Re: [SLUG] chroot

[Colin Humphreys]

Crossfire wrote:
> 
> Martin was once rumoured to have said:
> > > ... and here I was expecting you to say "but how do you compile a C
> > > program in a chrooted environment", and I was going to say "well okay,
> > > you do have a point, so the end result would be the same chicken/egg
> > > problem with one needing a binary to get out of the chroot", which
> > > either Terry, Crossfire or Angus would rebuke further... etc, etc.
> >
> > well, what is stopping that same program compiled on a similar box being
> > downloaded and run from within the chroot environment...
> >
> > so, you then remove all means of transferring files from within the
> > chroot environment...
> >
> > where do you stop???...my head hurts!
> >
> > > I'd imagine that a chrooted bind that isn't running as root would be
> > > safer.
> >   ^
> >
> > emphasis on the "safer" which != "safe"...
> >
> > on the subject of bind, has anyone researched the alternatives to bind?
> > anyone used djbdns?
> 
> djbdns is not really suitable for use on public DNS servers.

Could you please explain why? I have been using djbdns on various public
dns servers for well over a year. I have never had any problems.

>  That,
> and it doesn't cache [it relies upon dnscache to do that], which makes
> it moderately useless. 

Why? Whats wrong with relying on dnscache? You can run dnscache on the
loopback, and make djbdns available on the external interface. If you
want a external cache, use ip aliasing. Its just different.

> It also doesn't support AFXR, which means
> you'll be manually updating your secondaries.  It is on my "not
> recommended list".

um, yes it does. Thats some of the secondaries I administer get updated.

> 
> Yes, I do have a grudge against djb - I wouldn't have it if he didn't
> release crap and hide it behind his security guaranty.

oh well, I ain't getting into this again.

-Colin

> 
> bind is good.  Bind will work chrooted.  Bind will work surrendering
> priveledges.  You can't escape a chroot once you've surrendered root
> privs (unless your chrooted environment foolishly includes setuid
> binaries). OpenBSD knows this, and ships their bind configuration to
> chroot jail and surrender root by default.  However, bind sucks for
> dynamic tables.  Do not use bind for dynip stuff.  (I use bind myself,
> mostly because I've been using Bind4 and Bind8 for years - that, and
> my `dynip' table has a very low rate of change, and I use magic,
> rather than the dynamic DNS update mechanisms to set it)
> 
> There is also Dents which is a viable replacement for Bind.  Dents
> also supports drop-in namespace modules. Dents works with
> Supersparrow. I haven't used dents, so I can't vouch for its feature
> set, however Dents sounds like the right thing by implementing the
> featureset, and making it behave in a sane manner.
> 
> Yes, these are *MY* opinions.
> 
> C.
> --
> --==--
>   Crossfire  | This email was brought to you
>   [EMAIL PROTECTED] | on 100% Recycled Electrons
> --==--
> 
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] chroot

[Crossfire]

Martin was once rumoured to have said:
> > ... and here I was expecting you to say "but how do you compile a C
> > program in a chrooted environment", and I was going to say "well okay,
> > you do have a point, so the end result would be the same chicken/egg
> > problem with one needing a binary to get out of the chroot", which
> > either Terry, Crossfire or Angus would rebuke further... etc, etc.
> 
> well, what is stopping that same program compiled on a similar box being
> downloaded and run from within the chroot environment...
> 
> so, you then remove all means of transferring files from within the
> chroot environment... 
> 
> where do you stop???...my head hurts!
> 
> > I'd imagine that a chrooted bind that isn't running as root would be
> > safer.
>   ^
> 
> emphasis on the "safer" which != "safe"...
> 
> on the subject of bind, has anyone researched the alternatives to bind?
> anyone used djbdns?

djbdns is not really suitable for use on public DNS servers.  That,
and it doesn't cache [it relies upon dnscache to do that], which makes
it moderately useless.  It also doesn't support AFXR, which means
you'll be manually updating your secondaries.  It is on my "not
recommended list".

Yes, I do have a grudge against djb - I wouldn't have it if he didn't
release crap and hide it behind his security guaranty.

bind is good.  Bind will work chrooted.  Bind will work surrendering
priveledges.  You can't escape a chroot once you've surrendered root
privs (unless your chrooted environment foolishly includes setuid
binaries). OpenBSD knows this, and ships their bind configuration to
chroot jail and surrender root by default.  However, bind sucks for
dynamic tables.  Do not use bind for dynip stuff.  (I use bind myself,
mostly because I've been using Bind4 and Bind8 for years - that, and
my `dynip' table has a very low rate of change, and I use magic,
rather than the dynamic DNS update mechanisms to set it)

There is also Dents which is a viable replacement for Bind.  Dents
also supports drop-in namespace modules. Dents works with
Supersparrow. I haven't used dents, so I can't vouch for its feature
set, however Dents sounds like the right thing by implementing the
featureset, and making it behave in a sane manner.

