Re: Nahhh, we don't need to secure the *internal* network....
I think that we could probably come up with thousands of different ways to compromise the security of an internal network. What about actually securing it? One of the easiest things that I have seen done was impliment an IPSec-based LAN. The setup was simple. From the outside in: router - firewall - FreeS/WAN gateway - encrypted traffic to LAN. Each machine on the LAN had it's own keypair that was registered with the gateway, so when a desktop was fired up, it would authenticate itself to the gateway, and it was then free to communicate with anyone. Anyone that was able to sniff the traffic just got encrypted streams. If you could get a system onto the network, it would be useless unless the gateway was compromised to accept a bogus key. C-Ya, Kenny On Thu, 2002-08-01 at 22:32, Tom Buskey wrote: I'd think an old 386 would be alot less noticable and more disposable. Heck, how about a floppy based system? Go up to an existing machine already running on a friday afternoon and boot. If it's a floppy, have it erase itself after it boots. It'd probably run undetected until monday morning. Kenneth E. Lussier said: So, basically, be suspicious if anyone brings in a gaming console and sets it up in the breakroom. My favorite quote form this was: Most organizations focus on the perimeter, said Davis. Once you get through the outside, there's a soft chewy center. Not a bad read. A little light on the details, and you can't really dance to it, so I'd give it a 7.3 ;-) C-Ya, Kenny On Thu, 2002-08-01 at 13:20, [EMAIL PROTECTED] wrote: We're behind a firewall. We're safe! http://online.securityfocus.com/news/558 Think again! (not that we haven't said *that* before either ;) -- Seeya, Paul * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- --- Tom Buskey * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Nahhh, we don't need to secure the *internal* network....
On Fri, 2002-08-02 at 12:11, Ken Ambrose wrote: 1) Unless I'm mistaken (something I'll readily concede if it's the case -- my time with Token Ring Hell^H^H^H^H^H^H^H^H^H United Parcel Service was many moons ago), you could just splice the TR cable, plug it into a MAU, and go from there. You wouldn't even drop packets if your ring was an actual ring, though you might notice a couple beacons. Having also served my time in UPS hell, and having delt with their warped view of how to run a network, I can honestly say that they are an exception. They purposely did away with some of the security features built into TR for various reasons. 2) All of this is well and good, but IMHO, encrypting the workplace would -not- solve even a portion of the big problem. People who have access would still have access, and could just as easily e-mail files to the outside. Combine that with social engineering, and the damn keyboard capture devices I've seen that plug right into the PS/2 port (Hell: PC Magazine even wrote two up last issue), and it's *DAMN* hard to prevent someone who's determined from getting to stuff, and a whole lot easier than it would be to sniff an unencrypted packet-switched network. Don't mis-understand my point: encryption -is- good. But hiring trustworthy employees, expiring passwords, and enforcing good file-permission security (so people don't have access to things they don't need access to) are probably more relevant. I never meant to imply that this would solve all security problems. It's not even close. My point was that there are ways of securing a network against the type of attack that was described in the article where someone plants a box on your network. If someone has access to a system that is *SUPPOSED* to be on the network, then your network is theirs. I whole-heartedly agree that password aging, file-permissions, etc. are extremely important. As I, and many others, have said many times before, security comes in layers upon layers. There is no silver bullet that will solve all security problems. As I have said many times, also, there is no such thing as secure, only varying degrees of risk. It is all about what you are willing to do to protect data, what the data you are protecting is worth, and to what lengths someone will go to to get that data. My example was only one small part of an over all plan, not by any means, a solution for all security problems. That, and throwing away Outlook. ;-) Well, that goes without saying, now doesn't it ;-) C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Nahhh, we don't need to secure the *internal* network....
On Fri, 2002-08-02 at 12:13, [EMAIL PROTECTED] wrote: In theory, this is a great idea. However, keep in mind that: Security = 1/productivity In many corporate situations, especially engineering environments, the implementation of a VPN would get in the way of development. There are some good performance studies for FreeS/WAN and other implimentations at http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/performance.html I'm not saying that there is *no* overhead, just that in a LAN environment it is not a major factor. But again, it all comes down to: What is the company willing to do to protect their data. For instance, my current environment is co-located between the US and Belgium. The folks in Belgium require direct access to our lab here, and vice-versa. Additionally, both groups require direct access to central corporate servers. A lot of what's going on requires high performance connectivity with as little latency introduced as possible. Placing a VPN client on some of these systems would automatically get in the way of a lot of the testing that is done. You don't need to put a VPN client on the systems in a case like this. You put a gateway at each end, and authenticate/encrypt/route on the gateway. The users at either end most likely wouldn't even notice. As a result, there aren't even virus scanners on a lot of the systems in the labs. And, since the labs need direct access to corporate servers, the labs often become breeding grounds for virii. You can get network virus scanners for routers now I don't pretend to know anything about their usefulness, though. A proposal was made to VPN off all the labs, which would prevent a virus from escaping since the virus couldn't authenticate with the VPN, however, it was determined that there are no VPN servers at this time which will not slow down a GigE connection, which is required for a lot of the stuff going on here. (of course, since we only have a 2MB connection to Belgium, I don't see why the GigE thingy is a requirement for *our* situation :) If you require GigE, but only have a 2MB connection, then security isn't the problem... *MATH* is!! ;-) Also, as Ben pointed out, just because all the traffic between hosts is now encrypted, that doesn't prevent someone from using a box to internally probe your network looking for ways out. Once you're in, you're in, and if you can use that internal system to create a conduit you can get into from the outside, all bets are off! In the scenario that I proposed, the traffic between hosts isn't just encrypted, it is also authenticated through a central gateway. If you put a box on the network, it will hit that gateway and stop, since there is no way out without authenticating. C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
dd on Windows
Hi All, I have a question that, personally, I find somewhat amusing... I have a user that needs a bigger hard drive in his laptop. Naturally, he is running Win2K (damn sales people...). But, he needs everything moved from one drive to the other. I was thinking about taking the hard drives, plugging them into IDE adapters, connecting them to a regular PC, booting off of a Linux floppy, and dd-ing on drive onto the other. Has anyone had any luck doing this with 1) Windows and 2) drives with differeing geometries (which I don't think dd cares about)? TIA, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Article
As I was parusing Kero5hin, I came accross a great article. It is a public apology to the Linux world for getting RMS on the GNU/Linux kick. Funny read http://www.kuro5hin.org/?op=displaystory;sid=2002/8/1/04512/12614 C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Nahhh, we don't need to secure the *internal* network....
So, basically, be suspicious if anyone brings in a gaming console and sets it up in the breakroom. My favorite quote form this was: Most organizations focus on the perimeter, said Davis. Once you get through the outside, there's a soft chewy center. Not a bad read. A little light on the details, and you can't really dance to it, so I'd give it a 7.3 ;-) C-Ya, Kenny On Thu, 2002-08-01 at 13:20, [EMAIL PROTECTED] wrote: We're behind a firewall. We're safe! http://online.securityfocus.com/news/558 Think again! (not that we haven't said *that* before either ;) -- Seeya, Paul * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: clustering
I can say with all certainty that I know absolutly nothing about clustering. Never want to, either. It makes my head hurt However, this sounds like a simple networking setup. The head node would have to act as a gateway/router. First, turn on IP forwarding (echo 1 /proc/sys/net/ipv4/ip_forward). Then set up NAT using ipfilter/ipchains, unless the 155 network knows about the 192 network and knows how to route back to it. Also, all of the systems on the 192 net will have to use the head node as their gateway. C-Ya, Kenny On Fri, 2002-07-26 at 16:08, Robert Casey wrote: I have the following situation and wondered if anyone has any experience with this and can point me in the right direction. I'm trying to set up a Beowulf cluster and all machines are running either Red Hat 7.1 or 7.2. There are 5 computers including the head node plus one system which is the NIS server for the head node. The head node is a NIS client and also the NIS slave server. The head node also exports the home directory for the NIS network. The head node has two network cards, one for the main network 155.?.?.? and the other is 192.168.1.?. This is way over my head and I'll have to do a lot of reading but is there a way the slave nodes, which are on the 192 network, can see the 155 network so I don't have to create all the users on each slave node to match user id and group id. I hope I'm explaining this correctly but I'm sure you'll let me know if not. Thanks, Bob Casey * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: automated installation
On Thu, 2002-07-25 at 13:54, [EMAIL PROTECTED] wrote: I believe the latest Debian release *is* 7 or 8 CDs at this point! The latest Debian release, Potato r3.0, is 8 CD's. I was going to make ISO's using Jigdo over the weekend until I relaized this. I didn't have enough drive space to assemble all 8 ISO's, so I'm doing them one a day. Personally, I beginning to think it's far easier to just install a base OS (similar to what you get with commercial UNIXes), then do something like apt-get or rpm-up2date to install new, non-OS stuff. This is what I have been doing for quite some time. I have one Debian CD that I use to do a bare minimum install. Then I have an options file on a floppy that I created using `dpkg --get-selections`. When the selections are loaded on the new system (using dpkg --put-selections), I do an apt-get and go home for the night ;-) I haven't used RH since 6.2, so I don't know if there is a way to do the same automation with rpm. Is rpm-get functional yet? C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: automated installation
On Wed, 2002-07-24 at 11:06, Michael O'Donnell wrote: You're such losers - anybody can see that the vi-versus-emacs flamewar is by FAR superior to the Linux-distro one... I'm not a big fan of the 5 editor. And eMacs, well, isn't that Apple's version of a networked toilet-seat looking laptop?? ;-) C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: automated installation
You might want to check out the System Installer Suite at http://sisuite.org/ . VA also had something like this a while back, but I can't remember the name. It allowed you to have a Gold system, which was the one you wanted everything else to look like. Then you had the master server that monitored the gold server and informed clients of any changes. Does anyone remember what that one was called? C-Ya, Kenny On Tue, 2002-07-23 at 14:08, Michael O'Donnell wrote: I'm looking for an automated software installation mechanism - I want to be able to deliver software to my customers in such a way that they can install it on multiple machines as painlessly as possible. For example, one scheme I've heard of (but have been unable to find at scyld.com or anywhere else) was reportedly developed by the Scyld Beowolf folks and it sounded very interesting - you could supposedly insert a Scyld CD into each one of a bunch of machines on your net, boot each machine from its CD, designate one machine as Master, and they'd all then cooperatively initialize themselves, install the software onto their local disks and start cranking as a Beowolf cluster. Although I'm not working with Beowolf I am involved with clustered systems so such a scheme sounds like it might be of interest - can anybody supply any details, or recommend any other approach to automated, net-based, multi-system installation? * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: firewall eth0 weirdness
I have actually seen this before. Back when I had a cable modem, this would happen to me occasionally. The best explanation that I can give is that the DHCP server gave your IP address to someone else on your segment for reasons that I cannot fathom, nor could attbi suitably explain. Two systems end up with the same IP address, and everything goes wonky. Of course, it could be something completely different. C-Ya, Kenny On Thu, 2002-07-11 at 21:07, Michael O'Donnell wrote: Here's a sequence of events (or observations) for which I'd love to hear an explanation, or even a plausible guess: My firewall box was just running like it always does. From a machine behind it, I started four or five SSH sessions to a remote system (my employer) and was busy using those masqueraded connections when everything just froze. After saying many bad words and flailing about on that internal machine for a while, I eventually walked over to the console of my firewall box (which is a DHCP client of the ATT cable modem network's DHCP server) and said ifconfig and saw the following - note how for eth0 it fails to mention any IP addr, Bcast addr, etc... eth0 Link encap:Ethernet HWaddr 00:60:08:42:50:73 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1480187 errors:973 dropped:0 overruns:0 frame:973 TX packets:239467 errors:0 dropped:0 overruns:0 carrier:0 collisions:2290 txqueuelen:100 RX bytes:220287284 (210.0 MiB) TX bytes:35966230 (34.3 MiB) Interrupt:10 Base address:0x300 eth1 Link encap:Ethernet HWaddr 00:C0:DF:62:26:38 inet addr:192.168.0.1 Bcast:192.168.1.255 Mask:255.255.254.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 . . . . ...at which point I said WTF?!?!' and issued the following commands: ifdown -a ifup -a ...which had the desirable but mystifying effect of (apparently) fixing everything; ifconfig subsequently reported: eth0 Link encap:Ethernet HWaddr 00:60:08:42:50:73 inet addr:24.128.xxx.yyy Bcast:255.255.255.255 Mask:255.255.252.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1480410 errors:973 dropped:0 overruns:0 frame:973 TX packets:239476 errors:0 dropped:0 overruns:0 carrier:0 collisions:2290 txqueuelen:100 RX bytes:220307258 (210.1 MiB) TX bytes:35968421 (34.3 MiB) Interrupt:10 Base address:0x300 eth1 Link encap:Ethernet HWaddr 00:C0:DF:62:26:38 inet addr:192.168.0.1 Bcast:192.168.1.255 Mask:255.255.254.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 . . . . I figured that maybe I just lost my DHCP lease or something, but the outage lasted almost 15 minutes before I (apparently) fixed it by issuing those ifdown/ifup commands, so I wonder about the DHCP theory... --M * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- The ebb and flow of the Atlantic tides. The drift of the continents. The very position of the sun along it's ecliptic. These are just a few of the things I control in my world. * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Abusing CC:
Hmmm The header-munging Vs. Non-header-munging debate. Is it Thursday already? ;-) On Thu, 2002-07-11 at 21:10, Thomas M. Albright wrote: You know, with all the stuff you guys are talking about, this remains the only list I'm on where I have to reply-to-all if I want my reply to go to the list. Every other list sets the replies to go to the list unless you specify otherwise. Why is that? Why do I need to reconfigure my client to be able to reply to the list? -- TARogue (Linux user number 234357) Young men want to be faithful and are not; old men want to be faithless and cannot. -- Oscar Wilde * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- The ebb and flow of the Atlantic tides. The drift of the continents. The very position of the sun along it's ecliptic. These are just a few of the things I control in my world. * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Security Auditig companies?
