screen blank watching Netflix
Until recently I could watch Netflix with Chrome on Debian/Testing with no problems. Some recent update (maybe of Chrome, maybe of Debian) broke this, now the screen blanker will enable during play. I don't know which update as I have a long screen lock time (the laptop for Netflix isn't used for anything important and is in a secure location) and I don't often watch it for long enough without pausing to have it blank. I considered setting a blank time of 1 hour (longer than an episode of a Netflix show) as a work around. I'm running KDE with sddm for logging in and the login session often runs nothing other than Chrome. Any suggestions on where I could start looking for the cause of this? -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/
spamassassin and detailed logs
spamd: result: . 1 - DKIM_ADSP_DISCARD,SPF_PASS,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY Currently I'm getting log entries like the above from SpamAssassin. spamd: result: . 1 - DKIM_ADSP_DISCARD=1,SPF_PASS=-1,T_RP_MATCHES_RCVD=1,UNPARSEABLE_RELAY=0 I want to see something like the above with numbers for each test so I can easily determine why the total was determined. I know that I can search through the SA configuration for each test, but this is time consuming and has the problem that the SA configuration might not do what I want. add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTSSCORES_ autolearn=_AUTOLEARN_ version=_VERSION_ According to the below URL adding the above to local.cf should give the result I want. But on Debian/Wheezy it doesn't. Can anyone give me a pointer? http://mail-archives.apache.org/mod_mbox/spamassassin- users/200703.mbox/%3c20070304222615.d13...@duane.dbq.yournetplus.com%3E Thanks. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304151713.18283.russ...@coker.com.au
Re: spamassassin and detailed logs
Bob Proulx b...@proulx.com wrote: How about piping the email through: | spamassassin -d -t -D 21 | less That will produce a summary at the bottom with the points from each rule that fired. Is that good enough? Thanks for the suggestion, however there are several problems with this. Firstly I often don't have access to the message in question (the user reports someone tried to send me email this morning and it failed). Next some SpamAssassin tests use data from the Internet (DNSBLs etc) and thus can give different results when run at different times. Finally what I want is something really quick and easy, just grep the logs and see where the problem was. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304152100.30546.russ...@coker.com.au
Re: Re (2): lilo removal in squeeze (or, please test grub2)
On Wed, 26 May 2010, Stephen Powell zlinux...@wowway.com wrote: You're missing the point. The main selling point to management is that Linux is free. If they have to buy new backup software in order to accommodate Linux' backup requirements, that will kill it on the spot. Whatever boot loader I use must not require new backup software or impose special backup requirements. One of the advantages of Linux is that you are not forced to do things the way that the distribution vendor packages it. You can take the last lilo package that gets uploaded, build it and put it in your own apt repository, and then support it for your own users. -- russ...@coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201006052230.21682.russ...@coker.com.au
Re: The purchase of a new laptop on debian
On Wed, 2 Dec 2009, Daniel Dalton d.dal...@iinet.net.au wrote: I'm looking to buy a knew laptop. I have been recommended by a few people to look at the Lenovo thinkpad X 200 and t 400/500. What are your thoughts on these systems? What is positive, what is negative? I've been happily using Debian on Thinkpads for just over 11 years now. What other brands should I consider Dell and HP don't seem to be as powerful as these Lenovos, but maybe I'm wrong. What should I consider with good linux support (debian)? I'm looking at a 12.1 inch system, but am also happy to buy a 14 inch. I will need something with dual core 2ghz+ cpu and 2 gb+ ram. I also may run virtual machines too. Nowadays the vast majority of hardware just works. The biggest issues seems to be in Wireless and high-end video support. Video is the main thing to worry about as you can always use a USB Wireless device while waiting for the built-in hardware to be supported. Don't get a Dell unless you like a really shiny screen. -- russ...@coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Limiting User Commands
On Wednesday 10 November 2004 21:49, Ben Hutchings [EMAIL PROTECTED] wrote: I feel the need to learn something new today. How could the user replace the root owned files in a directory that they own? By renaming or unlinking them. Linux treats this as an operation on the directory, not the file, so it's controlled by the directory's permissions. SE Linux has finer grained access control. So you can allow a user to have write access to their home directory but give ~/.bashrc etc a different type that permits only read, getattr, and execute access (but not write, append, unlink, link, rename, setattr, lock, ioctl, or create). I periodically run SE Linux play machines setup in this manner. I have some files in the root user's home directory that they can only read and execute, some that they can read and append to, and the default is for full access to files in the home directory. I'll have my play machine back online soon, see my web page for the details. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Which Spam Block List to use for a network?
On Tue, 22 Jun 2004 16:13, Craig Sanders [EMAIL PROTECTED] wrote: reject other dyn/dialups - they should use their own ISP or mail server. I second this. A user has no business making direct connections to mail servers. One thing on my todo list is to use the ODF module of NetFilter to prevent Windows users from connecting to my mail servers when they get viruses. No dial-up list is complete so there are always some Windows users who are accidentally allowed to connect. The URL is below: http://www.netfilter.org/patch-o-matic/pom-base.html#pom-base-osf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Which Spam Block List to use for a network?
On Tue, 22 Jun 2004 18:41, Adam Funk [EMAIL PROTECTED] wrote: On Tuesday 22 June 2004 09:11, Russell Coker wrote: A user has no business making direct connections to mail servers. Maybe in your area you can get a residential ISP whose mailrouters are always reliable. Where I live there is one cable modem provider with no competition; its mailrouters usually work but do not always warn you in good time that mail is queued. So find someone else who can relay mail for you. In the past when such things have been discussed people have made offers of a free mail relay service for Debian people. This is a smarter way to do it. Wouldn't you admit that the problem is not from MTAs on dynamic IP addresses, but rather from infected Windows machines on dynamic IP addresses? MTAs on dynamic addresses is an entirely different problem. At one ISP I worked for we had a problem of people installing mail servers on their PCs as open relays. It was decided not to block port 25 inbound, so I planned a scheme where the outbound mail relay would attempt a port 25 connection to the workstation before accepting mail from it. If the port 25 connection succeeded then the mail would be rejected... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Which Spam Block List to use for a network?
On Sat, 19 Jun 2004 00:29, Francisco Borges [EMAIL PROTECTED] wrote: SpamCop works fine for my own email, where most people are whitelisted, but is said [1] not to be suitable for a production environment and what we have here is precisely that... I know of some ISPs that use SpamCop. It generally works well and has good proceedures for removing bogus entries. I have had my mail server using the SpamCop DNSBL for years and had hardly any problems of legit mail being rejected. Below is my Postfix configuration line for anti-spam systems. SpamCop is first because it gets the highest hit rate and the majority of spams get discarded from it before even having to query other servers (should be good for you as you mention having an over-loaded server). The DNSBL entries below are roughly in order of hit rate - the last few entries catch hardly any spam due to duplicate entries with other lists. By far the most false-positive entries I have had are from postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org. The postmaster list gets hotmail.com (and many others), and the abuse list gets yahoo.com (with many more others). I was forced to remove the abuse list from my configuration as it got so many hits on non-spam email, and the postmaster list is a border-line case. smtpd_client_restrictions = permit_mynetworks, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_client dsn.rfc-ignorant.org, reject_rhsbl_client postmaster.rfc-ignorant.org -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Which Spam Block List to use for a network?
On Sat, 19 Jun 2004 18:04, Adam Funk [EMAIL PROTECTED] wrote: On Saturday 19 June 2004 07:50, Russell Coker wrote: By far the most false-positive entries I have had are from postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org. The That's because rfc-ignorant.org's lists aren't about spamming. They are about domains that fail to conform to certain RFCs. (Although I disagree with their listing of *.uk on the grounds that the UK registry allows people to withhold their private contact details from whois.) They also list all of Australia for the same reason as listing the UK. It seems that whois is not worth much any more. There is a correlation between lack of support for [EMAIL PROTECTED] and [EMAIL PROTECTED] and the domain being a rogue domain used for spam. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SE/Linux] status / progress report 13jun2004
On Mon, 14 Jun 2004 03:01, Christoph Hellwig [EMAIL PROTECTED] wrote: On Sun, Jun 13, 2004 at 03:36:48PM +, Luke Kenneth Casson Leighton wrote: * debian kernels need to be available compiled with se/linux security enabled (and boot-time optional) by default. this results in a 2% performance hit (wow big deal) when se/linux is not enabled at boot time. Gentoo, SuSE and Fedora all accept this 2%. It's actually disabled again (compiled in but disabled) in SuSE because the performance hit was much much worse. And I remember benchmark numbers where the lsm hooks alone decreased the SpecWeb numbers on ia64 by more than 10%. I'd vote strongy against enabling LSM in the Debian kernel images. In other distributions more features are enabled by default to reduce the support costs (people will install the wrong kernel package and file bug reports). In Debian choices are offered for everything, there are several mail servers, several POP servers, having several builds for the kernel is not a big deal. Currently there has not been a large demand for SMP SE Linux kernels. So adding a new kernel binary package that's the same as the default one for the most common CPU but with SE Linux enabled should be easy enough to do. 1-386 1-586tsc 1-686 1-686-smp 1-k6 1-k7 1-k7-smp speakup alpha amiga arm atari bvme6000 hppa i386 ia64 mac mvme147 mvme16x q40 s390 From a quick grep of the packages list the above seems to be the list of supported Debian kernel binary packages. Adding a 686-selinux package and compelling anyone who wants SE Linux on anything other than a 686 single-CPU machine to compile their own kernel should make most people reasonably happy. Athlon's generally run i686 code well. The architectures listed are for 2.4.x kernels - not all architectures support 2.6.x yet. I suggest that Debian not provide any binaries to support 2.4.x SE Linux kernels, it's just too much work to keep them maintained. I have been thinking of requesting that my package kernel-patch-2.4-lsm be removed from Debian as it usually takes more than a month for me to catch up with a new kernel.org release. I don't have the time to build such kernel binaries though, so someone else will have to volunteer. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: why must Debian call Taiwan a Province of China?
On Wed, 7 Apr 2004 10:05, Erik Steffl [EMAIL PROTECTED] wrote: and while we're at it - netherlands is really holland. No, it's not, actually. Holland is only part of the Netherlands. well, yes. but: in slovakia the name for the country is holandsko (slovak spelling for holland). maybe it insults some people in netherlands but that's how it is. so for me it makes perfect sense to call that country holland, I didn't even knew it's called netherlands until I learned english... People from the Netherlands (spelt Nederland in the local language) who incidentally are referred to as Dutch in all English speaking countries generally don't tend to get offended by such things. North Holland (Noord Holland) and South Holland (Zuid Holland) are two provinces of the Netherlands, the people in those provinces tend to not mind the entire country being mis-named, while people who live in other provinces are more interested in correcting it. Below is a URL containing a map of the provinces of the Netherlands, it was the first result that google returned... http://www.coffeeshop.freeuk.com/General/Provinces.html Nederland means low land. The Slovak term for low land would be another possible name for the country. I am sure that is not the only example where the name of the country is confused or country has completely different names in different languages. In the case of an installer or any other software which offers a selection of languages the right thing to do is to display every name in it's local form. So refer to Germany as Deutschland, South Africa as Zuid Africa, etc. When someone is installing software you can assume that they know the local form of their country's name and the representation of their language's name in that language, they can not be expected to know other forms. I expect that most people here don't know what language Anglais is, or what country is referred to as VS. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
LCD monitors
I have just bought a Mitsubishi DV172 monitor. It does 1280x1024 and is a 17 inch monitor. It is extremely picky about the settings that it will accept and totally screws up the display if you use frequencies it does not like. Below are frame-buffer settings that work well with it. Also if you auto-detect the frequency when at a console it will look bad, you have to have suitable things on screen when you instruct the monitor to detect the frequency if you want best results. I found that displaying the Melbourne TV guide in Mozilla while detecting the frequency gave a good result (but probably anything that has lots of vertical lines and fills the screen with color will do). # 1280x1024-74 mode 1280x1024 # D: 135.080 MHz, H: 79.366 kHz, V: 74.452 Hz geometry 1280 1024 1280 1024 16 timings 7403 200 12 16 4 210 22 accel true rgba 5/11,6/5,5/0,0/0 endmode -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Help] How to use iostat or other command to monitor Software RAID I/O ????
On Thu, 10 Jul 2003 11:18, axacheng wrote: Hello lists : Does anyone knows , How to monitor Software RAID disk I/O i have a Software RAID5 device named /dev/md0 , i've tried to use iostat to monitor /dev/md0 I/O status ... /proc/partitions does not have any counts for software RAID, so you can't monitor the RAID itself. It does have counts for the block devices that comprise a software RAID so it would not be THAT difficult to write an iostat type program that can read /proc/mdstat to determine which devices comprise a software RAID and then monitors their stats in /proc/partitions and uses some addition to determine the total for the software RAID device. The CPU overhead of incrementing counters is negligible, there's no reason why the counts for software RAID could not be displayed in /proc/partitions, I think that this is a minor bug in the software RAID code. If someone posts a patch to fix it to the linux-kernel list then it should have some chance of being accepted. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SE Linux vs. RSBAC (was Re: have I been rooted?)
As this issue is of wider interest I'll BCC you and reply to the debian-user list. On Fri, 21 Mar 2003 23:48, you wrote: On March 21, 2003 05:27 am, Russell Coker wrote: If you install SE Linux then you get much better control over your system. When Apache can't even see other processes or write to /tmp it makes such exploits much more difficult. Are you still maintaining the SE Linux packages, is it possible to install an SE Linux Woody system? I am maintaining packages for Debian/Unstable, Brian is maintaining packages for Woody. At the sourceforge web site go to the Docs link and the first document explains how to install SE Linux on Debian. http://sourceforge.net/projects/selinux/ Have you heard of the Trusted Debian project (http://www.trusteddebian.org/) and RSBAC? If you have compared them, I'd be interested in your comments. The Trusted Debian project is based on RSBAC which is not as widely supported as SE Linux. Also it is based around the idea of re-packaging all Debian software which is a huge amount of work. I currently maintain 21 Debian packages for SE Linux which is more than enough work, maintaining a fork of all the base packages would be a huge amount of work. I doubt that the Trusted Debian people will be able to keep up with the range of packages that you will want to use. Also there seems to be no information on who makes this Trusted Debian. The mailing list archives are broken links and there is no public information on who is behind the project. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SE Linux vs. RSBAC (was Re: have I been rooted?)
On Sun, 23 Mar 2003 00:28, Fraser Campbell wrote: The Trusted Debian project is based on RSBAC which is not as widely supported as SE Linux. Also it is based around the idea of re-packaging all Debian software which is a huge amount of work. I currently maintain 21 Debian packages for SE Linux which is more than enough work, maintaining a fork of all the base packages would be a huge amount of work. Hmmm, that's almost the opposite of what they say (see http://www.trusteddebian.org/rsbac.html): - SE-Linux makes extensive changes to existing Linux tools, possibly leading to a horrible versioning mess and delays in security updates That is incorrect and misleading. SE Linux itself is a kernel patch and a set of tools for compiling and loading policy files, setting and displaying the types of files, and displaying the domains of running processes. SE Linux does not require patched applications, but the default policy does require it. You could run SE Linux with a different policy that does not require such patches, but it would be less secure. - RSBAC does not need any changes to existing tools, although it could benefit from such changes. If I spent a couple of days writing a policy for SE Linux to not require patched applications then the same could be said about it (however SE Linux already has a good set of patches for applications and the item you quoted about suggests that RSBAC doesn't have the patches written yet). Still I don't agree with most of their statements ... RSBAC may be a great project, and I hope that it works out, but I am more inclined to trust code that was developed at the NSA and audited by many developers than a project I have only just heard about, a project which may have only a single developer (or at least a pretty quiet mailing list). Yes. SE Linux is being actively worked on by IBM researchers, input comes from SGI people, there are a number of private companies involved in security work contributing, and many others. Also hypothetically speaking, if the NSA wanted to put a back-door in the Linux kernel, would they do it in code that has their name on it instead of anonymously putting in dodgey code for device drivers? -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security
On Sun, 9 Feb 2003 21:12, Jeffrey Taylor wrote: It has been possible since BIND 8.x to run it non-root. I did it on my main machine (non-Debian). It took a little fiddling with permissions and ownership so it could read write the configuration and zone files. Figure an hour to get it to work. I should invest another hour to improve the solution. I now think it can be done more securely. I've been running BIND non-root for many years, I think I even had 4.x running non-root. I used the authbind package to allow binding to port 53 as non-root and needed a few modifications to /etc/init.d/bind and some permissions of some files. It wasn't too difficult. Bind9 manages it's own security by dropping capabilities and does not work with authbind. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Evolution/Courier-IMAP acting strange
On Sun, 29 Dec 2002 22:30, Justin Ryan wrote: On Sun, 2002-12-29 at 15:16, Thomas Lamy wrote: just a quick guess, but maybe Evolution tries to open too many parallel imap connections. The courier default is max 4 connections per IP, you can change this is /etc/courier/imapd (parameter name is MAXPERIP) This seems possible, but if I shut down and re-open Evolution, it doesn't fix the problem - I have to unsubscribe from all folders, remove the account, and re-add it. Is there a way to monitor the currently active IMAP connections? From Evolution's behavior, it doesn't seem as if it has simultaneous IMAP connections - it won't view a folder until it has 'stored' the previously viewed folder.. If you think it's an issue of open IMAP connections then netstat -tn | grep 143 should give you a good indication... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: umount Dead NFS Directory
On Wed, 6 Nov 2002 15:25, axacheng wrote: Yes. It is a script that detect the status on the client. The script uses fping first, then showmount, to detect either network or NFS service is down. If unfortunately something happens, the script will try to clean my /var/www using lsof, and then try to umount it. But I never tried to stop apache. Maybe I can give it a try. If I directly ifdown eth0 after the network or NFS service failure, and ifup eth0 after things are done, the problem seems solved. But I think this is not good since if ifup eth0 fail, I cannot handle it remotely. I have had situations where ifconfig eth0 down wouldn't do the job and I had to assign the IP address of the NFS server to the loopback device to get it to umount. I'm not sure whether the latest NFS code changes this as I haven't used NFS on laptops for a while... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Fwd: bits about SE Linux
Brian May has taken over woody back-ports of SE Linux code, this is good as I can concentrate on Sarge now. Brian has an apt repository for SE Linux packages on woody: deb http://www.microcomaustralia.com.au/debian/ stable selinux My repository for SE Linux packages on unstable is: deb http://www.coker.com.au/selinux/ ./ The reason I have a separate repository is that I am producing SE patched versions of dpkg, login, cron, ssh, logrotate, and coreutils which I can't upload to unstable. The main packages selinux, selinux-policy, and kernel-patch-2.?-lsm are in unstable. I'll probably be personally running 5 SE Linux server machines in live production environments in 4 sites in two countries by the end of the week. The tutorial at Linux Kongress didn't go as well as I had hoped, but the audience seemed reasonably happy anyway. At that session I found a number of bugs which are now fixed (including one security bug), so the testing did a lot of good. I am thinking about where to hold the next tutorial or training session on SE Debian. I wonder if there's demand for commercial training sessions yet... For those of you who were silly enough to believe the FUD, one of the NSA employees on the SE Linux project worked until after 11PM last night (according to date stamps and time zone info in his email headers) merging some policy patches from me and other people into his CVS tree. If the NSA was going to drop support for SE Linux then I'm sure he'd have found something more exciting to do on a Friday night than merge patches into CVS... -- There is no point PGP/GPG signing an email unless the signature can be verified. If you post to a list then don't sign the message unless your key is available on public key servers and has been signed by someone who is in the web of trust, otherwise you just waste bandwidth and CPU. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Need witnesses
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 17 Sep 2002 04:15, Bruce Perens wrote: Folks, Please download http://www.softwarechoice.org/download_files/Maccrisken.Letter.doc . Please be prepared to stand as witnesses when I expose some odd things in the file . If you run strings on the file, at the end are a few names that are not meant to be visible in the file. They are names, probably of other participants in the creation of the document - two people and an organization. I need witnesses that those contents were on their site and were not something I made up. rjc@lyta:~/Desktop$ md5sum Maccrisken.Letter.doc cc13acf991915d89c89438a9e4c1709a Maccrisken.Letter.doc rjc@lyta:~/Desktop$ strings Maccrisken.Letter.doc |tail Normal.dot Michael Wendy Microsoft Word 9.0 Milken Institute To the Editor: Title _PID_HLINKS Microsoft Word Document MSWordDoc Word.Document.8 rjc@lyta:~/Desktop$ Russell Coker -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9hvmPwrB5/PXHUlYRAvt2AJ4xtVVM/OAK5HFWa4qpH3lAp8H3OACgr27t Uw8/nETzyCA04gvd7cj6ZR4= =OsF1 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: lilo-22.3.2-3 trashed my SCSI disk
On Wed, 4 Sep 2002 10:11, Svante Signell wrote: A reinstall of Woody showed that it can only boot from the MBR partition, not the root partition, i.e. boot=/dev/sda, works! boot=/dev/sda1, does not work! Strange, /dev/hda1 in the form of /dev/md1 works for me. As seen from the original posting, the boot sector information was boot=/dev/sda1 root=/dev/sda1 and it did work before, but not after the crash. Explanation? When running lilo before and after the same information is displayed: Reading boot sector from /dev/sda1 After the crash (with 22.3.3-2): Reading boot sector from /dev/sda Using MENU secondary loader Calling map_insert_data Can someone explain (or give a pointer to) the different behaviour of writing to the MBR vs the root partition? If you write to the root partition then you need another loader (such as debian-mbr) to be loaded by the BIOS and then load LILO. If you put LILO in the MBR then the BIOS calls LILO directly. This makes some minor changes but should not be anything you would notice. What has changed for newer versions of lilo? I have been running Debian stable/testing/unstable for several years now without any problems before. 22.3 was one of the biggest changes to LILO in recent times that did have potential to cause breakage. The versions after that were minor changes. The version upgrade was from 22.3.2-1 to 22.3.2-3. The main difference is the removal of the /boot/boot.b link. Which was not used in 22.3.2-1 anyway... Note also that I have a dual disk system, SCSI and IDE, therefore the disk=, bios= statements in lilo.conf. The disk partitioning tools, such as cfdisk requires both the SCSI disk and the IDE disk to have at least one partition with the boot flag set. Is this really necessary? No. You don't really need any boot flags to be set. Then why can't I write the partiton table in cfdisk without setting the boot flag on one of the partitions of the IDE disk? That's a deficiency in cfdisk. When I say you don't need a boot flag to be set I mean that you can have a fully functional system that boots and runs perfectly without such flags, regardless of the ability of your fdisk program to deliver such a setup. I use fdisk not cfdisk and it allows such a setup with no problems. -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Debian on Cobalt Qube
Some time ago people were asking about Debian on the Sun/Cobalt Qube. I have just uploaded a new package to unstable - kernel-patch-2.4-cobalt, this is a patch for kernels 2.4.16 and 2.4.18 for the Cobalt hardware. The 2.4.16 patch is the same as that which ships with 2.4.x Qube's (known as 2.4.16C10), but without XFS, kdb, and kgdb. The 2.4.18 patch is the same ported forward to 2.4.18 and with a ngroups patch removed because it conflicts with LSM. The 2.4.18 patch has had one Oops in 2 days, which I believe to be SE Linux related, although the 2.4.16 kernel that Sun ships tends to Oops once or twice a week too... My Qube 3 is now working fully under Debian. All I had to do was change inittab to put a getty on the serial port and none on /dev/tty? devices. The installation proceedure was to use scp to transfer a tar file containing a Debian archive, and then copy it onto a new partition. The Qube can't select different kernels to boot (only different partitions) so you want to have at least two partitions having copies of Linux installed. The kernel patch package I produced hacks the arch/i386/kernel/Makefile to produce a gzip compressed vmlinux file instead of a regular bzImage. This is because the Qube BIOS is unable to load a bzImage format kernel. The Qube BIOS loads the kernel from /boot/vmlinux.gz which will generally be a symlink to the kernel you want to boot. NB AFAIK Sun has never shipped a Qube or RaQ BIOS that is capable of booting 2.4.x and 2.2.x kernels! So if you currently have a Qube or RaQ running 2.2.x then you can't use my kernel patch. I would be happy to create a kernel patch package for 2.2.x kernels, but I have no access to the source Sun ships, and no ability to do any testing. If someone wants to supply me the source and do the testing then I'll do the coding... -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian on Cobalt Qube
On Sun, 16 Jun 2002 21:59, Adam Heath wrote: On Sun, 16 Jun 2002, Russell Coker wrote: The kernel patch package I produced hacks the arch/i386/kernel/Makefile to produce a gzip compressed vmlinux file instead of a regular bzImage. This is because the Qube BIOS is unable to load a bzImage format kernel. bzImage is gzip compressed. bzImage just means the zImage can be larger, hence b for bigger. I know that. However a Qube needs a vmlinux file that's compressed by gzip -9 vmlinux which is quite different to a zImage or bzImage file. I changed the relevant makefile so that you can use make-kpkg to generate packages for the Qube. -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Fwd: Devfs /dev permission persistence
Here's a message from the devfs mailing list. Potential problems like this are part of the reason why I don't do such things by default in my devfsd package. I could make it an option to allow such use if there was a serious demand. So far only one person has requested it, this was a German guy at LinuxTag who couldn't understand my English well enough to permit a discussion in the small amount of time I had to spare before dinner (who I hope is reading this list as he hasn't contacted me to discuss it via email as requested). -- Forwarded Message -- Subject: Devfs /dev permission persistence Date: Mon, 10 Jun 2002 11:53:06 -0400 From: Luo, Ling [EMAIL PROTECTED] To: [EMAIL PROTECTED] According to the devfs.readme, I disabled the devfs automount at boot time to enable dev file permission persistence to work( with /dev-state etc, etc). However doing that brought up the Unable to open initial console warning message, it also messed up my serial console output( undecipherable symbols jam the whole screen while rebooting). I tried the proposed solution: a hack to the init program( I have initctl file under /dev before). It didn't change the outcome. Alternatively, I reenabled the automounting devfs at boot time, commented out mount --bind /dev-state /dev in the rc scripts, and left the permission persistence configurations enabled in the devfsd.conf. Everything seem to work fine now: dev file permission persistence is working, Unable to open initial console warning is gone, and my serial console output is back to normal. Since this is different from what was suggested in the readme, just want to make sure this won't have other side effects. Ling --- -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: XFree 4.2.0 - again
On Wed, 17 Apr 2002 14:36, Sean Middleditch wrote: On Wed, 2002-04-17 at 06:47, Russell Coker wrote: I don't know which sub-version of the GeForce cards I'm using, I just got whatever was cheapest at the time (you'd have to be crazy to buy a high-end NVidia card - they release new models every 6 months and the old models then sell for less than half price). Wow. Good point. I feel retarded now. (Sean's wallet is hurting after he replaced one of his old video cards which melted with a Geforce3 Ti 500 at x-mas.) That's another thing. If you buy an older model card in a tiny box with no manuals etc for $150 and it melts you're not going to be nearly as unhappy as if the same thing happens to a high-end $700 card that came with all manuals etc. My observation is that if you buy a new cheap card every year you'll spend less money than if you buy a new expensive card every second year, and on average you'll have better hardware as a new cheap card is usually better than a 1 year old expensive card. When I plopped in the nVidia binary drivers, tho, I sure know it looked great. ^,^ Zangband has never looked so crisp... Zangband? Speaking of the binary drivers, that logo and delay on X startup annoys me. I'd like to get a patch that removes it (yes I know that means a binary patch), if I can find such a patch (or be bothered writing one) then I'll release some unofficial debs that do it. ;) BTW I changed this from debian-devel to debian-user as it has nothing to do with development. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID chunk-size - alternatives
On Fri, 5 Apr 2002 10:27, Anthony DeRobertis wrote: On Tuesday, April 2, 2002, at 06:22 PM, Russell Coker wrote: Another thing, you should have a separate cable for each disk you want to be independant. So for RAID-1 you should have two cables so that a cable failure won't lose your data. For a RAID-5 with 5 disks you want 5 cables. This doesn't apply much for SCSI, at least with sane hardware. IDE, OTOH... Of course. As we all know SCSI cables never break. There must be something about the IDE command-set which causes copper wires to corrode. :-# -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID chunk-size - alternatives
On Fri, 5 Apr 2002 12:25, Anthony DeRobertis wrote: Of course. As we all know SCSI cables never break. There must be something about the IDE command-set which causes copper wires to corrode. :-# (I know this is a joke, but) actually there is. IDE has a wonderful feature of only talking to one device per channel at a time. So if that device just happens to die, guess what happens :-( The same result as SCSI termination problems, which sometimes don't appear until after months of use. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID5 IN DEBIAN
On Wed, 3 Apr 2002 11:45, axacheng wrote: it is very good URL for Linux RAID http://www.linuxdoc.org/HOWTO/Software-RAID-HOWTO-4.html [EMAIL PROTECTED]:/tmp$ dpkg -S Software-RAID | head doc-linux-html: /usr/share/doc/HOWTO/en-html/Software-RAID-0.4x-HOWTO-1.html doc-linux-html: /usr/share/doc/HOWTO/en-html/Software-RAID-0.4x-HOWTO-2.html doc-linux-html: /usr/share/doc/HOWTO/en-html/Software-RAID-0.4x-HOWTO-3.html doc-linux-html: /usr/share/doc/HOWTO/en-html/Software-RAID-0.4x-HOWTO-4.html doc-linux-html: /usr/share/doc/HOWTO/en-html/Software-RAID-0.4x-HOWTO-5.html doc-linux-html: /usr/share/doc/HOWTO/en-html/Software-RAID-0.4x-HOWTO-6.html doc-linux-html: /usr/share/doc/HOWTO/en-html/Software-RAID-0.4x-HOWTO-7.html doc-linux-html: /usr/share/doc/HOWTO/en-html/Software-RAID-0.4x-HOWTO-10.html doc-linux-html: /usr/share/doc/HOWTO/en-html/Software-RAID-0.4x-HOWTO-8.html doc-linux-html: /usr/share/doc/HOWTO/en-html/Software-RAID-0.4x-HOWTO-11.html -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID chunk-size
On Tue, 2 Apr 2002 13:48, Alvin Oga wrote: chunk size does NOT matter for raid5... Chunk size does not matter for RAID-1, but does matter for other RAID levels. if your disk was partitioned as... 2K bytes/inode... You probably mean 2K blocks. The number of bytes per inode just determines the size of the inode tables. From the man page: chunk-size size Sets the stripe size to size bytes. Has to be a power of 2 and has a compilation-time maximum of 4M. (MAX_CHUNK_SIZE in the kernel driver) typical values are anything from 4k to 128k, the best value should be determined by experimenting on a given array, alot depends on the SCSI and disk configura tion. it also makes a difference if you used a inode size of 1K or 2K or 4k during disk partitioning - lots of little files or few huge/gigantic files ?? If you have lots of little files then if you want good write performance then you want RAID-1 or RAID-10. RAID-5 is the cheap alternative. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID chunk-size - alternatives
On Wed, 3 Apr 2002 00:29, Alvin Oga wrote: Chunk size does not matter for RAID-1, but does matter for other RAID levels. humm ..thought was the otehr way ... time for me to go look at some raid source code i suppose .. when time permits The chunk size determines physical location of the data for RAID-0 and RAID-5. For RAID-1 both disks will have exactly the same data, which is the same as what you would have if you only had one disk. So chunk size is not an issue. if your disk was partitioned as... 2K bytes/inode... You probably mean 2K blocks. The number of bytes per inode just determines the size of the inode tables. yuppers ... and a block is 512bytes ( aka a sector ) No. A block is the allocation unit for the file system. For ext2 that can be 1, 2, or 4K (but generally no-one uses 2K). For ReiserFS it's always 4K. Other file systems have different options. If you have lots of little files then if you want good write performance then you want RAID-1 or RAID-10. RAID-5 is the cheap alternative. hummm . thinking outloud cheap is relative??? - $$$ for disks vs (usable) disk space lost to raid Cheap is when you cut corners to save money. typically a minimum of 2 disks used for raid0 or raid1... raid1(mirroring) protects against one disk failure ( one disk's capacity is used as a redundant copy and not for user) ( 50% lost of space ) raid0(stripping) does not help for disk failures Yes. Also RAID-0 increases the probability of data loss unless you take other protective measures. If during a particular time period the probability of one disk failing is 0.1, then the probability of a RAID-0 failing is 1-(1-0.1)*(1-0.1) = 0.19. typically 5 disks for raid5 ... ( 3 disks mininum -- 1/3 of your disks lost to parity ( 4 disks .. 1/4 of your disks lost to parity ( 5 disks .. 1/5 of your disks lost to parity Another thing, you should have a separate cable for each disk you want to be independant. So for RAID-1 you should have two cables so that a cable failure won't lose your data. For a RAID-5 with 5 disks you want 5 cables. One setup I've seen had 30 disks with 5 RAID-5 arrays. There were 6 cables, each RAID-5 array had 5 data disks and one spare disk on separate cables. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID chunk-size - alternatives
On Wed, 3 Apr 2002 01:15, Dave Sherohman wrote: Don't know where you got the typically 5 disks bit from. RAID5 costs you one drive's worth of capacity. Also, if I were to set up a 5-disk RAID5 for critical data, I'd go with 4 active disks, plus one spare. I've noticed that 5 disks seems inexplicably more common than 4 or 6 disks for RAID-5, but no-one seems to have an explanation for it. I think that some people think that the 5 in RAID-5 means 5 disks... ;) -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
OLS and Debconf2
I will be speaking about SE Linux at OLS and have offered a talk for Debconf2. Between them I will have almost a week spare in Canada, during that time I would be happy to speak at any user group meeting as long as my travel expenses are covered. Please reply off-list if you are interested. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [HELP] RAID5 IN DEBIAN
On Tue, 2 Apr 2002 07:51, axacheng wrote: I wanna migrate my OS (SuSE7.3 To Debian) and wanna use raid5 to accese date Everybody knows that where would i find VERY useful document or HOWTO about raid5 in Debian? I had already known some URL as follow: http://www.linuxdoc.org/HOWTO/Boot+Root+Raid+LILO-3.html http://www.linuxgazette.com/issue17/raid.html You can not load your kernel from a RAID-5 array (none of the boot loaders support it). So you need at least a RAID-1 /boot partition. Most people who do software RAID use RAID-1 for their root file system too as it makes many problems easier to solve. What specific questions do you have that aren't answered in those documents? -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: boot problem
On Fri, 22 Mar 2002 14:22, Michal Novotny wrote: I have a real problem booting my Debian. I just upgraded all packages (running dselect). Now what I get after reboot is (last lines): request_module[block-major-3]: Root fs not mounted VFS: Cannot open root device 301 or 03:01 Please append a correct root= boot option Kernel panic: VFS unable to mount root fs on 03:01 03 is the major number for hda. 03:01 is /dev/hda1. The request module message indicates that you don't have a device driver for hda1which means that you haven't loaded ide-disk, or you didn't load ide-probe-mod before ide-disk from your initrd. One possible cause for this is that you loaded an initrd from a different kernel version and therefore the initrd couldn't load a module. In lilo.conf is correct root=/dev/hda1 That part is being accepted. For now, I can only boot from a floppy :( Is there a chance to find what dselect changed? Does your kernel-img.conf match mine? [EMAIL PROTECTED]:/tmp$ cat /etc/kernel-img.conf do_symlinks=yes do_initrd=yes [EMAIL PROTECTED]:/tmp$ PS I've CC'd this to debian-user as it's not an ISP issue. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void.
Re: boot problem
On Fri, 22 Mar 2002 17:16, Michal Novotny wrote: Something else, there is in /boot/config-2.4.17-386 line: CONFIG_BLK_DEV_SIS5513=y that is my IDE controller but there is too: CONFIG_IDE=m CONFIG_BLK_DEV_IDE=m CONFIG_BLK_DEV_IDEDISK=m CONFIG_BLK_DEV_IDEPCI=y You have two options. One is to build an initrd, the other is to recompile your kernel with CONFIG_IDE=y etc. The fact that your SIS driver =y determines whether the IDE driver supports your chipset. As your IDE driver is a module the SIS driver will also be part of the same module. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void.
Re: Where I Can Find OpenSSH+OpenLDAP Documents?
On Thu, 21 Mar 2002 16:53, axacheng wrote: Does Anyone Know where i can find the OpenSSH+OpenLDAP implement documents in the internet?? Just use the PAM LDAP support and configure /etc/pam.d/ssh appropriately. But first try nss-ldap as it's slightly easier to setup and has all the same config file formats etc. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void.
Re: Basic linux network questions (long)
On Fri, 8 Mar 2002 22:23, Richard Wurdack wrote: I discover, however, that if I shut the lid on the box (it might be hibernating, don't know - I didn't doing anything special for APM), and reopen it, pon can't dial out without a reboot (just like Windows!). Here's the APM related kernel build settings I use for the Thinkpads I manage. They work well for a T20, a 600E, and a 380XD. I think that Heather has completely answered the rest of your message. Please post again if you have further problems. # CONFIG_ACPI is not set CONFIG_APM=y # CONFIG_APM_IGNORE_USER_SUSPEND is not set CONFIG_APM_DO_ENABLE=y CONFIG_APM_CPU_IDLE=y # CONFIG_APM_DISPLAY_BLANK is not set CONFIG_APM_RTC_IS_GMT=y CONFIG_APM_ALLOW_INTS=y # CONFIG_APM_REAL_MODE_POWER_OFF is not set -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void.
Re: Securing bind..
On Wed, 6 Mar 2002 19:04, Karl M. Hegbloom wrote:
[ The quoted email is dated last December... I hope nobody minds me ]
[ reviving the conversation. I'm catching up on a few mail groups. ]
OK, but I've trimmed the CC list.
Russell == Russell Coker [EMAIL PROTECTED] writes:
Russell On Sun, 30 Dec 2001 16:17, Jor-el wrote:
On Sun, 30 Dec 2001, Russell Coker wrote:
Also don't allow recursion from outside machines.
Why does this help?
[snip my description of the classic cache poisoning attack]
{Internal network}[firewall/gateway router]-+{Internet}
+---[Nameserver]
The nameserver is configured to allow recursive queries only from
hosts coming from inside, through the firewall/gateway router (Linux
2.4 w/iptables). What if someone on the internal network trys to
poison the DNS like this? They could be a student on a school
network, a contract employee, a misbehaving full timer, or whatever.
That is a problem. Also there's a problem if they send you email and doing a
reverse lookup of the origin IP address, resolving the header address as part
of spam filtering, or looking up the MX record for a bounce results in a DNS
query to a poisoning server.
To prevent that, you should have some sort of egress filtering on
the firewall router, to prevent DNS replies (spoofed) from being
sent out through the gateway.
That still does not prevent them from logging into an outside host
they own -- their home computer, a co-located machine someplace out
on the net -- and sending the spoofed responses from there.
That's right.
My question is; is this scenario possible, and is there any way to
prevent it from occuring?
Get your name server to only accept replies to your exact queries and no
extra data.
I'm not sure which DNS servers support this.
Russell iptables/ipchains blocks access to port 53 from untrusted IPs
(IE everything Russell outside your LAN or dialup pool).
But then how will anyone on the network access your domain's primary
name server?
Have a different instance of your name server process for primary zones than
the one used for caching. That's standard policy on most large installations
anyway, for performance if for nothing else.
But it's an inside job. By an expert. How do I win the chess game
then?
Get a better name server that doesn'thave this flaw.
--
If you send email to me or to a mailing list that I use which has 4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.
LIDS
I have just uploaded a new version of my kernel-patch-2.4-lsm package which includes support for kernel 2.4.18 and (on 2.4.18) supports LIDS. Enjoy. -- Signatures 4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read).
kernel-patch-2.5-lsm
I am just uploading a new version of my LSM (Linux Security Modules) kernel patch package. As many people who are interested in it won't be using unstable I am also putting it online on http://www.coker.com.au/selinux/kern/ . Version 2002.02.20-1 adds support for kernel 2.5.5 and (for kernel 2.5.5) adds support for LIDS which is now an LSM module! I would be very interested in feedback from LIDS users regarding how this works on 2.5.5 (I'm too busy with my SE Linux work to touch LIDS at the moment). -- Signatures 4 lines are rude. If you send email to me or to a mailing list that I am subscribed to which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message (the sig won't be read).
Re: emergency shutdown?
On Wed, 2 Jan 2002 13:38, Simon R Tod wrote: My laptop's been left on for the past 48 hours. When I came back to it this morning it was very hot, the fan was kicking in evert minute or two and everything was working really slowly It's now just ceased up completely. The text has disappeared off my xterm and I can't get any movement out of the mouse. I don't see how I can do anything but just Sounds like it's already crashed and this entire discussion is academic. Ouch I don't like that idea. The problem is, I was in the process of upgrading my kernel Leaving a machine overnight while in the middle of such work isn't something I'd recommend. - all I've got left to do is alter my /etc/lilo.conf file, run lilo, and shutdown. Because I hadn't altered the config file will it just reboot anyway, using the old kernel? What worries me is that in the process of installing the kernel, apt-get set up / applied (whatever the right terminology is!) a boot block. Is this going to prevent the thing from rebooting? And if so, so I don't reach the boot message that allows me to pick the Debian or Windows OS', is there anything I can do? I don't know of any way that you can make your machine unbootable by upgrading your lilo package to the latest version (some previous versions had bugs) or by installing new kernel versions. If you install a new package providing the same version of the kernel you boot (say you install a new kernel-image-2.4.16 package to replace the current 2.4.16 kernel you boot by default) then that could possibly result in that kernel version not being bootable (I haven't checked the exact functionality of kernel-package in this regard). However if you install a new package of 2.4.16 then your 2.4.14 kernel you still have installed should still be bootable. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Securing bind..
On Mon, 31 Dec 2001 05:31, Jor-el wrote: DNS cache machine sents out requests from source port 54 (not obscure - every administrator of every DNS server on the net can easily discover this). Not sure I follow what you are saying here. Are you saying that it is pretty easy for a DNS admin to figure out what port you are running the DNS server on (if so how?) or are you saying that port 54 is a well agreed upon port for this purpose. I doubt very much that it is the latter, since http://www.iana.org/assignments/port-numbers states that port 54 is assigned to XNS (whatever that is). When a request has a source port of 54 the reply MUST have a destination port of 54. A DNS request is allowed to have any address as a source address (as the client program may be a non-root application which gets the first UDP port it can find which will be somewhat random). The ability to configure which source port is used for queries is a newer feature in bind (wasn't there in 4.x at least - not sure when it was added). Having the same port used for sending out queries and receiving queries from other machines (pretty much a default setup) just makes things more difficult to manage, secure, and analyse. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Securing bind..
On Mon, 31 Dec 2001 01:20, jernej horvat wrote: On Sunday 30 December 2001 22:58, Russell Coker wrote: 2.4.x kernels support the --bind option to mount which avoids the syslogd yep. linux v2.4.x and bind v9.x are easier to set up. debian has almost out-of-the box chroot solution. Are the root servers using bind9 yet? I disagree with the supposed security benefits of disabling zone transfers, Why? Do you need the whole zone when you just need to resolve one host or IP ? Sometimes getting a copy of the zone helps to discover problems. Do you give away all your personal data when someone asks you for your name ? I give away data that's publically available anyway. If data isn't public then it shouldn't be in a public place such as a DNS zone file. Knowing which IP addresses are in use is no secret, you can always check on IP address block assignments and scan them all. And this is what djb has to say for zone transfers :-) Zone transfers are an archaic alternative mechanism for copying DNS information. When djb starts releasing his software under better license agreements that make it realistically possible to use it, and when he makes his software interoperate better with the rest of the world then people will take more notice of him. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Securing bind..
On Mon, 31 Dec 2001 06:52, P Prince wrote: there are two major problems with all of bernstein's software. the first is that it requires you to throw away your existing configuration...no big deal for a caching only name-server or if you only have one or two domains to serve. a severe pain in the arse if you have hundreds or thousands of domains. This is crazy. Anytime you change software packages, you must rewrite your configuration. If two programs perform the same task then why can't they use the same config file? Writing a program to support two different formats of config file isn't so difficult. And, if you or anyone you know manages thousands of domains, I'll mail you a crisp, clean 20 dollar bill. (In order to be eligible, you must provide the name of your employer, so that I can avoid their service.) Please mail a $20 bill to Craig and one to me as well. While working for Versatel Telecom BV in Amsterdam I was running the 24hoursnet service. That service had over 4000 domains setup in bind (with scripts to create bind zone files from LDAP). Why would you want to avoid such a service? It doesn't make sense for every small company that wants a web site to have to run their own DNS etc. It makes sense for a telco to run the sites for thousands of small companies, telcos can afford to pay people such as Craig and myself to run their servers in a reliable and secure fashion instead of having the secretary try to setup a set of ISP servers (with all the security and reliability problems you'd expect). Broken as many of them are, they still work quite well with djbdns, thank you. named.conf doesn't work with djbdns - a minor problem. This is a stupid argument. httpd.conf doesn't work well with thttpd, and proftpd.conf doesn't work well at all with wu-ftpd. Consider mail servers. Currently there is a range of mail servers that can deliver to /var/mail/user-name or ~/Maildir/ storage and which honour .forward files, Postfix being a good example. I can change a Postfix installation to use Procmail for delivery and it'll deliver mail in the same way. If I choose to switch from Postfix to another server then it's not difficult to find another server using .forward files and /etc/aliases etc (NB Qmail does not do this). Then there's about 6 POP servers and about 3 IMAP servers I can choose from (actually there's probably more, I'm just thinking of ones I've used or heard good reports about) which all use the same data store. Contrast this to using Cyrus, Netscape iPlanet mail server, Exchange, Notes, or another mail server which has it's own strange and unique format for everything. an additional part of the price you pay is djb's moronic non-free software license Really? http://cr.yp.to/distributors.html yes, really. non-free. if you don't understand WHY it's non-free then read the DFSG again. This doesn't deserve a response. There is no response. DJB software is not in Debian for a reason... To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] PS When quoting messages please trim out the .sig lines etc. It just wastes bandwidth and doesn't gain anything. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Securing bind..
On Sun, 30 Dec 2001 11:18, Petre Daniel wrote: Well,i know Karsten's on my back and all,but i have not much time to learn,and too many things to do at my firm,so i am asking if one of you has any idea how can bind be protected against that DoS attack and if someone has some good firewall for a dns server ( that resolves names for internal clients and also keeps some .ro domains) please post it to the list.. both ipchains and iptables variants are welcome.. thank you. Which DOS attack are you referring to? For making bind secure I suggest running it as non-root using authbind and build your kernel with OpenWall, LSM, or GRSecurity so that stack overflows don't get anywhere. Then have a script to restart it if it dies. Also don't allow recursion from outside machines. Another possibility is to have the port for outgoing connections be something other than 53 (54 seems unused) and use iptables or ipchains to block data from the outside world coming to port 53. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Securing bind..
On Sun, 30 Dec 2001 16:17, Jor-el wrote: On Sun, 30 Dec 2001, Russell Coker wrote: Also don't allow recursion from outside machines. Why does this help? When someone sends a recursive query to your server then they know (with a good degree of accuracy) what requests are going to be made by that server and what responses will be expected. So you can send a recursive query for www.microsoft.com, then send a dozen packets appearing to be responses from the Microsoft DNS servers giving an IP address of one of your servers. While you're at it you make sure that the false packets you sent had long TTL entries so that they stay in the cache for a while. Then suddenly you have all clients of that DNS server thinking that the MS servers are on your IP addresses (with lots of potential for abuse). Another issue is that if at some future time a bug is discovered in bind that results in a security hole when doing recursion then you want to only be vulnerable to your own network (who you can hunt down if they abuse it) rather than the rest of the world. Another possibility is to have the port for outgoing connections be something other than 53 (54 seems unused) and use iptables or ipchains to block data from the outside world coming to port 53. Security through obscurity? Quite frankly, I find this strategy Please read my messages carefully before flaming me. DNS cache machine sents out requests from source port 54 (not obscure - every administrator of every DNS server on the net can easily discover this). Recursive requests go to port 53 (getting a DNS client to even talk to another port is difficult or impossible depending on the client). iptables/ipchains blocks access to port 53 from untrusted IPs (IE everything outside your LAN or dialup pool). Bind will not be expecting any data other than replies to it's requests on port 54 (the port that is open to the outside world) so even if you screw up in your configuration of bind to not allow recursion from the outside world you're still protected. Smart people NEVER rely on only one layer of protection if they can avoid it. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Securing bind..
On Sun, 30 Dec 2001 22:02, jernej horvat wrote: On Sunday 30 December 2001 18:46, P Prince wrote: The eaisest and most failsafe way to secure bind is to install djbdns. If you have nothing to say - do not speak. Perhaps a discussion of the relative merits of djbdns and bind is in order. I wanted to move to djbdns at one time, but it was too painful. Everything had to be redone (the config files were all incompatible), the documentation was inadequate, and there was no good amount of support on the net. Has djbdns improved since then? Securing DNS: http://www.psionic.com/papers/dns/ 2.4.x kernels support the --bind option to mount which avoids the syslogd hackery described in this URL. Also the authbind method supported by Debian is much more powerful and useful than using the chuid() functionality in bind. Both these things aren't mentioned. Cricket Liu's presentation on how to secure BIND: http://www.acmebw.com/papers/securing.pdf I disagree with the supposed security benefits of disabling zone transfers, it's just security by obscurity. Also when idiots read such advice and take it to heart it gets in the way when you have a genuine need for zone transfers. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Fidonet support on dial-in
How popular is Fidonet support in Debian? Of the people who use it, is it most desired to have a Fido program be spawned with stdin/stdout/stderr pointing to a serial port or is it more desired that the Fido software be accessed by rsh/ssh connection to a Fido server machine? I'm going to add Fido support to Portslave soon. I am wondering whether I should enable the feature in the Debian package, and how exactly I should make it work. Please reply to this message privately as most people on the list won't be interested. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: how to store static data in a multi-thread program?
On Tue, 25 Dec 2001 01:55, Andrew Makhorin wrote: I've got a multi-thread program (in C) running under Debian/GNU Linux. And I need to store a pointer somewhere in a system place related to an particular thread in order to pass it to other routines running in the same thread. In other words I need to pass a pointer within a thread as if it would be declared as extern (i.e. not as a formal parameter), but in a thread safe manner. Could anyone please tell me how to do that? Let's say we want an integer for each thread. Have a global variable of type int *, before spawning threads malloc enough memory for an int per thread and have the global variable point to it. Then have each thread know it's number (in some suitable way) and use that index into the array. Growing the array without locking is tricky but possible. But let's move it to Debian-user as debian-devel is not the appropriate forum (debian-devel is about developing Debian packages not about teaching C programming). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: devfsd and kde
On Sun, 9 Dec 2001 19:59, Alan Chandler wrote: I am struggling a bit with devfsd and could do with some help Firstly this isn't really a KDE issue, you could have the same problem using GNOME or using command line tools. I suggest that debian-kde be removed from follow-up in future discussion. When kde starts up it complains that it can't find /dev/dsp at the point where it normally plays the little I have started up music sequence (prior to that, when the sound card was compiled into the kernel and the /dev directory was hardcoded - I got sound out without any problem) Create a new file /etc/modutils/mysound containing something like the following: alias /dev/sound sound-module Also whatever else needs to be loaded. Then run update-modules. Then in the devfsd compatibility file make sure that you enable compatibility links for ^sound/.* (if you don't have the default settings to enable them for everything). The default devfsd settings alias /dev/dsp (and all other sound devices) to /dev/sound. LOOKUP ^dsp$ MODLOAD somewhere. However I did this, and it didn't seem to solve anything It already does modloads for unknown modules by default. Your problem is that modutils doesn't know what to do when it sees /dev/dsp or /dev/sound listed as a module name. Question 2 should not the standard debian distribution be doing whatever is needed for me Unless the standard Debian distribution could know what type of sound card you have this is not possible... I suggest that future questions about Debian devfs be sent to debian-user and CC'd to me (I'm the Debian maintainer for devfsd). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: devfsd and kde
On Mon, 10 Dec 2001 11:31, Alan Chandler wrote: Create a new file /etc/modutils/mysound containing something like the following: alias /dev/sound sound-module Thank you very much - worked a treat. Just one question - since I don't understand the logic of whats happening. When does devfsd make the compatibility link with /dev/dsp ? What I After the module is loaded, initialised, and has created the real device node (/dev/sound/dsp in this case). thought was happening was something makes a request to a sound module, this causes the kernel module loader to call modprobe. Modprove looks in the alias file for /dev/sound and finds my sound card (emu10k1) which then loads into memory. The sound card registers itself which causes devfsd to create the compatibility links. What happens is that something tries to access /dev/dsp, the devfs kernel driver (the driver for the devfs file system which is mounted on /dev) sees the lookup for /dev/dsp, blocks the process in question, and tells the devfsd process that an access to /dev/dsp has been attempted. The devfsd in this case is configured to pass all requests to modprobe, see the following config directive: # Enable module autoloading. You may comment this out if you don't use # autoloading LOOKUP .* MODLOAD Then essentially devfsd runs modprobe /dev/dsp, the modprobe program sees that /dev/dsp is an alias for /dev/sound in /dev/modutils.conf and does the appropriate thing. The problem I am struggling with (and why I didn't attempt your solution) is the chicken and egg problem of the access to /dev/dsp being the thing that needs to trigger the module load. What have I missed? You missed the fact that /dev is not a regular file system and attempts to access non-existant entries make things happen... The reason I need to understand (and what actually triggered me off in this direction in the first place), is that I have a similar problem with my cdroms. I actually have a ide dvd drive on what previously would have been /dev/hdd, and a cdrom (cd - writer) on a scsi card. Previously I had symlinked /dev/dvd to /dev/hdd and /dev/cdrom to /dev/sr0 (scsi had been compiled in to the kernel - but was delaying the boot sequence for 15 secs whilst scanning the scsi bus and timing out). I had built scsi as module and all had stopped working. Also I had never managed to get cd writing to work, and had decided to make a push to sort this out. I assume the correct thing to do for the dvd (is put a file in /etc/devfs/conf.d with a line like) No. Create a file named /etc/devfs/conf.d/mine and put the following in it: # create the standard /dev/cdrom symlink REGISTER^cdroms/cdrom1$ CFUNCTION GLOBAL symlink $devname cdrom UNREGISTER ^cdroms/cdrom1$ CFUNCTION GLOBAL unlink cdrom REGISTER^cdroms/cdrom0$ CFUNCTION GLOBAL symlink $devname dvd UNREGISTER ^cdroms/cdrom0$ CFUNCTION GLOBAL unlink dvd Of course that is presuming that you are booting from an IDE hard drive and thus the IDE DVD drive gets recognised early in the boot while the SCSI CD-RW gets recognised later. However if you may load the two drivers in arbitary order then you need to have the REGISTER and UNREGISTER events refer to the real device names, ide/host0/bus1/target1/lun0/cd instead of ^cdroms/cdrom0$ and scsi/host0/bus0/target0/lun0/cd (or whatever the device name is for SCSI) instead of ^cdroms/cdrom1$ . problem of not knowing where to link it to. [As I am writing this do I perhaps need an alias /dev/dvd ide-cd in /etc/modutils/aliases followed by an update-modules?] Yes, that's a good idea. I have not made a start on understanding my scsi problems - these seem to be multilayered - as far as I can see. I think I need to get the the aic7xxx module set up to load (perhaps alias /dev/somthing aic7xxx - but what - depends on the usage) You need the alias for /dev/cdrom resulting in loading the aix7xxx module, and if you have SCSI hard drives then they need to have it loaded too. I can't advise more without knowing more about your hardware. I expect you'll probably get it all going without more advice from me, if so please post to debian-user about how you did it, I think that other people will be interested. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Installing PPP 2.4.0
On Mon, 26 Nov 2001 00:45, Ben Hill wrote: but, when compiling the pppoatm.c file, it has complained about not finding the atm.h file in the /usr/src/linux/include directory. After checking there indeed is not an atm.h file there. However, there are no atm.h files on my system that will work! Anybody any ideas how to get it working, or to find the right atm.h file? Install my atm-dev package. In future check Contents.gz to discover which package owns a file. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
lilo with LVM-root support
I've compiled the latest lilo with support for LVM-root. I've put it on http://www.coker.com.au/lilo/ , check it out and let me know if it works (I haven't had a chance to test it at all). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
null modem test
Is there any software in Debian to test a null modem? What I want is software to run on both ends that will exercise all control lines (DTR, DSR, RTS, and CTS) and display the values of these lines so I can see if my cable is good. If there is no software in Debian to do this then is there some software on the net under a suitable license for packaging? Failing that I'll have to write it myself. :( -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: null modem test
On Mon, 12 Nov 2001 14:53, J.A.Serralheiro wrote: you can try minicom. its not exactly what you want but it can handle the job How do you make minicom test the rts/cts lines? -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Unresolvable installation problem?
On Mon, 5 Nov 2001 18:53, Harry Palmer wrote: I have a (decent, 400MHz PII) laptop with no CDROM and an LS120 IDE floppy drive instead of a standard floppy (which boot disks pick up as hdd). Is that me stuffed as far as getting potato up and running? I tried a few things with the idepci boot set, but there doesn't seem to be a way of getting beyond the first boot floppy and getting the root filesystem loaded. Has anybody been here before? Couldn't you reconfigure the boot disk to use root=/dev/hdd? From memory the Potato boot disk uses loadlin so it should be easy to change the specification for the root device. One thing I have been considering is to create a NFS-root floppy for laptops. This would involve an initrd kernel using busybox (or some other statically linked program with lots of utilities) with cardmgr compiled in. Then the /linuxrc could start pcmcia, put the network up, and have a network start script that mounts NFS and does pivot_root and exec /sbin/init. This can only be done with woody, however the image on the NFS server could be any version of Linux as long as it doesn't stop the PCMCIA... ;) To do this I need to squeeze the kernel modules necessary and all the cardmgr stuff into 440K of gzip -9 compressed space. If you're interested in testing this then let me know. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Upgrading the kernel on a woody box
Firstly I'm moving this to the debian-user list as it's got nothing to do with KDE. In future please ask such questions on debian-user, feel free to CC me on such questions as I maintain the devfsd and lilo packages. On Wed, 31 Oct 2001 08:11, rikiwarren wrote: I've downloaded the kernel-image-2.4.12-686 (and the corresponding headers, source, and doc file) I double checked to make sure the initrd=/boot/initrd line was added to lilo.conf (I believe it was added automatically when I tried this the first time, but I could be wrong). It's like the third uncommented line in the file. If there was a problem with lilo or the initrd you would never have got a login prompt. The fact that you logged in and got a working command shell means that this part is fine. I made sure the initrd link pointed to the correct (2.4.12) file. I made sure that the following were installed: devfds, initrd-tools, iptables, mkcramfs, libxml2, libxml2-dev and usbmgr. I added the following to my source.list: deb http://people.debian.org/~bunk/debian potato main deb-src http://people.debian.org/~bunk/debian potato main Did you omit modutils? The locations of all modules have changed in 2.4.x kernels. Old modutils will not work at all on new kernels (in fact I'm surprised that the modules on your initrd even worked). When I reboot, I get a lot of errors. They flash by fast--but this is the general gist. The general gist is not adequate for problem solving. We need exact error messages. There was some error regarding partitions, cramfs and magic numbers. Then there are a ton of missing module messages. Then it tries to boot into X and fails--leaving me at a command line. I do have basic functionality from the command line. If I restart and boot into my old kernel, everything works. I think that one of two things has happened. One possibility is that there was a devfsd problem and the compatibility links matching the entries in /etc/fstab weren't created leading to fsck failing and the boot process aborting. Another possibility is that the modules for X weren't loaded and the X server could not start. But without any log entries I'm just guessing. NB Serial console is a really handy feature. It makes it easy to cut/paste kernel boot messages into an email (including in situations where the kernel panics on boot). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
pppd callback
If you use the callback function in pppd (or want to use it) then please contact me off list. I've got a patch for it that I'm considering for inclusion in my Portslave package (and for submitting to the ppp package maintainer). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: 2.4 -ac kernels with Adrian Bunk's potato packages?
On Tue, 30 Oct 2001 02:10, Fred Gray wrote: For various reasons, I would like to set up a 2.4.13-ac4 (Alan Cox's tree) kernel-image package with the same highly modular structure as Adrian's However, when I try to boot this new kernel, the boot fails with the following messages: [...] RAMDISK: cramfs filesystem found at block 0 RAMDISK: Loading 3332 blocks [1 disk] into ram disk... done. Freeing initrd memory: 3332k freed cramfs: wrong magic Kernel panic: VFS: Unable to mount root fs on 01:00 Can someone offer a suggestion on what might have gone wrong? (Please cc me on replies, since I'm not subscribed to this list.) Cramfs has been broken in the main kernel trees for ages and it's only the Debian patch in the kernel-source package that allows it to work. Use romfs and you'll get a smaller initrd (compress the entire image with gzip -9 instead of compressing each file separately), and it'll work with less problems. Use the genromfs package to create the romfs. The old version of initrd-tools needed /usr/sbin/mkinitrd to be hacked to get romfs to work, but I think that this has been fixed. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Getting Grub to Recognize Kernel Update to 2.4.12
On Sat, 27 Oct 2001 05:41, eDoc wrote: the make-kpkg and dpkg -i The result Package commands add all the needed for boot with the new kernel. Best regards. Jose Luis. make-kpkg causes error: su: make-kpkg: command not found Now what, please? You need to install the packages kernel-package and fakeroot. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Getting Grub to Recognize Kernel Update to 2.4.12
On Sun, 28 Oct 2001 15:44, Doc - KD4E wrote: the make-kpkg and dpkg -i The result Package commands add all the needed for boot with the new kernel. Best regards. Jose Luis. make-kpkg causes error: su: make-kpkg: command not found Now what, please? You need to install the packages kernel-package and fakeroot. I ran apt-get install fakeroot and that went fine. I have no idea what its purpose is ... I have read about fakeroot but am unclear as to its need to resolve my current problem ... can you explain, please? The idea is to use the following command to build a kernel package: fakeroot make-kpkg --initrd --revision=1000 kernel_image Fakeroot means that any chown() or chmod() system calls will appear to work (and stat() system calls will show them to have worked) even though you are not root. Type the following as an exercise (from a non-root account): fakeroot bash touch abc ls -l abc exit ls -l abc I notice that GRUB is looking for linux-2.4.12.gz, at least according to one example. That file was not created when I ran the tar -wvvzf. It's looking for a compiled kernel not the source. It looks as though I need to figure out how to create a linux-2.4.12.gz file from my linux-2.4.12.tar.gz (currently in /usr/src), in /boot for GRUB. Yes? Yes, you need to compile your kernel. I recommend that you go to an install-fest or a user group meeting to get advice on this. I think that you need more advice than can be given in email. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
LILO problem on recent 2.4.x kernels
Recently I have been receiving a number of bug reports of LILO upgrades unexpectedly resulting in a non-bootable system. I have just received the following message which purports to explain it. If your system matches the below description (2.4.10 kernel with first partition being Ext2 and having /boot for booting with LILO) then I suggest doing the following: 1) Put LILO on hold if you haven't upgraded already. 2) Prepare an upgrade to 2.4.12 or a downgrade to 2.4.9 (kernels before 2.4.9 had security problems). 3) If you have already run lilo from kernel 2.4.10 or suspect that you have then either create a rescue floppy running a non 2.4.10 kernel or put your boot files on a different partition (one good option in such situations is to run swapoff and then mkfs your swap partition). 4) After booting from a better kernel immidiately run lilo to get a good boot map. Please note that I have not yet reproduced this on my own systems. However it may take some time for me to find a spare hard drive, format it as ext2, etc so I decided to warn you first. -- Forwarded Message -- Subject: Re: [reiserfs-list] Reiserfs-Fix in 2.4.12-ac2 Date: Tue, 23 Oct 2001 11:13:46 +0200 From: Jens Benecke [EMAIL PROTECTED] To: Russell Coker [EMAIL PROTECTED] LILO boot sector bug? Well, if you run 2.4.10 and your first partition contains the /boot stuff, and you run LILO, LILO's kernel position information will be overwritten with file system data the next time you write to that partition (i.e. _during_ LILOs run because it updates /boot/map). The fix is to move /boot, mount / read-only, run LILO, then reboot (with / still read-only). This only affects ext2 systems (wish I had updated to ReiserFS when I had the machine here). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page Attachment: 1 Description: PGP signature
Re: File corruption
Firstly I think this is more suitable for debian-user, so I'm BCCing -devel and CCing -user. Please CC me on any follow-ups. On Wed, 17 Oct 2001 15:27, Steven Mooij wrote: Hello, I'm not a debian developer (yet), but I hope I am allowed to post a message here. It is about a potential bug, but I can't send it with the BTS, because I don't know which package to file it against. Firstly what you are describing isn't a debian bug so is not suitable for the BTS. It's either a kernel issue or a hardware issue. On Wed, 17 Oct 2001 00:58:59 Russell Coker wrote: Also there's this new tainted kernel thing which is a huge new feature, and there are rumours about Ext3 FS corruption and data loss.. Maybe my problem has something to do with these rumours, maybe not: When I copy large amounts of data sometimes some bytes are changed. This must sound vague: sometimes, some bytes, but unfortunately this is the case, I haven't figured out a reproducable test-situation. Firstly create a file with a variety of data that's significantly larger than ram. Eg: tar cvf /tmp/junk /usr Then run md5sum repeatedly on it in the following fashion: while /bin/true ; do md5sum /tmp/junk ; done /tmp/out Leave that running overnight and then run the following in the morning: uniq /tmp/out If it gives more than one line of output then your hard drives are not repeatedly returning the same data to read requests. There is a potential problem that this error may only occur on certain parts of the hard drive. Booting with init=/bin/sh and running the following could be useful in that case: while /bin/true ; do md5sum /dev/md1 ; done Doing that all night shouldn't exhaust the kernel scroll-back buffer. Then if that doesn't show anything then you have to try repeatedly copying a file and using md5sum to check the result (should be the same after every copy). 2628DB Delft If your machine is portable I could meet you at a HCC or NLLGG meeting and check it out. Send private mail if that interests you. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
lilo-beta package
I have created some packages of a beta version of LILO named lilo-beta and lilo-beta-doc. They are available on http://www.coker.com.au/lilo/ for anyone who wants to play with them. At some future time they will be released as regular lilo and lilo-doc packages, but it won't be in time for woody. The most noteworthy feature is significantly improved support for software RAID. If you are using software RAID for your /boot file system then you may choose to use the beta release now for this feature. Also it apparently supports a splash screen at boot time, but not being interested in such things I haven't even tested that. Please reply directly to me not to the list. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
devfsd changes
If you don't want to read all the gorey details skip down to * * * * *. Following bug report #111946 and a number of issues with devfs I have decided that some serious changes are necessary to the way permissions for devices are managed. Here is the way it currently works: When I (or an auto-builder) build a devfsd package it creates a default /etc/devfs/perms file which contains the permissions of every device node in the system and every device node which is likely to be created (ideally it should be every device node possible but new devices are always being added). This file is currently created from the contents of /sbin/MAKEDEV by a complex script which translates mknod commands to permissions settings suitable for devfsd. Incidentally this creates another potential problem, where different auto-builders may build against different versions of makedev and have different config files, but this isn't an issue I even considered before writing this message... Now the output of this script refers to old-style names such as /dev/hda not the devfs names such as /dev/ide/host0/bus0/target0/lun0/disc (the devfs equivalent of /dev/hda), this is a problem because converting from the old names to the new names is not always possible (for example when you see /dev/sda you won't know which SCSI bus or LUN it is, different systems will therefore have different SCSI names for /dev/sda). This is a minor problem, a bigger problem is that when you have two IDE hard drives and an IDE cd-rom you won't know which of hda, hdb, and hdc is the cdrom! Now if everyone had sym-links for all devices this might still be managable (with a huge amount of pain and some support scripts to handle the case of IDE cd-rom vs IDE hard drive). However not everyone has REGISTER .* MKOLDCOMPAT in their config files so many people don't have compatibility links for all devices (I prefer to have as few compatibility links as possible on my systems - it's a matter of preferance). A further complicating factor is that the functionality of assigning permissions based on the compatibility names is a Debian-specific hack which the upstream author dislikes. So moving between Debian and non-Debian systems will be painful if you rely on this. Also due to the way the compatibility code works it is possible to have different permissions of a device after a restart of devfsd with no configuration changes having been made!!! So for example you are happily playing music from your CD-ROM and you decide to install/upgrade/remove lvm-common or tpctl (or one of the other packages that have devfsd configuration) and it will restart devfsd to read the configuration for it's device nodes, this could cause device nodes to get different permissions than they had on boot and make your CD-ROM unreadable to your music program!!! To solve this I have started developing the next version of the devfsd package in the following fashion: * * * * * Firstly I have taken the latest auto-generated permissions file as my starting point, from now on it will not be automatically generated and I will manually merge changes from /sbin/MAKEDEV periodically (or when I receive bug reports or notification from the makedev maintainer of significant new changes). I am changing the default perms file to use the new devfs names instead of the compatibility names in cases where there have been problems reported, in cases where I anticipate future issues, and for devices that I have on my own systems and can easily test which I think need to be changed. I would like to change it all to the new format, but this isn't going to be possible for some time. So it will have to be a gradual process continuing after the release of woody. Here are the choices that devfsd users have: 1) Continue to use their old setup and say n when asked whether /etc/devfs/perms should be replaced (NB you have to change /etc/devfs/perms before the upgrade to be given the choice). Then these changes will not affect you for better or for worse. 2) Check the new version when I put it in unstable and send me email about any devices you posess and have a good knowledge of which are in the old format and should be in the new format. Doing ls -lR /dev before and after the upgrade and checking for changes would be helpful (there will be changes, hopefully all will be desired). 3) Put devfsd on hold until it's all over. There are no serious bugs against devfsd at the moment and I don't expect to find any in the near future. I know this sucks very badly. But at the moment I can't think of a better solution to this situation (I am open to suggestions). It will be some time before I upload a package with the new changes, I will certainly wait until discussion on these lists has reached some sort of consensus. PS I have BCC'd this to the debian-user list to make people aware of what's going on, I didn't CC it because I think that any
sm200d satellite modem
I've just produced a Debian package for the sm200d satellite modem. It's totally non-free so it'll never go into Debian in it's current state (probably not even suitable for non-free). But I'll give a copy to anyone who wants it (better than using Red Hat for your cheap net access). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: kernel-source-2.4.9-1 builds but does not boot
On Thu, 4 Oct 2001 01:21, José Luis Rey wrote: make dep make make modules make modules_install make install I strongly recommend that you install the package kernel-package and use make-kpkg to build the kernel. This builds nice Debian packages of the kernel which make it a lot easier to manage and track which machines are running which versions. Also the kernel package installation takes care of making the initrd. mkinitrd -o /boot/initrd-2.4.9-test /lib/modules/2.4.9-test Hmm. That doesn't look like the right command to get a fully functional initrd, also it puts all the kernel's modules into the initrd which isn't necessary (and if your kernel settings are like mine you'll get a 2M initrd image). I've written some scripts to help manage this. I've attached two scripts for inclusion in /etc/mkinitrd/scripts directory (make sure you don't run the devfs script in any other way), and the mkinitrd.conf file I use. With that and the correct /etc/mkinitrd/modules file it should all work fine. and added a test entry in lilo.conf with: image=/vmlinuz.test label=Test read-only initrd=/boot/initrd-2.4.9-test The problem is that after initrd is loaded kernel panics with: Kernel panic: VFS: unable to mount root fs on 03:03 I'm prety shure that my root file system is in /dev/hda3, so I ran rdev on two different kernel-images: Well if your kernel is on /dev/hda3 then it is 03:03 so that part is OK. I think this had to do with the devfs thing, so I re-made the kernel without DEVFS support and ext2 in the kernel and it booted. Does anybody knows what happens with devfs, rdev or new kernel booting procedure ?, did I miss something from the docs ? Firstly if you suspect a problem in a package then probably the best option is to contact the package maintainer (in the case of devfsd it's me). Devfsd is necessary on all systems running devfs, and most systems won't complete the boot process without devfsd running. However it won't affect the ability to mount root. When you say re-make the kernel without DEVFS support and ext2 in the kernel are you saying that you make it with ext2 in the kernel or without DEVFS support and ext2? I think that what you are doing with ext2 is what makes the difference... I've CC'd this message to the debian-user list which is more appropriate for this discussion. I've BCC'd debian-devel so people can see that it's moved to the user list. Please CC me on all further discussion. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page copy-needed-modules Description: copy-needed-modules devfs Description: devfs # /etc/mkinitrd/mkinitrd.conf: # Configuration file for mkinitrd(8). See mkinitrd.conf(5). # # This file is meant to be parsed as a shell script. # What modules to install. MODULES=none # The length (in seconds) of the startup delay during which linuxrc may be # interrupted. DELAY=0 # If this is set to probe mkinitrd will try to figure out what's needed to # mount the root file system. This is equivalent to the old PROBE=on setting. ROOT=probe # This controls the permission of the resulting initrd image. UMASK=022 # Turn this on to see the messages from mkcramfs. VERBOSE=on
Re: What to choose
On Wed, 3 Oct 2001 22:22, Teppo Hytönen wrote: What comes to choosing between the two, it's personal preference that matters. I myself recommend Debian: I love it myself, and yes, apt-get is great. Then again, I haven't used Mandrake, but haven't heard a single positive comment about it, other than that it is easy to install; many say too easy, so that you can't configure things you might want even if you have enough skill to do it. I've heard that in many cases it doesn't work right. I think you're being a bit hard on them. I've heard positive reports about Mandrake, and the Mandrake developers I've talked to seem quite smart. However I get the impression that Debian has more smart developers than any other distribution, and I think that upstream maintainers often have a similar opinion. I recently received an email from an upstream author saying I didn't know any distribution had included my code, I might have known Debian would do it first, I think that is an indication of the good opinion upstream authors have of Debian developers. I think that you can compare distributions without using them. If you know who develops a distribution, who pays them (if anyone), what their aims are, and how long they have been at it then you can get a good idea of what product they will develop and whether it will suit you. Debian has a large team of people who work for fun (most of them get paid nothing for their work - many of them are doing Debian work instead of doing paid work). The Debian developers are generally highly skilled by any standards of measurement. The aim of the project is to develop the best possible OS according to the general aims of the FSF, where best is measured by the developers themselves. The result is that there is a huge number of developers (any skilled person who has the time is welcome), a huge number of packages (any developer can add a new package at short notice without asking for permission), a good solid base, and a lot more work is needed on installation programs and documentation (no offense to the people who work on it - really they need more help from the rest of us). So we can advocate Debian without mentioning other distributions. Once they know what Debian is about they'll either like it or they won't. Other distributions have much better installation routines, and may be more suitable for novices for that reason. I've CC'd this message to debian-user as it really has nothing to do with laptops. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
ATM tools man pages
Currently the atm-tools package I maintain has a number of binaries with no
man pages.
I feel that I am not qualified to write such man pages as my use of the
package is so minimal (I only use the atm-dev package for compiling other
things).
I would appreciate contributions of man pages for the following binaries:
E: atm-tools: binary-without-manpage aread
E: atm-tools: binary-without-manpage awrite
E: atm-tools: binary-without-manpage enitune
E: atm-tools: binary-without-manpage ilmid
E: atm-tools: binary-without-manpage saaldump
E: atm-tools: binary-without-manpage sonetdiag
E: atm-tools: binary-without-manpage ttcp_atm
E: atm-tools: binary-without-manpage zntune
Of course I'll send any man pages upstream.
PS Is there any chance that you will mount /usr over an ATM network? If so
I'll have to move the more important binaries to /{s,}bin...
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
world map program
It seems that we don't have any good world map software in Debian. What I would like to see is a program that has a database of the co-ordinates of the countries and the names of major cities. It should of course be searchable so I could type the name of a country and see it's details. Also ideally it would have support for a number of databases so it could be run in a fashion to show how countries changed borders/names/etc over time. Any ideas of such a program? If I can find one I'll package it for unstable ASAP. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: ownership of target of /dev/cdroms/cdroms0 in devfs
On Mon, 17 Sep 2001 01:53, Richard Gooch wrote: Also any permissions related configuration directives in /etc/devfs/conf.d/* will over-ride /etc/devfs/perms (so there's no real need to comment anything out of /etc/devfs/perms unless you are making permissions more restrictive and want to avoid race conditions). What race conditions are you referring to? Filesystem access to entries is blocked until devfsd has finished processing all pending events. So no process can ever see an intermediate state. Only devfsd and it's children can bypass this block. OK. Sorry I wasn't thinking when I wrote the message, I should have known that! -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: ownership of target of /dev/cdroms/cdroms0 in devfs
On Tue, 4 Sep 2001 17:37, Richard Gooch wrote: If I then attempt to access the drive, for instance using cdplay, or alteri= ng permissions / ownership of the cdrom* symlinks, and _then_ restart devfs= d, then the ownership of /dev/ide/host0/bus1/target0/lun0/cd changes to 'ro= ot:cdrom', and I can read from the drive (as a normal user). If I add the following line to /etc/devfs/perms, then it fixes the problem; REGISTER ^hdc* PERMISSIONS root.cdrom 0660 I get the gut feeling that this is the Wrong Way to do this. Can anyone eit= her placate this or advise better ways? Sounds like you have a Debian system. What you're doing may or may not fit in with the Debian way of doing things. I'll let Russell Coker, who is the Debian package maintainer for devfsd, reply. I believe he is on this list. OK. The are two differences between the Debian package and the default devfsd installation in this regard. One is the /etc/devfs directory and the perms file that is included in the configuration which has default permissions. I recommend that you add things to /etc/devfs/conf.d/something instead of changing the perms file, then on Debian package upgrade if the default perms file has new devices added they will automatically appear in your configuration (and you will not be bothered by questions about whether you want to replace the file). The other change is more significant. The function make_symlink() in devfsd.c which is called for MKOLDCOMPAT (and presumably MKNEWCOMPAT and others) will check PERMISSIONS entries for a match on the sym-link name and chance the permissions of the link target as if it was the subject of the permissions line. The result of this is that many things just work without any effort. The down-side as you have probably noticed is that removing a MKOLDCOMPAT entry can have changes to the permissions that are unexpected. There are already some bug reports in the Debian BTS regarding default permissions of the IDE device files. I will have to decide what to do, maybe the following: REGISTER ^ide/host[0-9]+/bus[0-9]+/target[0-9]+/lun0/cd PERMISSIONS root.cdrom 640 I would not be about to give write access to a CD burner to anyone other than root by default... Also any permissions related configuration directives in /etc/devfs/conf.d/* will over-ride /etc/devfs/perms (so there's no real need to comment anything out of /etc/devfs/perms unless you are making permissions more restrictive and want to avoid race conditions). I have CC'd this to the debian-user list as I think that other Debian users will be interested in the discussion. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: funny idle time from time
On Sat, 1 Sep 2001 12:18, Wouter Verhelst wrote: I agree with most of what you say, but not with this. You can say a lot about NFS, including that it's bad, insecure, to be thrown away and changed by CODA or sth else, but not that it's slow. I've seen data transfers of ~800KByte/s via NFS. Over my 10MBit coax network. From a Pentium 166 to a Pentium 133. I don't know any other network file serving protocol that can do this. What other network protocols have you tried? I have attached the results from running Bonnie++ with my Thinkpad (P3-650, 256M) as an NFS client with both 10 baseT PC-Card and 100baseT CardBus network cards connected to an Athlon 800 with 256M, PCI 100baseT card and with a full duplex switch in between. The only time that NFS is really efficient is bulk input. I mounted the NFS share with rsize92,wsize92,nolock. Both machines run 2.4.9 and the NFS serving is in the kernel. I tried using smbfs but it dropped out under load (seems to be a bug in the client code). I tried making the Thinkpad the NFS server, but it wasn't fast enough and the client thought that it had fallen off the net and started the laborious back-off process (which kills performance). The end result, NFS isn't nearly as fast as it should be, but SMB is worse because I couldn't get it to work. Let's redirect this discussion to debian-user... -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page Title: Bonnie++ Benchmark results Version 1.92aSequential OutputSequential InputRandomSeeksSequential CreateRandom CreateSizeChunk SizePer CharBlockRewritePer CharBlockNum FilesMax SizeCreateReadDeleteCreateReadDeleteK/sec% CPUK/sec% CPUK/sec% CPUK/sec% CPUK/sec% CPU/sec% CPU/sec% CPU/sec% CPU/sec% CPU/sec% CPU/sec% CPU/sec% CPU lyta-100-nfs999367121496M54699488532407271298102753177.011617929434016192411161185124151454 lyta-100-nfsLatency716086us2683ms457ms39709us871msLatency462ms164ms12271us132ms98528us728us lyta-10-nfs999378658496M4039988434244471941209087.8416590141127165801158815123219155 lyta-10-nfsLatency330693us1227ms848ms52184us674msLatency774ms88644us25376us114ms115ms7331us 1.92a,1.92a,lyta-100-nfs,999367121,496M,,546,99,4885,3,2407,2,712,98,10275,3,177.0,1,16,1792,9,4340,16,1924,11,1611,8,5124,15,1454,7,16086us,2683ms,457ms,39709us,871ms,462ms,164ms,12271us,132ms,98528us,728us,142ms 1.92a,1.92a,lyta-10-nfs,999378658,496M,,403,99,884,3,424,4,471,94,1209,0,87.8,4,16,590,14,1127,16,580,11,588,15,1232,19,155,3,30693us,1227ms,848ms,52184us,674ms,774ms,88644us,25376us,114ms,115ms,7331us,139ms
anyone have pppoa (PPP over ATM) working properly?
I'd like to package pppoa but due to hardware problems I can't test it. Does anyone have it working who is prepared to test some packages if I create them? -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Need devfs help
On Thu, 9 Aug 2001 00:20, Svante Signell wrote: Compiling the latest kernel (2.4.7) I decided to enable devfs support and also start devfsd at boot. Most things seem to work fine except the sound card, the cdrom (both mounting and playing CDs) and cdrw, Accessing these one gets complaints of /dev files missing. Create a file /etc/modutils/devfs-aliases containing: alias /dev/dsp sound-device alias /dev/mixer sound-device alias /dev/midi sound-device Where sound-device is replaced by your sound module, then run update-modules. I suggest that in future you ask such questions on debian-user and CC the package maintainer (which means me for devfsd). There is an advantage of CCing the maintainer (apart from the fact that the maintainer is most likely to know the correct answer). The maintainer will often have some plans for future changes and will give advice on how to avoid future complications taking into account unannounced new features and the results of testing new upstream betas. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Root on RAID
On Fri, 3 Aug 2001 06:19, Brian May wrote: Alvin hi ya george Alvin for raid1 typically /dev/hda is copied to /dev/hdb Alvin- dont know why you'd wanna mirror a partition... ( Alvin system will still be dead since the rest of the required ( Alvin partition is not available Easy, you create a separate software-RAID1 partition for every partition on you harddisk, so in affect you mirror one harddisk on to the other harddisk. It might be possible (?) to mirror /dev/hda to /dev/hdb, but then you need to subdivide that space up into partitions. Sure, it's quite possible to mirror /dev/hda to /dev/hdb, but then the auto-detect RAID stuff (which relies on having partition type 0xfd) won't work. But then it won't work with RAID in a module on an initrd either - and with the modern setup this is what you should be doing. lvm could be used to do this (AFAIK), but all my attempts to use lvm up to now have failed. Yes. Ideally you mirror the raw devices (if the sizes match) and then run LVM on that. For different size disks you have to mirror a whole disk to a partition on the larger disk, but such mirroring won't give best performance either... -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
new portslave release 2001-07-09
This version will be uploaded to Unstable in a few days if there are no bugs reported. Please test it out and let me know how it goes. Russell Coker -- Forwarded Message -- Subject: new release 2001-07-09 Date: Mon, 9 Jul 2001 18:11:33 +0200 From: Russell Coker [EMAIL PROTECTED] To: [EMAIL PROTECTED] This version has more changes than most versions and should be treated with extra caution, but it's passed all my tests and my most important machine is connecting through it so I think it's good. The config code now only keeps data in memory for the active line. Previously we had an array of 512 entries for the maximum number of lines, and the all.* entries were copies to all of them, which meant many duplicated strings! Now there's only one copy of the line configuration data. Doing this saves memory and allows increasing the maximum number of lines without further cost (which is why I increased it to 1024 lines). Now the only code for which the maximum number of lines matters is ctlportslave. This saves about 500K of memory per copy of portslave, and also may reduce the amount of calculation performed for reading the config files. This will really help for machines with small amounts of RAM!!! This is a major and significant change to the way the configuration file is parsed, but according to my tests it works fine (and it's the type of thing that will work perfectly or stuff up completely - it hasn't stuffed up). The other major change is to make pppd store the packet counts where we can get them for RADIUS accounting. So now we log packets! I have written and tested the appropriate patch for pppd 2.4.1. I have written the patch for pppd 2.4.0 but not tested it (I don't run that version of pppd). I will write the patch for any version of pppd for which I am sent a copy of the pristine upstream source. Also the pppd startup message required changing the operation of utmp. It's a minor thing which could result in ctlportslave giving the wrong IP address during the early stages of ppp initialisation (will be correct once the RADIUS start packet has been sent). It's at http://www.coker.com.au/portslave/ . Please test this as I'm getting close to fixing everything I want to fix in Portslave... portslave (2001-07-09) unstable; urgency=low * Rewrote all the config code to only have the configuration for the line in use in memory. Saves about 500K of resident RAM for each running copy of Portslave. * Removed some cruft from ctlportslave, cut the binary from 30K to 13K. * Changed the maximum number of lines to 1024 (was 512). Could make it larger if necessary. * Made pppd display the correct started by user message when using terminal authentication. * Fixed the logging code properly. * Added ppp packet counting (seriously hacking pppd). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page --- -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Portslave (2001-07-05)
Portslave version 2001-07-05 is now on http://www.coker.com.au/portslave/ This version is working pretty well and will be uploaded to unstable in a few days. Please test it and let me know what you think. Here's the latest change log. portslave (2001-07-05) unstable; urgency=low * Added make dep support. * Added new code for de-referencing sym-links for device names. This will make locking work better regarding /dev/modem and /dev/ttyS* on devfs. Now we use absolute path names for all devices internally and strip the /dev/ from the start before writing to utmp. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
new portslave
In a few days time I will upload a new version of Portslave into unstable. It has the following new features: Man pages for all programs. New boolean type for the config files and better defaults for config files. Also added some extra checks for bad data in config files. Many (hopefully most or even all) memory leaks squashed. RADIUS logging that works properly, doesn't log entries for user (NULL), and that does log bytes sent and received for PPP (will log packets sent and received as soon as PPPD does the right thing). Made it work with version 2.4.1 of pppd. Made logging work properly on 2.2.x kernels. Fixed one condition where portslave wouldn't exit on error. Turned on all warnings in gcc and fixed everything that was reported. Made lock file generation work with devfs style names, used the same code as the regular pppd so that Portslave and pppd won't open the same port. This is a very significant update with lots of changes. Currently it's passing all my tests (and I will test it more before I release it). If you desperately need the new features or feel like doing some testing I will be puting new test versions on http://www.coker.com.au/portslave/ . If you are happy with the way it's currently working and don't want to risk something breaking then you may want to put portslave on hold. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
LILO
I have compiled LILO version 21.7.5 (new upstream) for potato. I have briefly tested it and put it online at http://www.coker.com.au/lilo/ . This version has no debconf! After I have tested it I will upload that version to unstable. It will also be without debconf support, I have no plans to re-add debconf to lilo. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
log files for thousands of domains
I have uploaded version 0.07 of my logtools package to unstable which includes the new clfdomainsplit program to split a web log file containing data from large numbers of domains into separate files. This program has a limit that it can only split log files for as many domains as it can open file handles. Last time I tested this on a pre-2.4.0 kernel that imposed a limit of about 80,000 files per process. On 2.0.x machines the limit was 1024 file handles per process (including stdin, stdout, and stderr). I am working on this issue. Also I have not tested this program much because I don't yet have a web server with a large number of domains (I'll setup the web server after I've written all the other support programs). It has passed some small tests with made-up data but has not been tested in the field yet. Have fun and let me know how it works for you! -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Splitting Apache logs
I am in the middle of writing a program to split CLF format log files (as produced by Apache and most other web servers) based on the domain name of the server. The idea is that log data for http://www.coker.com.au/ will go into the file coker.com.au and log data for http://www.workbenelux.nl/ will go into the file workbenelux.nl. Before someone suggests making Apache log to multiple files, this doesn't work if you one of the following situations: 1) More domains on the web server than Apache can have open file handles (IE more than 1020 domains for older kernels/libc/Apache or 60,000 to 80,000 domains for if you are running the latest software). 2) If you are dynamically adding domains in bulk, adding 100 domains a day would require 100 changes to config files and 100 restarts if you have a file per domain - this is not practical. I plan to add my domain-based log splitting program to my logtools package in the near future. I have attached the man page for what I plan to write. I would like to receive suggestions both on functionality and on any issues regarding the documentation (if you don't understand the man page then let me know). Please respond to this message directly to me. I am not subscribed to debian-user. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page clfdomainsplit.1 Description: clfdomainsplit.1
Re: (OT) Storage (8*IDE HDs) any experiences?
On Monday 30 April 2001 00:04, Hamish Moffatt wrote: On Sun, Apr 29, 2001 at 10:14:35AM +0200, Russell Coker wrote: In a regular setup the IDE controller and the drive get power from the same source. So if the signals on the cable have more current going one way than the other then the difference will be made up on the 0V line on the PSU. If you have separate PSU's then the difference will go through other lines of the data cable. I don't see why. Nor is this any different to any external drives. You have a hefty ground connection between the power supplies anyway (the mains, plus the metal case acting as ground). External drives generally don't use an ATA interface! I am not confidant of the main earth acting as a suitable earth for the DC power. On Monday 30 April 2001 01:01, Brian May wrote: Another thing to watch out for is timing differences. Eg. if you turn on one power supply before the other. Or if one power supply generates good power before the other. I would assume (hope!) the original poster plans to run both power supplies from the same central switch, in order to minimise problems here. Designers of the interface need to take into consideration if it is going to be used for external devices powered by external power or internal devices. A number of factors need to be taken into account ranging from internal delays in the power supply, logic levels, cable length vs cable quality vs speed of communication vs reliability of communication, ground loops, etc. There was a presentation at a Linux Users of Victoria meeting some years ago about doing hot-swap IDE hard drives with cheap standard hardware. My recollection is that the power lines of the hard drive had to be connected in a particular order... On Monday 30 April 2001 16:11, PiotR wrote: A good solution for this might be to connect the first PS's output to the other, so the voltage is the same, and there's no massive current flow across the data cables. That's if both PSU's have exactly the same voltage. If one provides a slightly higher voltage than the other then it will try to power everything itself (at least until the current drain lowers the output voltage). Also if two PSUs with different voltages are connected together with insufficient load then reverse current will flow through the PSU with the lower voltage! Go to http://www.raidzone.com/ if you want affordable IDE-based RAID solutions without all this bother. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: (OT) Storage (8*IDE HDs) any experiences?
On Sunday 29 April 2001 06:48, Brandon High wrote: On Sat, Apr 28, 2001 at 11:50:26PM +0200, Andreas Bombe wrote: The IBM SCSI disk I have here has a jumper to delay spin up depending on SCSI ID so that an array of those would spin up sequentially if they all had those jumper set (and different IDs, which they need anyway). Maybe there are IDE drives built with RAIDs in mind offering some similar option? I doubt it, but with a sufficiently large case (or small power supply) it may be possible to stick a 2nd (or 3rd) power supply in. Drives could be plugged into the second PS while the MB is powered off of the primary PS. That sounds like a really bad idea to me. In a regular setup the IDE controller and the drive get power from the same source. So if the signals on the cable have more current going one way than the other then the difference will be made up on the 0V line on the PSU. If you have separate PSU's then the difference will go through other lines of the data cable. This is something that is likely to be fatal to drives and motherboards. But if you try it please let me know how it works. ;) -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Storage (8*IDE HDs) any experiences?
On Saturday 28 April 2001 00:08, Jeremy Zawodny wrote: On Fri, Apr 27, 2001 at 12:48:52PM +0200, Russell Coker wrote: See http://www.coker.com.au/~russell/hardware/46g.png for some quick benchmark results showing the differences between a single IDE drive, two drives on separate channels, and two drives on the same channel. Hm. The server returns a MIME type of text/plain for that PNG file. You might want to get that looked at. Sorry about that. It should be working properly now. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: (OT) Storage (8*IDE HDs) any experiences?
On Friday 27 April 2001 19:05, Dimitri Maziuk wrote: I imagine the dangerous part would be when you turn the thing on and it tries to spin up all those disks. You could put them to sleep shortly after bootup and get the load down, but if PS doesn't blow on startup it probably won't blow under normal load either. I just checked one of my 46G ATA drives. 500ma @ 12V and 300ma @ 5V, that's 7.5W of power. A typical PSU will be 250W, even if the hard drives take double power at spin-up time there will still be plenty to spare... -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Storage (8*IDE HDs) any experiences?
On Friday 27 April 2001 06:33, Brandon High wrote: On Thu, Apr 26, 2001 at 09:42:16PM -0400, [EMAIL PROTECTED] wrote: IDE causes a bit of a performance hit, I don't think we're talking high speed file access here though... cheap is the objective. You'd be suprised at the performance hit. I had 2 drives/channel and suffered from really bad performance with the on-board Ultra66 controller. I installed a PCI controller (Promise Ultra 66) and put every drive on its own channel. Things are much happier now and about 3x faster. The best part is that the card only costs about $25. You might be better off getting a more reliable motherboard, such as an ASUS CUSL2 (for Intel) or ASUS A7V133 (For AMD) and putting PCI controllers in. See http://www.coker.com.au/~russell/hardware/46g.png for some quick benchmark results showing the differences between a single IDE drive, two drives on separate channels, and two drives on the same channel. Apart from one drive being exceedingly slow at the start (for reasons I have not yet determined) it seems that two drives on the same channel isn't much slower than two drives on separate channels. Having two drives on separate channels is slower than a single drive can run on it's own, I think that this is a limitation of CPU and bus performance (which will be the main factor when you have 8 drives in an array). -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Lilo problem after kernel reinstall: LIL-
On Thursday 26 April 2001 15:37, Andrew D Dixon wrote: Tiarnan O'Corrain wrote: Hey all... I recompiled my kernel 2.4.2, and did all of the System.map, vmlinuz copying, then ran LILO (which seemed quite happy). However, when I boot the computer, I get the following prompt, after which it freezes: LIL- I had a similar problem. Mine was due to a corrupt boot sector. I fixed it by running fdsk /mbr (or something like that I can't exactly recall) from a windoz startup disk. This will kill your boot sector and fix it. After that you need to reinstall lilo, edit lilo.conf, run lilo, and your golden. There should not be a need to reinstall lilo unless files in the lilo package (such as /boot/*.b) are corrupted. Editing lilo.conf should not be necessary if the only problem is a corrupted boot sector or file. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Lilo problem after kernel reinstall: LIL-
On Thursday 26 April 2001 12:14, Tiarnan O'Corrain wrote: I recompiled my kernel 2.4.2, and did all of the System.map, vmlinuz copying, then ran LILO (which seemed quite happy). However, when I boot the computer, I get the following prompt, after which it freezes: LIL- Any ideas about this? I have more than one kernel on the system, so it seems to me that the problem is with the boot block LILO writes. Any quick and dirty means of getting around this, or am I condemned to rescue disks? From /usr/share/doc/lilo/Manual.gz: LIL- The descriptor table is corrupt. This can either be caused by a geometry mismatch or by moving /boot/map without running the map installer. If you just ran lilo before rebooting then the only way that /boot/map could have been corrupted is if you were running 2.4.1 (a file-system eating kernel). Another issue is geometry. But without knowing a lot more about your machine I can't advise on that. Probably the easiest thing to do is to use another machine to compile a kernel with the driver for your hard drive and do the following: cat vmlinuz /dev/fd0 rdev /dev/fd0 /dev/hda1 Replace /dev/hda1 with whatever your root device is. Then boot the machine from that disk and it'll hopefully work to a stage that allows you to fix the problem! -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
lilo
I have compiled a copy of the latest LILO for Potato. It is available on http://www.coker.com.au/lilo/ . There is no Packages file as I don't plan to update this enough to make it necessary to use apt for it. This package is for people who use Potato but who have newer SCSI controllers, a ReiserFS root file system, or any other setup for which the Potato version of LILO doesn't work. I have no plans for submitting this version for a Potato update. Also this package has the latest debconf code. It won't create a lilo.conf file unless the current file doesn't exist or it has #AUTOREPLACE in a single line. This latest change to the debconf of LILO will be uploaded to unstable shortly. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
dump fdisk data to TXT file
Is there a program in Debian to dump the fdisk data to a file? I would like to do `fdisk-dump /dev/hda /etc/hda.fdisk` so that if the partition table gets corrupted I can do `fdisk-restore /dev/hda /etc/hda.fdisk` . Is there any software in Debian that allows such operations? -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
bonnie++ results
i was curious what would cause bonnie to report + in a field after running a test: mail:/blah# bonnie++ -d . Version 0.99e --Sequential Output-- --Sequential Input- --Random- -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks-- Machine MB K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP Unknown 200 13602 99 95826 46 67098 79 13596 99 + 99 189.3 1 --Sequential Create-- Random Create -Create-- --Stat--- -Delete-- -Create-- --Stat--- -Delete-- files /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP 30 252 99 747 99 10259 100 254 99 948 99 885 92 Unknown,200,13602,99,95826,46,67098,79,13596,99,+,99,189.3,1,30,252,99,747,99,10259,100,254,99,948,99,885,92 mail:/blah# and what does all that other stuff at the bottom mean ? is this drive setup too fast for it to measure properly? its a dual p3-866 512MB ram and dual 10k rpm ultra160 scsi drives in raid0. I do not get the in any fields on another system which is dual p3-800 256MB ram with dual 10k rpm ultra160 drives in raid1(it tells me 195953 in that field). hope this is fast for a medium mail server :)) From man 1 bonnie++ For every test two numbers are reported, the amount of work done (higher numbers are better) and the percentage of CPU time taken to perform the work (lower numbers are better). If a test completes in less than 1 second then the output will be displayed as . This is because such a test result can't be calculated accurately due to rounding errors and I would rather display no result than a wrong result. Also I think that a problem is that you probably have more than 200M of RAM and thus most of the test is testing cache not hard drive. Use version 1.01 of Bonnie++ (which is in woody) and it'll automatically choose a suitable test size for you, or you can do bonnie++ -r XXX where XXX is 2*RAM (measured in megabytes). As for the last line, again from the man page: OUTPUT The primary output is plain-text in 80 columns which is designed to fit well when pasted into email and which will work well with Braille displays. The second type of output is CSV (Comma Seperated Values). This can easily be imported into any spread-sheet or database program. Also I have included the programs bon_csv2html and bon_csv2txt to convert CSV data to HTML If the man page is unclear then please tell me in which way you find it difficult to understand and I'll put a better man page in the next version. Also in future please CC messages regarding Bonnie++ or Postal to me and I'll reply faster. I'm not on debian-user and I was forwarded the message by a friend who noticed that I didn't reply. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Booting from SCSI when there is IDE
More than 3 years ago someone filed a bug report that LILO doesn't support booting from SCSI drives when there is an IDE drive in the system. I am not able to test this as I don't own any SCSI devices, and the person who originally reported the bug hasn't responded to the last email about the issue. Does anyone here have SCSI and IDE drives? If so can you make it boot from SCSI? -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Booting from SCSI when there is IDE
On Tuesday 13 March 2001 11:51, Norman Schmidt wrote: Hi Russell! I have three VIA KT-based Duron servers. One of them has an Adaptec 29160 card wirh an external IDE-to-SCSI (that means the three 40 GB drives are IDE, but it behaves as if it were a 80 GB (Raid 5) SCSI harddisk) RAID attached to it and two internal IDE drives (each 20 GB). When we first installed Debian (2.2r0), we did this into a /boot and a / partition on the SCSI drive, while the two internal drives were attached (each as master on ide 0 and 1). First, it wouldn´t boot, but the lilo.conf manualpage and an old SUSE handbook told us, that we had to remap the drives. Here is what we entered into lilo.conf: disk = /dev/sda bios = 0x80 disk = /dev/hda bios = 0x81 disk = /dev/hdc bios = 0x82 Same as before then. What version(s) of LILO have you tried and had this result with? -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
LILO for LVM
Is anyone interested in running LILO on LVM file systems? There is a patch on the LVM mailing list which requires kernel 2.4.2 with the latest LVM patches. I'm interested in preparing an LVM package (which will probably be too experimental for unstable even) for interested people to test. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
TCP failover in software
I am setting up some machines with libnss-ldap to replace /etc/passwd with LDAP access for centralised account administration. I am concerned at what will happen if the LDAP server goes down or experiences a network failure. I have a secondary LDAP configured but I need a way to use it if the primary fails. It seems that libnss-ldap does not support this (I have reported a wishlist bug already). Is there any software in Debian which can do this for me? I imagine that it wouldn't be THAT difficult to write a program to listen on a port and then when a connection comes in it could make a connection to one of two other addresses based on which machine is running reliably. If there is no such software then I'll have to write a program myself. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Drawing diagrams of servers
I want to draw some diagrams of a network showing things such as user uploads files to an FTP server, FTP server uses rsync to push data to web server, users download data from web server. I want to do this will little boxes representing each machine etc. Years ago I used visio to do this on Windows. I tried Kivio (KDE visio-like program) but it doesn't allow me to specify types of lines between objects (I want arrows to show direction the data flows), it doesn't seem to allow labels on lines, and is generally klunky. Is there a good program in Debian that allows this? Please CC me direct when you reply, I'm not on the list. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Drawing diagrams of servers
On Monday 26 February 2001 13:15, Bram Dumolin wrote: I want to draw some diagrams of a network showing things such as user uploads files to an FTP server, FTP server uses rsync to push data to web server, users download data from web server. I want to do this will little boxes representing each machine etc. Years ago I used visio to do this on Windows. I tried Kivio (KDE visio-like program) but it doesn't allow me to specify types of lines between objects (I want arrows to show direction the data flows), it doesn't seem to allow labels on lines, and is generally klunky. Is there a good program in Debian that allows this? Please CC me direct when you reply, I'm not on the list. I'm not sure if this is what you want but try dia :) Thanks, I'm using DIA and it's pretty good. It misses a few things such as the ability to put text in the center of a box and have the text get moved whenever the box gets moved. But generally it does what is required and hasn't crashed on me yet. I highly recommend that everyone who does basic web publishing of technical content install dia! A finished version of kivio would be a much better program, but unfortunately kivio SEGV's, it only saves as it's own format or PS (and broken PS at that), and doesn't do arrows properly. Thanks to Bram Dumolin for the reference to tkined (scotty). I haven't checked it out as dia is a program dedicated to my task which seems to work well. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: Drawing diagrams of servers
On Monday 26 February 2001 14:44, Bram Dumolin wrote: Russell Coker([EMAIL PROTECTED])@Mon, Feb 26, 2001 at 02:26:01PM +0100: Thanks to Bram Dumolin for the reference to tkined (scotty). I haven't checked it out as dia is a program dedicated to my task which seems to work well. actually I didn't mention it but someone whose email didn't come through : Danie Roux [EMAIL PROTECTED] You are correct, thanks Danie! I've been a bit rushed today and I copied the wrong thing in my email program... -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
