Re: [SLUG] Benefits of source distro (Gentoo) somewhat elusive :-)
On Tue, 5 Aug 2003, Dave Airlie wrote: I'll throw my oar in with Jeff on this one.. (as another FOSS contributer) using Gentoo or LFS (scary thought) for a production Linux server is probably the dumbest thing you'll ever do involving Linux... the maintenance nightmare alone... gcc optimisation levels don't make a massive difference from a lot of real-world POVs, I'd like to see some useful real benchmarks but it still wouldn't be worth the hassle of a re-building everything from source just to get that small improvement.. it would probably have to be worth 10-15% speed to make it worth the hassle.. you know you can also re-build RH and Debian with higher optimisations you could in theory get all the RH SRC RPM and --rebuild them with higher opts on .. I've no experience with Gentoo, but I regularly build systems from source with FreeBSD, and have been running production servers this way for years. Using FreeBSD, this is not a maintenance hassle for a system with a single experienced sysadmin, but where multiple admins are involved, and particularly where that includes less experienced admins, flexibility of approach ceases to be an advantage, and I tend towards using debian in those cases. I have had significant problems with debian systems where there has been a policy of using only the official binary distributions. Like the time we had a 3 week wait for a debian apache bugfix which was mission critical for us in putting a new server into production. Apache fixed it quick, but debian was slow to catch up. That was on a testing rather than stable release, but then the stable release had a version of perl that was nearly 2 years old, and that would not have worked for us either. Doing a build, or even an install from source is really not difficult if the distribution's build system is good. On a modern machine it takes less than an hour to compile a freebsd distribution, which is a good deal larger than the core of most linuxes. You can spend a bit longer going through ports, but its still not all that long. I don't even re-compile my kernel nowadays unless there is something seriously wrong with it, my standard desktop PC at work runs RH standard kernel, my laptop sometimes gets pre-release kernels but that's because I like ACPI on it... It's needed less and less often, but there are some nice things you can do by compiling with non-standard options, or even with a modified compiler. Stack guards can save a lot of maintenance time if the prevent someone running a buffer overflow attack. Not for everyone, but they have their place. I'm not saying Gentoo et al don't have a place in the world, they do but that place is not running anything at a production/maintainable level, it's more a desktop for people with too much computing power and time on their hands or for someone who wants to learn how Linux distros work. I think one point that Jeff may be thinking of saying (he may be yet too polite :-), is that you are wasting time that would be better spent doing something else with, install RH or Debian and use it for stuff, rather than waiting for Gentoo to re-build itself... Fire it up and then get on with all that other stuff. It's not something you do every day, and you don't have to sit there watching it. Andrew McNaughton -- No added Sugar. Not tested on animals. May contain traces of Nuts. If irritation occurs, discontinue use. --- Andrew McNaughton In Sydney Working on a Product Recommender System [EMAIL PROTECTED] Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Benefits of source distro (Gentoo) somewhat elusive :-)
If you need to handle more load, throw another cpu, more ram or another box at the problem. Some times this is not possible, that even a 0.1% increase in performance is worth it. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] UWS IE5 Policy
I've just done some research (hehehe) and the person responsible at UWS may be reached (politely) at [EMAIL PROTECTED] Jon -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Benefits of source distro (Gentoo) somewhat elusive :-)
using Gentoo or LFS (scary thought) for a production Linux server is probably the dumbest thing you'll ever do involving Linux... the maintenance nightmare alone... gcc optimisation levels don't make a massive difference from a lot of real-world POVs, I'd like to see some useful real benchmarks but it still wouldn't be worth the hassle of a re-building everything from source just to get that small improvement.. it would probably have to be worth 10-15% speed to make it worth the hassle.. you know you can also re-build RH and Debian with higher optimisations you could in theory get all the RH SRC RPM and --rebuild them with higher opts on .. We used to have about 70, more or less, Linux and FreeBSD servers and gateways. We started to deploy these servers in 1993 when the fastest CPU was 386sx. We used Yggdrasill distro when Linux was version 0.98. Then, we switched to Slackware two years later when Linux was version 1.+. And we always build the kernel from scratch. It takes several hours like half a day or more to rebuild at that time. At this time, it takes less than an hour on fast PCs. We rebuild to optimise, i.e., take away the unnecessary bits and pieces or modules, to make the kernel leaner and faster. We also rebuild for security and to standardise administration. When the kernel is simpler there are less modules to be concerned about as far as security management is concerned. It is also simpler to administer because when things went wrong we focused our investigation on fewer modules rather than the entire range of modules that came with the distro including those we never hope to get understanding about. A third reason to rebuild was for specific configurations requirements. A number of our firewalls were running on these Linux and FreeBSD and our configuration requirements are to disable IP Forwarding and multicasting which is by default set to ON, amongst other requirements. We also build, rebuild, and upgrade servers on a periodic basis. Is it that difficult to manage ? Not at all. We had a toolbox of scripts that we used to rebuild depending on the configuration. Once, the distro is installed we run the specific script and leave the machine alone until the job is completed. I have not used the Gentoo myself but I've used a couple of their scripts which I grabbed from the Internet. These two scripts have saved me tremendous time and effort. So, after all, Gentoo's are like nice guys to me. And so, are most Linux distro's. Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] PHP and includes: outside/inside of web root ?
