Re: i hate procmail
On Thu, 2003-09-25 at 15:11, christopher j bottaro wrote: > how do i remedy the problem? i.e. how do i invoke procmail manually? Move your mailbox to a temp file and process that with the mail going back to the new mailbox file. You will probably want to use formail to split the messages in the temp file for processing. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: i hate procmail
On Thu, 2003-09-25 at 14:59, christopher j bottaro wrote: > well i guess i simply have to run procmail manually everytime i wanna check my > email. i figured i just run it like this: > procmail < mailbox > assuming my mail spool is $HOME/mailbox. well that doesn't work, and furthermore, > after i did that, and checked my mail via mutt, half my emails were duplicated. > > all i want to be able to do is be able to run procmail manually on my mail spool > ($HOME/mailbox), move mail that has "test" in the subject to $HOME/Mail/testbox, and > leave everything else in $HOME/mailbox. why am i have having such a hard time? =( > Because procmail is a filter in this case, not an in-line editor. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: Fedora
On Mon, 2003-09-22 at 19:19, Buck wrote: > LOL Ok you got me. I guess that because there is no .0 there will be no > official upgrade. Maybe this was in the works longer than RH is letting > on. No, this is a marketing decision to "keep up with the Jones's" or in this case Sun Microsystems. Version numbers are often tweaked by marketing departments to target specific perceived competitors. Or, in the case of one LARGE software company to provide a legal loophole to continue using licensed third party products ;-) - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Fedora
On Mon, 2003-09-22 at 11:23, Benjamin J. Weiss wrote: > So, now I'm confused. > > Does this mean that I won't be downloading RH 10, but instead will be > downloading Fedora 10 or something? My reading is the Fedora is to RH Enterprise Server as Rawhide is to RedHat Linux. It is a developer supported testbed for things that may end up in future releases of ES. Seems to be distinct from RedHat Linux that has traditionally been available for download. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: [SOLVED] Re: URGENT: postfix fails, no internet connection
On Thu, 2003-09-11 at 19:55, Marc Adler wrote:
> * Marc Adler <[EMAIL PROTECTED]> [2003-09-11 16:04]:
> > * Marc Adler <[EMAIL PROTECTED]> [2003-09-11 15:44]:
>
> > my ISP's nameservers have changed. Is there any way to find out what the
> > new ones are?
>
> Alright, that was a stupid question. I called the tech service people
> and they told me to do an 'ipconfig/all' in the Windows terminal
> ('command prompt') and sure enough, there were the new nameserver
> addresses. Now I'm wondering why dhclient didn't automatically update
> them on my Linux box...
Congrats! See, a re-install was not necessary ;-)
As for dhclient and updates, have you made any changes to the dhclient
scripts, the setup files, or /etc/resolv that might interfere?
- rick
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
RE: URGENT: postfix fails, no internet connection
On Thu, 2003-09-11 at 17:53, Marc Adler wrote: > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > On Behalf Of Rick Warner > > Sent: Friday, September 12, 2003 9:30 AM > > To: [EMAIL PROTECTED] > > Subject: RE: URGENT: postfix fails, no internet connection > > > > > > Well, re-install is a bit drastic. You say you cannot get on the > > 'Internet'. Is that what you mean, or do you mean that you have no > > network connectivity? The most likely place to look is in your > > network connectivity, i.e., bits flowing out of your box through > > your network adapter. Everything you have post so far, which is not > > much, is consistent with the network adapter either being dead, or > > not being configured and up under Linux. What is the output of > > ifconfig -a? Are there any boot messages about eth0? Is the driver > > for you network interface card loaded? Can you ping the W2K box? > > > > You had hints there that this was/is a network connection issue. > > Follow up on those. If you need more leads, please post more info. > > You do not give us much to go on. > > > > - rick > > I really have to apologize for the dearth of information, but once I added > the '127.0.0.1 localhost' line to /etc/hosts and postfix started working, > there have been no error messages to tell me what's going wrong. The > computer just won't access the internet, period. > > That is, I have a feeling the network itself is ok, because I can ping both > boxes from each other (RH9 <=> W2K) with no packet loss. > > ifconfig -a produces the following: > > eth0 > Link encap: Ethernet HWaddr 00:07:E9:D8:4A:49 > inet addr: 192.168.1.100 Bcast:192.168.1.255 Mask: 255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:150 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1484 errors:0 dropped:0 overruns:0 frame:0 > collisions:0 txqueuelen:100 > RX bytes: 14068 (13.7kb) TX bytes:124303 (121.3kb) > Interrupt:11 Base address:0xdc80 Memory:ff6ef000-ff6ef038 > > lo > Link encap: Local Loopback > inet addr: 127.0.0.1 Mask: 255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:3459 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3459 errors:0 dropped:0 overruns:0 frame:0 > collisions:0 txqueuelen:100 > RX bytes: 235652 (230.1kb) TX bytes:235652 (230.1kb) > Interrupt:11 Base address:0xdc80 Memory:ff6ef000-ff6ef038 > > If you can think of anything else (conf files, logs, etc.) that would be > useful, let me know, and I will post them. > OK, so networking is OK. Your IP address is in private space, so I assume you have some sort of router/firewall/gateway to the internet. Is that correct? Try this: ping www.yahoo.com then ping 66.218.70.49 Does either work? If the first fails but the latter works, then we need to suspect that your name services are failing. If both fail, then it is more likely that you have a routing problem. For name services: What is /etc/resolv.conf? /etc/host.conf? /etc/nssswitch.conf? Can you ping your nameservers? For routing, what is the output of netstat -nr? Can you ping the defaultrouter? What happens when you do /usr/sbin/traceroute 66.218.70.49? (assuming you have traceroute installed). - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: URGENT: postfix fails, no internet connection
On Thu, 2003-09-11 at 17:16, Marc Adler wrote: > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > On Behalf Of Marc Adler > > Sent: Friday, September 12, 2003 5:47 AM > > To: Red Hat Mailing List > > Subject: URGENT: postfix fails, no internet connection > > > > > > This morning I turned on my RH9 system and it paused around 30 > > seconds when > > starting up NFS and then paused at postfix and failed, giving me a message > > saying: > > > > Starting postfix: postalias: fatal: config variable inet_interfaces: host > > not found: localhost > > > > My other unit is a W2K and it can get onto the internet just fine (as you > > can see). > > > > Anybody have any ideas? > > > > Marc > > > > Ok. No takers. I added a line to my /etc/hosts file specifying that > 127.0.0.1 was localhost, and that seemed to fix postfix and NFS starts up ok > now. But I still have no access to the internet. eth0 boots just fine, too. > Now that there are no error messages at all but I *still* can't access the > internet, I guess I'll just have to reinstall. Being an ex-MS user, at least > it's a familiar routine... ;-) > > Marc Well, re-install is a bit drastic. You say you cannot get on the 'Internet'. Is that what you mean, or do you mean that you have no network connectivity? The most likely place to look is in your network connectivity, i.e., bits flowing out of your box through your network adapter. Everything you have post so far, which is not much, is consistent with the network adapter either being dead, or not being configured and up under Linux. What is the output of ifconfig -a? Are there any boot messages about eth0? Is the driver for you network interface card loaded? Can you ping the W2K box? You had hints there that this was/is a network connection issue. Follow up on those. If you need more leads, please post more info. You do not give us much to go on. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Help - Can't boot RH Linux 9 to Single user mode!
On Thu, 2003-09-11 at 17:02, TOM DOLCE wrote: > I'm trying to boot to single-user mode to reset the root password. I entered "e" on > boot up to edit the kernel line in Grub and added "single' to the end of it, then > "b" to boot into single user mode. However, instead of going to single user mode the > system says: > > Enter root password to do maintenance or Control-D to continue > > So, since I don't know the root password (which is a whole other story) > I enter Control-D and it boots normally to multi-user mode. Is there some > way around this or another way to reset the root password? > > Tom > Grab the installation CD set. Put Disc 1 in the CD drive and boot off that. When given the option go into rescue mode. Follow the directions, and set yourself up in the chroot'ed rescue environment. Here you will be in a shell with root access to your system sans login prompt. Change the root passwd. Exit twice to reboot. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: changing resolution of forwarded X traffic
On Fri, 2003-08-29 at 14:27, [EMAIL PROTECTED] wrote: > > Ah. Thank you, Reuben. This make sense. > Reuben's advice was very good. There might be another aspect, too. If you scale the geometry, you get a different sized window but the data in the window might still be as large, thus you will see less data at one time. You might check the app to see if it will allow further tweaks on components to scale them. For example, xterm allows for you to select font size; try the following two commands and look at the difference: xterm -geometry 80x24+0+0 -fn 7x14 and xterm -geometry 80x24+0+0 -fn 10x20 Both open xterm windows at the upper left corner of the screen, the windows are both 80 characters by 24 lines, but there are two different fonts. Not all X apps will allow such changes of components, and some will force the changes to be in an app-defaults file rather than specified on the command line, but it might be worth exploring what options are available. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: file system full
On Fri, 2003-08-29 at 11:21, lisa ryan wrote: > Hi, > > can anyone tell me a quick way of finding out what may be causing the / file > system to fill up ? > > I did a find on any large files, but it's still at 100% and I can't seem to > bring it down. > > Thanks > Lisa > Lisa, How is the machine configured? Is there a separate /var partition, or is it part of /? Same question for /tmp. If this is something new, then the likely culprit is a log file or a temporary file of some sort growing. If you cannot find and remove the file(s) causing the problem then it is likely that some process has the files open; you will need for the process to release the file before you can recover the space. Try lsof -s -r to get a continuous listing of open files with their sizes. Parse the output to find the large ones; this will also tell you what process has the file open. A bit of a pain, admittedly. If you have suspect processes you think are the problem, you can craft the lsof command to report for those processes only. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: NIS client couldn't log in
On Wed, 2003-08-27 at 19:39, Zhou, Rongx wrote: > The following is logging messages from NIS client machine when I log into this > machine with a normal NIS account. Thanks. > > Aug 27 14:18:57 rzhoux-dev03 sshd(pam_unix)[881]: check pass; user unknown What does ypwhich return? This indicates that either the user is not in NIS or the server is unavailable. ypwhich will tell if you are bound to an available server. If not bound, then run ypbind with the debug flag (kill ypbind first, then ypbind -d); what are the output lines in /var/log/messages? - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Remote access full graphical interface RH9
On Wed, 2003-08-27 at 14:43, Benjamin J. Weiss wrote: > I haven't yet found a free X server for windows for linux to forward to... FYI, cygwin (which is free) can include XFree86. Thus you can have a freely redistributable X server under Windows. And cygwin can include ssh, too. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Bind 9 on Redhat 8.0
On Wed, 2003-08-27 at 13:59, Simran Hansrai wrote: > Actually I already have that in there (/etc/resolv.conf of my dns server and > all my other unix servers).. should have probably mentioned that.. I have > tried both search chamkila.org and domain chamkila.org.. but I am still > unable to do a nslookup with just the computer name and have to have the > full enermax.chamkila.org in order to do a lookup. Do my windows boxes have > to be in a domain (chamkila.org) in order for it to work with just the > computer name or is that incorrect? Because it is working fine on all my > unix boxes that have search chamkila.org in their /etc/resolv.conf and my > dns server as their nameserver.. > This is not a server issue, so nothing to do with /etc/resolv.conf on the server (which affects only the local client resolver on that machine). You need to add the DNS domain info to the windows clients. How/where depends on the IP config and the Windows platform in question (2K, XP, etc.). If the Windows machines get IP + DNS servers from a DHCP server, then you need to fix the DHCP server. If the Windows machines have static IP information, you will need to go into the properties panel for the IP connection. Select 'Internet Protocol (TCP/IP)' from the components list then click on the properties button. Click on the 'Advanced' button, then select the DNS pane. Add you DNS domain name in the box for 'DNS suffix for this connection'. Click through the OK buttons to exit from the properties panel. Depending on the Windows flavor you may need a reboot (WinNT for example will need a reboot). This should fix the problem. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Bind 9 on Redhat 8.0
On Wed, 2003-08-27 at 13:59, Simran Hansrai wrote: > Actually I already have that in there (/etc/resolv.conf of my dns server and > all my other unix servers).. should have probably mentioned that.. I have > tried both search chamkila.org and domain chamkila.org.. but I am still > unable to do a nslookup with just the computer name and have to have the > full enermax.chamkila.org in order to do a lookup. Do my windows boxes have > to be in a domain (chamkila.org) in order for it to work with just the > computer name or is that incorrect? Because it is working fine on all my > unix boxes that have search chamkila.org in their /etc/resolv.conf and my > dns server as their nameserver.. > > Thanks for your reply, > Simran H. > > - Original Message - > From: "Sean Estabrooks" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, August 27, 2003 1:31 PM > Subject: Re: Bind 9 on Redhat 8.0 > > > > v+On Wed, 27 Aug 2003 13:18:42 -0700 (PDT) > > [EMAIL PROTECTED] wrote: > > > > > Hi Guys, > > > > > > I have just built my Redhat 8 box as a dns server and have installed > bind > > > 9.2.2. > > > > > > I have it working just fine from all my unix boxes, for example: > > > > > > $nslookup enermax <- returns the expected output with the correct name > and > > > address. > > > > > > However, from all my windows boxes I have to do the following in order > to > > > get a correct output: > > > > > > $nslookup enermax.chamkila.org > > > > > > But, it should be able to give me the same output with $nslookup > enermax, > > > but it does not. > > > > > > Any ideas as to how I can get this to work? Any suggestions or comments > > > would be grately appreciated. > > > > > > > add this line to your /etc/resolv.conf file: > > > > search chamkila.org > > Scroll up, re-read the problem. Problem is on windows boxes, not *NIX boxes. Solution is correct, but wrong location since you missed the platform. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: NIS client couldn't log in
On Wed, 2003-08-27 at 11:08, jurvis lasalle wrote: > sorry for the delay- i'm moving this week and things are a little > hectic. i'll try to be as brief as possible (hah!)- > i have been configuring a kickstart installation for a college CS lab. > my configuration installs a base rh9 development environment with nis > authentication. i decided to test whether i had really seen the > behavior i described in that post and just what role iptables played in > that debacle. my kickstart file is posted on the web here, > http://turing.bard.edu/~lasalle/nisprobs/ks.cfg . i booted two > computers from disc and had one load a copy of the file with the > firewall disabled and one with the firewall line that Jason Dixon > suggested last week (otherwise the systems are completely identical- > can you tell i was an experimental physicist before i got into > systems?). As usual, i can authenticate via nis on the machine without > a firewall but not the one with it. > I ssh'd in as root on the firewalled system and grabbed an informative > screenshot posted here, > http://turing.bard.edu/~lasalle/nisprobs/ypprobs.jpg . I'd like to > note that my suspicion of broadcast mode was a red herring. i was able > to use ypcat even without starting ypbind in broadcast mode. Yet > despite ypcat being able to query the server, I cannot authenticate via > nis. Note in the screenshot how long ypwhich took to execute (can you > explain the error it produced). the screenshot is continued here > http://turing.bard.edu/~lasalle/nisprobs/ypdebug.jpg where i start > ypbind in debug mode for you. > so i emphasize that I don't know what is wrong, but that stopping > iptables is a solution. if you'd like to look, my iptables rules are > here, http://turing.bard.edu/~lasalle/nisprobs/iptables.txt . i hope > this was informative. if you need any further info, just ask. > Again, I suspect that *iptables* is your red herring and not broadcast mode. If you really wanted to be experimental you would try starting ypbind with the debug flag and then look at the logs to see where it is hanging up. Your screenshot really tells us very little; the only real information is that ypwhich takes a long time, then succeeds, but gives zero insight into the source of the problem. Much more informative, to you and anyone else, would be to run strace ypwhich and look to see which system call it is spending all its time waiting to complete; I strongly suspect your culprit is in the name resolution and not at all with NIS stuff. When you do the strace you will find that a lot of what transpires is an attempt to resolve the IP information back to a name. Please do an experiment that can show the nature and source; you experiment presumed that iptables was the source and you followed only that lead; go deeper. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: NIS client couldn't log in
On Tue, 2003-08-26 at 18:23, Zhou, Rongx wrote: > Thanks all >Something I must clarify. > /etc/nsswitch.conf is set correctly as Rcik said > I can log in locally with root or normal user > No network connection problem, all testing linux boxes are connected together. > I think it has nothing to do with iptables."ypcat passwd" execute successfully. BTW > I didn't start iptables but why I see the ip_tables module when I execute lsmod. > Can anyone successfully implement it on Redhat v9.0? pls share me with your > experience. I am running NIS with Solaris, AIX, RH 6.2, 7.3, 8.0, and 9 clients with a RH 6.2 master and RH 8 slaves. All works fine for all clients including the RH 9 ones. So it is possible. For starters, what is the 'passwd:' line in nsswitch.conf? What is the platform for the NIS server? client? Have you turned on debugging of ypbind? Any insight in the logs? You say you cannot su to a user with a NIS account; what are the messages that su gives in /var/log/messages? What is the message you get in the terminal window? You said, I believe, that you cannot ssh in as a NIS user; what are the log messages from sshd? Have you turned on debugging of sshd? To be honest, the only time I have had problems with RH NIS clients was a couple of years back with RH 7.x (7.2? Do not recall off-hand). There was a bug in pam authentication that caused failure with DES 'crypt()' generated passwords longer than 8 characters. I could log in, but only if I typed in the first 8 characters of the password, only. At one point I was using a Solaris (2.6) NIS server and had problems with HP-UX clients; that was an RPC version problem and moving the NIS server to RH Linux fixed the problem. Give us a bit more insight into your setup and then perhaps we can resolve this. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: NIS client couldn't log in
