2. Configure the gateways so they can talk through those routers to the Internet successfully. - you may need to adjust the preferred source address on the link - you may need to do some source routing 3. Get both upstreams working when you route through the gateways 4. Configure something to monitor the two Internet services and verify they are working correctly 5. Have whatever monitors the service bring up and down the relevant routes when the service is healthy or dead. - since you want preferential routing, just assign the appropriate metric to them as default routes and it will all just work(tm) routing-wise. With regards the question of using the right DNS servers: turn off the DHCP services on all the Internet router devices (cable and DSL), I would suggest, and then run DNS and DHCP service on your gateways. That way you can supply your local resolver to client machines, configure whatever forwarders you want, and be happily in control of the whole thing. All of which should be reasonable straight-forward, but much of it will not exactly be simple. Regards, Daniel -- Daniel Pittman dan...@rimspace.net +61 401 155 707 made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] MailScanner jamming...
"Michael C. Robinson" writes: > I have mailscanner failing to pass any email on one of my servers. > > To try and fix this I have done the following: > > I upgraded to postfix-2.3.3 on the affected server via rpm and the force > option. FWIW, the author of Postfix feels (and I, personally, agree with him) that the design of Mailscanner is utterly, completely, awfully broken. It pokes around in the innards of the mail server in a way that is absolutely not reasonable for a third party bit of software. I would generally suggest using amavisd-new, which uses SMTP or LMTP to process the messages on the way through, and which I find generally works very robustly. (It also has the advantage that you don't need to fiddle with permissions inside the MTA, or to run two MTAs, for things to work.) I know that isn't actually solving your problem in the immediate term, but it might help avoid it reoccurring in future. Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Tab Completion
Marvin Kosmal writes: > I am having a simple problem in Gmail.. > Tab Completion stopped working. > > For example in the To: box if I type a letter, any letter, Gmail used to > immediately try to finish the address for me. So, that would be a client-side JavaScript based feature. So: > Now nothing happens and I have to type in every address I want to email to.. > I can't find any setting and I have googled and just find my own question > out there. Anyone have any ideas. Does this happen with a clean profile for your current browser? Does this happen with an alternative browser? (eg: Chrome if you use Firefox, or whatever) My guess is that you installed something (GreaseMonkey? NoScript? Ad blocking sofware? A filtering proxy?) that is breaking the completion process and all - or perhaps frobbed some configuration setting. > I am sure this is a Gmail thing. Really? Personally, I think this is like the occasional thing that happens where someone comes along and claims that the Linux kernel must be fundamentally broken because their code isn't working: If it was really broken for something so widely used you wouldn't have *any* trouble finding out about it. The Internet would be *full* of people complaining that GMail was broken like that - so that says it is something about your client-side configuration. To me. > I suspect is would be useless to email Gmail.. Well, you get what support you pay for. OTOH, their support forums do have staff watching them, so it won't /hurt/ to put in the request there. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] software raid disk limit
"Daniel B. Herrington" writes:
> Is there a limit to the number of disks in a RAID 1+0 array using md?
Yes: 0.9 metadata has a limit of 28 devices, while 1.* scale to "hundreds"
without a specifically specified limitation.
1.* metadata is much harder to boot from successfully.
Regards,
Daniel
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Comparing files
writes:
> Thanks
> But how do I get rsync on a winddoze system?
> Or are you speaking of using it via Cygqin?
You can get rsync on Windows using any of the "Services for UNIX", Cygwin, or
MSYS solutions. Theoretically, I think, you could also natively compile it
since it is fairly POSIX-portable, but I don't know anyone who did.
I would personally recommend SFU as your first stop, then MSYS, then finally
Cygwin, but YMMV.
Given you were posting to a Linux list, though, I imagine most people
envisioned this being a Linux question and all.
Daniel
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Comparing files
Dwight Hubbard writes: > rsync works on windows and it works by comparing the source and destination. > > rsync -avn sourcedir destdir > > The -n tells it not to change anything, the -v is verbose. If the two are > identical you won't get any output. You probably want '-c' to force a checksum based comparison, rather than just date/time based. The whole "windows" bit makes checks based around file timestamps so much more unreliable and awful, sadly. :/ Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Updating All Perl Modules
Rich Shepard writes: > On Wed, 10 Nov 2010, Daniel Pittman wrote: > >> If you got it from the OS, they should be able to sort it out. If you >> hand-installed it, my strong preference is to repeat that install process >> which will do things like ensure that dependencies are followed and found. > > Dirvish is not part of Slackware. > >> Current "best practice" is usually CPANPLUS, but that obviously means >> getting CPANPLUS installed on the machine. > > Rather self referential, eh? Use cpan to get cpanplus ... or cpanminus. Any of 'em should work. :) CPANPLUS has a reputation for being very heavy, but it is (IIRC) in core with 5.10 or maybe 5.12, so that should get a bit easier. >> However, cpanminus is starting to take over in the popularity and performance >> stakes for folks who have strongly Internet connected systems; it has some >> plugins to do things like "show me outdated modules" and the like. >> >>https://github.com/miyagawa/cpanminus/tree/master/plugins > > I'll keep this for reference. I update perl modules only when some > application (such as building the most current spamassassin) requires them. > Otherwise, I ignore it. I would highly recommend grabbing cpanminus, then, and just using it for that. It really doesn't suck compared to the competition.[1] Regards, Daniel Footnotes: [1] I didn't actually believe this for ages, and used both CPAN and CPANPLUS, but have now been converted. :) -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Updating All Perl Modules
