Re: LOGO (with the turtle)
On Sat, 05 May 2001, Andrew Hagen wrote: Does anyone know of a free Linux implementation of LOGO computer language? (The LOGO with the turtle.) Are there debs available? Yes, package ucblogo. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Postfix or Exim?
On Sun, 06 May 2001, mdevin wrote: up. However, I had trouble getting it to work because it complained that port 25 was already taken: That is your fault (or some other package's). Not postfix's. I think this was due to inetd binding this port for some reason. I had upgraded from Exim and it was gone and there was no other smtp daemon running. I didn't try telnetting into port 25 but I did comment out the smtp part in inetd.conf and it still wouldn't run. I also checked with /etc/init.d/inet reload ? So my question is, should I bother with postfix? Is it easier to customise, edit headers etc? Is it more robust? What are some of the Well, postfix is *very* secure and very very fast. It's not the easiest one to do rewriting (edit headers) though, if you want to do something weird. It's easy to configure if you read the docs (especially the FAQ). Typical configuration files for email hubs have 10-13 lines (excluding the comments) I think. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: RES: Sylpheed com suporte a gnupg (GPG)
On Thu, 03 May 2001, Gustavo Noronha Silva wrote: http://packages.debian.org/testing/mail/sylpheed.html eu sei que tem sylpheed no unstable, mas não tem suporte a gpg... porque o suporte gpg ainda está no CVS e usa a biblioteca gpgme e o gnupg 1.0.5 que ainda não estão no Debian... Kov, O GNUpg 1.0.5 foi uploadeado em sid ontem. Eu estava empacotando a gpgme, queres que eu mande um ITP oficial pra wnpp e tome conta dela? Assim você perde menos tempo e manda brasa no sylpheed (eu _adoro_ esse nome...) -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpWQVCrxM0dp.pgp Description: PGP signature
Re: RES: Sylpheed com suporte a gnupg (GPG)
On Thu, 03 May 2001, Gustavo Noronha Silva wrote: hmmm pelo que deu pra entender do que conversei com o Werner Koch, o gpgme precisa do gnupg-1.0.5, vai ver o cara tava esperando o upload. É, pode ser isso. Vou mandar email pra ele... Mas já que c já tá empacotando o gpgme, contacta o cara lá =), quem sabe ele não desistiu ou dá o pacote pra você? ;) Certo. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgptCciSEZYhe.pgp Description: PGP signature
Re: ESD no long works after new alsa modules compilation
On Mon, 30 Apr 2001, Chun Kit Edwin Lau wrote: I don't know what's happening.. but it seems like my esd can no long startup after I compile and install the new module 0.9+0beta3-1. also some of the option for module ens1371 are no long support, isn't it? it gave me the follow when I start. Anyone knows what's happening? Couldn't open any alsa card! Last card tried was 0 Error opening card 0: Sound protocol is not compatible Audio device open for 44.1Khz, stereo, 16bit failed [...] Jeez, prune it a bit the next time, will you. Anyway, just about everything seems to break with the new alsa modules... Timidity will break, esd (yuck!) will break, and I suppose arts (double yuck!) will too if it supports alsa in native mode. Reinstall the old 0.5 modules (and 0.5 alsa-source just in case you need to recompile the modules), but keep all the other 0.9 packages. That will solve the problem. I hope 0.9 means last backwards-incompatible interface changes in a loong while. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpYagDYbdeoy.pgp Description: PGP signature
Re: need help configuring hosts.deny
On Wed, 25 Apr 2001, Hall Stevenson wrote:
I use Postfix as maildaemon.
I don't believe you want to be messing around in hosts.allow
for this.
Correct. Postfix does not use tcpwrappers AFAIK. Therefore, it will not
check against hosts.{allow,deny}.
I would hope that postfix's default setup doesn't allow relaying, does
it ??
No, it does not.
--
One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie. -- The Silicon Valley Tarot
Henrique Holschuh
pgpdJpPwYAtlP.pgp
Description: PGP signature
Re: ipchains packets logs get displayed on active tty
On Mon, 23 Apr 2001, Lindsay Allen wrote: On Sun, 22 Apr 2001, Keith Johnson wrote: As per subject. Quite annoying when I am trying to do important things. (Like play nethack). You are not alone. This has been happening here for 6 weeks or so. It has one advantage - I can see the script kiddies beating on my door in real time. Happened to me once when I upgraded sysklogd. A reboot fixed it (I needed to load a new kernel, and took the opportunity). Less definitive solutions (such as killing and then starting a fresh klogd AFTER making sure syslogd is running just might fix it, too). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpMbLDxAocCB.pgp Description: PGP signature
Re: ipchains packets logs get displayed on active tty
On Mon, 23 Apr 2001, Lindsay Allen wrote: All that has been done when I shut down to install a tape drive. (And a new kernel, of course.) Some time back I had three daemons writing to the screen, but now it is just ipchains. I would have submitted a bug, but it could be syslogd, klogd or ipchains and I don't know how to pick between them. It's odd that it affects very few users. I suspect restarting syslogd without restarting klogd AFTER syslogd finishes reloading causes this, but I haven't tested. ipchains can't be at fault, it logs to the kernel ringbuffer. Updating PAM also causes this kind of crap. I don't know why, though. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpWAIpn4domN.pgp Description: PGP signature
Re: The Heart Is An Open Source: A Romance
On Tue, 17 Apr 2001, Jaldhar H. Vyas wrote: On Tue, 17 Apr 2001, Damon Muller wrote: blantant troll Although a real man would have been running qmail and courier-imap... /blantant troll Bleh, qmail? Try postfix for something with a sane license and a sane upstream, no obnoxious install paths, and easily as secure as qmail. qmail on the other hand, I've only seen used on Linux and FreeBSD. Also I don't quite get the point of maildirs. Yes they're supposed to be Well, if you ever need to do something as suicidal as delivering mail over NFS, Maildirs come in quite handy. are the annoying license restrictions. One of these days I'll take a good look at postfix, it seems to be as secure and well-designed but plays more nicely with others than qmail. Exim, for some reason I've always thought of as a toy. But my information is probably years out of date. Despite appearances, Exim is not a toy; it works and it works well. But it's not nearly as nice and safe as Postfix... unless you need to do insane amounts of header rewriting, that is. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpdz9Z7GjmvD.pgp Description: PGP signature
Re: The Heart Is An Open Source: A Romance
Hi Kent! On Tue, 17 Apr 2001, Kent West wrote: This is a HOOT! Send it to Slashdot or Linux.com; it needs to be published. /. ? Better send it to debianplanet.org... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpMSZAABuGNt.pgp Description: PGP signature
Re: Fetchmail
On Sun, 15 Apr 2001, Ricardo Melo wrote: Estou com um problema para receber meus e-mails pelo fetchmail, já o configurei no fetchmailconf mas recebo a seguinte mensagem de erro: fetchmail: SMTP connect to localhost failed fetchmail: SMTP transaction error while fetching from pop3.uol.com.br fetchmail: Query status=10 (SMTP) Done. Instale um MTA, tal como o exim ou o postfix. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpBdXOwhR1eH.pgp Description: PGP signature
Re: Here's one for your stupid file
On Thu, 12 Apr 2001, Karsten M. Self wrote: Anybody know how I can recreate the required files? `-- archives `-- partial WAG: I think you might just be able to run 'apt-get update' to update your package lists. If that doesn't work, try creating the directories, permissions: Close, but not all. run dselect update instead, it will call apt-get update and then refresh the dselect database as well (assuming you use the apt method in dselect). drwxr-xr-x3 root root33479 Apr 11 00:44 archives/ drwxr-xr-x2 root root 291 Apr 11 00:44 archives/partial/ Yes, you need to create this two directories for apt to run without complaining. Don't worry about the other files, they'll be regenerated. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpafZyTBiUFJ.pgp Description: PGP signature
Re: auto add 127.0.0.0?
On Tue, 10 Apr 2001, Barbara and Rory Campbell-Lange wrote: How do I set up the general loopback network address 127.0.0.0? You should not need to do this in any 2.2.x or newer Linux kernel... (I don't know about The Hurd, though). The Linux kernel will automatically route packets using the interface's IP and netmask. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpVCV3q8hpP8.pgp Description: PGP signature
Re: fetchmail estranho
On Sat, 07 Apr 2001, Fabiano Manoel de Andrade wrote: Mais ainda tó tendo um probleminha, na primeira vez que faço o comando fetchmail recebo a mensagem: [23:50:51]lottar~/ fetchmail 1 message for [EMAIL PROTECTED] at pop.onda.com.br (12929 octets). reading message 1 of 1 (12929 octets) flushed fetchmail: access denied fetchmail: Authorization failure on [EMAIL PROTECTED]@pop3.ieg.com.br fetchmail: authorization error while fetching from pop3.ieg.com.br fetchmail: Query status=3 (AUTHFAIL) Ou senha errada, ou o servidor pop está de gracinha. O meu, por exemplo, se recusa a permitir acessos perto das 7:00 da manhã por algum motivo... mas depois de algum tempo, volta ao normal. Isso sem falar em 2 ou três paus ao longo do dia (tenho conexão permanente e faço uma poll a cada 5 minutos, faça as contas :-P) sem maiores explicações. You have new mail in /var/mail/fabiano E na segunda [23:52:35]lottar~/ fetchmail fetchmail: Unknown login or authentication error on [EMAIL PROTECTED]@pop.onda.com.br O servidor provavelmente não gostou do acesso tão pouco tempo após o último. Tente esperar alguns minutos... 5 ao menos. E sim, existem bons motivos para isso acontecer. Particularmente se você deixar as emails no servidor no lugar de deletá-las do servidor após o download... fetchmail: Authorization failure on [EMAIL PROTECTED]@pop3.ieg.com.br fetchmail: authorization error while fetching from pop3.ieg.com.br fetchmail: Query status=3 (AUTHFAIL) O servidor do ieg está reclamando que a senha ou nome do usuário estão errados. poll pop.onda.com.br with proto POP3 user MEULOGINONDA there with password MYPASSWORD is fabiano Ponha o login e password entre . -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpcQLzP4xitu.pgp Description: PGP signature
Re: fetchmail Hangs on First and Only 1st Try
On Wed, 04 Apr 2001, John Bacalle wrote: RE: fetchmail 5.3.3 ; InterMail vM.4.01.03.16 ; ATT Worldnet I have an odd problem fetching mail on the _first try_, and fetchmail hanging at the sign-off stage of the process. Try disabling all sort of auto detection and telling fetchmail exactly what kind of server you have. If this fixes the issue, please report back. fetchmailconf may help you in the configuration. It should reduce the startup time in the worst case... I have to ^C when it hangs (indefinitely, up to 90 minutes at least) and from then on fetchmail gives no more further problems. I run it from a cron job. Looks like a TCP connection getting stuck to me. Hmm... It stopped ofering IMAP (albeit testing), and since then 'proto auto' in my .fetchmailrc yields a 3 minute hang when fetchin mail. I mentioned my observations and my problem to my provider, but they do not see any correlation. Doing, '$ fetchmail -vv' shows: fetchmail: SMTP 250 OK id=14gJTW-00023x-00 flushed fetchmail: POP3 DELE 118 fetchmail: POP3 +OK fetchmail: POP3 QUIT fetchmail: POP3 +OK foo InterMail POP3 server signing off. ^^ At this stage it hangs indefinitely. When that happens, could you try a netstat --inet and check what state is the connection to the pop3 server? Fetchmail will hang until that connection finishes closing AFAIK. Now ^C fetchmail, and verify what happens to that connection. Please CC: me with the reply. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpciGOASV8Yi.pgp Description: PGP signature
Re: fetchmail segfaults