On Tue, 2003-08-26 at 13:17, jurvis lasalle wrote: > > Sorry, I failed to post the resolution to my problem. Once I turned > off iptables, the client bound to the server and all the yptools worked > as usual. As I stated in the post at the time, I was (and still am) > very perplexed by ypcat working without being able to authenticate as > any nis-user. I didn't pursue the matter any further though once I > turned off iptables (you know how it is when the resolution to a > mystery you never understood in the first place comes along). So > sorry- no elucidation here. > Do you really think that such a situation is impossible? The settings > were a default red hat 9 install with firewall on medium and holes for > dhcp and ssh, and ypbind in broadcast mode (ypcat and ypwhich would not > work at all if i specified the server). I don't know much about the > underlying system calls you mention, i'm just relaying my own > (documented) observations. hope someone can make sense of this... > Jurvis, Perplexing. I still do not see a mechanism for any iptables interference, and am very skeptical. Further, ypbind uses the same mechanism for binding when using broadcast and directed server mode; in fact it is more common for failure to happen with broadcast mode due to problems like routers/switches blocking broadcast messages, etc. What I truly suspect happened is that you had an ancillary network issue that was preventing ypbind from locating the server and that was iptables related. I would bet that if you fixed that issue that ypbind would then work fine with a specified server. The only real difference in broadcast mode and where a specified server is set is how ypbind locates the server, and if a server is specified then there is a name resolution component! The binding is essentially the same mechanism either way. So, color me skeptical that there is a yp related iptables issue, but I do think you might have had an iptables issue related to some other network component that ypbind might have used in non-broadcast mode. Of course, the best way to discern what is happening is to run ypbind with the debug flag and then browse the debug file for info; a significant portion of the ypbind source code is for debug/logging so might as well put that to use :-) - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: NIS client couldn't log in
On Tue, 2003-08-26 at 11:05, jurvis lasalle wrote: > > > Actually rick, I had similar problems with rh9, NIS, and iptables as > posted here > http://info.ccone.at/INFO/Mail-Archives/redhat/Jul-2003/msg00806.html > In broadcast mode i was able to use ypcat to list the nis maps although > i never could authenticate as such a user. The problem was indeed > iptables... > > Whether or not this is the problem the poster is facing- well, let's > just say we've all heard the complaints about posting sufficient info > for proper diagnosis ;-) Hell, we don't even know if the original > poster could login from the terminal, it just says he can't do it > through ssh... > > jurvis > Jurvis, I followed the link you gave, and traversed the thread, but in the thread there is no hint as to resolution of the problem or anything that points to iptables. Do you care to elucidate, since here you assert that iptables was involved but the reference does not show how you arrived at that conclusion.I am skeptical, since ypcat makes exactly the same system calls that would be made during a call during user authentication; if one succeeds there is no logical reason the other should fail. No additional calls or ports are involved, Please help to educate me/us. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: NIS client couldn't log in
On Tue, 2003-08-26 at 10:16, Ben Hall wrote: > I'm using RH9 to connect to an existing NIS server (on Solaris.) I had > problems connecting to the server when RH's firewall (iptables) was > running. Try turning that off. > > (PS: Your HTML mail gave _VERY_ small fonts on my copy of Evolution, I > could barely read your message.) > > On Sun, 2003-08-24 at 21:15, Zhou, Rongx wrote: > > Hi, all > > > > I recently setup NISenvironment in linux boxes. I use Redhat > > 9.0. I think the environment set up properly with a NIS master , a NIS > > slave and a NISclient. From the NIS client machine I type the ypcat > > passwd, I can see the newly added user accounts. But I can’t log in > > using this testing account through ssh. Can anyone give me advice? > > Thanks a lot. Since he can do ypcat and see the result the problem is not iptables; if it were then ypcat would fail, too. The likely problem is our good friend /etc/nsswitch.conf. Make sure that the passwd line included nis, i.e., it looks something like passwd: files nis If not, then make the appropriate change. If nsswitch.conf is correct, then we need to start looking at the scope and asking some questions. Can you connect and login to a local (in /etc/passwd) accout? If not, the problem is more global than nis. But lets start with the switch file. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: nsswitch.conf
On Mon, 2003-08-25 at 17:05, Sean Estabrooks wrote: > Yes, but don't you hate it when you see someone posts a smug, > non-helpful, diatribe instead of politely working with someone > and requesting the information that they need? Sometimes i wonder > what those people get out of posting to the list. > A) It was not smug, it was corrective considering there had been a string of bad information being posted, and that was an endpoint at which is was good to point out this fact. Basically, despite all the (incorrect) stuff posted here today on this subject, the resolver library is quite predictable and client apps do not vary in how they access the resolver. nslookup is not a client app in this context, it is a part of one type of resolver package and is specifically written to bypass the general resolver library functions. B) It is proper etiquette to post complete information when requesting assistance. In this case, zero relevant information was posted. Relevant information includes known configuration files, command lines, any trace information available, etc. This situation of incomplete requests has become all too common on this list. If I were to request information for every incomplete request on this list I would be spending a good deal of my day doing so. Again, if one desires assistance it would behoove the poster to provide the information rather than forcing a game of 20 questions. It is much more efficient, and a better use of everyone's time and bandwidth. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: nsswitch.conf
On Mon, 2003-08-25 at 16:37, Sean Estabrooks wrote: > I'll try to choose my words more carefully for you next time Rick ;o) > Perhaps you'd like to help solve the issue that we're discussing? > I might give it a shot if complete, and I do mean complete, information was ever posted. To whit, to take a shot the following information is essential: contents of /etc/hosts contents of /etc/nsswitch.conf contents of /etc/host.conf contents of /etc/resolv.conf the exact command line (and I do mean exact) that shows a 30 s delay Those who post partial information, or in this case no information, should not be surprised when all they get is conjecture. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: nsswitch.conf
On Mon, 2003-08-25 at 14:22, Sean Estabrooks wrote: > Ironically, the first one that comes to mind is nslookup: > > nslookup [hostname] Does that surprise you? It is neither surprising nor ironic. nslookup is part of ISC's BIND and is written specifically to query DNS servers, not follow system resolver protocols through a chain of services. First line in the Description part of man page reads: Nslookup is a program to query Internet domain name servers. DNS lookups is all it is designed to do, so should not expect it to behave a like a standard client app and use system resolver. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Bandwidth Speed Test for cable and Methods of Increasing yourInternet Speed
On Sun, 2003-08-24 at 22:10, Didier Casse wrote: > Hello all, >I've been wondering whether there's a command in Linux to test > the Bandwidth Speed directly. Up to now I've been using the site > www.aspeedtest.com to verify my broadband internet connection speed. I've > seen some scripts in Google but I have seen direct commands for it. > > Some software on Windows claim to boost internet speed by 220%!!! Just > wondering whether anybody tried those and whether it is true in the first > place. > > Can we boost Internet connection speed in Linux? If the answer is "yes", > then how? Thanks for the help. The claims for how much they can 'boost' the speed are a bit exaggerated, and based on worst case to best case scenarios. Basically, all they do is to some round trip tests while tweaking a couple of TCP/IP parameters, notably MTU and Window size. Once they find the 'optimum' then the software sets the registry keys so that the settings are persistent. If you knew enough, you can do this easily without the software. Same with Linux. Test, tweak, test, tweak. In most cases, unless you are on a poor network connection (most of the speedup for Windows machines come from dialup, BTW) or have a poorly configured machines the performance boost is likely to be minimal. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Command free
On Thu, 2003-08-21 at 10:31, Mohamed Patricio wrote: > hello people, > > total used free sharedbuffers cached > Mem:513488 510424 3064668 8144 344916 > -/+ buffers/cache: 157364 356124 > Swap: 1228964 184281210536 > > Is correct I say , this: my machine have only 3064 of memory free to new > programs? > This should be a FAQ question; it pops up way too regularly. In a word, no. What that says is that 3064 (Kb) has not been used by anything yet (has not been allocated). But you have 356124 (Kb) that has been allocated at some time but is now free (buffer/cache line). And you have 1210536 (Kb) in available swap space. So, you have 350 Mb of "real" memory free for programs/data at the moment, and over 1 Gb of virtual memory free. You should read up on memory use by Linux - allocation, deallocation, how these affect reporting by 'free', etc. - rick - -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Sweet Success
On Thu, 2003-08-21 at 08:19, [EMAIL PROTECTED] wrote: > From an admin point > of view, I want a box out there that my users can't change. When they > make a change and it screws up the computer, it costs my company money for > me to fix it (whether I fix it myself, or hire someone else to do it for > me). Some would fire the user, but guess what - it costs money to replace > them, too.(2) > If they have console access, and there is any media access, there is no way to prevent them from making changes. True of any OS. Someone will change something at some time. Plan on it. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Sweet Success
On Wed, 2003-08-20 at 17:44, Jason Dixon wrote: > Actually, I've been rather embarrassed at the volume of errata that Red > Hat has released over the last couple of years. Is this a bad thing? > Only if the administrator hasn't maintained the system properly. A good chunk of these errata have come from the fact that people are understanding more about exploits and more people are scanning through the source code of all the various packages looking for problems before they become exploits. The cumulative effect is a system that will be more secure in the future. One of the advantages of having many eyes auditing the source. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Sweet Success
On Wed, 2003-08-20 at 14:17, [EMAIL PROTECTED] wrote: > Ignoring recommended patches - whether from Redhat, > Microsoft, IBM, or whomever - will bite you in the CPU one day. Yes, but with Linux and other *NIX OS's I can install most patches on a running system without a need to shut it down or reboot. With MS most any change meant a reboot in the past; they are getting a bit better, but still rather archaic to require most of the reboots it does. > Never once has it been suggested that I "recompile the Windows OS" to get > maximum performance from my computer; Of course it has not been recommended; you cannot! You do not get the source. Many, many things *could* be optimized in MS OS's *if* you had the source. Not an option. As it is, there are many arcane things to be done on Windows to optimize performance; slumming around in the registry and modifying values, adding keys, etc. is de rigeur in the Windows world, and much more time consuming that compiling a kernel. Try optimizing the MTU on you NT machines! Trivial command line in Linux, done on running machine; registry key addition and reboot on NT. > "re-compile the kernel" in response to a question about Linux performance. Of course. Distributions come with kernels with lots of stuff stashed in their that most folks never need. Slim it down, get better performance. If I have many similar computers, I recompile once and then distribute to many. Rather efficient. Try moving your registry key changes from machine to machine (yes, you can export parts of the tree, but if you have many changes, that is a lot of exports and imports). > I read stories where someone has seen a performance increase after > replacing Windows with Linux, I personally have yet to see it. Anecdotally > (ie, with no benchmarks) my Dell Latitude is about half as speedy running > in Linux as it in Windows. To get the same performance from Linux, would > I need to get a faster computer? Something else to factor into the TCO. Depends on the use of the machine. For *any* server function I can get better performance from Linux on almost any box. For desktop, it depends on what the person runs. Still, if you chuck the popular bloatware (Gnome and KDE) for the desktop, it is a race that Linux can win in a majority of cases. Need to know the OS and the pieces. > For me, and probably 90%+ of the admins out there, > it's far easier to recover from a security breech in a MS-based system (or > network) than a Linux-based one. Why? Because it's what we know - and > therefore is likely to be the least costly alternative. And 90%+ of Windows admins are deluding themselves into believing they have recovered from incidents. In most cases I can scan their machines and find backdoors open on obscure ports, registry keys left in place that open other vulnerabilities, etc. 90%+ of Windows admins recover from incidents using a cookbook method: install this patch, reboot, run the virus scanner, delete all infected files ... blah blah blah. They do not understand enough to know that one penetration often engenders other intrusions, and the damage can be much broader than the simple situation they believe they have under control. Yes most admins are more comfortable fixing Windows problems, but that is because they do not understand the problems and are delusionally comfortable with following a cookbook. > I stand by my statement about viruses and worms - as Linux desktops become > more prevalent, so will the Linux-based malware. Why desktops? Because > that's what the "uninformed" (1) will be using and abusing; the same type > of problems we see on Windows desktops will be seen on Linux desktops. Yes, there will be malware, but the OS will provide *much* better protection and the scope of the problem will be less than what we have seen from the never-ending parade of stuff hitting the MS world. Not allowing users to change system configs (aka registry keys) and not allowing them to open all devices and ports, like most Windows user can, protects the machine, the network, and the world from most malware. There have been multiple attempts to introduce virii and worms into the *NIX world; so far only a few have succeeded (e.g., the Morris worm from the mid 80's); the *NIX world learned and moved away from giving services and users the types of access needed to propogate these beasts. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Sweet Success
On Wed, 2003-08-20 at 07:56, Benjamin J. Weiss wrote: > Question: We tried last year to use samba as a print server for a bunch of > Win2K client machines on a domain. We could get Samba to authenticate to > the WinNT domain, no prob, but we couldn't get the print server to see any > of the special features of the printers. For instance, we have a couple of > HP laser printers with duplexers. We were able to get the linux box to be > the print server, but couldn't see the duplexer on the printer. > > Were you able to get this kind of functionality? And if so, how? Samba and Linux, and Win(whatever) do not see such features. Such features are only 'seen' by the printer. What you are asking is, how can one control the use of such features? There are two philosophical positions: 1) such features should be under the control of the client, so each client can choose to use, or not use, the feature, or 2) such features are for the good of the community and all users must make use of the feature. In the first case, the control of the feature is via the printer control panel on each client. Use of the feature then becomes a training issue. In the second case, control of the feature moves to the server or to the printer! If the server the location one wants to set the control, then the server needs to be set to prepend the appropriate control codes to the print stream to enable/disable the feature. How this is done is dependent on which printing system is on the server. In the worst case scenario, one must write a print filter and associate it with the queue. Not all that difficult. But IMO in the case mentioned, if one wants to enforce use of the duplexer the best fix is to set the printer to duplex all jobs. No way for anyone to subvert the intent (if the server prepends control codes to my stream, I can have control codes embedded in my stream to counter what the server does). And yes, I have done duplexer control of an HP4050TN printer through a SAMBA shared Linux print queue. Do not look at Samba for this, look at your printing system (lpd, cups, etc) docs for how to do print filters. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Sweet Success
On Wed, 2003-08-20 at 06:34, [EMAIL PROTECTED] wrote: > -- who will maintain the OS and other various software updates? Same could be asked of MS products. Case in point: in 2000 there were over 50 IIS patches; since IIS has been the entry point of some of the nastiest worms (remember the Code Red family? ) someone needs to sit on top of an IIS server and check daily for patches/fixes, IMHO. > -- I have a Windows NT Server which has been processing our HTTP, SMTP and > POP3 for more than 5 years. Total downtime is measured in hours, all of > it in upgrading the web server software (not MS) and MS patches. We don't > use it for anything other that what I spec'ed it for - a server. Hours can be a great deal of downtime. How many hours? In my last job I had a multi-server web site (3 boxes spanned the period of the life of the site). The servers ran RH Linux. The site ran for 2+ years without even a minute of downtime. Patches were added without a need for reboot. The first downtime we experienced was due to the requirement of the colocation facility for us to move to another site. After the move we had over a year without any downtime before I was laid off. > -- I have a Windows NT Server, used for user network authentication and > print server. It's been in place for more than 5 years, less downtime > than the web server. Again, it's used as intended and for nothing else. Yawn! A whole box for that little work? I hope it is not much of a box. > The only time we've had trouble with any Windows box is because of lame > users who install the latest worm or virus. And the reason that virii/worms is so prevalent is time's up ... MS has made almost 0 effort over the years to protect against such things. They have actively encouraged the proliferation, IMO, by being so nonchalant about the issue and shipping OS's with known multiple vulnerabilities open by default. BG is making noises now about 'trust-worthy' computing, but it has been only a couple of years since he publically stated that MS would not provide technological solutions to the problem because it was a social issue and should be addressed by society as such. Outlook and IE are nothing but virus propogators; those who use them will get infected unless they do daily updates, and then there is still a risk. > Linux is less prone to that > problem for now, but will not remain so as Linux desktops become more > prevalent. And they will maintain less prone since there is more protection in the OS against the proliferation of such things. > As for cost: did you (or the admin) consider Microsoft's Partner In > Development program? It runs about US$1000/year, and gets you the latest > Windows Server software, workstation software (XP these days), Office > software, etc. With licenses for multiple installs of the non-Server > software. Not a bad way to go, if you qualify. And the purposes and limitations of that program are to be used by those developing for MS platforms. Not to be used for installing at customer sites. Good for evaluating/testing in-house, but your customers still need to pay the bill to Belmont. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Linux Memory Behavioir
> through a loop of stuffing characters into an array. > I wrote the Perl script. We are going to create a C++ > version of the Perl script. However, we do not think > that Perl is the problem. Hmmm, do not be so sure. Think for a moment. How is the array indexed? It is almost assuredly a long int, so the max you will ever get is from this strategy is 4Gb if the long int is unsigned. There might be other limiting factors, but your strategy will NEVER be able to index 10 Gb of characters; now if you stuff long ints into an array you would potentially fill 16Gb - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Stupid find Tricks
On Tue, 2003-08-05 at 09:52, Mike McMullen wrote:
> Ok maybe the diet coke and sugar wafers haven't kicked
> or maybe I are 'tarded. (My wife leans towards the latter
> most days.) but I can't figure out a way to get find to show
> me files that haven't been modified in the last 30 days.
