Re: [sane-devel] Compatibility of the Irisscan executive 4 scanner
Hi Alex, Sorry for the belated follow-up. Alex ARNAUD writes: > Le 28/09/2017 à 15:45, Olaf Meeuwissen a écrit: >> Hi Alex, >> >> Based on a quick `git grep -i iris` on the sane-backends source code, >> the only Irisscan device known to be supported is the "Express 2". If >> the "executive 4" has a USB port, could you provide the USB product ID? >> >> Connect the device, power it up, run `lsusb` and post the output. > > Hi Olaf, > > This is what I get when I plug the device and look at dmesg: > >> 469.816835] usb 1-6.3: new high-speed USB device number 13 using xhci_hcd >> [ 469.921775] usb 1-6.3: New USB device found, idVendor=0a38, idProduct=0162 >> [ 469.921779] usb 1-6.3: New USB device strings: Mfr=1, Product=2, >> SerialNumber=3 >> [ 469.921782] usb 1-6.3: Product: IRIScanExec4 >> [ 469.921784] usb 1-6.3: Manufacturer: IRIS >> [ 469.921787] usb 1-6.3: SerialNumber: A08805056B700953 > > Best regards. The only entry we have for idVendor=0a38 has idProduct=0301 and it's in the list of unsupported devices :-( http://sane-project.org/cgi-bin/driver.pl?manu===any=0a38=0301 Hope this helps (guess it doesn't), -- Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Softwarehttps://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join
Re: [sane-devel] Compatibility of the Irisscan executive 4 scanner
Hi Alex, Alex ARNAUD writes: > Dear all, > > I install Debian GNU/Linux on computer for visual-impaired users and > I've a request about the compatibility of a Irisscan executive 4 scanner. > > I've sought on the internet without finding any specific data about this > model. Based on a quick `git grep -i iris` on the sane-backends source code, the only Irisscan device known to be supported is the "Express 2". If the "executive 4" has a USB port, could you provide the USB product ID? Connect the device, power it up, run `lsusb` and post the output. Maybe that will turn up extra information. I am sceptical about that though, but see below. > Do you know if this model is compatible with Sane and if yes where I > could find a tutorial to install it? If you want to use SANE on Debian GNU/Linux, all you really need to do is install the sane-utils package. Next make sure that your users are members of the scanner and you should be able to use the `scanimage` command-line utility. # That's assuming your scanner is supported, of course. If you have sane-utils installed already (quite likely if you installed a graphical desktop environment), could you also provide the output of running `sane-find-scanner`? # Normally I see rather little value in running this command, but seeing # that the Irisscan Express 2 is Plustek manufactured and supported by # the gt68xx backend, it might give a clue as to the chipset which might # be of use determining how easy/difficult adding support would be in # case someone is interested in doing so. # # That's a lot of "if"s, so don't hold your breath waiting for support # if your scanner is not supported already ;-) Hope this helps, -- Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Softwarehttps://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join
Re: [sane-devel] epson scanner with lenny
Johann Spies [EMAIL PROTECTED] writes: On Mon, Oct 27, 2008 at 10:20:43AM +0100, Johannes Wiedersich wrote: I have some problems using the transparency unit of my Epson perfection 4180 photo on Debian Lenny, sane 1.0.14-7. I followed the instructions in /usr/share/doc/libsane-extras/README.Debian in order to obtain and install the required non-free blobs. It works perfectly for paper scans, but when I try to scan colour slides (selecting 'Transparency unit' within xsane), the application segfaults shortly after the preview scan begins. The same applies to xscanimage. Should I try to install epkowa's rpms via 'alien' instead? I have an Epson Perfection 3170 and I have to use alienated epkowa rpm's ot use it. In your case also, using `alien --scripts` should work fine. I'm sorry to inform you, but Debian packages for the interpreter for the Epson Perfection 3170 have not been scheduled for release. Hope this helps, -- Olaf Meeuwissen, LPIC-2 FLOSS Engineer -- AVASYS Corporation FSF Associate Member #1962 Help support software freedom http://www.fsf.org/jf?referrer=1962 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [sane-devel] epson scanner with lenny
Johannes Wiedersich [EMAIL PROTECTED] writes: Hi list, I have some problems using the transparency unit of my Epson perfection 4180 photo on Debian Lenny, sane 1.0.14-7. I followed the instructions in /usr/share/doc/libsane-extras/README.Debian in order to obtain and install the required non-free blobs. It works perfectly for paper scans, but when I try to scan colour slides (selecting 'Transparency unit' within xsane), the application segfaults shortly after the preview scan begins. The same applies to xscanimage. Should I try to install epkowa's rpms via 'alien' instead? For your particular model, right now, yes. Things should work fine as long as you use alien --scripts I'd love to keep my system as free and Debian as possible, though. We now release Debian packages as well but the interpreter packages (non-free blob ;-) are not available for download yet. Hope this helps, -- Olaf Meeuwissen, LPIC-2 FLOSS Engineer -- AVASYS Corporation FSF Associate Member #1962 Help support software freedom http://www.fsf.org/jf?referrer=1962 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Security Updates Sources
Jean-Charles Preaux [EMAIL PROTECTED] writes: Hello Just a little question : is there a security updates sources for the woody release ? as : deb http://security.debian.org/ http://security.debian.org/ potato/updates main contrib non-free for the potato release ? Which i can put in my /etc/apt/sources.list ? Thanks Just put deb http://security.debian.org stable/updates main et cetera in your /etc/apt/sources.list and you'll get the woody security updates as soon as it has become stable (and woody+1 once that becomes stable, ad infinitum, the universe stops being or until security.debian.org goes belly up, whichever comes first). -- Olaf MeeuwissenEpson Kowa Corporation, CID GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
setting alias for DHCP client
Dear .debs, I would like to let our DHCP server know that my machine goes by more than one hostname. I already send the host-name, but would like to add something like host-name-alias so it knows host and alias are the same machine in a different guise. Is there any parameter in /etc/dhclient.conf that fills this need? I went through the docs but nothing turned up. The main motive for this is that it should then be possible for the DNS server to use this information. Long shot? Better go talk to our network admin? Anyway, any ideas are welcome. -- Olaf MeeuwissenEpson Kowa Corporation, CID GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: setting alias for DHCP client
Sean 'Shaleh' Perry [EMAIL PROTECTED] writes: The main motive for this is that it should then be possible for the DNS server to use this information. Long shot? Better go talk to our network admin? only way DNS server could is if you managed to have the dhcp server send DNS updates (yes this is possible). Why does your machine need multiple names? Is it worth the hassle? It looks like our DHCP server sends DNS updates (or the DNS server has a chat with the DHCP server occasionally :-). I need the alias to be able to play around with libapache-mod-ssl, I think. # Uhm, yes, this DHCP client doubles as a server of sorts. -- Olaf MeeuwissenEpson Kowa Corporation, CID GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Firewalling a DHCP client the Right Way (TM)
Dear .debs, I have a DHCP client that receives a lot of its networking information from our DHCP servers. Things like routers, mail and name servers. I would like to put an iptables based packet filtering firewall on this client that by default drops everything unless explicitly allowed. I set the default policy through a script in /etc/network/if-pre-up.d/ and add logging of everything that is dropped as a result of policy by means of a script in /etc/network/if-up.d/. So far no problems. Now I am wondering how to organise setting up the rest of the rules so I don't go nuts. If it weren't for DHCP, I would have just added more scripts in /etc/network/if-up.d/. Of course, you need to take care of their ordering and cater to the possibility of running more than once if you have multiple interfaces, but that is manageable. However, how do I cater to DHCP telling me that the IP address of the name server has changed, for example, or, tux forbid, the client's own IP address. Any ideas on how to go about this are welcome. Debian GNU/Linux 3.0 kernel 2.4.18 (custom), iptables 1.2.5-7, dhcp-client 2.0pl5-7 -- Olaf MeeuwissenEpson Kowa Corporation, CID GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pcl-cvs, remote repository and authorization/authentication
John Lavin [EMAIL PROTECTED] writes: I receive this using scp when I have not ssh'd to the remote server manually once. You have to ssh once manually and enter the password first in my experience. After that, you should be good to go. Not quite sure I understand you, but I have ssh'd to the remote server before oodles of times. I've also tried 'M-x cvs-update' while having a connection to the remote server from a shell but to no avail. Maybe I should look into 'comint-mode' and see what that can do for me. Olaf Meeuwissen wrote: [trying to get remote pcl-cvs to work in emacs] Message: Parser Error: 'You have no controlling tty. Cannot read passphrase.' Is there any hope of getting this to work? -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
pcl-cvs, remote repository and authorization/authentication
Dear Debs, I've got a repository on a remote machine accessible via :ext: with ssh (using a RSA pass-phrase). Using a checked out copy from the command line works fine. It'd be nice though if I could tell cvs to provide my pass-phrase automagically ... What I really would like to be able to do is use pcl-cvs in emacs to synchronize my checked out copy with the repository. Right now, when I try to cvs-update it barfs: Message: Parser Error: 'You have no controlling tty. Cannot read passphrase.' Is there any hope of getting this to work? Please CC as I'm not subscribed to debian-user (too much traffic ;-) -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: unpredictable crashes, lock up, freezes, whatever
Olaf Meeuwissen [EMAIL PROTECTED] writes: Heather [EMAIL PROTECTED] writes: Olaf Meeuwissen [EMAIL PROTECTED] writes: This morning, after three lock ups in ten minutes, I compiled frame buffer support in, fiddled my XF86Config-4 to use it and I've been up for 5(!) hours. I think I'll lock my session with xscreensaver (to guarantee some Xserver activity (eh, at least until APM kicks in and blanks the screen)) before I go home and if my machine hasn't crashed by tomorrow morning I'm ready to believe my problem is fixed. I might even get bold and start using that broken DIMM again ;-) APM didn't kick in last night it seems. The screensaver was running happily when I came in this morning. Removed the lock and my session was still very much alive (left stripchart running). As a matter of fact I'm typing this mail from a 21 hour old session. I'd say that even if my problem may not be fixed, I've got myself an acceptable work around. Using the framebuffer is only a bit slower. I had my session going for close to 48 hours (20 hours of XFree86 CPU time) without a hitch until I made the mistake of firing up Konqueror (kdeinit gobbled up all memory ;-). Anyway, I stuck that broken DIMM back in an haven't seen any hiccups yet. Problem then is where to put the blame: graphics card or X driver? I'm using xserver-xfree86 4.0.3-4. Try tuning up SVGAlib to see if that also freaks out the system. If it works at all it will be under VESA or Standard VGA. If it breaks too then two things remain. Not quite sure whether I get what you're saying, but I'll keep this in mind for when I get oodles of free time (or my boss' blessing :-) to get to the bottom of this. 1. the modeline. SVGAlib uses XF86 style modelines too. Monitor being pushed just barely out of spec could be doing something unknown and invisible. To test that, reduce the freq range for your monitor values in X's config then try again, so you get new modelines. 2. yeah, your card could be bad... I was going to blame it on the graphics card until I had a look at http://www.xfree86.org/pipermail/neomagic/. There are some reports that show very similar behaviour as to what I saw but all those folks could still telnet to their machine. Mine didn't even return pings. So, I'm still not sure where to put the blame ;-( At least the frame buffer solutions works and with the extra memory back I hardly notice the performance difference. FWIW, I'll include the frame buffer settings: I compiled the kernel (2.2.19) with CONFIG_FB=y # CONFIG_FB_PM2 is not set # CONFIG_FB_ATY is not set CONFIG_FB_VESA=y CONFIG_FB_VGA16=y # CONFIG_FB_MATROX is not set # CONFIG_FB_ATY128 is not set # CONFIG_FB_VIRTUAL is not set # CONFIG_FBCON_ADVANCED is not set CONFIG_FBCON_CFB8=y CONFIG_FBCON_CFB16=y CONFIG_FBCON_CFB24=y CONFIG_FBCON_CFB32=y CONFIG_FBCON_VGA_PLANES=y # CONFIG_FBCON_FONTWIDTH8_ONLY is not set # CONFIG_FBCON_FONTS is not set To /etc/X11/XF86Config-4 I added Section Device Identifier Linux Frame Buffer Driver fbdev EndSection changed the Device setting in the Screen section to match this and commented the DefaultDepth out. I also added SubSection Display Depth 32 Modes 1024x768-76 EndSubSection In /etc/lilo.conf I set vga=ask and whenever I boot I enter 318 (have not bothered hard wiring this yet). I really like the huge console that gives me! -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development Free Software: `No walls, no windows! No fences, no gates!'
Re: unpredictable crashes, lock up, freezes, whatever
Olaf Meeuwissen [EMAIL PROTECTED] writes: Yup, following up on my own post! Please bear along with the long quotes. I left them in because I'm now also cross-posting this to debian-laptop. Karsten M. Self kmself@ix.netcom.com writes: on Fri, Jun 15, 2001 at 04:51:35PM +0900, Olaf Meeuwissen ([EMAIL PROTECTED]) wrote: Dear all, I'm running mostly testing with some unstable under linux 2.2.19 (hand rolled, of course) on an IBM ThinkPad i1476 (Type 2611). Since a few weeks, my machine completely locks up at unpredictable moments. The screen is no longer updated, I can't switch to a virtual terminal, even the three finger salute doesn't do a thing. Pinging from another machine results in 100% lost packets but the PCMCIA network card keeps signalling traffic. Just about the only thing that keeps on going is CD audio. CD audio is not mediated by the OS, [...] I regularly 'apt-get -t testing upgrade' and the problem hasn't gone away. I've tried other kernels, including the Debian vanilla ones, but to no avail. I've run memtest86 and found errors in one of my DIMMs but the problem remains even after lobotomy. That is, even when I only use the DIMM that is okay (memtest86, 20+ passes, tests 1-7) my machine randomly locks up. I've checked the logs but apart from occasional blocks of nulls just before a lock up, I haven't seen anything out of the ordinary. Note, those null blocks only appear before _some_ lock ups, not all. Look for power-change events under apmd. I doubt that has anything to do with it because the machine is on AC 99% of the time. [Goes checking the logs now ...] No correlation between power change events and crash times. Okay, so I compiled a kernel without any APM support, installed and tried it. My system froze within half an hour :-( Because I haven't experienced any lock up when using the console, I'm wondering if my graphics card (probed as Neomagic NM2200 according to XFree86 log, NeoMagic MagicMedia 256AV according to hardware spec) has gone bad. Are there any tools a la memtest to test my graphics card? Possible, but the card's pretty well supported in recent XF86 v.3 and v.4 drivers. It's not clear how long you're leaving your system in console mode to establish whether or not this is a problem. Might make a practice of doing this on long breaks (lunch, overnight), and seeing what the results are. Sorry, should have mentioned that; somewhere around 5, 6 hours. Have only done that once though. Could try leaving it in console mode overnight. Left if sitting at the console and gdm login prompts overnight as well. No crash. Bad news is that as soon as I logged in through gdm, my machine froze. Actually, it locked up three times in ten minutes or so :-( Before you suggest, I have already tried both Gnome (with several window managers) and KDE. It doesn't matter. The machine even locks up when running (x|k)screensaver during lunch :-( If you have other ideas as to what could be the matter, I'm open to suggestions. I had similar problems associated with apmd and Speedstep (aka Geyserville) on my TuxTops Amethyst 20U, exacerbated by a flaky onboard power port (it breaks circuit when jiggled, resulting in APM mode changes). In system BIOS, I disabled speedstep functionality -- my CPU is always running in full-speed mode (600 MHz), resulting in shorter battery life, but longer uptime ;-). I've had no problems since changing this setting about two months ago. I believe I've disabled BIOS power savings settings but will double check at the next crash, er, reboot. Disabled all power management settings (there's not much to be set with this BIOS) to no avail. I'd made a more complete report to debian-laptop, should be in archives. That box gave you a bit of troubles, eh? My symptoms seem very much like yours. I'll be going over my kernel APM configuration as well. See above, that wasn't much use. You might isolate video card issues by running in console mode, by switching to a version 3 XF86 driver, or by switching from an accelerated driver to SVGA or VGA16. I've been thinking about running X on the frame buffer device myself. This morning, after three lock ups in ten minutes, I compiled frame buffer support in, fiddled my XF86Config-4 to use it and I've been up for 5(!) hours. I think I'll lock my session with xscreensaver (to guarantee some Xserver activity (eh, at least until APM kicks in and blanks the screen)) before I go home and if my machine hasn't crashed by tomorrow morning I'm ready to believe my problem is fixed. I might even get bold and start using that broken DIMM again ;-) Problem then is where to put the blame: graphics card or X driver? I'm using xserver-xfree86 4.0.3-4. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development Free Software
Re: unpredictable crashes, lock up, freezes, whatever
Heather [EMAIL PROTECTED] writes: Olaf Meeuwissen [EMAIL PROTECTED] writes: Okay, so I compiled a kernel without any APM support, installed and tried it. My system froze within half an hour :-( You must compile with one of the two flavors of power management, or else there will be hardware interrupts that *will* happen, that the kernel will not have any awareness of, and eventually, something bad will probably happen. Then the kernel configuration should take care of that, not? :-) Anyway, I wouldn't really want to use a kernel without APM enabled. Doubly so on a laptop. You can try ACPI - [...] Haven't seen that mentioned in the configuration for 2.2 kernels. Is this something from 2.3+? I believe, but am not sure, that the original neomagic specific X server is still out there, and you could try it. You might have to raid the complete X setup from an older distro in order to try it if you want to go that far. Don't think I want to go that far back to the stone ages ;-) Left if sitting at the console and gdm login prompts overnight as well. No crash. Bad news is that as soon as I logged in through gdm, my machine froze. Actually, it locked up three times in ten minutes or so :-( Interesting, that makes it hard to tell if Gnome, gdm itself, or X is the problem. I'm pretty sure Gnome is not the problem. Originally, I experienced these lock ups with KDE. Since that included (still does, I think) quite a bit from unstable I switched to Gnome to see if it made a difference. Not! I know it's weird but you could just run 'X' - which should get you the server, no window manager, and no clients, and see if it lives. Even leave it that way a while and see if it eventually barfs out on you. If you want to test Xserver activity, move the mouse. Something I might want to keep in mind when I get some time to really sort this problem out. You might isolate video card issues by running in console mode, by switching to a version 3 XF86 driver, or by switching from an accelerated driver to SVGA or VGA16. I've been thinking about running X on the frame buffer device myself. This morning, after three lock ups in ten minutes, I compiled frame buffer support in, fiddled my XF86Config-4 to use it and I've been up for 5(!) hours. I think I'll lock my session with xscreensaver (to guarantee some Xserver activity (eh, at least until APM kicks in and blanks the screen)) before I go home and if my machine hasn't crashed by tomorrow morning I'm ready to believe my problem is fixed. I might even get bold and start using that broken DIMM again ;-) APM didn't kick in last night it seems. The screensaver was running happily when I came in this morning. Removed the lock and my session was still very much alive (left stripchart running). As a matter of fact I'm typing this mail from a 21 hour old session. I'd say that even if my problem may not be fixed, I've got myself an acceptable work around. Using the framebuffer is only a bit slower. Problem then is where to put the blame: graphics card or X driver? I'm using xserver-xfree86 4.0.3-4. Try tuning up SVGAlib to see if that also freaks out the system. If it works at all it will be under VESA or Standard VGA. If it breaks too then two things remain. Not quite sure whether I get what you're saying, but I'll keep this in mind for when I get oodles of free time (or my boss' blessing :-) to get to the bottom of this. 1. the modeline. SVGAlib uses XF86 style modelines too. Monitor being pushed just barely out of spec could be doing something unknown and invisible. To test that, reduce the freq range for your monitor values in X's config then try again, so you get new modelines. 2. yeah, your card could be bad... Good luck * Heather Stern * star@ many places... Karsten, Heather, thanks for the feedback. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development Free Software: `No walls, no windows! No fences, no gates!'
Re: unpredictable crashes, lock up, freezes, whatever
Karsten M. Self kmself@ix.netcom.com writes: on Fri, Jun 15, 2001 at 04:51:35PM +0900, Olaf Meeuwissen ([EMAIL PROTECTED]) wrote: Dear all, I'm running mostly testing with some unstable under linux 2.2.19 (hand rolled, of course) on an IBM ThinkPad i1476 (Type 2611). Since a few weeks, my machine completely locks up at unpredictable moments. The screen is no longer updated, I can't switch to a virtual terminal, even the three finger salute doesn't do a thing. Pinging from another machine results in 100% lost packets but the PCMCIA network card keeps signalling traffic. Just about the only thing that keeps on going is CD audio. CD audio is not mediated by the OS, other than to (sometimes) create the link between the CD drive and your speakers. It's just plain hardware. This largely establishes that your system is working at a low (hardware) level but not necessarily otherwise. CD audio functionality doesn't indicate any OS-level functionality, and your loss of low-level network functionality indicates the system is probably pretty much hosed. So that's all my sound module is needed for then :-) Anyway, that is one of the reasons why I tried pinging the machine during a lock up; to see if there was any kernel life left. I regularly 'apt-get -t testing upgrade' and the problem hasn't gone away. I've tried other kernels, including the Debian vanilla ones, but to no avail. I've run memtest86 and found errors in one of my DIMMs but the problem remains even after lobotomy. That is, even when I only use the DIMM that is okay (memtest86, 20+ passes, tests 1-7) my machine randomly locks up. I've checked the logs but apart from occasional blocks of nulls just before a lock up, I haven't seen anything out of the ordinary. Note, those null blocks only appear before _some_ lock ups, not all. Look for power-change events under apmd. I doubt that has anything to do with it because the machine is on AC 99% of the time. [Goes checking the logs now ...] No correlation between power change events and crash times. Because I haven't experienced any lock up when using the console, I'm wondering if my graphics card (probed as Neomagic NM2200 according to XFree86 log, NeoMagic MagicMedia 256AV according to hardware spec) has gone bad. Are there any tools a la memtest to test my graphics card? Possible, but the card's pretty well supported in recent XF86 v.3 and v.4 drivers. It's not clear how long you're leaving your system in console mode to establish whether or not this is a problem. Might make a practice of doing this on long breaks (lunch, overnight), and seeing what the results are. Sorry, should have mentioned that; somewhere around 5, 6 hours. Have only done that once though. Could try leaving it in console mode overnight. Before you suggest, I have already tried both Gnome (with several window managers) and KDE. It doesn't matter. The machine even locks up when running (x|k)screensaver during lunch :-( If you have other ideas as to what could be the matter, I'm open to suggestions. I had similar problems associated with apmd and Speedstep (aka Geyserville) on my TuxTops Amethyst 20U, exacerbated by a flaky onboard power port (it breaks circuit when jiggled, resulting in APM mode changes). In system BIOS, I disabled speedstep functionality -- my CPU is always running in full-speed mode (600 MHz), resulting in shorter battery life, but longer uptime ;-). I've had no problems since changing this setting about two months ago. I believe I've disabled BIOS power savings settings but will double check at the next crash, er, reboot. I'd made a more complete report to debian-laptop, should be in archives. That box gave you a bit of troubles, eh? My symptoms seem very much like yours. I'll be going over my kernel APM configuration as well. You might isolate video card issues by running in console mode, by switching to a version 3 XF86 driver, or by switching from an accelerated driver to SVGA or VGA16. I've been thinking about running X on the frame buffer device myself. Thanks for the suggestions, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development Free Software: `No walls, no windows! No fences, no gates!'
unpredictable crashes, lock up, freezes, whatever
Dear all, I'm running mostly testing with some unstable under linux 2.2.19 (hand rolled, of course) on an IBM ThinkPad i1476 (Type 2611). Since a few weeks, my machine completely locks up at unpredictable moments. The screen is no longer updated, I can't switch to a virtual terminal, even the three finger salute doesn't do a thing. Pinging from another machine results in 100% lost packets but the PCMCIA network card keeps signalling traffic. Just about the only thing that keeps on going is CD audio. I regularly 'apt-get -t testing upgrade' and the problem hasn't gone away. I've tried other kernels, including the Debian vanilla ones, but to no avail. I've run memtest86 and found errors in one of my DIMMs but the problem remains even after lobotomy. That is, even when I only use the DIMM that is okay (memtest86, 20+ passes, tests 1-7) my machine randomly locks up. I've checked the logs but apart from occasional blocks of nulls just before a lock up, I haven't seen anything out of the ordinary. Note, those null blocks only appear before _some_ lock ups, not all. Because I haven't experienced any lock up when using the console, I'm wondering if my graphics card (probed as Neomagic NM2200 according to XFree86 log, NeoMagic MagicMedia 256AV according to hardware spec) has gone bad. Are there any tools a la memtest to test my graphics card? Before you suggest, I have already tried both Gnome (with several window managers) and KDE. It doesn't matter. The machine even locks up when running (x|k)screensaver during lunch :-( If you have other ideas as to what could be the matter, I'm open to suggestions. Please Cc:, I'm not subscribed (because of the volume). TIA, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development Free Software: `No walls, no windows! No fences, no gates!'
Re: dist-upgrade to woody
Patrick Mauro [EMAIL PROTECTED] writes: Help. pop. I wasn't sure which list to send this to, since this is a user question, but from what I understand, woody is a debian-devel issue. Hopefully no one kills me for posting to both I have potato installed on my machine. When I upgraded to woody I got gross problems. First, as I understand it, I did the correct upgrade steps. - modified sources.list to reflect that I want woody stuff now. - apt-get update - apt-get dist-upgrade The big problem is that my X won't work! Whenever I try to run it, I now get an error saying something like unable to stat file /etc/X11/X. Did something similar over the weekend (reinstall potato base, dist-upgrade to testing and then install task-x-window-system). The thing is that xserver-xfree86 does *neither* create a config file *nor* create a symlink to the server. I fixed this by running dexconf to create /etc/X11/XF86Config-4 based upon my choices during configuration upon installation and created a symlink to /usr/X11R6/bin/XFree86. This fixed it. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [q] apt-get source ..