Rich Shepard writes: > Because of a failing hard drive (apparently linked to the motherboard chip > failure of a few weeks ago), I've done a clean install of Slackware-13.1 on > a new drive rather than installing -13.0 on it and upgrading. As a result, a > lot of manual labor is needed to get applications running again. One > application not yet working is dirvish, because a Perl module is apparently > either out of date or missing. If you got it from the OS, they should be able to sort it out. If you hand-installed it, my strong preference is to repeat that install process which will do things like ensure that dependencies are followed and found. > I know that I can use 'perl -MCPAN -e shell;' followed by 'install > ' for a specific module. I'd like to have perl check and update > all modules. What command will check all installed modules and update those > that require it? Current "best practice" is usually CPANPLUS, but that obviously means getting CPANPLUS installed on the machine. However, cpanminus is starting to take over in the popularity and performance stakes for folks who have strongly Internet connected systems; it has some plugins to do things like "show me outdated modules" and the like. https://github.com/miyagawa/cpanminus/tree/master/plugins I use cpanm when I don't use the distribution tools. Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Odd partition has appeared
rom zero, because I don't understand what terms > mean like "extent" and "sector," among many others. > > Even though I don't understand it all yet, the best Fedora post I have > found so far is: > > http://fedorasolved.org/Members/zcat/shrink-lvm-for-new-partition FWIW, if you don't know the technical reasons for these decisions it is probably better to trust that the distribution folks have good reasons for their choices, in my experience. They *have* done the research and understood the most common technical reasons to do things these ways... Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] browser question
logical american writes: > Does anyone know where a controlled connect internet browser can be found? Nope. > I am now getting dozens and dozens of connections on my Mozilla Firefox > browser and chasing some of them down seems to lead to my own IP company, > but located transnationally. Once I saw 76 connections after I landed on a > web page. (I realize that web pages do contain multiple embedded URLs but > this is ridiculous). Even coming up on a search engine now seems to bring > up unrelated sites. > > Can socket connections be limited from another running program which talks > directly to the kernel? Yes, but I don't know of anything on Linux that acts as a suitable front end; over in OS-X land there are "Little Snitch" and a couple of similar tools. However, you might be able to address at least some of your issues with some combination (for Firefox; alternatives exist for other platforms) of AdBlock+, together with the EasyPrivacy list, and/or Ghostery. They both serve to stop a wide range of those extra services and/or monitoring tools from working on the page. (You might also want FlashBlock to avoid that adding more paths to fetching ... stuff. :) Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] memtest86: Help Needed
Rich Shepard writes: > On Tue, 2 Nov 2010, Daniel Pittman wrote: > >> It is also notable that memtest86+ is good, but usually not as hard as >> running real software on the machine is; we have previously had occasional >> faulty sticks of memory that would run clean for weeks under memtest86+, >> but would oops within ten minutes on corruption in the Linux MM lists.[1] > > The loss of mouse clipboard pasting and a few other annoying glitches > appeared only on the new system. While that's not proof of cause-and-effect, > it's presumptive so I'll make arrangements to trade in the two DIMMs for a > fresh set. Sorry - I just meant to say that while memtest showing an error *is* sufficient to prove that a DIMM is faulty, the absence of memtest errors is *not* sufficient to prove that the DIMM is good. :) Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] /etc/fstab: Fedora-13: Virtual Box mounting CD process?
"Loren Davis" writes: Hey. You wrote this by replying to a message I wrote and changing the subject; that doesn't actually take all the hidden "thread" headers and stuff out, so it still shows up as a reply to something I said. :) > I'm running F13 in Oracle VM VirtualBox. I'm trying to implement a bash > backup script to backup to CD but am having CD problems of some sort. > My configuration auto-detects and mounts a CD if it has data on it but I've > yet to figure out how to mount a blank CD. You can't - you don't mount the blank CD to put stuff on it[1], you use a tool like wodim, or growisofs, along with an ISO9660 filesystem builder, to write a single stream of data representing everything you want on the disk. For your purposes I would actually recommend burn: http://www.bigpaul.org/burn/ It wraps up those tools and makes them trivial to use. I don't know if F13 packages it, though. Regards, Daniel Footnotes: [1] Generally speaking, unless you are doing something like packet writing and all, which is crazy-difficult and doesn't sound like what you want. -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] memtest86: Help Needed
Paul Heinlein writes: > On Tue, 2 Nov 2010, Rich Shepard wrote: >> On Sun, 31 Oct 2010, Bill Barry wrote: >> >>> I should add that this seems to say that memtest86 crashed not that it >>> reported you have bad memory. >> >> Certainly looks that way. >> >> I replaced memtest86 with memtest86+. It ran all night (was in the 13th >> pass when I stopped it). In the first pass 8 errors were detected; no >> additional ones found. >> >> What is considered an acceptable error number? The 8 found here seems high >> to me, but I know the areas are very tightly packed on the silicon. >> >> Should I swap these for a new pair? > > IMO, even a single memory error means the underlying DIMM (or whatever) > should be swapped out. memtest86+ should run completely clean. *nod* This is not like a hard disk, where they automatically swap out those bad bits on write or anything. It is also notable that memtest86+ is good, but usually not as hard as running real software on the machine is; we have previously had occasional faulty sticks of memory that would run clean for weeks under memtest86+, but would oops within ten minutes on corruption in the Linux MM lists.[1] Daniel Footnotes: [1] At repeatable locations, even, which surprised me. Presumably something in the access patterns was the trigger. -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Network configuration for Ubuntu 10.04
Russell Senior writes: >>>>>> "Mike" == Mike Connors writes: > > Mike> I don't run Ubuntu so I can guide you through whatever network > Mike> management tool you're using. However any of those GUI front-ends are > Mike> going to read/write from/to the "/etc/network/interfaces" file. > > I don't think that is correct. NetworkManager doesn't really do > /etc/network/interfaces. The only interface in my 10.10 install's > /etc/network/interfaces is for loopback. NM does its own thing. On Debian/Ubuntu it does interact with /e/n/i - if you mention an interface in there NM assumes you mean to manage it the old fashioned way, and should no longer touch that interface. So, if you set eth1 up in /e/n/i then NM will not break it for you. Otherwise, yes, it doesn't touch it. :) > Also, the cool kids use the iproute utility these days. ifconfig/route are > s yesterday. > > http://en.wikipedia.org/wiki/Iproute2 Well, it does have the signal advantage that it actually, y'know, works to manage the features of the Linux IP stack and all. :) Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] What Controls Mouse Clipboard in X Window?
Rich Shepard writes: > On Sat, 30 Oct 2010, Daniel Pittman wrote: > >> The primary selection can be perturbed as focus changes, if you use the >> focus-follows-mouse policy, which can trigger things that look like this. > > However, as I wrote in an earlier message, the selected text remains > highlighted when I check it after finding the paste fails. Yeah: selection and ownership of the "primary selection" are different; while making a selection should assert ownership, changing primary selection ownership should not cause your text to be deselected. So, it could still be this despite the visual cue. >> That seems odd. I suggest testing with xev under X, to determine if the >> clicks and so forth are coming through as expected. That would eliminate >> the mouse and let you investigate application level things for the root >> cause... > > Because a vital chip on the motherboard failed (the chip that included video > functions), I'm leaning more toward either hardware corruption or subtle > change to a system file. It is certainly possible, but I would suggest you perform those steps anyhow: it will tell you, with certainty, what is happening in terms of the mouse input, and that will tell you if it is that mouse events are missed, or if the selection stuff is going wrong. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Identifying Device UUID
Rich Shepard writes: > On Sat, 30 Oct 2010, Daniel Pittman wrote: > >> That means you want: blkid /dev/sda1 # or whatever raw device it is at. > > That's the conundrum: with the fstab entry linking a mount point to a UUID > there is no entry in /dev/. No *immediately obviously* device entry; it still exists. However, that means your problem is the exact opposite of what you stated: you want to find the device node based on the UUID, not the UUID based on the device after all. Someone else already suggested the /dev/disk/by-* directories; the easiest way to map a UUID to a device node is, as they mentioned, 'ls -l /dev/disk/by-uuid/' > What I read is that udevd does its thing based on UUID so, perhaps in the > not-so-distant-future, the entire /dev directory will be deprecated. er, no. Using a stable identifier is the only sane thing to do with the way that modern systems detect devices, but that is just a pointer on back to the traditional device node. (Specifically, the tree mentioned above is a tree of symlinks based on persistent properties back to the actual owning node, and is what mount uses to discover that detail.[1]) Regards, Daniel Footnotes: [1] I believe. I should actually verify that one day. -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] What Controls Mouse Clipboard in X Window?
Rich Shepard writes: > Does anyone know the library or tool that controls cutting and pasting using > the mouse when the X Window System is running? None, or "the X server itself" - copy and paste is actually negotiated between the applications directly, as is the primary (and secondary) selection, and the old fashioned and unloved cut buffers. > I suspect that it's not xclipboard because that is a text-based terminal > application that can be used to cut and paste, but I'm interested in what is > used when the left mouse button is used to highlight text and the middle > button used to paste it in another vt or application window. That is the primary selection, and is pretty much directly between the applications. However ... The primary selection can be perturbed as focus changes, if you use the focus-follows-mouse policy, which can trigger things that look like this. The primary selection and clipboard can be perturbed if you run something like xclipboard, the purpose of which is to notice that an application asserted "I have something interesting in my $x", and then do things to it. > The past couple of weeks I've had this fail sporatically. A couple of days > not at all, some days once, or twice, and a couple of days multiple times. > Killing the X server and restarting it restores the capability but it can > again silently disappear. That seems odd. I suggest testing with xev under X, to determine if the clicks and so forth are coming through as expected. That would eliminate the mouse and let you investigate application level things for the root cause... Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Identifying Device UUID
Rich Shepard writes:
> I've searched with Google but despite headings that imply how to find the
> UUID of a specific device, the page contents do not really tell me how to do
> this.
You had it *almost* right, too.
>In /etc/fstab the entry for my external backup disk is
> UUID=436bc83a-1d2b-4c58-b3a9-5dbe8efc4112 /media/hd0 ext3 defaults 0 0
>
> The past couple of mornings I see a mail message that the dirvish backup
> could not unmount the drive. When I tried from the command line this morning
> the attempt failed because the UUID did not match what the kernel saw.
> Turning off the drive, and back on about a hour later allowed me to umount
> the drive.
>
> How do I determine the UUID for devices such as this external drive? I've
> tried 'vol_id', but 'vol_id -u /media/hd0' responds that it's an unknown or
> unique media type and I see the same response if I use --uuid as the option
> to vol_id.
/media/hd0 is the *mount* point for the filesystem, not the device. Tools
like blkid and vol_id need to look at the raw disk itself.
That means you want: blkid /dev/sda1 # or whatever raw device it is at.
[...]
Rich Shepard writes:
> On Fri, 29 Oct 2010, Gerald Turner wrote:
>
>> Could the problem be that you've changed your external drive to vfat?
>
> Not unless it was the rainy weather. It's ext3.
Also, you would still get identifying information out of it. :)
>> I just tried a USB stick formatted with vfat, at first 'blkid' didn't
>> report any information for it (maybe blkid is using a cache, or maybe it's
>> ignoring vfat partitions), but then ran 'blkid -p /dev/sdg1' ("low-level
>> probe") and it reported the UUID and other attributes just fine and
>> mysteriously, subsequently running just 'blkid' now reports the data.
>
> Huh! I did not know this tool existed. It's here, too, on Slackware.
> Running just 'bklid' with no dev specified found all partitions and returned
> the UUID and filesystem type.
O_o How odd. I didn't know blkid did any caching. :)
Daniel
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] slightly OT, Internet media and OpenDNS...
"Michael C. Robinson" writes: Your habit of dropping all the context in replies makes it really hard to intelligently respond to your messages... [...] > I'm concerned about using a proxy because I have seen sites break and I have > fairly slow servers. It will be a while before I can even consider fixing > the slow issue. I ran a Squid proxy on a 486-SX at 33MHz. Your server is *not* going to have a problem with it. > I frankly see OpenDNS as possibly being superior to Dansguardian. When it > comes to media though, sites like hulu which show "adult" material are hard > to filter out. Some "adult" sites are recognized by OpenDNS and are > blocked, but hulu is borderline and it gets allowed. Where there is hulu, > there are certainly other sites like it that mix "adult" and family friendly > media with a very low barrier to access "adult" material. OpenDNS is > community driven and fairly effective, but one can't expect OpenDNS to block > sites like hulu. ...but wait! Dansguardian with the publicly curated blocklist and content filtering is doing exactly the same thing, only they can filter with a finer granularity than OpenDNS. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] upgrading a redhat 7 kernel
"Michael C. Robinson" writes: > On Thu, 2010-10-28 at 14:43 -0700, alan wrote: >> On Thu, 28 Oct 2010, Daniel B. Herrington wrote: >> >> > I've got to build a sybase 12- server on redhat 7. ASE requires 2.4.9 or >> > greater though. I built a redhat 7.2, but maybe should do a 7.3 as that >> > seems to be the easier route. >> >> Why are you using a Linux distrobution that has not been supported for 5+ >> years? > > Redhat 7.x was a good run. It is 2.4.x based which seems ancient, but > Sybase 12 may require ancient kernels. So, should the old Sybase software > be abandoned because the Linux kernel and C libraries have changed? Shouldn't you identify if Sybase 12 runs on a modern system before asking that question? > Linux may change less in the future than it has in the past, which I hope > will be the case. The API changes over time pose a real problem as there > are still among the vendors that support Linux a number that don't offer > open source software. ...this is a problem with the internal API / ABI of the kernel, *NOT* with the interface between applications and the kernel. That ABI is fanatically protected and compatible, by upstream design. > This closed source software which can be very popular is not fixable. Some > minor examples are the Nvidia and Catalyst video card drivers, but there are > other examples as well. Those are apples and porcupines you are comparing there. > I'm sure the Linux kernel developers are trying to provide a more consistent > API over time, but it may be too early for that. No, they are not. Wait, yes they are! Both! The "binary blob device driver" API/ABI is by design not going to become stable. The userland interface of the kernel is fanatically so, and you should be fine running your Sybase 12 system on the latest release of anything - provided you supply all the dynamic libraries that are required. Regards, Daniel If it was, say, Sybase 12 for SCO run through the Linux ABI project then you would have trouble as /that/ has not been maintained. :) -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Filesystem Automatic Checks
Rich Shepard writes: > On Thu, 28 Oct 2010, Carlos Konstanski wrote: > >> tune2fs -c lets you adjust the number of mounts between fsks. > > Carlos, > > I realize this but am curious why the defaults are so different. What I saw > here was: > > /dev/sda1 1G21 mounts > /dev/sda2 100M20 mounts > /dev/sda5 200G37 mounts > /dev/sda6 100G28 mounts > /dev/sda7 195G35 mounts > /dev/sda8 5G27 mounts > /dev/sda9 4G37 mounts > > Seems almost random. It is, within limits: the purpose is to keep them from *all* being checked at the same time, but rather to spread that out a little bit more across time. It means more frequent, but shorter, delays at boot caused by fsck. Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] slightly OT, Internet media and OpenDNS...
"Michael C. Robinson" writes: > 1) I want to go from clear text passwords in flat text files accessed by a >perl based cgi script to possibly salted passwords in a database. > > 2) I want a daemon operating on the firewall machines that can detect >inactivity and close out that host(s). > > 3) I want redirecting when a user tries to go out and the firewall is >closed, but I don't want to force everyone through a proxy. > > 4) I want my web page to have a feature that allows web based adding >and editing of computers, users, passwords, and access profiles. > > 5) I want a black list and/or a white list of Internet sites, but I >don't want to implement this via a proxy. OpenDNS would be the >preferred way to implement this. > > I don't know how to do 1-5. I hope you will take this the right way, but it doesn't sound like you are entirely clear on what you are trying to do: parts of that seem unconnected to the discussion at hand, and other parts are ... well, "inefficient", to say the least. > Concerning 2, I wonder if sleeping computers will answer ping probes? It depends, but generally not.[1] > With regard to a daemon, I'm not certain how to write one let alone how to > detect inactivity across a firewall for a specific period of time. Item 3 > is done on PSU's wireless network, but maybe they use a proxy. http://en.wikipedia.org/wiki/Captive_portal - includes links to FOSS implementations. > Item 4 is something of an upgrade to my existing system. Item 5 seems to be > a necessity to get around OpenDNS's shortcomings. ...only because you are dedicated to not using a proxy, which means that you are working very hard to make this more difficult for yourself. (Also, are you aware that bypassing the OpenDNS stuff would be trivial in most cases, unless you are otherwise blocking access to other resolvers?) > If I have to blacklist locally and I can do this without using a proxy, > maybe I can integrate editing of the black lists/white lists into my > existing web page. I can use php or perl I suppose. > > Can I throw packets to user space, find out where they are trying to go, > check if a name on a black list or white list resolves to the destination > IP, and then dynamically decide what to do with the packet at the packet > layer? Yes, but why would you do that? If you want to blacklist or whitelist[2] then just do that with a static iptables ruleset - and refresh the DNS resolution periodically to ensure it doesn't drift on you. (Given most of what you want to block are commercial operations that should be a fairly rare problem.) > What is the best way to do this? Use a proxy. Seriously. Failing that, use the firewall to REJECT packets to the places you don't want them to go. > Should I implement a DNS based ip blacklist where external ip addresses are > mapped to 127.0.0.x addresses? Maybe I should mimic postfix's hash files > and read these files using perl. I'm thinking something like: some.bad.site > DROP # Blacklisted some.good.site ACCEPT # Whitelisted . . . I guess I > need a simple caching name server that updates every time the retrieved > information can change to go the hash file route. The cache should be > populated with the listed names. ...or you could just block access with iptables, or use a proxy which will do this all for you, for free, and *vastly* more effectively. > I guess one option is to have an iptables chain called whitelist and another > one called blacklist. Trouble is, how do I keep the ip addresses in these > chains correct? One look up is enough, I don't want to check every single > packet. Give a DNS name to the source or destination address passed to iptables, and it will do a lookup at the time the rule is created. Daniel Footnotes: [1] Technically, the answer is no, but at least modern Mac systems can cooperate with the Apple AirPort base station to have it wake them when someone tries to communicate over the network, meaning that they practically appear this way. (Also, definitions of "sleep" can vary :) [2] ...and I don't quite know how you propose to handle sites that are not on either list? -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] slightly OT, Internet media and OpenDNS...