Yes, these are *MY* opinions.

C.
-- 
--==--
  Crossfire  | This email was brought to you
  [EMAIL PROTECTED] | on 100% Recycled Electrons
--==--

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] chroot

[Colin Humphreys]

> on the subject of bind, has anyone researched the alternatives to bind?
> anyone used djbdns?

yup. its nice an easy. It uses daemontools to manage the service instead
of sysv scripts... thats the main wierd thing.

The djbdns security hole guarantee still sits there unclaimed on djb's
website.

The wider use of djbdns is being restricted by the licence, making
binary distribution almost (totally?) impossible.

Also some people seem to have a personal objection to djb.

-Colin

-- 
Colin Humphreys   |   R&D System Administrator|Borland Australia
<[EMAIL PROTECTED]> <-- Work | Play -->   <[EMAIL PROTECTED]>
(ph) +612 9263 8053  (mob) +61 414 483341   (fax) +612 9263 8080
PGP key: 0xB6037E5E   (fprint: F0EA C979 C9E8 A5C9 EBA7  7C63 6F66 227B)

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] chroot

[Andrew Reilly]

On Thu, Mar 29, 2001 at 05:07:18PM +1000, Martin wrote:
> on the subject of bind, has anyone researched the alternatives to bind?
> anyone used djbdns?

There was a big argument about djbdns on the FreeBSD lists
recently. The biggest gripe was that it doesn't support some
of the more recent DNS extensions that relate to dynamically
changing database details from remote hosts.

Needless to say it has it's own mechanisms for doing that sort
of thing (use rdist seems to be the djb answer), but that didn't
make the BIND die-hards happy.

The folks who were happily using djbdns, on the other hand,
seemed to be _very_ happy about it...

-- 
Andrew

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] chroot

[Martin]

> ... and here I was expecting you to say "but how do you compile a C
> program in a chrooted environment", and I was going to say "well okay,
> you do have a point, so the end result would be the same chicken/egg
> problem with one needing a binary to get out of the chroot", which
> either Terry, Crossfire or Angus would rebuke further... etc, etc.

well, what is stopping that same program compiled on a similar box being
downloaded and run from within the chroot environment...

so, you then remove all means of transferring files from within the
chroot environment... 

where do you stop???...my head hurts!

> I'd imagine that a chrooted bind that isn't running as root would be
> safer.
  ^

emphasis on the "safer" which != "safe"...

on the subject of bind, has anyone researched the alternatives to bind?
anyone used djbdns?

later
marty

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] chroot

[Matthew Dalton]

Martin wrote:
> 
> > That's a nice try, but the example is a C program that is calling the
> > chroot() system call, not the binary in /usr/sbin.
> 
> rainbws!   ;)

... and here I was expecting you to say "but how do you compile a C
program in a chrooted environment", and I was going to say "well okay,
you do have a point, so the end result would be the same chicken/egg
problem with one needing a binary to get out of the chroot", which
either Terry, Crossfire or Angus would rebuke further... etc, etc.


> so, how do you protect a machine at all then? are we just fooling
> ourselves that a chroot()ed bind is any safer ??

I'd imagine that a chrooted bind that isn't running as root would be
safer.

> i gather the best security we get is something that chroot()s, drops
> it's privelages and then doesn't give up a root shell when exploited...

Allowing someone to get root access is bad. Don't let it happen.

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] chroot

[Martin]

> That's a nice try, but the example is a C program that is calling the
> chroot() system call, not the binary in /usr/sbin.

rainbws!   ;)


so, how do you protect a machine at all then? are we just fooling
ourselves that a chroot()ed bind is any safer ??

i gather the best security we get is something that chroot()s, drops
it's privelages and then doesn't give up a root shell when exploited...

later
marty

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] chroot

[Matthew Dalton]

Martin wrote:
> > chdir( MY_JAIL_PATH );
> 
> so if i didn't put a chroot in /whatever/you/want or it's
> subdirectories, you can't chroot again...  until, of course you download
> your own chroot binary and run that instead!

That's a nice try, but the example is a C program that is calling the
chroot() system call, not the binary in /usr/sbin.