>
> Can someone give me the magic incantation. I use it for
> tons of other stuff but can't see how it can used for this.
>
> I want to find files that haven't been modified for 30 days
> and move them to an "On-Hold" directory.
>
> Any help appreciated.
>
Two ways:
find /mydir ! -mtime -30 -print
find /mydir -mtime +30 -print
First is find everything in which modified time is not (!) in the last
30 days (-30). Second is find everything where modified time is more
than 30 days (+30). Both should return +/- same result.
Putting latter with a move:
find /mydir -mtime +30 -exec mv {} /holddir \;
- rick
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
Re: udp port 624 listening?
On Thu, 2003-08-07 at 06:43, Mike Vanecek wrote: > Why is xinetd listening on udp port 624? > > udp0 0 0.0.0.0:624 0.0.0.0:* > 2144/xinetd > > I have looked at grep 624 /etc/xinetd.d and found nothing. Where else should > I look? > OK, rather than answer the question I believe it is better to tell you how to find the information yourself. The tactic you used is not good in that the /etc/xinetd.d/* rarely list the port number, they list the service name in most instances. Better to: grep 624 /etc/services to find the service name, then grep /etc/xinetd.d/* Another way is to use lsof lsof -i UDP:624 This will tell you that xinetd is using that port, but it will also list what else is involved. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: increasing Apache MaxClients 2048
On Fri, 2003-08-01 at 09:44, [EMAIL PROTECTED] wrote: > Anyone has experiences in re-compile apache-1.3.27-2.src.rpm and increasing Apache > MaxClients 2048? > > > i try to recompile apache-1.3.27-2.src.rpm > like rpm -ivh apache-1.3.27-2.src.rpm > then i go to /usr/src/redhat/SOURCES/apache_1.3.27/src/include/httpd.h and changed > 256 to 2048 > then go to /usr/src/redhat/SPECS did rpm -bp apache.spec , > then go /usr/src/redhat/RPMS/i386 and did rpm -Uvh apache-1.3.27-1.7.2.i386.rpm > --force, > last i goto edit httpd.conf changed MaxClients 450 and restart apache Comment on process. Read the man page for rpm/rpmbuild. Look at the -bp does (it unpacks sources and applies patches), hence it overwrites your change. You will need to write a patch file and insert code into the spec file to apply the patch. Comment on what you are trying to do. Why? Apache 1.x is non-threaded, so increasing MaxClients beyond 256 usually results in lower performance; often dramatically lower performance. At a prior job I worked with a customer trying to optimize Apache 1.3x; found that pumping up values like MaxClient was counter-productive. Go ahead and try, but the limits are set for a reason. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: RedHat 8 FS problem.
On Mon, 2003-07-28 at 07:38, Michael Kalus wrote: > Hi, > > I do have a redhat 8 box here that lost power over the weekend. When it came > back up it complained about fs corruption (ext3). > > So Logged in and issued an fsck on all the file systems. All came back clean > but /pub > > The complain I receive is that LABEL=/pub cannot be found, when I try to do > an FSCK on the device I receive the same error message. > > Anybody got an idea on how to check / recover the file system? > Since you cannot fsck the device, that indicates that the OS cannot find the device. Is this partition on a separate disk? If so, I would suspect that the disk is not spinning up, the BIOS is not recognizing it, and hence the OS cannot recognize its existence. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Help --need to increase swap partition on RH9
On Thu, 2003-07-24 at 13:32, James D. Parra wrote: > Hello, > > How can I increase the swap size on production system? We added more RAM and > I need to increase the swap space. > Unless you left space adjacent to the swap partition on the disk, you cannot increase its size, unless you use something like Partition Magic to adjust sizes of the partitions on the disk. But there are two options depending on your partitioning scheme and/or free space on other partitions: 1) Add another swap partition if there is un-partitioned space 2) Add a swap file on an existing partition. man mkswap will give you the details. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: RH 10
On Thu, 2003-07-24 at 10:20, dnk wrote: > 10 is on it's way out already? No announcement I know of on version number. But a BETA (Severn) was released in the past week. If RH keeps with their 6-months between releases schedule, then it should be officially released in late September of so. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: RH 10
On Thu, 2003-07-24 at 09:22, mark wrote: > Well, I just read about RH "opening up the development process" to > outsiders, over on ZDNet. *Then* I read the "system requirements" for 10: > 200MHz for *non-graphical*, 400MHz for graphical...*minimum*. > > Does RedHat think they're the next M$? You're flogging the wrong horse. RedHat is in the distribution business, not writing the software themselves. People keep wanting more features, support for more devices out of the box, prettier front-ends, etc. etc. The kernel developers keep adding more and more features, more devices. Gnome/KDE folks add more features, etc. etc. In the end, all the parts that make up Linux are becoming bloated *if* we accept all these options. Problem is, too many folks whine and complain if their device is not supported or their favorite feature does not work out of the box. So, those who do the distros, including but not limited to RedHat, try to please the greatest number of folks by the end of the initial install. So they have too many options enabled in the kernel, they choose the big flashy GUI's, other packages are optimized for feature-richness rather than performance/size. That's the bad news; as long as lots of folks whine because their favorite gee-whiz-bang bleeding-edge device is not supported out of the box, RH will continue to deliver a product that has maximal functionality after initial install. The good news is, you have the source, you can back in and slice, dice, and cut back to the minimum necessary for your environment. More work, but in the end you have a better, more optimized kernel. You can pick a more streamlined GUI. You can optimize other packages for speed. Take control rather than trying to blame RedHat - the enemy is everyone who wants a new device or feature, in other words ... US. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: [way -OT] Voicemail
Been a while, but Audix is running on a very old release of System V. It might take some doing to get it to work since they have tried to hide the OS and give you that rather old-fashioned management interface. In theory it should work, the question is how many hoops will you need to jump through on the way. All the Audix systems I have seen all came with a built-in tape drive for backups of the VM stuff. They used the old QIC 1/4" tapes, and last I tried to buy some it took some searching to get the right tapes. Does yours have the built-in tape drive? If so, why not use that? Again, the functionality is 'their choice' but it is something and it is there. - rick On Wed, 23 Jul 2003, Jason Staudenmayer wrote: > I know this is way OT but I can't find any info on the web and maybe > somebody one the list has done something like this. We have an Intuity Audix > Voice mail systems is there any way to archive voice mails to a RedHat box > or some other storage media (tape,cd). We would like to be able to select > certain mailboxes and "back them up" for later use. > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: [OT] ... SCO case
On Wed, 23 Jul 2003, AragonX wrote: > Also, I believe the UNIX patents expire > next year. The patents are likely irrelevant. There is contention about ownership of some of the copyrights, some of which may have been transferred from Novell to SCO under an amendment of the contract that gave SCO licensing rights for UNIX. But Novell is adamant that no patents were ever transferred and that they retain full ownership of the patents. SCO has mucked the water by talking of a contract breach then talking of copyright infringement, which are different. But SCO has never said anything about patent infringement. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: [OT] Does this mean that IP was proven on the SCO case?
On Tue, 2003-07-22 at 13:42, rm wrote: > none of us really knows if there is any truth to their claim. Yes, and unless they disclose what their claim really is, then no one will really know. Signing a 'brutal NDA' to hear their claim is not disclosure. > David Boise is a damn good lawyer, Was not able to do much for Napster good and able to leap tall buildings are different. > Some interesting stuff here > http://www.bsdnewsletter.com/2003/07/News91.html Yes, and that piece starts out with a piece of FUD. The first part implies they have something from the Copyright Office that the piece implies validates their claim. The Copyright Office is, pure and simple, a registrar. It can provide evidence to the legal system of ownership. But the implied message that what SCO received validates their claim is pure FUD since the CO cannot provide anything more than registration information - who registered what and when. - rick -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: [OT] Does this mean that IP was proven on the SCO case?
On Mon, 2003-07-21 at 19:07, Edward Dekkers wrote: > > > SCO has a lot to prove. If they prove the case against IBM then that > > will affect IBM and its customers. But since this is a contract > > dispute, it can only affect parties involved in the contract. I never > > signed any agreement with SCO. Did you? > > No, I did not. My concern was the fact that in the company quotes to the > media - there's NO mention of IBM Linux customers - it seems to be > targetted at the "Linux User" in general. Mind you, the article could be > poorly quoted I guess. Correct, but that is part of the FUD they are trying to spread. So far the only action SCO has taken, legally, is the lawsuit against IBM. The lawsuit filed is a contract breach allegation. But, SCO has waved their wand and made nebulous allegations that some of their IP, without specifying what it is, has leaked into Linux, including the kernel. They make statements that their IP rights have been violated, but refuse to show anyone what part of the code they believe they own. Ignoring for the moment that they may own nothing as far as any code is concerned (Novell's claim), they seem to be trying to get people to think that Linux is tainted and they either have to abandon Linux (and presumably by SCO Unix), or pay licensing fees to SCO. Until they come clean and designate what they believe is in Linux that violates "their" IP, there is no basis for anyone to believe their claim, hence their licensing program amounts to not much more than an extortion attempt, or a poker bluff if you prefer. *IF* someone knew what parts of Linux are in dispute, those sections could be rewritten in a 'clean room' environment and the dispute for on-going claims would be nil. But you cannot target those sections if you do not know what they are. To go back a decade, that is what happened with BSD. FreeBSD, OpenBSD, NetBSD,etc. are all based on BSD 4.4 Lite, which is the cleaned up version of BSD to satisfy USL's claim of infringement by BSD in the previous attempt at an OpenSource release, Net2. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: [OT] Does this mean that IP was proven on the SCO case?
On Mon, 2003-07-21 at 18:04, Edward Dekkers wrote: > > http://www.arnnet.com.au/index.php?id=1679444165&eid=-100 > > Surely some clever programmers can just re-write the offending code so > as not to breach IP? (from memory wasn't it the TCP/IP stack?) This will > not save IBM, but surely then they would not be able to sue Linux users > if their so called 'copied code' wasn't in the new versions? This shows only that SCO thinks they can scare people into paying them money for fear that SCO might own the intellectual property. The case is going to drag on for a long time and SCO has to prove two things in the IBM case, and only one of those affect anyone other than IBM and its customers: 1) That SCO owns some rights to UNIX. Novell says all that they transferred to SCO was the right to license, not ownership of the code. SCO claims they own it all. 2) That IBM violated some IP that belongs to SCO. At this point it is a contract dispute; SCO claims that IBM unlawfully took parts of what it had licensed from SCO, in violation of the contract, and placed that or allowed it to be placed in Linux. So SCO will have to show that there is code in Linux that was in the stuff IBM licensed from SCO, that IBM placed or allowed the offending code to be placed into the Linux source stream, and that act violated the contract. SCO has a lot to prove. If they prove the case against IBM then that will affect IBM and its customers. But since this is a contract dispute, it can only affect parties involved in the contract. I never signed any agreement with SCO. Did you? To go after the Linux community as a whole, SCO will need to show they have more than licensing rights, and that offending code moved from their source into the Linux source stream. Reminiscent of the USL vs BSD lawsuit of a decade ago. Sad what became of Caldera, now SCO. In the early days of Caldera the original crew donate a lot to the Linux community; Novell compatibility stuff, dosemu stuff, etc. But the current management is grasping at straws to try to save their stock value. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: enable NFS client
First caution: NFS has and continues to have a number of security issues. Do not run NFS on a machine that is not protected by other means. 'nuff said on that. NFS requires two ports. First, the portmapper needs to be available; that is port 111, UDP and TCP. NFS itself requires port 2049, UDP for versions < 3 and TCP/UDP for ver. 3. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: Postfix Mail Woes
On Wed, 2003-07-16 at 08:09, Scott Antonivich wrote: > Hmmm pop3s - shouldnt that be ipop3? No. pop3s is POP3 over SSL, on port 995. ipop3 is an implementation of POP3, not a service name. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Installation fun...PHP & GD
On Mon, 2003-07-14 at 16:36, Logan Linux wrote: > 1) Can I trust this information, and therefor a simple graphic should appear > in my browser...??? Graph will appear when you connect to a page in which there is PHP code to create a graph. The output from phpinfo() you had in your message just says that GD capability is compiled into mod_php; you need to write the scripts to use that capability. > 2) If not, is there a safe quick way to roll back some packages? > > >From a few installations using RPM's I have seen some info that states if > you have installed from an RPM then the installation is installed into an > RPM directory and to uninstall completely simply go to that directory and > 'make --uninstall' ...the directory is empty and Im sure ive installed about > 10 packages in the last week!! No, no, no, no, no. That is not the way to uninstall RPMs; rpm -e is the proper way to uninstall RPMs. But do not do that unless you know what you are removing, and why you want to remove it. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: configure RH9 httpd RPM to use php?