Andrea Vettorello [EMAIL PROTECTED] writes: Yes, two/three days ago, look in the mailing list of this week about trouble compiling gs (ghostscript) from source. I've forced the inclusion of the time.h header, and a couple of trivial change in the stp driver itself about some incorrect inclusion path. time.h you say? I had kaffe break on that recently after I upgraded my system a bit. Same kaffe source, same configuration compiled fine just a few days earlier. From my change-log, I installed perl-5.6 on February 27 which upgrades libc6 and libc6-dev from unstable and then upgraded from testing the next day. I fixed it by adding a check for time.h in configure.in. Any chance that this is a bug somewhere in libc or perhaps in autoconf (don't know if that got upgraded :-{) -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: translated templates files
[EMAIL PROTECTED] (Colin Watson) writes: Speaking of which, I see roxen and roxen2 both use se for Swedish translations in the above list, while the generally accepted Swedish locale in most of the rest of Debian seems to be sv. Since the roxen* maintainer speaks Swedish and I'm only at beginner's level in it, though, I'm a bit reluctant to file a bug report right away. Which is correct, se or sv? Or will either do (seems unlikely)? Go ahead, file that bug report! The language tag `se' is used for Northern Sami. Swedish is sv. See http://www.indigo.ie/egt/standards/iso639/iso639-1-en.html for details. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: cgi-bin security
Thomas R. Shemanske [EMAIL PROTECTED] writes: I administer a couple of linux machines (potato based), and have a user which want to run cgi-bin scripts, and I would like to know if there are security concerns. Yes there are. Have a look at cgiwrap, it should take care of many if not most. Here's the blurp from potato. Package: cgiwrap Version: 3.6.4-2 Priority: optional Section: web Maintainer: Jim Lynch [EMAIL PROTECTED] Depends: libc6 (= 2.1.2) Architecture: i386 Filename: dists/stable/main/binary-i386/web/cgiwrap_3.6.4-2.deb Size: 50768 MD5sum: d36efb10f8fcefa9071b1bfa7460e01f Description: allows ordinary users to run their own CGI scripts a gateway that allows more secure user access to CGI programs on an HTTPd server than is provided by the http server itself. The primary function of CGIwrap is to make certain that any CGI script runs with the permissions of the user who installed it, and not those of the server. installed-size: 140 -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Article: Debian's Daunting Installation
Stuart Krivis [EMAIL PROTECTED] writes: I did write to Linuxworld and said that I thought the article by Barr was unfair. I pointed out what I felt were the flaws, and suggested how it could have been done better. The editor thanked me and said that my comments were being forwarded to the author. (I got the impression that other people submitted comments that went into a blackhole because they were abusive.) I wrote directly to the author and told him: |On Thu, 05 Oct 2000 19:11:56 Olaf Meeuwissen wrote: | Dear Sir, | | I just read your article about the difficulties of installing Debian. | While I do agree that it is not the easiest installation out there, I | suggest that next time you decide to write an article about it you use | the *stable* distribution to install. When installing the *unstable* | distribution you should expect rough going here and there. | | Also, reading the install documentation might explain a few of the eye | brow raisers you comment on. The Debian installation process is very | flexible and various parts can be installed from different media. You | just happened to have everything on CD-ROM. I routinely install from | a few floppies and get the rest over the net. | | BTW, that 2.2.17 kernel is now the default kernel of the Debian 2.2 | distribution, so your ethernet card should be supported now. As an | aside, the installer has been to summer school so you might want to | give it another try. To which I got the following reply: | Hi, Olaf | | Thanks for your note. See my column next week when I share | my experiences with the latest official version of potato. | | See ya, | Joe Barr -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: strange looking fonts.
Seth Arnold [EMAIL PROTECTED] writes: Russell, the debian-x mail list (in recent times anyway) is more intended for developers and ginuea pigs of XF86 4.0. debian-users is more appropriate. What I would imagine to fix your problem is to edit your /etc/X11/XF86Config file. I bet the 100dpi fonts are listed before the 75 dpi fonts. If so, swap their order and restart X. You could also just purge the xfonts-100dpi package ;-) If this doesn't fix it, then perhaps mucking with the X server's idea of the DPI of the display is the only way to go. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Memory usage confusion
Hi all, I'm trying to figure out how much memory some of my applications are gobbling up. Although the output of tools such as ps and top or cat /proc/pid/status give me heaps of numbers I am not sure which ones I ought to be looking at. If some kind soul would explain (or give an RTFM hint) the meaning of and differences between ps aux: VSZ, RSS top : SIZE, RSS, SHARE /proc/pid/status: Vm* I would appreciate it. Just for reference some output for a single process (X server) bash-2.03$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 25513 0.2 3.8 13312 4844 ?S14:09 0:01 /usr/X11R6/bin/XF86_SVGA :1 bash-2.03$ top PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND 25513 root 0 0 11056 4844 1848 S 0 0.0 3.8 0:01 XF86_SVGA bash-2.03$ cat /proc/25513/status Name: XF86_SVGA State: S (sleeping) Pid:25513 PPid: 25512 Uid:0 0 0 0 Gid:0 0 0 0 Groups: 0 VmSize:13312 kB VmLck: 0 kB VmRSS: 4844 kB VmData: 2884 kB VmStk:68 kB VmExe: 2764 kB VmLib: 1092 kB SigPnd: SigBlk: SigIgn: 80301000 SigCgt: 418046cb CapInh: CapPrm: feff CapEff: feff bash-2.03$ -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Leftover .debs in /var/cache/apt/archives
Brian May [EMAIL PROTECTED] writes: Olaf == Olaf Meeuwissen [EMAIL PROTECTED] writes: Olaf BTW, apt-move in potato can't handle multiple package Olaf sources. How do you get it to move packages from both Olaf Debian and Helix? Use the apt-move from woody... ;-). I figured so much, but since the sources.list in the original message was pointing to stable ... -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Package List
Mike [EMAIL PROTECTED] writes: Christopher W. Aiken wrote: OK, I give up. On a rpm flavor of Linux I can do a rpm -qa to get a list of ALL installed packages on my system. What do I have to do to get a list of ALL installed packages on Debian 2.2?? dpkg -l As this tends to be a long list, I usually do instead: dpkg -l | less So that I can scroll through it and read what's there. Or more, or most, or lv or ... Personally, I got used to using pager. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Leftover .debs in /var/cache/apt/archives
Steve Simons [EMAIL PROTECTED] writes: Can someone assist me please - I have .deb files left over in my archives folder even though I've apt-moved to a local mirrors folder on CDROM, changing myapt-move.conf each time as appropriate. For example, my sources.list contains - deb http://http.us.debian.org/debian potato main contrib non-free deb ftp://spidermonkey.helixcode.com/distributions/debian unstable main That's all; I've installed potato, kernel 2.2.17pre6 and X from the debian site, and helix-gnome from helix's site. I did an apt-move for both hierarchies (potato from debian and unstable from helixcode) and each time files were moved. However, I have files left over in the /var/cache/apt/archives folder such as xmms_1.2.3-helix1_i386.deb and rep-gtk_0.14-helix2_i386.deb, even though I've specified delete=yes in apt-move.conf. I'm concerned that in the event of a disaster, these files won't be available. Setting delete=yes in apt-move.conf will delete old .debs from your mirror (doesn't make much sense on a CDROM though), not from the apt cache. That there are still .debs in that cache is probably due to the fact that there are newer versions on your mirror. BTW, apt-move in potato can't handle multiple package sources. How do you get it to move packages from both Debian and Helix? -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
remote CVS: Permission denied
Hi .debs, I've installed and set up cvs. Locally things work alright, but when I try to do something from a remote machine I get Permission denied. The only thing I managed to do remotely is check out and release. I use ssh to access the remote server as in `CVS_RSH=ssh cvs status` from a checked out module. Enter my passphrase and boom! Permission denied I can ssh to the server no problem. Any ideas? Both machines use cvs 1.10.7-7 and run potato. I'll happily provide more details if required. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: X question - not the mouse!
Steve Juranich [EMAIL PROTECTED] writes: On Thu, 28 Sep 2000, Neil L. Roeth wrote: The X server start at 8 bit depth by default. I can start it in 16 by using the command startx -- -bpp 16. Is there a config file where I can set the default to be 16? I tried adding the argument to Xserver, but it did not accept it. What should work is if you put your 16 bpp definitions _before_ your 8 bpp definitions in your /etc/X11/XF86Config file. Or if you're like me and know you'll never use the lower settings, just comment them out (of the same file). Look in /etc/X11/XF86Config for DefaultColorDepth and change it to your liking. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Q: on Debian Bug-Tracking system
Wayne Topa [EMAIL PROTECTED] writes: Would someone know if the bugs listed on debian.org/Bugs are the 'current' outstanding bugs or just of all the bugs ever posted? It lists the all the bugs filed that the maintainer has not yet closed, which is likely someway between current outstanding and all bugs ever posted. Sometimes things get fixed in the upstream without the maintainer noticing it, sometimes the maintainer fixed it but forgot to close the bug report, and sometimes a bug report is nothing but a feature request. It depends. In working up a course outline for an up-coming class, I found a bunch of 'inconsistencies' in the doc packages (doc-base, dhelp, dwww). I decides to report them and was somewhat dismayed at the list of 'old' bugs that are still outstanding. 434 days, 866 days and 1192 days, for each of the above packages. Now hopefully these 'bugs' are minor and/or do not affect the overall use of the programs, or are fixed and the tracking system has not caught up yet. I hope the latter. For newbies like my class is, the doc system is the best way for them to get the 'warm fuzzy' feeling about how easy the system is to work with. If it doesn't work, as advertised in the man pages, then that feeling is effected. I've been using dhelp and dwww quite a bit and although there are some quirks it is mostly functional; at least for what I use it for: browse documentation installed at a central site so I don't waste disk space all over the place. Be honest to your class. Tell them that the system mostly works as documented, but since documentation is always trailing the latest and greatest version there may be some discrepancies. The bigger the time lag between version and documentation, well, it's obvious isn't it. For example, there are some HOWTOs available that haven't been updated for two years. Of course you should not expect the information in there to be correct. The pace of change is just too fast. I haven't looked at the bug list in awhile and it surprised me. I will not refer the students to 'that' page as it puts what, IMO, is the Best Linux Distribution, in a less then favorable light. Honest, but not favorable. Better that than a bunch of favorable lies ;-) -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: I'm afraid I've been cracked.
Steve Juranich [EMAIL PROTECTED] writes: On Wed, 27 Sep 2000, Alvin Oga wrote: check the binaries tooo... top, ps, ls, last, w, who, netstat, passwd, login, etc... Please remember that you're speaking to a recent convert from Mandrake. There, all I would have to do would be 'rpm -V `which top`' and rpm would tell me if the md5sum had been changed from the original package. Does dpkg have a similar funcitonality? I couldn't find mention of it in the man page. Right now I'm fiddling with md5sum, but if I understand correctly, that only tells me the md5sum of the current file, it can't verify that the md5 sum is correct (goes back to the it's smart, not magic argument). bash$ man debsums bash$ dpkg --search `which top` procps: /usr/bin/top bash$ debsums -s procps Any output could be a problem. Of course this assumes that the listed md5sums have not been tampered with. They are in /var/lib/dpkg/info. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: A series of newbieite questions
Matthew Dalton [EMAIL PROTECTED] writes: Olaf Meeuwissen wrote: Matthew Dalton [EMAIL PROTECTED] writes: You can uninstall xdm (apt-get remove xdm). Or disable/remove the symlinks in /etc/rc[0-6].d/. Then you can still start manually with `/etc/init.d/xdm` should you be so inclined. I thought the Official Debian Way(tm) was to use 'update-rc.d' to do that for you, but I decided not to recommend that method because a) I've never used it myself, and b) a newbie might have trouble with it and just uninstalling xdm would be simpler. Initially, I thought so too, but upon reading the manual page got the impression that update-rc.d is intended for use in (pre|post)(inst|rm) scripts. If any files /etc/rcrunlevel.d/[SK]??name already exist then update-rc.d does nothing. This is so that the system administrator can rearrange the links, provided that they leave at least one link remaining, without having their configuration overwritten. Of course, I might be wrong. Until I figure out what's the Right Way To Do This, I just disable the relevant startup scripts and then `/etc/init.d/script stop`. I pre- fix the symlink with `disabled.' so that `ls` gives a clear hint, like so: bilbo:~$ ls /etc/rc0.d K11cron K20inetdK20ssh K90sysklogd S35networking K12kerneld K20logoutd K25hwclock.sh S20sendsigs S40umountfs K20apache K20makedev K30setserial S30urandom S90halt K20exim K20sambaK89atd S31umountnfs.sh disabled.S10portmap while still allowing me to see which symlinks ought to be there as per default as well as their sequence numbers. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
World readable log files
Hi all, I just checked the permissions on files in /var/log. Too my surprise, I saw quite a few log files that are world readable. Now this may not be a big problem, but I thought that at least some of these should not be out of security concerns. Any opinions? The following are world readable on my rather spartan system: /var/log/apache/access.log* /var/log/apache/error.log* /var/log/dmesg /var/log/faillog /var/log/ksymoops/*.ksyms /var/log/ksymoops/*.modules /var/log/lastlog /var/log/news/news.* /var/log/nmb* /var/log/smb* /var/log/wtmp Not world readable are: /var/log/auth.log* /var/log/daemon.log* /var/log/debug* /var/log/exim/mainlog* /var/log/installer.log /var/log/kern.log* /var/log/lpr.log* /var/log/mail.err* /var/log/mail.info* /var/log/mail.log* /var/log/mail.warn* /var/log/messages* /var/log/setuid.changes* /var/log/setuid.today /var/log/setuid.yesterday /var/log/syslog* /var/log/user.log* /var/log/uucp.log* BTW, what is /var/log/mail.* good for if you have exim installed? -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Catch 22 dpkg mystery
Richard Jenniss [EMAIL PROTECTED] writes: Can anyone explain to me how you can install g++ ? I checked debian.org to find that g++ depends on http://www.debian.org/Packages/stable/devel/g++.html http://www.debian.org/Packages/stable/devel/g++.html thats great, so one of the dependencies is libstdc++2.10-dev But libstdc++2.10-dev depends on g++ http://www.debian.org/Packages/stable/devel/libstdc++2.10-dev.html http://www.debian.org/Packages/stable/devel/libstdc++2.10-dev.html ARGH !! its a catch22 star dot deb situation, can anyone help? thanks! Have you actually tried `apt-get install g++`? Circular dependencies are not a problem (unless it's a Pre-Depends one). It merely means that you need both g++ and libstdc++2.10-dev installed in order to _use_ either of them. It does not mean that one has to be installed already before you can install the other. Go ahead, `apt-get install g++` and ask again if that doesn't work (it should). -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: A series of newbieite questions
Matthew Dalton [EMAIL PROTECTED] writes: ObeseWhale wrote: 1. Debian keeps starting X as soon as I boot into linux. It give me the graphical login screen and everything. This is annoying because I don't seem to be capable of exiting X... Is there any way to stop Debian from running xdm on startup? You can uninstall xdm (apt-get remove xdm). Or disable/remove the symlinks in /etc/rc[0-6].d/. Then you can still start manually with `/etc/init.d/xdm` should you be so inclined. 2. My ethernet card, a Netgear fa310tx, came with a driver disk. The disk has a linux directory with but one file 'tulip.c', which is clearly the driver... How do I install this to get my ethernet card working? I don't really know... I'd probably try 'gcc -c tulip.c', followed by 'insmod tulip.o'. Isn't there a readme or anything on the disk? There is a tulip driver in /lib/modules/2.2.x/net that you can install via `insmod tulip.o` in the standard distribution. No need for you to compile it yourself. 3. Is there any way to stop 8bpp as being the default color depth for X and switch it to say, 16bpp. I know I could startx using -- - 16bpp but I'm a little lazy and just want 16bpp to be the default. The answer for that is in the XFree86 howto: http://www.linuxdoc.org/HOWTO/XFree86-HOWTO/x102.html#AEN152 Edit your /etc/X11/XF86Config, set DefaultColorDepth to whatever you please in the Screen section and restart X. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: file ownership
Ethan Benson [EMAIL PROTECTED] writes: On Tue, Sep 19, 2000 at 09:44:45PM +0100, john gennard wrote: In Potato, I'm installing qt-2.0.1 from a tar.gz. After uncompressing, unpacking and re-naming the directory 'qt', I checked its permissions and found owner and group given as '508'. On a previous occasion, when compiling some other software (forgotten what), I noticed its owner and group was shown as 'staff'. I presume this is the work of the software producer and not Debian. Can anyone explain the significance of '508' and say if I can safely change ownership or if some other course of action is desirable. Owner and group IDs are numeric. When you do something like `ls -l` the numeric IDs are converted to the corresponding users and groups according to /etc/passwd and /etc/group. Apparently, you don't have entries for ID 508, so it does not get converted. Grateful for any assistance. this happens when you extract tarballs as root (which you should not do) most people who create tarballs don't do so under fakeroot so the ownership is root.root. Extract *any* tarball as a normal user. It will set owner and group to that of the user extracting it. Most software will build from a normal user account. Installing in system locations will require more privileges though. chown -R root.root qt chmod -R u+rwX,go=Rx qt Hmm, suppose there's a set uid script in qt ... Well, you gotta be root to do this anyway, so I guess you already know that you may be asking for trouble ;-) me, when i create tarballs for distribution i always check that everything is world readable and not writable by anyone but owner, no extranious execute bits set. then run fakeroot tar -zcvpf foo.tar.gz foo this way all the ownership in the tarball is set to root.root as it should be. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Download
webmail [EMAIL PROTECTED] writes: I am an old Unix user (SunOs) and I would like to try my hand at Debian Linux. Here I am not even able to download it - I have made thousands of downloads under many conditions, but, in this case, all that happens to me is that my system (windows NT workstation) spends inordinate amounts of time calculating how much download time it will take and does nothing. I have DSL with a download rate of 1.2+ mbps - but no matter what, I keep getting the time calculations and nothing else. I make a select all and then go to download to file, nothing happens - when I go back to each file and select and click on the item, it downloads very rapidly - this is a way to go, but it could take forever and a day and I may not get everything where it belongs. Forgive my ignorance, but what am I doing wrong?? Don't know what you're doing wrong, but I get the impression you are trying to download the whole stable (potato) tree, something that you don't really want to do. All you need to get going is the following (for an i386 machine): http://ftp.debian.org/debian/tools/rawrite2.zip http://ftp.debian.org/debian/dists/stable/main/disks-i386/current/base2_2.tgz http://ftp.debian.org/debian/dists/stable/main/disks-i386/current/drivers.tgz http://ftp.debian.org/debian/dists/stable/main/disks-i386/current/images-1.44/rescue.bin http://ftp.debian.org/debian/dists/stable/main/disks-i386/current/images-1.44/root.bin If you plan on installing from NT, also get: http://ftp.debian.org/debian/tools/lodlin16.zip (optional) http://ftp.debian.org/debian/dists/stable/main/disks-i386/current/linux (optional) Use rawrite2 to dump the rescue.bin and root.bin on floppies for a NT free install and boot from the rescue floppy. During the installation you can load the drivers and base system from your NT partition. Once your base system is installed, you can download whatever you need via Debian/GNU Linux! Alternative: boot into DOS mode and, assuming all downloaded files are in c:\debian, change to that directory and loadlin.exe linux root=/dev/ram initrd=root.bin disksize=1.44 Questions? Ask! -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: apt-move and helix
Lindsay Allen [EMAIL PROTECTED] writes: Hello World, I like to keep a partial mirror and I use apt-move (woody) to good effect. Now I'd like to mirror helixcode as well. But I can't figure out a way to arrange things so that apt-move will handle it gracefully. Has anyone got this working? At the moment I am keeping my helixcode files under .../debian/projects/helix but there must be a better way. As of potato, apt-move can't handle additional sites beyond non-US :-( Don't know what's going on in the woody version. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: SMC9332/9334 EtherPower 10/100 driver
Mirek Kwasniak [EMAIL PROTECTED] writes: On Thu, Sep 07, 2000 at 03:27:03PM +0900, Olaf Meeuwissen wrote: Dear .deb, I've installed potato, but I can't seem to find the right driver for a SMC9332/9334 EtherPower 10/100 card. Any idea? I've tried epic100 and the smc* drivers without parameters but all I get is a device or resource is busy ... :-( As I know epic100 is for EtherPower^2. EtherPower cards are tulip(=DEC) based. A bit late perhaps, but thanks. I've tried the tulip and old_tulip drivers successfully. There was also a DECchip driver (forgot exact name) that installed fine but get the hardware address wrong. Now I only have to get pump to do the Right Thing. It just burps an `Operation failed.' and leaves me without a network setup. Any hints are welcome. Hmm, I could try with a fixed IP address (if only I had a spare one). -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
SMC9332/9334 EtherPower 10/100 driver
Dear .deb, I've installed potato, but I can't seem to find the right driver for a SMC9332/9334 EtherPower 10/100 card. Any idea? I've tried epic100 and the smc* drivers without parameters but all I get is a device or resource is busy ... :-( TIA, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Source directory
Juli-Manel Merino Vidal [EMAIL PROTECTED] writes: Hi everybody, Which is the proper place to uncompress and compile source code that will be installed on /usr/local without any deb? It's /usr/src or /usr/local/src? Your home directory. Configure, compile and check as yourself and install as root. For example, any program that I download from internet in .tar.gz file where should be uncompressed to follow debian policy (one of the two directories said above)? Put the tarballs in /usr/local/src if you want them to be generally available; in your home directory if not. Uncompressing and building shouldn't really be done in /usr/local/src IMO. Just an example, the linux kernel... I have never used the debian packages and I have always used a .tar.gz. But where should I place it? Will it work under /usr/local/src? The kernel-source package installs a tarball in /usr/src. I wouldn't mess with /usr/src myself and stick with /usr/local/src instead. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: search contents of a tar.gz
Brian Stults [EMAIL PROTECTED] writes: Is there a way to search the contents of a tar.gz file withouth having to extract everything. Specifically, I want to determine the disc-id of an audio CD, so I downloaded the freedb database in tar.gz format. Of course, it's a very large file. I would like to grep the contents to find the CD that I'm looking for, but I don't want to extract everything. I thought there would be a series of piped commands that would allow me to do it, but I can't figure it out. tar -tzf file.tar.gz | grep something -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Help: Screwed up LILO MBR
Tim Wood [EMAIL PROTECTED] writes: Hi everyone, sorry if this is a bit of a saga but please bear with me. [snip] Can anybody suggest a way to get back Win98 on /dev/hda1 and, more to the point, suggest a way to be able to boot /dev/ha1, /dev/hda5 and /dev/hda2? Apart from `man lilo` and `zless /usr/share/doc/lilo/Manual.txt.gz` (or similar) you mean ;-)? Boot into debian (I don't know RH, that's why) from a floppy and change /etc/lilo.conf to read along the following lines: boot=/dev/hda delay=20 default=Win98 image=/vmlinuz label=Debian root=/dev/hda2 image=/vmlinuz label=RedHat root=/dev/hda5 other=/dev/hda1 label=Win98 You probably don't want to touch what is already there and replace /vmlinuz with the appropriate value for your RedHat system. If all that's done, run `/sbin/lilo -t` to see if the config file is OK and then `/sbin/lilo -s`. You're done. When rebooting you have 2 seconds (20 deciseconds) at the LILO prompt to hit a shift, ctrl or alt key. Hit the tab key to get a list of options or just enter one of the labels you stuck in /etc/lilo.conf. That should get you booted into what you want, barring major goofs from me. Hope that helps, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: apt-get and glibc update
Federico Grau [EMAIL PROTECTED] writes: Hello people, I am a relatively new debian user (a couple months), but long time linux user. I am curious why the new glibc updates are not showing up when I run apt-get. Wild guess: you *do* have deb http://security.debian.org/ stable/updates main in your /etc/apt/sources.list, don't you? I am running potato, have run apt-get update, and also dpkg -l libc6, but the most recent version it lists is 2.1.3-10. My sources.list file is pointing to a local mirror (tux.org)... the announcement and new packages were put out a couple days back, could it take that long for the mirrors to sync up? Well it could, but probably didn't. It may just be somewhere else (or not mirrored to begin with). Wander around your mirrors equivalent of dists/potato and see what's there. Security updates go into 'updates' first and whether/when they will be merged into 'main' ... who knows? -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: search contents of a tar.gz