On Tue, 03 Apr 2001, Ethan Benson wrote: On Tue, Apr 03, 2001 at 10:50:23PM -0300, Henrique M Holschuh wrote: On Wed, 04 Apr 2001, David Jardine wrote: I recently re-installed a slink system from scratch on my [...] Fetchmail dies with something like the following: Speaking as the fetchmail maintainer, get a new version. The fetchmail in slink is full of segfaults. Same goes to the one in potato. The segfaults could be triggered by certain email patterns. if the fetchmail in potato is this broken shouldn't a better one be put into proprosed-updates/r3 ? or will the release manager not buy it? Well, it is not a security update, and it has about 90% chance of causing headaches, since the new initscript/ppp-scripts scheme will force the user to do some manual configuration. I don't think it should go in stable. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpyGTnnstd3G.pgp Description: PGP signature
Re: fetchmail segfaults
On Wed, 04 Apr 2001, Tony Crawford wrote: Henrique M Holschuh wrote (on 4 Apr 2001, at 9:48): Well, it is not a security update, and it has about 90% chance of causing headaches, since the new initscript/ppp-scripts scheme will force the user to do some manual configuration. I don't think it should go in stable. Considering I've already manually messed with my /etc/init.d and /etc/ppp/ip-up.d scripts enough, let me just ask for the specifics before upgrading: certain internal problems with segfaults due to certain mail content are fixed in the version now in woody? Yes. But be ready to have CRAM-MD5 and other nasty pits of bugs on IMAP/pop3 servers (and fetchmail, I suppose) to jump at your neck. --auth password is your friend if that happens. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpwGIgSlBZBd.pgp Description: PGP signature
Re: fetchmail segfaults
On Wed, 04 Apr 2001, David Jardine wrote: I recently re-installed a slink system from scratch on my [...] Fetchmail dies with something like the following: Speaking as the fetchmail maintainer, get a new version. The fetchmail in slink is full of segfaults. Same goes to the one in potato. The segfaults could be triggered by certain email patterns. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpQpdY880YUw.pgp Description: PGP signature
Re: Estou abandonando o software livre
On Sun, 01 Apr 2001, Eduardo Marcel Macan wrote: Mundo este a que agora renuncio... Hmm, Maçan, o rio fica do lado de fora da ponte :P -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Medir disponibilidade do sistema
On Thu, 29 Mar 2001, lukestar wrote: que interessa, gostaria de saber se existe para linux uma ferramenta que possa medir os recursor de sistema, igual ao top, só que tem que gerar um log ou um arquivo que respresente os picos de maior utilização do servidor. Instale um daemon SNMP, e o Criket. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpdQR24Ar7ZB.pgp Description: PGP signature
Re: uid default no gpg
CC: pra vocês dois porque developer debian não pode deixar de entender o GNUpg de dentro pra fora :P On Thu, 29 Mar 2001, Carlos Laviola wrote: On 28-Mar-2001 Gustavo Noronha Silva (KoV) wrote: de eu ter o meu outro email... essas assinaturas vao ser perdidas ou vao ser passadas pro debian.org? Perdidas. Mas você pode escrever para os que assinaram a chave antes usando uma email assinada, pedindo para assinarem sua nova UID. Uma vez que a chave não foi revogada (só algumas das UID), essas pessoas poderiam assinar a UID faltante e enviar a chave assinada para o endereço de email na nova UID (-- NÃO PARA OS KEYSERVERS --). Por essas e por outras eu tenho duas chaves, uma para coletar assinaturas, e outra pra uso normal. Bom, isso realmente pode parecer assim. Mas, segundo o meu entendimento, é coerente assumir que a assinatura que eles deram foi na sua key, e não no UID dela. Ou seja, apesar de você estar revogando o UID em que eles assinaram sua Você não assina chaves. Assina uma chave + UID(s). E isso realmente significa que você deveria não só ter absoluta certeza do nome da pessoa, mas também do endereço de email... você está assinando embaixo que OS DOIS são verdadeiros. Inclusive, eu também tenho minha chave assinada por você e pelo Gleydson, e o GPA (GNU Privacy Assistant), um frontend pra GnuPG, mostra ambas as assinaturas como válidas, mesmo com o UID original revogado. Se você ainda estiver com Hmm? Se apenas o UID revogado continha essas assinaturas, isso é um problema de segurança no GPA. Favor verificar e reportar o bug. Por essas e por outras eu não uso frontends... recomendo o wwwkeys.pgp.net e o keyring da debian, se bem que o último está sincronizando dados com o primeiro periodicamente). Bleh, eu tenho minhas dúvidas quanto a isso. Da última vez que dei um merge-only do keyring do Debian com o dos keyservers, foram incluídas umas 40 assinaturas novas... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpeOeV0vc5EZ.pgp Description: PGP signature
Re: uid default no gpg
On Thu, 29 Mar 2001, Carlos Laviola wrote: Você não assina chaves. Assina uma chave + UID(s). E isso realmente significa que você deveria não só ter absoluta certeza do nome da pessoa, mas também do endereço de email... você está assinando embaixo que OS DOIS são verdadeiros. Isso não faz o menor sentido, tendo em vista que apenas eu posso revogar um UID Leia de novo o manual... e adicionar novos UIDs. Ou seja, se alguém assina a minha chave, essa pessoa Você não assina chaves, você assina UIDs de uma chave. Estou falando sério, adicione uma UID e você vai ver. Tente gpg --list-packets se ainda não for exemplo suficiente. não está falando que eu sou Carlos Laviola em [EMAIL PROTECTED], mas sim que eu sou Carlos Laviola. Seria o mesmo que o meu pai dizer que não acredita Algum dia você vai dar de cara com duas chaves diferentes (cujos donos são diferentes), com mesmo UID fora o endereço de email, e que por pura coincidência a mesma pessoa assinou ambas. Aí você vai entender. Isso pode não ser muito comum no Brasil, mas lá fora é. Porque você acha que o PGP 1.0 começou com essa história de por o endereço de email na chave? Note, entretanto, que o gpg assina cada UID com a própria chave. Isso permite um certo grau de certeza que uma nova UID não assinada é correta se uma outra UID mais velha da mesma chave tiver sido assinada por certa pessoa. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpWDsZVpOXXp.pgp Description: PGP signature
Re: Medir disponibilidade do sistema
On Thu, 29 Mar 2001, lukestar wrote: Vc sabe de onde eu posso baixar esse software ? Debian (unstable no pior dos casos, mas acho que tem no stable sim). Errei o nome de um deles, é Cricket, não Cricket. SNMP é um protocolo, tem várias implementações disponíveis. Eu procurei no freshmeat, slashdot, debian packets e naum consegui achar ... Se vc puder dar o caminho das pedras ... eu agradeço $apt-cache search SNMP snmp - NET SNMP (Simple Network Management Protocol) Apps. snmpd - NET SNMP (Simple Network Management Protocol) Agents. snmptraplogd - A configurable snmp trap daemon. spong-client - A systems and network monitoring system -- client programs spong-common - A systems and network monitoring system -- common libraries spong-server - A systems and network monitoring system -- server programs spong-www - A systems and network monitoring system -- web interface stools - a collection of SNMP command line management tools Várias opções, como você pode ver. Acho que o snmpd em conjunto com snmp são suficientes para seu caso. $apt-cache search Cricket cricket - Program for collection and display of time-series data -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpwqYDsUZiF6.pgp Description: PGP signature
Re: uid default no gpg
On Thu, 29 Mar 2001, Carlos Laviola wrote: On 29-Mar-2001 Henrique M Holschuh wrote: Note, entretanto, que o gpg assina cada UID com a própria chave. Isso permite um certo grau de certeza que uma nova UID não assinada é correta se uma outra UID mais velha da mesma chave tiver sido assinada por certa pessoa. De fato. O engraçado é que na mesma mensagem você mostra algo contra meu argumento e a favor dele :-) Com essa sua última observação, dá pra ver que não há como você confundir uma key com outra, por causa da auto-assinatura. Além Claro que dá. Se você não sabe qual é a keyid, você não tem como saber qual dos dois caras é aquele com quem você quer conversar... a menos que saiba qual o email dele, e esse esteja na UID. Por isso, o email DEVE ser considerado parte da informação que deve ser verificada pelo assinante. disso, a assinatura que você dá em um uid e que é revogada continua válida porque você assinou em cima do uid novo: Eh? Não mesmo. Siga essa linha temporal: A assina chave de B (todas as UID na chave de B) B cria nova UID, e revoga UIDs antigas A nova UID na chave de B não está assinada por A, e se não fosse um bug cretino do gpg, o grafo de validação das chaves não mais conteria A-B. Ou seja, você não sabe mais com certeza que a chave B é confiável. Um --check-sigs vai mostrar que você confiava nas UID revogadas, entretanto... e que a nova UID está assinada pela keyid que assinou as UID revogadas. Fica extremamente simples chegar a conclusão que você pode confiar na nova UID. Ou testar isso usando uma mensagem cifrada, se você for paranóico. Com o comando gpg --check-sigs: pub 1024D/3516D372 2000-06-05 Carlos Laviola [EMAIL PROTECTED] sig! 3516D372 2001-02-17 Carlos Laviola [EMAIL PROTECTED] Essa UID só está assinada pela chave. uid[revoked] Carlos Laviola [EMAIL PROTECTED]rev! 3516D372 2001-03-02 Carlos Laviola [EMAIL PROTECTED] sig! 985BA281 2000-11-18 Gleydson Mazioli da Silva (Chave PGP Pessoal) [EMAIL PROTECTED] sig! 882A6C4B 2000-11-18 Gustavo Noronha Silva (KoV) [EMAIL PROTECTED] sig! 3516D372 2000-06-05 Carlos Laviola [EMAIL PROTECTED] Já a UID revogada acima foi assinada pelo KoV e pelo Gleydson. uidCarlos Laviola [EMAIL PROTECTED] sig! 3516D372 2001-03-24 Carlos Laviola [EMAIL PROTECTED] E essa não foi assinada. sub 1024g/C8B35AF7 2000-06-05 sig! 3516D372 2000-06-05 Carlos Laviola [EMAIL PROTECTED] E essa nunca é assinada :P Manda uma mensagem assinada pedindo pro KoV e pro Gleydson assinarem tua UID nova... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpsJXWvwVEej.pgp Description: PGP signature
Re: uid default no gpg
On Thu, 29 Mar 2001, Gustavo Noronha Silva (KoV) wrote: essa sua mensagem me trouxe uma outra duvida... acabei de me dar conta que assinei sua chave com o meu uid da dockov... Acho que não é bem assim. Não tenho certeza, mas pelo que me lembro apesar de você assinar sempre (keyID+uid), o signatário é só a keyid. Ou seja, aparece [EMAIL PROTECTED] lá porque aquela UID ainda está marcada como a UID principal da tua chave na cópia que o Laviola tem. se eu revogar minha uid zaz.com.br sua chave continua assinada por mim (por causa do fingerprint ou da propria chave) ou tenho de assinar com o outro uid? Deve continuar assinada... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpTHcpH2pFYi.pgp Description: PGP signature
Re: Como resolver o problema da distribuição de GnuPrivac yGuard para a gente?
On Thu, 29 Mar 2001, hzi wrote: Estive tentando fazer o d/load do GNU Privacy Guard, programa de encriptação forte com chave pública. Que faz parte da infro-estrutura básica do Debian, e é usado por 100% dos developers registrados. Pelo que vi, ao usar o dselect, os binários de um pacote .deb não estão disponíveis para nós em www.debian.org. Assumo que isso se deva às Não. Eles estão disponíveis em nonus.debian.org. pacote em algum site para d/load, fora dos EUA, como parte não-oficial da distribuição? O gnupg, assim como todos os pacotes em non-US/main, é parte oficial da distribuição Debian. Eu só achei o pacote para o Red Hat...E não vou usar o alien com o GnuPG. Sei lá eu o que poderá causar em termos de segurança. Tenho pruridos... Bem, provavelmente vai esculhambar um pouco a vida do dpkg, mas não deve causar problemas de segurança. Não é a melhor solução, entretanto. Adicione ao seu /etc/apt/sources.list: deb http://security.debian.org/ stable/updates contrib main non-free deb http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free A linha do security.debian.org vai de graça, porque se você não tem a do non-us, eu não vou supor que tenha a do security... Tenha certeza de estar usando o método APT no dselect, e mande ele dar um upgrade na lista de pacotes disponíveis. O gnupg vai estar lá. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpKiawgjUYPL.pgp Description: PGP signature
Re: Como resolver o problema da distribuição de GnuPrivac yGuard para a gente?
On Thu, 29 Mar 2001, Henrique M Holschuh wrote: deb http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free Melhor trocar aquele unstable ali em cima por stable... eu não lembrei de mudar. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpJI6A2H9rtP.pgp Description: PGP signature
Re: Decepção com o woody
On Tue, 27 Mar 2001, Pablo Borges wrote: On Mon, 26 Mar 2001, Gustavo Noronha Silva (KoV) wrote: Vamos deixar quieto esse último comentário ? Prefiro que vc diga use Debian ou morra! do que me sugira a usar alguma coisa rh-like, ainda mais os conectivos hereges que pseudo-portaram o apt-get p/ rodar naquele lixo venenoso. Bwhaha. Gostei do comentário. Se bem que o Kojima _está_ ajudando a Debian encontrando vacas loucas no código do APT enquanto ele implementa suporte para aquele sistema nojento de pacotes (RPM). Minha única raiva é que o WindowMaker ficou esquecido por causa disso. Mas nesse ponto culpo a Conectiva por pagar o Kojima pra tornar o RPM menos podre (esforço inútil, deviam era mudar para .deb) em vez de pagar por versões melhores do WindowMaker. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpky7HENEQmE.pgp Description: PGP signature
Re: Missing Debian Menu in Blackbox
On Tue, 27 Mar 2001, William Leese wrote: the subject says it all really. I recently did a clean install of sid, and found myself without a blackbox menu what so ever (well, 'cept the Exit, Restart and xterm options). Anyone know how i can getg my debian menu back? Make sure the menu package is installed. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpkM885sfWjp.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
On Mon, 26 Mar 2001, Mark Devin wrote: I would like to make fetchmail run as a user rather than root when run via my /etc/ppp/ip-up.d/fetchmail-up script You should consider the possibility of trying that using the fetchmail from unstable. It is safer... (speaking as the maintainer for fetchmail). Make a home directory for user mail - /home/mail set the owner and group for this directory to mail chown mail /usr/bin/fetchmail chgrp mail /usr/bin/fetchmail chmod 4755 /usr/bin/fetchmail There are much easier ways. The one that strikes me as good for root is to run su mail /usr/bin/fetchmail You can even have fetchmail as the default shell for user mail, and call su mail - I think. man su will tell you more. In most PAM configurations, root can su to another user without any sort of autentication checks. OR, you could simply have cron calling fetchmail for user mail... I wanted to do it this way 'cause I thought it would be more secure - ie less things running as root the better. But I guess its not possible to be cracked via fetchmail since it doesn't accept connections, it makes them itself. I've never heard of anyone cracking fetchmail, but it is NOT crack-proof, and I think there are some potential buffer overflows in the code (there were in the past). An hostile server could attack fetchmail. If fetchmail is running as root, this _could_ lead to root compromise. Any ideas 'cause it would be useful to know how to do it anyway. Do keep in mind that if you run fetchmail as user 'mail', it cannot change uid to deliver mail as it would were it root. This does not make it impossible to do what you want, it is just something you have to take into account. I'll play around with the idea and maybe even add something like that to Debian's default fetchmail package. No promisses, though. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgptDRJQKjtLR.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
On Mon, 26 Mar 2001, Mark Devin wrote: However, I didn't realise that doing this would cause potential problems with delivering mail. Is this only if the mail needs to be delivered to another user? Yes. BTW, if your user 'mail' has 'mail' as it default group, AND since Debian uses a sgid mail spool by default, it should be able to deliver mail to anyone even if you are forcing fetchmail to call, say, procmail to do it. AND I should add that when talking SMTP to a MTA (i.e. you told fetchmail to deliver to a SMTP server), fetchmail can deliver email to anyone, regardless of the user it is being run as. Or at least it damn well should be able to do it... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgprFpWaEvqR2.pgp Description: PGP signature
Re: fetchmail in unstable
On Mon, 26 Mar 2001, Marcus Geiger wrote: Ok, this is what I did before the new fetchmail policy (starting at boot time) came up. I think I will insert fetchmail -q anywhere in my ip-up.d script. I thought I will give it at try but it seems that there is no easy solution. Maybe the fetchmail maintainer You can call /etc/init.d/fetchmail start, /etc/init.d/fetchmail stop and /etc/init.d/fetchmail awaken from the ip-* scripts if you want (in the default config for a root fetchmail daemon, that is). intended it for simple ppp devices that get deleted when the ppp link goes down. Of course this does not work for me, since my IPPP device Yes. Although the new ip-up script will start fetchmail if it is not there (or awaken one that is lurking around in the background), and will NOT stop/kill fetchmail on ip-down by default. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp5mrwFo4mHi.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
Hi Mark! On Tue, 27 Mar 2001, Mark Devin wrote: What is wrong with this? Nb. I do not have a home directory for mail - just the Run fetchmail -v and that might help you find the problem. And you do have a home directory for mail, but it is /var/spool/mail. You probably need a '-' somewhere in that su line, or you'll run as user mail with the environment settings for root (which might confuse fetchmail. I don't know for sure). Also, make damn sure user mail has group mail as its primary (default) group. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp2x5XKOPaLU.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
On Mon, 26 Mar 2001, Andre Berger wrote: Though running as user mail, as Henrique suggested, is way more elegant. It would be a great idea to have a solution for ppp users out of the box... There is one: /etc/fetchmailrc, and let it run as root. It is described in the README.Debian, and a default ip-up script that will work even if you have a ppp link and a local LAN is there as well. It is NOT the optimal setup, though. It is a setup that won't fail in misterious ways (it does produce cosmetic problems, such as a failure to start fetchmail during bootup if you don't have a DNS resolver at that time). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpEsijZuNdiT.pgp Description: PGP signature
Re: Is is possible for updating 2.2.16 to 2.2.18?
Hi Jie! On Mon, 26 Mar 2001, Jie Zou wrote: Is is possible for updating kernel 2.2.16 to 2.2.18? If it is where to get the 2.2.18? 2.2.19pre17 is available in Debian unstable. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp09UWFYtl4b.pgp Description: PGP signature
Re: Still can't get fetchmail to run as user mail
On Tue, 27 Mar 2001, Mark Devin wrote: Is there some problem with what I have done? Does user mail have 'x' permissions to the /etc/ppp directory? I'd suggest you use /var/spool/mail to place .fetchids and /etc/fetchmail as the place for the config though (notice that /etc/fetchmailrc will trigger the initscripts, while /etc/fetchmail will not). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp5lYXqGEQCe.pgp Description: PGP signature
Re: Making root run fetchmail as a user?
On Mon, 26 Mar 2001, Andre Berger wrote: root would have to update this file whenever needed. Users can change their ~/.fetchmailrc on their own. True. But I cannot add such setup as the default. It would activate dormant .fetchmailrc's in the user directories. I can always add it as yet one more example, but that's it :( -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpxKyKjoZHyj.pgp Description: PGP signature
Re: (OT) - Static electricity grounding device?
Hi jh! On Sun, 25 Mar 2001, jh wrote: Hi. Does anyone know how or have a link to building your own grounding device that could attach to your wrist for hardware upgrades? I live in a very small town with no way to get one quickly. I know there are places online that sell them. Hoping to make something that would do the same job. I am in the process of upgrading my motherboard and don't want to take any chances. Thank you. -Jeff H Coating soft Grafitti over a strap of paper so as to create a strip of conductive material (that must touch your skin when you wrap it around your wrist) and soldering a copper wire to the grafitti stripe to plug into a grounding point should work. Be *very* wary of plugging that wire in non-trustable grounds. You could be eletrocutated if there is ground return (either due to electrical installation fault or a lightning bolt). Consider yourself warned. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpVAkR3ReSFN.pgp Description: PGP signature
Re: Japanese fonts
On Thu, 22 Mar 2001, Forrest English wrote: i would also like to know how to do this, my girlfriend is learning japanese, and has not been able to get it to work in windows (which Install japanese font packages, the X-TT truetype font server (built-in in X 4.0.x, but make sure to enable the right one), and Mozilla. Setup mozilla to use whatever japanese fonts you have in your system. You'll probably need also the japanese locales, a kana input method and a few other niceties (and do remember to enable the japanese locale in the shells you'll be working in japanese!). Installing task-japanese might help you there. I don't use any kana input methods, but I had no trouble whatsoever to get mozilla to render japanese web pages. Emacs also works fine for inputing japanese text, as long as you install the correct emacs package for the input method you need. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Japanese fonts
On Thu, 22 Mar 2001, Forrest English wrote: how would i switch the locales for one user? because i'm not to keen on It is session-based. Just set the environment variable LANG to the locale you want. I do hope you remembered to activate the locales you might need when installing libc6 (/etc/locale.gen and run locale-gen). If you are not 'click driven' and can use a xterm, just set LANG there and run the applications from that shell. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: debian news
On Fri, 16 Mar 2001, Carlos Laviola wrote: Qual era a sua intenção ao postar aquela mensagem? Talvez provar que não basta usar Debian, é preciso usar um software de email decente que se recusa a rodar javascript ? [I'm] glad [that] I use mutt, como disse alguém numa resposta à mensagem. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpCTHT3Jljgs.pgp Description: PGP signature
Re: fetchmail-ssle clarification
On Thu, 15 Mar 2001, David Purton wrote: What is the difference between fetchmail-ssl and fetchmail with the ssl flag set? (Both are separate packages in woody) Both are also separate packages in sid (unstable), but only because of Debian policy for non-US software. I don't believe fetchmail-ssl is being refreshed in woody because of the crappy libssl in woody. You're better off by using the one in sid. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: SETTING SYSTEM CLOCK
On Wed, 07 Mar 2001, Friedrich Dumont wrote: SETTING SYSTEM CLOCK USING THE HARDWARE CLOCK AS REFERENCE... That should not be in caps, unless your terminal is seriously screwed up. But it's a good thing to notice that patch to better document the hwclock script paid back... You want to muck around with /etc/init.d/hwclock.sh To boot without running that script (and therefore locking your system), you can try giving the init=/bin/bash command to the kernel in the LILO command prompt. You need to read the manpage for the hwclock utility, and verify what options are needed to avoid locking your machine. One option that I think might help you is --directisa. If that fails, comment out the hwclock line and use some other means to adjust the clock. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp5pNQQYzAGS.pgp Description: PGP signature
Re: fetchmail bad
On Wed, 28 Feb 2001, Rick Rezinas wrote: I am using testing with fetchmail talking to sendmail. The problem that I am having is that if the host from which mail is sent does not exist, sendmail rejects it, which causes fetchmail to segfault. Which version of fetchmail? Segfaults are *always* a bug, but if you're not running the newest fetchmail (5.6.7 or 5.6.8), there's a good chance it is one of the MANY segfaults fixed since the version in testing and stable... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpfA276XpepM.pgp Description: PGP signature
Re: fetchmail bad
On Wed, 28 Feb 2001, Rick Rezinas wrote: This is fetchmail release 5.5.3+NTLM+SDPS+NLS That version has way too many segfaults. I suggest you try one of the versions in unstable (but wait until tomorrow if any of your servers is M$ Exchange, the current one will timeout and not get your mail). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpFSdbcJ2K0r.pgp Description: PGP signature
Re: [ot] grub with 2 hard disks (was [OT] Grub)
On Tue, 27 Feb 2001, Joey Kool wrote: (For purpose of clarity, the previous problem of os not found was due to the fact that I did not change the bios bootup sequence. I had to specify the 2nd harddisk as the bootup disk instead of the first in bios. Most BIOS I know are braindamaged enough to swap the HDs when you tell it to boot the 2nd hardisk, and that WILL break GRUB. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: [Howto?]invoking fetchmail upon ppp connection...
On Sat, 24 Feb 2001, Andre Berger wrote: On 2001-02-24 02:01 +0100, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I should write a similar script for fetchmail and place it in /etc/ppp/ip-up.d So I wrote this script, but it doesn't work. FYI, the fetchmail packages currently in sid (unstable) manage a system-wide fetchmail daemon. The next upload (will be done in 5 days, tops) adds /etc/ppp/ip-up.d scripts integrated with the system-wide fetchmail daemon facilities, and documents on how to use them (in README.Debian). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpbFlW9eGnmQ.pgp Description: PGP signature
Re: True Type fonts
On Thu, 15 Feb 2001, Andrej Marjan wrote: You shouldn't need an external font server. I'm attaching my configuration Unless this has changed in XFree86 4.0.x, there is a very good reason to have a font server. If it freezes for a long time trying to render that monstruous unicode font or something like that, X won't freeze along with it. Actually, given XFree86's new found resilience against font servers dying (this used to be a DoS in older XFree86 releases), you can do more: I have a font server serving all fonts as the first entry in the font path, and the Xserver as a backup serving the same fonts later in the font path. If the font server dies, the Xserver takes over the rendering. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp7Kmut7cHVY.pgp Description: PGP signature
Re: ATT Korn shell for Debina (potato) ?
On Wed, 07 Feb 2001, Stan Brown wrote: On Wed Feb 7 12:15:42 2001 Moritz Schulte wrote... There's a public domain version of the Korn shell packaged as 'pdksh'. It's not very close to the most curretn version ksh93. I'm on it. I've just asked in debian-legal about the ATT license. I may package it later (or someone else may, I've not either ITP'd it oficially or checked for previous ITPs yet). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpQoDfoIS0CR.pgp Description: PGP signature
Re: is there a man .inputrc?
dlocate inputrc answers: /etc/inputrc $ head -2 /etc/inputrc # /etc/inputrc - global inputrc for libreadline # See readline(3readline) and info readline' for more information. These manpages are in the package: libreadline4-dev: /usr/share/man/man3/readline.3readline.gz -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: --- Por Favoir me ajudem , nao sei o q pode ser mais ... ----
Yahoo: 1. Nome e versao da placa mae, BIOS, CPU, chipset? 2. Clock CPU e PCI? (se voce estiver dando overclock, ponha a placa de volta no clock normal!) 3. saida de lspci -v (rode como root) ? 4. mensagens de boot do kernel? 5. trocar pentes de memoria nao adianta. Rode o memtest86 (procure na rede, ou instale o do debian, pacote hwtools) na placa por 24h e veja se nao tem defeito mesmo. 6. Compile um kernel sem APM e veja se funciona direito na sua placa. 7. Tente isolar o problema. Ligue a maquina e deixe ela quieta (sem atividade de rede, teclado, disco). Pifa? Agora ponha so' atividade de teclado. Pifa? ponha atividade de disco. pifa? Ponha atividade de rede. Pifa?... e assim por diante. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: --- Por Favoir me ajudem , nao sei o q pode ser mais ... ----
On Wed, 31 Jan 2001, Christoph Simon wrote: Eu não sei o que é uma pasta térmica. Me explica? Areia com grude :-P É uma pasta de silicio que melhora a transferência de calor por eliminar espaços de ar entre um dispositivo e outro (CPU e cooler). Custa MUITO barato e é inofensiva (não recomendo comer :-) ). Melhora a transferência de calor em até 60% dependendo do dissipador... Se for usar pasta térmica, rasape o lixo que os caras de Taiwan costumam por debaixo do cooler antes, e tente fazer uma camada de pasta tão estreita quanto uma folha de papel. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Odd CRC errors and md5 mis-matches - any ideas?
Your problem sounds like hardware on crack. Check if you don't have faulty memory modules, or disk corruption (caused e.g.: by running kernel 2.4.0 in certain VIA-based boards, by bad cabling or a bitrotten HD). And I don't have to say anything about undoing any possible overclocking of either the CPU or PCI bus you might be doing, I hope. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpUY0X2BL8Hg.pgp Description: PGP signature
Re: Informática, Administração, Agroindustria, Ag ropecuária
Caros Senhores(as), A mensagem incluída em anexo foi enviada para várias listas de discursão, inclusive as do projeto Debian (http://www.debian.org/), do qual sou membro. Uma das listas envolvidas é uma lista interna de sergurança do projeto. A outra é uma lista de usuários Linux com diversos assinantes no Brasil e Portugal. Que uma instituição federal de ensino superior, membra da Rede Nacional de Pesquisa, tome esse tipo de atitude (enviar email de cunho comercial sem autorização, também conhecido como spam) é inadimissível, e não deve ser deixado passar em branco. Peço que as devidas providências sejam tomadas para que isso não mais se repita. Como sugestão, refiro-os a http://www.debian.org/MailingLists, onde pode ser lida a política oficial do projeto Debian em relação ao envio de mensagens de cunho comercial através de nossas listas de discurssão. Caso a Universidade Federal de Santa Maria esteja disposta a contribuir com a devida doação ao projeto Debian, o incidente em questão será considerado como email autorizada por nós pós-facto, o que resultaria na retirada da queixa em reconhecimento ao esforço da UFSM para reparar o erro cometido. Eu, assim como outros membros brasileiros do projeto Debian, estamos disponíveis para prestar maiores esclarecimentos sobre o projeto e sobre o incidente caso isso seja necessário. Atenciosamente, Henrique de Moraes Holschuh [EMAIL PROTECTED] From XXX Wed Jan 24 02:30:49 2001 Return-path: [EMAIL PROTECTED] Received: from murphy.debian.org [:::216.234.231.6] by master.debian.org with smtp (Exim 3.12 1 (Debian)) id 14LHOu-0004Uj-00; Tue, 23 Jan 2001 22:19:16 -0600 Received: (qmail 12227 invoked by uid 38); 24 Jan 2001 04:19:08 - X-Envelope-Sender: [EMAIL PROTECTED] Received: (qmail 12067 invoked from network); 24 Jan 2001 04:19:05 - Received: from cactus.casm.ufsm.br ([EMAIL PROTECTED]) by murphy.debian.org with SMTP; 24 Jan 2001 04:19:05 - Received: from cactus.casm.ufsm.br (casm24.casm.ufsm.br [200.132.36.173]) by cactus.casm.ufsm.br (8.9.3/8.9.3/Debian 8.9.3-21) with SMTP id CAA24243 for debian-user-portuguese@lists.debian.org; Wed, 24 Jan 2001 02:14:13 -0200 Message-Id: [EMAIL PROTECTED] X-Authentication-Warning: cactus.casm.ufsm.br: Host casm24.casm.ufsm.br [200.132.36.173] claimed to be cactus.casm.ufsm.br Date: Tue, 01 Jun 1999 16:37:18 To: debian-user-portuguese@lists.debian.org From: [EMAIL PROTECTED] (Escola) Subject: Informática, Administração, Agroindustria, Agropecuária MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Resent-Message-ID: [EMAIL PROTECTED] Resent-From: debian-user-portuguese@lists.debian.org X-Mailing-List: debian-user-portuguese@lists.debian.org archive/latest/2691 X-Loop: debian-user-portuguese@lists.debian.org Precedence: list Resent-Sender: [EMAIL PROTECTED] Resent-Bcc: Resent-Date: Tue, 23 Jan 2001 22:19:16 -0600 Delivered-To: [EMAIL PROTECTED] Status: RO Content-Length: 2367 Lines: 28 1- Cursos Técnicos Federal - Informática - Administração - Agroindústria - Agropecuária 2- Requisitos para Ingresso 3- Por quê escolher um curso técnico na Escola Federal de Santa Maria 4- Como fazer a sua inscrição? 5- Cursos e concursos públicos - faça o seu cadastro. - Visite nossa Home Page. 1- Seja um técnico em Informática, Administração, Agroindústria, Agropecuária na Escola Federal de Santa Maria - CAMPUS - UFSM. A duração dos cursos são de um ano e meio + Estágio. - 2 - Para ingressar no curso se requer a conclusão do pós médio (2o. grau) e ter realizado a inscrição até dia 24\01\2001 de janeiro em q.q. agência do Banco do Brasil do estado do RS e até dia 31\01\2001 na agência CAMPUS na Universidade Federal de Santa Maria. - 3- Você estará estudando na Cidade Universitária de Santa Maria - RS, uma das mais conceituadas do Brasil. Os cursos funcionam dentro do Campus da Universidade Federal de Santa Maria. Em apenas 6 meses você estará apto a atuar no mercado de trabalho e com apenas 18 meses de curso você apto como um técnico na área escolhida. - 4- A inscrição nas Agências do Banco do Brasil requerem 1 foto 3x4 recente e R$5,00 do manual + R$25,00 da taxa de inscrição. Os cursos são gratuitos e não possuem mensalidades. A inscrição pode ser realizada através de procuração. - 5 - Se você tem interesse em
Re: SSH
On Thu, 18 Jan 2001, Nate Amsden wrote: Benjamin Pharr wrote: While logging into my Debian box using ssh I noticed that it is setup to use SSH version 1 by default. This protocol is widely known to have security problems. Does anyone know why Debian is still using it? Below I have pasted a link from the official ssh.org FAQ. and which security problems are you referring to? i read every bugtraq ssh protocol v1. is extremely braindamaged, in the sense that it uses constant signed authenticators for a given set of endpoints (and maybe users, I don't recall). At least, that's what I could get from the available discussions on the issue in the security foruns (see the slashdot 'articles' for links to them, I don't recall the URLs). A sucessfull MIDM attack against ssh protocol 1 gives you access to the target machine forever. The same attack against ssh protocol 2 gives you access only if you hijack that (ongoing) connection, or if you manage to futher compromise the target's security (install a trojan, capture a password, etc). So, yes, ssh v1 is indeed MUCH worse than ssh v2. They're still unsafe unless you deploy a PKI structure to have the server's public keys available (and also known not to be tampered) to the users before first connection. All the the other common issues when dealing with public-key crypto need to be addressed as well. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgps05Nh7HuyV.pgp Description: PGP signature
Re: your mail
On Sun, 14 Jan 2001, [EMAIL PROTECTED] wrote: nome do aplicativo. Por acaso alguem tem alguma ideia do nome do programa O nome do pacote é file-rc -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: O Império do Netscape
On Fri, 12 Jan 2001, Eduardo Marcel Macan wrote: On Fri, Jan 12, 2001 at 09:55:28AM -0300, I. C. Mourão wrote: A Debian tem o propósito de promover a liberdade do software, e não podemos abrir exceção para software não-livre em nossos CDs só porque não existe aplicação livre para tudo. Para isso existem as seções non-free e contrib, comercializada por muitos distribuidores como um CD extra. Ratifico o que o Maçan disse. Todos os developers registrados do Debian assumem um compromisso moral de defender software livre, em detrimento de software proprietário. O próprio projeto Debian, como um todo, assume esse mesmo compromisso. Por favor, leiam http://www.debian.org/social_contract Software não-livre não faz, nem nunca fará parte do Debian. Não há nem haverá excessões a esta regra, por razão alguma. Nenhum developer Debian, enquanto do exercício de suas funções para o projeto Debian, pode violar o espírito dessas regras. Lembro todos que a distribuição non-free *não* *faz* *parte* *do* *Debian*. É isso mesmo, ela é considerada uma distribuição separada, para a qual o projeto Debian cede espaço e infra-estrutura, mas só isso. são comuns. Em particular eu ainda não experimentei usar flash no mozilla, mas de qualquer forma FLASH é uma tecnologia proprietária. A falta que Não é mais :) Saiu o plugin GPL, deve estar em sid (unstable) em breve, o ITP já foi publicado. Boa coisa, considerando que todos os plugin Flash são um risco de sergurança (buffer overflow) e que a Macromedia não está nem aí para isso. O mozilla 0.7 vem com TLS (https) habilitado, e deve estar em sid (unstable) em breve. conexão lenta (33,6) e nenhuma disposição para ficar baixando pacotes pesados pela Internet, razão pela qual descobri que não sou um bom candidato à usuário do Debian, mas gostaria de insistir um pouco mais. Passei um bom tempo fazendo desenvolvimento pro Debian num modem de 14k4, o que implica em 50MB médios de download por semana, com picos de até 200MB numa semana. Basta saber usar o sistema e programar uns scripts para efetuarem os downloads que você precisa durante a madrugada, sem supervisão. 1. Posso utilizar o alien para instalar o Netscape a partir de um pacote de outra distribuição? Funciona? Pode, mas é péssima idéia. Pegue o código fonte e compile em /usr/local que é mais seguro, se isso for possível. 2. Como o apt-cdrom não reconheceu o CD que possuo com o Helix-Gnome, posso copiar os pacotes para um diretório do HD e instalá-los dali? Como? Copie tudo quando é .deb pro cache do apt, que normalmente fica em /var/cache/apt/archives/ e ele vai usá-los, no lugar de tentar obter do CD ou da rede. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpQGYQE5VKWL.pgp Description: PGP signature
Re: Dica: otimização IDE/HD
On Thu, 11 Jan 2001, KrIsSkRoSs wrote: Passos: 1. acrescente a linha abaixo no /etc/lilo.conf e execute o lilo. append = idebus=66 Eu *adoro* esse tipo de dica perigosa. NAO MEXA EM IDEBUS se não souber o que está fazendo. Particularmente se for usar o hd em modo DMA. 2. acrescente a linha abaixo no /etc/rc.d/rc.local. hdparm -m8 -c3 -k /dev/hda Nunca adicione -k em hdparm a menos que você tenha testado no hardware e verificado que não há problemas. Com aquele -k um reset no bus não vai salvar seu HD de um tremendo pau de disco por erro nas opções. Mantenha um olho nas mensagens de log do kernel (dmesg mostra), para ver se não está ocorrendo erro de disco durante alguns dias após brincar com o hdparm. Use UDMA se for possível. É muito mais seguro que DMA ou PIO porque tem CRC de um lado do cabo de HD pro outro :) Em 99% das máquinas NOVAS, se o hd estiver com DMA habilitada, -u1 vai melhorar a perfomance em muito (não a taxa de transferência, mas tente trabalhar durante um cp de um arquivo de 1GB que você vai entender). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Packaging Policy.