On Mon, 2003-07-14 at 11:16, Bill Tangren wrote: > Is it possible to configure the httpd rpm in RH 9 to use php, or do I > need to install apache from source and configure it that way? I have php > and apache installed (from RPM's), but the necessary modules don't seem > to have been included in httpd.conf. Is this possible? > > > TIA, > > Bill Tangren You are missing an important piece of the puzzle. The modules have their own config files that live in /etc/httpd/conf.d; these are included from httpd.conf by the line: Include conf.d/*.conf Try it out, if you have the RPM's and have started/restarted httpd since adding the php RPM it should be working. Create a quick page with a call to phpinfo() and you should see that it is working. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Tweak RH 9 for broadband connection
On Sun, 2003-07-13 at 13:01, Medhat Galal wrote: > Hi everyone, > It's time to tweak linux to perform better for broadband. Usually, it an > easy task for winBlows users, but dslreports.com provides a good head > start. > > Has anyone tried this before? how did it work for you? Any reason why RH > sets MTU to only 1440? > > Any suggestions, links and additional resources would be welcome. > Thanks a bunch, RedHat default is 1500, not 1440. If your link is being set to 1440 it is because (a) there is something in your startup that is setting it to 1440, or (b) there is some MTU path discovery going on and the MTU is being set to the maximum that works during initialization. Hard-coding an MTU to something below the Ethernet default (1500) is not something to take lightly; dlsreports and other simplify the situation by assuming that a small sample of data over a limited time period is representative. Further, it does not take into account other issues like VPN overhead, etc. Tweak away, but you are delusional if you believe that a few seconds of data will provide you with anything that will be representative over months of use. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: linux firewall
On Tue, 2003-07-08 at 17:29, John Salamone wrote: > Is it possible for linux' firewall to prevent me from printing from my linux machine > to a windows 98 machine which hosts my printer? If so, what do I need to do to solve > this problem? Any help would be greatly appreciated. > > Thanks!! Possible? Depends on the network configuration, which you failed to provide (general note to everyone: answers to networking questions are often dependent on network architecture; please post details). First question: you refer to Linux in two contexts, one as a firewall and one as 'my linux machine'. Are these in fact one machine? Second question: If they are one machine, what are the firewall rules? (do iptables -n -L and post the output; obfuscate IP addresses if paranoid). If the firewall you refer to is the same as 'my linux machine' then the answer to the question of interference with printing is contained in the rule set. The solution would then be to modify the rule set appropriately. Third question: If they are not one machine, does the Linux firewall sit between the Win98 print server and 'my linux machine'? If not, then the firewall cannot interfere with printing. If yes, the likely it interferes. That leads to Fourth question: If firewall is a separate box separating Win98 pserver and 'my linux machine' then what is the firewall rule set in place on the firewall? Need to know in order to see why printing is blocked ... - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: C CGI x PHP
On Tue, 2003-07-08 at 15:23, Ricardo Striquer Soares wrote: > Hi there ... > > I was thinking in port my PHP applications to a C/CGI, although I hear > that the C/CGI takes too much of the CPU, is that true? So is that true > that the PHP is easier them CGI in this context? > > thanks You might get more/better responses if you posted to a web-centric or PHP centric list. The main reason folks I know use PHP is that it is an in-line embedded scripting language for HTML. In other words, you PHP code is embedded in the middle of your HTML. If you are running an integrated PHP processor, e.g., mod_php with Apache (as I assume most folks using Linux would do) then the code is interpreted and run within the context of the web server. CGI, whether it is C, Perl, or PHP running as CGI (most common in a Windows/IIS environment), needs an external process to be fired off to interpret or run the application. This incurs additional overhead, context switches, and so on. In the end, with PHP you can create dynamic pages based upon code embedded in the page that is interpreted within the context of the web server at run time. So the question becomes, why do you want to run a CGI model? There are reasons one would choose to do so, but far fewer reasons than there were years ago in the days before PHP and other embedded scripting languages. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: [OT] Apache question on mod_rewrite [SOLVED!!!]
On Tue, 2003-07-08 at 11:22, Rodolfo J. Paiz wrote:
> IT WORKS!
>
> I can do no less than to bow down before you, and buy you virtual beer. And
> if you're ever in Guatemala, I'll make it real beer (or anything else you
> care to drink).
>
> The syntax is pretty damn close to what I had, but I changed the main
> server configuration to default settings again (in effect, not using the
> main server block) and put this into a VirtualHost and... BAM! right
> through the first time. For the record, this is my VirtualHost block:
>
>
> ServerName apollo.paiz.org
> ServerAdmin[EMAIL PROTECTED]
> DocumentRoot /var/www/apollo.paiz.org
>
> RewriteEngine on
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R,NC]
>
>
> Any page requested, any page at all, is instantly and transparently
> rewritten to use HTTPS. Beautiful. Just... beautiful.
>
Congratulations! It is nice to be able to have the auto-redirect
for all pages. mod_rewrite is a bit touchy, but when you get it
dialed-in it is a great tool. Enjoy!
- rick warner
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
Re: [OT] Apache question on mod_rewrite
On Tue, 2003-07-08 at 10:19, Rodolfo J. Paiz wrote:
> At 7/8/2003 07:18 -0400, you wrote:
> >>I have a website which must be served _only_ over HTTPS. However, I serve
> >>pretty stupid users, so disabling port 80 is not ideal due to the 10
> >>calls a day of "the site is down!". Rather, I want to redirect any and
> >>all requests, for any URL on this site, to the very same URL but using
> >>HTTPS. Below are the relevant parts of my httpd.conf:
> >>
> >> Options FollowSymLinks
> >> AllowOverride All
> >> RewriteEngine on
> >> RewriteCond %{SERVER_PORT} !^443$
> >> RewriteRule ^/(.*) https://apollo.paiz.org/$1 [R,L,NC]
> >> Order allow,deny
> >> Allow from all
> >>
I have this working. Here is my rewrite section:
#
# Mod rewrite stuff
#
# rewrite environment
RewriteEngine on
RewriteLog /var/log/httpd/https_rewrite_log
RewriteLogLevel 1
# redirect http to https
# If you don't try to access https, then redirect to https
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
This is very close to yours. The big difference is that I have it
in a VirtualHost block (server config) and you have it in a
directory block. The two are handled differently by mod_rewrite;
since you are really trying to do a server (virtual or real) redirect,
why not move it out of the directory block?
- rick warner
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
RE: Mounting CD-RW
On Mon, 2003-07-07 at 11:28, Jonathan Bartlett wrote: > I've had this problem, too. I haven't looked into this, but my guess is > that some CD-Burning software is creating bad CDRWs. I know that my CDRWs > burned from Linux work fine, but the ones burned by my brother I had to > stick in Windows to get them to read. > > Find out what software was used to burn yours, and I'll check out my > brother's. More important than the software is disc filesystem. Bet at least some of the problem CD-RW's are written with a UDF filesystems created using packet writing software like DirectCD. Try a static mount using type udf rather than the default iso9660. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Redhat Squirrelmail install
On Thu, 2003-07-03 at 10:52, Ehrhart, Jay wrote:
> I installed Squirrelmail through the standard Redhat package manager in
> KDE.
>
> So it should be installed with all the standard RPM defaults. How do I
> access the web interface to check mail? I have searched Redhat's site
> and they have nothing. Redhat linux Bible has nothing.
> www.squirrelmail.org does not address the Redhat install.
There is nothing RedHat specific in the installation other than perhaps
the locations of files. The SquirrelMail docs will do fine for getting
it up and running. Basic steps:
1) Go to /usr/share/squirrelmail/config, run conf.pl and customize
to your environment.
2) Edit the Apache config, /etc/httpd/conf/httpd.conf and add whatever
is needed to make the squirrelmail directory (/usr/share/squirrelmail)
accessible by Apache. Restart Apache.
This is covered, in broad outline, in the docs installed with the RPM.
Check /usr/share/doc/squirrelmail-${VER}.
- rick warner
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
Re: I am having a great deal of difficulty getting RH 8.0 to reboot.
On Thu, 2003-07-03 at 13:11, dlangschied wrote: > Would I have to put the install disk in to get the boot prompt? > > I don't have a floppy disk drive, so I cannot create a boot disk. > > Have you seen this problem with pcmcia? It really has me floored. Never seen this problem, but ... it sounds like a resource conflict of some type. What are the BIOS settings for PC-Card? Is there something special about that model of laptop? Have you done a Google search for Linux and PCMCIA and that laptop model? Up until a couple of years ago I had a Toshiba Satellite Pro; it was well documented that you needed to configure PCMCIA to use IRQ 11. Perhaps you have some similar problem. Besides a Google search, there used to be (might still be, have not looked lately) a compendium of user provided information on specific laptop models and Linux; it was called something like the Linux Laptop Page or something like that. Look for that and see if there is something special about your laptop. As a parallel comment, your messages this morning were non-specific on the brand and model of laptop; this information is critical to resolving the issue, so when you post this type of problem please provide all the information. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Help with possible hacking of a VirtualHost
I would ask for the nature of the evidence of the port scan. Also, what is the nature of the content of the web server @ site1.com? I have seen various port scan detectors flag a port scan due to certain traffic from web sites. May be a red herring, then again it might be real. BTW, if you had been hacked, changing the root password could likely be a NOOP - a good intruder would have a root kit installed and would not need the root password, and would be scanning for passwords anyway. And you would not see evidence in logs either; the hacker would have trimmed the evidence out. Perhaps it is time to read up on detecting intrusions, and cleaning up afterward. Detecting is tough if the person is good, but there is often some evidence left behind. A place to start is scanning for all files modified or created in the past week or so, and make sure you know why each file was modified/created. Look at various config files for changes. Look for regular files in /dev. Use a known good version of a checksum generator (on a floppy or CD-ROM, not on the machine itself) and do checksum comparisons against binaries on the machine vs. what should be installed. Port scan the machine from an outside machine and look for ports that are open that should not be. Use a known good version of ps and lsof (again from a floppy or CD, statically linked so not depending on libs on the suspect machine) and look for unknown processes and/or progams opening files that you do not understand. Lots more, lots of work, but the only way to detect if someone good has gotten into the box. - rick warner On Tue, 2003-07-01 at 07:45, Bill Tangren wrote: > I have a perplexing problem. I received an email this morning from some > one who states that he was surfing my web site site1.com, when he > received a portscan attack from site2.com. However, site2.com is a > VirtualHost that is aliased to site1.com. This person told us because he > said we might have been hacked. I immediately changed the root password. > > Could someone tell me how this could have happened? If you do a lookup > on site2.com, and then do a reverse lookup on that IP number, you see > site1.com, not site2.com. > > If I have been hacked, what should I look at? I don't see any obvious > evidence in the logs, but I'm not sure I would. > > TIA, > > Bill Tangren -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: pop3s / Outlook
On Fri, 2003-06-27 at 10:11, Nick White wrote: > Thanks for this randy > > I have it working for Outlook Express, but Outlook still seems to not be > working Weird. I wonder what the difference between outlook and > outlook express is when using pop3s? A former co-worker of mine was working on a product that included a secure plug-in for various mail clients. He complained that his major problem was that 'Outlook' (general, all flavors) did things in strange ways and further that each variant did the same strange things but did them differently. My guess is that for Outlook there is a high level architectural doc describing functionality, but no code standard or lower level API details for the Outlook family. To get it to work you take your chances, make some guesses, and then hope that whatever you learn might in part be portable. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Why is RH9 slower than Windows98SE. Any advice?
On Thu, 2003-06-26 at 12:18, Javier Gostling wrote: > Another issue (derived from the dual X sessions above) is scalability. > How scalable is a compressing protocol? What would be the consequences > of compressing data streams in a 50 user multiuser application server? > My instincts tell me it would be disastrous. First off, even when compression for X has been available it has always been an option. In the 'bad old days' of ca. 1993-94 when the compression technology for X wars were raging, there were folks running dozens of NCD X terminals to single Sun boxes acting as servers using NCD's compression. In those days, state of the art Sun processors were running in the 40-60MHz range. All compression was being done in software, so that piddly little Sun box would be handling compression for dozens of clients. Your instincts tell you one thing, but the practice of many folks from years ago when compression was in fact in use shows otherwise. That said, it is trivial to put compression in silicon these days. VPN hardware appliances have built-in compression/decompression as well as encyrption/decryption in silicon. The reason no one does it is that there is no market, and part of that is lack of standards. With wireless coming into vogue, and bandwidth there being limited, I see a potential large market for compression of network streams. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Why is RH9 slower than Windows98SE. Any advice?
On Thu, 2003-06-26 at 12:00, Jonathan Bartlett wrote: > The spare CPU cycles only help if your bus can fill them. That's the > meaning of the phrase you quote. A 1Ghz processor is no faster and has > no more CPU cycles to spare than the 500Mhz processor (depending on the > bus speed - some newer buses go beyond this). That was *NOT* the basis of the quote I gave. The basis of the quote was just as it appeared on the surface; folks buy bigger/faster CPU's because their friends trumped them and not because they need them. The bus speed argument also fails most of the time with modern CPU's with prefetch, cache, etc. Lots can happen to get data into the CPU and ready to process while the CPU is doing operations in the registers. Fact of the matter is, in the large majority of boxes the CPU system (including the bus) is running far below capacity the majority of the time. > In addition, you mention servers as being CPU-intensive. My own > experience has shown the desktop to be most CPU-intensive, while servers > are I/O intensive. That is so patently simplistic. It *depends* on the type of server and/or the type of desktop applications. Even on servers that one would think are I/O bound the box may actually be CPU bound if the wrong types of devices and controllers are used. I have seen NFS servers that are fully CPU bound; too many clients, too much space served, wrong type of controller and disk system. Web servers, esp. modern web servers running PHP or java servlets or the like, are almost always CPU bound. Mail servers with large client bases are often CPU rather than I/O bound. Do not make such dogmatic statements, esp. when there is such a large body of data to show that your generality is false in a large number of cases. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Why is RH9 slower than Windows98SE. Any advice?
On Thu, 2003-06-26 at 11:40, Javier Gostling wrote: > > It will depend on the specific situation. Compression will do lots of > good for bandwidth scarce situations, but on a LAN or standalone system > it will just waste CPU. This is so lame. Any PC less than 2-3 years old and not being used as a server (which should not be running X anyway) has so many spare CPU cycles that the amount taken to compress the stream will be trivial. With today's CPUs there is no valid argument against compression. As one PC pundit wrote: "anything over 500MHz is for bragging rights, only". - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Linux (not) ready for desktop? [WAS Re: Why is RH9 slower thanWindows98SE. Any advice?]