kmself@ix.netcom.com writes: On Tue, Sep 05, 2000 at 01:10:50PM +0900, Olaf Meeuwissen wrote: Brian Stults [EMAIL PROTECTED] writes: Is there a way to search the contents of a tar.gz file withouth having to extract everything. Specifically, I want to determine the disc-id of an audio CD, so I downloaded the freedb database in tar.gz format. Of course, it's a very large file. I would like to grep the contents to find the CD that I'm looking for, but I don't want to extract everything. I thought there would be a series of piped commands that would allow me to do it, but I can't figure it out. tar -tzf file.tar.gz | grep something Note that this requires processing the archive (including uncompressing it), but that data need not be stored persistantly anywhere. This should fit the parameters of the request, but if the question is can I avoid decompression CPU overhead, the answer is no. True. I had developed a habit of first running `tar -tzf` after I got hit by a few archives that didn't extract into their own directory and puked all over the current one, until I found out about `tar -C`. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Filesystem layout and hi everybody
S.Salman Ahmed [EMAIL PROTECTED] writes: OM == Olaf Meeuwissen [EMAIL PROTECTED] writes: split /usr amd /usr/local if they're just partitions on the same drive? I could see doing that if they were on seperate disks to gain a little bump in access speed. so if you decide to reinstall the OS clean you can run mkfs on / /usr /var and any /tmps without losing locally compiled software and user home directories (/home) OM Another reason would be if you wanted to mount /usr read-only OM but not /usr/local. OM Why would you want to mount /usr read-only ? As others have mentioned already: a little bit of extra protection against root shooting itself in the foot while allowing 'staff' to play around in /usr/local nevertheless. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Trimming down of /var/log/messages
USM Bish [EMAIL PROTECTED] writes: With time, the size of /var/log/messages keeps on growing, till it really becomes really huge, with information no longer needed. Since syslogd is constantly monitoring and writing on to it, I have never attempted initialising a fresh /var/log/messages on a running machine. Is there a recommended way wherein I keep the log for the last seven days only, with some process at boot-up or cron ? Seems like logrotate will fit your bill. Package: logrotate Priority: important Section: admin Conffiles: /etc/logrotate.conf 70593fe48cb39133328b42a560b5a8cf Description: Log rotation utility The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size. Normally, logrotate runs as a daily cron job. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Filesystem layout and hi everybody
Ethan Benson [EMAIL PROTECTED] writes: On Mon, Sep 04, 2000 at 10:34:23PM -0400, Gregg C wrote: Why split /usr amd /usr/local if they're just partitions on the same drive? I could see doing that if they were on seperate disks to gain a little bump in access speed. so if you decide to reinstall the OS clean you can run mkfs on / /usr /var and any /tmps without losing locally compiled software and user home directories (/home) Another reason would be if you wanted to mount /usr read-only but not /usr/local. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: security
Ethan Benson [EMAIL PROTECTED] writes: On Sun, Sep 03, 2000 at 01:46:51AM -0500, Mike McNally wrote: It concerns me when my machine grinds when I don't know why it's grinding. I run top and it says find is running. Why? I do a grep -r find /etc/cr* and the only things that come up run per crontab. Crontab shows that all cron routines run around sunup... it's now 1:42 and my linux box with a 24hr old install of debian was grinding at 1:10. is your clock correct? or perhaps you have anacron installed which runs cron jobs approximatly whenever it feels like it. Make that 5, 10 or 15 minutes after booting (if you use the default configuration). See `man anacrontab` and /etc/anacrontab. the find process is normal, i think its the locate database being rebuilt. all my debian boxes do the same thing (except at 6:25, i don't use anacron) -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Kernel configurations
Debian User Jean-Baptiste Note [EMAIL PROTECTED] writes: Hi all Does anyone know where I could get the config files of the pre-compiled kernels found in Potato ? The config files for installed kernels are in /boot/. The config of the kernel in the base tarball is in dists/stable/main/disks-i386/current/images-1.44/kernel-config or similar on the Debian servers. To extract just the config file from a .deb: dpkg --fsys-tarfile kernel-image-2.2.17_2.2.17pre6-1.deb \ | tar xf - ./boot/config-2.2.17 Adjust version numbers to taste. Hope this helps, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: sunrpc
Debian Mail [EMAIL PROTECTED] writes: D Ghost here, I've searched and looked for documentation on what sunrpc is and what starts/stops it in debian. I have checked inetd.conf and it is not started in there. I want to not run this deamon. How do I turn it off ? This service is provided by `portmap'. Remove `/etc/rc?.d/S18portmap' to stop it from being started, but note that any RPC servers that are invoked will more than likely refuse to start or just simply crash. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: sunrpc
Debian Ghost [EMAIL PROTECTED] writes: Dear Olaf, Thank you for the reply! I am not so sure I understand what RPC servers are. Same here :-( Does it have something to do with an NFS type service? Yes, I remember I had to put portmap in my /etc/hosts.allow to get NFS to work. I have ALL:ALL in /etc/hosts.deny. I do not know that I use any RPC servers or services. That is why I am considering turning down the sunrpc service. Thinking about this myself too, but I'm not sure what's gonna break. Would this be wise? If you don't need it, yes. Just junk all servers you don't need. I'd even consider purging them ;-) Thanks! No thanks. BTW, you cc'd to debin-user :-) D. Ghost On 1 Sep 2000, Olaf Meeuwissen wrote: Debian Mail [EMAIL PROTECTED] writes: D Ghost here, I've searched and looked for documentation on what sunrpc is and what starts/stops it in debian. I have checked inetd.conf and it is not started in there. I want to not run this deamon. How do I turn it off ? This service is provided by `portmap'. Remove `/etc/rc?.d/S18portmap' to stop it from being started, but note that any RPC servers that are invoked will more than likely refuse to start or just simply crash. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Packages I Don't want to upgrade
Dave Sherohman [EMAIL PROTECTED] writes: Troy Telford said: Also - I know there is a XF4 deb packaging project, and it's rather... alpha. Is there at least a meta-package that will meet all the XF86 dependancies, and not be overwritten by XF86 3 debs? (Meaning, it meets the deps for it, but it'll let me use the existing tarball installation from XF86.org?) Check out the equivs package. It lets you create dummy packages that say various dependencies are provided/required to handle situations like this. You could also put them on hold with dselect. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Debian 2.2 and security - SecurityPortal article
Thomas Guettler [EMAIL PROTECTED] writes: On Wed, Aug 30, 2000 at 11:55:57AM +0200, Leszek Gerwatowski wrote: On SecurityPortal there is an article about Debian 2.2 security: http://www.securityportal.com/closet/closet2830.html The Author (Kurt Seifried) makes the newbie believe Debian2.2 is not secure, but you should look at it more close. [snip] The first three are enabled, but I think that is no security problem. But shell, login, exec are not enabled on my system, at least on my system. Has someone a fresh installation to tell us what the default is? Not quite fresh, but after I purged pump, ftp, telnet, ppp, pppconfig and pcmcia-cs from the base install, the only things enabled in my /etc/inetd.conf are: discard (tcp/udp), daytime (tcp) and time (tcp). Edited /etc/hosts.deny to read ALL:ALL to boot. This should perhaps be the default, so sys admins have to turn things on explicitly. For other servers the default access should probably be the same as in /etc/hosts.deny if you don't want them to run from inetd. [snip] LILO-problem: If you have physical access to the machine, you can boot from a rescue disk and get root everytime. (Except you use a encrypted filesystem). Change your BIOS settings to only boot from the internal disk and password protect it. On my system I have such a setup and require a password for all non-default boots. Note, all passwords (BIOS, boot and root) are of course different. If your internal disk won't boot for some reason, you can always go in and change the BIOS settings to allow rescue boots from floppy. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Debian 2.2 and security - SecurityPortal article
Henrique M Holschuh [EMAIL PROTECTED] writes: On Thu, 31 Aug 2000, Olaf Meeuwissen wrote: Edited /etc/hosts.deny to read ALL:ALL to boot. You probably want to add portmap: ALL to /etc/hosts.deny as well, just in case. ALL: ALL does not handle the portmapper for some reason. In an earlier incarnation of the same machine (running potato when it was still frozen) I had to enable the portmapper in /etc/hosts.allow to get NFS mounts to work. Looks like ALL:ALL covers portmap. Change your BIOS settings to only boot from the internal disk and password protect it. BIOSes are very easy to erase, you know. Some are even stupid enough to have 'master key' passwords. You really need to keep the machine behind a locked door (or in a special locked case) if you can't trust everyone who gets near it. Otherwise, it won't hold even a reasonably tech-savy 10 year old (read proto-hardware-hacker) that manages to stay 5 minutes alone near the machine in possession of some tools and a small resistor (if he's a nice kid) or piece of wire (if he's a not-so-nice kid or likes sparks) :-) I know BIOS passwords are not super-secure, but at least it will make it a fair bit more difficult for our average computer user to screw up the system. Putting the machine behind locked doors is not an option. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: True Type Fonts
kmself@ix.netcom.com writes: On Sun, Aug 27, 2000 at 11:38:31PM -0500, Daniel E. Baumann wrote: Hello fellow debian users. I was wondering which true type font server you people recommend. I have all the relevant HOWTO's (e.g., the font deuglification howto, the Debian tt font howto, etc.), but it seems that each of them recommends different font servers, etc. Which do you find to be the best xfsft, xfstt, redhat xfs (as if Debain users would use this one)? I would just like to hear a few opinions before I decide to choose one to set up. xfstt, happy with it. Haven't tried other options. xfs-xtt and happy with it. Seems everyone is happy with their choice, but I don't think I'd be so happy with xfstt though for Japanese or Chinese fonts as it renders a whole font at a time. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: over 400 msg's this am
[EMAIL PROTECTED] writes: Someone in Hong Kong has a broken mail-news gateway that is regurgitating the list. As a slight aside, why does so much spam and other troublesome things come from/get routed through Asian systems? Do sysadmins over there just set up a box and forget about it? Probably not, but I'd say they are not as security savvy as one would like them to be. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [Q] what do these portmap log entries mean?
Thanks for the quick reply! Jonathan D. Proulx [EMAIL PROTECTED] writes: Your example shows local IP addresses for the refused hosts, if this is the case it is possibly just network noise. Paranoid rant follows: The (unfortunately) more likely case is that you are being scanned for the latest statd vulnerability. If you have the latest nfs-common package you are safe (you should also have a kernel version of 2.2.16 minimum). I lost 50+ machines to this about a week ago (they were all shutdown before mr. skriptkiddie came back, but the break-in went through 6 class c subnets in about 3min setting up back doors) I don't have NFS packages installed, running 2.2.17 generic kernel. I installed potato afresh right after it became stable from a local mirror and made sure all md5sums were OK (before installing from a freshly downloaded Packages file). Haven't installed much: base tarball, tob/afio/cron/exim, samba and apache. Even purged telnet, ftp, ppp, pppconfig, pump and pcmcia-cs. My particular instance setup root shells listening on port 199, entered in /etc/inetd.conf so you might want to look there and see if there's a suspicious smux line. This is what was done once they got root, not the vulnerability, so lack of this line may simply indicate a different use of it. No smux in there. If you have a new kernel an nfs-common Version: 1:0.1.9.1-1, no worries, you can just laugh the scan off (if that's what it was) On Thu, Aug 24, 2000 at 12:49:13PM +0900, Olaf Meeuwissen wrote: :Dear all, : :I've been seeing entries like below in my logs for a while. : : Aug 24 12:38:01 bilbo portmap[27641]: connect from 172.16.x.y to callit(390109): request from unauthorized host : Aug 24 12:38:04 bilbo portmap[27641]: connect from 172.16.x.y to callit(390109): request from unauthorized host : :and : : Aug 24 12:43:34 bilbo portmap[27659]: connect from 172.16.a.b to getport(300598): request from unauthorized host : :I've implemented a default deny-all policy in /etc/hosts.deny with : : ALL : ALL : :My /etc/hosts.allow effectively reads : : nmbd smbd : 172.16. : :From the log messages I assume that the portmap connect attempts fail :(as per policy), but what do these connect attempts mean? Is someone :trying to crack my server or something? I did challenge our network :admin ... -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [Q] what do these portmap log entries mean?
Nate Amsden [EMAIL PROTECTED] writes: Olaf Meeuwissen wrote: Aug 24 12:38:01 bilbo portmap[27641]: connect from 172.16.x.y to callit(390109): request from unauthorized host Aug 24 12:38:04 bilbo portmap[27641]: connect from 172.16.x.y to callit(390109): request from unauthorized host looks suspicious.. Aug 24 12:43:34 bilbo portmap[27659]: connect from 172.16.a.b to getport(300598): request from unauthorized host I've implemented a default deny-all policy in /etc/hosts.deny with ALL : ALL are you running portmap from inetd ? or anything that uses tcp_wrappers? every configuration i've seen this is not the case, so hosts.deny hosts.allow don't do anything in terms of protecting portmapper. No, but `man portmap` says it is protected by the tcp_wrapper library, so hosts.deny should have effect. From another system I know I had to set portmap : some_host to get NFS mounts to work. My /etc/hosts.allow effectively reads nmbd smbd : 172.16. ok..also is nmbd and smbd launched from inetd ? usually they are launched as daemons if this is the case hosts.allow would have no impact on them. Not anymore (see my post Samba via inetd, not a good idea?). These setting are now in smb.conf and I run both as daemons. From the log messages I assume that the portmap connect attempts fail (as per policy), but what do these connect attempts mean? Is someone trying to crack my server or something? I did challenge our network admin ... it is possible, when portmapper or any rpc services are concerned i am paranoid about them(got cracked by them once 2 years ago), i always completely turn them off(yes that means not being able to have quotas) OR at least firewall them completely so nobody on the outside can access them. If you are concerned about people breaking into your system I highly reccomend installing nmap and port scanning yourself, portmapper and rpc services don't have a pretty security history on linux. My latest port scan (nmap running through all -s options) results show 9 opentcp discard 13 opentcp daytime 25 opentcp smtp 37 opentcp time 111 opentcp sunrpc 139 opentcp netbios-ssn 9 openudp discard 111 openudp sunrpc 137 openudp netbios-ns 138 openudp netbios-dgm And I'm behind a firewall, though my machine is not firewalled itself, not yet at least. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [Q] what do these portmap log entries mean?
