Re: [OT] netbook recommendation
On Tue, May 05, 2009 at 08:39:06PM +0200, Leonardo Canducci wrote: Most eeepc seem to be well supported and some have a good battery life. nc10 seems good but it's not cheap nor friendly. dell mini 9 is really cheap but has little battery and bradcom wifi. So... what would you recommend? I'm using an Eee PC 901 right now, although it's running Ubuntu 9.04 (Netbook Remix) rather than Debian proper... works beautifully, and is currently priced at about $280. I made the following (mostly minor) tweaks: * Upgraded the memory to 2 GB (max supported), which has a current cost of approximately $26. * Joined /dev/sda and /dev/sdb (internal SSD storage) into a LVM volume group, except for a small /boot filesystem, and host / and swap there. * My /home resides on a 16 GB SD card, to allow for easy removal if I ever need to leave the netbook unattended. I'll likely encrypt it as well in the future, but don't have time to work through the configuration at present. The only problem I've encountered is that the SD card isn't always finished initializing when the filesystems get mounted, so sometimes /home isn't available... this only occurs when booting under battery power. My current workaround was to add the following lines to /etc/rc.local: # mount /home, if not already present, since the SD card may not be stable # during the early boot process if [ `mount | grep -c ' on /home '` -eq 0 ]; then logger -t rc.local mounting /home at `date` mount /home fi I'll revist this issue once I determine a more appropriate fix. Apparently it's not just a Ubuntu/Debian issue, however. http://lwn.net/Articles/329788/ signature.asc Description: Digital signature
Re: apt-get reports no new packages
On Wed, Nov 29, 2006 at 09:38:00PM -0600, William Jensen wrote: I'm following Etch and apt is reporting no new packages for a touch over a week. I've been seeing the same behaviour over the past week or so, with /etc/apt/sources.list configured with: deb http://http.us.debian.org/debian etch main Everything seems to be working again after changing the entry to: deb http://ftp.debian.org/debian etch main signature.asc Description: Digital signature
Re: Debian box listening on UDP port 68
I suppose you could kill -9 the dhclient process, once the interface has been configured. You run the risk, however, of the DHCP server reassigning your IP address to someone else, with no way for your system to react. I wouldn't even consider doing this unless you also control the DHCP server, and can ensure an appropriately long lease time... even then, it's almost certainly a (very) bad idea. In short, what you're seeing is perfectly normal behaviour for a box which obtains it's IP address via DHCP. I strongly recommend that you leave it alone. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH = X11 forwarding?
On Tue, Apr 18, 2006 at 10:43:47AM -0400, Antonio Paiva wrote: Ryan, You probably need to run xhost address of server on the client machine. Someone suggest this virtually every time the topic comes up. It's exceptionally bad advice... DON'T DO IT!!! signature.asc Description: Digital signature
Re: Solved! Re: SSH = X11 forwarding?
On Tue, Apr 18, 2006 at 12:46:01PM -0400, [EMAIL PROTECTED] wrote: Do I understand correctly that xbase-clients has to be installed on the machine on which the programs run, not the machine on which the keyboard, mouse, and screen are? Yes, it needs to be available on the ssh server. The ssh daemon uses xauth when setting up the forwarded X connection. signature.asc Description: Digital signature
Re: SSH = X11 forwarding?
On Fri, Apr 21, 2006 at 09:55:04AM -0700, Andrew Sackville-West wrote: On Fri, Apr 21, 2006 at 07:52:39AM -0500, Greg Norris wrote: On Tue, Apr 18, 2006 at 10:43:47AM -0400, Antonio Paiva wrote: Ryan, You probably need to run xhost address of server on the client machine. Someone suggest this virtually every time the topic comes up. It's exceptionally bad advice... DON'T DO IT!!! Could you enlighten us briefly on why its so bad? honest curiosity here. It allows anyone on the specified host access to your X session. Not only does this allow them to open new windows on your screen, but also to read information and capture keystrokes... password sniffing, for example. Do a quick google for xhost security, and you'll find plenty of descriptions and examples on the first page of results. signature.asc Description: Digital signature
Re: How to enable X port forwarding with ssh
On Mon, Jan 23, 2006 at 05:25:39AM -0800, Leonid Grinberg wrote: Yeah, you need to enable it in /etc/ssh/sshd_config Then, use ssh -X host.domain -l username (note: it has to be enabled on both sides, and you actually have to have X on both sides.) More specifically, you need to ensure that xauth (from the xbase-clients package) is installed on the ssh server. It doesn't require a complete X installation. signature.asc Description: Digital signature
Re: rpc.statd paranoia
On Thu, Jan 19, 2006 at 09:28:02AM +0100, Christoph Anton Mitterer wrote: I did not remove the gnome package or fam, just out of the init scripts. From what you mentioned I imagine we should blame the fam. No, IIRC fam needs portmap only for some of its network functionallity,... so if you don't use that you'll be just ok to use it without portmap. Unfortunately, fam will fail to start if portmap isn't running. http://bugs.debian.org/332790 signature.asc Description: Digital signature
Re: rpc.statd paranoia
On Thu, Jan 19, 2006 at 08:21:49PM +0100, Christoph Anton Mitterer wrote: Greg Norris wrote: Unfortunately, fam will fail to start if portmap isn't running. http://bugs.debian.org/332790 I cannot confirm this bug, I'm using sid and fam but don't have portmap installed,.. it it starts fine :-) Weird... I tried it about a week ago, and got the behaviour described in the bugreport. What version do you have installed? Mine was 2.7.0-8 from sid. signature.asc Description: Digital signature
Re: rpc.statd paranoia
On Wed, Jan 18, 2006 at 02:29:59PM -0400, BTP wrote: Does anybody know the correct procedure for eliminating this daemon from booting? Should I be using update-rc.d or do I have to manually edit config files? My solution was apt-get --purge remove portmap... apt will let you know if you have any packages installed which actually require it. signature.asc Description: Digital signature
Re: rpc.statd paranoia
On Wed, Jan 18, 2006 at 04:41:02PM -0400, BTP wrote: apt-get --purge remove portmap reported a required removal of GNOME which I did not want, so I instead used the update-rc.d portmap remove alternative. Interesting. I've got gnome installed (although I currently use xfce4 :) with portmap purged... I don't recall having to do anything special. signature.asc Description: Digital signature
Re: rpc.statd paranoia
On Wed, Jan 18, 2006 at 11:33:33PM -0400, BTP wrote: I did not remove the gnome package or fam, just out of the init scripts. From what you mentioned I imagine we should blame the fam. Incidentally, you can install gamin if you want the functionality of fam without the portmap dependency. signature.asc Description: Digital signature
Re: Howto make top in debian show CPUs separately like that of Redhat
On Wed, Jan 11, 2006 at 04:22:23PM +0100, Michael Dominok wrote: On Wed, 2006-01-11 at 19:45 +0530, Siju George wrote: How do I make the top command show CPUs separately as in Redhat? shown below. Start top.Hit '1' (One). Then hit 'W' to have top write a ~/.toprc file, making your chosen settings the default. signature.asc Description: Digital signature
Re: Firefox error following recent Sid upgrade
On Mon, Jan 09, 2006 at 02:17:06PM +, Anthony Campbell wrote: I just did a large upgrade in Sid, with xorg among other packages involved. Firefox now looks odd: large spaces between lines and fonts different. There is also the following error message: This could be caused by an incompatible extension. Try launching firefox from an xterm, with the -safemode parameter... is the problem still present? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Disabling Firefox Gestures
On Fri, Dec 30, 2005 at 03:22:38PM +, Barak A. Pearlmutter wrote: Anyone have any idea how to completely disable firefox gestures? Disable or uninstall whichever extension is providing gesture support (All-in-One Gestures, in my case) via Tools/Extensions, and restart Firefox. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Firefox - Disabling Extensions w/o Running