On Wed, 2003-06-25 at 09:21, Panos Platon Tsapralis wrote: > > Errr - no, Sun has been offering setups like this for ages... > > > For FREE? I don't think so!... H, well not free, but ... Forget the server box; you have to buy the hardware no matter what, some is just more expensive than the others. I suppose the major complaint you are making is the cost of the client software. Back in the days of yore, around 1991-2, Sun was replacing all their old Sun-3 (Motorola 68xxx based) boxes with SPARC based stations (Sun-4 line). During a period you could buy a Sun 3-50 or 3-60 with 17-19 color monitor for next to nothing. There was a feely available boot kernel that could make these function as X terminals. Not free, but darned close. Sun did not like the concept, and offered folks a princely sum if they traded in these boxes. Sigh, End of a good deal. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: Why is RH9 slower than Windows98SE. Any advice?
On Wed, 2003-06-25 at 13:53, Jonathan Bartlett wrote: > > Gnome and KDE are NOT X implementations any more than GIMP is an X > implementation. Gnome and KDE are X _applications_. X implementations > include the server, the font server, and Xlib, and maybe a few other > things. Jonathan, we will have to disagree on the semantics. I believe that a set of related applications and the interface to create them is an implementation. It is not a complete X package as it does not include the server (and by the way, a font is server is not required for an X server; X existed for years without font servers; font servers just make it easy to have one set of fonts for all X servers rather than having a local set of all the fonts on each server). There is a HUGE difference in the scope of GIMP and Gnome for this discussion. GIMP is pure and simple an X application (client). Gnome is a set of applications and interfaces that are mainly X clients but have the specific purpose of managing the user interface. That, in my book, is an implementation. AFAIK GIMP has no API for managing a UI, Gnome does. > This is not an issue locally. It's inter-process communication. That > overhead is there no matter what. It is not IPC, which has a specific meaning. It is network communication. There is overhead, but it can be optimized. 10 years ago there was a battle over which competing compressed stream implementation to adopt. In the end, X/Org bailed and put out the concept of LBX, with a poorly implemented sample in the code distro. NCD was the proponent of one alternative. The idea of a compressed network stream can and should be revived. Overhead is necessary, but it could be lessened, and its footprint lessened even more with good compression. > > So, X is not slow. Some X applications are. If you don't like these, why > not use different ones? Like XFCE? MWM? WindowMaker? Enlightenment? Hey I am the one saying it is not an X problem and that there are better performing alternatives than Gnome or KDE. And mwm itself is just a window manager; for the context of this discussion the equivalence would be to say 'Motif', the implementation, rather than just one application of the implementation. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: Why is RH9 slower than Windows98SE. Any advice?
On Wed, 2003-06-25 at 11:20, Michael Kalus wrote: > Excuse me, but by my understanding X itself is not a UI. It is just a Server > that doesn't really do much but draw a window. If you start X without a > windowserver it is pretty fast and looks extremely ugly. X is not just the server. X is a client-server model for windowing. MIT defined it that way, we do not have the right to restrict the definition to the server only (besides, the model does not make sense without the clients). The WM is a client and as such is as much a part of X as is the piece that polls the keyboard for input. > > In the end, my take is we do not need to replace X, just > > optimize what is there. > > I don't think the problem is X itself, I think the problem is in what people > try to do with it. More optimization on behalf of GNOME and KDE will most > likely work better than trying to re-invent the X Server. Again, Gnome and KDE are a collection of X clients and the API for creating those clients. Nothing in Gnome or KDE attempt to replace or re-invent the X server. And since clients are part and parcel of the X system, the problem is in part of certain X implementations specifically Gnome and KDE. > By my understanding (and I am not a programmer) X is actually pretty small > for what it is doing. Again, do not talk of X as if it is the server only. X is a client-server system. The X server is not all that small, and it is only part of X, not all of X. Size is not the issue, not in and of itself. The only real problem in the X server is that it is rather chatty; lots of bandwidth because it is constantly polling for events then transmitting events and actions between the client and server. The part that needs more work in the basic server is optimizing the stream of this on-going traffic. An adjunct to the server are the video drivers, and the X86 world is awash in umpteen gazillion video chips and derived boards. The drivers for this milieu of chips and boards can use some work to make sure that there are accelerated X servers for them (too many boards require the use of the non-accelerated SVGA server in the XFree86 world). The real work needs to be done on the client side. Again, Gnome and KDE are collections of X clients. Their only connection with the server is that they talk to it, and depend on it. The fact that non-Gnome and non-KDE interfaces exist for XFree86 that are much better performing is an indication that the major problem is NOT the server, but rather some of the clients that need optimization. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: Why is RH9 slower than Windows98SE. Any advice?
On Wed, 2003-06-25 at 10:09, Bailo, John wrote: > With all the alternatives in Linux, are there alternatives to X itself? > > Shouldn't there be more than one graphics servers available to Linux? None as far as I know. But in thinking about the question I have two responses. 1) Writing a full scale graphical environment is time consuming, difficult, and requires a lot of skill. There are not that many around. The Mac interface, Windows, Sun's SunView, X and X based derivatives (CDE, Gnome, KDE, etc.). Probably a couple of others, certainly the Star interface was used by Apple and MS for ideas, etc. X started as an academic project and then was adopted by the *NIX world as the basis for a lot of variants, but the hard work was all done at MIT and everyone leveraged off that investment. The basic point is that a full blown interface is something that will probably be done only as an academic project or if there is substantial value for selling the interface. Hence the OpenSource world has moved towards the end of leveraging off the X stuff as the basis for GUI's and trying to lay stuff on top of that to enhance the user experience. This has the side-effect of making it easy for programmers to write applications for the interface; any Xlib application can be ported to any X environment; it looks better if some higher level widgets are used, but it makes the application level much more enticing to developers. Cost of a non-X interface and the problem of getting apps for it both argue against such a beast. 2) X in and of itself has a number of advantages (some of which are are also disadvantages). It is designed to run on a network with distributed clients, there are low level API's that developers can use, the core of the interface is freely available, etc. The issue is performance, but that can be dealt with as a separate issue. There are three main sources of performance issues. First, the WM and other stuff overlying X can be bloated and non-optimized. KDE and Gnome are both fighting with this, there are alternatives that are lighter weight and better as others have noted. Second, video drivers are a problem. There needs to be incentives for manufacturers to either provide good drivers for Linux, or provide info to programmers that will do the drivers. In the early days of Linux, there was a boycott against Diamond and their cards as they would not provide data to driver writers. Diamond changed their minds and a lot of folks then bought Diamond cards as the accelerated drivers became some of the best around. Too many cards these days run with non-accelerated drivers due to 'secrecy' of the card makers. Good drivers on good cards do make a difference - a big one. Third, the fact that X handles everything via the network stack can drag down performance. The proper way to handle this is to optimize and compress the stream. Low bandwidth X stuff is around, and there have been proprietary solutions that solve this problem. I'd rather see more effort put in this area than folks trying to re-invent the wheel. In the end, my take is we do not need to replace X, just optimize what is there. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: Why is RH9 slower than Windows98SE. Any advice?
On Wed, 2003-06-25 at 08:01, Michael Kalus wrote: > > No, OS X does not use X Windows. > > Yes and no. Panther will be coming with a built in X window system. And you > can already install XFREE86 and it works. The point was someone said that a fast interface and X were not at odd citing the current, shipping OS X interface. In that context the comment is dead on and correct. OS X, at this time, runs an interface that is proprietary and not based on X. The fact that Panther will be able to run an X system on top of that interface (and at this time it is dog slow, noting it is not shipping and has lots of debug code still in it) of that one can run XFree86 on it does not alter the fact that the current OS X system has nothing to do with X. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Why is RH9 slower than Windows98SE. Any advice?
Yes, X is part of the problem, but that is inherent in the rather aged design of X. It is an event driven, *networked*, client-server windowing system. MS Win is none of the above. X could be streamlined, but then you give up one or more of the orignal design goals. X is always polling input devices for events, it communicates through the network stack, and the clients are disjunct from the server. That said, Gnome and KDE are pigs, but that is the nature of things that are relatively immature. There have been good X interfaces that ran on Linux, but some were not as full featured as you would like and I suspect the best of the pack (CDE) was priced more than you are anyone wanted to pay. For nothing you get your choice of fast but not as elegant and feature rich as the big boys, or big, feature rich, but a bit bloated and slow. As for Mozilla crapping out and freezing, the likely cause is a nice memory leak. I can run for two weeks or so before Mozilla takes a break; over that span of time I can watch depletion in real memory, then swap, and can predict within a few hours when it will die. Not really a GUI problem, just a need for someone to sit down and trace down some code problems. - rick warner -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: case? switch? I need to write a script and neither of theseoptions work.
switch is a C shell, and C shell variant (tcsh), control construct. Only
works with C shell/variant or C shell/variant scripts, not Bourne and
family (sh, bash, ksh).
switch ( $reply )
case "1" : do this
breaksw
case "2" : do that
breaksw
case "3" : do something else
breaksw
default : punt
breaksw
endsw
- rick warner
On Wed, 18 Jun 2003, Steve Buehler wrote:
> I am sorry, I wasn't paying attention to what I was doing. I thought I was
> reading from the PHP mailing list, not the redhat list.
>
> Steve
>
> At 05:26 PM 6/18/2003 -0400, you wrote:
> >This does not work! I get a syntax error
> >
> >./qadadmin: line 34: syntax error near unexpected token `$reply'
> >./qadadmin: line 34: `switch($reply) {'
> >
> >At least i am not getting "command does not exist".
> >
> >
> >Sincerely,
> >
> >David Langschied
> >Langschied Consulting Services
> >25644 Mackinac
> >Roseville, MI 48066
> >
> >Phone: (586)777-7542
> >Cell: (248)789-8493
> >e-mail: [EMAIL PROTECTED]
> >- Original Message -
> >From: "Steve Buehler" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> >Sent: Wednesday, June 18, 2003 5:12 PM
> >Subject: Re: case? switch? I need to write a script and neither of these
> >options work.
> >
> >
> > > switch($reply) {
> > > case "1" :
> > > do this
> > > exit();
> > > break;
> > > case "2" :
> > > do this
> > > exit();
> > > break;
> > > case "3" :
> > > do this
> > > exit();
> > > break;
> > > default :
> > > do this
> > > exit();
> > > break;
> > > }
> > >
> > > At 04:46 PM 6/18/2003 -0400, dlangschied wrote:
> > > >Sorry, I did not include the "in" after $reply and the case statement
> >works.
> > > >I am still curious about switch.
> > > >
> > > >Sincerely,
> > > >
> > > >David Langschied
> > > >Langschied Consulting Services
> > > >25644 Mackinac
> > > >Roseville, MI 48066
> > > >
> > > >Phone: (586)777-7542
> > > >Cell: (248)789-8493
> > > >e-mail: [EMAIL PROTECTED]
> > > >- Original Message -
> > > >From: "dlangschied" <[EMAIL PROTECTED]>
> > > >To: <[EMAIL PROTECTED]>
> > > >Sent: Wednesday, June 18, 2003 4:38 PM
> > > >Subject: case? switch? I need to write a script and neither of these
> >options
> > > >work.
> > > >
> > > >
> > > > > Hi all!
> > > > >
> > > > > I am having a bit of difficulty with writing a script. I am on Linux
> >8.0
> > > > > and trying to run a case statement like a would in HP-UX. This is not
> > > > > working. I looked up the man page on case and it indicated that it
> >was
> > > > > being obsoleted. The man page suggested that I use switch. When I
> > > >attempt
> > > > > to do so, I get a "command not found" error. I am completely lost on
> >what
> > > > > to do next.
> > > > >
> > > > > Here is the gist of my case statement a la HP-UX:
> > > > >
> > > > > read reply
> > > > > case $reply
> > > > > 1)
> > > > > Do this
> > > > > ;;
> > > > > 2)
> > > > > Do this
> > > > > ;;
> > > > > 3)
> > > > > Do this
> > > > > ;;
> > > > > 'x|X')
> > > > > Exit
> > > > > ;;
> > > > > *)
> > > > > echo error
> > > > > ;;
> > > > > esac
> > > > >
> > > > > Please help, I need to be able to read in a value from a menu and run
> >a
> > > > > corresponding script.
> > > > >
> > > > >
> > > > > Sincerely,
> > > > >
> > > > > David Langschied
> > > > > Langschied Consulting Services
> > > > > 25644 Mackinac
> > > > > Roseville, MI 48066
> > > > >
> > > > > Phone: (586)777-7542
> > > > > Cell: (248)789-8493
> > > > > e-mail: [EMAIL PROTECTED]
> > > > >
> > > > >
> > > > > --
> > > > > redhat-list mailing list
> > > > > unsubscribe mailto:[EMAIL PROTECTED]
> > > > > https://www.redhat.com/mailman/listinfo/redhat-list
> > > >
> > > >
> > > >--
> > > >redhat-list mailing list
> > > >unsubscribe mailto:[EMAIL PROTECTED]
> > > >https://www.redhat.com/mailman/listinfo/redhat-list
> > > >
> > > >--
> > > >This message has been scanned for viruses and
> > > >dangerous content by the MailScanner at ow4, and is
> > > >believed to be clean.
> > >
> >
> >
> >--
> >This message has been scanned for viruses and
> >dangerous content by the MailScanner at ow4, and is
> >believed to be clean.
>
>
>
>
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
Re: case? switch? I need to write a script and neither of theseoptions work.
This is not really a RH issue, more of a shell issue. The syntax you have below is outright incorrect for Bourne/BASH shell, in that the case statement is incomplete in the condition. case $reply in A ) do this ;; B ) do that ;; * ) do nothing ;; esac Note that you left off the word 'in' in the condition for the 'case' statement. That is the syntax for Bourne shell 'case' statements for at least the past 25 years. I would recommend a good shell book if you will be doing much shell scripting. - rick warner On Wed, 18 Jun 2003, dlangschied wrote: > Hi all! > > I am having a bit of difficulty with writing a script. I am on Linux 8.0 > and trying to run a case statement like a would in HP-UX. This is not > working. I looked up the man page on case and it indicated that it was > being obsoleted. The man page suggested that I use switch. When I attempt > to do so, I get a "command not found" error. I am completely lost on what > to do next. > > Here is the gist of my case statement a la HP-UX: > > read reply > case $reply > 1) > Do this > ;; > 2) > Do this > ;; > 3) > Do this > ;; > 'x|X') > Exit > ;; > *) > echo error > ;; > esac > > Please help, I need to be able to read in a value from a menu and run a > corresponding script. > > > Sincerely, > > David Langschied > Langschied Consulting Services > 25644 Mackinac > Roseville, MI 48066 > > Phone: (586)777-7542 > Cell: (248)789-8493 > e-mail: [EMAIL PROTECTED] > > > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: bootp & DHCP Issues
Lease time is a server configuration option. Is the server configured to give 12 hour leases? Do other platforms get 12 hour leases, also? - rick - On Wed, 11 Sep 2002, Hughes, Michael wrote: > this is on a RH 7.0 machines > > -Original Message- > From: Knut Ove Hauge [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 11, 2002 1:18 PM > To: [EMAIL PROTECTED] > Subject: Re: bootp & DHCP Issues > > > I thought pump was not implemented in new versions of linux. > > --- "Hughes, Michael" <[EMAIL PROTECTED]> skrev: > I have > a Windows 2000 DHCP server that is serving Linux boxes and I > > have > > DHCP configured to accept both DHCP and BOOTP. > > The Linux boxes are using something called "pump" on the clients > > which > > utilizes DHCP and BOOTP, I think. > > The Linux boxes get a lease time of just 12hours every time, all the > > time no matter what. > > > > Anyway does anyone have any idea's has what is going on? > > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > > https://listman.redhat.com/mailman/listinfo/redhat-list > > = > Investigating the Norwegain 4.th Secret ServiceThe multiheaded > beast.http://home.no.net/~knutove/knut_ove_hauge_kuren.htm > > __ > Se den nye Yahoo! Mail på http://no.yahoo.com/ > Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og > Notisbok > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: HowTo : make a serial port communication
Use the POSIX serial i/o ioctl stuff. Makes it portable. Have not worried
about flow control, but at the bottom is some snippets of C code I wrote 6
years or so ago to do IXO/TAPI alpha paging. The concept is similar. These
snippets just open the serial port ("modem"), send, and get data to/from
the port. There is a lot more to do, e.g., checking for locks to see if
device is in use, setting a lock, etc. [Note all the ifdef's for BSD, since
BSD was not POSIX compliant].