Can some experienced PHP users help me here, please: When I first installed PHP with Apache 1.3x, we specified the 'include' path directive to be 'above' the web server's root, so that a browser could NOT access it, and, all the PHP inc files were placed there, inaccesible to any brower. looking at variety of php scripts/apps, these come with an 'includes' directory below the application directory (so, a brower could go there.) I always used to move the 'includes' dir to the outside-of-web-server-root php path (and, modify the scripts accordingly) BUT, now, as just about any php app has the 'include' below tha application path: so, is there a need to have php's inc files outside the web server root ?? am I wasting my time moving the inc files and modifying scripts ? or, is it still a good idea ? Voytek Eymont -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Linux Games (was benefits of Gentoo)
On Mon, 4 Aug 2003 [EMAIL PROTECTED] wrote: For the desktop: I would like to see if there is any speed difference in OpenGL Games. I'm not sure how many Linux gamers there are, but that would convince me which distro is the best for my use. Quake 3 Arena Unreal Tournament 2003 would be good choices. There's a bunch of Australian Linux gamers who hang about on irc.frenode.net, #lgl. They're called the Linux Gamers League and they're always happy for folks curious about gaming and multimedia on Linux to join them. Mike -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] A question of deletion.
use shred or wipe to kill the files rather than say rm. there are many file recovery tools out there they just depend on the fs being used. eg e2undel for ext2 brett Bill Bennett wrote: In the old days, MS deleted a file by clipping the leading letter and substituting a token that stood for deleted. You can't undelete a file in Linux. Is this because the file has been shredded? I ask not because I want to undelete, but because I have some sensitive data files that I have deleted and *don't* want resurrected at any later date. Regards, Bill Bennett. -- Brett Fenton General Manager NetRegistry Pty Ltd ___ http://www.netregistry.com.au/ Tel: +61 2 96996099 | Fax: +61 2 96996088 PO Box 270 Broadway | NSW 2007, Australia Your Total Internet Business Services Provider Trusted by 10,000s of Oz Businesses Since 1997 This email is from NetRegistry Pty Ltd. The contents of this message are commercial and in confidence to the intended addresseee. The message may contain copyrighted and/or legally priviledged information. No person or entity other than the intended recipient may read, print or store this message, including any and all attached files. The intended recipient may not forward this message to any third party without express written permission from NetRegistry Pty Ltd. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] PHP and includes: outside/inside of web root ?
When I first installed PHP with Apache 1.3x, we specified the 'include' path directive to be 'above' the web server's root, so that a browser could NOT access it, and, all the PHP inc files were placed there, inaccesible to any brower. looking at variety of php scripts/apps, these come with an 'includes' directory below the application directory There are a number of ways to access your includes. 1.You put them under the file trees of your 'htdocs'. 2. Put them in a sub-directory of PHP/lib. 3. Put it anywhere in your file system and define an 'alias' in your httpd.conf. For example, If your current includes are in /appl/phpinclude, your entry in httpd.conf .. Alias /phpinclude/ /appl/phpinclude/ Directory /appl/phpinclude/ Options Indexes Multiviews AllowOverride none Order allow, deny Allow from all /Directory .. The /phpinclude/ will appear as a directory under your htdocs like so: htdocs/phpinclude Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] UWS IE5 Policy
The thing is, if you accept their IE5 `requirement' now, you won't have much of a say when they replace all their web forms with ActiveX controls. Fight, now (politely). Mike -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] ADSL Modem Recommendations please.
Bill wrote: I'm shortly to move house, and I'll be able to gain access to ADSL (once I get Telstra to lay the 'phone cables - 7 + weeks to date), so I'm interested in info re suitable recommended modems. I won't be going with BigPond, but will select an ISP with more reasonable download limits. iiNet (iinet.net.au) have been alright for me (I got ADSL on the ~10th July), few outages, mainly due to telstra. Any recemmendations/experiences with ADSL modems will be appreciated. The dsl-300+ has worked great for me. Others, I know, would work well -- however the dsl-300+ and routers, I can tell you that it will work on any computer that has a spare ethernet card and can do DHCP. There are also some printserver/switch/routers around ~$190 at everythinglinux.com.au. - Chris (Who is in no way whatsoever associated with everythinglinux, besides being a rather happy customer) [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] PHP and includes: outside/inside of web root ?
** Reply to note from Matthew Palmer [EMAIL PROTECTED] Tue, 5 Aug 2003 17:57:07 +1000 Certainly, if all of the include files has (as they should) nothing but function and class definitions, there's *nothing* an attacker could do by grabbing these files directly - no code will actually be run. And if they get the source code (because the files don't have a .php extension), who cares - they could get the source from a regular download anyway (unless it's an internally written thing, which I'd hope would be properly secured anyway). Matt, thanks. in a situation where I can have a user placing a potentially poorly written PHP code in his webserver that is vhost on my box, what should one be doing to protect the box from such mishaps, any suggestions to minimize the potential risk ? Voytek Eymont -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Evolution - how does it send the mail?
Is it possible that your mail from address is set to be nothing? And the smtp server wont send on the mail unless there is some thing set? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of andrew fries Sent: Tuesday, 5 August 2003 5:08 PM To: [EMAIL PROTECTED] Subject: [SLUG] Evolution - how does it send the mail? Could someone tell me whether Evolution is self-sufficient when sending mail, or does it rely on some other daemon to perform this function? I have this problem on a freshly installed Arch Linux system: Evolution will not send my mail (though it will receive OK), responding to all attempts with this message: error while performing operation: MAIL FROM response error: command unrecognized: because my understanding of just how mail really works is very hazy at best, I'm not sure where the problem might be - on Suse, Libranet and even Slackware Evolution always just worked, but this is Arch Linux - it won't do anything unless you tell it to :) So it could be I need to start some other process. Someone suggested Exim, so I started Exim but its logs didn't show any activity when Evo was trying to send. BTW, I'm sending this message from that same Arch system, using Kmail. It's only Evolution that's having problems... any suggestions? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] PHP and includes: outside/inside of web root ?
On Tue, Aug 05, 2003 at 08:26:25PM +, Voytek Eymont wrote: in a situation where I can have a user placing a potentially poorly written PHP code in his webserver that is vhost on my box, what should one be doing to protect the box from such mishaps, any suggestions to minimize the potential risk ? You're screwed. Safe mode will help, but it's a necessarily restrictive environment. I personally hate writing for it; it's quite an art... I recall something you could do to apache to make it run the script with the perms of the owner of the script, so if the user dumps insecure scripts on their site, the cracker can only screw with their own stuff, instead of everything owned by www-data. My recollection may be hazy, though. Auditing of scripts may be the least-worst option, or, if it's a commercial venture, make it very clear that anything the user puts on the server which subsequently compromises security will leave the user liable for all clean-up costs and some extra charges. Might help, and at least it won't leave you in the lurch. - Matt -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Benefits of source distro (Gentoo) somewhat elusive :-)
-= This is an interesting POV. We currently have about 40 -= Linux boxes in -= high load production environments, and racking my brian I -= can't think of And one has to wonder how Brian feels about being racked - possibly he enjoys it ?? :-) -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] (?Courier?) IMAP + Postfix
Hey Stu, dovecot also does support maildir - it looks pretty good, think I'll give it a shot... Warmest regards Mike --- Michael S. E. Kraus Network Administrator Capital Holdings Group (NSW) Pty Ltd p: (02) 9955 8000 Stuart Guthrie [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 05/08/2003 12:14 PM To: cc:[EMAIL PROTECTED] Subject:Re: [SLUG] (?Courier?) IMAP + Postfix When I investigated this the other imap servers (ie other than courier) did not do Maildir. If this is not an issue then you're fine with wu-imap. Stu Kevin Saenz wrote: how about wu-imap? it comes with Redhat G'day all... I'm wanting to create an IMAP server that will play nicely with postfix, and am currently considering Courier. It's for a small organisation and network, on a RH9 server that does not have development tools installed (no gcc, etc). (FWIW, 900MHz Celeron hardware - not too grunty, especially with Gnome2 running on top of it.) I guess, I'm looking for a lightweight, robust, binary-distributed imap server. Courier looks great, only there isn't any RPMs available for it. I've downloaded the compressed archive for it, and gone to rpmbuild it, however I get these errors: # rpmbuild -ta courier-imap-2.0.0.20030721.tar.bz2 error: Failed build dependencies: openssl-devel is needed by courier-imap-2.0.0.20030721-1.9 gdbm-devel is needed by courier-imap-2.0.0.20030721-1.9 pam-devel is needed by courier-imap-2.0.0.20030721-1.9 fam-devel is needed by courier-imap-2.0.0.20030721-1.9 postgresql-devel is needed by courier-imap-2.0.0.20030721-1.9 openldap-devel is needed by courier-imap-2.0.0.20030721-1.9 mysql-devel is needed by courier-imap-2.0.0.20030721-1.9 openldap-servers is needed by courier-imap-2.0.0.20030721-1.9 Argh! I don't want ldap, mysql, postgresql, fam, gdb, openSSL anyway! I'm worried if I install all those packages just to satisfy dependencies I'll actually have to install a far greater number of packages than the amount listed above. (I'm wanting to keep things compact here.) Any suggestion? I was hoping to go down the Courier+Maildrop+Postfix path, but I'm happy to have alternatives. TIA... Mike mail2web - Check your email from the web at http://mail2web.com/ . -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] compiling courier imap, compiler cannot create executables
I'm trying to compile courier-imap-2.0.0 on RH73 as per readme, I switched to a 'normal' user and tried to run configure: [EMAIL PROTECTED] courier-imap-2.0.0]$ ./configure checking for gcc... gcc checking for C compiler default output... configure: error: C compiler cannot cr eate executables See `config.log' for more details. cat config.log - This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by configure, which was generated by GNU Autoconf 2.57. Invocation command line was $ ./configure ## - ## ## Platform. ## ## - ## uname -m = i686 uname -r = 2.4.20-19.7 uname -s = Linux uname -v = #1 Tue Jul 15 13:44:14 EDT 2003 /usr/bin/uname -p = unknown /bin/uname -X = unknown /bin/arch = i686 /usr/bin/arch -k = unknown /usr/convex/getsysinfo = unknown hostinfo = unknown /bin/machine = unknown /usr/bin/oslevel = unknown /bin/universe = unknown PATH: /usr/local/sbin PATH: /usr/local/bin PATH: /sbin PATH: /bin PATH: /usr/sbin PATH: /usr/bin PATH: /usr/X11R6/bin PATH: /root/bin ## --- ## ## Core tests. ## ## --- ## configure:1279: checking for gcc configure:1295: found /usr/bin/gcc configure:1305: result: gcc configure:1549: checking for C compiler version configure:1552: gcc --version /dev/null 5 2.96 configure:1555: $? = 0 configure:1557: gcc -v /dev/null 5 Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs gcc version 2.96 2731 (Red Hat Linux 7.3 2.96-113) configure:1560: $? = 0 configure:1562: gcc -V /dev/null 5 gcc: argument to `-V' is missing configure:1565: $? = 1 configure:1589: checking for C compiler default output configure:1592: gccconftest.c 5 /usr/bin/ld: cannot open crt1.o: No such file or directory collect2: ld returned 1 exit status configure:1595: $? = 1 configure: failed program was: | #line 1568 configure | /* confdefs.h. */ | | #define PACKAGE_NAME | #define PACKAGE_TARNAME | #define PACKAGE_VERSION | #define PACKAGE_STRING | #define PACKAGE_BUGREPORT | /* end confdefs.h. */ | | int | main () | { | | ; | return 0; | } configure:1634: error: C compiler cannot create executables See `config.log' for more details. what am i missing ? Voytek Eymont -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] PHP and includes: outside/inside of web root ?
On Tue, 2003-08-05 at 18:49, Jeff Waugh wrote: quote who=Andrew McNaughton Several approaches come to mind: 1) change the suffixes of all includes (eg to .inc). Arrange for apache to deny access to any .inc files - and while you're at it, deny access to any other extension not in your mime.types file. That helps with things like .php~ files left around by emacs users. 2) deny access to any directory with a path containing '/inc/'. Maybe add a few other names as well. 3) drop .htpasswd files into appropriate directories with directives to block access. 4) Create a user-specific and possibly host-specific filesystem location for includes, and add that dir to the php_includes variable in .htaccess or virtualhost directives. This is easy to administer, applicable across the entire hosting environment, and very easy to ensure compatibility with stuff you download (rather than author yourself). ;-) You can do the same trick by dropping a php.ini in the directory with the php files (or is it the working directory? I can never remember). Not really anything gained, but it may prove more convenient for you. Read about the search path php uses on php.net. You can also set this stuff dynamically with php code. You could use that prepend directive in php to do it. I like keeping my includes out of the document root -- in general I don't see that it gains much, but it's nice knowing that it's one less aspect of the scripts that I need to secure. It was a real pain on systems that used Plesk though. James. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] compiling courier imap, compiler cannot createexecutables
On 5/08/2003 11:26 PM +, Voytek Eymont wrote: [..snip..] what am i missing ? Install gcc-c++ RPM Regards, Gonzalo -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] A question of deletion.
On Tue, 2003-08-05 at 15:26, Bill Bennett wrote: In the old days, MS deleted a file by clipping the leading letter and substituting a token that stood for deleted. You can't undelete a file in Linux. Is this because the file has been shredded? I ask not because I want to undelete, but because I have some sensitive data files that I have deleted and *don't* want resurrected at any later date. Depending on the filesystem, you *can* undelete in Linux. There's HOWTOs on it and everything. :-) But, in my experience at least, deleted inodes get re-used reasonably quickly. You'll probably find that deleted files become unrecoverable in Linux much faster than in Windows. If you want to make sure your sensitive stuff doesn't get undelete, then use the shred command. -- Pete -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Evolution probs - netcat?
I realise it's tempting to dismiss this as ah, he can't even enter his settings right, but I really think there is something odd going on here. I have two desktops on my LAN, one runs Libranet, the other Arch Linux. Evolution on Libranet works fine, as it always has - I'm using it now. Arch Linux is the new install and is the one giving me grief. Evolution versions are 1.4.3-2 on Libranet and 1.4.3-1 on Arch. So: On Arch box, I removed ~/evolution, and ~/.gconf/apps/evolution Then I ftp'd these two folders from my home directory on Libranet system - As far as I know these two are the only locations where Evolution could possibly hold my settings - isn't that right? Arch still won't send, still replying with: error while performing operation: MAIL FROM response error: command unrecognized: I've been also in touch with Arch developers who suggested trying netcat to intercept the actual messages, but after reading man pages and googling for examples I'm still at a loss as to how I would go about it. All I've learned so far is that I really don't know Jack! - Grrr...Arrgh! -- Mutant -- 12:12:00 up 11 days, 1:23, 1 user, load average: 0.02, 0.07, 0.11-- -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Benefits of source distro (Gentoo) somewhat elusive :-)
quote who=Ben de Luca Its bigots like you who really ruin a community. I know you don't like gentoo, we all know it. But grow up. If you don't want to play with the other kids would you mind staying indoors then? A Numbat is a cute (look at that nose!), furry, endangered Australian marsupial. There are many other words that I could have used instead (and I'll admit, sometimes do). But that wouldn't be fun. If you would like a lengthy description of why Gentoo and friends (LFS, etc) are not viewed favourably by bigots like me (FOSS software contributors), and why I'm more than willing to encourage people to use other systems, you're welcome to ask. It is more than just numbats and ideology. :-) - Jeff -- linux.conf.au 2004: Adelaide, Australia http://lca2004.linux.org.au/ Driving Miss Daisy. Best film of 1989. So said the academy. What does that tell you? - Spike Lee -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug