Re: [SLUG] Pulse Audio
> Sorry Daniel if I offended your favourite program. It is just that I have > had to re-setup my sound several times now with each ubuntu upgrade and it > has almost always been a problem that could be lain at the feet of > PulseAudio. PulseAudio is awesome. We've desperately needed something like it in the Linux desktop ecosystem for a very long time. Ubuntu's integration (and lack of co-ordination with upstream) is... not so great. Sadly, this means that a huge majority of folks are not seeing PulseAudio operating at its best... and end up blaming it. Hopefully, the Ubuntu desktop developers will spend a bit of time polishing up the PulseAudio integration in their next release (an LTS, so polish is very much the focus). I suspect Daniel was reacting not to your commentary on PulseAudio in particular, but to the relevance and appropriateness of such commentary about the fruits of volunteer Open Source development in general. :-) - Jeff -- linux.conf.au 2010: Wellington, NZhttp://www.lca2010.org.nz/ "Maybe you should put some shorts on or something, if you want to keep fighting evil today." - The Bowler, Mystery Men -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Pulse Audio
On Mon, 2009-11-02 at 19:31 +1100, Jeff Waugh wrote: > > PulseAudio is awesome. We've desperately needed something like it in > the > Linux desktop ecosystem for a very long time. Ubuntu's integration > (and lack > of co-ordination with upstream) is... not so great. Sadly, this means > that a > huge majority of folks are not seeing PulseAudio operating at its > best... > and end up blaming it. Hopefully, the Ubuntu desktop developers will > spend a > bit of time polishing up the PulseAudio integration in their next > release > (an LTS, so polish is very much the focus). There seems to be some FUD around about the integration aspect :). -Rob signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Help -- I cannot boot into Ubuntu..
Scott Waller wrote: Hi Fellow Slugger, Sorry for kinda dissapearing this year, just had some stuff on, and I am currently in the US. I really need someone expert help. I have a new setup on a laptop. It's a very nice Dell Precision M4400. I have been running Ubuntu 9.04 for 3 weeks now with no problems. This morning I went to boot up my machine and got a weird gdm message "Could not start the X serverdue to some internal error" The only way I can boot into X is to do the following... sudo mount -o remount, rw / then I can run sudo /etc/init.d/gdm restart I get a message that there is already a session of X running blah blah, I say yes to start a new one and then I am in. I have to kill whiptail once I start as the CPU is going nuts... I am in the US working, i have a big next 4 days of training and would like to have my machine working. I am currently doing a backup of my home directory and seriously thinking about doing an online upgrade to 9.10 Your help is really appreciated. Scott your file system is being mounted read only, you need to solve that problem first. edit the kernel command in grub and delete the bits about silent and graphical then look at whats going on. if nothing jumps out there look through syslog -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] advice on security compliance
Daniel Bush writes: > I was following Rick's recent post about penetration testing with some > interest. I'm looking at complying with anz e-gate for e-commerce > transactions. ANZ has this declaration form for internet sites that you > have to sign. One of the tick boxes says "Do you operate a firewall that is > regularly updated?" Oh, gawd. PCI compliance. I /hope/ you get to stay at the lowest level of compliance, where they mostly never audit, and don't have to deal with any of the higher bits. > I have an iptables firewall which basically blocks all ip6 and all ip4 > except for a couple of ports I expose to the internet. I don't see why I > need to update it "regularly". Why, because otherwise your system will not be up-to-date to protect you against the latest exploit for the underlying Windows OS, or to handle the latest threats! In seriousness: what they mean, basically, is "do you actually pay attention to your firewall", and you can ignore the theoretical "regular updates" part unless an auditor tells you otherwise. (Which, with luck, they won't, because you will get an auditor who isn't an idiot in the fairly unlikely event that ANZ or their PCI auditing firm decide that you do qualify for one. Most auditors are not stupid, in my experience.) > Do people use any additional application-level filtering on top of iptables > packet filtering for ssh or http (aside from any security configurations > that these services already provide) ? (The services I'm exposing through > iptables are ssh and http. ) > > If not, how do you deal with a compliance item that makes dubious sense and, > if you answered it honestly, makes you look bad when you're not? Read for meaning, answer to that. The PCI stuff is crazy: it has a bunch of Windows-like assumptions baked in, because many of their big clients use Windows. > The other thought I had was that it could be they are conflating my > understanding of a what a "firewall" is with antivirus software. I wouldn't be entirely shocked; IIRC there was an explicit anti-virus checkbox in one of the PCI compliance checklists I was given. I addressed it by adding ClamAV to the Linux server running Apache, Perl and PHP code, where it can stay updated daily, and scan the disk every now and then. > If people (staff even) are uploading stuff via http then maybe I need to > scan such content to prevent my system acting as an agent for spreading > viral content. But that's heading out of firewall territory. You would think, eh? Daniel The worst part of the PCI stuff was the implication that the /need/ to ask these questions, so presumably someone, somewhere *didn't* bother... -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons Looking for work? Love Perl? In Melbourne, Australia? We are hiring. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Pulse Audio
Robert Collins writes: > On Mon, 2009-11-02 at 19:31 +1100, Jeff Waugh wrote: >> >> PulseAudio is awesome. We've desperately needed something like it in the >> Linux desktop ecosystem for a very long time. Ubuntu's integration (and >> lack of co-ordination with upstream) is... not so great. Sadly, this means >> that a huge majority of folks are not seeing PulseAudio operating at its >> best... and end up blaming it. Hopefully, the Ubuntu desktop developers >> will spend a bit of time polishing up the PulseAudio integration in their >> next release (an LTS, so polish is very much the focus). > > There seems to be some FUD around about the integration aspect :). Heh. Let me assure you, the integration question wasn't FUD: it is firmly grounded in fact. Well, at least, "was", in the sense that the first Ubuntu with PulseAudio *really* screwed up. They shipped PA, which at the time blocked the sound card full time and continuously played silence when not playing anything else. They also failed to ship anything to configure asound to send output via PulseAudio, so anything that tried to use ALSA would block against the locked soundcard and never get to output audio.[1] Plus, playing sound 24x7 ran down laptop batteries some, which made some folks unhappy. So, yeah, I don't blame upstream for being unhappy about the whole thing. Anyway, to go to the source: This one has the specific discussion of Ubuntu; search for the distributions bit a bit of the way down the text: http://0pointer.de/blog/projects/jeffrey-stedfast.html Other commentary: http://0pointer.de/blog/projects/pa-in-ubuntu.html Regards, Daniel Footnotes: [1] ...and, yes, I was there at the time, and I did see this roll-out in production, and it did fail in exactly this way. -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons Looking for work? Love Perl? In Melbourne, Australia? We are hiring. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Help -- I cannot boot into Ubuntu..
Hi Jake, Thanks for the quick response. I went through the syslog file and couldn't find anything weird. Upon searching through other forums I found that in the /etc/fstab file a tag had been added: UUID=147ae6d1-e380-42cd-9471-66882c374580 / ext3 relatime,errors=remount-rw 0 1 So I just took out the errors=remount-rw and it works a treat. Thanks again Scott Jake Anderson wrote: Scott Waller wrote: Hi Fellow Slugger, Sorry for kinda dissapearing this year, just had some stuff on, and I am currently in the US. I really need someone expert help. I have a new setup on a laptop. It's a very nice Dell Precision M4400. I have been running Ubuntu 9.04 for 3 weeks now with no problems. This morning I went to boot up my machine and got a weird gdm message "Could not start the X serverdue to some internal error" The only way I can boot into X is to do the following... sudo mount -o remount, rw / then I can run sudo /etc/init.d/gdm restart I get a message that there is already a session of X running blah blah, I say yes to start a new one and then I am in. I have to kill whiptail once I start as the CPU is going nuts... I am in the US working, i have a big next 4 days of training and would like to have my machine working. I am currently doing a backup of my home directory and seriously thinking about doing an online upgrade to 9.10 Your help is really appreciated. Scott your file system is being mounted read only, you need to solve that problem first. edit the kernel command in grub and delete the bits about silent and graphical then look at whats going on. if nothing jumps out there look through syslog -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] advice on security compliance
On Mon, 2 Nov 2009 16:28:25 +1100, "Daniel Bush" said: > have to sign. One of the tick boxes says "Do you operate a firewall that > is > regularly updated?" > > I have an iptables firewall which basically blocks all ip6 and all ip4 > except for a couple of ports I expose to the internet. I don't see why I > need to update it "regularly". It's just a standard security checklist for Windoze blinkered admins - say 'yes'. And you do update your firewall regularly, via 'sudo apt-get update' (or similar) :-) -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Help -- I cannot boot into Ubuntu..