- rick
On Tue, 10 Sep 2002, [iso-8859-1] cana rich wrote:
>
> To ansmer yours questions, i would like to make a C or C++ program which
>communicate via the serial port COM1 to a device. The device is a screen plasma. I
>would like the program to remote the sreen : switch on, switch off, change channel ...
> The serial communication setting is :
> Baud : 4800 BPS
> Data length : 8 bits
> Parity : none
> Stop bit : 1 bit
> Flow control RTS/CTS
> Communication code : ASCII code
> Reception time out : 4 seconds
> To do it, I need to send ASCII code. For exemple, to switch off the screen i must
>send the "%A0001" code.
> I need to receive the acknoledgment to know if it has been well done. (code for good
>receive : "@S")
> Thanks for your help.
> Canarich
---
char *modem = "/dev/ttyS1";
/* ***
Function: initmodem
Purpose: Initialize modem device.
Returns: File descriptor for device.
** */
int
initmodem(char *dev)
{
struct termios modemioctl;
int modem, ioctlres;
errno = 0;
#ifdef DEBUG
printf("Initializing modem\n");
#endif
modem = open(dev, O_RDWR, 0);
if (errno || modem < 1) {
stop_and_exit(modem, NOTOPEN, 7);
}
errno = 0;
#ifdef DEBUG
printf("Modem fd is %d\n",modem);
#endif
#ifdef BSD
ioctlres = tcgetattr(modem,&modemioctl);
#else
ioctlres = ioctl(modem,TCGETS,&modemioctl);
#endif
if (errno || ioctlres < 0) {
stop_and_exit(modem, NOINIT, 8);
}
modemioctl.c_iflag |= IGNBRK; /* ignore breaks */
modemioctl.c_iflag &= ~INPCK; /* ignore parity errors */
modemioctl.c_iflag |= ISTRIP; /* strip 8th bit */
modemioctl.c_iflag &= ~INLCR; /* no CR to NL xltn */
modemioctl.c_iflag &= ~ICRNL; /* no CR to NL xltn */
modemioctl.c_iflag &= ~IGNCR; /* do not ignore CR */
modemioctl.c_oflag &= ~OPOST;
#ifdef BSD
cfsetspeed(&modemioctl, (speed_t) BAUDRATE);
#else
modemioctl.c_cflag &= ~CBAUD; /* set baud rate */
modemioctl.c_cflag |= BAUDRATE;
#endif
modemioctl.c_cflag &= ~CSIZE;
modemioctl.c_cflag |= CS7; /* 7 bit */
modemioctl.c_cflag &= ~CSTOPB; /* 1 stop bit */
modemioctl.c_cflag |= PARENB;
modemioctl.c_cflag &= ~PARODD; /* even parity */
#ifdef BSD
cfsetspeed(&modemioctl, (speed_t) BAUDRATE);
#else
modemioctl.c_cflag &= ~CBAUD; /* set baud rate */
modemioctl.c_cflag |= BAUDRATE;
#endif
modemioctl.c_cflag &= ~CSIZE;
modemioctl.c_cflag |= CS7; /* 7 bit */
modemioctl.c_cflag &= ~CSTOPB; /* 1 stop bit */
modemioctl.c_cflag |= PARENB;
modemioctl.c_cflag &= ~PARODD; /* even parity */
modemioctl.c_cflag |= HUPCL;/* hang up */
modemioctl.c_cflag |= CRTSCTS; /* hardware handshaking */
modemioctl.c_cc[VMIN] = 0; /* read() as few as 0 bytes */
modemioctl.c_cc[VTIME] = 50;/* 5 second timeout */
modemioctl.c_lflag &= ~ISIG;/* no signals */
modemioctl.c_lflag &= ~ICANON; /* no signals */
modemioctl.c_lflag &= ~ECHO;/* no echo */
#ifdef BSD
ioctlres = tcsetattr(modem,TCSANOW, &modemioctl);
#else
ioctlres = ioctl(modem, TCSETS, &modemioctl);
#endif
#ifdef DEBUG
printf("Modem initialization complete. fd is: %d\n",modem);
printf("Error value is: %d\n",errno);
#endif
if (errno || ioctlres < 0) {
stop_and_exit(modem, NOINIT, 8);
}
return (modem);
}
/* ***
Function: senddata
Purpose: Send data, CR terminated, to the modem device.
Returns: Number of bytes written.
** */
int
senddata(int modem, char *str)
{
int numsent;
char packet[MAXSIZE+2];
sprintf(packet,"%s\r",str);
numsent = write(modem, packet, strlen(packet));
return(numsent);
}
/* ***
Function: getdata()
Purpose: Reads input from the modem device, ignoring CR and LF.
Returns: Length of the string read.
** */
int
getdata(int modem, char *str)
{
char c;
char *packet;
int numread;
packet = str;
while(read(modem,&c,1) == 1)
{
#ifdef DEBUG
if ( isprint(c) )
printf("%c ",c);
else
RE: commercial firewall
On Mon, 18 Mar 2002, Paul Greene wrote:
>
> Actually I think *you* might be missing the point.
>
> There is no 100% "hardware" firewall. Every firewall has an operating
> system ("software") on it so that it can do it's firewall thing.
True, but there are some advantages to the current generation hardware
boxes. No boot disk, no writable disk space, not derived from a general
purpose OS so smaller amount of code to review for security, etc.
> (And as
> mentioned already, that "software" is often a stripped down, hardened BSD
> OS.)
True a few years ago. Current generation hardware firewalls now run
special purpose OS's without any derivation from past operating systems.
In the days when Gauntlet and kin were king the firewall boxes ran BSD/OS
for the most part. Now folks run Cisco PIX (IOS derivative), SonicWall
(proprietary), NetScreen (proprietary), etc., no BSD in sight.
- rick
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Can't login to SunOS from RH 7.2 via telnet
On Fri, 15 Mar 2002, David Talkington wrote: > The report to which I referred was from Marcus Friedl, and I have > attached it below. Read all the reports, not just those from the fox in the hen house. More objective reports are available. > > Nobody's arguing that one should not assume the worst. That was, in > fact, my point. But it was also my point that you're comparing a > demonstrated exploit that went unpatched for four months, with a (by > some accounts, but not indicated below) possible remote exploit that > was patched in hours, and using that as a basis to say that OpenSSH is > no more secure than telnet. I don't think that's justified. You are misinterpreting. I said that OpenSSH has a checkered security history as of late in response to your pointing out that some telnet daemons had security problems in the past (and that is incorrect, BTW. See the last paragraph). You were implying that the user should be using SSH, implying it less immune to the security problems you had pointed out for telnet. My point is that OpenSSH has had recent exploitable problems and one should not throw out one daemon that might be exploitable for another that could be without knowing what they are doing and assessing all the issues. OpenSSH is exploitable, has had 3 or 4 in the past year, and is not something someone should blindly trust or recommend without caveats. > And when it comes to who to trust, draw your own conclusions, but it's > a safe bet that Friedl's team will be on top of things. Sun, on the > other hand, has an explicitly stated policy of patching when _they_ > feel it's appropriate, and leaving administrators in the lurch for the > duration -- you have no choice but to disable a vulnerable service or > leave it exposed, in this case for several months. telnetd is not owned or controlled by Sun. In fact, telnetd was not the problem, login was the problem and anything that called login, including some ssh programs, were vulnerable. Yes, ssh was just as vulnerable as telnet in this specific instance if password authentication was turned on. This is specifically stated in the CERT advisory. - rick - ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Can't login to SunOS from RH 7.2 via telnet
On Fri, 15 Mar 2002, David Talkington wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Rick Warner wrote: > > >There is one other major security issue with SSH - it allows users the > >ability to circumvent other security. The fact that if you open up > >SSH into your network then any user can tunnel any traffic he wants into > >your network is a major flaw. SSH would be a much more acceptable tool if > >the tunneling feature was disconnected from the rest. > > Um ... Rick, you can turn that off. See the sshd man page for > AllowTcpForwarding. Ummm, David, I can turn it off on sshd, not ssh esp. if users can bring accumulate their own copies and circumvent my ssh config files. Scenario: dangerous user A, who knows enough to do harm but not enough to know he is dangerous, decides that Company Z does not allow all the protocols he wants to/from his home network. Company Z policy is that NO in-bound traffic is allowed, but that outbound traffic for HTTP/S, SSH, FTP is permitted. User A then sets up an outbound tunnel to his home network using SSH, ssh on our end, sshd on his end. He uses this as a two way tunnel and starts tunnelling traffic in and out of the corporate network, and in fact has his home machine configured as a router so his friends can hit his machine and come in to Company Z's network. Encrypted nature of the tunnel prevents security admin Y from seeing what is being passed through the corporate gateway. Admin Y get curious as to why there is a long-term SSH connection from internal machine to home network, sniffs on the user's machine, finds what is going on. Blocks access, gives data to corporate management. Dangerous, easy to accomplish, has been done, outbound SSH now only allowed to specific IP's. This is why the tunnelling features need to be completely separated, IMHO. - rick ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Can't login to SunOS from RH 7.2 via telnet
On Fri, 15 Mar 2002, Bill Crawford wrote: > On Thu, 14 Mar 2002, Rick Warner wrote: > The openssh issue was fixed by a one line patch, indeed a single > character change, which because of the "open" nature of the source > could be applied by anyone with a text editor and the ability to > type. The zlib issue was apparently very difficult to exploit. > > I think the chief danger with SSH is that using it can engender a > kind of complacency with regard to security. There is one other major security issue with SSH - it allows users the ability to circumvent other security. The fact that if you open up SSH into your network then any user can tunnel any traffic he wants into your network is a major flaw. SSH would be a much more acceptable tool if the tunneling feature was disconnected from the rest. And the fact that last weeks fix was a one line patch is irrelevant. Size does not matter in this case; if it is exploitable it is exploitable and that is a problem whether the fix is one character or a million lines. The person who cracks into your network is not going to care that you could have fixed it with a one character patch - they are in and have control. - rick - ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Can't login to SunOS from RH 7.2 via telnet
On Thu, 14 Mar 2002, David Talkington wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Rick Warner wrote: > > >> Leaving aside for a moment the fact that the Sun admin needs his/her > >> head checked for having telnet open in the first place (it appears > >> that the telnet buffer overflow from last summer was patched ... in > >> _January_), you should probably try 'export TERM=vt100' before > >> connecting and see if that helps. > >> > >> If, on the other hand, it is you that administers this Sun box, then > >> *thwap* to you for not killing telnet ages ago. > > >Nothing wrong with telnet in a firewalled environment, unless you are > >worried about your users. > > I'll sidestep a lengthy discussion of best practices, but that isn't > true. If you pass cleartext internally, any breach results in > ownership of all your passwords. Again there are multiple issues: can you trust your internal users, how immune is your internal structure to 'sniffing', etc.And 'any breach' does not necessarily compromise all passwords; one must assume the possibility, but it is not necessarily true. > I'm not sure I'd equate a 4-month-old remotely exploitable buffer > overflow with a locally-exploitable vulnerability (*) that was > patched in hours. But that's just my opinion. Go back and read the reports. The alerts specifically state that there were no known remote exploits but the possibility could not be ruled out. Therefore, a 'best practice' assumption is that a remote exploit is possible albeit unkown. A wise security admin would assume it is probable. > As for zlib, not only is its effect on sshd incidental, but its > potential ramifications extend to a dizzying array of software on both > Unix and Win32, so I'm not sure that's relevant in this case The fact that there are over 500 applications known to be vulnerable due to this bug is irrelevant to this discussion. What is relevant is that OpenSSH is vulnerable due to its dependence on zlib. Not incidental, critical. - rick ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Can't login to SunOS from RH 7.2 via telnet
On Thu, 14 Mar 2002, David Talkington wrote: > Leaving aside for a moment the fact that the Sun admin needs his/her > head checked for having telnet open in the first place (it appears > that the telnet buffer overflow from last summer was patched ... in > _January_), you should probably try 'export TERM=vt100' before > connecting and see if that helps. > > If, on the other hand, it is you that administers this Sun box, then > *thwap* to you for not killing telnet ages ago. Nothing wrong with telnet in a firewalled environment, unless you are worried about your users. OpenSSH has had a much more checkered security history in the past few months. Recently: the issue last week with multiple channels, then the zlib issue announced yesterday. Two upgrades in one week for security issues! Now which protocol is the bigger security threat? Think the answer is equivocal at this time. - rick - ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: MSN, IPTABLES and NAT
Best advice - forget NetMeeting. If you search through the MS knowledgebase for NetMeeting and firewalls you will find that NetMeeting needs the other end to be able to establish a data connection back to you ... on any port. So, to be able to use NetMeeting you need to have a pretty open firewall. Microsoft's bottom line in the knowledgebase articles is that if you have problems, just remove the firewall. My position is that is backwards - just remove NetMeeting. It is ridiculous that they cannot create an app that can establish the back end data channel on one, and only one, port. Until that happens, NetMeeting and secure networks are at different poles. - rick On Sun, 10 Mar 2002, Ragnar Wiencke wrote: > Hi there. > > I installed a Linux box as a router firewall for my home adsl connection. We use MSN >on both win and mac boxes and that works just fine until we try to use voice >conversation or netmeeting vith video, there are communcation problems. I used it >before using the linux router so I know it worked. > Also I am able to recieve files but cannot send files through MSN. > > Any solution anyone? > > Looking forward to here from you. > Thanks in advance, > Ragnar W. > > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Netscape screwup
Browsers tend to be sensitive to improperly written HTML. IE used to be the most sensitve, Netscape is now. Bet if you go through the HTML you will find a tag that is not ended properly or that has a syntax error. A good webmaster would test against all browsers, but few do. I always send complaints to webmaster@xyz when I find these situations ... if they are going to put up a web page they should make sure it works with all browsers. My web team tests against the top 5 browsers ... - rick On Sat, 9 Mar 2002, Vidiot wrote: > What the hell is going on with Netscape? I have the 4.77 RPM version installed > on RH7.1 and the damn thing is screwing up URLs way too often. > > For example: > > >http://ad.doubleclick.net/adj/ccmain.superstitial/homepage;dcopt=ist;abr=!webtv;sz=1x1;ord=1657586323? > > Comes back as: > > Not Found > > The requested URL >/adj/ccmain.superstitial/homepage;dcopt=ist;abr=!webtv;sz=1x1;ord=1657586323 was not >found on > this server. > > Apache/1.3.19 Server at mrvideo.vidiot.com Port 80 > > > While I can't stand those damn ads, the error screws up the display of the > real page. The same real page displays correctly via opera. > > Anyone know what is going on? > > MB > -- > e-mail: [EMAIL PROTECTED] It is God's job to forgive bin Laden. > It is our job to set up the meeting. > U.S. Marine Corp. > Visit - URL: http://www.vidiot.com/ (Your link to Star Trek and UPN) > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: rsh woes, please help.