On Sun, Dec 11, 2005 at 06:38:54PM -0500, Patrick Wiseman wrote: On 12/11/05, Patrick Wiseman [EMAIL PROTECTED] wrote: The best way to do that, actually, is to right-cllck on suspect extensions, and select 'Disable'. That way, if it's not the offender, it's easy to re-enable it. Disable all the suspect ones, and then re-enable one by one, going from safemode to regular mode each time. A bit of a pain, but effective! Well, I thought you could do that, but apparently 'Disable' is not an option in safemode because they're disabled already; so uninstall is the only option. FWIW, Firefox 1.5 works in the manner you described. I don't believe it's hit the archive yet, however. signature.asc Description: Digital signature
Re: Request to remove Information
On Fri, Nov 18, 2005 at 01:50:14PM -0600, Ron Johnson wrote: Does not work, because this stupig remailer break the thread in small pieces. Must be Mutt, because Evo displays a deeply-nested thread. My copy of mutt (1.5.11-3, from sid) doesn't seem to have any trouble threading this mess. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: disable password authentication with openssh
On Thu, Sep 29, 2005 at 03:46:42PM -0400, Roberto C. Sanchez wrote: RSAAuthentication yes PubkeyAuthentication yes PasswordAuthentication no Don't forget UsePAM no and ChallengeResponseAuthentication no. signature.asc Description: Digital signature
Re: disable password authentication with openssh
On Thu, Sep 29, 2005 at 03:42:28PM -0500, Matthew Lenz wrote: it looks like ChallengeResponseAuthentication no by itself works correctly. you still think usePam no is needed? I think it depends on the OpenSSH version. IIRC, there are (were?) a number of entries in the BTS which indicate that both options are needed... at least in some cases. signature.asc Description: Digital signature
Re: Starting background process in ssh session
On Thu, Sep 01, 2005 at 10:17:33PM -0400, Roberto C. Sanchez wrote: OK. I should have been more precise in my explanation then. I am redirecting like this: command log.txt 21 Is that causing it then? Possibly. Try redirecting stdin to /dev/null as well... that frequently takes care of this in my experience. $ command log.txt 21 /dev/null signature.asc Description: Digital signature
Re: Starting background process in ssh session
On Thu, Sep 01, 2005 at 05:33:28PM -0400, Roberto C. Sanchez wrote: I occasionally log into a machine remotely and start a process in the background: command However, when I log out of the machine, the ssh process on my local machine blocks. I guess that it is becuase the remote still has jobs running. Is there a way to get it start the process in the background and then detach from the shell? I have already tried this: This is often caused because the process still has a file descriptor (FD) referencing the tty. Ssh doesn't like to terminate when this occurs, because there's a chance that the FD could still be required. If this is the case, then you probably just need to redirect the usual suspects... stdin, stdout, and/or stderr. Something like: $ command /dev/null 0 20 It may not be necessary to redirect all of them, but that will probably require some experimentation to determine. You may want to consider running your command under nohup as well, to protect it from the loss of your session. signature.asc Description: Digital signature
Re: Where to activate ip_forward
On Wed, Aug 31, 2005 at 01:49:01PM -0500, Matt Zagrabelny wrote: 3 - $ cat /etc/sysctl.conf # # /etc/sysctl.conf - Configuration file for setting system variables # See sysctl.conf (5) for information. # net/ipv4/ip_forward = 1 4 - $ cat /etc/network/options ip_forward=no spoofprotect=yes syncookies=yes signature.asc Description: Digital signature
Re: Can't create .Xauthority for users
On Thu, Aug 18, 2005 at 03:26:12PM -0400, Haines Brown wrote: xauth: creating new authority file /home/user/.Xauthority /usr/bin/X11/startx: line 132: cannot create temporary file for here document: Permission denied This sort of error can be caused by bad permissions on /tmp (or wherever $TMPDIR is pointing, if set). Here's what mine looks like: [EMAIL PROTECTED] ls -ld /tmp drwxrwxrwt 13 root root 4096 2005-08-18 14:42 /tmp If the permissions look OK, you should also verify that the filesystem isn't completely full. signature.asc Description: Digital signature
Re: numlockx problem?
On Sun, Dec 26, 2004 at 11:45:16PM -0600, Rob Benton wrote: First let me make sure I'm looking at the right file: /etc/X11/Xsession.d/55numlockx /etc/X11/Xsession.d/55numlockx.dpkg-dist The first one is the currently installed version right? Dpkg leaves *.dpkg-dist files when it thinks a conffile has changed, and you opt NOT to replace it... in this case, 55numlockx is the original file and 55numlockx.dpkg-dist is the new version. Had you opted to replace the file you'd end up with 55numlockx (new version) and 55numlockx.dpkg-old (original). Normally you're prompted for conffile replacement when the package is upgraded, but I believe this can be overridden via /etc/dpkg/dpkg.conf. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Linux on a Thinkbad T42
On Sat, Oct 16, 2004 at 10:21:53AM -0400, Jule Slootbeek wrote: Hey all, My trusty iBook's hinge snapped after 3.5 years of trusty service (RIP coltrane) and so now i'm in the market for a new laptop. My brother recently bought an IBM Thinkpad T42 and he is very happe with it (running Windows, and just using it for everyday college student work). The price he got it for is still available through a source, and it's a good deal. Now i was wondering if there were any problems installing debian in the Thinkpads, and if so anybody had a suggestion, or recommendation as to what kind of laptop to purchase. I know there are lots of threads on this subject, but since new models and technologies come out everyday, an update is of order once in a while. I got a T42p about a week ago, and so far it's running beautifully under Debian (sarge). It's my first notebook, tho, so I'm still working through some of the configuration... CPU frequency scaling (software installed but not tested), suspend/hibernate (still figuring out what I need to install), etc. Take a look at http://www.linux-on-laptops.com/ibm.html;. There are a couple of very informative entries from people running the T42 and T42p notebooks under Debian. signature.asc Description: Digital signature
Re: anyone tried chroot_safe?
On Tue, Oct 12, 2004 at 04:09:17PM -0400, Joey Hess wrote: I haven't read any of the code, but based on their documentation, so long as you trust the binary you're chrooting, it should be as safe as regular chroot. That's a pretty good fit to my situation, so I guess I'll go ahead and give it a try. Thanx, I really appreciate your assistance! signature.asc Description: Digital signature
Re: anyone tried chroot_safe?
On Wed, Oct 13, 2004 at 12:57:32PM +0200, Joost Witteveen wrote: Looking at the code, it seems as though chroot_safe simply uses the normal chroot() call; I would think the binary running would not be able to see the difference between `real' chroot and chroot_safe (and should thus not be able to exploit bugs in chroot_safe). Thanx, that makes me feel much better about giving it a spin! I think a better name would have been chroot_simple, or chroot_easy. No argument on that point. ;-) signature.asc Description: Digital signature
anyone tried chroot_safe?
Has anyone here has tried out chroot_safe[1]? Any comments on how well it works, or how it compares security-wise to a normal chroot environment? I have a couple of small apps (such as the [EMAIL PROTECTED] client) which I'd like to run chroot'd, and this beastie sounds like an ideal way to go about it. For those of you aren't familiar, chroot_safe claims to chroot dynamically linked applications without requiring all the libraries (and other supporting files) to be present. Apparently this is done by pre-linking (via a LD_PRELOAD stub), and then chrooting before the app is actually started. [1] http://sourceforge.net/projects/chrootsafe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamassassin on low memmory machine
On Mon, Jun 28, 2004 at 11:10:31PM -0700, Vadik wrote: I run my web and email server on machine with 32 Mb RAM. It works fine, but spamassassin really takes a lot of memory. And to make things worse, it often runs 10 and more sessions. is the a way I can configure spamassassin to run no more than 1 session at a time? I use Exim4 and courier. If you're using spamd (the daemonized version), you could add -m 1 to /etc/default/spamassassin. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: startled by what SCREEN can do [was Re: 3 gigs enough?]