Scott Waller wrote: > Thanks for the quick response. I went through the syslog file and > couldn't find anything weird. Upon searching through other forums I > found that in the /etc/fstab file a tag had been added: > > UUID=147ae6d1-e380-42cd-9471-66882c374580 / ext3 > relatime,errors=remount-rw 0 1 > > So I just took out the errors=remount-rw and it works a treat. I think it should have been "errors=remount-ro". If it was in fact the right value then your filesystems was having errors and unless you're ok with loosing data, you should probably figure whats wrong and get it fixed. Erik -- -- Erik de Castro Lopo http://www.mega-nerd.com/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Help -- I cannot boot into Ubuntu..
Hi Erik, .I think your right. I have looked through the syslog and couldn't find any issues, but now you've got me worried. Anyway I did a backup last night. Seems to be quite stable at the moment. I wonder if when I passed the: sudo mount -o remount, rw / Then it wrote that to the /etc/fstab file?? and in my panic just missed it. What other things would cause a EXT3 file system to go into read only? Scott Erik de Castro Lopo wrote: Scott Waller wrote: Thanks for the quick response. I went through the syslog file and couldn't find anything weird. Upon searching through other forums I found that in the /etc/fstab file a tag had been added: UUID=147ae6d1-e380-42cd-9471-66882c374580 / ext3 relatime,errors=remount-rw 0 1 So I just took out the errors=remount-rw and it works a treat. I think it should have been "errors=remount-ro". If it was in fact the right value then your filesystems was having errors and unless you're ok with loosing data, you should probably figure whats wrong and get it fixed. Erik -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Help -- I cannot boot into Ubuntu..
Scott Waller writes: > .I think your right. I have looked through the syslog and couldn't > find any issues, but now you've got me worried. Anyway I did a backup last > night. Seems to be quite stable at the moment. If you are, just 'touch /forcefsck' as root, reboot, and the distribution should check the filesystems for errors — which will catch any problems. > I wonder if when I passed the: > sudo mount -o remount, rw / > Then it wrote that to the /etc/fstab file?? No. None of the traditional Unix tools modify fstab, and certainly not mount. It might have come from a typo, or an administrative (usually GUI) tool, but not from there. > and in my panic just missed it. > What other things would cause a EXT3 file system to go into read only? Remounting 'ro' explicitly, dropping to the file system early enough in the boot process that it has not remounted to 'rw' yet, or corruption. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons Looking for work? Love Perl? In Melbourne, Australia? We are hiring. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] RAID Woes - Expanding Storage
Hi All I'm trying to assist a client who is running out of space. They have an HP DL360G4 with 2 x 160GB Maxtor SATA drives. they want us to replace them with 2 x 1TB Seagate drives. They are currently running everything (apart from /boot) from the root partition and are sitting on around 97% full. The problem is their current disk set up. First disk looks like this: Disk /dev/sda: 160.0 GB, 160041885696 bytes 255 heads, 63 sectors/track, 19457 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sda1 * 1 13 104391 83 Linux /dev/sda2 14 19216 154248097+ fd Linux raid autodetect While the second looks like this: Disk /dev/sdb: 160.0 GB, 160041885696 bytes 255 heads, 63 sectors/track, 19457 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdb1 * 1 254 2040223+ 82 Linux swap /dev/sdb2 255 19457 154248097+ fd Linux raid autodetect As you can guess, /boot is on /dev/sda1 and root is on the linux raid partition (RAID 1). The RAID looks like this: mdadm --detail /dev/md0 /dev/md0: Version : 00.90.01 Creation Time : Fri Nov 11 11:37:46 2005 Raid Level : raid1 Array Size : 154248000 (147.10 GiB 157.95 GB) Device Size : 154248000 (147.10 GiB 157.95 GB) Raid Devices : 2 Total Devices : 2 Preferred Minor : 0 Persistence : Superblock is persistent Update Time : Tue Nov 3 16:40:57 2009 State : clean Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0 UUID : 034603b7:67d1a2c7:35610b04:82f5961d Events : 0.2957028 Number Major Minor RaidDevice State 0 820 active sync /dev/sda2 1 8 181 active sync /dev/sdb2 What is the best way to replace these and allow for expansion later? Given that I'll end up with 2 x 1TB and 2 x 160GB drives, it would have been fantastic to use them all with boot, swap and root mirrored at device level but the bloody stupid DL360 only has space for 2 x sata drives in total, internally. Added complication is that it is a fairly mission critical system so whatever we do we have to do it soon and have it back up the next morning. What sayest the collective consciousness of the SLUG? With Thanks and Regards Nigel. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Port forwarding weirdities
On Wed, 2009-10-28 at 21:37 +1100, Ishwor Gurung wrote: > What about just dumping NAT table i.e., without the grep magic foo? Sure. I've attached an `iptables -t nat -L` from working, and broken. (Not sure if such attachments are allowed on this list, but I have seen some pretty hideous top-posting on this list that is much worse than a couple of KB of text attachments.) What's weird is that the line that should make all the difference (the last line in both attachments) doesn't change at all. At time of writing, the brokenness is sending traffic from port 1240 to port 81 instead of 80. (Has now been ports 82 and 95 in the past.) The only differences between the two dumps are that Transmission doesn't have one of its UDP port forwards for some reason, our (dynamic) WAN IP has changed, and I pulled another port forward that I wasn't using. Given that it has been working and broken without much change, I cannot put my finger on what it is. > I think it could be a bug in OpenWRT. What specific revision is it? I'm running Kamikaze 8.09.1, r16278. Chain PREROUTING (policy ACCEPT) target prot opt source destination zone_wan_prerouting all -- anywhere anywhere zone_lan_prerouting all -- anywhere anywhere prerouting_rule all -- anywhere anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source destination postrouting_rule all -- anywhere anywhere zone_wan_nat all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain MINIUPNPD (1 references) target prot opt source destination DNAT udp -- anywhere anywhereudp dpt:21287 to:192.168.0.23:21287-0 DNAT tcp -- anywhere anywheretcp dpt:21287 to:192.168.0.23:21287-0 Chain miniupnpd_wan_rule (1 references) target prot opt source destination MINIUPNPD all -- anywhere ppp121-44-178-139.lns20.syd7.internode.on.net Chain postrouting_rule (1 references) target prot opt source destination Chain prerouting_lan (1 references) target prot opt source destination Chain prerouting_rule (1 references) target prot opt source destination miniupnpd_wan_rule all -- anywhere anywhere Chain prerouting_wan (1 references) target prot opt source destination Chain zone_lan_nat (0 references) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain zone_lan_prerouting (1 references) target prot opt source destination prerouting_lan all -- anywhere anywhere DNAT tcp -- 192.168.0.1 anywheretcp dpt:5222 to:192.168.0.14 Chain zone_wan_nat (1 references) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain zone_wan_prerouting (1 references) target prot opt source destination prerouting_wan all -- anywhere anywhere DNAT udp -- anywhere anywhereudp dpt:53 to:192.168.0.14 DNAT tcp -- anywhere anywheretcp dpt:22 to:192.168.0.14 DNAT tcp -- anywhere anywheretcp dpt:25 to:192.168.0.14 DNAT tcp -- anywhere anywheretcp dpt:993 to:192.168.0.14 DNAT udp -- anywhere anywhereudp dpt:5060 to:192.168.0.3 DNAT udp -- anywhere anywhereudp dpt:1194 to:192.168.0.14 DNAT tcp -- anywhere anywheretcp dpt:80 to:192.168.0.14 DNAT tcp -- anywhere anywheretcp dpt:443 to:192.168.0.14 DNAT tcp -- anywhere anywheretcp dpt:5269 to:192.168.0.14 DNAT tcp -- anywhere anywheretcp dpt:5222 to:192.168.0.14 DNAT tcp -- anywhere anywheretcp dpt:5223 to:192.168.0.14 DNAT udp -- anywhere anywhereudp dpt:13000 to:192.168.0.218 DNAT udp -- anywhere anywhereudp dpt: to:192.168.0.218 DNAT udp -- anywhere anywhereudp dpt:6500 to:192.168.0.218 DNAT tcp -- anywhere anywheretcp dpts:1230:1239 to:192.168.0.23 DNAT udp -- anywhere anywhereudp dpts:1230:1239 to:192.168.0.23 DNAT tcp -- anywhere anywheretcp dpt:1240 to:192.168.0.23:80 Chain PREROUTING