Nate Amsden [EMAIL PROTECTED] writes: Olaf Meeuwissen wrote: My latest port scan (nmap running through all -s options) results show 9 opentcp discard 13 opentcp daytime 25 opentcp smtp 37 opentcp time 111 opentcp sunrpc 139 opentcp netbios-ssn 9 openudp discard 111 openudp sunrpc 137 openudp netbios-ns 138 openudp netbios-dgm And I'm behind a firewall, though my machine is not firewalled itself, not yet at least. What ports did you scan? i usually specify -p 1-65535 when using nmap. if it were my machine i would for sure firewall all those services(except smtp). Didn't specify anything, so that'd be 1-1024 according to `man nmap`. Just ran nmap -sT -p 1-65535 and that didn't turn up anything new. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [Q] what do these portmap log entries mean?
Michael Banck [EMAIL PROTECTED] writes: On Wed, Aug 23, 2000 at 11:59:00PM -0700, Nate Amsden wrote: What ports did you scan? i usually specify -p 1-65535 when using nmap. if it were my machine i would for sure firewall all those services(except smtp). huh, my protscan shows this: Interesting ports on Blackbird (127.0.0.1): PortState Protocol Service 9 opentcpdiscard 13 opentcpdaytime 21 opentcpftp 23 opentcptelnet 25 opentcpsmtp 37 opentcptime 111 opentcpsunrpc 119 opentcpnntp 139 opentcpnetbios-ssn 757 opentcpunknown 1024opentcpunknown 1025opentcplisten 6000opentcpX11 I'd definitely considered purging telnetd ... clear text passwords are not such a good idea, security wise. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Password decrypting ? Sendmail problems ?
Oliver Schoenknecht [EMAIL PROTECTED] writes: Hello everyone, first of all I need to tell you that I have some kind of bet running - a friend of mine has put up a SuSE 6.3 linux-proxy and mail server and claims it to be safe although you can reach it via telnet and ftp from outside... Recently he dared me to try to crack his password file so that he may think about new ways of protecting his system... After some search I got his password file which you see below ... I for myself can make out the different users but the passwords are encrypted does anyone of you know how to decrypt those strange letters into clear text ? Your help is appreciated very well as I am about to win some gallons of beer if I succeed ;-) ! root:nfDtfW1jlCDo.:0:0:Der Systemverwalter:/root:/bin/bash bin:*:1:1:bin:/bin: daemon:*:2:2:daemon:/sbin: adm:*:3:4:adm:/var/adm: lp:*:4:7:lp:/var/spool/lpd: sync:*:5:0:sync:/sbin:/bin/sync shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown halt:*:7:0:halt:/sbin:/sbin/halt mail:*:8:12:mail:/var/spool/mail: news:*:9:13:news:/var/spool/news: uucp:*:10:0:uucp:/var/spool/uucp: operator:*:11:0:operator:/root: games:*:12:100:games:/usr/games: gopher:*:13:30:gopher:/usr/lib/gopher-data: ftp:*:14:50:FTP User:/home/ftp: nwserv:*:98:98:Novell-Server-Administrator:/home/nwserv: nobody:*:99:99:Nobody:/home/ftp: users:*:100:100:Users:/: xmail:*:101:101:Automatischer Mail-Austausch:/: ips:OYpr4MrkKRtfg:102:0:Das IPS-Wartungsteam:/home/ips:/bin/bash gast:nNeuxHMzMuJ9s:400:400:Generic STZ User:/home/gast:/usr/local/bin/menue client01:T3S4y0uqUDiOc:401:400:Gast-Benutzer If the file you got is /etc/passwd, tell your friend to use shadow passwords to begin with. If he already is, tell him he has a problem with permissions on /etc/shadow. I have -rw-r--r--1 root root 1583 Jul 16 17:28 /etc/passwd -rw-r-1 root shadow992 Jul 16 17:28 /etc/shadow which requires root access or shadow group membership to just see the encrypted passwords. Next, if you want to try crack the passwords you got, there are a few programs that will do that for you. See the Security HOWTO chapter 6 for details on password encryption and cracking. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: xfree86 development package
John L. Fjellstad [EMAIL PROTECTED] writes: On Mon, Aug 21, 2000 at 03:11:18AM -0600, Bruce Sass wrote: I'm trying to compile and install knapster. Unfortunately, it needs the xfree86 header files. Anyone know which package these files are in? xlib6g-dev Are you sure that is all I need. I have it installed (according to dpkg --list), and all I can find in /usr/include/X11 is two directories bitmaps, and pixmaps. Shouldn't there be some header files there too? Look at the output of `dpkg -L xlib6g-dev' to see what it installs. I grep'ed for *.h files and counted 213 of them. Note that most are in /usr/X11R6/include/X11. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Samba via inetd, not a good idea?
Dear all, I set up Samba to run via inetd (and through tcpd) so I coud easily control host access (default deny-all policy). This sounds worse than it actually is: all you have to do is run `sambaconfig' and hit `i'. Everything will be taken care of except the deny-all policy. This is trivial: just put `ALL : ALL' in `/etc/hosts.deny' and you're done. This setup works fine except for the fact that `nmbd' has a tendency to start looping which creates tons of messages in `/var/log/nmb', `/var/log/daemon.log*' and `/var/log/syslog*'. Typical entries look like Aug 23 16:03:08 bilbo nmbd[5346]: connect from 172.16.x.y Aug 23 16:03:08 bilbo inetd[5328]: /usr/sbin/tcpd: exit status 0x1 for daemon.log and syslog. This repeats for a bit with only the `nmbd' process ID changing until `inetd' gets sick of it and says Aug 23 16:03:08 bilbo inetd[5328]: netbios-ns/udp server failing (looping), service terminated The entries in `/var/log/nmb' say [2000/08/23 16:03:08, 1] nmbd/nmbd.c: main(757) Netbios nameserver version 2.0.7 started. Copyright Andrew Tridgell 1994-1998 [2000/08/23 16:03:08, 0] lib/pidfile.c:pidfile_create(86) ERROR: nmbd is already running. File /var/samba/nmbd.pid exists and process id 5346 is running. This happens for a variety of IP addresses and some of these have at some points in time successfully established connections via `smbd'. Apparently, `nmbd' stays around for a bit after `inetd' starts it, but I don't quite understand why the looping occurs. Anyways, I found that `smb.conf' supports `hosts deny' and `hosts allow' keywords with the same syntax as used for `/etc/hosts.deny' and `/etc/hosts.allow'. So I figured I'd better run as daemons instead of from `inetd' and added something like this to the `[global]' section of my `smb.conf' hosts deny = ALL EXCEPT localhost# deny-all policy hosts allow = 172.16. # private class B network and ran `sambaconfig' again. So far, so good. I haven't seen any looping in the last few hours. Uh, after starting it with the `-a' flag (already filed a bug report about this). All in all, it looks like running Samba from `inetd' is not such a good idea. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
[Q] what do these portmap log entries mean?
Dear all, I've been seeing entries like below in my logs for a while. Aug 24 12:38:01 bilbo portmap[27641]: connect from 172.16.x.y to callit(390109): request from unauthorized host Aug 24 12:38:04 bilbo portmap[27641]: connect from 172.16.x.y to callit(390109): request from unauthorized host and Aug 24 12:43:34 bilbo portmap[27659]: connect from 172.16.a.b to getport(300598): request from unauthorized host I've implemented a default deny-all policy in /etc/hosts.deny with ALL : ALL My /etc/hosts.allow effectively reads nmbd smbd : 172.16. From the log messages I assume that the portmap connect attempts fail (as per policy), but what do these connect attempts mean? Is someone trying to crack my server or something? I did challenge our network admin ... -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Linux Mail Client
Steve Lamb [EMAIL PROTECTED] writes: Monday, August 21, 2000, 11:05:16 AM, John wrote: An accurate description of any attempt to discuss email software with Mr. Lamb. Only because Unix people have been brainwashed into thinking there is only one TRUE WAY of doing it. Uh, in true Unix spirit, that one TRUE WAY would be to think of as many different ways to do it as possible ;-) -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Security - trust etc.. (Was: Reading e-mails on text mode)
Bob Bernstein [EMAIL PROTECTED] writes: On Mon, Aug 21, 2000 at 03:08:49PM -0400, Noah L. Meyerhans wrote: You can't. Period. Same goes for source. Same goes for commercial binaries. Same goes for any code you haven't read (or had someone you thoroughly trust read). Agreed. However, the classic statement on the subject is even stronger: http://www.acm.org/classics/sep95 It's Ken Thompson's Reflections on Trusting Trust: The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. And even then, you could goof up yourself! -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Baking my own bootable potato using mkisofs
[EMAIL PROTECTED] writes: I would like to know how to make my own bootable Debian installation CD, WITHOUT the use of those humongous *.iso files. For some reason my ISP frequently turns in abysmal ftp transfer rates. I plan to use a web grabber, pavuk, to snarf the packages off the net. In particular, I would like to know the layout of the installation CD. Where are the essential packages located? Where do I find the boot floppy image(s)? A tree listing summarizing the directory structure, relative to the download site, would be fine. Look into debian-cd. Oops, you haven't installed Debian yet :-(, but it might just work anyway. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
[Q] utility to format MO disks
Dear all, I'm looking for a utility to format MO disks. Anyone know where to look? TIA, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: How to get xemacs21 to display japanese characters in gnus
John S. J. Anderson [EMAIL PROTECTED] writes: Pontus Lidman [EMAIL PROTECTED] writes: I'm trying to use gnus to read posts written in japanese. Unfortunately it refuses to show the posts using japanese characters by default. You've left out at least one crucial piece of info: what version of gnus you're running. (Try M-x gnus-version.) I'm using 5.8.3 and have no problems under emacs20 (20.7), well, not after I installed the separately packaged gnus. I have no special gnus setup to enable japanese anymore (used to with emacs20 (20.3 or so) though). -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Corel to Debian micro-howto
Aaron Maxwell [EMAIL PROTECTED] writes: 1) When this is all done, will settings in /etc, such as my network settings be changed? apt-get always asks you before overwriting a /etc file. Just select 'no' (the default, iirc) and it will leave the /etc settings untouched. (It will do this for each /etc/ file separately, so you can clobber some and not others.) Also, I believe apt-get makes backups of /etc files you tell it to overwrite (someone correct me if i'm wrong?) From scant experience, the new conffile gets a .dpkg-dist suffix if you choose to keep the old one. If you replace the old one it gets a .dpkg-old suffix tagged on. For just a look on what junk is floating around: find /etc -name '*.dpkg*' -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Corel to Debian micro-howto
Aaron Maxwell [EMAIL PROTECTED] writes: Someone asked, so here's how I transmuted my version of CorelOS to more or less pure debian. Though this worked for me, it might be a good idea to read any comments made on this post before doing this, since IANAG (i am not a guru) 1. Establish a net connection, if it's not already up. (i.e., so you can ftp) 2. If you're at not at the command line, go there. Log out of the window manager, and press Ctrl-Alt-F2; you should go from the KDE login screen to a command line login prompt. Log in as root. 3. Remove all packages with the string corel in them. You can get a list of these by issuing the command: [1] dpkg --get-selection | grep corel You'll get two columns; the names of the packages you want to remove will be in the left column. Remove them with the following command, as root: apt-get remove pkg1 pkg2 ... where the pkgN's are the names of what you're removing. You might as well purge and let the shell do the hard work: apt-get --purge remove `dpkg --get-selection | grep corel | awk '{print $1}'` or something similar. 4. Edit /etc/apt/sources.list to point to where the new packages are located. If you're not sure, I recommend commmenting out all the lines in there (put a '#' as the first char of the line), then add this line: deb ftp://ftp.debian.org/debian frozen main contrib non-free This will upgrade your system to potato, Debian's 'frozen' release. CorelOS is based on slink, Debian's 'stable' release. If you'd rather update to the latest version of slink, replace the word 'frozen' with 'stable' in the line above. You can then upgrade to frozen from there if you like. I just went straight to frozen with no problems, but ymmv. 5. As root type: apt-get update apt-get dist-upgrade Your quasi-debian system will start downloading stuff and asking you questions as it installs and configures packages. It may have to download a lot of stuff, especially if you're upgrading to frozen. 6. KDE is now gone (CorelOS comes with a Corelized version of KDE, which you removed a few steps ago). In its stead, I installed gnome. [1] Install the necessary gnome stuff with this command: apt-get install gdm gnome-bin gnome-panel gnome-panel-data gnome-core (that's one long line). That should be it. 'gdm' is the name of the program that provides the nice graphical login. If it doesn't automatically start, start it by typing as root /etc/init.d/gdm start [1] I don't know how to install the non-Corel KDE; if you want that instead, please search the list archives. (http://lists.debian.org/#search -- just search the debian-user list, ignore the 1.4e12 other lists) Put this in /etc/apt/sources.list deb http://kde.tdyc.com potato kde If you are looking for a i18n version targeted at Japanese users deb http://ftp.kde.gr.jp/kde/stable/1.1.2/distribution/deb potato kde but beware that kdm and `Lock Screen' were broken last time I checked. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: checking whether a package is installed
Aaron Maxwell [EMAIL PROTECTED] writes: Is there a quick, elegant way to check if a particular package is installed? dpkg -l package You can use shell wildcards if you quote, e.g. dpkg -l 'dpkg-p*'. This gives (depending on your dpkg caches) something like Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii dpkg-perl 0.1-3.0Perl interface modules for dpkg pn dpkg-pythonnone (no description available) from which you can easily see what is installed. In my case I want (column 1) and have (column 2) installed dpkg-perl. The perl-python package I want purged and is not installed. Very quick, very elegant. Not? -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [Q] Can Samba mount 'shared' (not 'served') Win drives ?
Dirk Eddelbuettel [EMAIL PROTECTED] writes: At work, in a predominantly NT environment, I use Samba to mount drives of the NT servers on the Lan. However, I'd also love to access files on my (vanilla NT 4.0) desktop at work which is set to let other 'share' its files. I tried mounting these from a Linux box but failed. Is there a way to get to these files so that I could access the files from Linux? I don't know what kind of access you are looking for, but I've had no problems at all accessing my colleagues' shares on their Win9x boxes with smbclient. You might want to give it a try. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: tar: Archive contains future timestamp 2013-09-09 00:10:39
Krzys Majewski [EMAIL PROTECTED] writes: What's up with future timestamps, eg: tar: Archive contains future timestamp 2013-09-09 00:10:39 I see them sometimes, typically in .netscape/cache/. If I'm unlucky they have huuge file sizes and I have to debugfs them away.. Where do these things come from and why? I see the same when building a Packages file for my local archive. I haven't a clue as to which package is causing this. BTW, this is for a potato archive. Hints anyone? -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
[Q] ports 757 and 1024
Dear Debians, Would anyone happen to know what the ports 757 and 1024 are used for of the top of their heads? TIA, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Java compiler and vm.
Morten Liebach [EMAIL PROTECTED] writes: On 1, aug, 2000 at 03:22:44 +0200, Goeman Stefan wrote: Does anybody know where I can find a good Java compiler and Java Virtual Machine for Debian/Linux? Look at http://www.blackdown.org/java-linux/mirrors.html for your closest mirror. I've unzipped it to /usr/local, installed java-compiler and java-vm dummypackages (not shure it's their exact names) to satisfy dependencies. Then edit /etc/java-c and /etc/java-vm to point to /usr/local/jdk1.2.2/bin/[java,javac], and/or put /usr/local/jdk1.2.2/bin in your $PATH. Works for me. You could also try kaffe. Haven't done so myself, but anyway -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: make menuconfig
Stan Kaufman [EMAIL PROTECTED] writes: Jens Müller wrote: I've tried reinstalling the ncurses library, any other suggestions. I would like to use this to reconfigure my kernel Did you install libncurses5-dev or similar? You need a *-dev package for the curses.h file to be there. If you have, check where it ended up and see if your compiler looks in the right places for it. well, shouldn't that be done by some dependencies? No, it shouldn't. You could equally well run `make config' or `make xconfig' to build your kernel. The first doesn't require anything that's not in the Depends: and Recommends: fields. The latter requires you have a running X server. Should the kernel sources depend on xserver (and what not)? I don't think so. Perhaps a Suggests:, but definitely not a Depends: or Recommends: (because dselect will mark these for installation by default)! I just checked (potato) and all the kernel-source packages mention ncurses-dev or libncurses-dev in the Suggests: field. What's more, it also lists tk-dev and for the newer kernels task-tcltk-dev. It's all there. It would seem so, but that is exactly the problem. Install libncurses5-dev and Life will be Good again. I had the same trouble and this was the solution. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: current Redhat user evaluates Debian
John L. Fjellstad [EMAIL PROTECTED] writes: And dselect is a really interesting utility, especially the ability to configure the packages after installation. You can do that even _before_ installation now with potato for many packages. The only thing during installation that was kind of weird was the questions about modules. My understanding of modules in Linux is that it doesn't matter if you have it compiled/installed. modprobe will automagically load it into memory when you need it. Not sure why the installation said you could damage(?)/mess up the installation if you installed a module for a hardware device you don't have. Don't know about damaging or messing anything up, but certain modules may have to loaded during the boot. That is before modprobe can run. These modules you will have to `install' during installation. On one of my machines I had to configure the eepro100 module. If I didn't, the whole network configuration just never happened and all network services would be dead. Just install without any modules if you can get away with it. Chances are you can. If you need to install modules later use modconf. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: make menuconfig
Dale Morris [EMAIL PROTECTED] writes: when I try to run make menuconfig I encouter the following error: In file included from lxdialog.c:22: dialog.h:29: curses.h: No such file or directory make[1]: *** [lxdialog.o] Error 1 I've tried reinstalling the ncurses library, any other suggestions. I would like to use this to reconfigure my kernel Did you install libncurses5-dev or similar? You need a *-dev package for the curses.h file to be there. If you have, check where it ended up and see if your compiler looks in the right places for it. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Is Debian the last OS ? (Long reply)
Adam Scriven [EMAIL PROTECTED] writes: So, for him to go to 2.2, and get the upgrades that he wants, he needs to reinstall. He has no problem with this, and I've recommend Debian, but no matter how stable the frozen version is, it IS STILL frozen, and not the officially released version, so he's not comfortable switching to it. Upgrading from slink to potato is a breeze. Besides potato is rumored to become stable in August. I've been running and updating potato regularly for about a year without any major trouble. I guess the biggest hickup was caused by updating to emacs20-20.7. It screwed my gnus setup, but installing the seperately packaged gnus package fixed everything. Note, these ripples were caused by changes within potato and had nothing to do with upgrading from slink. Has he ever tried a RedHat x.0 release? From what I heard these are as buggy as, likely even buggier than, Debian's frozen releases. It is just what an organization is prepared to call an official release. So that leaves him with RedHat, since he understands it. Sounds like he doesn't want to (or can't) put in some effort. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
cleaning up lost+found
Debians, I goofed up a little while ago and connected two SCSI devices with the same ID. I've cleaned up the mess, but now I have a number of files in /home/lost+found that I can't seems to remove. Not even as root! Typical output of ls -l on that directory looks like: b--swx1 494395209 172, 30 Jan 21 1978 #53340 brws-wxr--1 24240453 38, 90 Jul 7 1924 #53353 b--s---r-x1 110012127 185, 124 Jun 12 1945 #53354 s-ws--s-wx1 59857233924294967295 Mar 22 1991 #53364 c-w--w1 5551835812 72, 84 Jan 2 1970 #53375 c--Srwxr--1 4273961328117, 78 Oct 1 1922 #53402 s-wSrws--t1 2688 553694294967295 Nov 26 1973 #53422 c-x-w-1 1539229539115, 99 Sep 10 2028 #53443 br-Sr-Sr-x1 143738224 116, 104 Feb 11 1995 #53445 c---r-1 2489227504 32, 102 Aug 26 2027 #53448 c-x-w-1 1539229539115, 99 Sep 10 2028 #53475 c--xrwS---1 9285 9533 36, 87 Apr 8 1989 #53479 Totally weird, that is. I've moved the original and created a new lost+found with the same owner.group and permissions as the original but would like to get rid of the gunk above. Any ideas how? I've tried chown'ing and chmod'ing, but all I get is chown: filename: Operation not permitted Trying to rm -rf gives rm: cannot unlink `filename': Operation not permitted TIA, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: cleaning up lost+found
Petr [Dingo] Dvorak [EMAIL PROTECTED] writes: On Wed, 26 Jul 2000, Lehel Bernadt wrote: LB On 26-Jul-2000 Olaf Meeuwissen wrote: -- snip -- OM in /home/lost+found that I can't seems to remove. Not even as root! -- snip -- LB They probably have the immutable attribute set. Remove it with chattr. I have the same problem, mine happened after the machine got nudged by power outage: cr-Srw-r--1 2540229706115, 58 Oct 9 1999 fontsmpl.sty i tried to use chattr to change the attributes: warlord.root /lost+found/bad_device # chattr -c -S fontsmpl.sty chattr: No such device while reading flags on fontsmpl.sty but no such luck, i tried about every destructive command i can think of, but this thing is impervious to everything what i throw on it :) Same thing here. Actually, I get some other reponses as well. chattr: Inappropriate ioctl for device while reading flags on filename chattr: Invalid argument while reading flags on other_filename chattr: No such device while reading flags on yet_another_filename The total number of messages equals the total number of files I try it on, so there are no files that cause multiple messages. I've looked for a pattern in the file permissions of the files associated with the same error message, but if there is one I didn't see it. If someone has any clues I'd like to know. If necessary I can mail whatever extra info you think you need. TIA, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Just one package from woody with apt-get?
Matthew Dalton [EMAIL PROTECTED] writes: montefin wrote: Ross, 1.) Actually, I do an 'apt-get update' _and_ a 'dselect update' beforehand. There is no need to do both. If you are using the apt-get method in dselect, they both do the same thing. 2.) After apt-get has installed the woody package, I recomment the woody lines in sources.list. 3.) Then, I do another 'apt-get update' _and_ another 'dselect update'. There is probably no need to do either of these. You already have the package lists from your usual archive. I think step 3.) is necessary. It'll rebuild the caches that apt-get and dselect use to contain the potato info. If you don't the caches, the caches will still have the woody info. Your next apt-get upgrade or dist-upgrade will then put you on woody. Of course, if you use the apt-get method in dselect, you only have to run `dselect update`. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Search in dselect
Preben Randhol [EMAIL PROTECTED] writes: Is it possible to also search the description of the packages in dselect. I mean the description to the right of the package name? Look into dpkg-awk and grep-dctrl. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Tape backup software?
Krzys Majewski [EMAIL PROTECTED] writes: Tar! -chris On Mon, 24 Jul 2000, Kelly Corbin wrote: Has anyone had much experience w/ tape backup in Linux? I am looking for tape backup software and was wondering if anyone knew which was the best. Any input would be appreciated. It would be for an ATAPI tape backup drive. THANKS! With Linux the device doesn't really matter in most cases, so your question boils down to what is a good backup solution. The answer depends on the situation (as always ;-). I'm using tob with afio to backup my users (all ten or so of them). Wrote some simple scripts for monthly full, weekly differential and daily incremental backups and things work just fine. The archives are written to external HD right now, but I may change to CD-RW or MO disk. You may also want to look at dump, taper, kbackup, afbackup and/or amanda. The latter two seemed a bit overkill in my situation. Hope this helps, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [Q] virus susceptibility data
William T Wilson [EMAIL PROTECTED] writes: On 18 Jul 2000, Olaf Meeuwissen wrote: I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. There are no anti-virus programs because there are no viruses. The followup by Phil Brutsche says otherwise. There are a variety of security holes that crop up from time to time, but Windows is far worse. No need to convince me. Why do you think I use Debian? If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include This shows a remarkable lack of cluefulness on the part of your network staff. I wish you luck, but they appear to be so stupid that you will probably not have much success. I wouldn't call the network folks stupid, but the managers are another matter completely. Not saying they are, though ;-) Thanks for your reply anyway. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [Q] virus susceptibility data
Phil Brutsche [EMAIL PROTECTED] writes: A long time ago, in a galaxy far, far way, someone said... Dear Debians, I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include sending email like this to the list. Gack! It sounds like they're trying to give you an excuse to make life easier for Microsoft administrators by getting rid of Linux. Don't think so. I'm administering the Debian boxes myself. It seems their prime concern (for the moment?) is anti-virus software. A system that runs any version of Windows 95 or better (is there? ;-) and has Norton Anti-Virus installed and running at least once a month is okay with them. The fact is that viruses are almost unheard of on Linux. I've only heard of 2 Linux-specific viruses in the last 3 years; neither has been seen since 1997. Do you have any pointers? There are antivirus programs that run under Linux - McAfee (now Network Associates) makes one, for example. However, due to the lack of Linux/UNIX viruses, these anti-virus programs are meant to be run on servers - mail servers, file servers, or anything else that has to interact with Windows PCs. Thanks for this pointer. I'll look into it. The biggest problem relating to viruses on Linux is running untrusted scripts on your machine, just like on Windows. However, there is one very important differece between Linux and Windows in this regard: unlike Windows email programs, Linux email programs *do not* execute programs recieved as attachments automatically - you need to 1) save the program to disk and 2) manually execute it before any damage can be done. And then they only run under the user id and with the permissions you set. Thanks for your reply, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: [Q] virus susceptibility data
Olaf Meeuwissen [EMAIL PROTECTED] writes: Dear Debians, I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include sending email like this to the list. Gack! I'd like to say thanks to all the nice folk that sent replies (on and off the list). I'm looking into some of the suggestions I got and am waiting for the network folks here to get back to me. I think I have a pretty decent chance of staying connected using Debian with all the info I got and the backup of my supervisor, a Mac aficionado :-). He pointed out that it might be more cost and security effective to stop using M$IE and Exchange altogether rather than invest in anti-virus software. I'd personally add Windoze to the list, though ;-). -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
[Q] virus susceptibility data
Dear Debians, I'm looking for any kind of info on vulnerability to viruses on Debian and/or Linux. Pointers to anti-virus programs are also very welcome. If I can't convince some people here at work, I'm about to be told to disconnect from the net or use (heaven forbid!) Windows for any kind of internet activity beyond our firewall. And that seems to include sending email like this to the list. Gack! Thanks in advance, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Offering external services, rlogins, smtp etc: how does it work?
Mark Phillips [EMAIL PROTECTED] writes: Andrew Sullivan [EMAIL PROTECTED] wrote: Aaarrgh! Not the dreaded r-services! Don't allow them. Shut them off. They are evil, and a great source of amusement to all crackers. Use ssh, or telnet, if you must (although that's just as risky). Now you say to use ssh or telnet, but then say this is just as risky! Why not use rlogin if it is no more risky than the alternatives? I think Andrew was only referring to telnet. It sends your password in clear text over the net. The point is that I need to offer the functionality of rlogin. When I am elsewhere and I want to do a remote login to my machine, then I need rlogin or some equivalent. If rlogin is currently insecure, why don't people make it secure? What makes it so hard? I'm not sure, but think the main insecurity of rlogin (and sisters) is that these send everything in clear text. Depending on your situation this may be a security risk. Any known security holes should be fixed in the deb. Holes and risks are not quite the same, I guess. If you need rlogin functionality, install ssh and slogin, scp or ssh instead of rlogin, rcp and rsh. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Problems installing Netscape
Bruce Sass [EMAIL PROTECTED] writes: On 29 Jun 2000, Gary Hennigan wrote: Nitebirdz [EMAIL PROTECTED] writes: Just one more little question, since I'm new to Debian. How can I notice which packages are virtual and which other are not? Hmm. There are very few virtual packages. That's the only one I've Everything listed when you do grep Provides: /var/lib/dpkg/status is a virtual package (some just happen to have the same name as real packages, or so it could be argued ;). Just to add my 2 yen. The original article was about installing netscape4 on slink (Debian 2.1). At that time, you could not distribute binaries of netscape, so the Debian maintainer provided an installer package. For these, you typically have to get the source or binary from the original site and the installer package will then install it conforming Debian policy and do whatever other Debian packages do (track dependencies, set up configuration files, etc.). This is not the same as a virtual package. A virtual package provides functionality that can be satisfied by several real packages. As a matter of fact, netscape provides the virtual package www-browser, but it is not the only one that does. Others that come to mind are: lynx, emacs20, mozilla, w3m, arena, gzilla, chimera2 and links. Note that there is no package called www-browser. Virtual packages need no special handling, dpkg (or dselect, apt-get) will take care of things. Installer packages are usually in non-free (and maybe in contrib). Hope that helps, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: safe to use woody packages in potato?
Ian Zimmerman [EMAIL PROTECTED] writes: John == John Anthony Kazos [EMAIL PROTECTED] writes: John If so, I still need to know the answer to my previous question: John Will system files, like /etc/{fstab,profile}, be overwritten, John possibly irrevocably, by the upgrade process? The documentation John on the site is nonexistant. Files that can be manually edited per debian policy will not be replaced without warning, I believe. But I haven't done this myself, yet, so you want a 2nd opinion. Upgrading will not overwrite modified files in /etc unless you say so. The original configuration files will be silently replaced or removed if no longer needed. This barring any goofs by the maintainer, of course. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Setting up read-write access for local CVS
Preben Randhol [EMAIL PROTECTED] writes: I have installed cvs on my machine and want to use it so that I as a user can check in and out files. When I as a user ran: cvs import -m Created directory structure Ada95/Touch obliord start I got: cvs import: Sorry, you don't have read/write access to the history file cvs [import aborted]: /var/cvs/CVSROOT/history: Ikke tilgang (Ikke tilgang = No access) This was of course not surprisingly. My question is how do one setup cvs so that one gets read write access? Should one: 1. Create a cvs group and give this group ownership with r/w to the repository and add users to this group? 2. Use the setuid bit on cvs? 3. Other solution (which?) I'd say 3. The history file needs to be world writeable for even such a simple thing as checking out files of the repository (basically just read access of the repository). If you don't want history logging you can just remove the file (as root). I don't know what your set up is like, but if you are only interested in a personal repository, that is you are the only user, you could put the repository in $HOME and be done with any an all permission hassle. In our group I've set things up so that every CVS module is owned by a (different) group and folks that need to commit code are made members of that group. The history file is world writeable, for now. Just for reference a little bit of our /pub/cvs: drwxrwxr-x4 root cvsadmin 4096 Jun 9 14:31 CVSROOT drwxrwsr-x4 root calendar 4096 Jun 15 08:30 calendar drwxrwsr-x2 root r-and-d 4096 May 31 08:50 cvs-sample Hope this helps, -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: package versions in dselect, and Release file
-- Byns Zrrhjvffra Rcfba Xbjn Pbecbengvba, Erfrnepu naq Qrirybczrag
Re: package versions in dselect, and Release file
Ian Zimmerman [EMAIL PROTECTED] writes: What are the packaging frontends (dselect in particular) supposed to do when 2 sources from sources.list provide different version numbers of the same package? Don't know for sure, but based on experience I'd say they use the latest (and greates?) version. I have a potato system, but I downloaded a couple of upgraded packages from woody and placed them in a local mirror directory. I generated the Packages files with dpkg-scanpackages. That went fine, so I added a deb file: line for the local mirror to sources.list and run dselect. In the Select phase I could see the newer versions as available. I selected them. But the Install phase ignored my local mirror, tried to download the updates from the potato archive, and failed. Make sure your local archive is mentioned before the rest. I maintain a local mirror but it is usually lagging a bit behind (especially with unstable). If your sources.list says something like: deb file:/pub/debian unstable main deb http://ftp.debian.org/debian unstable main your packaging frontends should use the latest version and apt-get will look in the local mirror first and only contact the official archive if it can't find the version the frontend is looking for. I noted while dselect was hitting the sources it said something like deb file:/foo/bar Release Ignored Of course, I don't have a Release file in the mirror directory. Is that necessary for it to be recognized as a worthy source? If so, how do I generate one; dpkg-scanpackages doesn't. Or is there something else wrong with what I'm trying? You don't need a Release file in your mirror, but if you want to shut up apt a bit just look in /var/state/apt/lists/ and copy the relevant Release file to your local mirror. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Debian i386 mirror
Gary Hennigan [EMAIL PROTECTED] writes: I only mirror the 386 portions of potato, US and non-US, and my archive is about 2G. I guess you don't do the sources then. I had a major problem setting up a potato mirror using any type of ftp-mirroring utility (like mirror). When I first started there were a lot of links in potato to slink and the ftp server on most of the debian mirror sites refused to flatten these symbolic links. If I had continued trying to use mirror I would've had to copy both potato and slink, both binary-all and binary-i386, in order to have a functional mirror. Instead I started using a http mirroring utility. I use w3mir but there are quite a few around that will do the job. The advantage is that there aren't any symbolic links and I can mirror just the binary-i386 directory structure and not worry about. Mirroring both binary-all and binary-i386 is no problem, is it? You now have everything that's in binary-all in binary-i386 anyway. The symlinks to slink might be more of a problem. What are you going to do when you decide you want to mirror woody? In the (unlikely) case you want to add an architecture to your mirror you might want to consider mirroring both binary-all and binary-i386. If your mirroring tool (or proxy!) flattens symlinks for you (even if you really don't want it to), first do binary-all, then create links for each architecture to binary-all and finally mirror architectures you want. The links are easily created with perl like so (please be nice, it's my first perl program :-): #! /usr/bin/perl my($source,$target) = @ARGV; treelink($source,$target); # Duplicates the directory tree starting at $source as $target and # populates $target with symbolic links to all files in the $source # tree. This results in a symlink mirror of the $source in $target. sub treelink { my($source,$target) = @_; (-d $target) || mkdir($target,0755); chdir($target); $source = ../$source; foreach $base ($source/*) { $base =~ s,.*/,,; if (-d $source/$base) { treelink($source/$base,$base); } else { symlink($source/$base,$base); } } chdir(..); } I imagine most, if not all the links from potato to slink are gone now, but if you, for example, wanted to mirror just woody I suspect you'd be in the same situation, ie., having to ftp mirror both woody and potato, with the binary-i386 and binary-all subdirectories. Plus http has it's other advantages like still being easily accessible for those of us behind firewalls. I just wished my http and ftp proxies didn't insist on pretty printing directory listings. All info about symlinks are gone, plus sizes are in kb and times in hh:mm:ss. Apart from all the html yuck, that is! This wrecks havoc with just about any mirroring tool I've looked at. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Kernel Compile on Potato
deja luser [EMAIL PROTECTED] writes: Tonight I installed frozen on a k6-2 system, and am trying to compile a new kernel for it, but make menuconfig fails. I have ncurses installed, and so I should be able to run it Not unless you also install libncurses5-dev. The output says it can't find curses.h which is in that package. Install it and all should be well. # make menuconfig rm -f include/asm ( cd include ; ln -sf asm-i386 asm) make -C scripts/lxdialog all make[1]: Entering directory `/usr/src/kernel-source-2.2.15/scripts/lxdialog' gcc -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -DLOCALE -DCURSES_LOC=curses.h -c -o lxdialog.o lxdialog.c In file included from lxdialog.c:22: dialog.h:29: curses.h: No such file or directory make[1]: *** [lxdialog.o] Error 1 make[1]: Leaving directory `/usr/src/kernel-source-2.2.15/scripts/lxdialog' make: *** [menuconfig] Error 2 -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: files/dirs under /var/www/
Ethan Benson [EMAIL PROTECTED] writes: On Sun, Jun 04, 2000 at 09:43:42PM -0700, Ian Zimmerman wrote: I had this same dilemma and couldn't find anything on it in policy, so I just changed DocumentRoot to /usr/local/share/www. (Web files are mostly static anyway, why under /var?) depends on the site, some sites are indeed modified alot. another place would be /home/www i suppose, that would make quotas a bit more convenient to maintain. probably violates FHS however. Dunno about FHS, but wouldn't /var/local/www be an appropriate place? Note, FHS 2.1 does neither mention /var/www nor /var/local. /var/local is part of the base-files package and no other packages install anything there as of today's potato/Contrib-i386.gz -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: files/dirs under /var/www/
Ethan Benson [EMAIL PROTECTED] writes: On Fri, Jun 02, 2000 at 01:52:10PM +0900, Olaf Meeuwissen wrote: Just a quick question: how (un)safe is it to create your own files and directories below /var/www/? Are there any names taken (besides dwww and index.html)? /var/www should belong to you, i don't think any debian package will clobber anything in there, if they do its a bug. /var/www is set as the document root for apache so its obviously natural for your site to go there and be organized how you see fit. the index.html file should be replaced by your own. Thanks. I thought the same thing, but then noticed dwww in there so I started to wonder. Should I file that as a bug? It's only a symlink to /var/lib/dwww/html though ... just make sure its not owned by www-data.www-data! I did, after reading your comments on the list. Now just about every- thing is owned by root.www-data with 2755/0644 permissions. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: files/dirs under /var/www/
Peter S Galbraith [EMAIL PROTECTED] writes: Olaf Meeuwissen wrote: Just a quick question: how (un)safe is it to create your own files and directories below /var/www/? Are there any names taken (besides dwww and index.html)? Check The Contents files (which you might have on your CD, or get it from a Debian server): $ zgrep var/www Contents-i386.gz | more Mostly very safe. index.html is meant to be replaced, no package owns it (in the sense that it would disppear after removing a package). I did that. Right now it looks quite safe to add directories and files below /var/www, but what if a new package comes along and decides that it needs to install all over the web pages in /var/www/foo? -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Re: Gnus broken by Emacs upgrade!!
Ben Pfaff [EMAIL PROTECTED] writes: Ian Zimmerman [EMAIL PROTECTED] writes: After I did the upgrade today to Emacs 20.6-2, this happens whenever I try to run Gnus: Yes, I got the same thing. A stopgap measure that worked for me was to go into /usr/share/emacs/20.6/lisp/gnus and delete all the .elc files, leaving only the corresponding .el files. Apparently compiling these files triggers a bug. (You will have to make sure you have emacs20-el installed first, of course.) I didn't report this as a bug because I assumed that it was my own problem. But I guess that it's not if others are having the same trouble. Same thing here. I installed gnus to work around it. The version is different from that of emacs20 and it comes with MIME support which I really like. Now I can read all those Japanese headers, finally! -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development