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] chroot

[Martin]

> ---
> 
> > Not knowing about *BSD's jails I'm not sure if you want to
> > restrict a user to only one part of the filesystem why not use
> > chroot?
> 
> Because root can break out of a chroot().
> 
> Trivially.
> 
> It's not related to devices, like some seem to think... the method is
> even simpler:
> 
> #define MY_JAIL_PATH "/whatever/you/want"
> 
> chdir( MY_JAIL_PATH );
> chroot( MY_JAIL_PATH );
> /* process is now supposedly jailed */
> /* can we get out?  sure we have the keys cause we're root */
> mkdir( MY_JAIL_PATH "/escape" );/* did I mention I love ANSI C's
>   string concatenation? */
> chroot( MY_JAIL_PATH "/escape" );


alright, but say you had a normalish path


$ echo $PATH

/usr/local/sbin:/usr/sbin:/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:/root/bin


and chroot in a particular directory


$ which chroot

/usr/sbin/chroot


and i chroot to "/whatever/you/want", when i try to chroot again, won't
it really be using /whatever/you/want/usr/sbin/chroot (or any other
chroot it finds first in my path) instead of /usr/sbin/chroot. (feel
quite free to step in here and point out flaws in my reasoning :)

so if i didn't put a chroot in /whatever/you/want or it's
subdirectories, you can't chroot again...  until, of course you download
your own chroot binary and run that instead!

:P

later
marty

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] chroot

[Matthew Dalton]

Howard Lowndes wrote:
> 
> Is there any way for root to break out of a chroot jail?  I tried the
> obvious and they didn't work, and the man/info is next to useless.

The message below appeared in debian-user a little while ago...

Matthew

---

> Not knowing about *BSD's jails I'm not sure if you want to
> restrict a user to only one part of the filesystem why not use
> chroot? 

Because root can break out of a chroot().

Trivially.

It's not related to devices, like some seem to think... the method is
even simpler:

#define MY_JAIL_PATH "/whatever/you/want"

chdir( MY_JAIL_PATH );
chroot( MY_JAIL_PATH );
/* process is now supposedly jailed */
/* can we get out?  sure we have the keys cause we're root */
mkdir( MY_JAIL_PATH "/escape" );/* did I mention I love ANSI C's
  string concatenation? */
chroot( MY_JAIL_PATH "/escape" );

/* now, at this point, we're chrooted to /whatever/you/want/escape...
   but our current directory is /whatever/you/want*/

/* let's go up a bit */

chdir ("../../../../../../../../../.." );   /* should be plenty, if not
we can just repeat it... */
chroot ( "." );

And, like magic, we're out of jail.

Yes, chroot is useful.  It's VERY useful for programs that -drop- their
privileges (and thus can't chroot() again to break out).  But, in this
case, the questioner wanted to allow root into the jail... you can't do
that without destroying all the security that chroot gives you.  It's
not a panacea.

Now, there are workarounds: the 'capabilities' of current kernels should
allow you to grant root without granting the ability to chroot... but
the capabilities aren't well understood in the real world.  Playing with
them too much will break things in new and interesting ways...  I'm
not sure if I'd trust them to work as they should, and they'd
interfere with being able to chroot things in the virtual environment
(which you may want to do).

Oh, yeah, and the above behavior of chroot() isn't really a bug in
Linux: it's a bug in POSIX.

(I'm not willing to say that jail() is a panacea either... it's been
abused on FreeBSD -- see http://www.securityfocus.com/archive/1/153336
for example.)

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] chroot

[Andrew Reilly]

On Thu, Mar 29, 2001 at 02:35:36PM +1000, Howard Lowndes wrote:
> Is there any way for root to break out of a chroot jail?  I tried the
> obvious and they didn't work, and the man/info is next to useless.

How about re-mounting the disks inside the chroot partition?

There must be something not-quite-strong about it, because
recent FreeBSD have added jail too.  (One thing jail() does is
prevent subsequent mounting.)

-- 
Andrew

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

RE: [SLUG] raid 1 on linux

[Marty Richards]

Hi All,
 
Thanks for all your help with this, especially the step by step guide from
John. I nearly gave up - instead its now happily booting from the raid1
device ;)

The trick is to make sure you have the right version of the raidtools and
HOWTO. If your howto talks about using mdadd then its seriously out of date
and you're on the long road. 

Longer term though, imho the procedure needs to be dramatically simplified
to something similar to other operating systems. The 26 step job is a trifle
messy and its easy to stray...

Cheers,
Marty

On Tuesday, March 27, 2001 7:43 PM, Jeffrey Borg [SMTP:[EMAIL PROTECTED]]
wrote:
> 
> One more thing
> 
> 
> Just in case you think you have /etc/raidtab wrong
> 
> On Tue, 27 Mar 2001, John Ferlito wrote:
> 
> > f) vi /etc/raidtab and add something like this
> >
> > raiddev /dev/md0
> > raid-level 1
> > nr-raid-disks 2
> > nr-spare-disks 0
> > chunk-size 4
> > persistent-superblock 1
> > device /dev/somenonexistintdevice
>   ^
> > failed-disk 0
> > device /dev/hdc3
> > raid-disk 1
> >
> > This will tell the raid tools that you want raid 1 on two disks but that
> > currently hda3 is a failed disk so don't use it.
> >
> 
> I just did this in case something went wrong!
> 
> then you will be 100% certain that it won't touch the existing drive.
> 
> then just fix it up later.
> 
> Oh yeah Print out the how to as well and read it a few more times.
> 
> Jeff


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

[SLUG] chroot

[Howard Lowndes]

Is there any way for root to break out of a chroot jail?  I tried the
obvious and they didn't work, and the man/info is next to useless.

-- 
Howard.

LANNet Computing Associates 
   "...well, it worked before _you_ touched it!"


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

[SLUG] SMTP servers??

[Steven downing]

I was looking at setting up a small mail / web domain
on linuxwebhost.com, with a webmail interface
to some POP mail boxes, but they don't offer
SMTP outgoing servers.  I'd like both POP and
webmail send/retrieve access to these boxes.
Obviously dialup POP access is ok, but sending from
the web mail interface??

So does anyone know of either
a) some sort of free SMTP server, I know these would be
open to abuse, but couldn't you get a free one which would
accept from certain domains/IP address.  The plan with
Linuxwebhost.com offers a real static IP.

b) a comparable host to linuxwebhost.com
i.e offers cheap domain registration and POP boxes
and some hosting.
And either a webmail interface, or ability to put up
a site with one I get off freshmeat?

Move this over to slug-chat if appropriate.

thanks all

Steve

'My Doctor says I have a malformed public-duty gland
and a natural deficiency in moral fibre, and that I
am therefore excused from saving Universes'
Ford Prefect - Hitch Hikers Guide to the Galaxy


--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

[SLUG] File based snapshots in Linux

[Peter Rundle]

Sluggers,

Does anyone know if there is a Veritas equivilent to doing file
based snapshots in Linux. I've been told that this is available 
in the Logical Volume Manager (LVM) but looking at their site it
appears that they do volume based snapshots not file based.
And these snapshots in fact copy the entire data.

The basic method is like this,

The file system inode points to the blocks that make up the 
file. When a snapshot of the file is made a new inode is 
created which has a duplicate set of pointers to the same 
blocks. (Note I use "inode" here loosely, as I'm not sure that 
it's quite the same as an ext2 inode).

A request to write to a block in the file is met by copying the
block to a new location and updating the original inode pointer 
to point to the new location but leaving the copied inode alone.

Snapshot initial creation

   +-+
   fileinode +---> | block 0 | <---+ newinode
 | +-+ |
 |---> | block 1 | <---+
 | +-+ |
 +---> | block 2 | <---+
   +-+

After write to block 1 of the file
  
   +-+
   fileinode +---> | block 0 | <---+ newinode
 | +-+ |
 | | block 1 | <---+
 | +-+ |
 +---> | block 2 | <---+
 | +-+
 +---> | block 1 | 
   +-+

So newinode is a point in time snapshot which I can backup to 
tape at my leisure. The advantage of which is that I don't need 
twice the disk space to make a "point in time copy". Of course 
if I leave the snapshot in place for long enough the file will
eventually roll through all the pointers so that I in fact have
two seperate files. 

Does anybody know of a Linux equivelent to this?

Thanks

Pete

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

[SLUG] [OT] MS' plan to kill off Linux Web servers

[Grant Street]

WinXP Blade: MS' plan to kill off Linux Web servers
By: John Lettice
Posted: 27/03/2001 at 21:33 GMT
http://www.theregister.co.uk/content/4/17927.html

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] CD label graphics

[Nick Croft]

PS
I've seen cdlabelgen. which is great for printing the insert.
It's the stick-on round label thingy I'm talking about
N



-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

[SLUG] CD label graphics

[Nick Croft]

Sluggers,

Can anyone recommend a utility for creating CD labels? Is there a 
plug-in for the Gimp?

I've used a PC||Mac atrocity called CD Stomper. There must be a 
better way.

