Re: SELINUX, DNS resolver cache, and poisoned nameservers

[Stephen John Smoogen]

On 3/12/07, Keith Lofstrom <[EMAIL PROTECTED]> wrote:

This weekend at a motel with free wifi, the nameserver was broken
and spewing some incorrect IP addresses ( wikipedia = 1.0.0.0
for example ).  Traffic to numeric IP addresses flowed normally.

I attempted a workaround by putting known-good nameservers in
/etc/resolv.conf .  Unfortunately, I still saw a lot of borked
DNS resolution, and surfing and pinging sites that I had attempted
before the fix resulted in the same errors.  The errors persisted
over a reboot.



A lot of hotels use DNS proxies and/or network trafficing to make sure
all/most DNS goes to their ISP's DNS server. I found this at the last
couple of Motels I have been at.. where putting in any DNS servers or
using the Caching-nameserver to use the root servers directly..
didn't. At some hotels, all traffic was lost.. at some I would see it
in the case of 4 out of 10 or so calls would get routed silently to
their servers.


I recently converted from RH9 2.4.22 to SL4.4 2.6.9 , and I don't
know how the new system does DNS resolution (it appears to be in
the kernel instead of a separate program like named) and how SELINUX


Linux usually uses the following system:

Program calls glibc which calls some subset of named instructions.
These then use the ips listed in /etc/resolv.conf to grab DNS anmes.

However in most hotels cases, this doesnt work because while your
packet thinks its going to say 129.24.8.1.. all UDP for port 53 goes
to 10.0.0.1 and gets rewritten back to you so it looks like it came
from 129.24.8.1



--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Prerequisites for Cornell Spider on SL 4.4

[Stephen John Smoogen]

On 3/13/07, Michael Hannon <[EMAIL PROTECTED]> wrote:

Greetings.  We're trying run the Cornell Spider program to search our
linux  boxes for sensitive information (SSN's, credit-card numbers,
etc.).  Here's the link:

http://www.cit.cornell.edu/computer/security/tools/spider-linux.html



Actually this is the first I have heard of this project. What I
normally do for perl requirements is to use cpanspec to build the base
src.rpm. The other tools will have to be catch as can get..

In other cases, what I do is take stuff from say fedora and port it
over.. and then go to next-level-of-trust repositories (though in many
cases they may be better than fedora :)).

DAG, Freshrpms, etc etc.



 * file
 * wvText (for converting
   Word docs to text)
 * unzip
 * unrar
 * lha
 * unzoo
 * arj
 * readpst




--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: trouble: ~3000 files in /usr/bin and a perl library were altered last night on my system -- any ideas why???

[Stephen John Smoogen]

On 3/14/07, Glenn Horton-Smith <[EMAIL PROTECTED]> wrote:

I have a bizarre occurrence to report and ask about.  Last night at 4:15
AM, the "mrtg" cron job started producing an error when it tries to run
every 5 minutes from it's cron.d script on neutrino:



Ok I can't explain why this program got changed.. but the other files
were probably changed with the prelink command that alters the ld
library to speed up execution. The way to check what has really
changed on your system will be with the RPM command: rpm -Va. Rpm has
the logic to check the checksums of the file taking into account
prelink.


--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: RHN Satellite Server?

[Stephen John Smoogen]

On 3/22/07, Michael Mansour <[EMAIL PROTECTED]> wrote:

Hi,

> > I hear RH is going to open source this.
> > Does the SL team plan to build this as
> > well?  Just curious.
>
> I guess we will research this.  If someone else rebuilds it we can
> always add it to contrib.
>
> Keep us updated if you hear more about this.

The biggest reason why this surprised me (and I will only believe it when I
see it), was when I took the RH401 Satellite course, I was not even allowed to
have an eval certificate to have a temp Satellite install of it. It was only
available in the classroom to quickly go through and then have the exam the
last day.



Ok as far as I know there has been no official declaration that they
are open-sourcing the RHN server. There have been a couple of articles
about them having to do so at some point.. but that is speculation of
the authors not an announcement.

The biggest reason that people were speculating about this was that
RHN had an 'open' satellite beta for 5.0 and that they were using yum
versus up2date. That and a wild speculation gets more page hits and
blog posts than getting definitive answers.


--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: No love for firewire?

[Stephen John Smoogen]

On 4/23/07, Michael Hannon <[EMAIL PROTECTED]> wrote:

Greetings.  One of the profs here wants to attach an external, firewire
drive to his linux box, running SL 4.4.  I had never used firewire under
linux, but I figured it wouldn't be a big deal to get it going.  But as
I dug into the problem, I discovered it wasn't all that simple.



Firewire has a tendency to eat its children. It works great if you
have a good controller and a good set of hardware.. but too much of
the hardware out there is dodgy enough to cause corruptions and
crashes. And so you end up adding more and more hardware to various
'grey/black' lists that say while it is plugged into a firewire
controller.. treat it like a really really broken USB box.

One of the issues that came up with the RH 3.x unsupported kernels was
that RH kept getting flack from various ISV's  that their customers
had lost important data from firewire and what was RH going to do
about it. [The line that it was in an 'unsupported' kernel didnt go
very far.]


--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Scientific Linux 5.0 i386 is now available

[Stephen John Smoogen]

On 5/7/07, John Logsdon <[EMAIL PROTECTED]> wrote:

To upgrade a (very recently) installed SL4.4, what are the appropriate yum
repositories and is this a recommended approach?



It is possible this might work... but from trying it with RH and
CentOS.. you will be better off doing an anaconda upgrade. Too many
changes in kernel, glibc, X, selinux, etc to have it work without
having to update 2-3 times.. at which point you might as well use
anaconda to do it right.



Best wishes

John

John Logsdon   "Try to make things as simple
Quantex Research Ltd, Manchester UK as possible but not simpler"
[EMAIL PROTECTED]  [EMAIL PROTECTED]
+44(0)161 445 4951/G:+44(0)7717758675   www.quantex-research.com


On Sun, 6 May 2007, Connie Sieh wrote:

> Scientific Linux 5.0 i386 is now available.  There are both iso images for 
cd'r and dvd available at
>
> ftp://ftp.scientificlinux.org/linux/scientific/50/iso/i386/
>
> -Connie Sieh
> -Troy Dawson
>




--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: is Scientific Linux stable enough ?

[Stephen John Smoogen]

On 6/11/07, arnuld <[EMAIL PROTECTED]> wrote:

hello to all,

i am a newbie to Scientific Linux. for my project work i need to have
RHEL. so i searched Google for Open alternatives and found 2 of my
choice:  CentOS and Scientific Linux. i liked Scientific Linux, may be
because of my childhood love of Nuclear Physics and Astronomy :-)



It depends. Are you trolling both the CentOS and Scientific Linux
mailling lists or are you looking for definitive answers.

Both CentOS and Scientific Linux have been built as stringently as
possible to the RHEL binaries. The RHEL binaries are built for
stability of a 7 year lifecycle. The less bugs RHEL has in it the more
value RH and its customers find.  However there will be bugs in RHEL
because the world is not a perfect place. And those bugs will show up
in CentOS and SciLin... they will get fixed in most cases.. but one
has to be able to deal with them and realize that all software is
buggy because the writers of software are buggy.



--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: is Scientific Linux stable enough ?

[Stephen John Smoogen]

On 6/11/07, Przemysław Pawełczyk <[EMAIL PROTECTED]> wrote:

On Mon, 11 Jun 2007 08:37:14 -0600
Stephen John Smoogen <[EMAIL PROTECTED]> wrote:

> > i am a newbie to Scientific Linux. for my project work i need to
> > have RHEL. so i searched Google for Open alternatives and found 2
> > of my choice:  CentOS and Scientific Linux. i liked Scientific
> > Linux, may be because of my childhood love of Nuclear Physics and
> > Astronomy :-)
>
> It depends. Are you trolling both the CentOS and Scientific Linux
> mailling lists or are you looking for definitive answers.

Hi Stephen,

Why so many people are so touchy 'bout trolling? I recon every answer
to troll questions makes the majority of "lurking" readers more
knowledgeable. Isn't the effort worth of it? :)



I am only touchy about it when the same post is made to 2 similar
lists with only slight additions/changes made to make the article more
interesting to the suspected audience. Also when 'strong' opinions are
added about something sucking it is a standard meme for 'getting an
argument going' versus looking for particular discussion



> Both CentOS and Scientific Linux have been built as stringently as
> possible to the RHEL binaries. The RHEL binaries are built for
> stability of a 7 year lifecycle.
(...)

But what about repos? Which one can I mix up with what? My first
attempts to use SL went into failure as I "touched" the yumex crap (and
ended furious for its slowness) and got too many red messages about
dependencies in return. Perhaps I wanted to delete/install too many
apps at a time (what is the best option then?). But taking into
consideration the notorious yumex sluggishness I wasn't able to do
anything useful.



Dealing with repositories is always a tricky matter.. I normally make
sure my system is working to how I want it without repositories.. and
then try to figure out which repo's have the data I want in them, and
what audience/customer each one serves. After that, I enable/add the
ones I figure meet those needs.. but sometimes have to 'back' off for
some reason.


Why are ATrpms (and others) listed first than CentOS repos? CentOS
repos are supposedly more similar to SL binaries after all. I must
say frankly that I got nearly all repo addresses I could use for SL
now, a few tips how to use them, and no knowledge which use first and
why.



The CentOS repos would not be listed as they mostly contain the same
data as what SciLin already contains.. and would not be useful
additions. The CentOS-plus might be useful, but mixing and matching
OS's is not for the faint of heart  [did SciLin add a kernel patch for
their OS for CERN clusters...? did CentOS try to add it as a seperate
module? etc]

--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: SL vs. Fedora...

[Stephen John Smoogen]

On 6/12/07, Donald E Tripp <[EMAIL PROTECTED]> wrote:

This is a question I hear fairly frequently on both SL and CentOS forums. 
Here's my two cents.

RHEL/SL/CenOS is a world class stable operating system. It got that way by 
being refined over time, and it stays that way from a continuos flow of quality 
bug fixes and updates. With a release cycle of 36 months, and life-time of 5-6 
years, RHEL/SL/CentOS is the desired platform for server operating systems and 
mission critical systems.

Fedora is like the baby brother; the one who wants all the new toys. Fedora's 
release cycle of 18 months puts it way ahead of any of the RHEL clones. Fedora 
has an estimated life-time of 3 years. I just recently read that they were 
dropping support for FC1 and FC2 because of lack of use / limited space. so FC3 
is probably close behind.



Pretty much but the Fedora release cycle is 6-9 months and the life
cycle is estimated to be 18 to 24 months versus 3 years. FC3 and FC4
have been end-of-lifed for a while. FC5 will be end of lifed soon. The
future plans of Fedora will be to release regularly in October and
April. This means that FC8 will be only a 4 month development cycle
with a 1 month beta cycle. FC9 will be a 5 month development cycle
with a 1 month beta cycle. Support will become 18 months I think. The
goal of this is to make sure that they are near bleeding edge and not
having to suck up too many resources doing bug fixes for releases that
the developers can't remember anymore.




--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: xemacs on 5.0

[Stephen John Smoogen]

On 7/11/07, John Summerfield <[EMAIL PROTECTED]> wrote:

Karl Misselt wrote:
> Hi - Does anyone know why TUV dropped xemacs from 5?  I think there
> was some unrest in xemacs circles about FC-6 including a 'beta' xemacs
> in the release.  Is TUV not including xemacs because of it's status as a
> 'beta'
> in FC6?   As Fedora 7 does supply xemacs, it's a bit weird how release 5
> doesn't.  I was able to rebuild xemacs from the FC6 SRPM (as well as from
> CentOS), but still have annoying little font warnings that I haven't had
> the
> time the track down.  Not a real big deal, but as xemacs is my IDE :), it's
> a bit frustrating to have to spend time futzing around with it.
> -Karl
>


When a package you want is missing, a good place to look is in the
CentOS repositories. Like SL, it's built from RHEL sources, and it has
some extra packages in supplementary "demanded" by users.

And then there's the EPEL (I think, but I don't recall what it stands
for - maybe it's FPEL) folk who're building Fedora packages for EL.





To answer the first question... there isnt a large enough demand for
emacs/xemacs these days to justify maintaining 2 different editors
that are basically the same. At one point in the beta cycle it looked
like both were going to be dropped.

To answer the above answer.. currently neither Fedora EPEL or CentOS
Extras have made RPMS for xemacs. Again it comes from not anyone
stepping up to say they will long-term maintain it.

--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Pakcages that SciLin users would like:

[Stephen John Smoogen]

I have a short list here:

R
ROOT
?


--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Pakcages that SciLin users would like:

[Stephen John Smoogen]

On 7/20/07, Jon Peatfield <[EMAIL PROTECTED]> wrote:

On Fri, 20 Jul 2007, John Hearns wrote:

> Stephen John Smoogen wrote:
>>  I have a short list here:
>>
>>  R
> It is already available.
>
> http://cran.r-project.org/bin/linux/redhat/
>

Is the R-2.5.0 included in SL 5.0 (and 4.5?) not good enough?



Ok so I was going off of a very old email I had.. but the real
question is what software are people wanting for their work that other
distros provide?



--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Does SELinux really worth it?

[Stephen John Smoogen]

On 7/23/07, Zhi-Wei Lu <[EMAIL PROTECTED]> wrote:

Hi,

Being security conscious or scared, I have been trying to enable
SELinux on most of my SL4/SL5 systems.  However, almost every time,
something suppose to work, but it doesn't, can be attributed to the
SELinux problem. Here are a few example,

lvm display commands fail to give any information if you rlogin
(kerberos) into the system.
Kerberos rlogin (eklogin) fails because of mislabel of the /var/tmp/
host_0
...

Many times, one does not think that it is an SELinux related issue
and waste a lot of energy trying to debug the problem. I am just
wondering how people are coping with SELinux: love it, hate it,
disable it, disable some transactions.  I would really like to hear
the words of wisdom on this topic.



While I have dealt with a couple of mislabels and such during the 4.0,
I have found that most of the time it has stopped something from going
on that wasnt thought about. One system had a lot of problems because
/etc/services was mislabeled. Why was it mislabeled? Because someone
had installed some software that overlayed /etc/services with its own
file. Did we know about it? No, not until services broke.

We have had a couple of webservices not working, why? because the
cgi-bin binary only worked with it being setuid root. Turning off
selinux ended up with our /etc/passwd file corrupted because it
somehow decided it needed to edit it.

In a lot of cases, apparmour/selinux will stop things from working...
and in a lot of those its because of poor sysadmin behaviour that
would have caught up with you later, broken apps that are doing
something that you are not aware of, or similar issues. One thing I
have found was that my servers that do not have selinux enabled on
them due to *cough*oracle*cough* are a lot less stable than the ones
that I have it on. I end up tearing my hair out at times.. but its
usually figuring out why some software does something that no-one
would believe software would need to do.

--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Does SELinux really worth it?

[Stephen John Smoogen]

On 7/24/07, Wayne Betts <[EMAIL PROTECTED]> wrote:

Brett Viren wrote:
And to answer the original question of this thread...  I'm on the fence
about the value of selinux.  Linux was already pretty darn "securable"
-- selinux seems to add unintuitive complexity for all but the die hard
admins that will likely cause much grief in exchange for few if any
"saves", but over time the balance will shift in its favor as more
people become comfortable with it.  If someone has an anecdote of how
selinux saved the day at some point, please share it!