On Tue, Jun 22, 2004 at 12:24:24AM -0500, Will Trillich wrote: screen is truly magic. wonder why i never tried it before? start with $ screen see the license, start hammering away at whatever you hammer away at. create, edit, delete, munge, craft, invent, devise... get interrupted, forget your session, leave for the day. I always add startup_message off to ~/.screenrc, so it doesn't insist on displaying the license every time I fire it up. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SA going downhill
On Wed, Jun 16, 2004 at 11:45:07AM +0100, Antony wrote: I'm using spamassassin 2.63 in unstable. In the last month or two, much more spam seems to get through. Here's an example: I don't know if it's feasible in your case, but have you considered the SA 3.0 prerelease package in experimental? It seems to be working very well for me, with no problems to speak of... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mouse wheel does not work with kernel 2.6.x
On Wed, Jun 16, 2004 at 10:56:40AM +0200, Joerg Johannes wrote: I have a logitech USB mouse which works great using 2.4 kernels. With exactly the same setup in X, the same mouse attached to the same computer works still, but only the three buttons: scrolling the wheel doesn't do anything, pressing it works as paste like it should. Obviously it can't be the X configuration which is faulty, because it still works when I boot back to 2.4. Also the kernel configuration should be OK, because otherwise the mouse wouldn't work at all. [snip CONFIG_PSMOUSE=y I had the same issue recently... the solution is to set CONFIG_PSMOUSE to n (or m, and just don't load the module). The problem is most likely that your BIOS has PS/2 emulation enabled, which typically doesn't support the wheel, and the PSMOUSE code is handling the mouse. The USB subsystem includes it's own mouse drivers, which will be used as long as PSMOUSE support is disabled. Apparently 2.4 would go ahead and use the USB drivers in either case... no idea why that changed. You could also disable PS/2 emulation in your BIOS setup, but I wouldn't recommend this solution. Among other things, it can make the lilo menu inaccessible if you use a USB keyboard. signature.asc Description: Digital signature
Re: VMware-4.5 workstation under Debian/testing?
On Sun, May 30, 2004 at 08:22:39PM -0400, Ishwar Rattan wrote: I am interested in running vmware-4.5 work-station under debian/testing (2.6.5). The software (not purchased yet) has a rpm package and a tar.gz that contains files for RH/Mandralke/SuSe. Is any one running it suceesfully under debian? I run it on my sarge (testing) box, after installing from the tarball (haven't tried the rpm). The only problem I've seen is that the vmmon and vmnet modules won't build against recent 2.6.x kernels. Fortunately, you can download the fix from ftp://platan.vc.cvut.cz/pub/vmware;... look for vmware-any-any-update*.tar.gz. Both VMware and the update installed for me painlessly, and it's been running quite smoothly. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: KVM switch recomendation?
On Tue, Jan 06, 2004 at 09:20:14PM -0600, Greg Norris wrote: Thanx for the info. After researching a number of KVMs from various companies, I've decided that the SwitchView USB 4-port looks the most promising. That beastie is on order, so I should know for sure in a few days. ;-) I set it up yesterday morning, and so far have experienced no problems whatsoever. Looks like we're in business! ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: dhcpd sending unwanted bootp packets
On Sat, Jan 10, 2004 at 05:27:33PM -0500, Bijan Soleymani wrote: I don't know about the particulars but this is from man dhcpd.conf: The bootp keyword allow bootp; deny bootp; The bootp flag is used to tell dhcpd whether or not to respond to bootp queries. Bootp queries are allowed by default. Not sure how I managed to miss that... thanx! ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
KVM switch recomendation?
Can anyone recommend a good 4-port (or thereabout) KVM switch? I need one which can handle USB keyboard and mouse inputs, and it would be a plus (but definitely not required) if it can accommodate both USB and PS/2 outputs. I recently tried a Belkin OmniView SOHO KVM (model no. F1DS104U), which claims to be Linux compatible, but it turned out to be rather flaky[1]. After waiting for 90 minutes on their tech support line, for a scripted-to-the-max session which I can only (charitably) describe as completely worthless, I think I'm inclined to avoid Belkin products at this point. [1] It mostly worked, but would frequently miss keystrokes (especially CTRL-whatever combinations), or act like a key was being held down. I did all of the usual troubleshooting (try a different keyboard, swap the cables, update the firmware, etc.), and am fairly confident that it's a firmware bug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: KVM switch recomendation?
On Tue, Jan 06, 2004 at 10:53:21AM -0700, Monique Y. Herman wrote: I have a Belkin 4-port (don't recall the exact model, but OmniView sounds right), and while the keystroke aspect was fine, it didn't interact with X well at all. Switching back to a machine running X would result in the mouse crawling along the lower left corner of the screen. I would always have to log out and back in again to fix it. I've seen this behaviour in the past, when using one of their non-USB models. The problem is that the KVM doesn't support wheel mice, and the rodent gets confused when it isn't re-initialized properly after a switch. You can avoid the problem by configuring it as a standard 3-button mouse, at the cost of wheel-scrolling. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: KVM switch recomendation?
On Tue, Jan 06, 2004 at 11:12:51AM -0600, Kirk Strauser wrote: I suspect you got a bad unit, or maybe one in need of a firmware upgrade (you can flash that unit with a special serial cable). I flashed the firmware several times during the troubleshooting process. The symptoms changed somewhat depending on the firmware version, but it never got to what I'd consider a useable state. It's definitely possible that the unit was somehow defective, of course. Unfortunately, I was *really* put off by their tech support... I'm rather reluctant to give them money at this point. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: KVM switch recomendation?
On Tue, Jan 06, 2004 at 11:48:33AM -0800, Bill Thompson wrote: I had the same trouble as well as mouse issues with the same Belkin Omniview SOHO going between a Woody server and Sid desktop. I replaced my KVM with a Avocent SwitchView and have had no further issues. You can get more info at: http://www.avocent.com Thanx for the info. After researching a number of KVMs from various companies, I've decided that the SwitchView USB 4-port looks the most promising. That beastie is on order, so I should know for sure in a few days. ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: KVM switch recomendation?
On Tue, Jan 06, 2004 at 04:25:23PM -0600, Todd Pytel wrote: Well, I have a Belkin SOHO 4-port (PS/2) that exhibits X issues. If I'm using a wheel mouse (IMPS/2) and switch ports, the mouse goes crazy. One generally knowledgeable person hinted that USB mice might not have such an issue, but did not have any hard evidence to that effect. I've used one of those in the past as well. The only fix I've seen is to configure the mouse as a plain 3-button, which of course nixes the wheel scrolling. I've heard good Linux reports for the Avocent units also. Thanx! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh to NATed box fails
On Fri, Jan 02, 2004 at 08:36:53AM +0100, Jan Minar wrote: Nice. So if an exploit leaks to the script kiddies, you would be cracked only 1-2 times a day. Hopefully the first one to get in will move sshd back to 22/tcp and patch the binary. It's currently running on port 443. I'm pretty sure that all the scans I've seen so far are targeted at https webservers, and unlikely to be a problem in this case. Keeping on top of the security updates is, of course, still absolutely essential. The point is that the exposure to no-thought-required, scripted exploits (which seems to cover the majority of cases) is greatly reduced. As always, YMMV. signature.asc Description: Digital signature
Re: ssh to NATed box fails
On Thu, Jan 01, 2004 at 11:47:36PM +0100, Jan Minar wrote: At least then a script kiddy won't simply find port 22 open and start to bruteforce your ssh password. He has to scan higher than normal to find your SSH which he/she is less likely to do. This is a ``security by obscurity''; a naive approach that works by giving you a warm fuzzy feeling that you've done your homework, which lessens your alertness, so you won't ever notice the intruders. This isn't really useless... a certain amount of obscurity can be beneficial. The thing to remember is that it's only helpful up to a point. For example, a couple of months ago I started running ssh on a non-standard port (strictly for connectivity reasons). Before the change, I was getting several dozen scans and exploit attempts daily. Afterward, 1-2 scans per day is the norm. If someone decides to target my box specifically, there's little doubt that ssh will be quickly discovered. But in the meantime, moving it has clearly cut out A LOT of script-kiddie activity. signature.asc Description: Digital signature
Re: logcheck regexp for spamassassin
On Tue, Dec 23, 2003 at 10:39:29AM +0100, Mark Schouten wrote: Well, it *is* the space at the end of the line. Why all the fuzz. Just place an '?' behind the space. No it isn't. So far, all of the messages which have slipped through have exactly one trailing space... exactly matching the regexp. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: logcheck regexp for spamassassin
On Sat, Dec 20, 2003 at 04:01:08PM -0500, Bill Marcum wrote: On Fri, Dec 19, 2003 at 09:34:56PM -0600, Greg Norris wrote: You don't say whether the message is listed as an event or a security violation, but I'm guessing it's the latter, and the reason is that the email address contains bad. If I'm right, the solution is to create a file in violations.ignore.d containing an appropriate regexp, perhaps @bad- Yes, it's listed under Possible Security Violations. Thanx for the insight! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
logcheck regexp for spamassassin
Every now and then, logcheck complains about syslog messages such as
the one below. Not a big problem, but it's supposed to filter out
messages which match the associated regexp... which really should cover
this case, as far as I can see. Any idea why this one was missed?
---SNIP---
Dec 19 07:17:46 sasami spamd[23665]: processing message [EMAIL PROTECTED] for
adric:1000.
---SNIP---
---SNIP---
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: processing message .+ for
\w+:[0-9]+\. $
---SNIP---
There really is a single space at the end of the line, btw, so it's
not that.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
On Fri, Nov 07, 2003 at 04:36:30PM -0600, Alan Shutko wrote: That looks like it's 8 bits per color, or 24 bpp. What does identify -verbose say about it? It looks like you're correct. Thanx, I'll remember this if the issue comes up again. ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
On Sat, Nov 08, 2003 at 01:06:15PM -0500, Roberto Sanchez wrote: Have you looked at pngcrush? apt-cache show pngcrush No, but I'll definitely look into it for next time. Thanx! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh-agent
On Fri, Nov 07, 2003 at 07:58:26AM +, Geoff Thurman wrote: Thank you. This is a great relief, particularly coming, as it does, from such an authoritative source. I now understand the man pages a bit better, too. I have still removed the ssh package though, on the basis that I don't use it and can always put it back later if and when I need it. I believe that you can disable the original behaviour by editing /etc/X11/Xsession.options, and commenting out the use-ssh-agent entry. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
On Thu, Nov 06, 2003 at 11:34:59PM -0500, Roberto Sanchez wrote: Just out of curiousity, did you originally save it as a 24-bit or 8-bit PNG? IIRC, GIFs are always 8-bit and 8-bit PNGs are comparable in size. I can understand how a 24-bit PNG would be bigger, but I can't see how an 8-bit would be that much different in size. The original image claims to be 8-bit... it's approximately 3 times the size of the gif version. $ file cornscolio.* cornscolio.gif: GIF image data, version 89a, 788 x 1000 cornscolio.png: PNG image data, 788 x 1000, 8-bit/color RGBA, non-interlaced $ ls -l cornscolio.* -rw-r--r--1 adricadric 263471 Nov 4 17:49 cornscolio.gif -rw-r--r--1 adricadric 743422 Nov 4 17:32 cornscolio.png -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] SCO's crack legal team
On Thu, Nov 06, 2003 at 09:35:53AM +0800, csj wrote: Speaking of IP hassles, maybe you should have exported that into the free png format. The original version was png, actually... I converted it to gif because more browsers handle that format, and it has a significantly smaller file size in this instance. The site it's hosted on has a minimal bandwidth allocation, so size was not an insignificant concern. In addition, the gif patent has expired in the USA (and is very close to doing so elsewhere), and simply isn't an issue which troubles me all that much. If anyone requests the png version, I'd be happy to email it. People are welcome to share either version (email, posting on the web, whatever). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[OT] SCO's crack legal team
I thought this might provide some much-needed amusement... My wife has put together a picture of SCO's crack legal team, which pretty much explains their entire strategy. Feel free to share! ;-) http://home.kc.rr.com/snidely/cornscolio.gif -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Hyper Threading
On Mon, Nov 03, 2003 at 12:18:10AM +0100, Werner Mahr wrote: Am Montag, 1. Dezember 2003 11:41 schrieb Marco Cecconi: ^ Is my KMail broken? Time moves more quickly on hyperthreaded systems! ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: 2.6-tes6 vs 2.6-tes5 about visor
On Sun, Oct 12, 2003 at 03:05:04PM -0400, Naitik Shah wrote: I've been unable to get my Palm Zire 71 working with kernel 2.6-test6 / test7. Anyone else using a Palm, any palm device and noticed any such problems? I've reverted back to test5-mm3 for now, and its working for now! I'm only able to sync to my Treo 300 once using 2.6-test[67], as I get a kernel oops when the USB port is unregistered. At that point the usbserial/visor module no longer works (and can't be unloaded), so it takes a reboot to get things working again. I've posted all of the relevant information (kernel config, debug output from kern.log, etc.) to the linux-kernel list. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Telnet 25 port problem
On Tue, Oct 07, 2003 at 01:46:43PM -0300, AgustÃn Ciciliani wrote: These are some of the mail servers that I can't reach with my Debian: mail.matrocolayasoc.com.ar, mail.skytel.com.ar, mail.ecogas.com.ar, and others... Do you have ECN enabled in your kernel? You can check this by doing cat /proc/sys/net/ipv4/tcp_ecn... if so, it will display 1. In this case, try disabling it (echo 0 /proc/sys/net/ipv4/tcp_ecn) and see if the problem persists. signature.asc Description: Digital signature
Re: HyperThreading CPUs under Debian
On Mon, Sep 29, 2003 at 12:09:18PM +0100, Andrew Ingram wrote: Can anyone tell me if there is anything special I should enable in my kernel (or any other Debian configuration) to make the most out of an Intel P4 processor with HyperThreading? Just realised my kernel has SMP disabled which might have been a mistake, but I can't find a definitive answer by googling. You need to enable SMP, and also ACPI CPU Enumeration... either CONFIG_ACPI_HT_ONLY or CONFIG_ACPI_PROCESSOR. In the former case, you may also need to use the boot parameter acpismp=force. If memory serves, it's no longer required as of 2.4.22. signature.asc Description: Digital signature
squid problems with DNS resolution
I've recently setup squid for a small home network (2 boxes, not counting the proxy server itself). Unfortunately, I instantly get the error text below when I try to access a non-cached site. If I do a shift-reload, the site will then load successfully, and I won't have any further trouble with it. The requested URL could not be retrieved While trying to retrieve the URL: http://blah.org/blah/ The following error was encountered: Unable to determine IP address from host name for blah.org The dnsserver returned: No DNS records This means that: The cache was not able to resolve the hostname presented in the URL. Check if the address is correct. The proxy server is also running pdnsd, which is providing name resolution for the local network. This appears to be working properly... email, http (minus squid), etc. have no apparent problem resolving hostnames. I've tried reconfiguring the proxy server to use my ISP's nameservers, just to be sure, but that didn't make any noticeable difference. The proxy box is running Woody, so the squid version is 2.4.6-2. Any suggestions for what I should be checking? Thanx! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: squid problems with DNS resolution
I've recently setup squid for a small home network (2 boxes, not counting the proxy server itself). Unfortunately, I instantly get the error text below when I try to access a non-cached site. If I do a shift-reload, the site will then load successfully, and I won't have any further trouble with it. Just for grins I tried upgrading squid to 2.5.3, using Aurelien Jarno's woody backport. The problem appears to be slightly less prominent in this release, but it's definitely still present. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: squid problems with DNS resolution