Hi, I would highly recommend @STAKE in Boston. They have a great reputation, and they employ some of the best security people in the world (Dr. Mudge, among others). When they break into your systems, they will give you a full report of how they did it, and how to fix it. They will also do code review, process review, etc. FYI, Kenny On Tue, 2002-07-09 at 10:00, [EMAIL PROTECTED] wrote: Hi all, Does anyone have any experience working with companies who do penetration testing, code review, and general security audits for products? At my current place of employment we have a product which we would like to have reviewed and tested by an outside party. However, the only company mentioned was ISS, who, if you remember were the folks responsible for the Apache fiasco a month or so back. If anyone has any recommendations, please let me know. Thanks -- Seeya, Paul It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Security Auditig companies?
On Tue, 2002-07-09 at 10:26, [EMAIL PROTECTED] wrote: Counterpane definitely used to - I personally used them once. They seem to not do this anymore, since their website makes no mention of it. They seem more narrowly focused on Managed Security Monitoring services now. It doesn't surprise me that people have either stopped doing it or gone under. GTE used to do security auditing as well, and they abandoned it, too. It's a dangerous area, and a lot of companies and individuals have been sued for doing exactly what they were hired to do. It's even harder now, since even if you have a contract that allows you to break state and/or ferderal law, you can still be prosecuted. The loophole is that no one can agree to an illegal contract. So, even though you have permission to break the law, the permission isn't really their's to give. If they don't like your findings, or you prices, they just sue. C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
On Mon, 2002-07-08 at 00:37, [EMAIL PROTECTED] wrote: On 7 Jul 2002, at 9:26pm, Kenneth E. Lussier wrote: The people saying that they should be able to run whatever they want *ARE* the IT department. It seemed obvious to me that that is not the case. If they were the IT department, the IT department would not be telling them to do something they did not want to do. I must have misunderstood the begining of this, then. I understood this to be that managers, not IT, was the one saying that they had to use Windows. So, it would stand to reason that there are slightly different rules for the IT department then there are for ordinary users. That statement can be interpreted two different ways. On one hand, it could mean that the IT staff of course has all the root passwords and such, and is entrusted to perform privileged operations, and thus of course has to have different rules. It also means that since IT is responsible for supporting *NIX, Windows, VMS, whatever, so they need the most effective and efficient system in order to support all of those things. So what they run on their desktop will be different than the common user. But it could also mean that the IT staff has different rules because we're IT and we can do what we want to. If you consider that acceptable, well, that's your right, but you'll never work in a shop I control. Well, you have the right position, but the wrong attitude emphasized. It's not that IT can do whatever they want, but rather, if they are the ones who are responsible for determining standards, etc., then they need to be to be doing these sorts of things first. That way, when a user comes along and wants to do something other than the norm, the IT department can either allow or deny based on fact, reasoning, and knowledge rather than supposition. I think that the difference is *who* the user is. If a sales or marketing person wants to do their own thing, you know that only bad things will happen. I realize you're saying that with tongue-in-cheek, but it is none-the-less an attitude I see quite a bit. Far too often, I encounter IT staffers who think they are the members of some special elite, and that rules do not apply to them. I consider that to be the worst kind of corruption -- like a crooked cop. IT staff, if anything, should live up to a higher standard. IT should be held to the same standards that they set for others in most cases. As I said before, the rules are slightly different because they are the IT department. IT people should have root on the systems that they support. Marketing doesn't need root. Things like that. That doesn't mean that they can abuse their authority. However, since they are the IT department, and they are responsible for the network, and every system on it, then there are a lot of rules that don't apply to them. For example, if one of my users decided to scan my network, I would remove them from the network. I, however, scan my network on a regular basis. It's part of my job. That's what it comes down to. If you do your job, then there really isn't any time left over to do much else. Who watches the watchers? It's a nice saying, but it is quite impossible to always have someone watching the watchers. It comes down to Do you trust the people that you have hired to do their jobs? C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: master-slave DHCP?
On Tue, 2002-07-02 at 16:59, [EMAIL PROTECTED] wrote: On Tue, 2 Jul 2002, at 4:33pm, Michael O'Donnell wrote: Does anybody know if it's possible to have a DHCP config that positions a local representative (server) on each of several isolated LAN segments ... I do not know of any way to do it, other than on the router(s) themselves. That does not, of course, mean it cannot be done. :-) Well, it's sloppy and probably won't get buy-in from most management-types, and I have no idea if this is what you want, but you could always use an old PC (running Linux, of course ;-), put a bunch of network cards in it, and plug each card into a different network. Then set up a DHCP server on that one system. That PC can also act as a router if you want. C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Masqueraded SSH connection timeouts?
On Sat, 2002-06-29 at 16:27, Michael O'Donnell wrote: I haven't gathered all the evidence in this matter as carefully as I might, but here's a problem I think I'm seeing: once I've established SSH sessions from machines behind my firewall to certain remote machines, they die (pretty much to the second) after two hours if I just leave them idle. If I establish identical client sessions on (instead of through) my firewall machine those idle sessions seem to stay up indefinitely. This would probably be caused by the masq timeout set in your firewall script. You should have a line like: ipchains -M -S 7200 0 0 which translates to: ipchains --masquerade --set-session-timeout-in-seconds tcp tcpfin udp So, if a session is idle, it will time out after two hours. If the session is active, it will time out two hours after it becomes idle. FYI, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Linux Hardware Companies
Hi All, I used to purchase most of my servers from Penguin Computing. However, about 6 or 7 months ago, there were reports of Penguin having trouble financially, and internal problems with upper management. Since then, I have been buying servers from a large corporate entity whom shall remain nameless. However, Penguins prices are still about $1000 below said corporate entity, and they seem to still exist. Does anyone know how they are doing, or know of any other Linux-friendly companies that are stable and less expensive than the Big Two (HP and IBM)? It would also be nice if they did dual Athlon servers. TIA, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Anyone using Mahogany?