I think you are spot on David. xinetd has a default of 60 instances per daemon active at one time. This is configurable in xinetd.conf or in the individual config files for each daemon. The 7.2 default, again, is 60 per daemon and the default rsh config file does not override that default. My guess is that at the rate he is spawning rsh processes that by the time he gets near 500 there are still 60 open rsh connections so xinetd refuses to start any additional rsh instances. The fix would be to put an instance line in /etc/xinetd.d/rsh with some higher value, say 200, then restart xinetd and test. - rick - On Sat, 9 Mar 2002, David Talkington wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Rhugga wrote: > > > > >We are having problems with rsh on 7.2 machines. We are doing massive > >rsh connections on a 250-node cluster executing PVM jobs. We reach a > >point where we get the following error: (single machine test) > > > >poll: protocol failure in circuit setup > > > >It happens around 500 or so connections. I wrote test scripts that > >spawned rsh connections in sequence doing a simple 'uname -S' and > >found that near 500 connections this error would occur. Note: It is > >not always the same amount, it may be 497, 495, 499, but never 500. > > > >Is there a limit on open sockets or is there a limitation in in.rshd? > >These machines are otherwise idle when these tests are being ran. > > My instinct would be to point the finger at xinetd. inetd's > performance in this regard was known to suck; I don't know how xinetd > compares, but I'd suspect it. > > I won't presume to know what's best for your situation, but there are > usually better options than rsh -- ssh being the obvious one, and it's > a lot faster than you might think, if you use a good algorithm such as > blowfish. Another option for rshd might be to use a more robust > services daemon such as tcpserver; http://cr.yp.to/ucspi-tcp.html. > > Just some thoughts. > > - -d > > > - -- > David Talkington > > PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp > - -- > http://setiathome.ssl.berkeley.edu/pale_blue_dot.html > > -BEGIN PGP SIGNATURE- > Version: PGP 6.5.8 > Comment: Made with pgp4pine 1.75-6 > > iQA/AwUBPIpK1r9BpdPKTBGtEQJELwCgonLjlO4FEp8wMilOBvFW6FpCQBQAoMdb > lG43maJxSMB8N7QbaAdQBpCT > =08Fm > -END PGP SIGNATURE- > > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: [REDHAT] Re: php upgraded or not? and two other php Q
1) RedHat has not released and RPM for 4.1.2 - for any RH release. 2) 4.0.6 is fine if patched. RH released patched RPM's last week; if you got those you are fine. 3) If you want 4.1.2, at this time it is 'roll your own'. It will run with 7.0, but you have to do it yourself. - rick warner On Tue, 5 Mar 2002, David Kramer wrote: > On Tue, 5 Mar 2002, Michael Mayer wrote: > > > Hi David, > > > > On Tue, 5 Mar 2002, David Kramer wrote: > > > I have a Red Hat 7.0 system [0] that I just updated with the php-4.0.6 > > > RPM's. phpinfo() is still reporting my previous version of 4.0.4pl1 > > > though. All other evindence indicates that the upgrade happened, but... > > > > just try to restart your apache server: /etc/init.d/https restart > > for security reasons, you should use php 4.1.2! > > Can I run 4.1.2 with Red Hat 7.0? 4.0.6 was the most recent listed for > Red Hat 7.0. > > --- > David Kramer http://thekramers.net > DK KD "This must be Thursday", said Arthur to himself, sinking low > DKK D over his beer. "I never could get the hang of Thursdays." > DK KD > Douglas Adams, "Hitchhiker's Guide to the Galaxy". > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Help: NIS & NFS Server Randomly Stops Working
What is memory utilization when it fails? Paging rates? Swapping? One very big possibility is that the machine is becoming memory starved, and then is spending all its cycles handling swapping/paging. This desperation swapping is nasty but easy to fix; if it is the case more memory is the cure. - rick - On Wed, 27 Feb 2002, Matthews, John wrote: > Hello, > > I have a NIS & NFS server running a stock Red Hat 6.1 distribution. > The server is beginning to stop working more and more frequently now. NIS > used to mess up once or twice a week, but now it appears to go down two to > three times a day. I've seen the problem sometimes be related to > "portmapper" not functioning, other times I see that nfsd appears to > disappear, or ypserv will be running, but it won't be working. > > Does anyone have any idea what could be causing this sort of erratic > behavior? I've looked through the logs, but I haven't seen anything > pointing to a problem. The services appear to just die without warning. > Are there known issues with NIS & NFS not working well on Red Hat 6.1? > > The server is beginning to see heavier usage now, so I guess that is > causing it to fail more often. > > Thanks in advance, > John > > > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: smtp
Or he could use sendmail in non-daemon mode All the web servers and all of the desktops are configured so that sendmail does not run in daemon mode; but the machines can still send mail by making calls to sendmail. They just cannot receive mail in this config. - rick warner On Mon, 18 Feb 2002, David Talkington wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Martín Marqués wrote: > > >I was wondering if there is some sort of smtp client (inteligent) that I can > >put on the servers that are not the MTA of our net. > >Especifically, I want cron mails to be sent, and some other administrative > >mails to be sent from some of our servers, but without having the smtpd port > >open. > >I have configured the MTA to only send mails, but I would like to have > >something lighter to do this job then an MTA server (postfix, qmail, > >sendmail), just because those servers have more importante things to do > >(database servers, web servers, etc). > > You're question is a bit confusing, but if what you're looking for is > a light, fast way to transfer mail between trusted hosts without > requiring the overhead of smtp, qmqpd is perfect. It's a component of > qmail. You'll find what you need at these locations: > > http://www.lifewithqmail.org > http://cr.yp.to/qmail.html > > Cheers -d > > - -- > David Talkington > > PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp > - -- > http://setiathome.ssl.berkeley.edu/pale_blue_dot.html > > -BEGIN PGP SIGNATURE- > Version: PGP 6.5.8 > Comment: Made with pgp4pine 1.75-6 > > iQA/AwUBPHFIQL9BpdPKTBGtEQJqBgCgtrsTMfQqqt0XoFN9SaQzfelJ33QAoPab > Ixl5IVaPuhwcsxNzBoaIbcrv > =lRx8 > -END PGP SIGNATURE- > > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: [RH List] port 587 && 987
On Mon, 18 Feb 2002, Mike Burger wrote: > Not true. > > I don't specifically have inbound port 987, open...but I'm quite sure that > my named can make outbound connections from any port necessary. > > That's because my firewall has the following configured: > > $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > I'm accepting the return traffic to whichever port opened the outbound > connection, so long as that outbound connection is open. > Open connection with DNS (UDP)? Do you have some newfangled type of UDP that is acting like TCP? Inquiring minds want to know :) - rick - ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: [RH List] port 587 && 987
Filtering the port through IPtables is the wrong solution to handling his port 987 issue. Go back to his original config. He is running DNS (named). The default config is to use a random port for the query source; mine always grabs one in the 900 range. In named.conf there is a line that can be uncommented // query-source address * port 53; that will force named to use port 53 for the query source. The best answer to discovering what process is opening what ports is to use lofs . if he uses lofs and searches the output for 987 he will see that UDP port 987 is opened by named. If he filters that with IPtables then his DNS will quit functioning. Oooops, not good. The best solution in this case is to just understand the issue and live with it. - rick warner - On Mon, 18 Feb 2002, Mike Burger wrote: > Actually, there really isn't much in the way of overhead for > IPtables...the netfilter stuff is already compiled into the kernel...it's > just acting on the rules. > > I've not really seen much in the way of extra processing. > > In fact, on my border firewall, running RH7.2 and iptables, my load > averages are 0.00 across the board. > > On Mon, 18 Feb 2002, Steve Lee wrote: > > > I got port 587. i commented out the SMTP AUTH > > in my sendmail.cf. Howver i could not > > find any solution to port 987. i just made > > a simple iptables filter for the machine in the meantime. > > i don't want to run iptables as it will have overhead, > > but for now i must b/c of this. > > > > Thanks. guys. > > > > > > > > > > On Mon, 18 Feb 2002, Mike Burger wrote: > > > > > It's perfectly useful help. He pointed you at the source for the answer > > > to your question, from whence you could glean the information you sought. > > > > > > The Lord helps those that help themselves. So too goes the help on many a > > > mailing list. > > > > > > Rather than complain that you didn't get spoon fed the information you > > > wanted, why not thank him for pointing you in the correct direction, and > > > have at it. The sense of accomplishment you'll feel, after figuring it > > > out, goes a long way. > > > > > > On Mon, 18 Feb 2002 [EMAIL PROTECTED] wrote: > > > > > > > What kind of help is this! If you can not do better than > > > > > > > > Sendmail. Read the documentation, why bother? > > > > > > > > On Sun, 17 Feb 2002, Ashley M. Kirchner wrote: > > > > > > > > > Steve Lee wrote: > > > > > > > > > > > all of a sudden, i see port 587 and 987 listening. > > > > > > i have sendmail setup with qpopper with Drac. > > > > > > > > > > > > does anyone know what these ports are LISTENING. > > > > > > how to turn it off ? > > > > > > > > > > Sendmail. Read the documentation. > > > > > > > > > > > > ___ > > > Redhat-list mailing list > > > [EMAIL PROTECTED] > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > ___ > > Redhat-list mailing list > > [EMAIL PROTECTED] > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: suspicious procmailrc file
Check the permissions on your home directory and the .procmailrc file. Procmail is (rightly) concerned with processing files that have group or other write permissions that are in directories with group or other write permissions. Your home dir should be 0700 and the .procmailrc file should be 0600, IMO. Procmail will accept read permissions for group and other, but I see no reason to be that permissive. - rick warner On Mon, 18 Feb 2002, Reuben D Budiardja wrote: > > Hi, > I am trying to experiment using procmail. But, my rc file doesn't seem to > work. In the /var/log/maillog, I find entries saying: > Feb 18 11:00:37 devcorps2 procmail[10566]: Suspicious rcfile > "/home/reubendb2/.procmailrc" > What does this mean? > I include my procmail rc file in the bottom. Could someone help? > > Thanks. > Reuben D. Budiardja > > .procmailrc: > > PATH=/bin:/usr/bin:/usr/local/bin > MAILDIR=$HOME/mail > DEFAULT=/var/spool/mail/reubendb2 > LOGFILE=$MAILDIR/.maillog > LOGABSTRACT=yes > SENDMAIL=/usr/sbin/sendmail > > #snatch my personal mail from mailing lists > > :0: > * ^Subject: boo > $MAILDIR/Other > > :0: > * ^Subject: foo > $DEFAULT > > :0: > * ^To:.*reubendb@ > $DEFAULT > > :0: > * ^CC:.*reubendb@ > $DEFAULT > > # All The Rest That I don't need to read now: > :0: > * ^To:.*reubendb2@ > /home/reubendb2/mail/Other > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Help needed for website attack
The first comment to be made is that you can never tell where the user is coming from on AOL. AOL uses NAT'd gateways in a few locations, so you can trace back to the gateway but that tells you almost nothing about where the user is located. That said, a visualroute trace shows this gateway is in Reston, VA. That is not surprising, since that is where AOL is located. The way you ask the question makes it seem that you suspect you know who is trying to access your site. If so, have you tried to contact the person? My own way of handling this is to contact the service provider giving them the times, gateways, and destinations. They can identify the user and tell them to knock it off or have their account cancelled. Some providers are better than others, but it is the first step. I get similar mail at times from folks who think our users are doing something they should not, and I always follow up on those. - rick warner - On Sun, 17 Feb 2002, Rob Cartier wrote: > I was wondering if anybody can > help me with a matter of a user that > originates from the aol network and > continuosly attempts to attempt access to > a password protected website. > I have ip addresses and was hoping at > least someone could tell me the geographic location > of this user. > [Fri Feb 15 19:24:14 2002] [error] [client 152.163.189.101] > > I have many of these per day but they appear to > all orginate from the aol network > 152.163.188.x > 152.163.189.x > 64.12.96.236 addresses. > I believe that they are originating from > the aol network in the Boston and Foxboro areas > > traceroute reveals > > 9 pop2-vie-P2-0.atdn.net (209.249.203.234) 34.621 ms 36.744 ms 36.614 > ms > 10 bb2-vie-P13-0.atdn.net (66.185.139.133) 36.616 ms 36.460 ms 36.620 ms > 11 bb2-rtc-P0-2.atdn.net (204.148.103.57) 36.173 ms 37.283 ms 36.362 ms > 12 pop1-rtc-P15-0.atdn.net (204.148.97.86) 35.972 ms 36.984 ms 36.593 ms > 13 wc3-rtc-S0-0-0.atdn.net (204.148.98.118) 36.343 ms 44.620 ms 35.940 > ms > 14 cache-rl05.proxy.aol.com (152.163.189.101) 37.294 ms 38.007 ms 36.278 > ms > > Also is there a location on the internet > where I can resolve router geographic locations > > Thank you in advance > > Rob Cartier > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Ethereal won't load
You need openssl, too. That is where libcrypto is hidden :) - rick warner On Fri, 15 Feb 2002, James Pifer wrote: > I have the following packages installed. > ethereal-base 0.8.19 Applications/Network ethereal base package > ethereal-gtk+ 0.8.19 Applications/Network GTK+ GUI for ethereal package > ethereal-kde 0.8.19 Applications/Network Red Hat KDE integration for > ethereal and ethereal-usermode > ethereal-usermode 0.8.19 Applications/Network Red Hat usermode -package > integration for ethereal > openssl-0.9.6b > > When I try to run ethereal in KDE I get the following error: > [root@rly root]# ethereal: error while loading shared libraries: > libcrypto.so.0: cannot open s > hared object file: No such file or directory > > Anyone know why? > > Thanks, > James > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Sendmail & quotas (restricting mail size)...
The MaxMessageSize in sendmail applies to any message sendmail touches. Sendmail does not, for the most part, distinguish between inbound and outbound; messages are messages (the one place it does distinguish is in local address handling and local delivery). POP does not fail with quotas, ipopd fails with quotas. ipopd copies the user's spool file then uses that copy, then copies it back. The default is to make this copy in the mail spool directory. Blech! First off, with large spool files that is a lot of CPU time spent copying files, and second the fact that it uses the mail spool file dir makes quotas unusable. The real fix for this is to use a POP server daemon that is more reasonable and can work off the actual spool file without making a copy. I use cucipop in part for this reason. You could patch and recompile the U of Washington source from the SRPM, but ipopd is just plain ugly and I prefer a better POP daemon that does not bring my (busy) mail servers to their knees with idiocy like file copies. I like quotas and tend to favor the combination of those with a MaxMessageSize. I have lots of wounds from the arrows slung when I have imposed quotas and message size limits, but in the end it has worked for the majority and penalized only the minority of abusers so it has been worth it. There are MTA's that will not accept if quotas are exceeded - try sending to a Yahoo account which has too much in the spool; the message is never accepted. I prefer to accept within limits then tell users that they will not receive until they clean up their act. Good luck. - rick warner ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: MAJOR "bug" in chpasswd?
It is not a bug in chpasswd, it is a bug in PAM. Get the pam updates from
updates.redhat.com and install them. Then it will work fine. I filed a
bugzilla report on this a day or two after 7.2 was released and never heard
back, then did a bugzilla search last week to find the fix was referenced
from the bug report.
- rick -
On Thu, 31 Jan 2002, Jim Bija wrote:
> In trying to get together a disaster recovery plan a good friend of mine
> Richard Rager wrote this script for me:
>
> #!/bin/sh
> # echo test
> for a in `cat users.txt`
> do
> {
> u=(`echo $a | cut -f 1 -d ':'`);
> p=(`echo $a | cut -f 2 -d ':'`);
> echo "User: "$u
> echo "Password: "$p
> adduser -s "/bin/false" $u
> echo "$u:$p" | chpasswd
> }
> done
>
> the users.txt file would look like this:
>
> username:password
> jim:jim431
> joe:joe'spassword
>
> After executing this script i was curious as to why when i tried to login as
> joe his password did not work. First thoughts were it was the weird chars in
> his password that were throwing chpasswd off, perhaps thinking it was being
> told to do something, specialy if a password would contain a & or something.