Nick



-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

[SLUG] Problem cobbling 2.2.17

[Howard Lowndes]

I am trying to cobble the 2.2.17 kernel and am getting the following
error:

make[2]: Entering directory `/usr/src/linux-2.2.17/arch/i386/lib'
cc -D__KERNEL__ -I/usr/src/linux/include -D__ASSEMBLY__  -traditional -c checksum.S -o 
checksum.o
checksum.S:231: badly punctuated parameter list in #define
checksum.S:237: badly punctuated parameter list in #define
make[2]: *** [checksum.o] Error 1
make[2]: Leaving directory `/usr/src/linux-2.2.17/arch/i386/lib'
make[1]: *** [first_rule] Error 2
make[1]: Leaving directory `/usr/src/linux-2.2.17/arch/i386/lib'
make: *** [_dir_arch/i386/lib] Error 2

The specific piece of code appears to be:

 226
 227 #define SRC(y...)   \
 228 : y;\
 229 .section __ex_table, "a";   \
 230 .long b, 6001f  ;   \
 231 .previous
 232
 233 #define DST(y...)   \
 234 : y;\
 235 .section __ex_table, "a";   \
 236 .long b, 6002f  ;   \
 237 .previous
 238

Can someone tell me what is wrong with this as this is the first time I
have had a problem cobbling a kernel.  Normally it works like a charm.

-- 
Howard.

LANNet Computing Associates 
   "...well, it worked before _you_ touched it!"


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

[SLUG] Anyone got a radio card?

[Rev Simon Rumble]

Heya folks from rainy London.  Big thunderstorm tonight -- feels like
home except for the temperature.

When I lived in Sydney I religiously listened to a couple of radio
shows on 2SER.  They're really good and I miss hearing them each
week.  Unfortunately 2SER streams only in Windows Media Player format
so I can't listen to them over here.

So I'm wondering if someone with a radio card within 2SER's catchment
area would be willing to set up a cron job to record, mp3 and send me
a copy of those shows each week?  Anyone up for it?  Would be much
appreciated.

-- 
Rev Simon RumbleCurrent physical location: London, UK
[EMAIL PROTECTED]
http://www.rumble.net

A platitude is simply a truth repeated till people get tired of hearing it.
-- Stanley Baldwin

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

[SLUG] Re: Jeff Allison/SYD/ASPECT/AU is out of the office. (Angus Lees)

[Jeff Allison]

Sorry to all (the exceptions list is case sensitive).
Worrying thing is that my first post to the list was garbage

Apologies

Jeff Allison (still out of the office)

Re: [SLUG] [Sort of OT] Solaris JumpStart

[Dave Fitch]

On Wed, Mar 28, 2001 at 05:26:24PM +1000, Daron Barndon wrote:
> Guys,
> Has anyone had any experience with "JumpStarting" (ie network install)
> of a Solaris system from a Linux server?
> 
> If this is too OT for this list then please reply off-line... :-)

it can be done but I've never done it (only off other
solaris machines).  Check the list archives though as
this has come up before, it was a reasonable while ago
but I can't remember when.

Dave.

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] mySQL delete problem.

[Norman Widders]

On Wed, 28 Mar 2001, Grahame Kelly wrote:

mysql does not support many things, this is one of them.
ie nested selects..

/Torqumada

> Hi all.
> 
> I have a table called password which has:
> 
> Field   Type 
>  uname   varchar(64) Key
>  passwd  varchar(16)
> 
> and another table user (partly shown) which has:
> 
> Field   Type
>  unamevarchar(64) Key
>  status varchar(64)
>  total   varchar(64)
> 
> and I am wishing to delete all users from passwd
> where user.status = "old".
> 
> I have tried the following which according to MySQL
> manual should work (Deleting Rows from Related Tables).
> 
> delete FROM password WHERE password.uname IN
> (select uname FROM user WHERE status = "old");
> 
> Can anyone offer some assistance.
> 
> Thanks, Grahame 



Paladin Corporation Pty Ltd.  Ph:+612 9835-4782 Fax:+612 9864-0487
Software Engineering:c/c++/perl/sql/eiffel/pascal/haskell/php/java
Powered by FreeBSD/SMP  http://www.paladincorp.com.au/
The  lyf  so  short,  the  craft  so  long  to  lerne -Chaucer
Unix, VMS, MVS since the 80's,   FreeBSD from 2.1.6,   Linux since '94


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

[SLUG] FC: Australian government wants to ban Net-gambling (fwd)

[Umar Goldeli]

Sure this does not necessarily directly relate to Linux - but as geeks,
this should concern you.

Your Government is fucking both the economy, and the IT industry.

If there is anything else that can be done to fuck a country, I'd be quite
impressed if it isn't already being done here in the "clever country".

As a certified geek, I can safely say that Australia smells for me, my
industry and most probably my kind.

`cat flames > /dev/null`

//umar.



-- Forwarded message --
Date: Tue, 27 Mar 2001 11:43:47 -0500
From: Declan McCullagh <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: FC: Australian government wants to ban Net-gambling

Other recent articles:

http://www.kcstar.com/item/pages/business.pat,business/37753a2e.325,.html
Congress needs to regulate Internet gambling
2001-03-27 05:53:09

http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-88-93_STO58996,00.html
Wireless industry sees need for self-regulation of 'wireless vice'
2001-03-27 04:56:50

http://www.newsbytes.com/news/01/163672.html
Australian Government Set To Ban Net Gambling Services
2001-03-27 05:35:05

**

From: "Dave McClure" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Interactive gambling ban - Media Release
Date: Tue, 27 Mar 2001 11:02:40 -0500
Message-ID: <002301c0b6d7$5a1da510$0ace94cd@dave>
MIME-Version: 1.0
Content-Type: text/plain;
 charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal

Here is the news release from Sen. Richard Alston, Minister for
communications, information technology and the arts, announcing a new effort
to ban gambling in Australia.

http://www.dcita.gov.au/nsapi-graphics/?MIval=dca_dispdoc&pathid=5602

**

[text of press release follows. --DBM]

Interactive gambling ban
The Federal Government will shortly introduce legislation to prohibit 
Australian gambling service providers from providing online and interactive 
gambling and wagering services to people located in Australia, the Minister 
for Communications, Information Technology and the Arts, Senator Richard 
Alston announced today.
'The prohibition will apply to all gaming and wagering services, including 
poker machines, casino games, sports betting and lotteries, that are 
offered on a commercial basis over the Internet or through online delivery 
systems such as interactive television and advanced mobile phone 
technologies,' Senator Alston said.
'However, it will not apply to Australian gambling service providers 
offering such new interactive services to people who are physically located 
overseas. While it is a matter for other countries to decide how they will 
approach online gambling, Australia's status as one of the world's leading 
problem gambling nations demands that we take decisive action to protect 
the most vulnerable in our community.
'Importantly the regime will not place any obligation on Internet Service 
Providers (ISPs) to filter or to block prohibited interactive gambling 
sites. Instead, the legislation will place the onus on gambling service 
providers to determine whether users are physically located in Australia 
and, if they are, to prevent them from accessing the gambling site.
'In relation to gambling service providers located offshore, the Government 
will apply a similar regime to the online content regime whereby ISPs are 
required to inform and make available to their customers relevant 
user-based filters. While this aspect of the regime will be complaints 
based as is the case with online content, it will be administered 
pro-actively through the early identification of the finite number of 
overseas gambling sites which will then be passed on to filter manufacturers.
'The regime will not result in any reduction in Internet performance. 
However, the Coalition Government does not resile from its social 
responsibility to ensure that the Internet is a safe and secure place for 
all Australians to enjoy and to use as a beneficial social, educational and 
business tool.
'The regime will not apply to long-established forms of interactive 
gambling such as telephone betting. Nor will it apply to non-commercial 
activities such as office footy tipping competitions or Melbourne Cup 
sweeps when they are conducted over the Internet. Of course, the regime 
will not apply to Internet share trading.'
Senator Alston said that the Government had taken heed of a recent report 
by the National Office for the Information Economy (NOIE) which 
investigated the feasibility and consequences of banning interactive 
gambling. The report found that the growth of interactive gambling has the 
potential for negative social consequences for Australia because of the 
greatly increased accessibility of gambling services.
'In 1999, the Productivity Commission found that there were some 290,000 
problem gamblers in Australia with 130,000 classified as 'severe' problem 
gamblers,' Senator Alston s

Re: [SLUG] mySQL delete problem.

[Christian Wippermann]

>delete FROM password WHERE password.uname IN
>(select uname FROM user WHERE status = "old");

Looks like this isnt possible in MySQL. :(
Excerpt from the MySQL manual:

8<---8<---8<---8<---8<---8<---

20.19  Deleting rows from related tables

As MySQL doesn't support sub-selects or use of more
than one table in the DELETE statement, you should use
the following approach to delete rows from 2 related
tables:
1. SELECT the rows based on some WHERE condition in the
   main table.
2. DELETE the rows in the main table based on the same
   condition.
3. DELETE FROM related_table WHERE related_column IN
   (selected_rows)

8<---8<---8<---8<---8<---8<---

As I understood, you dont want to do (2.) Therefore,
you would need 2 statements and buffer the result of the
first one:

select uname from user where status='old';
$var = (uname_1, uname_2, ..., uname_n)
delete from passwd where uname in $var;

Not a very nice way to go. Maybe someone knows better?

cheers,
christian


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Re: [SLUG] mySQL delete problem.

[marty]

> delete FROM password WHERE password.uname IN
> (select uname FROM user WHERE status = "old");

try being explicit about the status field...

ie.

delete FROM password WHERE password.uname IN
(select uname FROM user WHERE user.status = "old");

later
marty

"I can't buy what I want because it's free. Can't be what they want
because I'm me." - Corduroy, Pearl Jam


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

[SLUG] Some Embedded info + LinuxWorld

[Greg Wright]

Hello Slug Members,

I am sending this along because I know certain people within SLUG have an
interest in some of the topics mentioned here
http://www.embedded-linux.org  see first few stories.