On Wed, Aug 06, 2003 at 08:40:16PM -0500, Greg Norris wrote: I've recently setup squid for a small home network (2 boxes, not counting the proxy server itself). Unfortunately, I instantly get the error text below when I try to access a non-cached site. If I do a shift-reload, the site will then load successfully, and I won't have any further trouble with it. Just for grins I tried upgrading squid to 2.5.3, using Aurelien Jarno's woody backport. The problem appears to be slightly less prominent in this release, but it's definitely still present. I've enabled debugging messages for pdnsd, and they seem to confirm that it's working properly. For example, I just got a squid error trying to access www.debris.com, but pdnsd shows a successful query. 272 08/08 22:11:25| Received query. 272 08/08 22:11:25| Questions are: 272 08/08 22:11:25| qc=IN (1), qt=A (1), query=www.debris.com. 272 08/08 22:11:25| Starting cached resolve for: www.debris.com., query A 272 08/08 22:11:25| Trying name servers. 272 08/08 22:11:25| Query to 24.30.200.3 succeeded. 272 08/08 22:11:25| p_dns_resolve: using local cent copy. 272 08/08 22:11:25| Outbound msg len 32, tc=0, rc=no error 272 08/08 22:11:25| Answering to: 127.0.0.1, source address: 127.0.0.1 At this point I'm fairly certain that it's a squid problem of some sort. I guess I should file a bug report, if noone has any suggestions on how to squash this beastie... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
squid problems with DNS resolution
Sorry if this is a dup, but I didn't see any sign of it on the list after 12 hours... --- I've recently setup squid for a small home network (2 boxes, not counting the proxy server itself). Unfortunately, I instantly get the error text below when I try to access a non-cached site. If I do a shift-reload, the site will then load successfully, and I won't have any further trouble with it. The requested URL could not be retrieved While trying to retrieve the URL: http://blah.org/blah/ The following error was encountered: Unable to determine IP address from host name for blah.org The dnsserver returned: No DNS records This means that: The cache was not able to resolve the hostname presented in the URL. Check if the address is correct. The proxy server is also running pdnsd, which is providing name resolution for the local network. This appears to be working properly... email, http (minus squid), etc. have no apparent problem resolving hostnames. I've tried reconfiguring the proxy server to use my ISP's nameservers, just to be sure, but that didn't make any noticeable difference. The proxy box is running Woody, so the squid version is 2.4.6-2. Any suggestions for what I should be checking? Thanx! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: bash: finding if mozilla is running
On Sat, Jul 26, 2003 at 07:36:47AM -0700, Alan Connor wrote: This might help in the future, Seneca: ps a | grep slrn | grep -v grep 863 pts/3S 0:00 slrn You can cut out an unnecessary process (not that it's likely to be a big deal these days) with: ps a | grep [s]lrn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Xfree86 4.3 confusion
Here's where I pulled my copy from... # Daniel Stone's unofficial XFree86 4.3 packages deb http://penguinppc.org/~daniels/sid/i386 ./ On Sun, Jul 20, 2003 at 11:11:27AM -0700, Johannes Graumann wrote: Hello, A couple of days ago I installed woody with the bf2.4 kernel on my new fujitsu lifebook. I went ahead and apt-get dist-upgraded to 'testing'. At some point I then installed xfree86 to run my beloved ion wm. I must have been able to pull 4.3, since the lifebook needs the 'radeon' driver which is only in 4.3 and was present. The problem however arose when I - for reasons of general idiocy - wanted to do a fresh install yesterday: only xfree86 4.2.x was available! I can't reconstruct my original apt sources exactly, but querying the on line package database doesn't give me any 4.3 what so ever. Did 4.3 get recently pulled from the distribution? Why? Where can I get the packages? Thanks, Joh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
2.6.0-test1: some modules refuse to autoload
My apologies if this is a repeat... I originally sent it yesterday evening, and haven't seen any sign of it on the list. --- I'm starting to test out the 2.6.0-test1 kernel, and for the most part everything is going smoothly. There is one problem that has me stumped, however... I can't seem to get module auto-loading to work for the cdrom. None of the other modules seem to have any trouble. I'm currently running Debian sid, with module-init-tools 0.9.13-pre. I've defined the alias block-major-22 ide-cd, and verified that both modprobe -nv block-major-22 and modprobe -nv ide-cd give the expected results. When I try to mount a CD, however, I get the message /dev/hdc not a valid block device. Browsing the system logfiles, I don't see any indication that a module load was even attempted. Everything works fine if I load the ide-cd module manually first. I browsed the list archives and did some googling, but didn't find anything which sounded similar. Any idea what's wrong? Thanx! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ``Can't exec'' during installs ???
On Mon, Jun 23, 2003 at 06:53:42PM -0500, Michael D. Schleif wrote: Ah, yes! I recently added that as a recommended security enhancement. What is the best way to umount/mount /tmp, without rebooting? How about `mount -o remount,exec /tmp'? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ALSA/SBLive problem
On Thu, Jun 05, 2003 at 02:14:51AM -0700, Paul Johnson wrote: What worked for me on SBLive: ditch ALSA, use OSS. It Just Works. From what I can tell, there is no difference in functionality between the two on the SBLive, but ALSA is a massive, avoidable pain in the ass for the same result. It won't help in this case. Dell's OEM card is *quite* different from a normal SBLive, and only works using their proprietary (Windows-only) drivers. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ALSA/SBLive problem
On Wed, Jun 04, 2003 at 08:39:33PM -0600, Tom Schutter wrote: I am having problems setting up ALSA on my Debian box. When I try to play an OGG file using XMMS, XMMS hangs. When I try to play an OGG file using alsaplayer, I get no sound, and alsaplayer moves through the song at 30x. The soundcard is builtin on a Dell Dimension 4550, but it is advertised as a SoundBlaster Live! I'm having identical problems with a Dell Dimension 8300... in fact, I posted them here earlier today under the subject bizarre ALSA problems with SBLive. I've since learned that Dell's OEM card is significantly different from the retail version. It's advertized as a Soundblaster Live, and is similar enough that ALSA detects it as such, but they're NOT the same. Here are a few snippits from Dell's Soundblaster Live FAQ, which I found in their Home: Dimension: Audio forum. Q: Is the SB0200/0203 really a Creative card? A: Yes, this is a card manufactured by Creative; however, it is not sold in retail packaging, and is therefore unsupported by Creative. Q: What's different about this SB0200 card than the CT series? A: The SB0200 uses the EMU10K1X software-accelerated Digital Signal Processor (DSP), whereas the CT series was based on the EMU10K1 hardware-accelerated DSP core. Audio performance may be affected by high loads on the processor more often than with the previous DSP. Also, this OEM version contains the front-panel headphone jack connector, as well as other features required by Dell for use within Dell systems. Q: If Creative doesn't support it, why is it called Sound Blaster Live? A: The Sound Blaster Live! designation is due to the feature set of the card, which includes: * EAX (software accelerated) * 5.1 analog channel output * Digital output I replaced the bundled card with it's retail counterpart, and everything seems to be working properly... the downside is that I lost use of the headphone jack at the front of the case. I'm planning to return the soundcard for credit, since I just purchased the system. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: dpkg-reconfigure: command not found