"Michael C. Robinson" writes: > Read the last paragraph first. Wouldn't it help to put it at the top, then? (FWIW, I suspect that -talk would be a better place for this anyway, despite the technical content.) > OpenDNS does a great job of blocking certain web sites when asked to, but > hulu is not one of them. Hulu is carrying some hard core material. [...] > What is the best way to address side cases like Hulu that OpenDNS with the > decency settings set to high doesn't help with? This is the technical > problem that I hope people will discuss. Pay money for the service, run outside your home. In Australia almost every major ISP could offer the facility, and they were generally based on one of the big commercial services who offered filtering of communication. This is the only mechanism that will actually prevent access to the material with assurances of success[1], because there is no way to bypass it without seeking another connection to the Internet.[2] The next best thing is to obtain one of the range of consumer routers that provide the facility as a commercial service[3], or to install http://dansguardian.org/ and use either there commercial or free feeds. (Effectiveness depends, in many ways, on how much you pay for the list to be supported, which is probably no surprise to anyone.) (SoothWall worked well for a former client of mine who used it, some years back, but I have no current experience.) Finally, you could use the OpenDNS service and run a Squid or equivalent web proxy, and maintain the blacklist yourself. If they are almost totally effective this might be a low enough maintenance cost that you can accept it. Daniel Well, you could also use the inverse: produce a whitelist of approved sites. Watch out for things like Wikipedia that include sometimes objected to content along with their otherwise valuable stuff. Footnotes: [1] ...but don't forget to check those T&C to see how much the service care about over-blocking or under-blocking sites, and what recourse you have when you and they don't agree about something. [2] Which, naturally, is a significant problem when it comes to preventing kids from getting access to this stuff - at least generally. I have no idea if you have kids, or it would be a problem with them, so am only speaking generally here. :) [3] Netgear did, a while back, and I know someone who was happy with their implementation. -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Position of swap partition
Marvin Kosmal writes: > On 10/27/10, Rich Shepard wrote: >> >> Does it matter what partition is formatted as swap on a drive? On my new >> hard drive I've made 3 partitions, and think I should redo it because I >> made /dev/sda1 the swap, /dev/sda2 will be /, and /dev/sda3 will be >> /tmp. I'm thinking I should repartition so the sequence is /, swap, /tmp. >> >> Thoughts? I would suggest you use LVM instead, but I have no idea how hard or easy Slackware make it to do that. (The flexibility benefits, especially if you leave some of the VG unallocated, pay off quickly in future.) [...] > I copied this from Wikipedia > > * "Short Stroking", which aims to minimize performance-eating head > repositioning delays by reducing the number of tracks used per hard > drive.[1] This only works if you want to throw away the rest of the disk, or you have data stored there that is essentially never accessed. Otherwise you lose any benefit because reads and writes to the other partitions will eat those gains. Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Problems new Phenom II system...
"Michael C. Robinson" writes: > Fascinating result here, youtube works but hulu doesn't. Hunh, that's > curious. When I try to stream anything on hulu, I just get a blank screen. > Any thoughts on how long it is going to take before flash works with hulu on > 64 bit systems? This might be a long shot, and the Phenom II should have it, but do you have LAHF support on that CPU? For a while Flash 10 would generate the LAHF instructions but some early AMD CPUs didn't support them, so crash-city. If 'grep -i lahf /proc/cpuinfo' outputs content then that isn't the problem. (I bet it isn't the cause, but when I hit this we had success on most YouTube content, but pretty much nothing else, so it sounded all similar and all.) > I hope the lightspark project takes off, lots of web sites require flash > where this has become a defacto standard. Maybe Apple will win and replace it with HTML5. ;) Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Unfindable File
Rich Shepard writes: > On Tue, 26 Oct 2010, Daniel Pittman wrote: > >>find / -ls 2>&1 | fgrep ask.c > > Aha! Looking more closely at the stream written to the monitor I see a > bunch of ask.c in the source files for grass6.4 and grass6.5. These > directories are on the same, old 80G WD drive as the orphaned files. Ack. I should have been nicer and given you: find / -ls 2>&1 | egrep '\ I need to make time to partition, format, and copy files to the new drive. Looks like. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Unfindable File
Rich Shepard writes: > This may have something to do with those orphan files I am dealing with, > since it's come up only since those files appeared. > > Whenever I run 'find / -name ...' the last line returned is, > find: Warning: file `ask.c' appears to have mode > > I cannot find any file named ask.c and I suspect that mode makes it > (virtually?) impossible to do so. If that was true then find couldn't have told you which file it was; what is presumably true is that it isn't trivial to locate it. (What that says is the individual file has that mode, but the directory that contains it does not, for reference. :) However, try 'locate ask.c' and see what that turns up. Failing that, you can use a very big hammer: find / -ls 2>&1 | fgrep ask.c That should give you the full path to the troublesome file. [...] > [r...@salmo ~]# chmod 666 ask.c > chmod: cannot access `ask.c': No such file or directory Nah, that just means you don't know the full path to it, and that find is giving a less-than-helpful error message. If you apply that to the file in whatever location it actually exists you should get the right outcome. > I believe the mode makes it untouchable. I'll bet that's the mode of > the other orphaned files, too. > > Must be the hard drive on its way out. I would guess that, or lingering damage from the same. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Xubuntu-10.4: Network Manager Does Not See Wired Network