Most of my saved the days are from a sister lab :). THe places where I
found it useful was where webserver had a PHP program installed for a
'summer' project and then forgotten. Our sensors were showing some
'odd' traffic to the server and we went to look at it. In the end, the
box was found to be ok, because none of the exploits could be run from
Selinux blocks. If the exploits had been run, there would have been
some bad issues because the box hadn't been updated since the project
had ended.


--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Does SELinux really worth it?

[Stephen John Smoogen]

On 7/24/07, John Logsdon <[EMAIL PROTECTED]> wrote:

A number of people - not on this list - have objections to SEL, even including
the suggestion that it is really a business model to sell support rather than
offer security!

Mine has always been that a security system that depends on various utilities
must be fundamentally insecure as anyone can insert corrupted versions and a
hacker can alter the path so that the unsuspecting user ends up copying their
files out as well as doing an ls for example.  And if you happen to disable
SEL then enable it again, you have I believe to rebuild the filestore.

Others view the LSM as insecure by virtue of exported symbols.



I don't know where people have come up with the above, but I have
heard a lot of it before. Most of it has been refuted or shown to be
wrong (the risk of a bad binary is the same in grsecurity and selinux.
Both read their policies from a 'blob' into the kernel and figure out
what to do then.)


A lot can be done with standard access controls and it is a great pity that so
many packages are wrapped up and thus installed with world permissions, read
permissions when not appropriate and other loopholes.  It would be far too
much to expect Connie and Troy (or our friends at CentOS) to reset all of
these - it is really a hole created by the UV maybe to justify the inclusion
of SEL.  Proper setting of home directories that mirrors group  access can
reduce visibility. (ie set the home as /home/groupname/username with 2771
group permissions, group membership for user and  0700 for the home
directory) controls a lot of things.



I think you will need to provide specific examples. I do not know of
many files in a default install that are set to being world writable



I always disable SEL and use grsecurity (www.grsecurity.net) which is a kernel
patch that requires no supporting utilities other than the gradm control
utility.  It includes the PaX patches.

The only issue then is that the grsec patches generally refer to the latest -
or nearly latest - kernels and there is some debate that a stable version
should be made available for 'stable' kernels such as used by the Upstream
Vendor.



I thought the grsecurity people did that, but it was on a contract
basis (e.g. their sales model as it is both hard and expensive to
support older kernels for any length of time).



Policies are always a problem to set of course.

Thanks for everything.

On Tuesday 24 July 2007 06:21:47 Keith Lofstrom wrote:
> On Mon, Jul 23, 2007 at 04:38:49PM -0700, Zhi-Wei Lu wrote:
> > ...
> > Many times, one does not think that it is an SELinux related issue
> > and waste a lot of energy trying to debug the problem. I am just
> > wondering how people are coping with SELinux: love it, hate it,
> > disable it, disable some transactions.  I would really like to hear
> > the words of wisdom on this topic.
>
> I, too, am worried about SELINUX.  I would work with it more, but
> there seems to be little accurate information about configuring it
> for new apps (such as OpenVPN).  I set it to permissive, and may turn
> it off entirely unless I can find better info about configuration
> with SL5.
>
> Local acquaintance Crispin Cowan developed AppArmor, now a part of
> Novell/SUSE.  Crispin makes a convincing ease-of-use case for the
> now-free-and-open AppArmor, and I might use that instead of SELINUX
> if the config files become available for SL5.  Crispin will be at
> OSCON this week, and I expect to see him a few times;  if anyone
> wants me to ask him more questions about AppArmor, I can.  AppArmor
> might prove an interesting alternative for the SL5 user community
> to develop and use as an add-on package.
>
> Keith



--
Best wishes

John

John Logsdon   "Try to make things as simple
Quantex Research Ltd, Manchester UK as possible but not simpler"
[EMAIL PROTECTED]  [EMAIL PROTECTED]
+44(0)161 445 4951/G:+44(0)7717758675   www.quantex-research.com

---

--
Best wishes

John

John Logsdon   "Try to make things as simple
Quantex Research Ltd, Manchester UK as possible but not simpler"
[EMAIL PROTECTED]  [EMAIL PROTECTED]
+44(0)161 445 4951/G:+44(0)7717758675   www.quantex-research.com




--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Does SELinux really worth it?

[Stephen John Smoogen]

On 7/25/07, Connie Sieh <[EMAIL PROTECTED]> wrote:



How does AppArmor solve this security issue?



I am not sure. I am not an AppArmour expert in any way. A lot of the
issues that John brings up about path based control etc are ones that
are why AppArmor hasnt been brought into the core kernel yet. But I do
not know how much of that is real problems or kernel politics.

--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: XFS file system

[Stephen John Smoogen]

On 8/8/07, Brent L. Bates <[EMAIL PROTECTED]> wrote:
>  The installer will not look in the contrib directories?  Ok.  Could I as
> part of my combining the CD's into a single DVD process, move the XFS RPM's
> out of the contrib area and into the main stream directories?  Or perhaps,
> with the DVD I've already burned, do some kind of shell escape out of the
> install GUI and install them from there?  People want XFS and we really don't
> care about the top level vendors prejudices.  I'm willing to work with the SL
> people to get a more reasonable solution to this on going problem.
>

You will also need to have the anaconda pretty seriously for it to
know xfs etc. I hope your people want it enough to pay for that work.

-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: XFS file system

[Stephen John Smoogen]

On 8/8/07, Michael Mansour <[EMAIL PROTECTED]> wrote:

>
>
> A couple of years ago I spoke to technical employees of TUV (doing RHEL
> courses with them at the time - the techs where "the buck stops here" to solve
> the hardest problems in RHEL) and what they said was, the reason TUV doesn't
> support XFS had nothing to do with data corruption or the XFS filesystem
> itself, it was just simply a matter of "what for, why support another
> filesystem" when ext3 was robust for the enterprise and if you wanted more
> performance with less redundancy (to get the performance you get out of XFS)
> then you simply turn off those ext3 features which slow it down.
>

This was a primary reason. Filesystems are particularly hard problems
and you want a team dedicated to working on issues on them. Back in
2000 or so, Red Hat had to either buy up most of the SGI filesystem
staff or it needed to focus on what it had in ext3. It decided that
for the costs it was better to focus on ext3/4/5/6.

The secondary reasons come from that decision. You need a team of
people to go 'fix' it to deal with 32 bit architectures on small
stacks.. or assume that xfs is a filesystem for 64 bit systems only.

-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Removing Java 1.4.2 from 4.4

[Stephen John Smoogen]

On 9/1/07, Nocte Diemque <[EMAIL PROTECTED]> wrote:
> I have SL 4.4 with Java 1.4.2 which I believe came installed directly. I've 
> since updated the Java twice, most recently to 1.6.0 and that works fine with 
> Firefox.
>

Well there could be multiple javas installed on the system.. they are
meant ot be co-existant versus upgrades (as 1.4.2 has items that 1.6.0
doesnt etc etc). You need to look at what Javas you have on your
system via RPMS:

rpm -qa --nodigest --nosignature | egrep 'jdk|java|j2c'

My guess is that you will see some packages like:
java-1.4.2-gcj-compat.noarch
java-1.4.2-gcj-compat-devel.noarch

which are builtin to SL-4

The best way to deal with this is get the jpackage items.

http://www.jpackage.org/installation.php

I think if you have installed the 1.6.0 from sun, you have already
completed step 1 and are onto step 2 and beyond.



> However when I want to use a command line tool which relies on Java it picks 
> up 1.4.2. The `which' command also picks up 1.4.2. The Java web pages give 
> advice on how to remove Java when installed from rpm, but this doesn't seem 
> to apply to 1.4.2.
>
> Can someone point me in the right direction to fix this ? I experimented a 
> little with renaming what I thought were the key files for java 1.4.2 but 
> didn't succeed. I also tried simply aliasing /usr/java/jre1.6.0_02/bin/java 
> to java, but this produced error messages.
>
> I'll be very grateful for help on this.
>
> NDI
>
> _
> Feel like a local wherever you go.
> http://www.backofmyhand.com
>


-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Can anyone help me with inotify ?

[Stephen John Smoogen]

On 11/6/07, Johan Mares <[EMAIL PROTECTED]> wrote:
> I have a SL5.0 installation and I want to monitor a directory for new
> files (FTP), when a file is created a script should be executed to do
> something with the contents of the file and the remove the file.
> When I do a locate on inotify and dnotify they are both found. dnotify
> is found in directories of gamin and kernel. When I try to execute
> dnotify I get a command not found error, the same with inotify. When I
> try the examples at http://www.linuxjournal.com/print/8478,
> http://edoceo.com/creo/inotify/,
> http://www-128.ibm.com/developerworks/linux/library/l-inotify.html, ...
> all I get is errors and not founds.
>

inotify and dnotify are kernel items. You have to write code to talk
to them and interface with it. The code you see in gamin is where it
talks to dnotify and gets an answer.

inotify is usually used by the audit system to do certain things...
not sure if you want that as I think it checks existing inodes for
changes.

dnotify is probably what you want. I think the d-bus interfaces with
that. You would need to see about making a dbus interface
program/script and then using it.

> How can I check if inotify is (correctly) installed and available ?
> Where can I find some good examples to use on SL5.0 ?
> Or is there an alternative in order to raise an event every time a file
> is created in a specified directory ?
> I also asked this question in some newsgroups, the only answer I got was
> to hack my ftpdeamon (vsftpd). (I am webdeveloper (PHP, javascript,
> Ajax, ...) and install LAMPs on SL5.0, but that is it, for now anyway).
>
> Thanx,
>
> Johan
> --
>
> VLIZ
>


-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: TESTING - jdk 1.5.0 update for SLF3, SLF4

[Stephen John Smoogen]

On Dec 28, 2007 12:57 PM, Troy Dawson <[EMAIL PROTECTED]> wrote:
> Hello,
> java has had several security issues that need to be addressed.  The problem 
> is
> that the j2sdk-1.4.2 in SLF3 and SLF4 has several irritating issues.  The 
> worst
> issue is that it will uninstall newer versions of java.
> So, the goal has been to update the java in SLF3 and SLF4 to jdk 1.5.0 without
> hurting things too much.
> I think I've gotten it sorted out with some modified java-compat rpm's.
> I have done some testing and found that things work the way that I'm 
> expecting,
> mainly that the j2sdk-1.4.2 is removed and jdk-1.5.0 is added and in place.
> But I'd like some testers.
> If nobody has any complaints, I want to push this out in the errata on wed 2
> Jan. 2008.
>

This definately needs some testing by people using Java. There are
major code changes between 1.4.x and 1.5.x and you can end up with
some nonworking stuff quickly. If you are using third party software
then it can also 'break' things quickly if 1.5.0 replaces the 1.4.2
your webservlets were using. So please make sure you let Troy know
about where this would break you.


-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: acroread or xpdf

[Stephen John Smoogen]

evince is the prefered way to read pdf in SL5 but like xpdf it does
not have acroread form capabilities.

acroread is a closed source product and you should get it from Adobe
for best utility:

http://www.adobe.com/products/acrobat/readstep2_allversions.html

It doesn't look like they have yum repositories for this like they do for flash.

On Jan 8, 2008 5:14 PM, Rachid Ayad <[EMAIL PROTECTED]> wrote:
>   Hello, I just installed SL5 but I did not find a way to install adobe
> acrobat utilities: acroread or xpdf .
>
>   1) acroread: "yum" does not know about acroread and also "Install/remove
> GNOME untility", so I did download some rpms from cern web site:
>
> http://glitesoft.cern.ch/cern/slc30X/i386/yum/updates/repodata/repoview/A.group.html
>
>   but rpms work for SL3 and does work for SL5 because of dependencies:
> XFree86-devel and XFree86-libs. So I tried to install with yum XFree86 but
> no success (it seems does not exist). Also search in GNOME
> "Install/Remove" of XFree86 does not give any substancial answer.
>
>   2) xpdf is not recognized GNOME "Install/remove" or yum.
>
>   Regards, rachid .
>
>
> ===
> Rachid Ayad
> Barton Hall, Temple Univ.
> 1900 N. 13-th ST.
> Phila., PA 19122-6082
> Tel: +1 (215) 204 1503
> or 3180
> Fax: +1 (215) 204 5652
> ==
>



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: System Configuration Limits for SL5

[Stephen John Smoogen]

On Jan 20, 2008 12:25 PM, markaoki <[EMAIL PROTECTED]> wrote:
> The config limits chart for SL covers only V3 and 4, so I don't know for
> sure.
>
> Red Hat has a chart covering RHEL 3, 4, and 5, indicating a drop in
> supported
> maximum per-process memory, from 4gb to 3gb, for V5 over the prior versions:
> http://www.redhat.com/rhel/compare/
>
> I don't see hugemem kernel anywhere, not since SL 4 anyway.
>

I think the reason is that Red Hat is following Linus's lead on this:
If you want more than what the base architecture go to 64 bit. While
you can get 4gb on a 32 bit kernel, there is a non-negligible
performance hit and a lot of odd things seem to happen that are not
reproducible.. but thought to be due to the various hacks one has to
on the chipsets to get it to be more ram than it is supposed to.




-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: fsck.ext3 on large file systems?

[Stephen John Smoogen]

On Wed, Mar 26, 2008 at 7:34 PM, Michael Hannon <[EMAIL PROTECTED]> wrote:
> Greetings.  We have a lately had a lot of trouble with relatively large
>  (order of 1TB) file systems mounted on RAID 5 or RAID 6 volumes.  The
>  file systems in question are based on ext3.
>
>  In a typical scenario, we have a drive go bad in a RAID array.  We then
>  remove it from the array, if it isn't already, add a new hard drive
>  (i.e., by hand, not from a hot spare), and add it back to the RAID
>  array.  The RAID operations are all done using mdadm.
>
>  After the RAID array has completed its rebuild, we run fsck on the RAID
>  device.  When we do that, fsck seems to run forever, i.e., for days at a
>  time, occasionally spitting out messages about files with recognizable
>  names, but never completing satisfactorily.
>

fsck of 1TB is going to take days  due to the linear nature of it
checking the disk. [ I think the disks for mirrors.kernel.org take
many weeks to fsck.] The bigger question is what kind of data are you
writing to these disks, and is the ext3 journal large enough for those
writes?


>  The systems in question are typically running SL 4.x.  We've read that
>  the version of fsck that is standard in SL 4 has some known bugs,
>  especially wrt large file systems.
>
>  Hence, we've attempted to repeat the exercise with fsck.ext3 taken from
>  the Fedora 8 distribution.  This gives us improved, but still not
>  satisfactory, results.
>

Did you recompile the binary from source, or did you use it straight?
I am just wondering if fsck is dependant on some kernel particulars...

To tell you the truth, I have not done anything with Linux Raid in the
Terabyte range.. Usually I go with a hardware solution at that point
(usually for business reasons.. that much storage usually comes with a
box with hardware raid). I did run into a similar issue though trying
to help someone last week on a SuSE box with ext3. They also had a
long fsck and weird file names coming up. I think they went with the
same solution ( restore from backups).



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: fsck.ext3 on large file systems?

[Stephen John Smoogen]

On Thu, Mar 27, 2008 at 4:40 PM, Michael Hannon <[EMAIL PROTECTED]> wrote:
> On Thu, Mar 27, 2008 at 05:06:53PM +0100, [EMAIL PROTECTED] wrote:
>  > On Thu, 27 Mar 2008, Stephen John Smoogen wrote:
>  .
>  .
>
> .
>  > Hmm, we successfully fsck'd ext3 filesystems 1.4 TB in size frequently a
>  > couple of years ago, under 2.4 (back then, it was SuSE 8.2 + a vanilla
>  > kernel). This took no more than a few hours (maybe 2,3, or 4).  It was
>  > hardware RAID, not too reliable (hence "frequently"), and not too fast (<
>  > 100 MB/s). A contemporary linux server with software RAID should complete
>  > an fsck *much* faster, or something is wrong.
>
>  Hi, Stephan.  Yea, I think I must be doing something wrong here, but I
>  haven't been able to figure out what it is.
>

Well this could be a hardware error on the wire (bad scsi wire etc).
It could also depend on how the data is laid out on the disk. The long
fsck's were tons of directories and files.. and they were read,
deleted, etc in random order (eg INN news). but then again it could be
that I had crap hardware then too :).

>
>  > And I still wonder why fsck at at all just because a broken disk was
>  > replaced in a redundant array?
>
>  The system seems to insist on it.  Again, there may be some cockpit
>  error involved.
>

Usually it will require an fsck if the disk did not shutdown clearly
or some other issue it is detecting. I would need to know more about
the hardware in place (controller, number of drives, type of drives,
how many spares etc) to make a more educated guess.



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Installing Scientific Linux Over Network

[Stephen John Smoogen]

On Fri, Apr 25, 2008 at 4:39 PM, rsoares <[EMAIL PROTECTED]> wrote:
> Hi,
>
>  Is it possible to install Scientific Linux over the network and where do I
> find how?
>

Yes it can be installed over the network. You should read the deployment guide

http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/index.html



>  Thanks for your time.
>
>  Sincerely,
>
>  R.S.
>



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Ubuntu Hardy Heron and the new X.org - when in SL?

[Stephen John Smoogen]

On Sat, Apr 26, 2008 at 9:44 PM, John Summerfield
<[EMAIL PROTECTED]> wrote:
> Keith Lofstrom wrote:
>
>  rg 7.1.1 (12 May 2006) that comes with the Scientific Linux 5.0 .
>
> >
> > 5.1 and 5.2(beta) also run 7.1.X X.org, right?
> >
> > This leads to a prediction question - involving crystal balls and
> > tea leaves, perhaps.  How likely is it that T.U.V. EL 5.3 (and thus
> > SL5.3) will upgrade to X.org 7.3?
> > If that is not likely to happen before EL6, what kind of pain is it
> > to make a local upgrade to X.org 7.3 and maintain it outside of the
> > automated update process?
> >
>
>  My crystal ball, fed on pure speculation based on the nexus between Fedora
> and EL suggests EL6 might not be far off, and that it would be based on
> Fedora 9 which is currently in beta.
>
>  The cycle as I recall it:
>  RHAS 2.1 based on RHL 7.2
>  RHEL3 FC1? or was it RHL 9? That one I'm not sure on
>  RHEL4 FC3
>  RHEL5 FC6 (beta together)
>  RHEL6 F9? What do _you_ think?

Possibly but in the past, there has been a lot of 'clues' in certain
deadlines of quality being met and some pre-announcements. It was also
that the F3/F6 cycles were longer than the current 6 month release
schedules Fedora is on. They usually have split off during the betas
of F6 and F3 and had the EL beta around the time F3/6 were released. I
think in this case EL-6 is going to fire off on the F10/11 cycle
(mainly also because there have been some major changes in F9's init
structure that need to be ironed out with a real release)

-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: openoffice

[Stephen John Smoogen]

On Fri, Jun 27, 2008 at 3:39 PM, Troy Dawson <[EMAIL PROTECTED]> wrote:
> Robert E. Blair wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> I have a x86_64 install of 5.1 and on it I have installed a version of
>> openoffice from openoffice.org and don't have any pieces of openoffice
>> from the 5.1 distribution.  This morning it wanted to "update" my
>> openoffice 2.4.1 with the distribution 2.3 version.  I put an exclude in
>> sl-security.repo and sl.repo to tell it not to, but does anyone know why
>> it would want to do this?  The standard openoffice.org release is rpm
>> based so it should know better.
>> - --
>> Robert E. Blair, Room E277, Building 362
>
> The openoffice in Scientific Linux has an epoch of 1, which that from
> openoffice.org has an epoch of 0.
>
>  yum list openoffice\*
>
> That 1: at the beginning of our openoffice version is the epoch number.
>
> I don't know why redhat put a 1 on it, but they did.
>

Back port of edition I think. Basically they went to a newer version,
and it was broke so they had to push out an older version.. which
requires an EPOCH change. This would have been a while back but once
you walk down the path of EPOCH.. forever will it dominate your spec
file.


-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Xman not working on 5.2?

[Stephen John Smoogen]

On Mon, Jul 7, 2008 at 12:49 PM, Mark Stodola <[EMAIL PROTECTED]> wrote:
> I've been dragging around a copy of xman since it was dropped from the RH
> distributions for several years now.  It worked great on RH9 and SL4.1.  I'm
> currently testing SL5.2 and xman does not appear to be finding any manual
> pages anymore.  I've verified MANPATH and everything else looks to be
> correct, as compared to my 4.1 setup.
>
> I'm curious if anyone can shed some light on the subject.  I doubt anyone
> else is still dragging xman around...  Are the manpages being
> handled/generated differently in SL 5 vs 4?
>

Don't know enough about xman anymore to tell.. but man pages look the
same format between 4.6 and 5.2 system. However man did go through a
major rewrite between 1.5 and 1.6 code..

RHEL-4 man-1.5o1-11.el4
RHEL-5 man-1.6d-1.1

> As a side note, I've noticed the 'makewhatis' script is now back in
> /usr/sbin (as opposed to /usr/bin) and not executable by a normal user.
>  Probably TUV's fault, but this script should be executable as a normal
> user, as passing -o allows for creating local, user-owned whatis files.
>

rpm -q man --changelog showed me this on an RHEL box.

https://bugzilla.redhat.com/show_bug.cgi?id=140729

> Cheers,
> Mark
>
> --
> Mr. Mark V. Stodola
> Digital Systems Engineer
>
> National Electrostatics Corp.
> P.O. Box 620310
> Middleton, WI 53562-0310 USA
> Phone: (608) 831-7600
> Fax: (608) 831-9591
>



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Recent openssh problem

[Stephen John Smoogen]

On Wed, Aug 27, 2008 at 10:31 AM, P. Larry Nelson <[EMAIL PROTECTED]> wrote:
> We've run into a problem with ssh X11 forwarding, apparently since
> the 8/23/2008 yum update of openssh packages.
>
> In the very recent past we were able to 'ssh -X' from an SL 4.6 host
> to another SL 4.6 system, and from there do an 'ssh -X' to a third
> SL 4.6 system and have X11 traffic pipe its way back to the original
> host with no problems.
>
> Now, in the last few days, we find that the 'ssh -X' from first host
> to second works fine, but then an 'ssh -X' to the third results in:
>
> Warning: untrusted X11 forwarding setup failed: xauth key data not generated
> Warning: No xauth data; using fake authentication data for X11 forwarding.
>
> And firing up any X11 app on the third host fails with:
>
> X11 connection rejected because of wrong authentication.
> X connection to localhost:12.0 broken (explicit kill or server shutdown).
>

This actually sounds like the security fix is working. Does ssh -X -Y
do what you want?

Say hi to Andy at roadkill for me :).

> I've started googling for this, but thought I'd throw it out in case
> others are experiencing the same problem or maybe Troy/Connie have a
> thought or fix.
>
> Thanks!
> - Larry
> --
> P. Larry Nelson (217-244-9855) | Systems/Network Administrator
> 461 Loomis Lab | High Energy Physics Group
> 1110 W. Green St., Urbana, IL  | Physics Dept., Univ. of Ill.
> MailTo:[EMAIL PROTECTED]| http://www.roadkill.com/lnelson/
> ---
>  "Information without accountability is just noise."  - P.L. Nelson
>



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Recent openssh problem

[Stephen John Smoogen]

On Wed, Aug 27, 2008 at 4:24 PM, Alex Kruchkoff <[EMAIL PROTECTED]> wrote:
> A related problem: when I do ssh -X to my SL box.
> And from there I try to start xterm -- I've got an error:
>
> xterm Xt error: Can't open display
> xterm: DISPLAY is not set
>
> Any idea how to fix it?
>
> About a month and half ago I had similar problem on Solaris 10: downgrading
> patches from 126133-03 to 126133-02 fixed it.
> But if I'll install older rpm on SL -- next day it would be auto-updated.

try

ssh -X -Y


-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Recent openssh problem

[Stephen John Smoogen]

On Wed, Aug 27, 2008 at 5:53 PM, Alex Kruchkoff <[EMAIL PROTECTED]> wrote:
> Thanks, Stephen,
>
> Sun ssh does not have -Y option.
> I tried to do this from Cygwin, but when I logged in the output from
>
> echo $DISPLAY
>
> was empty.

Well from Sun you need to set up your display and then make yourself
xauth. Since I am guessing this Solaris 9 or before... its going to be
the more arcane xauth which will need a google to get right..

Abra-cadabra-google-me-this

http://docs.sun.com/app/docs/doc/802-2011/6i60mct8f?a=view
http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/SUNWabe/ADVOSUG/p33.html

xauth list
and then on the other end, you will need to do an xauth add.

The Cygwin needs to have X running or have the display manually set...
its been 6 years since I dealt with Cygwin so I am not going to try
and win that.


>>>
>>> Any idea how to fix it?
>>>
>>> About a month and half ago I had similar problem on Solaris 10:
>>> downgrading
>>> patches from 126133-03 to 126133-02 fixed it.
>>> But if I'll install older rpm on SL -- next day it would be auto-updated.
>>>
>>
>> try
>>
>> ssh -X -Y
>>
>>
>>
>
>



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: fvwm

[Stephen John Smoogen]

On Sat, Sep 13, 2008 at 5:12 PM, Stephen Isard <[EMAIL PROTECTED]> wrote:
> Can anyone explain why the fvwm window manager has been dropped in SL5?
> I've searched and found no discussion apart from a remark at
> http://www-zeuthen.desy.de/technisches_seminar/texte/sl3z.pdf that "we
> probably can't fight UTF-8 any longer".  However, fvwm 2.5 claims "full
> internationalization" and the man page makes a number of references to
> utf-8, so that doesn't appear to be a complete explanation.
>
> The tar file from the fvwm site compiles with no problems and runs as it
> always has, as far as I can see.
>

fvwm was dropped from RHEL most likely due to the usual: number of
users versus complexity of support. The numbers of using fvwm is much
smaller than their core market and so dealing with support issues with
it has a higher cost. The fact that the SL people are a smaller group
means that the packages that they chose to add beyond the core need to
fit their 'mission'.

-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: wine emulator

[Stephen John Smoogen]

On Fri, Oct 3, 2008 at 2:21 PM, Ken Teh <[EMAIL PROTECTED]> wrote:
> Are they any problems running the wine emulator on SL5x?  I recall wine
> used to be part of RedHat's distributions.  But, I dont see it in SL5x. Is
> or was there a reason why it was left out? It appears to be part of the
> EPEL repo which I am not familiar with.
>

Wine was mostly in powertools and is not a program that is 'cheap' to
support. That would be my guess why Red Hat Enterprise does not have
it. EPEL is a repository where software from Fedora is compiled for
EL-4/EL-5. It is not supported by RH beyond it scratches various
peoples' itches.

> One of my users wants it on a server.  I'm reluctant to install it if it
> will hang up the server.  I've never used it myself.  I've played around
> with VMWare and while it works, there were the occasional hiccups. Which
> is ok if it's your own machine.  Not so good on a multi-user server.
>

I would not consider Wine to be server oriented software. Its more of
running desktop applications and needs a lot of hand-holding for that.
If its 'critical' for them, I would see if they can pay for the
professional wine so you have someone to send support questions to.

> I'd appreciate any advice.  Thanks!
>



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: when is an sda an hda?

[Stephen John Smoogen]

On Fri, Oct 17, 2008 at 11:38 AM, Ken Teh <[EMAIL PROTECTED]> wrote:
> I'm getting confused with the sda/hda naming conventions.  I thought all
> SATA disks were sd devices.  They were a while back but apparently, not
> anymore.  And, I can't seem to make any sense of when an sda is an hda.
> I'm currently installing a system with a SATA system disk that has a IDE
> CDROM.  A systemrescuecd (Gentoo based kernel) identifies the disk as an
> sda.  But the 5.2 installer says it's an hda.  There's a single IDE
> connector on the MB on which hangs a CDROM drive.  Apparently, it's not an
> hda.  What is it?  An sda?
>

Hmmm I have never seen that... but I have only worked with a short
list of SATA controllers. What kind of controller is it?


-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: nfsd woes on 5.2

[Stephen John Smoogen]

On Fri, Oct 31, 2008 at 5:47 PM, Miles O'Neal <[EMAIL PROTECTED]> wrote:

useful info deleted for focus.

> So, we have two (possibly) problems.
>
> 1) Are the stats wrong, or is the problem not really
>   in the number of threads?  This is a fast, dual,
>   quadcore SuperMicro server, so I'm not worried
>   that it can handle the load; we have much slower
>   systems handling 100 threads without a hiccup
>   (the nature of the projects means this newer
>   system will get a lot more traffic).
>
>   The NIC doesn't seem to be swamped.
>
>   Is there a kernel param I need to tweak for
>   more open sockets or something?
>

actually I think you need to look at the various nfs kernel proc/sys
items first before bumping up the number of threads. You could be
saturating various memory handlers and such and then you are just
exasperating the problem with more threads and such. The process may
be running out of open files or other items.

> 2) If I do need more daemons, how do I determine
>   how much memory I need?  What is the limit on
>   the number of daemons?

Well the big issue may not be memory at that point but 32bit versus
64bit. The box might run out of possible allocations at 4GB of ram as
that is as much one process can map to. I am guessing that each nfsd
is allocating potential memory it can use for readahead and is running
out of what it can set-aside for a buffer.



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: nfsd woes on 5.2

[Stephen John Smoogen]

On Fri, Oct 31, 2008 at 8:30 PM, Miles O'Neal <[EMAIL PROTECTED]> wrote:
> Stephen John Smoogen said...
>
> |useful info deleted for focus.
> |
> |> So, we have two (possibly) problems.
> |>
> |> 1) Are the stats wrong, or is the problem not really
> |>   in the number of threads?  This is a fast, dual,
> |>   quadcore SuperMicro server, so I'm not worried
> |>   that it can handle the load; we have much slower
> |>   systems handling 100 threads without a hiccup
> |>   (the nature of the projects means this newer
> |>   system will get a lot more traffic).
> |>
> |>   The NIC doesn't seem to be swamped.
> |>
> |>   Is there a kernel param I need to tweak for
> |>   more open sockets or something?
> |>
> |
> |actually I think you need to look at the various nfs kernel proc/sys
> |items first before bumping up the number of threads. You could be
> |saturating various memory handlers and such and then you are just
> |exasperating the problem with more threads and such. The process may
> |be running out of open files or other items.
>
> Can you recommend a good doc for tuning these in the 2.6 kernel?
> sysctl -a doesn't show me anything that looks problematic but
> maybe I just don't know what to look for in this case.  We just
> started using the 2.6 kernels...
>

Not off the top of my head... I am going to have to punt that...
pretty much every site I have run with since 2.6.1 has gone to netapps
for NFS servers so I havent done much with it. I normally check to see
if I can get iostat/nfsstat/sar running at 10->60 second intervals and
collect that data to see what might be the problem. Sometimes it can
be that the switch/router doesn't like the packets. Sometimes its that
the buffer size for a packet needs to be increased.

http://www.ibm.com/developerworks/linux/library/l-tune-lamp-1/

I would usually start on the NFS lists and see if they can help out on this.

>
> |> 2) If I do need more daemons, how do I determine
> |>   how much memory I need?  What is the limit on
> |>   the number of daemons?
> |
> |Well the big issue may not be memory at that point but 32bit versus
> |64bit. The box might run out of possible allocations at 4GB of ram as
> |that is as much one process can map to. I am guessing that each nfsd
> |is allocating potential memory it can use for readahead and is running
> |out of what it can set-aside for a buffer.
>
> It's all 64 bit hardware and the 64 bit distro.
>

Darn.. there goes the simple answer.

-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: Mirroring SL with Cobbler

[Stephen John Smoogen]

On Fri, Mar 6, 2009 at 8:13 AM, Chris O'Regan  wrote:
> Is anyone using Cobbler to mirror SL? I am about to set up a local mirror
> and would appreciate any recommendations. I found some documentation on the
> SL web site regarding mirroring, but it seems a bit outdated (looks like it
> was written for SL3, perhaps?). For instance, some of the excludes refer to
> directories that I cannot find in the SL5x tree.
>


I have done so with CentOS in the past. The main issue is that Cobbler
works best when you mirror a version-architecture tree (as in 5.2/i386
5.2/x86_64 4.7/etc.) Trying to mirror ALL of XYZ Linux in one set does
not work well. I found that out the hard way.. Personally I just set
it up to mirror a tree for CentOS and had a cron job that updated the
updates.



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: MP3s on SL4.6

[Stephen John Smoogen]

On Fri, Jun 5, 2009 at 2:59 PM, P. Larry Nelson wrote:
> Hi Troy,
>
> Thanks, but no joy.
> Installed the 2 you mentioned, restarted firefox and same sequence
> of events occurs - Helix fires up but another box pops up right away
> saying I need RealPlayer.  This doesn't need a reboot does it?

No reboot should be needed. Are you using KDE or Gnome? [Also what does

yum list '*mp3*'

say. There may need to be another app.

http://www.real.com/linux

has the realplayer that should work with 4 (I think.. it may only work
with 5 though :/).

> Then I tried saving the MP3 file and double-clicked on it.
> This time an app called Noatun pops up, but none of its buttons
> do a damn thing.
>
> - Larry
>
> Troy Dawson wrote on 6/5/2009 3:46 PM:
>>
>> P. Larry Nelson wrote:
>>>
>>> Hi,
>>>
>>> I've always done linux admin on just servers, so I've never needed
>>> to know about such things as playing MP3 files on linux.
>>>
>>> Well, now I've got a user with a fully patched SL4.6 laptop and
>>> is trying to get an MP3 file to play.
>>>
>>> Go to a web page with an MP3 sample and click on it.
>>> A dialog box pops up asking whether to save or use the default
>>> application, which is something called Helix.  Choose Helix.
>>> Helix app box pops up but then another box opens and says one
>>> needs to get RealPlayer.  Fine, except I can only find RealPlayer-11
>>> which doesn't install on SL4.6 due to dependencies.
>>>
>>> So, my question is (at its simplest) how does one play MP3 files
>>> on an SL4.6 box?  Is there something other than Helix that doesn't
>>> need RealPlayer?  Or, if RealPlayer is indeed needed, where can
>>> I find a version of RealPlayer that works on SL4.6?
>>> Googling, so far, hasn't helped - but then it hasn't been an
>>> exhaustive search.
>>>
>>> Thanks!
>>> - Larry
>>
>>
>> yum install gstreamer-plugins-mp3 xmms-mp3
>>
>> Troy
>>
>
>
> --
> P. Larry Nelson (217-244-9855) | Systems/Network Administrator
> 461 Loomis Lab                 | High Energy Physics Group
> 1110 W. Green St., Urbana, IL  | Physics Dept., Univ. of Ill.
> MailTo:lnel...@uiuc.edu        | http://www.roadkill.com/lnelson/
> ---
>  "Information without accountability is just noise."  - P.L. Nelson
>



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

Re: ssh-keyscan does not return the right key !

[Stephen John Smoogen]

On Thu, Sep 17, 2009 at 8:21 AM, Jean-Michel Barbet
 wrote:
> Hello,
>
> I am puzzled by this one :
>
> Performing a ssh-keyscan from an SL4.5 i368 server to retrieve the
> RSA key of a newly installed server in SL5.3 x86_64 does not return
> the right RSA public key. It works between SL4.5 servers.

What key does it return? How do they compare? Does the 5.3 box get the
correct key? Can you check to see if a 4.8 system does betteR?

> Command :
>
> machine-sl4> /usr/bin/ssh-keyscan  -t rsa machine-sl5
>
> machine-sl4 :
> ---
> lsb_release -a
> LSB Version:
> :core-3.0-ia32:core-3.0-noarch:graphics-3.0-ia32:graphics-3.0-noarch
> Distributor ID: ScientificSL
> Description:    Scientific Linux SL release 4.5 (Beryllium)
> Release:        4.5
> Codename:       Beryllium
> openssh-clients-3.9p1-11.el4_7
>
>
> machine-sl5 :
> 
> lsb_release -a
> LSB Version:
> :core-3.1-amd64:core-3.1-noarch:graphics-3.1-amd64:graphics-3.1-noarch
> Distributor ID: ScientificSL
> Description:    Scientific Linux SL release 5.3 (Boron)
> Release:        5.3
> Codename:       Boron
> openssh-server-4.3p2-29.el5
>
> Any idea ?
>
> JM
>
> --
> 
> Jean-michel BARBET                    | Tel: +33 (0)2 51 85 84 86
> Laboratoire SUBATECH Nantes France    | Fax: +33 (0)2 51 85 84 79
> CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: bar...@subatech.in2p3.fr
> 
>



-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning

Re: Disk I/O operations sloooooowwww... :-(

[Stephen John Smoogen]

On Wed, Sep 30, 2009 at 11:43 AM, Alexandre Pereira
 wrote:
> Hi Forum
>
> I have installed SL-5.3 x86_64 default installation/partitioning scheme in
> my laptop... the only... call it "different" thing that I have done is an
> LVM Luks encryption of my HDD ( It is a laptop, and I carry a lot of sensble
> stuff in it... )  In know it is not "MIL-SPEC hard" as a pkcs #13 protocol (
> Elliptic Curve cryptography over discrete fields ) but man...  I do not
> carry warhead design plans, and sizing calculations with me...   :-)
>
> Anyway...   Trying to dump the content of DVD data, 4.5 Gb of it into my
> desktop took me about 70mn...  THIS IS NUTS...    Trying to do the same in
> another install , unencrypted this time, in another machine ammounted to the
> same...
>
> now, this IS an issue...   this laptop will be used in heavy number
> crunching engineering applications...  meaning disk I/O operations in the GB
> range ( Finite elements meshes, Genetic algorithm operations... massive data
> transfers to put it simply )
>
> Can this be solved... ?
>
> I used (aaarrgg !!! ) Ubuntu with this same lappy and this problem was
> not there
>

Well you can give a lot more info because there isn't enough to help with:
1) What kind of laptop. What kind of disk drive? What kind of DVD drive
2) What version of Ubuntu did you use (there a ton of different
versions so it will help to figure out what it was )
3) what does iostat or another performance program say
4) Did you get the data from a DVD or network? You reference a desktop
and a laptop.. not sure if you mean 2 differnet types of hardware or
one.

Realize that  IO on laptops is slow. Your standard Laptop drive is
5400 RPM, and the channel to talk through it is usually not even as
fast as commodity desktops.




-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning

Re: whats this new exploit then? (2009/11/03)

[Stephen John Smoogen]

On Wed, Nov 4, 2009 at 1:14 AM, Faye Gibbins
 wrote:
> Hi,
>
>  Any comment from the SL5 distro  maintainers on this exploit apparently in
> recent RHEL releases?

The vulnerability has been there for a long time. It has only just
been found by someone who works on the kernel. The finders comments
are a bit off.. he first states that its a Red Hat problem and then
mentions that people who are going to be using various applications
would have to turn it off anyway.

My guess is that the SL people will have the updated kernels out as
soon as they are tested.

> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
>
> Faye
> --
>
> -
> Faye Gibbins, Computing Officer (Infrastructure Services)
>     GeoS KB; Linux, Unix, Security and Networks.
> Beekeeper  - The Apiary Project, KB -   www.bees.ed.ac.uk
> -
>
>  I grabbed at spannungsbogen before I knew I wanted it.
>                 (x(x_(X_x(O_o)x_x)_X)x)
>
> The University of Edinburgh is a charitable body,
> registered in Scotland, with registration number SC005336.
>



-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning

Re: slow ssh login

[Stephen John Smoogen]

On Wed, Jan 13, 2010 at 3:34 PM, Andy Mastbaum  wrote:
> Hello, all.
>
> I'm having a weird problem with my SL 5.3 login server. All of a sudden (and
> without me changing anything) logins over SSH are very, very slow -- up to a
> few minutes.
>
> Once users are logged in, everything is fast. This doesn't happen when I log
> in at the console, only over the network.
>
> I tried restarting every network service, rebuilding the NIS directory, and
> finally rebooting the server, and nothing has helped.

Most cases this is a reverse DNS problem. This can make things even
slower with good old NIS.

1) Check that the system is able to get DNS info correctly ( eg host
10.5.10.10 if the client comes from there and see where its stuck).
2) ssh -vvv is your friend on seeing if its client side.
3) sshd -p  -ddd is your friend to see whats going on the server side.
4) if nscd is on. try turning it off and cleaning its cache.. that
will remove another vector.

Usually one can see pretty quick that its something like a lookup
failing or bad nscd cache etc.

> This is SL 5.3, Linux 2.6.18-128.1.10.el5 #1 SMP x86_64, user info is NIS
> (on the same server), and home directories are NFS-mounted, but NIS and NFS
> should be okay since local logins are fast. I'd think a problem with the
> NIC, but it's a nice Intel PRO/1000 and it's only the authentication that's
> slow.
>
> Any thoughts/suggestions are much appreciated... my users are getting pretty
> unhappy :(
>
> Thanks!
>
> Andy Mastbaum
> mastb...@hep.upenn.edu
>



-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning

Re: minimal sci-lnx & glibc v. 2.7

[Stephen John Smoogen]

On Wed, Jun 30, 2010 at 4:48 PM, Salvador Aguinaga
 wrote:
> Hello,
>
> I have a app that requires glibc 2.7 and the version installed with SL5.4 is
> 2.5.
>
> Should I download glibc 2.7 and install it from source or are there more
> complicated dependencies that prevent me from doing this?
>
>
> [slu...@slinux emav]$ ./emav
> ./emav: /lib/libc.so.6: version `GLIBC_2.7' not found (required by ./emav)

H if you can't rebuild the application to use 2.5 I would say you
need to look at using say Fedora 12/13 for the time being and
Scientific Linux 6 when it comes out.


> My system:
> yum info glibc.i686
> Installed Packages
> Name   : glibc
> Arch   : i686
> Version    : 2.5
> Release    : 42
> Size   : 12 M
> Repo   : installed
> Summary    : The GNU libc libraries.
>
> uname -a
> Linux slinux 2.6.18-194.3.1.el5 #1 SMP Fri May 7 01:52:57 EDT 2010 i686 i686
> i386 GNU/Linux
>
> I'm running this on an atom intel board.
>
> Thanks.
> // Sal
> // Northwestern University
>



-- 
Stephen J Smoogen.
“The core skill of innovators is error recovery, not failure avoidance.”
Randy Nelson, President of Pixar University.
"We have a strategic plan. It's called doing things.""
— Herb Kelleher, founder Southwest Airlines

Re: minimal sci-lnx & glibc v. 2.7

[Stephen John Smoogen]

On Wed, Jun 30, 2010 at 8:24 PM, Salvador Aguinaga
 wrote:
> Thank you Jon & Stephen:
>
> The app that I downloaded is available as a binary because the source code
> is proprietary.  I might be able to ask the owner to rebuild it for me using
> glibc v2.5
>
> but if that's not doable, I'd like to attempt the suggestion at the bottom
> and see if I can run the the app by pointing (correct me if i'm wrong) the
> glibc (/lib/libc.so.6) to the older version.

Ugh that usually does not work in any sense. What I have done for
immediate needs is to build a virtual machine with an OS version that
the application is meant to work on. For a similar RPM environment I
would go with Fedora 13. Otherwise I would look at using the RHEL-6
beta and seeing if that allows you to get it working.



-- 
Stephen J Smoogen.
“The core skill of innovators is error recovery, not failure avoidance.”
Randy Nelson, President of Pixar University.
"We have a strategic plan. It's called doing things.""
— Herb Kelleher, founder Southwest Airlines

Re: Another side effect that crept in with SL 5.5

[Stephen John Smoogen]

On Wed, Aug 11, 2010 at 11:08, Larry Linder
 wrote:
> I hate to say this but Linux has been around a long time and refuses to grow
> up.   The kids at Fedora scare me to death, due to lack to testing and
> maturity.   How does some thing that has worked for a long long time suddenly
> quit.

Having been around for a while, I would say that the testing inside of
Fedora is actually more than what went into most Red Hat Linux (4.1 ->
7) that I worked on. The problem is that the market you are working in
 is NOT the market Fedora is built for. So what kind of testing you
would do is not what Fedora is looking to do.

Certified embedded hardware is a completely different beast. You are
going to have test suites on top of test suites and you are going to
expect software sides to stay the same because you have too much time
handling all the changes in the last batch of chips you got. And while
you are looking for an OS that is free in cost (because that last
batch of chips cost 6cents per versus the original 5 cents you
expected) you are going to want something that stays the same forever
and a day. The people who are driving Fedora are on the complete
opposite end of the Technology adoption curve from you so of course it
looks completely scary.


[This does not excuse Cups dropping known behaviour in the middle of a
release... I could pass the buck to Apple, but that never works.]


-- 
Stephen J Smoogen.
“The core skill of innovators is error recovery, not failure avoidance.”
Randy Nelson, President of Pixar University.
"We have a strategic plan. It's called doing things.""
— Herb Kelleher, founder Southwest Airlines

Re: disabling /tmp cleaning after reboot

[Stephen John Smoogen]

On Mon, Sep 20, 2010 at 05:31, Arnau Bria  wrote:
> Hi all,
>
> may I disable /tmp cleaning after reboot? If yes, could some one tell
> me what file do I have to modify?

I would think this would break all kinds of software. Most programs
assume /tmp is available to them to put in symlinks and other code
where they are assuming 'cross' application access.

So my question would be.. what are you trying to accomplish exactly?
Security wise, I normally create /tmp and /var/tmp as seperate
partitions and then I make those 'noexec, nosuid, nodev' in /etc/fstab
[that covers soe things worrisome about /tmp... symlink attacks are
not solved but that is the best one can do.]

> I see some hardcoded /tmp/* removals in /etc/rc.sysinit.
>
> *I don't find any clue on google.
>
>
> TIA,
> Arnau
>



-- 
Stephen J Smoogen.
“The core skill of innovators is error recovery, not failure avoidance.”
Randy Nelson, President of Pixar University.
"We have a strategic plan. It's called doing things.""
— Herb Kelleher, founder Southwest Airlines

Re: disabling /tmp cleaning after reboot

[Stephen John Smoogen]

On Mon, Sep 20, 2010 at 12:44, Stephen John Smoogen  wrote:
> On Mon, Sep 20, 2010 at 05:31, Arnau Bria  wrote:
>> Hi all,
>>
>> may I disable /tmp cleaning after reboot? If yes, could some one tell
>> me what file do I have to modify?
>
> I would think this would break all kinds of software. Most programs
> assume /tmp is available to them to put in symlinks and other code
> where they are assuming 'cross' application access.

My apologies. I misunderstood the question completely. I thought you
wanted to disable /tmp on the system.. I somehow missed the word
cleaning. I think the answer Dr. Andrew C. Aitchison provided is
probably much better than whatever I was going on about :).




-- 
Stephen J Smoogen.
“The core skill of innovators is error recovery, not failure avoidance.”
Randy Nelson, President of Pixar University.
"We have a strategic plan. It's called doing things.""
— Herb Kelleher, founder Southwest Airlines

Re: smart statistics issue

[Stephen John Smoogen]

On Fri, Oct 22, 2010 at 09:13, William Lutter  wrote:
> I have a desktop PC at work that shows a bad block.  PC runs Scientific LInux 
> 5.0 and is a 2 TB  WD Green Technology 2 Tb HD (Caviar Green WD2CSRTL).   
> This one has worked fine out of the box for several months.  No problems.
>
> Yesterday, the SMART diagnostics program smartctl (version 5.36) showed a bad 
> block.  Deciding to waste some time on it, I used
> http://smartmontools.sourceforge.net/badblockhowto.html approach.
>
> So, I unmounted, figured out the block and that it had a file associated with 
> it, determined the ext3 file system inode.  But, I could not deduce the file 
> as it could not read the next file inode.   I zeroed out the position using 
> dd and then rerunning smartctl that it showed another bad block:
>
> # 3  Extended offline    Completed: read failure       90%      2151         
> 3764125871
> # 4  Short offline       Completed without error       00%      2151         -
> # 5  Short offline       Completed without error       00%      2150         -
> # 6  Short offline       Completed: read failure       90%      2146         
> 3764125865
> # 7  Extended offline    Completed without error       00%      2097
>
> The LBA is in the one partition on the HD
> Disk /dev/sdb: 2000.3 GB, 2000398934016 bytes
> 255 heads, 63 sectors/track, 243201 cylinders, total 3907029168 sectors
> Units = sectors of 1 * 512 = 512 bytes
>   Device Boot      Start         End      Blocks   Id  System
> /dev/sdb1              63  3907024064  1953512001   83  Linux
>
> Since, it's a new HD and not expecting catastrophic failure, I did not run 
> ddrescue.  Having a copy of spinrite around, I ran that  and the HD came out 
> squeaky clean.  I use spinrite occasionally on windows xp and linux HD where 
> I expect only one bad block.  Never had problems with it.   Spinrite did not 
> find any more  bad blocks.  Of course, I had zeroed out the original one.  
> Rebooting and running e2fsck, the file system is clean.
>
> Running smartctl again, I again  find a bad block at LBA  3764125871
> # 1  Extended offline    Completed: read failure       90%      2169         
> 3764125871
> # 2  Short offline       Completed without error       00%      2169         -

My understanding of SMART is that once an event occurs it can not be
cleaned up so smartctl is going to 'see' a bad block til the disk
drive is replaced. Basically the bad block might have been remapped or
not 'used' but the onboard counters only go up not down. [Since it
could be indicative of other failures that might occur soon.]

Everytime I have had this sort of issue with a drive I just had to
replace the drive.



-- 
Stephen J Smoogen.
“The core skill of innovators is error recovery, not failure avoidance.”
Randy Nelson, President of Pixar University.
"We have a strategic plan. It's called doing things.""
— Herb Kelleher, founder Southwest Airlines

Re: install alien

[Stephen John Smoogen]

On Fri, Nov 5, 2010 at 08:16, Frenck  Cacia  wrote:
> hello, I need to install a program alien to convert from deb to rpm.
> thanks
>

Ok what are you trying to convert from a .deb to a .rpm

Working from there may find an easier solution.

-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: yum memory leak?

[Stephen John Smoogen]

On Thu, Dec 16, 2010 at 14:28, Ken Schumacher  wrote:
> Greetings,
>
> I have a repeatable problem on at least one of our SLF 4.4 systems.  It seems 
> that running commands like 'yum --check-update' seem to run into some sort of 
> memory leak.  The yum output gets to the point of saying "Reading repository 
> metadata in from local files" and a top listing on a another window shows the 
> memory use simply climbing.  The original window will not respond to a Ctrl-C.

1) various versions of Yum does not respond to Ctrl-C because doing so
can cause the rpm package database to be left in a bad place.
2) Yum will use a lot of memory depending on how much is installed. Of
course a lot is subjective and needs to be quantified. [100 mb was a
lot on one system and nothing on another.]
3) 4.4 is really old. 4.8 is standard now and 4.9 will be out of the
door by summer (it will also probably be the last 4.x series like the
3.9 was the last of the 3 series.)



> We have had to disable the cron.daily yum update on the nodes because it was 
> causing problems every night when it runs.  FWIW, I did try to run a 'yum 
> clean all' command.  That runs fine, but the next attempt to run a 
> check-update suffers the same memory issues.
>
> I've searched through the linux-users and scientific-linux-users archives and 
> have not found anything like this reported already.  Has anyone seen this?
>
> Ken S.
>
> ==
> Ken Schumacher    (o) 630-840-4579 (f) 630-840-3109
> Computing Div/HPC  LQCD Group   Loc: WH8E   http://www.usqcd.org/fnal/
> Fermi National Accelerator Lab; PO Box 500 MS 120 Batavia, IL 60510-0500
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: yum memory leak?

[Stephen John Smoogen]

On Mon, Dec 20, 2010 at 12:44, Ken Schumacher  wrote:
> Stephen,
>
>
> On Dec 17, 2010, at 7:02 PM, Stephen John Smoogen wrote:
>
>> On Thu, Dec 16, 2010 at 14:28, Ken Schumacher  wrote:
>>> Greetings,
>>>
>>> I have a repeatable problem on at least one of our SLF 4.4 systems.  It 
>>> seems that running commands like 'yum --check-update' seem to run into some 
>>> sort of memory leak.  The yum output gets to the point of saying "Reading 
>>> repository metadata in from local files" and a top listing on a another 
>>> window shows the memory use simply climbing.  The original window will not 
>>> respond to a Ctrl-C.
>>
>> 1) various versions of Yum does not respond to Ctrl-C because doing so
>> can cause the rpm package database to be left in a bad place.
>
> That's inconvenient in my current situation, but I understand the thinking 
> behind it.  I can work around this by having a second window open allowing me 
> to 'kill -15' the yum process once it gets into this bad state.
>
>> 2) Yum will use a lot of memory depending on how much is installed. Of
>> course a lot is subjective and needs to be quantified. [100 mb was a
>> lot on one system and nothing on another.]
>
> I wait about 60 CPU seconds before killing the yum process.  According to 
> 'top', at that point it is using 100% of one CPU and it has already allocated 
> itself 2 GB of memory.  On this cluster head node, that is just a bit over 
> 10% of the node's memory, but I am concerned about letting it go on consuming 
> memory for fear of interfering with other services on the node.
>
> I have checked the version of the yum and yum.conf RPMs on this node and 
> compared to other systems we maintain.  We have other systems running those 
> same versions without this memory consumption problem.  I have run yum using 
> the '-d 5' flag to get some verbose debug output.  The last output before 
> this memory consumption starts says:

Would need to know what is installed on the system

>   Reading repository metadata in from local files
>   Setting up Package Sacks
>
>> 3) 4.4 is really old. 4.8 is standard now and 4.9 will be out of the
>> door by summer (it will also probably be the last 4.x series like the
>> 3.9 was the last of the 3 series.)
>
> The node was originally installed with the LTS 4.4 release (Wilson).  Until 
> recently, we have been running daily yum updates against the node, so all the 
> necessary errata and security updates have been applied.  Being a cluster 
> head node, we can't jump the node up to a 5.x release without proper planning 
> and scheduling of downtime, etc.  Our user base expects the release to remain 
> stable, so such upgrades are carefully considered.

Well I thought that applying all the updates would bring the system to
4.8 but I realize that Scientific Linux does keep old releases alive.

What does 'rpm -Va --nofiles' tell you?

How do you get the repodata for the systems (local mirror or remote one)?
Can you try updating 1-2 packages directly? or does even yum list give
you a 2GB process?

-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Only One Disk ??

[Stephen John Smoogen]

On Tue, Mar 8, 2011 at 12:21, Connie Sieh  wrote:
> On Tue, 8 Mar 2011, Pablo Cavero wrote:
>
>> --Boundary_(ID_1WtxFdl26Ek8oiWQEIWo7A)
>> Content-type: text/plain; charset=ISO-8859-1
>>
>> Dear Troy,
>>
>> Thanks for your fast reply.
>>
>> But, I insist. The space used by 2 DVD Disk, or 1 DVD + 1 CD, is the same
>> that an only one Disk, DVD-Dual Layer, and at this time... in 2011, so any
>> DVD Reader-Writer can Write a Single or Dual Layer DVD, and 1 Disk is
>> better
>> that 2.
>
> Yes the newer drives can read DVD-Dual Layer but the media to burn DVD-Dual
> Layer is much more expensive.

And while they may be able to read a DVD-Dual Layer they may not be
able to burn it. The secondary issue is that mirroring images larger
than 4GB finds all kinds of issues in mirroring software (I have found
some versions of rsync or httpd to either die or redo the download
over and over because its checksum isn't right.)

For all the work of downloading a large iso one might as well just set
up a mirror of the files.


-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Race condition with mdadm at boot [still mystifying]

[Stephen John Smoogen]

On Thu, Mar 10, 2011 at 20:24, Chuck Munro  wrote:
> This is a bit long-winded, but I wanted to share some info 
>
> Regarding my earlier message about a possible race condition with mdadm, I
> have been doing all sorts of poking around with the boot process. Thanks to
> a tip from Steven Yellin at Stanford, I found where to add a delay in the
> rc.sysinit script, which invokes mdadm to assemble the arrays.
>
> Unfortunately, it didn't help, so it likely wasn't a race condition after
> all.
>
> However, on close examination of dmesg, I found something very interesting.
>  There were missing 'bind' statements for one or the other hot spare
> drive (or sometimes both).  These drives are connected to the last PHYs in
> each SATA controller ... in other words they are the last devices probed by
> the driver for a particular controller.  It would appear that the drivers
> are bailing out before managing to enumerate all of the partitions on the
> last drive in a group, and missing partitions occur quite randomly.

Ok this sounds familiar with another problem set I heard last week.
You need to make sure the drives on the array are "raid compatible"
these days. Various green drives can take way too long to spin up or
goto sleep quickly causing them to get marked as bad by dmraid before
they get ready. However if its not that, then the next two issues tend
to be cable related:

1) Cable isn't rated for the length. Sure you can buy a 2 foot sata
cable but the controller timing issues may assume something much
shorter.
2) Cable isn't rated for drive capacities.
3) Other bios issues that require updates and playing around (oh wait
the default is to spin everything down but I need it up).

> So it may or may not be a timing issue between the WD Caviar Black drives
> and both the LSI and Marvell SAS/SATA controller chips.
>
> So, I replaced the two drives (SATA-300) with two faster drives (SATA-600)
> on the off chance they might respond fast enough before the drivers move on
> to other duties.  That didn't help either.
>
> Each group of arrays uses unrelated drivers (mptsas and sata_mv) but both
> exhibit the same problem, so I'm mystified as to where the real issue lies.
>  Anyone care to offer suggestions?
>
> Chuck
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: How do I install xfce?

[Stephen John Smoogen]

On Fri, Apr 8, 2011 at 13:25, Todd And Margo Chester
 wrote:
> Hi All,
>
> I just installed the basic server option on a new server.  I am happily
> setting at an init 3 command prompt.  I can contract the Internet
> with wget and yum.
>
> How do I install Xfce?
>
>    yum groupinstall xfce
>
> Always use to do the trick.  I think I am missing some repos.
> Anyone know what I am doing wrong?
>
> Many thanks,
> -T
>

Not sure which version of Scientific Linux you are looking to have.
xfce is not in the main distro EL6 repository and not in EPEL for EL6.
I am hoping to fix that soon (well for EPEL that is)

-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Time keeping Errors of 15 minutes / week

[Stephen John Smoogen]

On Fri, Apr 8, 2011 at 15:13, Larry Linder
 wrote:
> I loaded SL 5.5 64 bit on a Gigabyte 770T-USB3 mother board based system we
> are thingking of using in our shop.   My only real problem is that with other
> Linux and Windoze boxes in the system this system is losing about 15 minutes
> per week.   When I boot it up it says it is synchronizing to system clock.
>
> Searched internet and really didn't come up much.   Is this a Hardware or SW
> problem?   Really do hear much about system clock errors.

Is ntp running? If time goes too far out from the source clocks, ntp
will stop trying to update which usually means hardware problem.


> Larry Linder
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: How do I install xfce?

[Stephen John Smoogen]

On Sat, Apr 9, 2011 at 10:33, Todd And Margo Chester
 wrote:
> On 04/08/2011 12:54 PM, Stephen John Smoogen wrote:
>>
>> Not sure which version of Scientific Linux you are looking to have.
>
> SL6
>
>> xfce is not in the main distro EL6 repository and not in EPEL for EL6.
>> I am hoping to fix that soon (well for EPEL that is)
>
> Cool.  What kind of time frame are you looking at?  And, will you announce
> it to us all when you do?

I am hoping by end of APril and will announce. It may or may not be
4.8 depending on whether it works for EL6 or not.

> I take it that RHEL 6 does not have Xfce in its repos either?

No it does not. RHEL has KDE and GNOME and I think twm.

> -T
>
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: How do I install xfce?

[Stephen John Smoogen]

On Sat, Apr 9, 2011 at 18:10, Shaun Jones  wrote:
>

>
> You need any help packaging it up ?

At the moment, I do not think so.. as they should just be the Fedora
packages recompiled to EL6. However if some sort of naming issue is
required and such I will definitely call out.

> --
> Mister Jones
>
>
>
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Rsync flaws

[Stephen John Smoogen]

On Mon, Apr 11, 2011 at 05:08, Federico Alves  wrote:
> The limitation is not my hardware. The servers are both Dell R900 with SAS
> disk arrays. Also, from a Windows virtual machine, inside the same server,
> I get around 400 MB speed using FTP transfer, windows to windows. There
> must be a different way to do this from Linux.The files are sparse files,
> and I need to keep them that way, that's why I use rsync.

Well transferring sparse files is going to be slow and it could be
hardware (unless you are somehow testing with windows of copying
sparse files over). rsync is having to see what real bits are there
and what is fluff so it is going to be CPU and disk intensive.





-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Version of GPL license

[Stephen John Smoogen]

On Thu, May 12, 2011 at 08:20, Miguel Angel Diaz
 wrote:
> Hi.
>
> I agree with you that packages have their own licenses.
>
> But my question follows in other way. Imagine I want to create
> other .iso based on S.L.iso. I need to read .iso license to know if I am
> doing well.
>
> Regards.
>
>

Ok I understand the question, and will try to better explain it to others.

A package by itself has a license, but so does the distribution as a
whole. The Fedora distribution and original Red Hat Linux distribution
were licensed under the GPL v2. Miguel is wondering what license Fermi
is offering the distribution under as this affects how others can use
the distribution, derive child distributions etc from it.



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Version of GPL license

[Stephen John Smoogen]

On Fri, May 13, 2011 at 06:21, Nico Kadel-Garcia  wrote:
> On Thu, May 12, 2011 at 1:07 PM, Stephen John Smoogen  
> wrote:
>> On Thu, May 12, 2011 at 08:20, Miguel Angel Diaz
>>  wrote:
>>> Hi.
>>>
>>> I agree with you that packages have their own licenses.
>>>
>>> But my question follows in other way. Imagine I want to create
>>> other .iso based on S.L.iso. I need to read .iso license to know if I am
>>> doing well.
>>>
>>> Regards.
>>>
>>>
>>
>> Ok I understand the question, and will try to better explain it to others.
>>
>> A package by itself has a license, but so does the distribution as a
>> whole. The Fedora distribution and original Red Hat Linux distribution
>> were licensed under the GPL v2. Miguel is wondering what license Fermi
>> is offering the distribution under as this affects how others can use
>> the distribution, derive child distributions etc from it.
>
> GPLv2 cannot override the licensing of GPLv3 or Apache or BSD licensed
> components included in the distribution, and the "original Red Hat"
> distributions of RHEL include licenses for oddball components like
> Sun's Java. (They're oftion in the "optional" software channels".) For
> examples of *components* under different licensing.

You are correct, and I am sorry if I gave that impression anywhere as
that was not my intent.

Copyright law is very complicated. Each file has its own copyright,
each compiled item has its own copyright and by bundling those things
together one creates a work that also has a copyright. In books the
analogy is a bunch of short stories each having their own copyright,
but collection also has its own copyright. Copyright defaults to few
if any rights allowed to anyone but the author. The author gives up
certain rights when they sell the book or allow it to become part of a
collection that is sold. What those rights are depends on the type of
item, the type of collection and the licensing involved.

In software code, I could create a work that is a combination of code,
but because of how it is compiled, a user may not get the rights they
would have if they had gotten it in another format. [The web case and
the AGPL is one form, and I expect there are other forms.] Thus one
must also license the combined works in some format that is A)
compatible with the parts you are combining and B) Meets other goals.

I will admit that the above is a layman's review of a layman's
description of how copyright works. As with all things dealing with
Law, if it really matters to you, pay for an explanation from a lawyer
who is versed in Copyright law for the situation you want to deal
with.

> Don't *get* me started on the licensing weirdness that used to
> surround Dan Bernstein's tools, such as daemontools and djbdns, or the
> email client pine. There are reasons those don't make it into default
> distribution with our favorite upstream vendor.
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

XFCE 4.8 in EPEL *soon*

[Stephen John Smoogen]

Thanks to a lot of work by various people, XFCE-4.8 will be in EPEL as
soon as enough testers say its working (or it is not which is just as
good so it can be fixed). I claim NO credit on doing this because it
was all done by Orion Poplawski  who has been
catching up requests in EPEL and various other packages.

There may be discrepancies between this repo and others.. not all of
4.8 from fedora has been replicated as some packages have been listed
as possibly dead upstream.

I apologize for the delay and hope we will not run into this again.

-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: XFCE 4.8 in EPEL *soon*

[Stephen John Smoogen]

On Thu, May 26, 2011 at 16:24, Todd And Margo Chester
 wrote:
> On 05/26/2011 03:03 PM, Orion Poplawski wrote:
>>
>> On 05/26/2011 04:02 PM, Todd And Margo Chester wrote:
>>>
>>> On 05/26/2011 12:18 PM, Orion Poplawski wrote:

 It has just been pushed to epel-testing. Please give feedback it you try
 it
 out. You can do:

 yum --enablerepo=epel-testing groupinstall xfce-desktop

 to install the base set.


>>> Very cool! Thank you! Anxiously awaiting 64 bit RPMs.
>>>
>>> -T
>>
>> You don't need to wait.  They are there.  (This is EPEL)
>>
>>
>
> I am not finding them.
>
> http://download.fedora.redhat.com/pub/epel/6/x86_64/repoview/letter_x.group.html

The packages are in EPEL-testing not that repo

http://download.fedora.redhat.com/pub/epel/testing/6/x86_64/repoview/letter_x.group.html

> What am I missing?  :'(
>
> -T
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Installing SL6 on a Dell PE1950

[Stephen John Smoogen]

On Fri, May 27, 2011 at 08:27, Stephan Wiesand  wrote:
> On May 27, 2011, at 15:48, Randall Martin wrote:
>
>> I’m having trouble installing SL6 on a Dell PE1950 via PXE kickstart.
>
> Works for me:
>
> # dmidecode |grep Product
>        Product Name: PowerEdge 1950
> # lspci|grep Ethernet
> 05:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5708 
> Gigabit Ethernet (rev 11)
>
>
>>  The node boots and loads the installer, but I get a message “Waiting for 
>> NetworkManager to configure eth0” followed by the error “Network Error: 
>> There was an error configuring your network interface”.  It looks like the 
>> bnx2 ethernet driver isn’t loaded.  What is the procedure to add this driver 
>> to initrd in the install media?  Would creating a driver update image that 
>> is referenced in the kickstart file be a more elegant solution?
>
> When we have trouble with PXE installs, it usually turns out that the switch 
> port was forgotten too be set to "portfast".

Or the 1950's BIOS needs to be updated. I had that with a couple of
old 1950's which updating the BIOS fixed everything.

> --
> Stephan Wiesand
> DESY -DV-
> Platanenallee 6
> 15738 Zeuthen, Germany
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Firefox 4?

[Stephen John Smoogen]

On Wed, Jun 1, 2011 at 14:39, Todd And Margo Chester
 wrote:
> Hi All,
>
> Under SL6, are we stuck with Firefox 3.6?  Is there some plan
> to support Firefox 4 in our future?  (I have just been using the
> binary under CentOS 5.6.)

I think this was asked earlier with 5.x. Scientific Linux is based off
the upstream of Red Hat Enterprise Linux. Upgrading from 3.x to 4.x
requires a LOT of other package rebuilds and updates.. so it would be
less likely to occur. For people wanting to use it, I would recommend
using the seperate rpms from remi or local binaries.

> Many thanks,
> -T
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: chances of PPC64 build?

[Stephen John Smoogen]

On Thu, Jun 9, 2011 at 17:43, Jeremy Enos  wrote:
> Hi there-
> Suppose I'm assembling a list of OS candidates to run on a very large PPC64
> based supercomputer- what are the odds of seeing a SL6 PPC64 version?
> thx-

PPC64 seems to be a hard platform to support it would seem. Red Hat
has support for PPC-64 but CentOS was never able to complete theres
into a booting format. The Fedora PPC-64 project does have people
working on it but they are usually several releases behind.

To answer people's questions I think it was Itanium RHEL dropped for
6. It was close for PPC because the long term costs are just
exorbitant compared so say X86_64+GPU.

>    Jeremy Enos
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: non-stop printer notification

[Stephen John Smoogen]

On Tue, Jun 14, 2011 at 12:59, Ken Teh  wrote:
> I have a user who's print job was cancelled and he now gets dialog box
> popping up every minute telling him so and suggesting he find out why.  And
> little else.
>
> Sound familiar?  Is there a simple way of shutting up the machine short of
> shutting it down?
>

1) Check the client machine that it is not constantly sending a new
job. Look for an application trying to push data or if their queue has
not been cleared.
2) Check the queue of the server machine (I think you did this in later emails.)

Sometimes just a cups restart on the cluients will help.


-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: SL 6.1 :: kdevelop missing

[Stephen John Smoogen]

On Mon, Jun 20, 2011 at 16:51, Adrian Sevcenco  wrote:
> Hi! is kdevelop taken out of kde (from TUV repos) or something?
> i see no kdevelop in any other repo (rpmforge, epel or atrpms)..
> does anyone know something about this?
> Thanks a lot,

The TUV (Red Hat Enterprise Linux 6) does not contain kdevelop. My
guess is that one of the other repo's would be able to have it if a
maintainer wanted to do so.

> Adrian
>
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Reasons why updating from any beta to final is not supported.

[Stephen John Smoogen]

Ok this is not an official item, I don't work for Fermi labs.. I work
for Red Hat but this is all just me speaking my mind.

The reason why upgrading from a beta to a final release is not
supported is that package fixes may occur that you won't see.

Say package poppler-utils-0.12.4-3.el6_0.1.x86_64 had a problem in the
build that someone notices and Connie, etal fix. They rebuild the
package but if they update the metadata (epoch, version, release) they
have to keep track of all changes so that if Red Hat comes out with an
update poppler-utils, their EVR will be different from upstreams..
this causes more problems for people trying to switch or dealing with
comparing releases. So what could end up is that the beta will have
the same numbers as the final but different code. You the user won't
see that when you do a yum update (as yum and rpm weren't really built
for this). Now there are tricks SL probably can use to get around
this, but usually these tricks come with no warranty etc.

The chances of needing these updates is also small, but it is overhead
that a tester needs to be aware of if they want to try and update from
beta-to-final.

Other reasons are similar things.. say the upstream beta had version
1.0.1-2 but it turns out that it breaks scripts or something and they
need to put in final version 1.0.0-2. The beta tester will have a
"newer" version than what was in the final release. The way around
this would be to bump up the EPOCH number, but that can cause other
issues so it is easier to say "final to final is supported, beta to
final is not."

-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Reasons why updating from any beta to final is not supported.

[Stephen John Smoogen]

On Fri, Jun 24, 2011 at 06:51, Lamar Owen  wrote:
> On Thursday, June 23, 2011 02:24:43 PM Stephen John Smoogen wrote:
> [snip good info]
>> Other reasons are similar things.. say the upstream beta had version
>> 1.0.1-2 but it turns out that it breaks scripts or something and they
>> need to put in final version 1.0.0-2. The beta tester will have a
>> "newer" version than what was in the final release.
>
> The difficulty with packages with identical NEVR but different contents is 
> the problem 'yum distro-sync full' was meant to solve.  While distro-sync is 
> available in yum 3.2.29, the 'full' option (which compares package checksums 
> and issues a 'yum reinstall' for packages that are installed with the correct 
> NEVR but are different will get refreshed) requires a 3.4.x yum.
>
> A 3.4.x yum is (or should be by now) in the CentOS testing repo for CentOS 5; 
> the patch to add 'full' might apply cleanly to yum 3.2.29 (current upstream 
> 6.1 yum).
>
> So the process to 'upgrade' from a beta to the GA would involve installing 
> the new release RPM with the repo info, and then issuing 'yum distro-sync 
> full' which in theory with upgrade and downgrade as needed to get you in sync 
> with the current repo state, and witht he 'full' option it will reinstall 
> packages whose NEVR matches but whose checksums do not.
>

Thanks. I wasn't aware of that option. In most cases, this will fix
most problems. The only place it will not is where an rpm pre(),
post(), triggers(), etc was the area of the fix. A beta file may make
an entry in some config file, but not remove it, and the final version
may not make that entry nor remove one that was there before. And in
many cases, that extra entry may not cause problems except to some
poor Joe who had to use UUCP over infiniband via satellite uplink.

The key issue is how long it takes to find this problem versus doing a
clean install. When I was younger I had no problems with spending 2
weeks to find that a beta package removed an obscure symlink but the
fix doesn't put it back. Now adays, I find that if the problem can't
be replicated on a clean install that reinstalling all the systems and
reconfiguring them with puppet/cfengine/func/etc takes a lot less than
2 weeks and not as much stress. However your mileage will vary
depending on job, time, and/or milk of magnesia intake.

-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Enough with the frivolous emails

[Stephen John Smoogen]

At some point in this long thread people have forgotten what the
original email was about.

1) Please post on this list about problems with the OS.
2) Don't post here about non-OS related issues.

Look there are a ton of places to post non-OS related items, and it
wouldn't take too much to set up a mailing list for it some where else
if the billion out there don't meet your needs. BUT this list is not
meant for it.

-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: DNS with bind

[Stephen John Smoogen]

On Tue, Jul 5, 2011 at 14:56, Mike Peterson  wrote:
> Does DNS with bind on Scientific Linux work different than bind on RHEL and
> CentOS?
>
> If not, will bind be fixed with the release of Scientific Linux 6.1?
>
> I feel it is broken because files that are listed as being in the bind rpm are
> missing on Scientific Linux 6.0.

-ENOINFO

There is a ton of info missing in this so there is no way to "proceed" on it.
What files are missing. What are you comparing it to?



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Is RHEL 6 ready for production?

[Stephen John Smoogen]

On Sat, Jul 16, 2011 at 11:36, Yasha Karant  wrote:
> We are obtaining a new GPU cluster research compute engine, Nvidia CUDA 4
> conforming.  Because of the way the funding agency evaluates proposals, we
> effectively had to use an integrator who is well respected in the community
> associated with the particular funding source.
>
> Speaking with the professional staff at the integrator, it appears that the
> consensus is that RHEL 6 is not really ready for production, and that
> production engines are being kept on RHEL 5.6 (CentOS 5.6, SL 5.6).  When I
> enquired about SUSE Enterprise current, I received similar comments from the
> same source.  It was noted that RHEL 6 was withdrawn for a while after
> production release.  Does anyone reading this list have any observations on
> the production stability of RHEL 6?

I am sorry but the question is rather nebulous to answer. What is your
value of production ready? What is your integrators? What criteria do
you use for evaluation of that production readiness. It is an N
parameter non-linear equation with different answers on what those
criteria are.

I know integrators who only are now trusting RHEL-4 for their projects
now that it is reaching end of life. There are large sites running
RHEL-6 to render movies and various scientific clustering items but
they each have different reasons for their choices and each considers
it "production stability."

So unless you define what one means by production stability, the
question is unanswerable.

> This question is irrespective of new hardware support in RHEL 6 that may not
> be operational (e.g., USB 3, nominally in RHEL 6.1).
>
> Yasha Karant
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: xen on Scientific Linux 6 32-Bit or 64-Bit

[Stephen John Smoogen]

On Tue, Jul 19, 2011 at 13:30, Justin Sandy  wrote:
> Is there a way to install xen on 32-bit or 64-bit Scientific Linux 6?

Probably not easily. The kernels are optimized to work with KVM. You
would need to tear out that kernel and build one for Xen and a xen
image

> --
> Justin Sandy
> justmatt9...@gmail.com
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Unable to install SL6.1 with only 1GB of RAM?

[Stephen John Smoogen]

On Fri, Jul 29, 2011 at 09:30, Kenni Lund  wrote:
> Hi
>
> Is it expected behaviour that SL6.1 requires more than 1GB of RAM to
> install when using anaconda for the install? I've just had the
> installer crash on me twice due to low memory, when I had 1024MB
> dedicated to the VM. I didn't create any swap partition when I did the
> partition layout within the installer, so if Anaconda expects to use
> such swap partition for the install, that could explain the issue.
>
> I'm just curious, I've just checked the upstream system requirements
> and 1GB seems to be the official memory requirement for EL6.

I believe that the graphical anaconda relies on a swap partition for
less than 2GB of memory for the various parts to work properly.

> Best regards
> Kenni
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Anyone play with java 7 yet?

[Stephen John Smoogen]

On Tue, Sep 6, 2011 at 17:40, Todd And Margo Chester
 wrote:
> Hi All,
>
>   Anyone play with Java 7 yet?  What is you opinion of
> upgrading to it?
>
> http://www.oracle.com/technetwork/java/javase/downloads/java-se-jre-7-download-432155.html

In the past each Java version upgrade would break a lot of stuff from
previous javas. While byte code should be able to run in compatibility
mode, it didn't always do so and various apps would break until
updates were released. For Java 7 it is supposed to be better capable
of doing this.. however I have various console apps that only run on
the 1.4 or 1.5 Java only.

In most cases, upgrading Java does not mean you are getting better,
faster, slimmer, etc. It usually means you are getting lots of
different features.

If you want to play around with things, sure do so. If you want to do
work, then do it in a play station and see what breaks. If neither
wait.


> Many thanks,
> -T
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren

Re: Cap Lock killer stopped working

[Stephen John Smoogen]

On 27 February 2012 21:06, Todd And Margo Chester
 wrote:
> Hi All,
>
> My Cap Lock killer stopped working when I upgraded
> to 6.2:
>
>      xmodmap -e "remove lock = Caps_Lock"
>
> Anyone have a tip on how to get my Cap Lock killer
> to start working again?  (The Cap Lock key is evil.
> Just kidding.  Perhaps.)

Does the following work for you?

#!/bin/sh
setxkbmap -layout "$(setxkbmap -print | awk -F + '/xkb_symbols/ {print
$2}')" -option ctrl:nocaps

It is what I use in RHEL6.2


> Many thanks,
> -T



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: Odd password issue...

[Stephen John Smoogen]

On 12 March 2012 12:18, Robert Tilden  wrote:
> One of our systems running ‘Scientific Linux Fermi LTS release 4.9’ is
> exhibiting some odd password behavior.
>
>
>
> I can log in using a legitimate password for an account, but I can also log
> in when I add random characters at the –end- of the legitimate password.
> Shortened legitimate passwords don’t work, nor do nonlegitimate passwords.
> It’s like the password check stops when it sees a match but doesn’t check
> beyond that point.
>
>
>
> uname –a gives ‘Linux .phys.northwestern.edu 2.6.9-101.ELsmp #1
> SMP Wed Jul 20 12:44:12 CDT 2011 x86_64 x86_64 x86_64 GNU/Linux’
>

Depends on the password hash. If the system is set up to use the old
DES hash passwords then it will only look at the first 8 characters.
Any characters after that would be truncated and ignored. To check to
see which hash is being used for the account one can do a 'getent
shadow' as root on the system.

[ssmoogen@ponyo ~]$ openssl passwd -1 -salt CrapSalt Password
$1$CrapSalt$QwW4h1GkbcFPhKj/DmtOk.
[ssmoogen@ponyo ~]$ openssl passwd -salt CS Password
CS70elGx.oAms

The first example is a MD5crypt hash which has an "unlimited" length
but can be around 72 characters depending on the system. The second
example is the older DES style hash which is limited to 8 characters.


>
> Any thoughts?
>
>
>
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: roller ball weirdness

[Stephen John Smoogen]

On 29 March 2012 14:32, Todd And Margo Chester  wrote:
> Hi All,
>
> I am using Scientific Linux 6.2 x64 and Xfce 4.8.
>
> Since upgrading to 6.2, I have noticed if I scroll too
> fast on my mouse wheel, that I change windows.
> I wind up in a different program and have to click
> back to get back to my original program.
>
> Is this on purpose?  And, is there a way to defeat
> the behavior?

Check where your mouse is when you do this. If the mouse is over the
Workplace switcher.. the workplace switcher will take the mouse scroll
as changing screens. I have had this happen serveral times when I
thought I was doing one thing and it actually switched screens. Once I
figured out it was where the mouse was located.. I am less "surprised"

> Many thanks,
> -T



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: Multiple terminal windows won't send jobs to individual cores

[Stephen John Smoogen]

On 5 April 2012 10:47, Wil Irwin  wrote:
> Hi-
>
> I am totally stumped and at a complete loss on this one.
>
> In an 'old school' manner (a.k.a poor man's grid engine), it is a common
> practice (at least for me) to open multiple terminal windows on a
> mullti-core machine. Submitting a job in each terminal window will send it
> to a core which is not being used. On this particular set of machines I have
> been doing this for about 2 years.

To be honest I have no idea why it worked before. Setting a process to
a certain core takes definitive coding to say "x will have affinity to
CPU y" or using a program like taskset to set the affinity.

I would try the following:
1) man taskset
2) see if taskset works on your system.

Then see if it works. If it doesn't then I would assume that the CPU
or some other hardware in the box is having issues and not allowing
processes on the other cores for some reason.


-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: Set path -

[Stephen John Smoogen]

On 11 April 2012 16:50, Bob Goodwin - Zuni, Virginia, USA
 wrote:
>           I just installed SL-6 on another computer and it's really a
>           bother to have to enter "/usr/bin/locate" etc. as user "bobg."
>
>           How do I fix that?
>

-ENOINFO A lot more information is required before anyone can  attempt
to answer this question. What is telling you on the new system that
you have to be user bobg. Why is it  a problem.. what are you trying
to accomplish.



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: LTO tape drives

[Stephen John Smoogen]

On 18 June 2012 08:38, Ken Teh  wrote:
> Hi all,
>
> I need some help and advice with LTO tape drives.  I haven't kept up with
> tape technology for several years now and from a quick google, it appears
> that the only games in town are LTO and DDS.  We do have a single DDS
> deployment and we are looking at replacing it with LTO because of capacity
> limitations.
>
> Some questions:
>
> (1) It appears that LTO-5 is the current technology. But most single drives
> use SAS as an interface.  Again, I am not familiar with SAS.  All I know is
> what the acronym stands for.  Is it a simple matter of buying a SAS card?
>  Will it run out of the box on a SL6.x box?  Any issues with drivers?

There are always issues with drivers and specific cards. I believe
that LSI and Adaptec will sell cards that will work with SciLin.

> (2) I see that LTO-4 is still available.  And a quick google suggests that
> Ultra160 or 320 LVD SCSI is the more common interface for these drives.  I
> have several of the Adaptec 29xxx cards, made available when we transitioned
> to SATA.  Is this viable or would you recommend against using LTO-4?  It
> appears to be about 5 years old.  I think it would be preferable to use
> technology that has at least some life to it but I am not inclined to work
> very hard to make LTO-5 work if it is not well supported on Linux.

An LTO-5 drive is backwards compatible with LTO-4,3 (and maybe 2,1)
drives. It is one advantage of the LTO format that they do a lot of
backwards compatibility. The drives should look about the same to the
hardware. We have LTO-5 library from Quantum which bacula uses without
any special software.

> We are not looking to do anything fancy.  A single internal drive and a box
> of tapes.  Backups the old fashioned way.
>
> Specific recommendations welcomed.  As in, buy this card, buy this drive!
>
> Thanks!



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: LTO tape drives

[Stephen John Smoogen]

On 18 June 2012 11:31, Ken Teh  wrote:
>
>
> On 06/18/2012 11:31 AM, Stephen John Smoogen wrote:
>
>> An LTO-5 drive is backwards compatible with LTO-4,3 (and maybe 2,1)
>> drives. It is one advantage of the LTO format that they do a lot of
>> backwards compatibility. The drives should look about the same to the
>> hardware. We have LTO-5 library from Quantum which bacula uses without
>> any special software.
>>
>
> The LTO page on Wikipedia says that a current generation LTO drive will read
> tapes from "at least" 2 prior generations.  I have no experience with these
> tapes; only throwing this blurb into the discussion.
>
> Am I right to assume that I can use the mt program for a LTO-5 SAS type
> drive?  That 'tar' will work just fine?  Or do we also need to migrate to
> more "modern" software like bacula?

For the boxes I have used, mt has worked and I expect tar to work. The
device shows up as /dev/st0

> Thanks for the responses so far.
>
>



-- 
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: SL 6 vs. other RHEL clones: security advisory comparison

[Stephen John Smoogen]

On 20 August 2012 17:22, Ian  wrote:
>> you are over simplifying the process. Eg. What was the time lag from
>> when the srpm was released and the rhn notes published to when CentOS
>> released that specific update ?
>>
> I seriously think this is the wrong place to discuss CentOS specifically,
> don't you?

1) To quote you: Firstly, I don't really like being told where I can
and can't post. If the discussion is off-topic, then so is the topic
IMHO.

2) You brought it up and got called on it.

3) You still haven't proved your point.. you just tried to jog around
the gaping hole in your logic.. eg you did not have any cases that
other clones have a release time <= SrpmReleaseTime.

Now to go back to your original email, you pulled in that you were not
a scientist but this list is filled with them and if you want to
advocate your point better.. you need to have data that can be shared
and checked.

-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: jumbo frames?

[Stephen John Smoogen]

On 27 August 2012 14:48, Todd And Margo Chester  wrote:
> Hi All,
>
> Can anyone tell me what this means?
>
> just disable jumbo frames on centos host interface
> ifcfg and ethernet switch.

Well first of all. What is giving you this error or message? Jumbo
frames are not usually turned on CentOS/Scientific Linux without some
extra configuration (eg in /etc/sysconfig/network-scripts/ifcfg-eth0
or the likes.). To see if they are enabled on the system.. ifconfig
eth0 and look for the MTU line. If it is 1500 that is standard. If it
is 9000 then it has been configured to be such somehow.

> Many thanks,
> -T



-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: ps and IPC

[Stephen John Smoogen]

On 13 September 2012 10:52, David Fitzgerald
 wrote:
> Hello,
>
>
>
> I am running Scientific Linux 6.2 and am getting a semget error when I run
> ps as any user, including root.
>
> The full message is:
>
>
>
> semget: No such file or directory
>
> semop: Invalid argument
>
> [DEVICE -1]  The requested IPC message queue is locked.
>
> Error in message send = 22
>
> itype, ichan, nwords,2,-1,2
>
>
>
> Could someone explain what this error means, and show me how to troubleshoot
> it?
>
>

Well that error is not a basic one.. which ps are you running (you can
find out by typing which ps). Something is locking your access to the
kernels memory so something has changed on the system from a default
install. I guess I need a lot more questions answered:

Type of system (x86_64, i386)
Type of hardware
The output of the following commands

df -a
ls -l /proc/

>
> Sorry if this is a basic question, but I am stumped.
>
>
>
> Thanks!
>
>
>
> Dave
>
> +++
>
> David Fitzgerald
>
> Department of Earth Sciences
>
> Millersville University
>
> Millersville, PA 17551
>
>
>
> Phone: 717-871-2394
>
>



-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: how can i quit from this group

[Stephen John Smoogen]

On 14 September 2012 19:25, mohamed nagy  wrote:
> how can i quit from this group

List-Help: 
,
   
List-Unsubscribe:

List-Subscribe:

List-Owner: 
List-Archive: 


So send mail to scientific-linux-users-unsubscribe-requ...@listserv.fnal.gov

-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: Touch screen

[Stephen John Smoogen]

On 2 October 2012 10:23, Christopher Brown  wrote:
> Hi,
>
> I can't find any info about this online. Does anyone know if the Elo 0700L
> touchscreen will work on SL 6.3? I do behavioral research, and a touch
> screen interface would be extremely useful for some experiments. And since
> the experiments are conducted inside a sound booth, the single USB cable for
> video/touch/power is really attractive. The small screen is also fine.
>
> Does anyone have any alternative suggestions?

You will need to contact the manufacturer to see if they have drivers
for Linux. Most touch screen interfaces require a proprietary driver
of some sort or another.

> Thanks,
> Chris



-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: CD recording nowadays

[Stephen John Smoogen]

On 21 October 2012 07:17, Andrew Z  wrote:
> Gents,
>  i'm a bit ;) confused as of the current state of CD burning on our
> platform. Back in the days it was cdrecord, now ... i'm not sure... I see
> there is cdrtools and cdrkit... but neither(?) seemed to be included in the
> main repo..
> Please advise.
> Thank you
> AZ

I believe the version shipped these days is called wodim for reasons I
don't know exactly.

-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: Unreadable YUM cron job logs.

[Stephen John Smoogen]

On 26 October 2012 13:03, Steven Haigh  wrote:
> Hi all,
>
> Recently I've noticed a trend to get some logs from yum updates that happen
> automatically that don't display. Looking at the message source, I see:

Something in the mail system is encoding this as base64 but not
putting in the mime headers to tell you that.. I don't think that this
is done via cron or yum so I would check to see how the postfix or
some option in between

http://www.opinionatedgeek.com/dotnet/tools/base64decode/

will show you the unencoded message.

> Return-Path: 
> Delivered-To: net...@crc.id.au
> Received: from xenhost.lan.crc.id.au (unknown
> [IPv6:2002:cb38:f71b:1:52e5:49ff:fe4d:4af6])
> by mail.crc.id.au (Postfix) with ESMTP id 9566D9E
> for ; Sat, 27 Oct 2012 04:12:57 +1100 (EST)
> Received: by xenhost.lan.crc.id.au (Postfix)
> id CC9A412A; Sat, 27 Oct 2012 04:12:56 +1100 (EST)
> Delivered-To: r...@xenhost.lan.crc.id.au
> Received: by xenhost.lan.crc.id.au (Postfix, from userid 0)
> id BE3B614D; Sat, 27 Oct 2012 04:12:56 +1100 (EST)
> Date: Sat, 27 Oct 2012 04:12:56 +1100
> To: r...@xenhost.lan.crc.id.au
> Subject: YUM:xenhost.lan.crc.id.au:2012-10-27
> User-Agent: Heirloom mailx 12.4 7/29/08
> MIME-Version: 1.0
> Content-Type: application/octet-stream
> Content-Transfer-Encoding: base64
> Message-Id: <20121026171256.be3b6...@xenhost.lan.crc.id.au>
> From: r...@xenhost.lan.crc.id.au (root)
>
> IC0tLS0tLS0tLS0tLS0tLS0tLS0tCiBZVU0gLSBzZWN1cml0eQogLS0tLS0tLS0tLS0tLS0t
> LS0tLS0KCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09CiBQYWNrYWdlICAgICAgICAgICAg
> ICAgQXJjaCAgICAgICAgICBWZXJzaW9uICAgICAgICAgICAgUmVwb3NpdG9yeSAgICAgICAg
> IFNpemUKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KVXBkYXRpbmc6CiB4ZW4gICAgICAg
> ICAgICAgICAgICAgeDg2XzY0ICAgICAgICA0LjIuMC00LmVsNiAgICAgICAga2VybmVsLXhl
> biAgICAgICAgMS4wIE0KIHhlbi1kb2MgICAgICAgICAgICAgICB4ODZfNjQgICAgICAgIDQu
> Mi4wLTQuZWw2ICAgICAgICBrZXJuZWwteGVuICAgICAgICA5ODIgawogeGVuLWh5cGVydmlz
> b3IgICAgICAgIHg4Nl82NCAgICAgICAgNC4yLjAtNC5lbDYgICAgICAgIGtlcm5lbC14ZW4g
> ICAgICAgIDQuMyBNCiB4ZW4tbGlicyAgICAgICAgICAgICAgeDg2XzY0ICAgICAgICA0LjIu
> MC00LmVsNiAgICAgICAga2VybmVsLXhlbiAgICAgICAgMzQ0IGsKIHhlbi1saWNlbnNlcyAg
> ICAgICAgICB4ODZfNjQgICAgICAgIDQuMi4wLTQuZWw2ICAgICAgICBrZXJuZWwteGVuICAg
> ICAgICAgNDUgawogeGVuLXJ1bnRpbWUgICAgICAgICAgIHg4Nl82NCAgICAgICAgNC4yLjAt
> NC5lbDYgICAgICAgIGtlcm5lbC14ZW4gICAgICAgIDUuNyBNCgpUcmFuc2FjdGlvbiBTdW1t
> YXJ5Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09ClVwZ3JhZGUgICAgICAgNiBQYWNrYWdl
> KHMpCgpUb3RhbCBkb3dubG9hZCBzaXplOiAxMiBNClN0b3BwaW5nIHhlbmNvbnNvbGVkIGRh
> ZW1vbjogWyAgT0sgIF0NClN0YXJ0aW5nIHhlbmNvbnNvbGVkIGRhZW1vbjogWyAgT0sgIF0N
> ClN0b3BwaW5nIHhlbmQgZGFlbW9uOiBbICBPSyAgXQ0KU3RhcnRpbmcgeGVuZCBkYWVtb246
> IFsgIE9LICBdDQoKVXBkYXRlZDoKICB4ZW4ueDg2XzY0IDA6NC4yLjAtNC5lbDYgICAgICAg
> ICAgICAgICAgIHhlbi1kb2MueDg2XzY0IDA6NC4yLjAtNC5lbDYgICAgICAgICAKICB4ZW4t
> aHlwZXJ2aXNvci54ODZfNjQgMDo0LjIuMC00LmVsNiAgICAgIHhlbi1saWJzLng4Nl82NCAw
> OjQuMi4wLTQuZWw2ICAgICAgICAKICB4ZW4tbGljZW5zZXMueDg2XzY0IDA6NC4yLjAtNC5l
> bDYgICAgICAgIHhlbi1ydW50aW1lLng4Nl82NCAwOjQuMi4wLTQuZWw2ICAgICAKCgo=
>
> The message that is in my cron folder shows as blank. While I'm not an
> expert in email formatting, is it possible the encoding is incorrect causing
> it not to display properly? This one isn't really my field of expertise...
>
> --
> Steven Haigh
>
> Email: net...@crc.id.au
> Web: http://www.crc.id.au
> Phone: (03) 9001 6090 - 0412 935 897
> Fax: (03) 8338 0299
>



-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: task blocked for more than 120 seconds

[Stephen John Smoogen]

On 14 November 2012 10:20, Ken Teh  wrote:
> The common thread is I/O to a MegaRAID raid5 device.  Which is cause for
> concern since the primary function of both machines where I've encountered
> this problem is file-serving.
>
> Perhaps I am just unlucky and have 2 bad MegaRAID cards in a row.  I'm
> trying
> to understand this better, figure out if I am doing something wrong.

Well there are a couple of issues this could be:

1) You are asking more than the MegaRaid is meant to do... it may be
running out of cache, or other resources.
2) The megaraid is still rebuilding its array beneath and you are
hitting a locking problem because it hasn't finished what it needs to
do before you ask it to do something else (really sort of #1).

Most of the time you will need to install the proprietary Megaraid
tools to see what is going on under the disks to find out.

> My procedure is create a RAID 5 volume on the megaraid, do a slow init.
> Reboot
> the system into Linux, write a single large partition with parted, then put
> one or more logical volumes on the drive.
>
> The "hung" problem has cropped up under the following situations:
>
> (1) pvcreate on the disk
>
> (2) mkfs.ext4 on the volumes created on the disk
>
> (3) writes to the filesystem on the disk
>
> It's happened on 2 fileservers each with a megaraid.
>
>
>
>
>
> On 11/14/2012 10:19 AM, Jamie Duncan wrote:
>>
>> is there a specific bug/bugs you're referring to?
>>
>> a hung task means that a process is sitting on a core waiting on a
>> specific bit of I/O for > 120 seconds. Not the length of the entire process,
>> mind you, which depends on countless inputs and outputs to complete, but
>> something on the other side isn't answering for a very long time.  It
>> usually means an unhealthy system at some level.
>>
>>
>> On Wed, Nov 14, 2012 at 11:04 AM, Ken Teh > > wrote:
>>
>> I've recently been encountering this problem trying to stand up a
>> large RAID 5 disk server.  My first encounter was when I was doing write
>> speed tests.  I thought I had solved this problem by letting the megaraid
>> card complete a slow init of the volume before trying to create a linux
>> filesystem on it and re-doing my speed measurements.
>>
>> But I have just now encountered it again on a new RAID 5 volume which
>> I also let complete a slow init over the weekend.  I was in fact trying to
>> do a pvcreate on the volume when it hung.
>>
>> Can anyone shed some light?  I see posts for it but everything I read
>> suggests it's been taken care of.
>>
>>
>>
>>
>> --
>> Thanks,
>>
>> Jamie Duncan
>> 804.571.0458



-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: Scala missing in the official repo(s)

[Stephen John Smoogen]

On 26 November 2012 21:59, Freak Trick  wrote:
> I was attempting to install Scala (the programming language). The query 'yum
> search scala' on SL 6.3, did not return any positive results. Furthermore,
> there are no packages in non-official repo(s) either. Is it even possible to
> include Scala in the official repos. It is gaining in popularity and a
> package may help many overcome the relatively cubersome process of
> installing manually.
>

The official repos as far as I know are linked with the Red Hat
Enterprise release which does not include scala. EPEL could have scala
if a developer was interested in keeping up with it. This would be a
rebuild of the Fedora scala src.rpm and then keeping up with versions
and such.


-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: Desktop Cinnamon

[Stephen John Smoogen]

On 13 December 2012 06:32, Larry Linder  wrote:
> Has anyone tried to use Cinnamon desktop onto SL.   The Desktops on 6.X were
> unusable from our vantage point and that is why we stalled at 5.8.

Well without a definition of what "unusable" is.. then I would not see
how Cinnamon would help any. It is a fork of GNOME-3 to make it act
and look like GNOME-2 which the 6.x systems ship with. So not sure
what kind of "win" you would expect.

> From some others I have talked to have tried it and found that they love it
> and they indicated that were running Fedora.
>
> Larry Linder



-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Re: EXTERNAL HARD DISK 2 TB ISSUE

[Stephen John Smoogen]

On 9 July 2013 08:36, Pritam Khedekar  wrote:

>
>
>
> guys,
>
> i have 2 tb external drive which was working fine
>
> now suddenly it doesn't show in my computer
>
> it detect as usb drive but doesn't show in my computer or in disk
> managemnet
>
>
>
This problem is usually either a bad USB controller in the device or a bad
disk. The best way to deal with it is to remove the disk from its external
casing and plug it into the SATA (they are usually just a USB2SATA
connector) internally. This will show whether the problem is external case
or disk. Sorry for not much better to help with.

-- 
Stephen J Smoogen.

Re: Cheap PCI-E Solid State Disks (SSD)

[Stephen John Smoogen]

On 30 July 2013 18:21, Gerard Bernabeu  wrote:
> Hi,
>
> I'm looking for some fast (~1GB/s on sequential writes&reads) SSDs that are
> both cheap and compatible with linux. Do you know of any?
>
> Some examples would be:
>
> OCZ RevoDrive 3 x2  (1.3GB/s writes on the 960GB version, ~$1530 = 0.62GB/$)
> - This is a good candidate but officially supports Windows only, not sure if
> would work under linux at all.
> OWC Mercury accelsior E2 (0.78GB/s writes on the 960GB version, ~$1300 =
> 0.74 GB/$) - This one is a little bit too slow (less than 1GB/s)
> VisionTek Data Fusion (0.81 GB/s writes on the 960GB version, ~$904 = 1.06
> GB/$) - This is a bit too slow, not clear if linux is supported
>
> There are some other good products out there (fussion io,  Intel 910, OCZ
> enterprise brand, etc) but they're all at least twice the price.

They are twice the price because they are usually better tested items.
The cheaper SSD's have a far more limited of number of writes, have
less redundancy of cells (so when goes bad it can use another one) and
are more likely to go dead completely. Most everyone I know who has
used the cheap ones has been burned badly where they lost everything
within a month or two of using.


> Do you know of any other PCIE card that provides ~1GB/s at 0.5GB/$ or more?
> Any experience of any of the previous products under linux?
>
> Thanks,
>
> --
> Gerard Bernabeu
> FermiCloud and FermiGrid Services at Fermilab
> Phone (+1) 630-840-6509



-- 
Stephen J Smoogen.

Re: How do I change my eMail address?

[Stephen John Smoogen]

On 18 September 2013 16:35, Todd And Margo Chester
wrote:

> Hi All,
>
> I have been looking around the
>  
> http://listserv.fnal.gov/**archives/scientific-linux-**users.html
> to no avail trying to figure out how to change my eMail address.
> Maybe I am blind.
>
> Anyone have any tips?
>
> Many thanks,
> -T
>

FNAL runs its mailing lists on a listserv


List-Help: <
http://listserv.fnal.gov/scripts/wa.exe?LIST=SCIENTIFIC-LINUX-USERS>,
   
List-Unsubscribe: 
List-Subscribe: 
List-Owner: 
List-Archive: <
http://listserv.fnal.gov/scripts/wa.exe?LIST=SCIENTIFIC-LINUX-USERS>

My guess is that it is unsubscribe/resubscribe as the easiest.

-- 
Stephen J Smoogen.

Re: SL 6.4 Ethernet Port is dead - maybe

[Stephen John Smoogen]

On 7 March 2014 14:47, Larry Linder  wrote:

> I am looking for a way to check the functionality of an Ethernet port on a
> 4
> mo old new system.   We use this box for number crunching and reducing
> data.
> Since no one uses the desktop we left it as "Gnome" and set up network.
>  This
> also the same box we found the SL 6.x had a broken driver for the chip set.
> Thanks to some serious help we were able to download the driver for the
> Ethernet chip set and it worked for a long time.
>
> After a power failure on a clear day we noticed that it would boot and run
> but
> no intranet.   The power failure was city wide for about 5 sec.  Just
> enough
> to turn on the UPS,s and EM Lights.
>
> I have look on the net and there is a lot of people offering suggestions
> but
> nothing you can hang you hat on.  Most just reference a lot of
> applications.
>
> Tried:
> drop down's for "preferences" and network set up.  restart "network" &
> NetworkManagement" .  These look OK.
>
> Apps:
> "ifconfig"
> etho:  says that it read a large number of packets and transmitted none.
>
> "ss"
> gives a lot of information but Its pretty criptic to say the least.
>
> The Ethernet chip set is on the mother board and I hate to dismantel it
> replace the mother board and have the same problem.  I was looking for a
> way
> to test it with a loop back scheme and monitor the transmission with a
> scope.
>

The cost of doing that is going to be more than a board and warranty if it
is 4 months old. Mainly because if it can recieve but not send then there
are 3 possible problems:

1) The ethernet card is fried. You can pay for a $10.00 replacement card
before you figure out what a correct signal looks like.
2) The wire is fried.
3) The port on the switch is fried.

The usual way to check things is the following:
1) If the box is really reading stuff you can do a tcpdump and see what
packets are being seen on the network.
2) Move the wire from the box to a different port on the switch. This will
see if the problem is with the switch.
3) Replace the wire.
4) If you have a grant get an ethernet probe device for a couple thousand
dollars (I think). They can test all of the above and tell you where the
line might be fried if it is buried in cables etc.

The oscillascope items might show you that you are getting a signal, but it
won't tell you if that wave is in any form or shape what the computer can
understand. To do that you will need to either duplicate a working signal
over a similar distance of cable (to deal with what degredation might be
there) or have some sort of litmus available (which is usually the probe
device).




> The Ethernet chip set supports 10/100/1000 megHz.   Because of the size of
> the
> data sets we need the 1 g. rate.   We plan to upgrade our entire network
> to 1
> G router, and switches once this problem is resolved.
> Only change one thing at a time.
>
> Larry Linder
>



-- 
Stephen J Smoogen.

Re: Create 4TB RAID volumes during install?

[Stephen John Smoogen]

On 28 March 2014 14:42, CS_DBA  wrote:

> Hi All;
>
> I have a server which we've setup with 2 - 500GB drives and 6 -  4TB drives
>
> I want to mirror the 2 500GB drives as a RAID 1 volume - works as expected
>
> However I also want to add all 6 4TB drives to a single RAID 10 RAID device
>
> I try and create a raid volume, choose one of the 4TB drives and it wont
> let me select more than 2TB of space.  Can someone give some insight on how
> to pull this off?
>
> Thanks in advance
>

This is going to depend on a couple of factors:

1) If you are using SciLin-5 there may be a limit to the size of disk that
it can use.
2) If you are using SciLin-6 it should be able to work because I believe it
uses gparted but it might only use that if your system booted in UEFI mode.
In BIOS mode or if it uses fdisk then it can only be used for disks no
larger than 2TB.


-- 
Stephen J Smoogen.

Re: Any 7 rumors?

[Stephen John Smoogen]

On 9 April 2014 11:17, David Sommerseth wrote:

> On 09/04/14 16:27, Paul Robert Marino wrote:
> > No it was always required because the shopping cart itself may in some
> > cases contain data which could possibly be used to gain access to
> > sensitive customer data. Also in a sense data about who purchases what
> > and where could also be used to mask credit card fraud by making the
> > fraudulent charges look like the normal shopping activities of the
> > card holder.
>
> Really!?  I've been involved in a few PCI-DSS certification rounds for a
> company which provided online payment services back in the days.
> Granted that's some years ago now (2005 to 2008-ish).  Even though our
> scope was limited to only processing credit card information, we did not
> see any requirements anywhere at that time for the shopping cart to be
> PCI-DSS certified.
>

Any time you read "always"  in certifications, it means that the original
organization thought they had made it clear originally but instead it was
intepreted completely differently by various auditors. Since PCI-DSS
certification comes down a lot to what an auditor will go with.. any
phrases with wiggle room or non-absolutely clear language (did we use MAY
when we should have used WILL is the easiest one) then you end up with
years of 'clean-up' where various things you got told were ok is not ok
with either a different auditor or the next set of clarifications because
someone stuck an OR in when they meant XOR or AND.  So the authors go back
and clear it up and say it meant to always be that way and people in the
field go "WHA?"


>

-- 
Stephen J Smoogen.

Re: How do I elevate in a script?

[Stephen John Smoogen]

On 29 April 2014 15:20, ToddAndMargo  wrote:

> Hi All,
>
> I have a bash script that need to be run as root.
> In the script, I check to see if it is running as
> root and flag the user to run appropriately.
>
> Is there a way to use "su" to prompt for the password
> and continue the script if successful? (I would test for
> $? after the prompt.)
>
> Currently "su" will just open a new shell as root.
>
> I can run a command inside "su", but what about the
> other 200 lines of code?  :'(
>
>
The best you can do is run the script itself via su.. and that leads to all
kinds of interesting problems. Generally it is better to have the user type
the command themselves as root versus trying to be helpful inside of the
shell.




> Many thanks,
> -T
>
>
> --
> ~~
> Computers are like air conditioners.
> They malfunction when you open windows
> ~~
>



-- 
Stephen J Smoogen.