You can search for packages which contain specified files at http://www.debian.org/distrib/packages;. In this case, it would have told you that dpkg-reconfigure is part of the debconf package. On Sun, Mar 23, 2003 at 09:57:12AM -0800, Debian User wrote: Hi, I just installed the vanilla install of Debian. I'd like to reconfigure several things, but when I do dpkg-reconfigure, I get dpkg-reconfigure: command not found. Is this still how I'm supposed to reconfigure packages? (I don't see a --reconfigure option for dpkg.) thanks Melissa pgp0.pgp Description: PGP signature
Re: login by ssh fails
I expect that you're running into the default TCP-Wrappers configuration. If this is the case, there are at least 2 ways to resolve the issue. 1) If the remote system has a static IP address, just add an /etc/hosts entry for the box. 2) Edit /etc/hosts.deny, and change the ALL: PARANOID entry to ALL EXCEPT sshd: PARANOID (you might need to restart the ssh daemon after doing this... dunno). This will prevent TCP-Wrappers from dropping incoming connections when it can't reverse-lookup the hostname. The first option is preferred, because the PARANOID setting gives a (very) small measure of protection against some types of network attacks. On Mon, Feb 24, 2003 at 10:49:41PM +0100, Willem-Jan Meijer wrote: I can ping, write to the server by samba, apache, squid al works fine except a remote logine. pgp0.pgp Description: PGP signature
configuring pam for ssh
I occasionally have a need to connect to my home machine from untrusted systems, so I'm trying to configure ssh to use one-time passwords via libpam-opie. I started by commenting out the auth entry for pam_unix.so in /etc/pam.d/ssh, and adding one for pam_opie.so in it's place. So far so good... the keyboard-interactive method seems to work with opie, and it doesn't fall back normal password authentication. During the course of testing, I noticed that the change had broken ssh's built-in password authentication (PasswordAuthentication yes in sshd_config). Can anyone explain why this occurs? My understanding (obviously flawed ;-) was that ssh only uses the pam auth modules for keyboard-interactive. I've gone through the documentation and done a bit of googling, but the answer remains elusive... This isn't a huge problem, as I'm most likely going to disable password authentication anyway. But I'd really like to understand what's occurring. Thanx! pgp0.pgp Description: PGP signature
Re: VMWare package
On Mon, Feb 17, 2003 at 10:55:58PM -0900, Andy wrote: I have a Debian 3.0 install with the 2.4.18-bf2.4 kernel and I just did an apt-get install kernel-headers-2.4.18-bf2.4 then did an ln -s to make: linux - kernel-headers-2.4.18-bf2.4 So I tell the vmware script that my kernel headers are in /usr/src/linux/includeIs that right? That sounds OK to me. This is where I am clueless. Vmware install script says this: Setup is unable to find the make program on your machine. Please make sure it is installed. Do you want to specify the location of this program by hand? [yes] What is the location of the make program on your machine? You need to install the make package. It's (typically) used to direct the compilation (which files should be compiled, in what order, etc.). Here is my embarassing failure: Building the vmmon module. gcc: auto-build: No such file or directory gcc: HEADER_DIR=/usr/src/linux/include: No such file or directory gcc: CC=/usr/bin/gcc: No such file or directory gcc: GREP=grep: No such file or directory Unable to build the vmmon module. I'd guess that most of that is a side-effect of make being unavailable. I'm pretty sure that grep would be present, at the very least. ;-) msg31510/pgp0.pgp Description: PGP signature
Re: VMWare package
Basically I just unpacked the tarball for VMware Workstation 3.2, and ran the ./vmware-install.pl script. When it prompted, I selected /opt/vmware as the installation path, and /usr/src/linux/include as the location of my kernel headers... the latter being a symlink to the real location. There are 2 potential gotchas that I'm aware of... 1) The kernel headers need to *exactly* match your running kernel. If your using a distribution kernel, there should be a matching kernel-headers-* package that you can install. If you compile your own, be sure to hang onto the headers after building. The easiest way to do this is to use make-kpkg, and have it generate a kernel-headers package for you. 2) The VMware modules must be built using the same GCC version as the kernel. In practice, this probably only affects unstable at the moment, due to the GCC 3.2 transition. On Mon, Feb 17, 2003 at 08:52:29AM -0900, Andy wrote: Can you give us more detail? I can't get VMWare to work on Debian woody. I want to try the 30 day trial of VMWare but it won't install. Debian is not supported by them so I called one of the sales reps at VMWare and the rep. said What the heck is Debian?. I explained to him what Debian was all about and the fact that I can't get VMWare workstation to work on my Debian machine. He did not seem to care. So it would be great if someone could share experiences with VMWare working in Debian. Thanks, Andy msg31386/pgp0.pgp Description: PGP signature
Re: VMWare package
You're right... I should have mentioned the include directory. I didn't realize that the distro kernel-headers packages include multiple trees, tho... I've been building my own for quite awhile now. Thanx for the update! On Mon, Feb 17, 2003 at 09:18:11PM -0600, Kent West wrote: Having just done this today, I'll point out that when you install the kernel-headers, it creates several directories under /usr/src, like: kernel-header-2.4.20-386 and kernel-header-2.4.20-586 and etc. You'll need to point the vmware-config.pl script to the correct directory, but you'll have to dive one level deeper, into include I believe, when the script asks for the path. Kent msg31401/pgp0.pgp Description: PGP signature
Re: VMWare package
There's no debianized package, but the 3.2 tarball works fine (on sid, at least). I didn't try to build a package out of it, just pointed the installer to /opt/vmware. On Sun, Feb 16, 2003 at 04:57:53PM -0500, John Mitchell wrote: I was wondering if anyone knew of a package of VMWare workstation. I've been having trouble making my own and was hoping that someone else on this list knew better than I. msg31199/pgp0.pgp Description: PGP signature
pdnsd problems
I'm having some problems getting a reliable pdnsd setup, which I was
hoping (obviously! ;-) that someone here could help me out with. The
symptom is that occasionally it stops resolving addresses (probably
just uncached ones?), and pdnsd-ctl shows the server as unavailable.
At first I thought the ping test might be failing, but I don't find any
messages in the debug log which indicate this. It seems unlikely in
any event, as the DNS server is a cable router which is directly
connected via a 3-foot cable.
One thing I did notice in the log is that pdnsd seems to be querying
external DNS for the local system name (glitch.localdomain). I see a
lot of entries like the following... in particular, there seems to be a
storm of them just before it thinks DNS is down.
2 02/10 22:08:01| Received query.
2 02/10 22:08:01| Questions are:
2 02/10 22:08:01| qc=IN (1), qt= (28), query=glitch.
2 02/10 22:08:01| Starting cached resolve for: glitch., query
2 02/10 22:08:01| Trying name servers.
2 02/10 22:08:01| Server 192.168.0.1 returned error code: unknown domain
2 02/10 22:08:01| Cacheing domain glitch. negative
2 02/10 22:08:01| Query to 192.168.0.1 succeeded.
2 02/10 22:08:01| Outbound msg len 24, tc=0, rc=unknown domain
2 02/10 22:08:01| Answering to: 127.0.0.1, source address: 127.0.0.1
Shouldn't pdnsd be getting information on the local name from
/etc/hosts? I don't think it should be passed to the external DNS, at
any rate.
The contents of pdnsd.conf are listed below. The second and third
server entries shouldn't be relevant, as they're only reachable when
I'm VPN'd to work.
I'd be grateful for any insights and/or suggestions. Thanx!