On Sun, 07 Jan 2001, Corey Popelier wrote: Correct, I'm sure as hell not about to do that :) But I was thinking along the lines of saying look, here's an unofficial .deb of fetchmail since it appears to be a tad outdated, and I've had considerable problems with the existing one which appear to be resolved in a later version. FYI fetchmail was officialy adopted this morning with the blessings of Paul (the former fetchmail maintainer). I'll be sponsoring the uploads, as Chris Ball (the new fetchmail maintainer) is in the NM queue. BUT this doesn't mean your help is not appreciated :) Just mail patches to the BTS, and you'll be helping a new release of the fetchmail package to come out faster. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgppiGOQYhDcn.pgp Description: PGP signature
Re: 2.4.0 and 3com 905c
i've been using stock kernel 2.2.17 that came with potato. it recognized my 3com nic (as 3com 3c905c) and works wonderfully. 3c905cx are broken in 2.4.0, but earlier models (such as my 3c905b PCI card) work just fine. A patch to fix the issue with the 3c905cx was sent to the linux-kernel list yesterday and will be included in 2.4.1. You might try to fetch the patch from the linux-kernel archives if you're in a hurry to try 2.4.0 out. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpY24NI332pk.pgp Description: PGP signature
Re: cron vs anacron
On Wed, 13 Dec 2000, Erik Steffl wrote: there is a version of cron (don't remember the name) that runs everything that should have been run but wasn't (because system was down) right after the system starts, that might make anacron obsolete. fcron, but it doesn't do ALL that Debian's cron do, at least not yet. As for making anacron obsolete, well, anacron is smaller and simpler. fcron does more but eats more memory and cpu. It's the usual choose the right tool for the job. and you are not supposed to turn off the computer! ever! :-)) Err... but how am I supposed to remove the lint inside the fans then? :P -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpQNcVPNCne3.pgp Description: PGP signature
Re: tunneling ftp through ssh
On Fri, 08 Dec 2000, Erik Steffl wrote: from what I've read in ssh docs/faq it is not possible because ftp uses two connections... (control and data). Just use passive mode. This will easily secure the control connection (port 21) which carries passwords and other stuff (such as filenames). Securing the data connection requires help from the ftp program AND passive mode as well, I think. Check out lftp, it may screw up when talking to WarFTPD (which ncftp knows how to talk to just fine), but it sure is one hell of a ftp program and AFAIK supports ssh tunnels natively. It might very well know how it should secure a passive-mode data connection. My understanding is that this method requires passive transfer, which I am using. I also tried without passive and got just the list failed part of the error. Any suggestions would be greatly appreciated. Hmm... I usually do ssh -l login -L2121:ftphost:21 remotehost, leave that shell open, ftp localhost:2121, passive, start transfer, logout from ssh shell (if I don't care that the ssh tunnel will collapse shound the data connection die for some reason). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpR05hc3ts6r.pgp Description: PGP signature
Re: 2.2 - 2.2.2r
On Fri, 08 Dec 2000, Brooks R. Robinson wrote: I am unclear and may be totally off base, but it is my impression that proposed updates are proposed until a new release level is generated i.e., all the proposed updates after 2.2r0 would be in 2.2r2 and that stable would link to 2.2r2. Am I correct in this statement? All the proposed updates that were accepted, yes. The 2.2r2 release (NOT proposed-updates) may contain different stuff from what was there in 2.2r1/2.2r0 proposed-updates, I think. Packages in proposed-updates that were rejected by the release manager are not included, and AFAIK late-coming stuff that never went through proposed-updates might have been included at the release manager's discretion. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpUxFoxzPTeK.pgp Description: PGP signature
Re: This list is rudderless, damn it, damn it, damn it
On Fri, 08 Dec 2000, Jim Kroger wrote: Unsubscribe me already! I've sent the right mail to the right place multiple times, sent mail to the guy at the bottom who says send me mail if you have a problem, and now several days later I'M STILL NOT UNSUBSCRIBED TO THIS STINKING LIST ! WHAT A LOSER !!! 1. The listmasters for @lists.debian.org do voluntary work. Calling them losers won't help (and no, I am not a listmaster and I can't force-unsubscribe you). 2. Killfile us, and you'll not have to wait until you're subscribed to get rid of us... 3. Are you DAMN sure you've not been just as kind with someone else like you've just been with the listmasters and earned yourself an addition to a .forward somewhere else? That would mean you're not even subscribed to this list (someone else whom dislikes you is automatically forwarding crap to your account). Check the Received: readers. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Who is 'nobody'?
On Thu, 30 Nov 2000, Johann Spies wrote: Who is this nobody? 'nobody' is a 'system' user. User 'nobody' should never ever have ANY files in the filesystem (if it does, that's probably a security hole), and should be used by daemons and the like that need only read access to files that are readable by all users. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpxeIifJtiCL.pgp Description: PGP signature
Re: Who is 'nobody'?
On Thu, 30 Nov 2000, kmself@ix.netcom.com wrote: on Thu, Nov 30, 2000 at 04:37:47PM -0200, Henrique M Holschuh ([EMAIL PROTECTED]) wrote: 'nobody' is a 'system' user. User 'nobody' should never ever have ANY files in the filesystem (if it does, that's probably a security hole), and should -rw-rw1 nobody mail12487 Jun 2 2000 /var/spool/mail/nobody You should probably have nobody as an alias for root in your email routing... (and root as an alias for someone else, actually). /tmp/.font-unix: total 0 srwxrwxrwx1 nobody nogroup 0 Nov 19 04:02 fs7100 srwxr-xr-x1 root root0 Nov 19 04:02 fs7101 For Xfree86 3.3.6 I think one could crash an Xserver by killing the font server. It's a good thing that unliking a socket won't kill the pipe of anything that has opened it already... (AFAIK, that is). Anyway, the above are not security risks. Do notice the sticky bit set in the directory. I'm not sure that nobody should own *no* files. But files owned by nobody *should* be minimized. Note that nobody is just another Yes, indeed. 'nobody' should own only files that in no way allow a security compromise. In some cases, daemons run as 'nobody' (apache under RH, I believe), and it may be necessary to create temporary files as 'nobody'. Other thoughts? Filesystem races are a major problem, if the daemon running as 'nobody' does not act in an extremely paranoid way when creating its temp files. This is a rather common exploit technique. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpn58RkpNKyw.pgp Description: PGP signature
Re: mount count
Every time the system mounts a volume (disk), it increases a counter. When this counter reaches a predefined value (the maximum mount count), fsck is forced to check the disk. This is normal behaviour, there is nothing wrong with your system or disks. You can change the 'maximum mount count' using tune2fs, I think. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpr42oCHMXjO.pgp Description: PGP signature
Re: Termcap
On Fri, 24 Nov 2000, Guilherme koerich Lima wrote: Bom, estou tendo certos problemas a ao termcap, jah que nao sei direito o que ele realmente faz e sua funcao. O problema eh o seguinte, quando executo o BitchX no potato, ele retorna a seguinte menssagem de erro: Termcap é uma praga ancestral cujo uso é severamente desencorajado no Debian. Programas decentes usam Terminfo no lugar de Termcap :-) Bom, você pode instalar um pacote de compatibilidade. Instala aí o pacote 'termcap-compat', isso deveria ser suficiente pra fazer o bitchx feliz... Aqui ele roda sem reclamar. Mas isso é estranho, meu bitchx (woody) tá compilado usando o ncurses5, ou seja, terminfo... Quanto a aprender sobre termcap, eu sugiro que você instale os pacotes do ncurses5 e aprenda a usar eles. Dá mais futuro :) -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpPqEz716Mav.pgp Description: PGP signature
Re: Sudden instability: can a faulty mouse cause this?
On Wed, 15 Nov 2000, Johann Spies wrote: I have a ps/2 mouse which I have used without problems for about a year now. Can a hardware problem on the mouse or the ps/2 port cause this? How can I determine the cause? Yes, a short-circuit in the mouse (or in any other peripherical, Keyboards are notorious for doing this) may cause lock-ups and other problems (such as memory errors). Also, a short-circuit somewhere else may be driving the computer dangerously unstable, and moving the mouse is enough to push it over the edge (but this is unlikely). I assume you don't have a multimeter readly available to simply test the ports and mouse. Plug another mouse. If it works, the mouse is probably the culprit. Also, removing GPM and telling X to use something else for a mouse should STILL lock up your computer if the mouse is the real culprit, I guess. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpNKDktis8VO.pgp Description: PGP signature
Re: Sudden instability: can a faulty mouse cause this?
On Wed, 15 Nov 2000, Johann Spies wrote: On Wed, Nov 15, 2000 at 10:19:11AM -0200, Henrique M Holschuh wrote: On Wed, 15 Nov 2000, Johann Spies wrote: I have a ps/2 mouse which I have used without problems for about a year now. Can a hardware problem on the mouse or the ps/2 port cause this? How can I determine the cause? I assume you don't have a multimeter readly available to simply test the ports and mouse. I have a multimeter but do not know how to test the ports and the mouse. Is there documentation somewhere? I think you can find the PS/2 mouse pinout doing a search in www.google.com. The hardware repair FAQ (use google to find it, it might be named 'electronics repair faq', or something like that -- I don't recall) should be of help as well, I suppose. To look for shorted circuits, you just need to use the ohmimeter function and look for low resistance (anything lower than 1k is suspicious ;-) ) between different wires that should be isulated from each other (such as TX and RX in a serial port -- the PS/2 pinout will help you). I think the multimeter's probe current for resistance measurement is not likely to damage the mouse, but I cannot be sure; you have been warned. BTW: this test is not failure-proof. It won't detect if your mouse is draining just a bit more current than the PS/2 specs allow for, either. I don't recommend you test the ports with a multimeter. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpIkL2W6XQQL.pgp Description: PGP signature
Re: 2 3com nics, 1 box :)
On Sun, 12 Nov 2000, Sebastiaan wrote: Unpack it (might work with upzip, else you should load msdos) and copy the file 3c5X9CFG.EXE to a floppy. Start with a bootable floppy and run this You could also apt-get install 3c5x9utils instead, and run 3c5x9setup --help. You'll notice you can assign IO and IRQ addresses to each card. I am not sure if 3c5x9setup can disable the plug-and-pray mode, though. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpYed2ZC6cgF.pgp Description: PGP signature
Re: Getting new keys (was Re: signing gpg key with old key ...)
On Sat, 11 Nov 2000, kmself@ix.netcom.com wrote:
There are two general problems with a public key infrastructure:
- Key distribution (the 'keyserver' line handles this).
- Key modification updates.
See attached script. Modify it for your needs, or write a new one that isn't
such an ugly hack :-)
--
One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie. -- The Silicon Valley Tarot
Henrique Holschuh
#!/bin/sh
## GNUPG Maintenance script
##
###
### User-defined parameters
###
## Read-Only keyrings
ROKEYRINGS=/usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-keyring.pgp
## Keyserver list
#KEYSERVERS=keyring.debian.org wwwkeys.eu.pgp.net wwwkeys.us.pgp.net
KEYSERVERS=wwwkeys.eu.pgp.net wwwkeys.us.pgp.net
PROG=`basename $0`
set +e
if test -x /usr/bin/time; then
TIMECMD=/usr/bin/time
else
TIMECMD=
fi
runupdate() {
# Does an update run
gpg --batch --list-keys --fast-list | grep ^pub\ | awk '{ print $2 }' | sed s/^.*\\/// | xargs -r ${TIMECMD} gpg -q --batch --lock-multiple --recv-key $@
}
## First, update public ring from any readonly keyrings
echo ${PROG}: Updating RW keyring from RO keyrings...
echo ${PROG}: Keyrings: ${ROKEYRINGS}
${TIMECMD} gpg --batch --quiet --fast-import ${ROKEYRINGS}
echo
## Now, refresh key data from dynamic sources
echo ${PROG}: Requesting fresh key data from public keyservers...
for i in ${KEYSERVERS} ; do
echo ${PROG}: Keyserver ${i}...
runupdate --keyserver ${i}
echo
done
## Now, rebuild database
echo ${PROG}: Rebuilding trust database...
gpg --batch --quiet --update-trustdb
echo ${PROG}: DONE.