Dale Snell writes: > On Mon, 25 Oct 2010 10:57:18 +1100 > Daniel Pittman wrote: > >> > The trouble seems to be that if you have NetworkManager set to accept >> > both IPv4 and IPv6 connections, it _requires_ both to be running, or it >> > won't see the interface. If your router is IPv4 only (as mine is) then >> > the IPv6 connection is never made, and the interface never comes up. >> >> Er, NM only establishes network *addresses*, and will never accept a >> network connection with any protocol from anywhere. [...] > Well, actually... I seem to have described the problem I had incorrectly. > My mistake, sorry. No worries, and thanks for clarifying. > NM wanted to configure both IPv4 and IPv6 networks for the interface. When > it couldn't, it threw up its metaphorical hands in despair. *nod* I had not run into this, even on machines with IPv6 disabled, so now know to watch out for it. So, thanks for explaining. :) Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] bash vs dash and the "at" command
"chris (fool) mccraw" writes: > On Mon, Oct 25, 2010 at 11:27, frankhunt wrote: > >> Does the "at" scheduler use bash or dash? > > mine (ubuntu 10.4 still) uses /bin/sh as documented in the first line of the > at(1) man page. on my system, /bin/sh is linked to dash rather than bash. > i believe there have been other conversations on here about relinking > /bin/sh to bash and how it breaks things, so that's probably not a good fix. It doesn't (well, didn't, and shouldn't) break anything, but it does make lots of things slower than they need to be. Specifically because: > plus, when run as 'sh', bash behaves like its slower older brother posix > bourne shell--see > http://www.gnu.org/software/bash/manual/html_node/Bash-POSIX-Mode.html. ...this is true, so dash is strictly a subset of the capabilities of bash. [...] > a fine point of at(1) job submission that i just discovered from the same > man page, is that if you submit a file, it is treated as a list of commands, > run via /bin/sh. if you submit from standard in, it will instead just run > the command, which if it is a script will obey your opening shebang line. Actually, at(1) behaves the same way *given the same input* in both modes. You are comparing apples and oranges; these are equivalent: ] echo /path/to/script | at now ] cat /tmp/foo /path/to/script ] at -f /tmp/foo now So are these: ] at -f /path/to/script now ] cat /path/to/script | at now # UUOC: < /path/to/script at now # ;) [...] > i guess another workaround is to submit a file that just has one line that > runs the other script (with the bash-specific shell functions in, starting > with #!/bin/bash), if you really must submit a file rather than using stdin. *nod* That works, of course, because it is actually the same as your stdin example. :) Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Xubuntu-10.4: Network Manager Does Not See Wired Network
Rich Shepard writes:
> On Mon, 25 Oct 2010, Daniel Pittman wrote:
[...]
>> Anyway, it means the interface is not configured in /etc/network/interfaces,
>> basically, though it wouldn't hurt to check the content there just in case.
>>
>> (Er, just to check, you /did/ run that command as root, right?)
>
> I su'd to root and added the eth0 interface to /etc/network/interfaces,
> after lo. It still does not see the network after a reboot.
Just so you know, if an interface is mentioned in /e/n/i then NM on Debian
will not touch it: it assumes the sysadmin had a good reason for doing
old-style configuration and trusts them.
So, if you have it in there you should remove it and ... restart NM.
Rebooting is the only way I know to do that which doesn't potentially break
other things.
[...]
> Since I'm not a professional SysAdmin I don't have the insights you pros do.
Please don't get me wrong: I am not aiming to judge you or anything here. My
hope is to help you, and I am sorry if it came across any other way. :)
>> What logs does NetworkManager emit? You should find them in
>> /var/log/syslog or /var/log/daemon.log, and it would be good to have all
>> the NM output when you plug and unplug the cable.
>
> I'll look again tomorrow evening, or whenever I have access to her laptop.
>
>> Can your NIC actually see the connection? The cheap way to check would be:
>>
>> sudo apt-get install ethtool
>> sudo ethtool eth0
>>
>> ...with the cable plugged in, and see what it says.
>
> No connection seen. I cannot ping the router ("Network not reachable") or
> any other host.
The part I am most interested in is if the NIC has detected link, and what it
negotiated with the far end. That will help rule out the problem being that
the NIC, the cable, or the router are "not working" here. :)
Daniel
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Xubuntu-10.4: Network Manager Does Not See Wired Network
Dale Snell writes: > On Sun, 24 Oct 2010 09:43:57 -0700 > Rich Shepard wrote: > >> I need help from you folks administering Ubuntu systems. On my wife's >> laptop only the wireless connections are seen (here and in the >> neighborhood). The topmost portion, wired networks, says there aren't any >> although I have an ethernet cable connecting the box to the local router. >> >> I tried running NetworkManager and was told it's already running. Next, I >> tried 'lfconfig -a' and saw eth0 as well as lo and wlan0. When I ran 'ifup >> eth0' I saw 'Ignoring unknown interface eth0=eth0' which makes no sense to >> me. >> >> What do I do to have the NetworkManager see the wired connection when a >> cat5 cable is plugged in and all that interface to be used instead of the >> wirelss one? > > This sounds depressingly familiar. :-( I had this trouble myself, though on > a laptop running Fedora, rather than one of the 'buntus. Oddly, it only > affected the laptop, and not the desktop, which was running the same version > of Fedora and NetworkManager. > > Get into NetworkManager's preferences, and check IPv6 settings for your > wired interface. Dollars to doughnuts it'll be set to Automatic. Set it to > Ignore. You may have to restart NetworkManager. > > The trouble seems to be that if you have NetworkManager set to accept both > IPv4 and IPv6 connections, it _requires_ both to be running, or it won't see > the interface. If your router is IPv4 only (as mine is) then the IPv6 > connection is never made, and the interface never comes up. Er, NM only establishes network *addresses*, and will never accept a network connection with any protocol from anywhere. Additionally, IPv6 will automatically configure a link-local network address in the absence of any infrastructure, so unless you disable IPv6 in your kernel entirely you would have an address found regardless of what your router supports. Now, you might have problems with other applications - that do make network connections - if IPv6 is enabled, but that is not much to do with NM itself. Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Xubuntu-10.4: Network Manager Does Not See Wired Network
Rich Shepard writes:
> I need help from you folks administering Ubuntu systems. On my wife's laptop
> only the wireless connections are seen (here and in the neighborhood). The
> topmost portion, wired networks, says there aren't any although I have an
> ethernet cable connecting the box to the local router.
>
> I tried running NetworkManager and was told it's already running. Next, I
> tried 'lfconfig -a' and saw eth0 as well as lo and wlan0. When I ran 'ifup
> eth0' I saw 'Ignoring unknown interface eth0=eth0' which makes no sense to
> me.
The "eth0=eth0" part is because Debian[1] support mappings in their basic
network configuration, and in this case you are using the identity mapping
rather than "eth0=home" or whatever. (Which is no surprise, because you have
not configured that magic. :)
Anyway, it means the interface is not configured in /etc/network/interfaces,
basically, though it wouldn't hurt to check the content there just in case.
(Er, just to check, you /did/ run that command as root, right?)
> What do I do to have the NetworkManager see the wired connection when a cat5
> cable is plugged in and all that interface to be used instead of the wirelss
> one?
Typically nothing. So, the question is why it isn't working:
What logs does NetworkManager emit? You should find them in /var/log/syslog
or /var/log/daemon.log, and it would be good to have all the NM output when
you plug and unplug the cable.
Can your NIC actually see the connection? The cheap way to check would be:
sudo apt-get install ethtool
sudo ethtool eth0
...with the cable plugged in, and see what it says.
Daniel
Footnotes:
[1] ...so, eventually, that means also your variant of Ubuntu.
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Dict
Marvin Kosmal writes:
> I am having problems with dict. As in..
>
> m...@localhost: dict new
> and it just hangs??
Perhaps your default server is down, and dict is taking a long time for the
network connection attempt to time out? Which server are you using?
> Anyone use dict??
Not recently, but I used to make much more extensive use of it years back, and
even ran my own local dictionary server for the purpose.
Daniel
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] linux for elementary classroom/lab
7;t want to see you assume it is easy and find out the hard way just how much work it really is. Regards, Daniel Footnotes: [1] Generously, I could say they were worried that they didn't have time to do everything they already had to do in a day. More cynically ... well, you can probably fill it in. :) -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] flash problems x86_64...
"Michael C. Robinson" writes:
> Apparently, there is no standard way to watch flash content on an x86_64
> Linux distribution. Adobe evidently has pulled their 64 bit flash player,
> not the Windows version of course. Anyone know of a good workaround? For
> how long is this likely to remain a problem?
Others answered part of it, but let me point you at LightSpark, which is a
FOSS flash implementation. It is far from complete, but gaining great ground,
and can deal with YouTube ... so a large proportion of what people actually
use flash for is working. :)
Daniel
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] How To Remove "Ghost" Files? [SOLVED]
Rich Shepard writes: > On Fri, 8 Oct 2010, Rich Shepard wrote: [...] > After re-installing Slackware-13.0 a few times, everything but firefox is > running. Soon I'll get up the courage to upgrade to -13.1 which changes all > the ATA drive designations from hd* to sd* and alters all the IDs of the > optical and supplemental (e.g., USB flash) drives. Probably a good time to transition to the glorious new world of stable device identifiers under /dev/disk, which saves you the pain of learning that "mostly stable" doesn't count in the new hotplug order. All bow down before your new udev master! Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] First quad core system...
"Michael C. Robinson" writes: > I'm trying to upgrade from a Pentium 4 3.06 ghz system to a Quad Core AMD > Phenom system. I'm upgrading from Fedora 12 i686 to Fedora 13 x86_64. > Okay, is there a way to support legacy software such as: Dirk Dashing Secret > Agent, Rick Rocket, Eschalon Book I, Eschalon Book II, Dungeons of Daggorath > libc5 port, Micropolis, etcetera? Yes. If they are statically linked they should just work. If they dynamically load libraries you will need to install the appropriate i386 packages to support them. (I don't know about libc5 package availability though) > I'm running 2 2G DDR3 memory sticks operating at 1066 mhz, will getting > faster memory, 1333 mhz, make a significant difference? Probably not more than $20 or so worth of difference, I predict, for most users. It doesn't make much practical difference because memory performance is usually not the root cause of desktop performance issues these days. > Anyone have experience with the overclocking features of the MSI > motherboard? > > There is a way to run 32 bit software on a 64 bit platform??? It does natively, and the upstream kernel ships with 32-bit compatibility, so it should "just work" for you. 'yum install libfoo.i386' will do the IA-32 version of a package, if it is available. > BTW: Where can I grab wine from? The local bottle shop should carry a fine selection of ... *ahem* ;) I used to use RPMForge, but I can't speak for them in the last few years. Upstream have recommendations though: http://www.winehq.org/site/download Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Is anyone running Linux on an IBM Thinkpad T41 or T42?
Paul Heinlein writes: > On Sun, 17 Oct 2010, Robert Munro wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Salvage resellers are selling some refurbished IBM Thinkpad T41 and T42 >> notebooks on Ebay, which seem to be selling for a little more than $100 at >> auction. These systems have 1.6GHz Pentium M CPUs, 512MB of RAM and 20GB >> or 40GB hard drives, 14-inch SVGA 1024x768 screens, CD/DVD-writers and >> built-in 56K modems, ethernet NICs, etc. Just big screen netbooks. >> >> Is anyone running Linux successfully on one of these older IBM >> Thinkpad models? I'll be interested to hear about any experiences >> and problems. > > Until my T41's fan died recently, I'd run both CentOS and Ubuntu on it > with no real problems. I never used the modem, so I don't know whether > it works under Linux or not. Oh. I forgot that: pretty much no. It is one of the nasty software modems, so theoretically you can run the slmodem stuff, but I never got it to work, and it never really kept up with the steady march of time. (As you might expect from a binary blob from a vendor, of course.) Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Australia, seriously. (was Re: Is anyone running Linux on an IBM Thinkpad T41 or T42?)
Galen Seitz writes: > Daniel Pittman wrote: > ... useful stuff deleted to make way for OT question ... > > Daniel Pittman dan...@rimspace.net +61 401 155 707 > > Australia? Really? I know we have some far flung subscribers, but this > might be a record. Yeah, for real. More relevantly, for the next few months, given I recently accepted a job offer that relocates me to Portland, OR, making this my soon-to-be local LUG. :) Regards, Daniel Besides, Linux isn't all that geography-specific. :) -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Is anyone running Linux on an IBM Thinkpad T41 or T42?
Robert Munro writes: > My HP Omnibook 6000 died yesterday. Apparently the hard disk failed as > the Setup program shows Hard Disk [None] and pulling it out, staring at > it and reseating it didn't help, of course. > > Salvage resellers are selling some refurbished IBM Thinkpad T41 and T42 > notebooks on Ebay, which seem to be selling for a little more than $100 > at auction. These systems have 1.6GHz Pentium M CPUs, 512MB of RAM and > 20GB or 40GB hard drives, 14-inch SVGA 1024x768 screens, CD/DVD-writers > and built-in 56K modems, ethernet NICs, etc. Just big screen netbooks. > > Is anyone running Linux successfully on one of these older IBM Thinkpad > models? I'll be interested to hear about any experiences and problems. I am not presently running one, but the T3*, T4*, and T6* models of ThinkPad are all extremely well supported by Linux. See http://www.thinkwiki.org/ for the fine details and all. Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] DVD volume name
John Jason Jordan writes: > I want long volume names when I burn a data DVD. K3b usually allows me many > characters if I specify "Linux/Unix filesystem only," but sometimes not. And > I can't find anywhere a specification for what "Linux/Unix filesystem only" > means - how many characters, what are the prohibited characters, etc. It almost certainly means use of the "Rock Ridge" extensions, which are a way to express Unix style meta-data on top of the ISOFS format. > For that matter I can't find what "Windows compatibility" means either, > although apparently it is fewer characters. The Joliet extensions, at some compatibility level (there are three; I don't know which is used by default.) This has links to all the various bits: http://en.wikipedia.org/wiki/ISO_9660#Extensions Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] how to adjust for special characters in mkdir() function?
logical american writes:
>> dan...@krosp:~$ ls -ld '/tmp/foo bar'
>> ls: cannot access /tmp/foo bar: No such file or directory
>> dan...@krosp:~$ perl -e 'mkdir("/tmp/foo bar/baz quux", 0777) or die $!'
>> No such file or directory at -e line 1.
>> dan...@krosp:~$ mkdir /tmp/'foo bar'
>> dan...@krosp:~$ perl -e 'mkdir("/tmp/foo bar/baz quux", 0777) or die $!'
>> dan...@krosp:~$ ls -ld '/tmp/foo bar'{,/*}
>> drwxrwxr-x 3 daniel daniel 21 Oct 2 13:50 /tmp/foo bar
>> drwxrwxr-x 2 daniel daniel 6 Oct 2 13:50 /tmp/foo bar/baz quux
>>
>> mkdir(2) and mkdir(3) (and related tools like mkdirat) will only create the
>> specific target directory, not any part of the path, as was mentioned.
>>
>> Also, if that didn't work ... well, it would have been noticed. :)
>>
>>> http://linux.die.net/man/3/mkdir mkdir() only takes two parameters and I'm
>>> not sure how it handles spaces in the parameter #1.
>> The same way any path handling function under Unix / POSIX does: they are
>> treated exactly the same as any other legal character for a file naming
>> component, which is to say like any character except for NUL and '/'.
>
> Ironically mkdir -p does create a full path directory with multiple slashes,
> I am using it right now in a shell script program. But apparently mkdir()
> won't
Well, yeah. By, like, design and all. The '-p' argument asks the mkdir
software to split the path, and create any missing directories, so it can do
that.
So, if you want that behaviour you need to implement it yourself, or grab some
code to do it for you. Pretty much every higher level language in existence
has "make the whole path" implemented somewhere. :)
Regards,
Daniel
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] how to adjust for special characters in mkdir() function?
Larry Brigman writes:
> On Fri, Oct 1, 2010 at 7:02 PM, logical american
> wrote:
>>
>>> What arguments are you passing to mkdir()? Do all elements of the path
>>> leading up to the new directory name exist? The following program works
>>> for me.
>>>
>>> #include
>>> #include
>>> main() { mkdir("/tmp/foo bar-baz", 0777); }
>>
>> Try to make a directory with two depths, mkdir("/tmp/deeper/foo bar-baz
>> bam", 0777); and see if that fails. I have been playing around with the
>> directory depth and my program fails with two slash characters in the path.
dan...@krosp:~$ ls -ld '/tmp/foo bar'
ls: cannot access /tmp/foo bar: No such file or directory
dan...@krosp:~$ perl -e 'mkdir("/tmp/foo bar/baz quux", 0777) or die $!'
No such file or directory at -e line 1.
dan...@krosp:~$ mkdir /tmp/'foo bar'
dan...@krosp:~$ perl -e 'mkdir("/tmp/foo bar/baz quux", 0777) or die $!'
dan...@krosp:~$ ls -ld '/tmp/foo bar'{,/*}
drwxrwxr-x 3 daniel daniel 21 Oct 2 13:50 /tmp/foo bar
drwxrwxr-x 2 daniel daniel 6 Oct 2 13:50 /tmp/foo bar/baz quux
mkdir(2) and mkdir(3) (and related tools like mkdirat) will only create the
specific target directory, not any part of the path, as was mentioned.
Also, if that didn't work ... well, it would have been noticed. :)
> http://linux.die.net/man/3/mkdir mkdir() only takes two parameters and I'm
> not sure how it handles spaces in the parameter #1.
The same way any path handling function under Unix / POSIX does: they are
treated exactly the same as any other legal character for a file naming
component, which is to say like any character except for NUL and '/'.
Regards,
Daniel
--
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