I tried using it on a Windows system several months ago, but there were a lot of things that it needed to make it work (python, etc.). So, eventually I gave up and just used Mozilla. C-Ya, Kenny On Tue, 2002-06-18 at 09:05, [EMAIL PROTECTED] wrote: Just curious what you think, and if it's any good as a news reader? I'm looking for a decent Windows-based news reader to recommend to people who are otherwise resigned to using Outlook :( Thanks! -- Seeya, Paul It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: apache inconsistancies
On Fri, 2002-06-07 at 15:19, Derek Doucette wrote: Does anyone have any ideas what the problem could be? the page is http://derek.homeunix.org:7015 if anyone wants to try to access it. Thanks in advance I just loaded the page without any problems. Actually, it loaded pretty fast considering that my ISP's upstream provider is having fiber issues right now. It looks fine to me. Actually, there was one minor problem. At the bottom of the page, there is an image that says that it is powered by OpenBSD ;-) C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Message Boards
I've looked at a few of the different things that people suggested, and so far, phpBB is certainly the best. It has all of the features that I was looking for, plus a bunch of add-ons. As for the cross-site issues, I'm really not worried about it. For the most part, this is an internal service, so it's only my users that I have to worry about. But, that's a whole different story ;-) C-Ya, Kenny On Mon, 2002-06-03 at 19:04, t wrote: phpbb (http://www.phpbb.org seems to be the site) sounds like it does everything you need. i noticed someone mentioned ubb (ultimate bulletin board or something similar to that). my friend used to run ubb off of a p166/64 megs of ram freebsd system, and found the thing got totally wrecked when about 8 or more users were on it. it wasnt really the bandwidth that posed the issue, the software was just horribly ineffecient. anyway, he switched it to phpBB and his problems instantly went away. one downfall, is ive seen a few CSS (not cascading style sheets; cross site scripting) problems with phpBB on bugtraq. there arent any known current problems, i dont think, but i wouldnt say its the most secure code in the world.. that being said, i also feel CSS is a bit overrated ;). somehow the possibility of having your cookies from yourdomain.com sent to craxx0rsite.com just doesn't strike the panic button within me.. anyway, concerning ubb, id hope such issues were fixed by now (this was almost a year ago), but id suggest giving ubb (if you choose it) a bit of a test load before putting it into production.. hope this helps! -tom -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: High-speed connectivity in NH (was http://www.whizwireless.com/)
On Tue, 2002-06-04 at 15:56, Ken Ambrose wrote: Hi, all. Time to revisit a fairly common topic on here. A friend of mine is moving back to NH (Dublin, to be precise) after a six-year absence. Six years ago, dialup was Where It's At. This is less true, now... especially as she hopes to telecommute to Motorola in Austin. Alas, I've been unable to find any reasonably-priced high-speed solutions for Dublin. VITTS had offered service out there, but nobody is, now, that I can tell. So, suggestions? Satellite? DSL providers with which I'm unacquainted? Cheap fractional T-1? Satellite is pretty much out of the question if she is planning on telecommuting via SSH, IPSEC, or (yeeesh) PPTP. The latency just won't allow it. Also, I have found that a few satellite providers are using NAT and PAT at the central dish, so most VPN technologies won't work. You might want to look into frame relay from the telco, and have her get her employerr to pay for it ;-) -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Message Boards
Hi All, Does anyone out there have any experience with building/running message boards? I was asked to find something that was Like the Message Boards on AOL. This, of course, is difficult for me, since I don't use AOL. However, the basic things that I think I need are 1) Multiple views (threaded, topic/tree, etc.) 2) Ability to see new posts only 3) HTML support (so poeple can post in different colors (people are wierd)) and 3) registration support. The closest thing that I have found is Zorum (http://www.zorum.com/portal/forumfeatures.html). Is there anything in particular that other people are using? Oh, and of course, it has to run from a Linux server running Apache. TIA, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
SSH woes
Hi all, I seem to be suddenly having difficulty with SSH. sshd will not accept public key authentication. Actually, yes, it accepts public key authentication, but it still requires the local password. This used to work fine until I upgraded a few weeks ago to SSH2 (via apt-get). When I use ssh -v -i id_rsa -l kenny my.host.here, I get a whole loyt of stuff, but at the end, I get the output below. Does anyone know what happened?? TIA, Kenny debug1: authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: try pubkey: id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: authentications that can continue: publickey,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: next auth method to try is password [EMAIL PROTECTED]'s password: -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: HP ships Debian pre-installed on their Blade servers
On Thu, 2002-05-23 at 10:37, [EMAIL PROTECTED] wrote: Saw this pointed to on Debian Planet: http://www.software.hp.com/blade-servers/debian_img.htm Though others might care. Could be wrong ;) It's about time, too. Even Linux Companies like Penguin, Angstrom Micro, and formerly VA, didn't ship Debian. It was all Red Hat. -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Load Balancing
Hi All, I'm looking for information on load balancing (as the subject line may have suggested ;-). Specifically, I'm looking for something that acts in a similar manor to Cisco's Local Director, or ArrowPoint. I want to have a single box sitting in front of a bunch of web servers that distributes the load as evenly as possible, and can detect when one of the systems is down. Now for the catch: not all of the servers are the same OS. There could be some Linux, some Solaris, and some (insert large amounts of screaming here) Windows. I think that LVS might be what I'm looking for, but I haven't finished reading the linuxvirtualserver.org website, so I'm not really sure. Does anyone have any suggestions (besides beating the hell out of the person that wants to run an IIS webserver)? TIA, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Load Balancing
On Wed, 2002-05-22 at 14:41, [EMAIL PROTECTED] wrote: Does anyone have any suggestions (besides beating the hell out of the person that wants to run an IIS webserver)? And explain to us again why this isn't a good idea anyway? I didn't say it wasn't a god idea. As a matter of fact, it is a great idea, and it' already on my ToDo list. I just didn't want everyone suggesting the same thing ;-) C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Request: Video editing recommendations
On Tue, 2002-05-14 at 22:14, Scott C. Mellott wrote: I've used Broadcast 2000 but it has recently been removed from public access. Actually, it was removed from the creators website about a year ago. It is, however, still available here: http://www.tux.org/pub/packages/orphaned/broadcast2000/ C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
EXT2 to EXT3
Hi All, I've been considering moving my servers to ext3 for a while now, and I think that I am ready to take the plunge. I've read a couple of the ext3 howto's, and it looks to be a simple procedure that won't damage any of the existing data on the drives. However, anything that looks this easy usually ends up being a nightmare for me. So, any words of wisdom before I try converting production servers? TIA, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: I've been 0wned!
On Sun, 2002-05-05 at 00:35, Rich Cloutier wrote: I don't know what you were running, but PHPNuke just plugged a large security hole because of this. Oh, and BTW, even apache doesn't have permission to write to most of my site :) This is a good point. I run my webserver as www-data, but almost all of my files are owned by root/me/my wife, and chmod 744 (a lot of my stuff is actually 444). That way, the webserver can serve them, but can't modify them in any way. The only exceptions to this are a few files that www-data has to write to, like a counter data file and things like that. I can't think of any good reason that apache would need to modify any files. C-Ya, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: home construction/remodeling packages
On Sat, 2002-05-04 at 15:53, Michael O'Donnell wrote: Are there Linux software packages available to help with home construction/remodeling? Having never used such software I'm not even completely sure what I'm asking for, but I'd think such a package would at least (and I'm talking about something more than xfig) help you lay out a floorplan. Fancier ones might provide some CAD assistance, Well, since you aren't sure what you're asking, I'm not really sure what to tell you. If you're looking for CAD software, there are several commercial products, the best of which is LinuxCAD. There is also VariCAD. If you are looking for something in the area of free, then there are several of those, too. Check out Freshmeat: http://freshmeat.net/search/?q=CADsection=projects . perhaps even allowing you to model the entire structure right down to the studs and wiring and maybe even generating a materials list for the project. A *really* cool package might even let you model the entire structure in 3D and allow you to move individual components on a what-if basis, etc, etc, etc... I'm not sure that there are any home designer products for Linux that have libraries of furniture, windows, doors, etc. However, you should be able to create 3D images using a wire frame design tools, and then place them inside of another design representing a house. C-Ya, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Tape Backups
Hi All, I am in the market for a tape auto changer because I have to re-vamp my companies backup process. I'm having a little trouble deciding on what to go wit, though. It will most likely be an HP drive, but I don't know what type to get: DDS4 vs DLT. The DDS4 changer can hold 6 tapes, with 1 drive, and is a *LOT* less expensive. The drawback is that the tapes are 20/40GB tapes, and I really don't know what our backup needs are going to be a year from now. Also, if I use Amanda, I can us the 20GB uncompressed (or does Amanda use compression?). Anyway, I was wondering what other people were using for backup drives, and looking for any bit of advice I can get. I hate backups C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Tape Backups
On Thu, 2002-05-02 at 10:23, [EMAIL PROTECTED] wrote: Btw, I forgot to mention, if you *really* want to save money and time, it is most efficient to use /dev/null for your back up device. Even though it's a device technology dating back over 30 years at this point, it somehow still holds infinitely more data than even the largest and most expensive tape silo you can purchase for many millions of dollars! But that's where I store all of the e-mails that I get from our finance department. Wouldn't that automatically corrupt the backups? ;-) C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
RE: Apache configuration question
On Mon, 2002-04-29 at 09:49, Tilly, Lawrence wrote: Thanks to Kurth Ben for the info so far. I'm passing that on to my chum working the Apache issue. We are running on Unix (Sun for this particular box) and I believe we are considering v2, but we're stuck w/ 1.3.23 for now. Any more info is appreciated greatly. There is some info on threading (HAVE_PTHREAD_SERIALIZED_ACCEPT) in the performance tuning notes at http://httpd.apache.org/docs/misc/perf-tuning.html. If you do a search on Apache.org's documentation site, you might find more on it. FYI, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Apache configuration question
On Mon, 2002-04-29 at 10:12, Rodent of Unusual Size wrote: This apparently can be changed at compile time Incorrect. Apache 1.3 is always and immutably single-threaded, except on Windows. It's not that it can be configured at compile time, per se. However, there are hacks to the http_main.c that can be done to make it threaded, and there are some third party patches that will do it for you. I'm not an expert on the subject (like Ken is ;-), but according to the performance tuning docs, it can be done. However, I'm also seeing that multi-threaded has worse performance than single-threaded. C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: By the time you read this it may no longer apply
On Fri, 2002-04-26 at 15:56, Michael O'Donnell wrote: I've not used this, but one of my coworkers recommends a package called Gnu MBR which masquerades as (looks just like) the regular MBR but allows those who know about it to select alternate boot partitions. http://packages.debian.org/testing/base/mbr.html I believe that in Windows, you can do something to the effect of 'sys /mbr' to repair the mbr to it's Original (read: M$ approved) state. But, I like mod's idea better ;-) -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Books
On Thu, 2002-04-25 at 09:29, [EMAIL PROTECTED] wrote: What are his other books like? Any recommendations on good books to get? (I haven't bought any good books lately, and am itching to go to SoftPro since I now work less than 5 minutes away :) Some of my recommendatins from SoftPro would be: http://store.yahoo.com/softpro/1-56592-861-x.html http://store.yahoo.com/softpro/1-56592-861-x.html http://store.yahoo.com/softpro/1-928994-70-9.html - HackProofing your Network http://store.yahoo.com/softpro/0-7897-2376-x.html - Think UNIX C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Memory types (was: Hardware Pointers)
On Tue, 2002-04-23 at 13:02, [EMAIL PROTECTED] wrote: Just remember that DDR333 is double the actual clock speed (166MHz) Are they using Intel floating point precision to compute that? According my math, 166 * 2 = 332 :) Oh, well, if it's only 332 and *NOT* 333 as advertised, then I don't want it ;-) -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: (OT) Hardware Pointers
On Mon, 2002-04-22 at 21:19, James R. Van Zandt wrote: Ben Boulanger [EMAIL PROTECTED] writes: I'm quite happy with my AMD Athlon boxes. I'm thinking about a new machine too. What motherboard do you have? Would that be your recommendation now for an Athlon? For dual Athlons? I don't know that I would spend the money on a dual Athlon board. Does anyone really need that much power in a desktop system? OK, I can understand wanting it, but the Athlon MP chips are expensive, and so are the motherboards. The board that I am looking at is the Shuttle AK35GTR. I have read a bunch of reviews on it, and so far everyone seems to like it. Someone made a comment earlier about not being able to overclock Athlons,but this review of the AK35GTR seems to refute that (http://www.overclockersonline.com/?page=articlesnum=124). Another thing that this particular board has going for it is that it supports everything from the Duron 500MHz through the AthlonXP 2000+. It also has four DDR RAM slots supporting upto 4GB of RAM. Most boards these days max out at three slots. What's a good video card that has solid support in XFree86? I'm currently using an ATI Radeon 64MB-DDR VIVO card, and it's been rock solid. I've been using ATI cards exclusively for the last 5 years, and I have never had a problem with X. Unless you count the Rage Fury MAXX card, which needs two configuration sections in the XF86Config because it has two CPU's and two separate memory buses. It worked, but it took forever to figure out how to get it running. C-Ya, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
(OT) Hardware Pointers
Hi All, As I am sure that there are people on this list that are far more knowledgeable about hardware than I am, I was hoping that someone could point me in the right directions. I am looking to buy a new motherboard because the one that I have is fairly limited in it's upgrade path. With a new motherboard purchase, I am going to be making the jump into DDR RAM (right now I still use PC100 SDRAM). One of the problems is that there seem to be many different levels of DDR (ranging from PC1600 to PC3200). I'd like to read up on what exactly these specifications mean, if the are compatible, interchangeable, etc. RANT On a side note, speaking of hardware, I'd like to mention a very disturbing experience I had at a computer show in Salem N.H. yesterday. I remember when computer shows were full of hobbyists getting great deals on inexpensive hardware from honest vendors. What I saw yesterday was prices 2 and 3 times higher than retail, and people who had no clue *PAYING* these prices. One example was the average price for an AMD Athlon 1.3GHz 266/FSB CPU was $199.00. Average retail price is about $95. Memory was $150 and up for a 128MB PC133 DIMM. I even heard one guy telling a poor, uninformed woman that RAMBUS was the next big thing, and that she should really pay the extra $200 for the memory for her son's computer (he wanted $375 for 256MB RAMBUS). Of course, I couldn't resist the chance to step in and help the woman. What happened to the good old days /RANT C-Ya, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: (OT) Hardware Pointers
On Sun, 2002-04-21 at 15:40, Ken Ambrose wrote: Insofar as DDR vs. SDR, well.. while I believe [faith w/o proof] in DDR more, what's even more important than what kind of RAM is having -enough- RAM. Try to make sure that you're hitting swap as little as possible; while one kind of RAM may be somewhat faster than another, -all- of them are orders of magnitude faster than going to swap. Well, I will be going with AMD. The board that I plan on getting is a Shuttle AK35GT, maybe the AK35GTR (same board, but the latter has RAID). The board had 4 slots for DDR RAM. I will most likely put in 1GB (either 2 512MB or 4 256MB). The problem is that I don't know what *KIND* of DDR I should use. There seem to be about 12 different ratings (PC). They are all about the same price, which would lead me to believe that they are about the same. However, I know that this can't be the case, since that would be too easy :-) Thanks, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: IRobot
On Sun, 2002-04-21 at 19:55, Jon 'maddog' Hall, Executive Director, Linux International wrote: [EMAIL PROTECTED] said: Now if only you could make one go to the kitchen and make a meal for you. I would be satisfied to have it get me a cold beer...er...ah...glass of iced tea Speaking of um, er, Iced Tea, an completely unrelated to the subject of robots, I thought many people would get a kick out this: http://www.thinkgeek.com/stuff/looflirpa/beer.shtml C-Ya, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Debian Sparc ISOs?
There is also linuxiso.org (http://www.linuxiso.org). They have Debian for 1386, PPC, Alpha, and Sparc (http://www.linuxiso.org/distro.php?distro=4). They also have a list of mirrors that include ftp://sunsite.dk/pub/os/linux/debian-cdimage/2.2_rev5/sparc/ and ftp://debian.uchicago.edu/debian-cd/potato/official/2.2_rev5/sparc/ . FYI, Kenny On Thu, 2002-04-18 at 13:10, Michael O'Donnell wrote: ...or how about ftp://ftp.rutgers.edu/pub/debian-cd/2.2_rev6/sparc/ * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Debian Question
Hi all, Does anyone know if there is any harm in deleteing /var/cache/apt/archives/* ? All of the pachages that I have ever installed are in there, and it's currently taking up about 1GB of space.. TIA, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Drawing tools similar to Dia/Visio?
On Fri, 2002-04-12 at 10:10, [EMAIL PROTECTED] wrote: Anyone know of anything like Visio for Linux. Dia is okay, but it seems that their progress has been agonizingly slow over the past few years. It all seems that they're much more interested in advancing the UML diagraming side of things instead of the other options they provide for (specifically the network diagramming). What alternatives are out there? What are others using? It all depends on what you want to do, and how you want to do it. If you're just looking for a diagramming tool, there are a ton out there. NetEdit wasn't *BAD*, but it wasn't great, either (http://www.mark13.de/netedit/). I don't know if it's even being developed anymore. There are also a bunch of plug-ins for Dia that you can get. If you're looking for a program that will go out and map your network for you, then that is a different story. Go with Nomad (http://netmon.ncl.ac.uk/). C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Drawing tools similar to Dia/Visio?
There are also a bunch of plug-ins for Dia that you can get. Where would one find said plugins? There seem to be no references to them on the Dia homepage. Well, upon further investigation, I don't think that any of the plugins that I found (on Freshmeat) would be useful. Most of them are for importing/exporting diagrams to/from code, SQL, etc. And DiaCanvas apparently has nothing to do with Dia -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Drawing tools similar to Dia/Visio?
On Fri, 2002-04-12 at 11:22, Benjamin Scott wrote: On 12 Apr 2002, at 10:51am, Kenneth E. Lussier wrote: There are also a bunch of plug-ins for Dia that you can get. Are any of them any good? I went looking for some once, using Google. First problem was trying to come up with a search pattern that matched plugins without matching Dia itself. I did find some things, but they all, frankly, sucked. I don't know that theu suck, but most do appear to be pretty much useless for general purpose use. Here, we ended up buying MS Visio, which tells you just how desperate we were. heh heh. I still have my pre-M$ version of Visio running in VMWare. I refuse to ever upgrade. C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Webmail.
On Tue, 2002-04-09 at 23:59, Ken Ambrose wrote: On a note having absolutely nothing whatsoever to do with flat panels, I just want to pipe up and say that Squirrel Mail (currently at v. 1.25) rocks. If any of you are looking for a powerful web-based interface to your IMAP (and, with the proper plugin, even your POP) e-mail server, I strongly suggest you check out http://www.squirrelmail.org. I use webmail to read my home e-mail from work all the time. I used to use IMP, but it started to annoy me (bad line wrapping, dependancies, etc.). I used squirrel-mail for a few weeks, and I have to agree. It was rock solid, and there were a ton of features in the core, and at the time, there were about 50 or so plugins for additional features (many of the plugins are added to the core on a regular basis apparently). In the interest of research, I recently moved on to a system called TWIG (http://twig.screwdriver.net). It is more of a groupware suite, with calendar, todo, contacts, e-mail, etc. Also a good performer (written in PHP), and lot's of features plus plugins. It's more suited for a work environment, which is why I'm looking at it. However, all in all, it's a great app. C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Fun GNOME Eye candy..
On Wed, 2002-04-10 at 08:18, Cole Tuininga wrote: I'm trying this out - seems like it would be kinda fun for a while anyway. Quick info about my setup: Athlon XP 1400 Nvidia Geforce 2 Debian woody Running the binary drivers from Nvidia, and I have the Mesa stuff from them installed as well. Do an 'apt-get install libglui2 glutg3-dev glut-data libglui-dev glutg3 glut-doc'. C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Web application
Hi All, Along the lines of the webmail comments made earlier, I was wondering something. I am looking to impliment several web-based applications in my company: Groupware, project management, file management, password management, leads tracking, etc. I have found several (thousand) applications that meet our needs from sourceforge, freshmeat, et al. However, they all suffer from one problem: They all require authentication. This means users would have to log into each individual application seperately. What I would like to do is have a single login page that then passes the users authentication to each application. Has anyone out there done this sort of thing? If so, is it a fairly easy thing to do, or am I in for a world of pain? To keep things as simple as possible, everything that I end up using will be in PHP. Any advice is more than welcome, since I am not a Web developer!! TIA, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Web application
On Wed, 2002-04-10 at 11:18, Mark Komarinski wrote: If you created www.foo.com/secure that was password-protected, the password/username gets passed back and forth for each page underneath it (http://httpd.apache.org/docs/howto/auth.html#basiccaveat) The referenced page mentions this as a caveat for basic auth, but probably is true no matter what kind of authentication you use. Through all of that, I never even thought about using Apache's built-in authentication system. I was thinking about an actual login page, maybe using PHP sessions or something. I'll have to look into this From there, it shows up as a variable to the CGI/PHP scripts that can pull it out if it knows where to look. It would require hacking of each application, but I think it can be done. No matter what I do, it will require some hacking of each application, but I'm starting to like this idea. If I remember correctly, you can set up the htpasswd file to use encrypted passwords, which beats a backend MySQL database authenticaton. If you go this route, SSL all the way. But you probably knew that. That is a given ;-) I only run Apache-ssl these days. This is all for internal (intranet) use anyway. The only way for people in the field to access this stuff will be via VPN, so the security will be fairly tight. Thanks, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Webmail.
On Wed, 2002-04-10 at 11:29, Ken Ambrose wrote: Wow! TWIG looks pretty darn cool! Squirrelmail recently has added some preliminary calendar support, as well as some other spiffy add-ons, but I have to admit that TWIG is almost certainly a superior tool for groupware stuff. Couple of questions (which I can't tell from a preliminary glance at the site): If you like TWIG, there is another system, TWIGGI, based on it (http://www.neddix.de/twiggi-gw). It has a few more features, but nothing really major. - Do scheduled meetings nag attendees (eg. send e-mail notifications)? Not yet. That is in the TODO list for TWIG. - Is there any way to globally schedule stuff, for example conference rooms? What I have been playing with is creating a global group (just a regular group that includes everyone), and giving eveyone read/write access to the group. I named the groups Conference_Room1 and Conference_Room2. That way everyone can see them, schedule the rooms, etc. Is there any somewhat in-depth documentation? While the demo they have at their site is cool (very cool, even), I'd like to be able to have something to actually *reference*. The docs in the tarball are quite complete and thorough. I found myself skipping entire sections because it was fairly mundaine ;-) Thanks for the pointer! No problem. If we all share pointers, we all get to play with cool stuff ;-) C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
OpenOffice
Hi All, Someone metioned getting a copy of OpenOffice the other day, so I was curious. I currently use AbiWord and GnuMeric for most of my smaller tasks, and when I have something larger, like a presentation, or a large document that needs to go out to M$ Office users, I use StarOffice 5.2. If there are people out there running OpenOffice, I would be interested to hear your impressions of it. Is it worth swithcing from SO5.2 to OpenOffice? TIA, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Linux-Outlook (ouch) question
The Availability feature in Outlook is based on the Scheduling system that is built into Exchange. There is nothing that you can do other than run Windoze. Ximian, did, however, just come out with a product called Ximian Connector That will allow you to connect to an Exchange server if you use the Ximian Evolution mail client (http://www.ximian.com/products/connector/). However, the Exchange server *MUST* be Exchange 2000, and it has to have the OWA (outlook Web Access) module installed and running. C-Ya, Kenny On Thu, 2002-04-04 at 16:55, David Roberts wrote: OK, I'm stumped. I have been running Linux for over 3 years here (longer overall, but I've only been here for 3 years, 6 months, ...) and have run into something I am not sure how to fix - guess I'm not up on my Micro$oft tools. I have worked in predominantly Unix environments since leaving the VMS world back in '92 so I have had little exposure to the new Windoze tools. I rec'd this today from my manager, and I'm not sure what he means, much less how to fix it. All I know about Outlook is it's reputation for attracting viruses so PLEASE don't say I have to break down and run NT - I just might have to find a new employer... ;-) Original Message Subject: RE: [Fwd: ...deleted... meeting] Date: Thu, 4 Apr 2002 14:41:50 -0500 Hi Dave, You're also the only person in the dept. who doesn't have their availability on Outlook set accordingly. Could you please correct? thanks ...deleted... * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Linux-Outlook (ouch) question
On Thu, 2002-04-04 at 17:06, Benjamin Scott wrote: Actually, that is not quite true. If you run Exchange, there is something called Outlook Web Access (OWA), which, as you can probably guess, is a web-based interface to Exchange. I am not sure how much functionality is available in it, though. OWA is literally feature-for-feature identical (including bugs and virii) to Outlook. It is a web-page that looks exactly like Outlook. C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Apache server attbi question
If you are inside your network, and you are pointing the browser at the external ip address, you may need to go through an external proxy to properly route the traffic out then back in. It is possible that ATT is blocking incomming http, but that is doubtful. You could give us the IP address, and we could check it out from the outside ;-) On Tue, 2002-04-02 at 10:11, Kenny Donahue wrote: Hi all, This is a little bit off topic but has anyone been able to get their Apache server working with the change from Mediaone.net to attbi.com? I am really stuck. I changed my dyndns.org info to show ne.client2.attbi.com but I still get nothing. I tried changing apache to use port 91(random number) instead of 8080 in case attbi was blocking 8080. I tried using the IP address of my Linksys firewall directly so the port forward should pass it on but still nothing. Even stranger, I don't see the attempt coming in in the Linksys log. Can anyone help? Thanks, Kenny -- Ken Donahue Software Engineer phone: 978 967-1820 email: [EMAIL PROTECTED] Mercury Computers, Inc. System OS - Host Development Team * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Apache server attbi question
On Tue, 2002-04-02 at 15:21, Bill Mullen wrote: Local connections to Apache are now only possible by giving the internal IP of the server box; the old URL still works fine from the outside world - and yes, he's on attbi. :) This has nothing to do with ATT (for once). It's just the nature of routing. Set your browser up to use a proxy server (Mediaone used to use http://www.ne.mediaone.net/proxy/proxy.pac for auto configuration), and it should work fine. The traffic has to go out of your network, then back in. C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: [OT] FW: 1024-bit RSA keys in danger of compromise (?)
On Sun, 2002-03-31 at 20:17, Karl J. Runge wrote: Does anyone have a rough idea on how the RSA and DH algorithm scale with key size in their day to day usage? (initial key generation and key usage) I'd guess it's some small power of the number of bits... I'm not talking about the cracking algorithms, just the base algorithm. I'm not quite sure of the actual scaling capabilities, but I know you can create fairly large keys (10240-20480 bits) for use with many VPN's. FreeS/WAN, in particular, in shared-key mode will use these large keys, both public and private, for the initial authentication and initialization of a tunnel. I've always wanted to jack the key sizes under my control (ssh + pgp) to, oh say, 10,000 bits if I could. I've never mentioned that desire in public from fear of retribution :-) I personally have no problem adding a few seconds to each ssh and pgp usage. The algorithms themselves are perfectly capable of large keys. However, the application may be limited as to the size that it will accept. Then again, if you have the source, I suppose you can change that, too ;-) C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: [OT] FW: 1024-bit RSA keys in danger of compromise (?)
Benjamin Scott wrote: This was just reposted to the isp-security mailing list. I know there are some crypto-heads on this list; anyone have more information? -Original Message- From: Lucky Green [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 23, 2002 8:38 PM To: [EMAIL PROTECTED] Subject: 1024-bit RSA keys in danger of compromise I wish people would stop this already DJB wrote his paper a while ago, and every couple of weeks, someone takes it as gospel and reposts it. Read Bruce Schneier's response, which, IMNSHO *IS* gospel when it comes to crypto, in cryptogram available at: http://www.counterpane.com/crypto-gram-0203.html#6 . Berstein takes some serious liberty in his assertions. Basically, in order for the factoring speed increases that Bernstein asserts as truth to have any noticable effect, the key size would have to be exponentially larger than the keys available today. Bernstein himself says in the paper that the factoring advantages that he proposes do not specifically apply to smaller keys that are common today (4096 and under). C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Web Server
On Fri, 2002-03-29 at 11:31, Andrew W. Gaunt wrote: I wonder, is there a way to tell apache to use a different document root depending on the port? That would be cool way for sorting it out. You can use the virtual host container to set port, document root, etc.: VirtualHost ip.address.of.host.some_domain.com Listen 81 ServerAdmin [EMAIL PROTECTED] DocumentRoot /some/path/accessable/to/www-user ServerName host.some_domain.com ErrorLog logs/host.some_domain.com-error.log CustomLog logs/host.some_domain.com-access.log common /VirtualHost You can use almost any standard apache directive inside of the VH container that you would use in a standard config. C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Web Server
On Fri, 2002-03-29 at 12:30, Andrew W. Gaunt wrote: Any except this one perhaps? Syntax error on line 270 of /etc/apache/httpd.conf: Listen cannot occur within VirtualHost section That figures In your main config add a 'Listen xxx.xxx.xxx.xxx:81' directive, and then in the VH, bind the VH to that ip address. That should work (in theory) C-Ya, Kenny -- Tact is just *not* saying true stuff -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Linux survey request from Rice University
Jerry Feldman wrote: I stand on my previous post. I don't thin a Rice student could comprehend anything more complex than AOL for email :-) I find it interesting that the person sponsoring the research is a prof. in the Management grad school. The survey itself is a bit strange, delving into one's emotional state toward discussions with a LUG? It looks more like a psych test than a business survey C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
RE: slide show software (fwd)
Sat, 2002-03-23 at 00:29, Ken Ambrose wrote: Eh-hem. Read them thar threads. ;-) [Note that I, too, skip the odd message; I guess this is one we are all guilty of, occasionally.] Reading never was his strong suit ;-) Also, I have little doubt that, with some sweat, Gimp could be made to do most anything up to and including your dishes. Someday, I'll actually -learn- the darn application. The GIMP can do all sorts of things to accomplish a slideshow-like performance. One of the things that you can do is create an animated Gif where each frame is a separate image. There are also several animation filters that you can use. It's been a while since I've used it. C-Ya, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Benefits of owning a domain (was Re: Cross Yahoo off the list offree e-mail services!)
I decided that very same thing a few years ago. I registered a domain name (digitalrebel.org), and set up my own firewall, DNS server (using granitecanyon as a secondary DNS), mail server, and web server. All on Linux. At the time, I was running it all over a MediaOne cable modem. When ATT bought out M1, things became extremely unstable. The connection would drop every couple of days, and my IP address was changing 2 or 3 times a week. I switched over to DirecTVDSL, and I have a static IP address, they specifically allow *AND* support Linux, and it is in the ToS that I am allowed to host my own domain, run servers, etc. They will even provide primary or secondary DNS for my domain if I so choose. I even gave myself webmail using IMP (although I am looking for something better). Domains are cheap these days, so anyone can afford it. Setting up the servers really only requires a few old PC's, a Linux distro, and some documentation. C-Ya, Kenny On Thu, 2002-03-21 at 13:09, John Abreau wrote: Well, that sucks. I guess you really need to own your own domain if you want a stable email address. [EMAIL PROTECTED] writes: Hi all, I received this in my inbox this morning from Yahoo! Oh well, guess I'll have to find a different service :( Seeya, Paul --- Forwarded Message Date: Thu, 21 Mar 2002 01:09:25 PST From: Yahoo! Mail [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Important Yahoo! Mail Service Announcement Hello, Important service announcement regarding your POP3 or Mail Forwarding service. Please read on. Effective April 24, 2002, Yahoo! Mail will no longer provide free POP3 Access or Auto Mail Forwarding to Yahoo! Delivers subscribers. If you would like to continue using Mail Forwarding or POP3 Access, please subscribe to our improved package that allows you to: - - Use Outlook, Eudora, or another POP3 client to access and manage your Yahoo! Mail. - - Automatically forward your Yahoo! Mail to another email account -- even another Yahoo! address! - - Send larger attachments, now up to 5MB instead of the free 1.5MB limit. - - Send email without the Yahoo! promotional text at the bottom.* Subscribe before April 24th and get the first year of service for just $19.99. That's 33% off the regular service fee of $29.99. Visit the following link to subscribe: http://ordering.yahoo.com/or/ypm/splash?855Pkgs=us:ym:pop.osig=zQwKT Remember, if you do not subscribe by April 24, 2002, you will no longer be able to access your Yahoo! Mail messages by POP or at another email address. Sincerely, The Yahoo! Mail Team For further information, please read our frequently asked questions. Please note that your Yahoo! Delivers settings will not be affected. *Applies only to email sent through the Yahoo! SMTP servers. --- End of Forwarded Message * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- John Abreau / Executive Director, Boston Linux Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 -- In conclusion, please be wary where authority reigns -- Warrior Soul Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Benefits of owning a domain (was Re: Cross Yahoo off the listof free e-mail services!)
I registered my domain through DomainDiscover.com. I refuse to use NetSol because their agreement states that when you register a domain, they own it and you get to use it. I think that it cost me $35 for three years. I pay $50/month for my DSL line. GraniteCanyon provides primary and/or secondary DNS for free. http://www.granitecanyon.com Free DNS services http://www.directvdsl.com Good DSL C-Ya, Kenny On Thu, 2002-03-21 at 13:35, Dana S. Tellier wrote: Kenny, I don't know if you'd rather reply to me personally or share this with everyone on the list, but I'm very interested in owning my own domain, and eventually putting together the very setup you've described. May I ask how much it costs you for the domain and the DSL, and what you recommend for for registrars, etc.? I've always valued someone's personal experience over some review out on the web. And for the people on this list, I value their personal experience FAR more than any other source. TIA, Dana On 21 Mar 2002, Kenneth E. Lussier wrote: I decided that very same thing a few years ago. I registered a domain name (digitalrebel.org), and set up my own firewall, DNS server (using granitecanyon as a secondary DNS), mail server, and web server. All on Linux. At the time, I was running it all over a MediaOne cable modem. When ATT bought out M1, things became extremely unstable. The connection would drop every couple of days, and my IP address was changing 2 or 3 times a week. I switched over to DirecTVDSL, and I have a static IP address, they specifically allow *AND* support Linux, and it is in the ToS that I am allowed to host my own domain, run servers, etc. They will even provide primary or secondary DNS for my domain if I so choose. I even gave myself webmail using IMP (although I am looking for something better). Domains are cheap these days, so anyone can afford it. Setting up the servers really only requires a few old PC's, a Linux distro, and some documentation. C-Ya, Kenny -- Dana S. Tellier Email [EMAIL PROTECTED] Student Engineer University of New Hampshire InterOperability Lab 220 Morse Hall, NH 03824 Routing Consortium603-862-0090 FAX: 603-862-1761 -- In conclusion, please be wary where authority reigns -- Warrior Soul Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Benefits of owning a domain (was Re: Cross Yahoo off the listof free e-mail services!)