pgpoexVQkCMib.pgp
Description: PGP signature
Re: Newbie (to Debian)
On Tue, 31 Oct 2000, Colin Watson wrote: If you use mingetty instead of getty, the screen will be cleared by default (I prefer this too). Change the lines for the various virtual consoles to look like: Or you could use fbgetty instead of mingetty. Both have annoying features: mingetty is braindead when it comes to resizing the screen, and it is dead upstream, I believe. fbgetty is too zealous in clearing the screen :-) 2) How can I figure out the code name for my distribution? I'm cat /etc/debian_version might help you, as well. I don't know if it's there in older releases, but woody has it. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp7pSXlVMxgf.pgp Description: PGP signature
Re: fullscreen video playback
On Mon, 23 Oct 2000, matt garman wrote: On Mon, Oct 23, 2000 at 10:42:03PM -0200, Henrique M Holschuh wrote: On Mon, 23 Oct 2000, [EMAIL PROTECTED] wrote: without proper video acceleration in X this is not possible/reccomended. try using the double option in mpegtv and you'll see Well, if you define a videomode closer to the resolution of the video you're playing, SDL fullscreen mode should switch the Xserver to that mode, I think. This is obviously not even close to a good hardware-based scale-and-dirther solution, but at least the movies will not be played in a small rectangle with huge black borders anymore :-) On a local newsgroup, someone said I need the dbe module loaded in order to let SDL to video mode switching. What package provides the dbe module? I'm running Debian 2.2, with the xfree 3.3.6 package. I can't find any relevant dbe files on my system. In fact, I don't even have the directory /usr/X11R6/lib/modules on my computer. Well, SC3000 did that for me, under xf 3.3.6 and SDL in its default (debian) configuration. The only thing I did was to provide the proper videomodes (as in I can select them using Ctrl+Alt++ and Ctrl+Alt+-). I don't even know what a dbe module is :-) -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: fullscreen video playback
On Mon, 23 Oct 2000, [EMAIL PROTECTED] wrote: without proper video acceleration in X this is not possible/reccomended. try using the double option in mpegtv and you'll see Well, if you define a videomode closer to the resolution of the video you're playing, SDL fullscreen mode should switch the Xserver to that mode, I think. Well, it works in SimCity 3000 ;^P This is obviously not even close to a good hardware-based scale-and-dirther solution, but at least the movies will not be played in a small rectangle with huge black borders anymore :-) -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp5S4DgKtoya.pgp Description: PGP signature
Re: which software for professional Mailling? BWAHAHAHAHAHAHA
On Sat, 14 Oct 2000, Matthias Mann wrote: I´m very sorry! In germany, my home country, it is entirely legal to send others letters with advertising material into their letterboxes. The same is valid for emails. It is also legal in Brazil, which doesn't mean that you would not: 1. Be hated for doing it. 2. Risk people seeking you out to beat the life out of you for sendig spam. 3. Risk people seeking the business you advertised to do a LOT of loud complaining and probably blacklist it, and make sure the owner of said business want your a** fried for sending spam with its name (and possibly taking his money). 4. Risk people hacking your computer with the explicit intent of doing you the worst possible amount of damage, because they are pissed at you. Get it? Yes, it is legal. No, it is NOT accepted as good citizen behaviour. A spammer is about as liked as someone who goes around at night throwing heavy bricks at other people's windows. If you annoy people enough, you WILL be tracked down (there is NO such a thing as a 'untrackable email'), and you might very well be punished in very harsh ways. *Nobody* likes spammers, except _maybe_ other spammers themselves. BTW, just so that you know, to be as untrackable as it gets when sending bulk mail you need to violate at least one criminal law in Brazil. You risk getting some time in jail or a very heavy fine if you're lucky AND it is the first time you're convicted in life. I imagine it's about the same in Germany. You want to send spam because it is legal? Fine, do it. But do it in the open as the law (probably -- after all, I don't know german law) requires, using your real email address. Just don't expect people to like it. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpd8ULY9iAYR.pgp Description: PGP signature
Re: debian-keyring + gpg 'keyring' option
On Mon, 02 Oct 2000, Christian Pernegger wrote:
gpg tries to create a temporary file in /usr/share/keyrings/
when mutt verifies a signature. (That fails.)
Yes, gpg is funny like that :-) No concept of cleaning up lockfiles to avoid
stupid deadlocks, no concept of timing out sockets (thus deadlocking in some
cases) and no concept of /tmp being the right place for temporary files.
Bleargh, I really wish I had something better than gpg to do all the key
management.
I suggest you write a script to freshen up gpg's key database. I'll attach
mine, but be advised that it is quite rough and you'll probably want to
clean it up.
This has the good advantage of fetching new copies of ALL keys it can find.
One actually must do this if he is not sure he'll receive any eventual
revogation certificates from the key onwers first hand :-( gpg really,
really, really needs some kind of --refresh-keyring function, as outdated
keys are a security concern.
Of course I can import the keyring but then it'd be rather
pointless to put it in /usr/share/, wouldn't it?
Why? It's readonly data, it belongs in /usr/share. gpg is broken, not
debian-keyring.
--
One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie. -- The Silicon Valley Tarot
Henrique Holschuh
#!/bin/sh
## GNUPG Maintenance script
##
###
### User-defined parameters
###
## Read-Only keyrings
ROKEYRINGS=/usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-keyring.pgp
## Keyserver list
#KEYSERVERS=keyring.debian.org wwwkeys.eu.pgp.net wwwkeys.us.pgp.net
KEYSERVERS=wwwkeys.eu.pgp.net wwwkeys.us.pgp.net
PROG=`basename $0`
set +e
if test -x /usr/bin/time; then
TIMECMD=/usr/bin/time
else
TIMECMD=
fi
runupdate() {
# Does an update run
gpg --batch --list-keys --fast-list | grep ^pub\ | awk '{ print $2 }' | sed s/^.*\\/// | xargs -r ${TIMECMD} gpg -q --batch --lock-multiple --recv-key $@
}
## First, update public ring from any readonly keyrings
echo ${PROG}: Updating RW keyring from RO keyrings...
echo ${PROG}: Keyrings: ${ROKEYRINGS}
${TIMECMD} gpg --batch --quiet --fast-import ${ROKEYRINGS}
echo
## Now, refresh key data from dynamic sources
echo ${PROG}: Requesting fresh key data from public keyservers...
for i in ${KEYSERVERS} ; do
echo ${PROG}: Keyserver ${i}...
runupdate --keyserver ${i}
echo
done
## Now, rebuild database
echo ${PROG}: Rebuilding trust database...
gpg --batch --quiet --update-trustdb
echo ${PROG}: DONE.
pgpUh6C7BqI99.pgp
Description: PGP signature
Re: Apt and NFS?
On Tue, 26 Sep 2000, Ethan Benson wrote: On Tue, Sep 26, 2000 at 02:52:26AM -0800, Ethan Benson wrote: oh did you check to make sure you have lockd running on both machines? i just remembered something else i had to do to get locking working, it seems that sometimes you have to compile in NFSD support into the CLIENT kernel as well as the server kernel. there is also LOCKD support in the kernel which is not accessable in the kenrel configuration menus, on one of my x86 boxes its fine without NFSD compiled in, but on my powerpc i have to have NFSD compiled in for lockd to work, otherwise lockd just dies with `Function Not Implemented' I'd like to point people with NFS lock problems to nfs.sourceforge.net. Stock 2.2.17 and older kernels have quite a broken NFS implementation. I don't know if the debian official kernel packages have this patch built-in, though. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpZTHNk6FIBA.pgp Description: PGP signature
Re: Kernel build with kpkg (was Install of VMware)
On Sat, 23 Sep 2000, Tom Hoover wrote: I've successfully built a new kernel package with make-kpkg, but only if I use: fakeroot -- make-kpkg --revision=custom.X.XX. kernel_image I'll usually run fakeroot make-kpkg ... I've never needed that -- Am I misreading the docs? I don't know. What I could suggest you to do is this: make-kpkg --revision... build fakeroot make -f debian/rules kernel-image-deb fakeroot make-kpkg modules_image The above sequence has never failed me. It builds the kernel without a fakeroot jail, and does the install-and-create-a-deb pass inside a single fakeroot jail. I dislike compiling the modules under fakeroot (and the fakeroot docs do warn not to do this), but ALSA seems not to mind it. Anyway, I dislike the horrible idea of compiling something as true root much more, so... (and I've not checked for another way to do it yet. Might as well go read the source of kernel-package and file a bug if there isn't one...) Here's the last few lines of messages when the build fails: [...] install -p -d -o root -g root -m 755 debian/tmp-image/DEBIAN install: debian/tmp-image: Operation not permitted make: *** [kernel-image-deb] Error 1 This suggests a bug in kernel-package. It's not wrapping the *whole* install-and-create-the-deb pass with the root wrapper, apparently. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpuX3UvrQUm2.pgp Description: PGP signature
Re: Kernel build with kpkg (was Install of VMware)
On Sat, 23 Sep 2000, Henrique M Holschuh wrote: Am I misreading the docs? I don't know. What I could suggest you to do is this: Well, now I know. The make-kpkg man page makes it very clear that the only target which knows how to deal with rootcmd is buildpackage. I never use it, though. I don't need to build the rather big kernel-doc package, as I keep the kernel source tree around. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpESjPbG9o7E.pgp Description: PGP signature
Re: Kernel build with kpkg (was Install of VMware)
On Sat, 23 Sep 2000, Tom Hoover wrote: Is there any advantage to building the kernel outside of fakeroot? The fakeroot man page says quite clearly that Thou shall never configure a anything under fakeroot, so I try to only do the install targets under fakeroot to avoid hard-to-track problems. BTW, kernel-package 7.17 (woody) is broken. If you have problems with it, that's why :-) I'm filling bugs right now. I dislike compiling the modules under fakeroot (and the fakeroot docs do warn not to do this), but ALSA seems not to mind it. Anyway, I dislike the I'm learning here...why do you dislike compiling modules under fakeroot? Try to compile ALSA (alsa-source package, I think) under fakeroot. It'll run GNU configure. Now read the fakeroot manpage. I've never had problems with fakeroot configure (I did not notice that big warning right away ;^) ), but since I do NOT presume to know better than the fakeroot author, I'm not about to go around doing stuff he went out of his way to warn one not to. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp8bFK6lGDTb.pgp Description: PGP signature
Re: what is a Machine Check Exception ?
On Mon, 11 Sep 2000, S.Salman Ahmed wrote: CPU 0: Machine Check Exception: 00040Bank 1: f2000115general protection fault: Erk. Read bluesmoke.c in the kernel source. Never seen this before, so I'd be interested in a (technical) explanatation of exactly what netscape (no surprise there) did to cause this. It's telling you your PII/PIII is malfunctioning or something like that (I don't know if it also traps RAM ECC errors or other stuff like that). If you're an overclocker, you know why. If not, you might want to call Intel's customer support... BTW, I know this code had some changes made in 2.2.18pre?, and they might be bugfixes or something like that. So, you might want to run the above through Alan Cox... just send the oops and ask them what it means at [EMAIL PROTECTED] (the kernel development list). Do remember to tell them your kernel version, CPU and motherboard, and that you're not subscribed to the list... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpm7kGlb4VKt.pgp Description: PGP signature
Re: /etc/rc?.d question
On Tue, 12 Sep 2000, Christian Pernegger wrote: On Mon, Sep 11, 2000 at 11:19:23PM +, Miquel van Smoorenburg wrote: There is a README in /etc/init.d for a reason, you know .. I fully understand that you as the Grand Master of the Debian init system might be annoyed by such a question, but why reply, then? Well, had you done the full RTFM routine (it means read ALL of them until you find what you want...), you'd have noticed the for more information, see /usr/share/doc/sysvinit. So don't get too surprised that someone was a bit harsh in his reply. In /usr/share/doc/sysvinit/README.runlevels.gz you'll find what you want, described step-by-step. Make sure you read the last paragraph, too. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpb5UuUWlm39.pgp Description: PGP signature
Re: Family proofing a Debian box
On Sat, 09 Sep 2000, Christoph Groth wrote: If they don't have root, are there things that I should make off-limits that might not be on a stock Debian 2.2 system? I don't know how technically sophisticated your family is but I assume that your sister is not a cracker and your father not a Unix-guru. Denying them root access should be fully sufficient. This works fine with my family at least - everyone has his/her own account and may play at will. I have the same situation here. My family is far more than trustable enough to be considered non hostile users, so I give them a regular user account. That's all there is to it. Anyways _if_ you'd like to have a fully secure system you'd have to think about preventing them from physically accessing the system which you are unlikely to have done. If they can turn off the machine they could damage the file system for example. Yup. I'd suggest you allow them to CTRL+ALT+DEL (map it to shutdown) the box at any time, no matter how annoying, it's far better than a sudden powerdown. Maybe add a 1 minute delay time (and TELL THEM ABOUT IT or they'll think it didn't work and press the power button anyway :-) ) so as you can hastly log off if you're remotely logged in... If your family qualifies as hostile users (and are not technically inept), you'll have to be paranoid about suid binaries and local root compromises, be very careful about NFS and all sort of other related headaches. You'll need to have a trusted, phisically secure machine hosting all the data (the server), and other machines to act as terminals... You'd be better off getting every one their own private computer, and locking yours up while not in use IMHO :-) -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpbD2Dfp0FkG.pgp Description: PGP signature
Re: rdsi (isdn)
On Fri, 08 Sep 2000, Christoph Simon wrote: RDSI não da diretamente 128kbs; tem três canais, dois chamados B e um [...] telefônica. Teve RDSI faz anos e então não ofereciam isso; mas não sei o que fazem hoje. Oferecem os dois canais. Se você usar um só (64kb/s), você paga uma ligação telefônica normal. Se você usar os dois (128kb/s), você paga o dobro de uma ligação normal. etc. Ainda precisamos de alguma coisa para (a) fazer ligações telefônicas e (b) que o computador possa digerir a informação. Para (a) A NT fornecida pela telefônica já possui o modem digital acoplado (segundo informações do site deles), não sei se a saída é um RJ45 ethernet, ou se é serial. Nota que RDSI é uma conexão dialup. Além dos custos de instalação e os custos do provedor de Internet, o assinante vai pagar impulsos. Em comparação direta (falei ontem com um amigo em Campinas que pesquisou o assunto), DSL sai mais barato se você usa muito, sem falar que é mais rápido (no caso do Speedy). Se sua conta telefônica já é alta (passa duns 300 impulsos sempre :-) ), vá pra DSL. volta. No caso de vírtua não lembro a primeira letra do protocolo, mas é outro, e segundo saiba eu, as velocidades de ida e volta são Provavelmente SDSL. iguais. Em teoria permite atuar como um servidor Internet, se não for por algumas coisas que fazem os provedores, (supostamente em nome da Anatel). A telefônica filtra pacotes entrantes em determinados portos (20, 21, 25, 80, 139, ...) e a Net troca o IP do assinante cada 48 horas. Argh. Eu vou dar uma olhada na anatel pra ver por que eles querem regular quem é provedor de informação, e quem é que está ganhando $$$ nisso (fora os ISPs, óbviamente). maior. Em realidade nenhum dos dois garantem digamos 256kbs, mas Bom, a Speedy diz que garante 256kb/s mínimo, mas a verdade é que dificilmente alguém consegue mais que uns 7kb/s pra sites no exterior (tá, já vi até 60kb/s em horários de pouco tráfego na RNP, mas isso não é regra e a rede comercial costuma ser mais lenta). Em casa, eu consigo muito de vez em quando uns 25kb/s pelo meu provedor comercial (ligação via rádio sincrono 2Mbit/s para o condomínio inteiro). eliminar problemas com modens convencionais. Caso que se decida por DSL, eu daria uma certa vantagem ao vírtua. É bom lembrar que ainda tem o preço do ISP em cima do preço do DSL e do RDSI. Se você mora em condomínio, e tem disposição para tal, eu sugiro procurar um plano de acesso para condomínios, sai mais barato. Só conhecia o Speedy. Vou dar uma olhada no Vírtua. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpyh7LkUlqJv.pgp Description: PGP signature
Re: rdsi (isdn)
Hi Christoph! On Fri, 08 Sep 2000, Christoph Simon wrote: O que não sei é se oferecem o bundeling para dois linhas independentes. Essencialmente estamos falando do que faz a opção Que eu saiba, o hardware faz isso sozinho. Pelo menos é o que a propaganda deles no site implica, e eu já vi modem que faz isso por isso não acho que seja mentira (embora possa ser). iguais. Em teoria permite atuar como um servidor Internet, se não for por algumas coisas que fazem os provedores, (supostamente em nome da Anatel). A telefônica filtra pacotes entrantes em determinados portos Argh. Eu vou dar uma olhada na anatel pra ver por que eles querem regular quem é provedor de informação, e quem é que está ganhando $$$ nisso (fora os ISPs, óbviamente). Fui, procurei, e não consegui achar. O que não me impressiona muito... Provavelmente será simplesmente um dos fraudes publicitários tão comuns entre as empresas que disfrutam um trato preferencial por ser grandes. Desde a Comdex São Paulo, oferecem Speedy Business que não Talvez. Só ligando pra Anatel pra descobrir. Não custava nada eles assumirem o motivo, no lugar de mentir. Nisso eu gosto do meu provedor, eles disseram logo: por esse preço, o contrato limita o acesso como sendo não-comercial. Para acesso comercial, tem um adicional [pelo fato de ser comercial]. Bom, a Speedy diz que garante 256kb/s mínimo, mas a verdade é que [...] Não. Segundo o contrato garantem `até um 10% da Então a porcaria do site deles contém propaganda enganosa, como se requerer javascript (que não funcionar direito ainda por cima) já não fosse insulto o bastante. Contrato de provedor costuma ser palhaçada. A maioria deles responsabiliza o usuário mesmo se quem vazar a senha forem ELES, ou se eles forem os únicos culpados (email só por POP3 sobre ethernet/cabo/outra rede broadcast? Como eles querem manter a minha senha de email em segredo desse jeito?). A Vírtua não oferece contrato, e verbalmente dizem que não vai baixar nunca até o 50%. Mas como só é uma frase verbal, ficamos na mesma. Não mesmo. Contrato verbal é contrato do mesmo jeito... mas eu faria o gerente da seção escrever de próprio punho e assinar em baixo, sob ameaça de fazer um rebu no procom se eles não assumirem o que dizem. Ia dar em aborrecimento pra mim e pra eles, e eu iar acabar sem DSL e eles com (mais uma) queixa no procom, mas ia ser divertido... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpHNxaPWgjTa.pgp Description: PGP signature
localizacao de sh scripts no sistema base
Olá pessoal, Eu normalmente acabo não postando muito aqui, mas vocês podem me encontrar na -devel facilmente :-) Se quiserem, estejam a vontade pra me por na lista dos debianzeiros.br. Só não me tornei maintainer ainda por falta de tempo... (Por sinal, seria possível marcar uma keysigning party na região de Campinas ou em São Paulo capital? Está na hora de criar uma web-of-trust entre nós... não é por nada não, mas só por a chave numa página WWW simplesmente não é suficiente pra garantir autenticidade). Eu finalmente resolvi acabar com a gambiarra que é o upgrade de daemons no debian (não presta atenção no runlevel corrente, etc). Os scripts estão quase prontos, e vai sair um RFC pra -devel assim que estiverem testados e funcionando. Já que até o Craig Sanders resolveu não pisar no meu pé (depois que entendeu o que eu estava fazendo ;-) ), é possível que o sistema seja aceito e adotado como objetivo pro woody. Só que os scripts estão em inglês. E são pro sistema base (pacote sysvinit). Eu sei que o pessoal que traduz os boot-floppies é assíduo da lista, daí a pergunta: Como localizar scripts sh que têm que ir no sistema base? Ter dois scripts NÃO é uma alternativa viável, tem que ser algo tipo o gettext da GNU. Se tiver um jeito de i18n os scripts que não diminua a estabilidade, eu faço (e já traduzo pra .pt-BR)... Claro que o resto dos initscripts vai continuar em inglês *por enquanto*, mas não dá pra dominar o mundo num dia só. Fnord. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpYkaaDZdSyy.pgp Description: PGP signature
Re: rdsi (isdn)
On Mon, 04 Sep 2000, Leandro Guimarães Faria Corcete Dutra wrote: Mas já que você tocou nesse assunto, estou balançando entre o RDSI e o DSL. No site da Telefônica não constam informações suficientes para uma boa comparação de preço e conveniência. Com base em que você decidiu pelo RDSI? O DSL tem a eficiência quase diretamente relacionada com o tamanho do laço local entre teu modem DSL e a estação DSL (estação remota da Telefônica que serve de ponte entre os DSLs da área e o backbone ótico da telefônica) na outra ponta, portanto se você tiver azar e estiver longe (em metros de cabo. Morar na cobertura dum edifício alto pode fazer diferença) da estação remota mais próxima, a performance pode ser bem ruim. Também ouvi falar que emissoras AM e ADSL não se dão bem :-) Lembre-se de prestar atenção pro fato que no DSL a largura de banda de upload e download podem ser diferentes... RDSI é limitado a 64kb/s ou 128kb/s dependendo de quantas linhas usa (não sei qual é a da telefônica). DSL *pode* ser mais rápido que isso, mas depende do tamanho do laço, de interferências (rádios AM próximas? :-) ), e se alguém vai ou não por um traffic shaper na outra ponta da linha pra limitar tua banda na marra. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpjcVsI3ff9U.pgp Description: PGP signature
Re: Editing and storing encrypted files
On Thu, 07 Sep 2000, Arthur Korn wrote: Could somebody more familiar with vim than me please tell me (us) wheter this writes anything unencrypted onto disk? If not, shall I file a wishlist bug against vim-rt to include this? Is your swap file (not VIM's, the OS') in an encripted partition? Otherwise, unless VIM locks memory (like gnupg running suid root will try to and warn you if it fails to) you could end up with sensitive data in the swap file. A quick solution is to disable swapping first (but be sure to have enough RAM :-) ). Also, unless VIM was written in a rather secure way (gnupg was), it could easily leave sensitive data in RAM when it exits. I know of no easy solution to this problem. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpbhLYMQS3fj.pgp Description: PGP signature
Re: SysVinit prob... now runlevel question
On Sun, 03 Sep 2000, brian moore wrote: On Mon, Sep 04, 2000 at 12:25:57AM -0400, Mark Simos wrote: As I understand it, X86 hardware hardly ever uses anything but two levels. I know sun hardware actually makes significant use of the runlevels, but I am made to understand that nobody ever really bothered to implement any more than two different runlevels. (I think this is similar to windows progs running in user or kernel mode (ring 0 or ring [2?] of x86 processors) does anybody have anything besides hearsay to confirm or deny this? [snip -- nice explanation on sysv runlevels] As for the user or kernel mode (the hardware runlevels), linux uses only 2: it uses ring 0 (kerneland ;-) ) and ring 3 (userland). Other ring levels (1 2) aren't used because it takes just too much time to switch rings in most (all?) x86 CPUs... They'd be useful for kernel drivers if not for this fatal drawback. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpvCZvmjgG9Y.pgp Description: PGP signature
Re: Best place for setserial
On Mon, 04 Sep 2000, David Bellows wrote: time I boot up I have to run the setserial command by hand. My question is where is the best Debian place to insert this command to have it execute on boot up? err... have you installed the setserial package? it DOES run at every boot up. Place your configuration in /etc/serial.conf. If not, try apt-get --purge remove setserial apt-get install setserial to do a complete (as in overwrite any old screwed up configuration) new install. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpA3rAAFR3WP.pgp Description: PGP signature
General anser to where I place the configuration of
On Mon, 04 Sep 2000, David Bellows wrote: Sorry I wasn't clear on what I wanted -- I did just want to know where the configuration file was. The other distribution I was using had a more round-about manner of getting this accomplished. Anyway, thanks for your reply -- it worked! As a rule of thumb, if you need to know how to configure a package you just do a dpkg -L packagename. This will list *ALL* files in the package. Now look for anything going into /etc, it'll give you a very good clue on how to configure the package. Also look for any *configure* scripts, as many packages have those. Of course, the manpages and /usr/share/doc/packagename are your friends. Use them. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpXeeqiC7MOd.pgp Description: PGP signature
Re: Why should I use Debian?
On Mon, 04 Sep 2000, Helgi Örn wrote: Hi all Debians! Yo, I am a devoted Linux user, running Caldera at work and SuSE at home (that's also work!). At home I have a dual boot with Win98 and I always Never tried Caldera or SuSE, only RedHat... and I'm not going back to that crap of a mess unless hell freezes over _twice_ ;-) Debian/GNU is the most interesting projec I can imagine in the world of software, idealistically it suites me perfect. I really would love to be able to use Debian as my default OS. Ok. That's the idea. A lot of us would love to help you (and many others) archive that goal. configure it to my satisfaction, GNOME never worked, ppp never GNOME is in transition right now (in Debian, I mean). Integration with the Helix version of the packages is being worked out as we speak (in woody, potato is, as you know, stable). Still, I don't use it (GNOME is NOT nearly as stable a software as other more noble parts of GNU/Linux. I'll try it in a few months when it won't hurt my productivity with crashes). I've installed it, Debian 2.2 'potato' and it's a total mess! Worst of No, it's not a mess. *Every* configuration file is under /etc somewhere, without too much nesting and it's rather well organized... which is exactly the reason I am NEVER going back to RedHat (maybe SuSE and Caldera are better organized than Debian, I wouldn't know). Also, as a rule, upgrading won't cause you to lose any configuration changes you did. Which doesn't mean Debian is always easy to configure, mind you. So let's try to help you with that :-) all is dselect, after the main installation I used dselect to install some extra packages, took me around two hours to go through the whole dselect is not very intuitive for most people, and it takes time to get used to it. It took me one month go get confortable with dselect (and quite a number of mistakes, obviously). There are other package front-ends in production, you could try aptitude or console-apt and see if they suit you better. I *think* there was a GNOME front end as well, and there's nothing stopping you from using third-party front-ends such as the one made by stormix, which I heard is rather nice. collection. When it came to installing the packages it only installed a You can make your life much easier using searchs to locate what you need instead of going over the entire list. apt-cache search, and pressing '/' in dselect comes to mind. You don't NEED to deal with dselect to install packages, most of the time, a simple apt-get install packagename is enough. apt-get does not help you deal with weak dependencies (suggests:, recommends:) very well, though. For that, I always use dselect. I just love the power of apt-get dist-upgrade, though. few of what I had chosen, some only partially, but most of them it didn't install at all. I believe you have set dselect up for the apt method (option 0) as recommended (or is it done automagically now?) in the initial setup? If not, do it. You have to refresh the package list from time to time (use dselect update. BTW, this will also refresh apt's package list if dselect is using the apt method). If you have an old package list, some packages won't be found in the ftp servers. Are there bugs in dselect? Yes, see http://bugs.debian.org/dselect But dselect DOES work, and after you get used to it, you won't have much trouble to install anything. The trick is to learn how the solve a dependency problem screen works, and to notice that dselect will sometimes ask you to solve MORE than one (unrelated) conflict at the same time, so you have to pay attention to the screen to know what the problem with a given package is. Always remember you CAN force dselect to accept a certain selection of packages, no matter what (but it will bug you forever about the issue :-) ). You can also revert any suggestions it makes. Read the docs and help file. As for configuring the packages themselves, you could install some administration tools (look for them in the package lists, or try apt-cache search out), but the tool-proof way of doing it is to read the manpages and docs (in /usr/doc/packagename), go to /etc, and use your favourite text editor to get the configuration to your exact liking without worring about dumb tools screwing up with your mind. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp9eoChYBZIi.pgp Description: PGP signature
Re: Acentuacao funcionando!!?!
On Sun, 03 Sep 2000, [EMAIL PROTECTED] wrote: teclado (um US+ 101 teclas), testei o StarOffice sem utilizar a correcao do Thomas Quinot (no site dele nao tem os binarios para o X 3.3.6, que eh o do Debian 2.2, e eu estava com preguica de compilar a Xlib). SURPRESA!!! O StarOffice 5.2 acentuou direitinho (inclusive o til e o trema) Isso não é de espantar muito, já que o StarOffice é uma aplicação bem nova, e um processador de texto ainda por cima. Talvez alguem que acompanhe o Debian mais de perto possa me dizer se o Debian incorporou o patch do Quinot (como a Conectiva jah fez) ou eh o StarOffice que estah cuidando dos acentos. Que eu saiba, não. O patch é um hack 'indesejado' (mas perfeitamente funcional PARA O NOSSO CASO) que passa por cima do fato do defeito não estar no X, mas nas aplicações que não usam as interfaces de localização do XINPUT (eu acho que é XINPUT. Bom, algo parecido). Evidentemente o StarOffice usa as extensões do X direito. O rxvt também usa (essa email foi escrita num rxvt, usando um xmodmap decente), o xterm usa... mas tem um MONTE de apps que não usam, e como os americanos em geral não precisam disso, nunca se deram ao trabalho de revisar as apps :-) Bem, o fato eh que tudo funciona perfeitamente... Não cante vitória antes do tempo ;-) Tenta acentuar com o xfig (uma app das mais cretinas no que se toca a i18n) e você vai ver que nada feito. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpMYXtXzHbvp.pgp Description: PGP signature
Re: SysVinit problem?
On Sun, 03 Sep 2000, Bruce Richardson wrote: All the user runlevel directories, /etc/rc1.d/ through to /etc/rc5.d/, have exactly the same contents and they're all start scripts, no kill scripts. If I telinit from (for example) runlevel 2 to 4, nothing happens except for the sending a term/kill signal to all processes message. The console I type it at stays the same but all the other ttys freeze until I telinit back to the original runlevel. This is ok, Debian doesn't use runlevels 3-5 for anything by default AFAIK, and they're mostly equal to runlevel 2 (I think /etc/inittab has some stuff which is different, simply to show it can do that). BTW, there's an utterly braindamaged behaviour in many (most?) daemon packages during upgrade: They will start their daemons regardless of the current runlevel, so keep this in mind during upgrades if you hand-trimmed your runlevels to actually mean something. Proposing a fix to this is in my TODO list. The code is rather easy, really, but requires a policy change as almost all packages who have something in /etc/init.d will have to be fixed. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpBaBhEhwKdm.pgp Description: PGP signature
Re: SysVinit problem?
On Sun, 03 Sep 2000, Bruce Richardson wrote: On Sun, Sep 03, 2000 at 10:12:33AM -0300, Henrique M Holschuh wrote: I thought that might be the case but I'm still concerned about the freezing ttys. I can't believe that it's intended behaviour. It is not, but it may be either something weird in /etc/inittab (I seem to recall some ttys aren't restarted in all runlevels by default. They WILL freeze), or your tty driver is bonkers (I recommend fbgetty for consoles, mgetty for serial lines). BTW, there's an utterly braindamaged behaviour in many (most?) daemon packages during upgrade: They will start their daemons regardless of the current runlevel, so keep this in mind during upgrades if you hand-trimmed your runlevels to actually mean something. Hmmm. A newly installed package won't know which levels you want it running in but one being upgrade ought to be able to check. My point exactly. Proposing a fix to this is in my TODO list. The code is rather easy, really, but requires a policy change as almost all packages who have something in /etc/init.d will have to be fixed. I'm new to Debian and only just finished reading the policy docs atc. I suppose some extended version of update-rc.d is the thing for that. Yes, and the new script would be provided by the file-rc and sysvinit packages (and any other future /etc/init.d wrappers/handlers). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpaGmSo47SmQ.pgp Description: PGP signature
Re: Configurar cores do ls para todos os users e configurar o servidor xfs-xtt
On Thu, 31 Aug 2000, Gleydson Mazioli da Silva wrote: 2) Eu gostaria de saber se alguém usa o servidor xfs-xtt para fontes TTF e gostaria de saber quais opções devem ser mudadas e quais arquivos configurados, poruqe eu li um README que veio com o programa mas não consegui fazê-lo funcionar. Eu consegui configurar o xfstt, mas eu queria usar esse outro porque ele substitui o xfs do Xfree. Bom, muito obrigado e eu vou continuar procurando lá no histórico pra ver se acho alguma coisa. Use o xfstt, pelo menos ele funciona... Eu não ia responder essa, mas detesto afirmativas como essa ai em cima. O xfs-xtt é MELHOR que o xfstt para muitos casos (dica: fontes unicode, fontes CJK), e obviamente ele funciona (senão ia ter bug grave no BTS). Segue anexado meus arquivos de configuração do xfs-xtt. Lembre de adicionar o soquete certo ao fontpath (unix/localhost:7100 provavelmente). Se tiver dificuldades, leia o manual de update-fonts-alias, update-fonts-scale, update-fonts-ttcap e instale alguns pacotes de TTF da Debian pra ver como eles fizeram. PS: Os arquivos anexados são para o xfs-xtt da Debian. Se você estiver instalando direto o upstream (ou o Xfree86 4.0), eu não garanto nada. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh # /etc/X11/xfs/config # # X font server configuration file # allow a maximum of 10 clients to connect to this font server client-limit = 10 # when a font server reaches its limit, start up a new one clone-self = off # log errors using syslog use-syslog = on # turn off TCP port listening (Unix domain connections are still permitted) no-listen = tcp # paths to search for fonts catalogue = /usr/X11R6/lib/X11/fonts/TrueType/ # in decipoints default-point-size = 120 # x1,y1,x2,y2,... default-resolutions = 120,120,100,100,85,85,75,75 deferglyphs = all # font cache control, specified in KB cache-hi-mark = 2048 cache-low-mark = 1433 # /etc/X11/xfs.options # # configuration options for xfs # See xfs.options(5) for an explanation of the available options. no-restart-on-upgrade pgp4zXMysYEJT.pgp Description: PGP signature
Re: Debian 2.2 and security - SecurityPortal article
On Thu, 31 Aug 2000, Leszek Gerwatowski wrote: things like Debian has version 1.3.9 of apache and secure version is 1.3.10 and up so Debian isn't secure. As you can say it's also real life example. Maybe they should be much more sceptic when thet write articles like this but many people think like this without expressing it on paper or webpage. And we should care about this? why? The most we could do for them is to have a please remember that Debian backports security fixes written in the debian security page (which might be a good idea come to think of it, as it's properly heavy ammo to shot at the head of people who can't read changelogs), but IMHO a lot of users would never get that far (one hyperlink away from Debian's front page) to read it... Debian is _not_ supposed to babysit anyone. If they don't know enough to do it properly, it's their loss AND their fault, as long as it's not our doing that they couldn't find the information they needed, of course. We are not supposed to make stuff difficult on purpose, and I think it's a laudable goal to make the distro easier to use and install for everyone, but everything has a limit. Destroying frozen/stable's stability, or making a (worse ;-) ) mess of the version numbering is way beyond it. I fully understand why Debian packages maintainers backport security fixes to packagest in frozen instead of making new package versions. But, like we say in Poland, every stick has two ends (sling has even 3 ;-) ). Yes, we just have to make sure we will continue to hold the stick by the right end... which is exactly what we're doing right now, mind you ;-) website for a weason. Debian packages have changelogs for a reason. It's not as if this information is hard to find. Yes but, as you see, for many normal users it's too much work to be done to check everything. They just take fresh distribution and say What? Fresh dist I'd argue that these users are a lot of trouble we don't need to concern us overly with most of the time. Leave that to Corel and other people who are paid to spend a lot of their time babysitting them. BTW, I know quite a few people that are very dear to me AND who would qualify perfectly as one of your normal users, and I know very well the amount of work it takes to keep them going and why I do it :-) (Disclaimer: the above paragraph is only valid until someone gets into Debian's policy that our goal is to take over the world) with old packages, even such with security holes? What's going on?. Not so many think like It's Debian so it's 100% secure. I think it should be solved in some way, but i don't know how :-( The right way, which benefits the world as a whole, is to get these people to move their behinds and learn to READ docs/look for their own answers before they even think of disturbing anyone else in their lazyness. It's perfectly alright to ask for help if you can't do something, but not because you didn't even try! BTW, Debian is not 100% secure (this is not possible), and you should NEVER trust that far on security: we _need_ the peer review of people who don't trust the job to have been done right. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpNUerdbBQ9K.pgp Description: PGP signature
Re: Debian 2.2 and security - SecurityPortal article
On Thu, 31 Aug 2000, Olaf Meeuwissen wrote: Edited /etc/hosts.deny to read ALL:ALL to boot. This should perhaps You probably want to add portmap: ALL to /etc/hosts.deny as well, just in case. ALL: ALL does not handle the portmapper for some reason. Change your BIOS settings to only boot from the internal disk and password protect it. On my system I have such a setup and require a [...] BIOSes are very easy to erase, you know. Some are even stupid enough to have 'master key' passwords. You really need to keep the machine behind a locked door (or in a special locked case) if you can't trust everyone who gets near it. Otherwise, it won't hold even a reasonably tech-savy 10 year old (read proto-hardware-hacker) that manages to stay 5 minutes alone near the machine in possession of some tools and a small resistor (if he's a nice kid) or piece of wire (if he's a not-so-nice kid or likes sparks) :-) (and if said 10-year-old likes to read stuff such as Zen and the art of lockpicking, a locked door and case might not be enough...) -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgp7hiR8ciVNz.pgp Description: PGP signature
Re: Debian 2.2 and security - SecurityPortal article
On Thu, 31 Aug 2000, Olaf Meeuwissen wrote: Henrique M Holschuh [EMAIL PROTECTED] writes: On Thu, 31 Aug 2000, Olaf Meeuwissen wrote: Edited /etc/hosts.deny to read ALL:ALL to boot. You probably want to add portmap: ALL to /etc/hosts.deny as well, just in case. ALL: ALL does not handle the portmapper for some reason. In an earlier incarnation of the same machine (running potato when it was still frozen) I had to enable the portmapper in /etc/hosts.allow to get NFS mounts to work. Looks like ALL:ALL covers portmap. shrugs Well, that means whatever docs I read that in are outdated. Somehow, it doesn't surprise me... it was a lot of time ago. Change your BIOS settings to only boot from the internal disk and password protect it. BIOSes are very easy to erase, you know. Some are even stupid enough [...] I know BIOS passwords are not super-secure, but at least it will make it a fair bit more difficult for our average computer user to screw up the system. Putting the machine behind locked doors is not an option. Given the 'average computer user' in the sentence above, I am forced to agree with you. Not that this is a Good Thing IMHO, mind you... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh pgpbxpJRVHzVC.pgp Description: PGP signature