> After pulling out a few hairs i bumped into the problem.
> chpasswd is only allowing the first 8 chars. If i try to log in joe with a
> password of joe'spas it works fine.
>
> SO, the question is. Is this a major bug or what? I am using MD5 and assumed
> i could use all 32 of the bytes allowed, however using that script with
> chpasswd i can not.
>
> Someone told me about the newusers command and i will be looking into it. If
> someone can send me a example file that adds a new user with
> username,password and what shell to give them only i would greatly appreciate!
> Also, does anyone know if newusers has the same problem chpasswd has?
>
> Thanks...
>
> Jim.
>
>
>
> ___
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Generic ethernet question
Before proceeding, you may want to check the local building codes. Around here it is against the code to string metal (copper) wire between buildings because they like to keep the electrical grounds separate - and metal wiring ties things together. It was not that much more expensive to blow some fiber strands through the conduit under the parking lot than it would have been to pull some copper; the transceivers were a bit more expensive, but not that much. - rick warner On Mon, 28 Jan 2002, Kerry Miller wrote: > I know the distance limit for 10baseT is approx. 300 ft, and 10base2 is 900 > ft (300m), but are the distances the same for 100 megs? Also, can you even > use coax at all on a 100 Mb network? I don't think 100Mb hubs even have > coax connectors on them, do they? I'm looking at about a 300 ft run in > plastic conduit, underground, between 2 buildings. They don't want to spend > the bucks for fiber. > > The good news is it's a private school and they want me to go ahead and use > Linux for the gateway, firewall, mail, etc. so they don't have to buy > licenses for Windoze! They told us to do whatever we wanted to with Linux > as long as it is reliable (since they don't know anything about it). They > thought it sounded great when I started quoting MS license prices... > > Tnx, > Kerry Miller > Network Administrator > Info-Power International, Inc. > 3315 Silverstone > Plano, TX 75023 > > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: AOL in Negotiations to Buy Red Hat
Simple. If they wanted to use Linux as the base for something in the future, they would want to make sure that the developers were stable financially. RedHat is profitable, but barely so. If there were some major issue the financial health of RH would be at risk, and so would whatever AOL might be building on top of RHL. Having the product in-house would be insurance against RH going under and putting their own projects at risk. - rick warner On Mon, 21 Jan 2002, rpjday wrote: > > this may be a naive question but, what exactly would AOL > get from *buying* red hat, as opposed to simply *using* red hat. > after all, given the GPL nature of red hat, certainly they have > the right to build any technology around red hat that they want, > provided that they don't violate the terms of the GPL. and they > can do that without buying any part of red hat. > > rday > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: linux vs sun incompatiblity ??? - ooops, typo
I did a typo in the command - restore -ivfb /dev/st0 1024 On Sat, 12 Jan 2002, Corey Madden wrote: > I made a tape archive to an 8mm Exabyte 8205 DX tape drive using a Sun Ultra 1 >workstation running Solaris 2.5.1 > I am trying to extract it on RedHat 7.1 linux box utilizing the same tape drive, >mine is interal while the creating drive was external. > > There is a way to do this as I have done it before but cannot remember for the life >of me. > I dont remember if had to do with setting the density as well as the compression >level or moving the tape past the first block, something like that seems familiar. > Anyone have any idea? > thanks > Corey > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: linux vs sun incompatiblity ???
You do not specify what you used to write to tape as far as software. My guess is you used ufsdump and you are trying to restore using restore. Sun. in modifying dump/restore to create ufsdump/ufsrestore made one major change that causes cross-platform grief - they changed the default to 1024 byte blocks rather than 512 byte blocks.If you are using restore, try something like restore -ivfg /dev/st0 1024 - rick On Sat, 12 Jan 2002, Corey Madden wrote: > I made a tape archive to an 8mm Exabyte 8205 DX tape drive using a Sun Ultra 1 >workstation running Solaris 2.5.1 > I am trying to extract it on RedHat 7.1 linux box utilizing the same tape drive, >mine is interal while the creating drive was external. > > There is a way to do this as I have done it before but cannot remember for the life >of me. > I dont remember if had to do with setting the density as well as the compression >level or moving the tape past the first block, something like that seems familiar. > Anyone have any idea? > thanks > Corey > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: PLEASE HELP! Works on Windows NT Server, but apparently not on Redhat 7.2!
Do a route command; I place it in rc.local. route add default gw aaa.bbb.ccc.ddd Works fine, do it all the time on both single-homed and multi-homed machines. I use it to add redundancy in my outbound links which go to multiple routers connected to multiple T-1's; NIC, router, and line problems are not noticed by my client base since data still flows in and out even if one of these components fail. - rick warner On Wed, 9 Jan 2002, James Pifer wrote: > I'm trying to replace an NT server with Redhat 7.2. The problem is that the > current environment has to be multi-netted on one NIC, hence two gateways. > Another source told me this couldn't be done on linux. > > Currently the NT server has several IP addresses(from two subnets) with TWO > default gateways. On NT 4 this is setup in TCPIP Advanced Properties. > There's a section for additional IP's and and another for additional > gateways. Assign them and it works. > > For example: (this first address is the main address, the rest are virtual) > 192.168.1.10 mask 255.255.255.0 gateway 192.168.1.1 > 192.168.1.11 mask 255.255.255.0 gateway 192.168.1.1 > 192.168.20.25 mask 255.255.255.0 gateway 192.168.1.20 > 192.168.20.26 mask 255.255.255.0 gateway 192.168.1.20 > > I can add virtual IP's without a problem, but how do I deal with the > gateways? I'll be very disappointed with Redhat(linux) if I can't get this > done. Can I do it by messing with the routing table? If so, what would the > syntax of the route adds be? > > PLEASE HELP! > > Thanks. > James > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Finding open ports
Perhaps there is a reason why these ports are blocked at the firewall. Our security model would forbid opening such a hole - in fact we open no holes. And there are no user accounts on the firewall - which is damn good security policy. On the firewalls I admin, the moment someone starts an nmap scan their IP address is permanently blocked from accessing our nets. The one and only correct answer is to review the security policy with the local security administrator and see what policies are in place. If there is a way, work with the admin to gain the access. If it is not allowed, accept it. At many sites, doing an end-around the security policy is a sure way to be invited to join the ranks of the unemployed. - rick warner On Mon, 17 Dec 2001, Oscar Castaneda V. wrote: > > Ask your local sysadmin to open an account for you in the firewall. ssh into the >firewall and then into your workstation. Not sure how secure this is but it can work >while you find a workaround. > > To find an open port you can use nmap. > > greetings, > oscar > -- > PGP Key fingerprint = 87 83 5F D3 8D D4 B9 DC 4F 15 B1 68 4E FE 2D AE > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Red Hat: You can distribute Red Hat Linux, just name it somethingelse
Leonard, Your question, and indeed most of the comments in this thread, are based on an assumption. That assumption is that there is value for RedHat in having people know that the $1.95 CD they bought from the local street vendor has "RedHat Linux" on the CD. I would assert that this assumption has very low probability of being true, that in fact that it is more likely that such knowledge is a liability to RedHat. I see no mechanism under which that knowledge can add value to RedHat, but it is quite easy to see how that knowledge leads to additional load on their support systems. Yes, they can tell the person on the phone that the Linux they bought at the local flea market is not supported by RedHat, but while doing so it has cost the company a couple of dollars for the amortized cost of the support infrastructure and the time of the technician who took the call. RedHat is a business and they exist, suprisingly, to make money (the raison d'etre for all businesses). They make money by selling support, so the only way RH will make money when Joe Flea sells his press of their distro on CD is if the amount of support revenue that it engenders for RH is more than the cost of telling all those who bought his CD's that they do not get free support and please get off the phone. Is someone who paid $4 for a CD of Linux going to pay $50 or $75 to RedHat for a support incident? Not likely. At the end of the day, the owners of RedHat, those who own RedHat stock, will demand that the company take measures to make money and ensure that they are not bleeding it away on phone support for El Cheapo Linux. And that is all RedHat is doing by reminding those who sell the cheap CD's that the policy is, and always has been, that they are free to redistribute the product but they cannot call it "RedHat Linux". I do hold a very small block of RedHat stock, on which, parenthetically, I am losing money as are most RH shareholders. As an owner of RH stock I think they are doing the right thing in protecting their assets and trying to make a buck. . - rick warner - On Fri, 14 Dec 2001, Leonard den Ottolander wrote: > Hi Rick, > > > This has always been RedHat's position; RH Linux can be freely > > redistributed but cannot be called RedHat. Nothing new, just a reiteration of > > what has always been true. > > So how would one identify such a copy as being RedHat Linux? I understand the > concern in regard to support, so I can understand RH asking redistributors to > make a statement that their copy is not an official RedHat release, that RH > will not provide service for it etc. But how the hell should CheapBytes call > such a copy? A Linux distribution from a well known vendor? > One more thing about redistribution: A *modified* copy of RedHat is not > RedHat, so I understand why Mandrake is not named RedHat. But an unsupported > copy of RedHat is still a copy of RedHat. How would you identify it otherwise? > > Bye, > > Leonard. > > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Red Hat: You can distribute Red Hat Linux, just name it somethingelse
This has always been RedHat's position; RH Linux can be freely redistributed but cannot be called RedHat. Nothing new, just a reiteration of what has always been true. - rick On Thu, 13 Dec 2001, Monte Milanuk wrote: > > http://www.newsforge.com/article.pl?sid=01/12/10/2014239 > > Anyone else came across this? Kind of an odd time to come > up w/ this, I'd think. Any idea what brought this on, and what they are > really trying to stop? I kind of got the impression that they are > trying to prevent people from buying $5 CD sets and > expecting RH to support them, but it kind of comes across > as though they are embarking on a witch hunt to choke off > the flood of places marketing RH cds entirely. I choose to > use KRUD, and periodically buy a RH boxed set just to > support RH, but I don't like the idea of tummy.com getting > hassled over KRUD just because of the name. I asked the people at KRUD, > and they at least don't feel like they'd be affected by it. > > Opinions, comments? > > Monte > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: pop3 settings
On Wed, 21 Nov 2001, Rodolfo J. Paiz wrote: > >everything is working fine except for pop3. > >it is still picking mail from > >/var/spool/mail > > He just told you procmail is fine. His problem is that POP3 is not looking > in the right place. > > (And I'd answer his question if I knew the answer...) The answer is: recompile the pop3 server. If one is using the default UW pop server (ipop3d) then one gets the SRPM for IMAP, go to the src/osdep/unix, fix the location in the Makefile for Linux (get the correct line, different places depending on shadow passwords or not and PAM or not), then make the package and reinstall imapd and ipop3d. Been there, done it. Pain, but it works. - rick warner ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Rewriting a Solaris tape backup script for RH 6.2 linux
dump. It is the old Berkeley filesystem backup program. Sun's ufsdump
is merely their update of the same program.
- rick warner
On Tue, 20 Nov 2001, dfp10 wrote:
> Hello!
> I have been using the following script for Solaris and need to find linux
> equivalents for the following programs:
> ufsdump (dumpe2fs?)
> prtvtoc
> and there are several more that I am not sure about.
> Thanks,
> Don Parsons
>
>
> #!/bin/sh
> # @(#) backup-script 1.2 95/09/15
> #
> # simple dump script /usr/bin/ufsscript to do full dump of an entire system
> #
> # edit the following to suit your configuration
> #
> TAPE=/dev/rmt/0mbn # this should be the non-rewinding tape device
>
> # use this for 2.3 GB 8mm drives
> #DUMPPARM="0ubdsf 126 54000 6000"
>
> # use this for 5GB (4mm & 8mm) drives
> # DUMPPARM="0ubdsf 126 54000 13000"
> # same but COMPRESSED
> DUMPPARM="0ubdsf 126 54000 26000"
> # DUMPPARM="0ubdsf 126 50800 740"
> # DUMPPARM="0cfu"
> # run from a shell tool or a cron. By default it backs up the entire
> # system. For incremental backups replace the DUMPPARM line with
> # DUMPPARM="xubdsf 126 nn n"
> # the x in place of 0 means incremental dump, or only the stuff
> # thats changed since the last since the last incremental dump was
> # done. Take a full (level 0)and save it in case of hd cashes.
> # Periodically run an incremental or a full dump (depending on the
> # amount of data change on the machine
> # to dump specific filesystems, set FILESYS to a list of
> # the devices you want to dump. If FILESYS is null, all
> # ufs filesystems listed in /etc/vfstab will be dumped.
> FILESYS=""
>
> # to print useful recovery information (disk layout, dump list)
> # set PRINTER to the name of the printer you wish to spool
> # the output to. If PRINTER is null, no output will be produced
> PRINTER=parsons
>
> #- shouldn't have to modify anything below here -
>
> getfs() {
> if [ -z "$FILESYS" ]; then
> FILESYS=`awk '$1 !~ /^#/ && $4 == "ufs" {print $2}'fi
> }
>
> getrootdisk() {
> ROOTDISK=`awk '$1 !~ /^#/ && $3 == "/" {print $2}'sed -e 's/$s./s2/'`
> }
>
>
> # start of actual process
>
> PATH=/usr/bin:/usr/sbin:/sbin; export PATH
>
> echo "Dump started at `date`"
> mt -f $TAPE rewind
>
> getfs
>
> for i in $FILESYS
> do
> echo "Starting $i at `date`"
> ufsdump $DUMPPARM $TAPE $i >/dev/null
> echo ufsdump $DUMPPARM $TAPE $i
> echo "Finished $i at `date`"
> done
>
> if [ -n "$PRINTER" ];
> then
> (
> echo "Dump done on `date`"
> echo ""
> echo "Tape contains the following partitions, in sequence"
> for i in $FILESYS
> do
> echo $i
> done
> echo ""
> getrootdisk
> prtvtoc $ROOTDISK
> ) | lp -d$PRINTER
> # unexpected end of file at last line
> fi
> ***
>
> ###
> Donald F. Parsons MB.BS, Ph.D, Research Physician,Wadsworth Ctr
> NY State Dept of Health, ESP Box 509, Albany NY 12201-0509
> [EMAIL PROTECTED] (518)474-7047
>
>
>
> ___
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Problem with 7.2 Upgrade: eth0 not recognized - fixed
Sounds more like a BIOS/motherboard issue. Have you turned off PnP in the BIOS? - rick warner On Wed, 14 Nov 2001, Mike Watson wrote: > This was the standard binary kernel supplied on the distribution disks. > > I've fixed it, but I'm wondering why it didn't fix itself. I was getting an > insmod error while trying to load the 3c59x module on startup. It didn't like > the IRQ which was 11 just like a PCI NIC on the Dell should have been. So I > turned off the NIC, ran kudzu and removed the configuration. Then turned the NIC > back on, ran kudzu again and went through the configuration. Still didn't work. > > So finally, I edited modules.conf removing the NIC references, and went through > the sequence above. Didn't work on just a reboot, but if I powered off and then > back up to get a POR, kudzu recognized it and the kernel module was successfully > loaded. Apparently once modules.conf had a "bad" entry it stayed bad until I > manually deleted it from the config file. > > COuld this be a kudzu problem? > > Mike W > > Jason Taylor wrote: > > > > -BEGIN PGP SIGNED MESSAGE- > > > > You can try recompiling the kernel for support for your NIC. I am > > quite certain the 503 is in there, you might be able to insmod it if > > it is built as a module. > > > > - -Jason > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Printing over Samba
Let me get this straight. You want to print from a Linux machine to a Windows machine, right? If so, Samba is out of the equation. Samba turns your Linux machine into an SMB *server* to host printers and filesystems for Windows machines. You want SMB *client* functionality to print to a remote Windows-hosted printer. No Samba required. - rick warner ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