On Thu, 2002-03-21 at 15:39, Paul Lussier wrote: In a message dated: 21 Mar 2002 13:19:17 EST Kenneth E. Lussier said: Domains are cheap these days, so anyone can afford it. Setting up the servers really only requires a few old PC's, a Linux distro, and some documentation. You forgot one important thing: Affordable, high speed, always-on internet access. I could easily afford to register my own domain, but without xDSL or cable modem access to the net, what good is it? A dial-up connection just isn't a feasible means of running a domain. Can it be done? Absolutely. Is it worth the trouble? No, not really. Especially if the only reason is to gain POP3 e-mail access. It is good, even on a dial-up. I know for certain that DomainDiscover will forward mail from [EMAIL PROTECTED] to a pre-specified e-mail address. In other words, you can register foo.com and have e-mail that is sent to foo.com forwarded to your earthlink address. That way, if you lose your dial-up account for any reason, just change the forwarding e-mail address to your new e-mail address. You don't have to worry about telling everyone about your new address. It never changes, as long as you remember to renew the domain name. I'm sure other registrars offer the same services as well. My $21/month for an ISP gets me upto 8 POP3 mailboxes if I really need them. If I *really* want to run a website, I get 10MB or so of space. Agreed. You have everything you need. Until Mindspring tells you that they are changing the doamin name for your e-mail to earthlink.net (NOTE: This is fairly unlikely to actually happen in this case). Running my own domain, as I'm sure is true for most internet users, is actually *more* trouble than it's worth, especially considering I'm restricted to dial-up access, as is the majority of the U.S.! For most internet users, yes. But that is why 20Million of them are using AOL ;-) The fact that Yahoo is restricting free e-mail access to it's web interface just means that I'll occasionally (once every couple of months) check that mail box. I'll access that address just often enough to keep it active, while leaving the mail on their systems indefinitely costing them even more money! I use mine to collect spam. Whenever I need to enter an e-maill address on a website, I use that one. I go in once every few months to keep it active, and delete everything that's there. C-Ya, Kenny -- In conclusion, please be wary where authority reigns -- Warrior Soul Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
There goes the neighborhood
Well, it happened. The SSSCA has been renamed to Consumer Broadband and Digital Television Promotion Act (CBDTPA) and intruduced to the senate by Sen. Hollings today. His speach is here: http://www.politechbot.com/docs/cbdtpa/hollings.cbdtpa.release.032102.html. It's worth the read. Especially the part about how there is no shortage of broadband access, but rather, a shortage of demand: As for broadband, rural and underserved areas aside, there is not an availability problem. There is a demand problem. Roughly 85% of Americans are offered broadband in the marketplace but only 10-12% have signed up. The fact is that most Americans are averse to paying $50 a month for faster access to email. The official bill should be on Thomas (http://thomas.loc.gov/) in the morning. FYI, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: slide show software
What do you mean by slideshow software? The easiest thing to do would be use HTML and set each page to display an image for a few seconds, then redirect to a different image. C-Ya, Kenny On Thu, 2002-03-21 at 20:15, Mansur, Warren wrote: Hi, Does anyone know if there is a kind of slide show software available on Linux? I just subscribed to digitalblasphemy.com and want to download all of the pictures there, and then have them continuously displayed on a monitor, one after the other. I have all these Linux servers sitting around and I might as well use the monitors attached to them :) Thanks in advance, Warren * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: There goes the neighborhood
The theory is that if there is unilateral copy protection dictated by the content providers and imposed by the government, then the content providers will provide more content via the www and hdtv. Without copy protection, they will not allow content onto the web, and this hurts consumers because they will have fewer choices. If you don't believe them, just as the Distinguished Senetor from Disney Land. After all, Michael Eisner payed good money for this legislation. If he buys a senetor, does that make him a consumer? ;-) C-Ya, Kenny On Thu, 2002-03-21 at 15:51, Michael Costolo wrote: How exactly does unilateral copy protection promote consumer broadband and digital television? Am I missing something or is it just an intentionally misleading name? -Mike- * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Apache-ssl and caching
I had almost forgotten about this one... On Mon, 2002-03-18 at 20:02, Benjamin Scott wrote: On Fri, 8 Mar 2002, at 10:50pm, Kenneth E. Lussier wrote: When I pull up the pages in a browser via http, the pages are cached, and I can do things such as export them to spreadsheets, etc. However, if I pull the pages via https, the pages are cached, and therefore, I can't export them. I am assuming the second sentence was intended to read the pages are NOT cached. Yes, I did mean that they are *NOT* cached. It doesn't matter what settings I try in the client. None of them cache https docs (ie, mozilla, NS, and Opera). Given the fact that these dynamically generated objects are cached when using HTTP, it is not the dynamic nature of the objects which is throwing things off. I doubt Apache's mod_ssl is over-riding the regular headers (although I suppose it is possible). I'm not using mod_ssl, I'm using Apache-SSL. There's a difference. However, I seem to have found several things that point to a completely different problem. I tried using cache headers directly from the server config, but that didn't seem to work. But, I can honestly say that this can be written off as a Microsoft issue. What was happening was that IE was taking the dynamic content, and rather than passing the content off to Excel, it was passing the URL to Excel so that Excel could open it directly. The other browsers were passing the content itself to Excel. The problem turns out to be that Excel doesn't support importing of HTTPS data I should have known ;-) That leaves only one thing: The user agent (i.e., the browser). I suspect the browsers are deliberately not caching objects transfered using SSL, as a security measure. It's both the user agent and the application that it is trying to hand it off to. I think that this is a good argument against heavily integrated applications all hooked into the OS. They just don't Do The Right Thing(TM). C-Ya, Kenny -- In conclusion, please be wary where authority reigns -- Warrior Soul Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Lindows vs. Windows.
On Mon, 2002-03-18 at 14:05, Derek D. Martin wrote: jkinz wrote: It seems that SUN maybe the first major UNIXen company whose business will be significantly curtailed by the emergence of Linux. I thought SCO already grabbed that title. Did SCO ever count as a major Unix company? =8^) Did SCO ever count as a real UNIX?? -- In conclusion, please be wary where authority reigns -- Warrior Soul Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: samba config
I believe that RH 7.0 and above use xinetd instead of inetd, so you will have to use that config file. FYI, Kenny On Mon, 2002-03-18 at 14:28, Robert Casey wrote: Good afternoon all, I'm setting up a Samba server and I want to configure SWAT. Documentation says to modify your /etc/inetd.conf file so the swat service will start but I don't have a /etc/inetd.conf file. I'm running Linux 7.2 and Samba was installed with the OS. Could someone point me in the right direction or maybe some links to setting up Samba on Linux 7.2. Thanks, Bob Casey * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- In conclusion, please be wary where authority reigns -- Warrior Soul Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Please remove all 'mediaone.net' addresses
In order to use Yahoo's smtp, you need to be a member of Yahoo Deliveries, which I believe is free. The URL with the instructions is: http://help.yahoo.com/help/us/mail/pop/pop-04.html. C-Ya, Kenny On Mon, 2002-03-18 at 17:26, Paul Lussier wrote: In a message dated: Mon, 18 Mar 2002 17:21:35 EST Tom Buskey said: Does Yahoo have POP? Anyone know of a free, long term, POPable, web enabled email site? Ayup! I've been using yahoo for a while now. And, supposedly, you can relay off their servers for outgoing too, provided you enable some authentication mechanism. However, I haven't figured out how to do that yet, and it's none of the auth methods provided with Evolution, and it's not smtp+auth either. But yahoo.com does do POP3 mail accessible with fetchmail! -- Seeya, Paul It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- In conclusion, please be wary where authority reigns -- Warrior Soul Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Please remove all 'mediaone.net' addresses
Paul Lussier wrote: In a message dated: 18 Mar 2002 17:39:20 EST Kenneth E. Lussier said: In order to use Yahoo's smtp, you need to be a member of Yahoo Deliveries, which I believe is free. Errr, what's Yahoo! Deliveries? Yahoo! Deliveries is basically an opt-in spam service. If you sign up for it, you give them permission to share your address with carefully selected partners (read: We sell your e-mail address to anyone willing to pay us for it) so they can share special offers only available to members (read: so they can bombard you with more junk mail than anyone could ever handle). The URL with the instructions is: http://help.yahoo.com/help/us/mail/pop/pop-04.html. Now that I look at this site, I remember trying these directions from within Evolution's client, and they didn't work, basically because Evolution doesn't support whatever kind of authenticated smtp that Yahoo inisist upon. It may not be the authentication method that is the problem, since it appears to be a standard username/password scheme. It may be that you aren't a Yahoo Delivers member, and that is the database that they authenticate against. C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Amanda
All, I remember a while back someone had asked about an Amanda HOWTO. I came across this article on LinuxSecurity and thought that it may be of interest to some. http://www.linuxsecurity.com/articles/server_security_article-4571.html C-Ya, Kenny -- In conclusion, please be wary where authority reigns -- Warrior Soul Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 msg13400/pgp0.pgp Description: PGP signature
Apache-ssl and caching
All, Does anyone know how to configure Apache-SSL so that browsers can cache SSL encrypted documents? I thought that it was as easy as using the CachNegotiatedDocs setting, but I was apparently wrong. I know it defeats the purpose, but that's a different story TIA, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Apache-ssl and caching
Benjamin Scott wrote: On Fri, 8 Mar 2002, at 7:56pm, Kenneth E. Lussier wrote: Does anyone know how to configure Apache-SSL so that browsers can cache SSL encrypted documents? I'm not sure I understand your question. Are you serving objects, and the browser is not caching them, and you think that is Apache's doing? Or are you using Apache as a caching proxy, and you want *it* to cache SSL objects? I have Apache-SSL serving pseudo-dynamic content via a PHP (yes, that horrid, insecure, evil language) script pulling data from MySQL. When I pull up the pages in a browser via http, the pages are cached, and I can do things such as export them to spreadsheets, etc. However, if I pull the pages via https, the pages are cached, and therefore, I can't export them. I'm hoping that it is an Apache thing, since that may be readily fixable. The latter is not possible; the SSL encrypted stream is passed through to the next system directly. The former depends on two things: The headers the web server sends to the client, and what the client does on its own. I suspect many browsers are configured internally to not cache encrypted objects. I know MSIE has an option for this, for example. Not sure about Mozilla. It doesn't matter what settings I try in the client. None of them cache https docs (ie, mozilla, NS, and Opera). As far as the headers go, if your content is dynamically generated (as it often is for SSL), then it depends on what the generator (CGI script, for example) sends for headers. If the generator does not set things explicitly, then Apache will tell the client not to cache anything, since it was dynamically generated. H This could be the problem. I may need to force the issue with some good old fashioned HTML. If you are serving a static (plain old disk file) object, ummm... I'm not sure. Since the docs do not say or provide an option, either Apache's default behavior should be in place (allow caching), or the SSL module is explicitly using cache control headers to prohibit caching. Either way, I suspect a journey to the source code will be required. I hate going there ;-) I thought that it was as easy as using the CachNegotiatedDocs setting, but I was apparently wrong. I assume you tried CacheNegotatedDocs as well? ;-) heh.. Yeah, that too ;-) C-Ya, Kenny --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: PHP security flamewar (was: Apache codered looming???)
OK, does anyone else see this? Paul and Ben are saying exactly the same thing: It's a matter of bad programming, not a bad programming language. Now, the truly amazing thing is that Paul and Ben actually agree on something. The slightly less astounding fact is that they are *STILL* arguing, despite the fact that they agree... Anywho PHP, like Perl, like C, like any other language will have security holes as long as people write sloppy code. It is a fact of nature. Yes, PHP has some problems. However, those problems aren't an issue until someone goes and does something stupid like write bad code that leaves the hole vulnerable. The same is true for Perl (see http://www.coconut-palm-software.com/~perlintro/cgi-security.html). A great example is Matt's Script Archive. Great programs. *BD* programming. There are all sorts of holes in most of the Perl scripts found there. This is why there are 200 Perl-related vulnerability checks in Nessus. There is no such thing as a secure language. The language of and by itself does nothing. It is not secure or insecure. It is the person writing the code. Thus buffer overflows, stack-smashing, elevated rights, etc. C-Ya, Kenny Quoting [EMAIL PROTECTED]: In a message dated: Thu, 07 Mar 2002 00:03:30 EST Benjamin Scott said: I note that Perl's CGI module has an identical feature (the ability to set language variables from an HTML form). Still does, AFAIK. I'm not trying to compare Perl to PHP here, just point out that tools that allow you to do stupid things are not limited to PHP. Ahm, why is this a stupid thing? How else do you get data into a CGI from a web page? Just because you're taking data in from the outside and setting a variable to the value entered in a form isn't, in and of itself, a stupid thing. It's what you do, or rather, don't do with that data after you have it that makes it dangerous. Once you take tainted data in, you must jump through hoops to de-taint it. Just blindly accepting the value from an HTML form and using it as is is stupid, but that's a programming practice that's stupid, not a language design issue. Please clarify if I'm misunderstanding what you're talking about. * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * - There's nothing you shouldn't speak of if you've got something to say, and there's no one to be scared of, just get them out of your way. -- The Alarm * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
NetFilter news on Yahoo
For those that want to read it, the link is: http://story.news.yahoo.com/news?tmpl=storyu=/cn/20020301/tc_cn/flaw_weakens_linux_security_softwarecid=70 The article is interesting, talking about a vulnerability in the 2.4.14-2.4.18pre9 kernels. I don't think that the article says anything that hasn't been known for a while now. What I find interesting is that it is on Yahoo news. A minor kernel bug, if even that, is worthy of such main stream placing. This is so cool ;-) C-Ya, Kenny - There's nothing you shouldn't speak of if you've got something to say, and there's no one to be scared of, just get them out of your way. -- The Alarm * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
On Fri, 2002-02-22 at 03:56, Derek D. Martin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For all of the above reasons, I argue both that PGP signatures do add value to a message, and that there is absolutely no comparison between a PGP signature and any of the aforementioned methods of message formatting. I would like to add another reason. I have yet to hear of a security vulnerability cased by, exploited using, or found in, a PGP/GPG signature. MSTNEF had an issure where you could munge the header information (much like RTF), and exec arbitrary code on the receiving machine. Winmail.dat used to carry a users password in it. HTML can have embeded scripting it in that, if the mailer isn't careful, can do a whole host of nasty things. A PGP or GPG signature is a small block of plain text that does nothing of it's own volition. It is merely used to authenticate a person's e-mail. All of the formatting ethods mentioned actively *DO* something if the ender is malicious. If you happen to use some other mailer at an alternate location, the mailers which can be made to understand cleartext PGP signatures, and thereby reduce or eliminate clutter include (but are not limited to): mutt pine exmh kmail Microsoft Outlook I would also add Outlook Express. There is a patch for it called gpgoe. It is also possible to use GPG in the Windoze world. There is even a pretty decent front end to it called WinPT (http://www.winpt.org). C-Ya, Kenny msg13217/pgp0.pgp Description: PGP signature
Re: backup DNS
Hi Rich, You might want to look into some free secondary DNS services like www.granitecanyon.com. If not, I'll do what I can for you here from my home network. FYI, Kenny Rich Payne wrote: Anyone out there willing to be a backup DNS server for monadlug.org ? I need to get away from the current one ASAP and thought I'd see if we had any volunteers before coming up with some $$. thanks, --rdp -- Rich Payne http://talisman.mv.com * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: GPG and different mailers
[EMAIL PROTECTED] wrote: One thing I noticed though was that it's support for GPG seems to be lacking. The 2 areas I noticed had problems were: - you can not locate your .gnupg directory anywhere other than your home directory, there seems to be no way to configure this. In the Other settings section, for the gpg command, instead of just putting in /usr/bin/gpg, use /usr/bin/gpg --homedir /home/dir. This is bad, especially if your homedir is NFS mounted and you don't trust your network (which I never do, even when I'm the one admin'ing it!) This isn't a limitation of Evolution. This is the standard behavior of gpg. - When trying to verify signed e-mail, it seems to always fail, yet the exact same e-mail in a different mail client (exmh) succeeds in then authentication. I've so far verified this with multiple e-mails sent to this list which I've read under both Evolution and exmh. Evolution fails every time, exmh succeeds every time. This I can't explain. I think it has to do with the way Evolution uses pgp mime. Does anyone have any insight to these issues? Nope ;-) C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: PostgreSQL Vs. MySQL
Quoting Rich Payne [EMAIL PROTECTED]: If you're doing any serious sort of web application my suggestion would be to make it as DB neutral as possible. It makes it a little more painful at first as you can't necessarily make use of feature X of database Y but later on this usually pays off. However as usual YMMV. Everything that I am writing should be as neutral as it possibly can be. For example, I am currently developing a web based CRM utility to do customer management, lead tracking, forcasting, etc. Anything that I develop will be made available to others, so I want to make it as portable as possible. The reason that I ask about the differences is because I am now doing actual db work, and I really don't know anything about them. I am going to use on or the other, since they are open source, and they are readily available. MySQL is what I have started with, just because it was what I had always heard about. Then someone mentioned that they thought I should use PostgreSQL. So, I figured that I would take it to the masses and find out what it is that I don't know. Thanks, Kenny - There's nothing you shouldn't speak of if you've got something to say, and there's no one to be scared of, just get them out of your way. -- The Alarm * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
RE: Network diagram information
Quoting Mansur, Warren [EMAIL PROTECTED]: nmap scans hosts and reports if they are up, and what ports are open. Just a quick question. Does nmap rely on being able to connect to a particular website to download the TCP fingerprints, or are they included with the program when installed? For some reason I can't seem to use nmap when I'm behind the corporate firewall, even on local nodes. Nmap is completely self contained. It doesn't depend on anything other than it's own built-in code. If you are having trouble, there are a lot of things that can effect it. To have access to all of the features, you need to be logged in as root. Also, if you are scanning a system that is inside of the network, and all of the traffic is going through a switch, the switch may be effecting it. Try slowing down the speed of the scan, and randomizing the port order. Also, shut off ICMP ping, tcp ping, and ping host before scanning. It is possible that a switch or firewall will block these things. If you are truing to scan a system ouside of the firewall, then it is most likly being blocked. FYI, Kenny - There's nothing you shouldn't speak of if you've got something to say, and there's no one to be scared of, just get them out of your way. -- The Alarm * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
PostgreSQL Vs. MySQL
All, Please don't misunderstand the subject line as flamebait. I have been dealing with databases a lot more (than I ever wanted to) recently, and I am trying to figure out the advantages and disadvantages of both postgresql and mysql. Especially now that I have been doing some web development, I want to use the best tool for the job, but I can't honestly say that I know which is better, or why. If anyone has any thoughts on this, I would like to hear them. Also, does anyone know how difficult it would be to switch from mysql to postgesql? TIA, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Network diagram information
[EMAIL PROTECTED] wrote: [SNIP...] The automated tool sets do little to organize the diagram of the network it auto-discovers other than just show you what's connected to a specific ethernet segment. They won't show you what's a server of what, what's a client of what, etc. Usually, the network/system administrator already knows that, and is just trying to save some time from having to draw things themselves. It depends on the tool set. Something like NPulse scans the network, and continuously monitors all of the ports on all of the machines that it finds. So, in a way, it does tell you what is serving what. Also, most sniffers will tell you which direction traffic is going, and what is serving what. EtherApe has a nice GUI representation of traffic flow, as does Cheops. What you might want to do is this: 1. use something like fping to ping a subnet and find live IP addresses. If you know the IP address of the system you are on, you can scan the subnet that it is on. Most switches, however, won't allow a brodcast, directed or not, to cross. 2. use nessus or something like that to then scan the live IP addresses for open ports. DON'Y USE NESSUS!! Nessus is for security auditing and vulnerability assessment. Use nmap. Nmap is command-line friendly, faster, and is more targeted to the job at hand. Nessus is extreme over-kill. Not to mention the fact that it might just take down your router, or any Windows boxen that get in it's way ;-) 3. For each IP with open ports, draw a picture or make some notation that will list each open port on that IP address. Now you have a complete list of active IPs on a subnet with a list of open ports on each active system. From this you should be able to determine which ones are servers and which ones are clients. You could also do a comparison of response times to estimate relative physical position of the system in relation to the system the program is running on. This, of course, would be highly unreliable, but it could be done. Obviously certain IP addresses are likely to be gateways or IP addresses of routers or managed hubs/switches, in which case there won't, or shouldn't, be any open ports. You could then probe each on using snmp to determine the manufacturer and model name of the equipment. This requires the router/gateway to be running snmp. Given the recent talk of the evils of snmp, this could be a problem. C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Port Vs. Vulnerability scanners (was Re: Network diagram information)
[EMAIL PROTECTED] wrote: 2. use nessus or something like that to then scan the live IP addresses for open ports. DON'Y USE NESSUS!! So what exactly are you trying to say here? I'm trying to say that there is a correct tool for every job, and that just isn't it. Nessus can do nasty things to a system, and to a network as a whole if it isn't used correctly, wisely, and carefully. It also should not be run unattended because of the bad things that it can do. Nessus is for security auditing and vulnerability assessment. Use nmap. Nmap is command-line friendly, faster, and is more targeted to the job at hand. Nessus is extreme over-kill. Not to mention the fact that it might just take down your router, or any Windows boxen that get in it's way ;-) Can you explain a little more about the differences between nessus and nmap. (I actually meant nmap above, but couldn't think of the name, and nessus is all that came to mind :) Nmap is a port scanner and Nessus is a vulnerability scanner. A port scanner runs through the list of ports (1-65535) and checks for a response. If a response is received, then the port is open. If not, the port is closed. That's it. Nmap has some great features that make it better than most, such as the ability to randomize the order of the scan, multiple scan types (xmas, fin, sys, connect, half-open, etc), niceness, etc.. However, it is still just a port scanner. Nessus, on the other hand, is a vulnerability scanner. As part of it's process, it performs a port scan to see what is open. Nessus has the ability to use Nmap as it's plug-in port scanner. Port scaning is just the first step. It scans for open ports, then once it knows what is open, it checks the services that are running. For example, if it finds port 21 open, it will check to see of an ftp server is actually running on that port, and if so, which one. It will then attempt to exploit holes in the given service (buffer overflows, file permissions, anonymous exploits, etc.). If it finds holes, it will tell you what the problems are, and most times, it will tell you how to fix them. There are many commercial vulnerability scanners out there like ISS, RetnaScan, and others. C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: ssh and security
Hi Peter, Peter Beardsley wrote: Feb 12 20:00:37 xxx sshd(pam_unix)[18540]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.72.153.69 user=xx Feb 12 20:00:55 xxx sshd(pam_unix)[18540]: 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.72 .153.69 user=xx The good news is that according to this, thay didn't get in. Personally, I would 1) make sure that all r* services are disabled, 2) don't use passwords, use public/private keypairs, 3) make sure you are up to date on all OpenSSH patches. Where the user in question was a user that was being used to ssh into this machine remotely, and the IP traces back to a Venezualean ISP. So somehow s/he got the username. Has anyone seen anything like this before? BTW I require ssh v2 connections. I see it all the time. Usernames are usually fairly easy to guess especially on a mailserver if it's sendmail and VRFY and EXPN are enabled. Check your mail logs for a lot of 550's, then check the IP address against recent spam. Anything that wasn't rejected and returned to the sender is a potential username on a box running SSH *and* a mail server. Also, if you own the domain name of the box, a simple whois will turn up several potential usernames. There are litterally hundreds of ways to get usernames. In theory. So I've heard ;-) I've read a little here and there about monkey in the middle attacks on ssh, but don't you have to be on the same subnet? Nah They just have to be able to intercept your traffic, rebroadcast modified packets, then intercept the return traffic and modify that before rebroadcasting it. But it isn't an easy task. Besides, man-in-the-middle attacks usually involve an attempt at session-hijacking (also not an easy task), not a direct login attempt. C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: CRM
As was pointed out to me, Relata is associated with Stratabase (http://www.stratabase.com), *NOT* Starbase as I has said. Stratabase is a sponsor member of Linux International, and OSI certified. Sorry about the misinformation. Kenny Quoting Kenneth E. Lussier [EMAIL PROTECTED]: All, In case anyone is interested in, or looking for, an open source CRM application, I have found a pretty decent project called Relata (http://www.relata.org). It is still fairly early in the development process, but it's written in PHP and uses either MySQL or PostgresSQL as the backend, so it's easy to customize. The project is sponsored by Starbase, and it seems to be pretty stable. There is a side project called RelataSync that does PalmPilot syncronization with the server. FYI, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * - There's nothing you shouldn't speak of if you've got something to say, and there's no one to be scared of, just get them out of your way. -- The Alarm * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
CRM
All, In case anyone is interested in, or looking for, an open source CRM application, I have found a pretty decent project called Relata (http://www.relata.org). It is still fairly early in the development process, but it's written in PHP and uses either MySQL or PostgresSQL as the backend, so it's easy to customize. The project is sponsored by Starbase, and it seems to be pretty stable. There is a side project called RelataSync that does PalmPilot syncronization with the server. FYI, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Who can repair my monitor?
A little off topic, but related question: Who can take away my old monitors? I have about 20 or so old Sun and HP monitors (some work, some, not so much working), and I know that I can't just toss them in the dumpster because of that whole environmental, polution, kill-the-planet thing. So, does anyone know who I can call to take them away? TIA, Kenny PS I can't wait until Hostraders, either. I have to empty out the storage facility that they are in. Quoting Benjamin Scott [EMAIL PROTECTED]: On Sat, 19 Jan 2002, Michael O'Donnell wrote: My no-name monitor with Trinitron innards made smoke and some snap-crackle-pop sounds before dying the other night. Any recommendations for repair shops? If it is repairable (i.e., the tube is not blown), any place that repairs TVs should be able to repair a monitor. However, keep in mind that the cost of repair will often be 50% or more the cost of a brand new monitor. At those prices, repairing an old monitor becomes a poor business decision. -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * - There's nothing you shouldn't speak of if you've got something to say, and there's no one to be scared of, just get them out of your way. -- The Alarm * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: SCSI Problems
Quoting Benjamin Scott [EMAIL PROTECTED]: Have you tried a kernel that works? I have seen similar weird problems trying to install 2.4-based distros at home, which promptly disappeared when I switched back to 2.2. I had this problem a few weeks ago with a SCSI tape drive. I added the Adaptec card, recompiled the 2.4.x kernel, and the SCSI card worked, but the system just refused to see the drive. I ended up compiling a 2.2.20 kernel, and it worked just fine. C-Ya, Kenny - There's nothing you shouldn't speak of if you've got something to say, and there's no one to be scared of, just get them out of your way. -- The Alarm * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
SPAM??
Uh, I thought that this was already delt with? I thought that we went subscriber-only a long time ago [EMAIL PROTECTED] wrote: This email message is sent in compliance with the 106th Congress E-Mail User Protection Act (H.R. 1910) and the Unsolicited Commercial Electronic Mail Act of 2000 (H.R. 3113). We provide a valid vehicle for you to be removed from our email list. To be removed from our mailing list, simply send an email to [EMAIL PROTECTED] with the subject remove. Finally! A flat rate long distance service at 1.4 cents per minute for a real phone company! Includes all 50 states, (in-state toll calls as well), 3-way calling and conference calling. No need to change long distance carriers. This price is a limited offer so act now! DISTRIBUTORS NEEDED! Our people are already making over $10,000.00/month working from home. No fee to become a distributor. email me at: mailto:[EMAIL PROTECTED] email me at: mailto:[EMAIL PROTECTED] Include your nameand phone number to hear our clear serivce. To be removed send a blank email to: mailto:[EMAIL PROTECTED] * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. * -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Worth a laugh
In case anyone missed this on /. on Sunday night, Dave Barry took on the reliability of MS Windows in his latest column. It's a humorous look at Windows through the eyes of a typical user. http://www.miami.com/herald/special/features/barry/2002/docs/jan06.htm C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Evolution 1.0 impressions.
Ken D'Ambrosio wrote: \ However, I was surprised to see that 1.0 didn't support IMAPS. To me, that killed it right there... Assuming you mean IMAP, it supports it just fine; two of my inboxes are IMAP, and I have no problems whatsoever. I believe that he ment IMAPS, which is IMAP over SSL. Either way, Evolution 1.0 does support it. I've been using Evolution for about 5 months now as my MUA of choice at work. I have to admit, I like the way that is supports pgp-mime. Of course, I am still waiting for a usable spell check for it ;-) Occasionally, I have to close it and restart it, but I think that has more to do with my system than the app itself. C-Ya, Kenny -- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Large mailboxes (was: rfc2505)
Benjamin Scott wrote: We've been considering Cyrus IMAP, maildir format, and possibly a better filesystem (ReiserFS, most likely). I've been using the Courier mail system for a few months now with Maildir format, and it has solved a lot of performance issues. The nice thing is that it doesn't have to load a single 100MB file into memory/cache/\/tmp unless you have one single e-mail that is that large (if you do, then you need to smack the person that sent it to you ;-) Also, depending on the client that is most commonly used in your environment, it may not even have to load the individual files. A lot of IMAP clients will now cache (they call it download) messages locally so the server doesn't need to process them every time. You also don't have to use the entire Courier system. You can individually get the IMAP server, the webmail system, and the filtering system (maildrop). Or, you can get the whole package. C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Courier MTA (was: Large mailboxes)
Benjamin Scott wrote: I was seriously looking at Courier for evaluation, but certain things in the FAQ turned me off. A lot of questions in the form of X doesn't work were answered with X is broken, don't use it. In my world, interoperability is important. There are lots of broken things out there. My job often involves making them work together. The FAQ is badly written, plain and simple. However, there are usually workarounds for things that are badly implimented in clients. As a matter of fact, there is a --use-workarounds-for-broken-imap-clients switch for configure ;-) The workarounds usually include commenting out a section of code that checks for something specific, like a perticular RFC compliance check, etc. Put another way, I prefer the Robustness Principle: Be liberal in what you accept, and conservative in what you send. (RFC-1122, section 1.2.2) Courier can be made to be extrememly liberal. However, `out of the box`, it is extremely strict. The reason for this is that the developer believes in the reverse-Microsoft principal If you *REALLY* want that hole, I'll tell you how to do it, but *YOU* have to do it yourself. I won't impliment bad practice by default. What I am leading up to is a question: Have people here using the Courier system had trouble interoperating with other systems? In particular, I worry about Microsoft's offerings -- notorious for anti-social behavior, but also very common. I have had a few problems, but nothing insurmountable. The biggest problem that I have had is other people either 1) not having proper reverse dns for their mail servers, or 2) using IP addresses in their MX records instead of host names. As far as client interoperability, I haven't had any problems other than trying to get users used to IMAP when they have been using POP3 for 10 years. LookOut seems to play nice (NOTE: LookOut can only use an IMAP server in it's `Internet Only` configuration). The clients that I know of that work are: LookOut, LookOut Express, Eudora, Netscrape Mail (windows and Linux), and Evolution. I am interested in experiences -- positive, negative, or indifferent -- of people actually using Courier. (Or anyone not using it who has had interoperability issues with someone who was.) Now that I have it set up the way that I want, and I have tweaked it to be fairly liberal in what it accepts, it's working great. The one major flaw that I have with it is the lack of a command line mailer, which is probably just a matter of tying something to it. C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: rfc2505
Quoting Derek D. Martin [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is difficult, if not impossible, to acheive. At least, if I understand you correctly. The SMTP gateway is a mail TRANSFER agent, and knows nothing about what the client wants or doesn't want, BY DESIGN. The exception is probably MS Exchange, which I don't know much about, and wouldn't ever use/manage unless I were starving to death. There are ways of doing this, but they are not clean, nor are they secure. Most major, and some minor, MTA's allow the use of Black List lookups. Your MTA can consult things like the RBL to see if mail is from a black listed domain, sender, etc. One of the problems with this is that your MTA is now depending on someone else's judgement, and someone elses security. If the RBL is ever cracked, it would wreak havoc with the mail systems that use it. It's also been my criticism of most mail filtering tools (including procmail). Procmail filters it independent of MUA, but it doesn't help much with sealed servers running IMAP -- you need permission to put your procmail filters on a server you don't have access to. This is not a shortcoming in procmail. It's a problem with your corporate policy. If you're going to lay blame, please do so where it belongs... I have to disagree here. I don't think that the corporate policy is wrong, I think that it is a matter of perception. Personally, I don't want my users to have shell access to the mail server. It prevents them from doing things like running Pine or Mutt on the server. Especially if they are on a windows box running Exceed. Then they just click the X instead of actually logging out A workaround for this problem is to run fetchmail to get your mail from your IMAP server, and filter it with procmail locally. And IMNSHO, it's a much cleaner way than what you're about to suggest... Most other filtering mechanisms are client specific. I'ld like to be able to switch clients freely and not have to port my filters to each and every client. Procmail does not suffer from this problem. Filtering should always be done at the client side, IMO.It's the user that chooses the client, and the user that wants the filters. There is no reason to put extra strain on a mail server, especially if it is a high traffic environment, by asking the MTA to think for you as well. This is where sieve comes in. I comes as part of cyrus-imapd and does all it's filtering before delivery -- i.e.: it gets delivered to a folder of the recipients chosing and doesn't require login access to the imap server. It has it's own protocol for transfering sieve scripts and can even notify a running IMAP client of new mail in any IMAP folder. I haven't tried any of this yet, but it looks promising. All we need now is for it to be adopted more widely, including any easy way to download, modify, and upload sieve scripts using your mail client of choice. Unless I'm mistaken (which is very possible), Cyrus mail tools require the use of Maildir format mailboxes, which just aren't supported all that well. True, a lot of major mail clients support it, but a lot of popular clients don't. And if you need to read mail with mailx in an emergency, forget it. Cyrus, Qmail, and Courier all use Maildir as their default, but they also support mbox format. If you use Maildir format, and you need to read your mail in an emergency, use vi. This seems to me to be making the process of delivering mail to a user entirely too complex. The LAST thing I want, as a system administrator, is dependence on a database program to make delivery of mail work. When you do this, you've probably increased the complexity of mail delivery by more than 100%, given how basically simple sendmail is. That means headaches for me, and I don't like it. I 100% agree here. Making your MTA depend on a database backend just seems suicidal. Not to mention the performance hit you would take if you have a high traffic environment. If every single piece of e-mail requires a database query, you will slow the mail server down considerably. Especially if you have tables with thousands of entries, which you would have to have if there needs to be an entry for everyone that you *WILL* accept mail from. Besides the performance hit to the mail server, just imagine the performance hit the sysadmins would take!! I spend hours a day responding to e-mail. Now, imagine having to respong to an e-mail saying that you will accept mail from this person, then waiting for their e-mail, then responding to it... I don't have time for that. You can even configure procmail to send the sender bounce messages, if you really want to. YAY! You can configure procmail to do pretty much everything. If you just really don't like procmail for some odd reason, then use maildrop or seive. They are all relativly the same. Now
Re: Adaptec 2940UW
mike ledoux wrote: AIC7xxx is the one you need--the chip on the HBA is an AIC7xxx. This applies to just about every recent Adaptec card: if it can handle Fast/Wide or better, it probably uses the AIC7xxx driver. That was easy... The SCSI card works. The tape drive attached to it, on the other hand, is being a bit more difficult. It shows up in /proc/scsi/scsi as: webby:/home/kenny# cat /proc/scsi/scsi Attached devices: Host: scsi0 Channel: 00 Id: 06 Lun: 00 Vendor: ARCHIVE Model: Python 00095-001 Rev: 5.45 Type: Sequential-AccessANSI SCSI revision: 02 So it's there, and the system sees it. However, I can't access /dev/st0, or any variation thereof. C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Adaptec 2940UW
Paul Lussier wrote: So it's there, and the system sees it. However, I can't access /dev/st0, or any variation thereof. Do you have the generic scsi driver built in? /dev/sg* often times needs to be available in order to deal with tape drives. Yup... I have it built directly in. If I cat /proc/scsi/sg/device_strs I get: webby:/proc/scsi/sg# cat device_strs ARCHIVE Python 00095-0015.45 which is the tape drive. I also noticed that I don't have any /dev/sg* devices. I have st's, sr's, nst's, sd's, etc., but no sg's. What does 'mt -f /dev/st0 status' reveal? webby:/proc/scsi/sg# mt -f /dev/st0 status mt: /dev/st0: No such device The same for all of the other st devices. C-Ya, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