There is ways for individuals to have input in the future as well, so if
any of what you see is of interest and I have not spoken with you before,
please mail me off list.

On another topic I was approached by IDG at the recent Sydney Expo, I
believe SLUG was as well, so as more details come to hand I would like to
work with others if and when a road map appears so efforts are combined (if
this is possible).

On yet another note I see O'Reilly has a book out to cover LPI
certification -- way to go.

Regards

Greg Wright
-- 

IT Consultant Sydney Australia PH 0418 292020
Available for Global Contracts   Int. +61 418 292020
Web  http://www.ausit.comE-mail Greg  AT  AusIT.com
Trading As -   AAA Computers -- providers of IT services.


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

slug@slug.org.au

[joseijihou]

$BJ?AG$h$j$48|>p$r;r$j8|$/8fNi?=$7>e$2$^$9!#(B
$B9XFIl9g$O?=$7Lu$4$6$$$^$;$s$,:o=|$7$F2<$5$$!#(B
$BLBOG%a!<%k$H46$8$?J}$O$3$A$i$K$*Ld9g$;2<$5$$!#(B
$B>0!"$49XFI$$$?$@$$$F$*$i$l$?J}$O(B
$B$*$H%a!<%k%"%I%l%9$r5-$7$F$$$?$@$1$l$P!"(B
$B?7$7$$HV9f$r$*Aw$j$5$;$F$$$?$@$-$^$9!#(B
$B$"$j$,$H$&$4$6$$$^$7$?!#(B


$B?FE8(B $B!B=w@-;~Js!B!a(B3$B7n(B(25$B!&(B15$B!&(B10)$BFC=89f!a(B

$B@$3&3F9q$N9q!9$X$OEvJE2<$N9q:]M'9%?FA1!"3F3&3FAX$,(B
$Bhttp://www.joseijiho.co.jp/$B".(B

(2001)$BJ?@.(B13$BG/(B3$B7n(B25$BF|9f(B
 
 $B!|7P:Q;:6H>JCf>.4k6HD#D941!!CfB]D'!"E79DJE2<;:6H3&$4;k;!!"1QCN7k=8!"(B
IT$B;~BeE~Mh!"%Y%s%A%c!<@:?@2DG=@-!"(B
$B?7$?$JAOB$!"9=C[!"@Q6KE*;22h$G%$%s%?!<%M%C%H7A@.!#(B 

 $B!|?@9]>&;ve!#(B 

 $B!|IY;NEE5!6HL3;Y1gItAmL3C4EvItD9!!B@EDL-;a(B
$B4k6H$N2ACM4Q$C$F!"$A$g$C$H!"CO5e$,1x@w$74D6-!"$b$&$I$&$7$h$&$b$J$$(B
$B!#(B 
  
 $B!|Bg@5@=Lt9-Js<<<@\$J4X$o$j$r;}$C$F$J$$!"(B
$B@/<#!"=!65$K4X$o$i$J$$!#(B 

 $B!|=P8w6=;:AmL3It9-Js2]D9!!Cf0f9';a(B
21$B@$5*$O4D6-$N@$5*!"F|K\?M!"J82=$O!"B>$+$i65$($F$b$i$($k!#(B 

 $B!|>>2>2e3$9q:]M'9%ET;T8rN.;v6HH/E84p6b2qHk=qD9!!2&2C?7;a(B
$B:#@$5*!"AG@2$i$7$$%"%8%"$r!"(BAPEC$B!"(B21$B7P:QBN$N!";XF3e3$$K=8$^$k!"(B
$B9>BtL1e3$$G(B5$B%+9q2q9g3+:E!"Cf9q(BWTO$B2CLA!"8r(B
$BN.3HBg!#(B 
 
$B!|Cf1{?&6HG=NO3+H/6(2q>oL3M};v!!?{4VCiCK;a(B
$BF|K\$N>]D'9D<^7.6I6ID9!!:4F#@55*;a(B
$BE79DJE2]D'!"@$3&$NCf!"9q4z!"9D5*!"5*85(B2661$BG/!"(B
$B9D<&;vl9g!"9qL1$,CN$k$3$H$,M}2r$K7k$S$D$/!#(B 
 