- pdnsd.conf -
global {
perm_cache=2048;
cache_dir=/var/cache/pdnsd;
max_ttl=604800;
run_as=pdnsd;
strict_setuid=on;
paranoid=on;
status_ctl=on;
# server_port=53;
server_ip=127.0.0.1;
}
server {
ip=192.168.0.1;
label=router;
timeout=30;
interval=30;
preset=on;
uptest=ping;
ping_timeout=100;
purge_cache=off;
}
server {
ip=144.229.81.71;
label=work1;
timeout=30;
interval=30;
preset=off;
uptest=if;
interface=nlv0;
purge_cache=off;
}
server {
ip=144.229.84.184;
label=work2;
timeout=30;
interval=30;
preset=off;
uptest=if;
interface=nlv0;
purge_cache=off;
}
source {
ttl=86400;
owner=localhost.;
# serve_aliases=on;
file=/etc/hosts;
}
- end pdnsd.conf -
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: freenet (sid) getting java.lang.ClassCastException error -- RESOLVED
The problem turned out to be caused by an invalid default listenPort entry in freenet.conf. I've submitted a bugreport, asking that the installation prompt for this setting. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
procmail recipe to remove list-name from subject
Anyone have a procmail recipe you'd be willing to share, for sanitizing mailing-list subjects? Basically, I'd like to take Re: Re: Re: [list-name] blah blah and turn it into Re: blah blah I figure that I could come up with something workable using sed and formail, but was hoping that someone else has already done the heavy lifting. ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Browser identity crisis
Try the Preferences Toolbar at http://www.xulplanet.com/downloads/prefbar/;. On Fri, Dec 20, 2002 at 02:20:28AM +0800, csj wrote: A certain site's javascript afaict has checks to identify whether the browser logging on is NS4 or IE4 or greater. Is there a way to get Mozilla to identify itself as proprietary bro Netscrape? This should be possible because I know Konqueror can do it. Using Konqueror I can proceed much further in this site, but with some difficulty, as the html support is less perfect than Mozilla's. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: VMware Debian 3.0
Assuming that you're running devfsd, add the following to /etc/devfs/devices: vmnet0c 119 0 root root 0600 vmnet1c 119 1 root root 0600 vmnet2c 119 2 root root 0600 vmnet3c 119 3 root root 0600 vmnet4c 119 4 root root 0600 vmnet5c 119 5 root root 0600 vmnet6c 119 6 root root 0600 vmnet7c 119 7 root root 0600 vmnet8c 119 8 root root 0600 vmnet9c 119 9 root root 0600 parport0 c 99 0 root root 0600 parport16 c 99 16 root root 0600 parport32 c 99 32 root root 0600 parport48 c 99 48 root root 0600 On Sun, Oct 27, 2002 at 02:32:46PM +0200, Alexey Chetroi wrote: It works for me, beside one nasty problem: I have to reconfig vmware (vmware-config.pl) upon every reboot. It is installed from tarball in /usr/vmware and once compiled modules starts and stops normally untill next reboot. I'm using kernel-image-2.4.18-686 devfs is also enabled. Anybody had the same problem? Best regards, Alexey Chetroi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: VMware Debian 3.0
Working great here... version 3.2 installed from the tarball. On Sat, Oct 26, 2002 at 10:49:53AM +0200, Aedificator wrote: Any experiences with Debian and WMware 3.X? Zee -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
converting html messages to plaintext
I'd like to convert messages from html to text, for a few specific mailing lists. Is there a procmail recipe for this? Thanx! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Asus A7M266 motherboard and Debian
On Fri, Apr 26, 2002 at 11:56:03PM -0400, Faheem Mitha wrote: Thanks. That's very helpful. I take it then you would not necessarily recommend any more recent Asus board over this one? The only thing I was a little concerned about was that it might be too old. But it is better to have a working stable system that is a little old than a more modern system that is not :-) I haven't looked into any of their more recent motherboards, so I couldn't really say. But I wouldn't hesitate to recommend the A7M266, certainly. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Asus A7M266 motherboard and Debian
Anyway, I returned it to my vendor and I am now looking for another motherboard. I thought it best to be conservative and go with a motherboard based on the AMD 761 chipset, like the Abit KG7, since these generally seem to be most stable and trouble-free under Linux, even it they are now a little old. Since I have heard generally good things about Asus, I'm now thinking about the Asus A7M266. Based on searching with Google, it seems there are a fair number of people out there using it, and no serious outstanding issues. There do seem to be video (AAGP?) problems with some video cards, but I'm hoping that with my Matrox G450 I will be Ok. I had this very board until recently (G450 as well), running unstable (sid) with the 2.4.x kernel series. I didn't have any problems with this combination... unfortunately the power supply went bad and toasted it. :-( (On a side note, I am a little confused about this chipset issue. Some reviews refer to this board having the AMD 760 chipset on the northbridge, and there are also references to a VIA chipset on the southbridge. I've no idea what this terminology means.) The AMD chipset handles the memory controller and PCI bus. The VIA chipset handles the IDE and USB controllers, etc. Good luck! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: S/Key passwords with SSH? -- resolved
I'm happy to report that I got it working. On the off-chance that someone else is sufficiently brain-damaged g to think this is a good idea, here's what I had to do... 1) Install the opie-server and libpam-opie packages. 2) Modify /etc/pam.d/ssh, so that pam_opie.so is invoked in addition to (or in place of) pam_unix.so. The relevant entries were originally: auth required pam_nologin.so auth required pam_unix.so auth required pam_env.so # [1] After I finished mangling them, they had become: auth required pam_nologin.so auth required pam_env.so # [1] auth sufficient pam_opie.so auth sufficient pam_unix.so auth required pam_deny.so -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
S/Key passwords with SSH?
Is it possible to use S/Key passwords with the version of SSH in woody/sid? If so, I'd appreciate any pointers to information on setting this up. Thanx! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: vmware with parport device in bidirectional mode
You'll need the ppdev module as well, IIRC. On Wed, Apr 10, 2002 at 08:40:51AM +0200, Arno Baier wrote: hi i 've probs get the parport device work with vmware 3.0 and 3.1. i switched the paralell device in the bios to epp mode and compiled the modules parport and parport_pc. i do not use a printer on lp, so i did not compile lp support into the kernel. /dev/parport0 exists. if i configure vmware to use /dev/parport0 in bidirectional mode a message Connot open /dev/parport0: No such device. modules parport and parport_pc are loaded. i saw that the device /dev/partport0 has root,root so only root can use this device. is it possible to make it as lp wich has root,lp rights? i'm using woody with kerel 2.4.19pre3. thx arno -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: X Forwarding via SSH
Try running ssh in verbose mode (add -v to the command-line). The output should help to pinpoint what's failing. On Sat, Apr 06, 2002 at 03:21:34PM -0600, Kent West wrote: I've got a Sid box at home, and one in the office. At home, I'm on Cox Cable, going through a Netgear router/switch/firewall, then through a SurfBoard cable modem. At the office, I'm on a LAN connected via T1s to the world. I can do ssh -X canaan.acu.edu from home, and log onto this Solaris box at work, and run X apps remotely, displaying them to my home X display. I can do :ssh -X westek.acu.edu from home, and log onto this Sid box at work, and can *not* run X apps remotely; instead, I get the error message: westek[westk]:/home/westk gqview [1] 9885 Gtk-WARNING **: cannot open display: [1]+ Exit 1 gqview Can anyone tell me how to forward X apps from my ofice Sid box to my home Sid box? Thanks! Kent -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
using gtcd with ALSA?
I've noticed that gtcd's volume slider doesn't do anything, after switching to the ALSA for sound. Is there any way to make this work again, short of switching back to the OSS drivers. My sound card is a SBLive (emu10k1). Thanx! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vmware not running anymore after dist upgrade
What version of vmware are you running? For 3.0, the fix is located at ftp//platan.vc.cvut.cz/pub/vmware/vmware-ws-any-update14.tar.gz. Also, the latest 3.1 beta has the fix applied. On Mon, Apr 01, 2002 at 02:55:28AM +0200, CASASSOVICI Alexander wrote: Hi I had vmware running allright .. last week i had a dist-upgrade done ( it was kinda normal no kernel update nothing special) an .. i cannot power on vmware anymore here is what it says : VMware PANIC: (ide1:0) NOT_IMPLEMENTED F(831):692 VMware PANIC: (VMX) AIO: NOT_IMPLEMENTED F(831):692 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH 2 slower than 1?
On Sat, Mar 16, 2002 at 12:03:03PM -0600, Dimitri Maziuk wrote: Set cipher to blowfish (or none, if you're running it over trusted network), remove compression. Debian's ssh package is compiled without support for cipher=none. You can rebuild it if you really want that, of course...
Re: Wheel mouse DIFFERENT PROBLEM
On Sat, Mar 09, 2002 at 09:15:35PM -0600, Greg Murphy wrote: I have tried changing ps/2 to imps/2, but that makes the mouse go crazy on the screen. Did you reboot afterward? I had this problem after switching gpm and X to use imps/2 instead of ps/2, but it's been working fine ever since the box was rebooted. Something not being properly re-initialized, I expect...
Re: NO ANSWER, trying again...annoying console message: lp0: compatibility mode
Edit /etc/init.d/klogd and add -c 6 to the commandline. This will prevent kernel messages of priority 6 and 7 (KERN_INFO and KERN_DEBUG) from going to the console, without affecting higher-priority messages. On Wed, Jan 16, 2002 at 10:25:37AM -0500, James D. Freels wrote: I got no response. Anyone know about this one ? -- Forwarded Message -- Subject: annoying console message: lp0: compatibility mode Date: Tue, 15 Jan 2002 10:30:41 -0500 From: James D. Freels [EMAIL PROTECTED] To: debian-user@lists.debian.org The present kernel (2.4.17) prints an annoying message to the console each time my parallel port printer is used: lp0: compatibility mode I have found where it is printed in drivers/char/lp.c and I suppose I could comment it out. Isn't there a better way ?
Re: sid - mozilla .97 weirdness?
It seems to be working fine here... On Sun, Dec 30, 2001 at 02:42:39PM -0600, Hank Marquardt wrote: I haven't seen any talk on this so maybe it's just me -- anyone else having trouble with FORM submissions in Moz since it went to .97 mid-week? I can't submit a form from anywhere ... (google search for example), nor do javascript methods involking submit work ... It's not the end of the world, I've only updated one machine because of the qtlib issue and I've been using konqueror as a replacement, but I'd like to get it fixed ... anyone else having this problem?
Re: Kernel config: make menuconfig: cannot find ncurses
You'll need to install the -dev package as well, in order to use menuconfig. On Fri, Dec 14, 2001 at 11:26:43PM -0300, Daniel Toffetti wrote: Hi all ! I'm trying to compile a new (2.4.13) kernel on an old 486 box. When I try to configure it with make menuconfig I get the following error: = Start of the error message = rm -f include/asm ( cd include ; ln -sf asm-i386 asm) make -C scripts/lxdialog all make[1]: Entering directory `/usr/src/linux/scripts/lxdialog' /usr/bin/ld: cannot find -Incurses collect2: ld returned 1 exit status Unable to find the Ncurses libraries. You must have Ncurses installed in order to use 'make menuconfig' make[1]: *** [ncurses] Error 1 make[1]: Leaving directory `/usr/src/linux/scripts/lxdialog' make: *** [menuconfig] Error 2 = End of the error message = So, 'make menuconfig' claims that ncurses is not installed. Searching for 'ncurses' in dselect shows that libncurses5, ncurses-base, ncurses-bin and ncurses-term are installed. libncurses5-dev and libncurses5-dbg are not installed. The box is a recent potato installation upgraded to woody, running as a proxy. This is the first time I try to compile the kernel on this machine, and I never had problems compiling the kernel before on other boxes. I use kernel-package. Any help on this ?? Thanks in advance !! Daniel -- There is no spoon... - The Matrix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: xmms-couldn't open audio, huh?
Are you running esd? If not, try using the libOSS.so plugin instead... On Mon, Dec 10, 2001 at 08:05:43PM -0500, Courtney Thomas wrote: Greetings ! I have installed SBLive! card under Debian-2.4.6 using emu10k1. When I click on the play button, the mp3 is downloaded and after buffering, play is halted at once with the message popup couldn't open audio. output plugin - libesdout.so blocking programs - I have no idea if any. soundcard configured-I have merely plugged it in, what else might be needed ? Appreciatively, Courtney
Re: Matrox G450 and Unstable
It should work fine on unstable, without any need for the binary-only driver from Matrox. The only problem I've run across is that high-res text modes aren't restored properly (http://bugs.debian.org/122121), but hopefully that'll be fixed when X 4.2.0 is released. On Sun, Dec 09, 2001 at 10:09:39AM +0200, Martin Fluch wrote: Hi! I'm trying to get the a Matrox G450 running under a quite up to date unstable system (XFree86 version 4.1.0.1, debian package version 4.1.0-9) of a friend of mine. Is this card already supported with this version of X (with the 4.1.0 it was/should have been)? So far I have the idea, that I need do download somewhere some precompiled modules. But where exactly to put them on a Debian system and how to include them properly? Has anybody done this so far? Best wishes, Martin
openssh preferred keypair format?
Since recent versions of openssh can handle both DSA and RSA keypairs, I was wondering if one format is preferred over the other from a security perspective. Thoughts?
Re: Galeon + Junkbuster /= Ture
Junkbuster works fine here, with both Galeon and Mozilla. Just be sure to set HTTP Version to 1.0 in your browser configuration... junkbuster doesn't support 1.1. On Wed, Nov 14, 2001 at 01:09:51PM +, Preben Randhol wrote: Mozilla and Galeon does not play well with junkbuster. Does anybody know of an alternative to junkbuster that works with mozilla/galeon? Thanks in advance. Preben who is tired of the new ads that take a whole screen. pgpQ05eXRRQl5.pgp Description: PGP signature
Re: Loopback interface still doesn't come up on boot
Add auto lo on a line by itself. On Tue, Nov 13, 2001 at 12:54:00AM -0600, Cheryl Homiak wrote: I've checked to make sure that support for this is in my kernel and it is there; I realize it's not the same thing as loopback device support. I've checked my /etc/network/interfaces, which I'm including here; I don't see a problem with that but maybe I'm missing something. Can anybody think of anything else i should check to see what is keeping my loopback interface from coming up? Thanks. Here is /etc/network/interfaces: # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface iface lo inet loopback # ethernet interface iface eth0 inet dhcp pgpANaOPAImeb.pgp Description: PGP signature
Re: LPRng.deb package failure when apt-get upgrade from woody
As a guess, I'd say that's Bug#115235 (http://bugs.debian.org/115235). I ran into it a couple of days ago, when reinstalling after a disk failure. The fix is pretty simple... just apply the following patch to /etc/init.d/lprng. - SNIP - --- lprng.orig Mon Oct 8 15:10:11 2001 +++ lprng Wed Oct 10 16:08:43 2001 @@ -27,7 +27,7 @@ LPD_PORT=$(grep ^[[:space:]]*lpd_port /etc/lprng/lpd.conf | cut -d = -f 2) if [ -z $LPD_PORT ] then - LPD_PORT=printer + LPD_PORT=515 fi # Check lpd.conf for lockfile, Bug #44953, now in /etc/lprng Bug #66568 - SNIP - On Sat, Oct 13, 2001 at 07:26:05PM -0400, Jeremy wrote: I consistently get this problem when I install a new system and apt-get update from woody. the system gets all the packages and when it comes time to unpack and install LPRng it fails and exits with a error status 2. I think this needs to be fixed. pgppBIoxffwiI.pgp Description: PGP signature
Re: gnucash in sid
I finally gave up, and recompiled gnucash locally. It was reasonably painless... I had to use automake 1.4 instead of 1.5 (I still had a copy in my apt-move mirror, fortunately), but had no problems otherwise. Assuming that i386 is your platform, I can email you the resulting debfile if you like. Alternately, here are the steps I followed: 1) dpkg -i automake_1.4-p4-1.deb 2) apt-get build-dep gnucash 3) apt-get source gnucash 4) cd gnucash-1.6.1 5) debian/rules build 6) fakeroot debian/rules binary 7) dpkg -i ../gnucash_1.6.1-4.1_i386.deb On Wed, Oct 10, 2001 at 04:56:43PM -0700, Charles Baker wrote: What do I need to do to get the latest gnucash to install on sid? Does someone have an apt-source for it where libgal9 (= 0.10) and libgtkhtml14(= 0.11.1) are available? pgpK7Dk5eZuJf.pgp Description: PGP signature
Re: Bug # 38205?
I've got a set of unofficial slink installation disksets, specificaly for the Adaptec SCSI cards. You can find it at http://www.debian.org/~adric/aic7xxx/slink/. On Sat, Aug 14, 1999 at 12:55:16AM -0500, Nowan wrote: Is there a work-around for this bug -- e.g., a rescue image that contains a kernel that works with the adaptec 2940 scsi card? I'm trying to install slink the rescue disk kernel is hanging at the Downloading sequencer code line. I'm new to debian, so there may well be some FM I haven't R'd, so if there is let me know where I can find it. Thanks.