$B!|IY;NEE5!6HL3;Y1gItD9!!?9EDA1B@;a(B
$BH^EB2J(B $B!|El5~9)6HBg3X(B $B!|%9%:%-(B 
$B!|K!L3>J!!!|@;?4=w;RBg3X(B $B!|@n:j=E9)6H(B 
$B!|30L3>J(B $B!|Bh0l4+6H6d9T(B $B!|%"%i%S%"@PL}(B 
$B!|:bL3>J(B $B!|IY;N6d9T(B $B!|;q@8F2(B 
$B!|J8It2J3X>J(B $B!|F|K\6=6H6d9T(B $B!|A4F|K\6uM"(B 
$B!|8|@8O+F/>J(B $B!|;0OB6d9T(B $B!|F|K\9R6u(B 
$B!|G@NS?e;:>J(B $B!|2#IM6d9T(B $B!|%$%*%s%U%)%l%9%H(B 
$B!|7P:Q;:6H>J(B $B!|$"$5$R6d9T(B $B!|%/%\%?%0%k!<%W(B 
$B!|9qEZ8rDL>J(B $B!|002=@.9)6H(B $B!|7*K\oD9)=j(B 
$B!|4D6->J(B $B!|IY;NDL(B $B!|?@8M@=9]%0%k!<%W(B 
$B!|5FMUJ82=6(2q(B $B!|%*%`%m%s(B $B!|%"%5%R%0%k!<%W(B 
$B!|F|K\308r6(2q!&3$30F|7O?M6(2q(B $B!|%=%K!<(B $B!|=;M'%0%k!<%W(B 
$B!|9q:]5!4X!&%"%8%"@8;:@-5!9=!J#A#P#O!K(B $B!|F|N)@=:n=j(B $B!|;0I)%0%k!<%W(B 
$B!|9q:]6(NO;v6HCD!&(BJICA $B!|IY;NEE5!(B $B!|;00f%0%k!<%W(B 
$B!|9q:]6bM;>pJs%;%s%?!<(B $B!|>>2Z7tJ]4I?6BX5!9=(B $B!|BgOBkz7t(B $B!|Bh0l@=Lt(B 
$B!|Cf>.4k6HAm9g8&5f5!9=(B $B!|@>IpI42_E9(B $B!|%(!<%6%$(B 
$B!|F|K\KG0W?66=2q(B $B!|9bEg20(B $B!|Cf30@=Lt(B 
$B!|>&9)Cf6b(B $B!|%@%$%(!<(B $B!|;3G7Fb@=Lt(B 
$B!|1'Ch3+H/;v6HCD(B $B!|%a%k%7%c%s(B $B!|Bg@5@=Lt(B 
$B!|CO5e%U%m%s%F%#%"(B $B!|El5~EENO(B $B!|>bKB(B 
$B!|F|K\@V==;z&;v%0%k!<%W(B 
$B!|9qL1:WE5(B $BE79DJE2<8fB(0L==G/$N$*=K$$(B 
$B!|El5~COJ}:[H==j(B $B!|4]9H(B $B!|%V%i%8%kO"K.6&OB9q(B 
$B!|ET;T4pHW@0Hw8xCD(B $B!|%8%c%Q%s%(%J%8!<(B $B!|Cf9q>e3$;T(B 
$B!|A49q6PO+@D>/G/2q4[(B $B!|=P8w6=;:(B $B!|7P:QCDBNO"9g2q(B 
$B!|3$30?&6H71N}6(2q!&(BOVTA $B!|9q:]@PL}(B 
$B!|?7=U$N2l;l8r4?2qJ?@.(B11$BG/!AJ?@.(B12$BG/(B 
$B!|Bg:eI\7Y;!K\It(B $B!|>:\$r6X$8$^$9!#(B
$B$9$Y$F$NCx:n8"$O=w@-;~Jshttp://www.melma.com/$B!!$N8!:wAk$K!X=w@-;~Js!Y$HF~$l$FD:$1$l$P(B
$BEPO?$,4JC1$K$G$-$^$9!#(B

$B=w@-;~Js(BMail($BF|4)(B)$B!!(B
$B%^%,%8%s(BID$B$O(B 
m00032439$B!J;~;v!&@$O@(B)$B$H(Bm00031691$B!J;~;v!&@$O@!K$G$9!#(B

$B=w@-;~Js(B($B3V=5(B)$B!!(B
$B%^%,%8%s(BID$B$O!!(Bm00028901$B!J%8%c!<%J%j%:%`!K$G$9!#(B

$B$h$m$7$/$*4j$?$7$^$9!#(B
--
$B=w@-;~Jshttp://www.joseijiho.co.jp/
$B!xEv#H#PJsF;%5!<%S%9$N$*Ld$$9g$o$;$O#E%a!<%k$K$F!x(B
E-mail$B%"%I%l%9(B:[EMAIL PROTECTED]
--



-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug