[CentOS] Encrypted remote backup?

[Michael A. Peters]

Can anyone recommend a commercial off site remote backup service with a 
client (preferably FOSS) for CentOS 5, preferably that allows encryption 
of the data being backed up?

Small scale, I'm primarily looking to just back up my mail folder on my 
server.

I've been backing it up to local hd via rsync but that drive just died, 
I'd prefer to have it backed up to somewhere more stable than a home box 
and automated via cron (cli tools a must), but encryption is important, 
people are snoopy and I'm paranoid about that sort of stuff.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] spamassassin needs updating?

[Michael A. Peters]

The spamassassin on my server is 3.2.5 and is stock CentOS 5.x.
I do apply updates regularly.

Most of my legitimate contacts are either whitelisted or sorted into 
folders before spamassassin sees them, but I have noticed an increasing 
amount of legitimate mail marked as spam.

One issue seems to be the FH_DATE_PAST_20XX rule.
I was able to fix that via running sa-update as root per
http://wiki.apache.org/spamassassin/Rules/FH_DATE_PAST_20XX

Should the rule be fixed in the actual RPM though since it is past 2010?

Secondly a lot of mail is marked due to

DNS_FROM_OPENWHOIS

In SpamAssassin 3.3 and later, that rule is removed because:
Status of bl.open-whois.org: DEAD

http://wiki.apache.org/spamassassin/Rules/DNS_FROM_OPENWHOIS

Shouldn't that rule then be removed from the CentOS RPM?
I think I figured out how to remove it manually (give score of 0.0 on 
trigger) but if it doesn't work, it should be patched out of the CentOS 
RPM, no?

Will CentOS patch it w/o rhel patching? IE where should I search for bug 
reports and file a bugzilla?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] burning an image

[Michael A. Peters]

david walcroft wrote:
> I downloaded CentOS-5.4-x86_64-bin-DVD.iso but I haven't used Centos 
> before and I've haven't used a -bin-DVD.iso before,every attempt so far 
> to burn one has produced coasters,what do I do to get an image.
> 
> Thanks  david

This is how I burn linux ISO's, rarely results in bad burn.

As root -

cdrecord -dev=/dev/scd0 -speed=8 -dao -pad -v whatever.iso

You might need to change /dev/scd0 depending upon your system, that 
works for me with a SATA burner.

If your iso is not sitting on a separate physical drive from / and 
/home, try not to use any apps while the burn is taking place.

Don't use a faster speed just because your burner supports it, I've 
found that the faster the burn the more likely some drives are to reject 
it as a boot disk even when the burn process doesn't report any errors, 
not sure why.

If all else fails and you have a second computer, you can burn the small 
boot.iso and mount the dvd image on the second computer and make it 
available over http. Then boot off of the boot.iso and do a network 
install. I frequently do it that way, as I don't see the point in 
wasting a DVD-R when the first thing I'm going to do after successful 
install is run yum update to replace a lot of the packages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ImageMagick Bug

[Michael A. Peters]

Michael A. Peters wrote:
> Michael A. Peters wrote:
>> Hello,
>>
>> I am experience a segfault while trying to use convert between svg and png.
>>
>> I suspect that the bug I am experiencing is identical to this one:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=472253
>>
>> I can try the suggested patch myself, but is this the kind of thing that 
> 
> The patch is for gnome-vfs2, not imagemagick.
> I'm guessing that makes it a much stickier proposition since a lot of 
> stuff uses gnome-vfs2.

For what it is worth, I'm with running the gnome-vfs2 patch in the 
bugzilla and convert from svg to whatever works fine w/o segfaulting. It 
actually completes the conversion before the segfault w/o the patch, the 
segfault seems to happen when convert exits.

Looks like it might be in next rhel update (5.5) anyway, don't quite 
understand why they do not push it now.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ImageMagick Bug

[Michael A. Peters]

Michael A. Peters wrote:
> Hello,
> 
> I am experience a segfault while trying to use convert between svg and png.
> 
> I suspect that the bug I am experiencing is identical to this one:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=472253
> 
> I can try the suggested patch myself, but is this the kind of thing that 

The patch is for gnome-vfs2, not imagemagick.
I'm guessing that makes it a much stickier proposition since a lot of 
stuff uses gnome-vfs2.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] ImageMagick Bug

[Michael A. Peters]

Hello,

I am experience a segfault while trying to use convert between svg and png.

I suspect that the bug I am experiencing is identical to this one:

https://bugzilla.redhat.com/show_bug.cgi?id=472253

I can try the suggested patch myself, but is this the kind of thing that 
maybe could be patched in CentOS plus repository until RHEL has an 
approved patch? The report looks several years old yet there still isn't 
one, which isn't a good sign.

The issue I'm dealing with, on my web site I am moving a lot of the 
currently gd generated dynamic png images to svg but since not all 
browsers support svg, I need to convert from svg to png for a fallback.

I suspect I'm not the only one who wants to do this sort of thing, so 
segfault in convert from svg to gif/png is really something that 
probably should have a fix readily available.

I'm running CentOS 5.x
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB GPS

[Michael A. Peters]

John R Pierce wrote:
> Mathieu Baudier wrote:
>>> Anyone ever used the iGPS-500 under CentOS 5?  Any recommendations on a
>>> USB-based GPS that "just works"?
>>> 
>> I use the Garmin GPSMAP 60CSx on CentOS.
>> This is a very good device (but more for "offroad" activities).
>>   
> 
> there's two generic families of GPS's, simple antenna+radio-only units 
> which just report position over USB (or on older ones, rs232 serial), 
> and fancy handheld units that have mapping and tracking and all kinda 
> bells and whistles such as the various Garmin units
> 
> most folks who want a GPS to connect to a computer are probably more 
> interested in the simple kind, as they want to use the computer for any 
> mapping etc.

Guess I'm not most.
I use my GPS to collect data on reptiles and amphibians, dump the data 
to gpx, pass it through http://www.gpsvisualizer.com/elevation to fix 
the elevation (which can sometimes be considerably off in the unit, 
especially with tree cover), and provide georeference data when I submit 
the data to the nafha database.

I don't do any mapping with the computer, unless you count finding spots 
that look interesting in google earth and uploading them to the unit for 
me to then find out in the field.

Lot of people just like me, too.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB GPS

[Michael A. Peters]

Ray Van Dolson wrote:
> Anyone ever used the iGPS-500 under CentOS 5?  Any recommendations on a
> USB-based GPS that "just works"?
> 

I do not have personal experience but I hear the Garmin models work 
well. I have a serial port Garmin model that works well with gpsbabel, 
and I believe the setup for USB is similar.

http://www.gpsbabel.org/os/Linux_Hotplug.html

has instructions for fedora - I'm guessing the fc{5,6,7,8} instructions 
are what would work in CentOS.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing an SSL Cert

[Michael A. Peters]

Kai Schaetzl wrote:
> Ml wrote on Tue, 26 Jan 2010 16:38:00 -0800:
> 
>> Where can I find instructions on how to install the certificate?
> 
> Exactly where you buy it. Please don't abuse this list as support for 
> everything.
> 
> Kai
> 

In fairness, when I bought my cert from godaddy, their linux docs really 
sucked. I ended up googling and following cert instructions from 
somewhere else.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.4 64-bit: Java web browser plugin for 64-bit FireFox?

[Michael A. Peters]

m.r...@5-cent.us wrote:
>> Does there exist *anywhere* a Java web browser plugin for 64-bit
>> FireFox?  The SUN 1.6 JDK (jdk-6u18-linux-amd64.rpm) does NOT
>> include the Java web browser plugin library.
>> java-1.6.0-openjdk-1.6.0.0-1.2.b09.el5.x86_64.rpm does not have one
>> either.  Should I install the *32-bit* SUN 1.6 JDK and use the
>> 32-64 bit wrapper?  I've searched the web and read the wiki (which only
>> shows installing the 32-bit Java web browser plugin).
> 
> AFAIK, they stopped doing the plugin sometime last year, and the *only*
> workaround I've seen is to install Sun's Java.
> 

iced-tea use to work, but I think around 5.2 release it broke and AFAIK 
there hasn't been an iced-tea package for CentOS since.

I personally don't miss it all that much, but it would be nice to have.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] movie software

[Michael A. Peters]

adrian kok wrote:
> Hi
> 
> Any open source software can open quick time?
> 
> and can covert from quick to other movie also?
> 
> Thank you

ffmpeg2theora does a good job at converting the h.264 that modern 
quicktime uses into Ogg Theora.

VLC does a good job at playing just about any format.

You will need to make sure you have the right libraries if you build 
them from source.

For ffmpeg2theora (and probably VLC too) there is a static binary for 
Linux at the project website.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firewire issues with CentOS/RH?

[Michael A. Peters]

MHR wrote:
> I read in another forum that CentOS has problems with Firewire drives,
> something along the lines of whenever a new kernel is booted, the
> drives are gone.
> 
> Can anyone elaborate on that?  I don't use Firewire drives (at all,
> yet), but information about this would be nice to have

Not personally experienced that issue, but when using kino to import 
from my dv camera, it almost always crashed in CentOS whenever doing 
anything that needed talking to the camera, but works *almost* 
flawlessly in Ubuntu. Same version of kino, some of libs built against 
may be different, but the biggest difference was firewire subsystem and 
firewire is where the crashes happened.

My firewire ipod however worked well in CentOS (until the ipod broke), 
so the issue may have been kino just working better with modern firewire 
subsystem than what CentOS has.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] streamripper & CentOS?

[Michael A. Peters]

Nicolas Thierry-Mieg wrote:
> Brian wrote:
>> checking for GLIB - version>= 2.16.0... no
>> *** Could not run GLIB test program, checking why...
>> *** The test program failed to compile or link. See the file
>> config.log for the
>> *** exact error that occured. This usually means GLIB is incorrectly
>> installed.
>> configure: error: Glib 2.16 or greater required
> 
> that's glib not glibc.
> Current version in C5 is
> $ rpm -q glib2
> glib2-2.12.3-4.el5_3.1
> 
> your program needs a newer glib than that provided in C5.
> I don't know how this could be solved, but probably not easily.

glib is set up so that you can install parallel versions.

Get the src.rpm from a newer distro, change the name to
compat-glib2 and tweak the spec file to build with the changed name and add

Provides: glib2 = %{version}

(and for devel - Provides glib2-devel = %{version}

Build it and it should install parallel to the stock glib2.

Of course, you may need to do the same thing with some dependencies just 
to get the compat-glib2 to build.

I might have a spec file for updated glib2 sitting around somewhere, but 
I stopped using CentOS for desktop so if that is one of the libs I had 
updated for myself, it may be older than 2.16 (I seem to remember doing 
it for 2.14) but I'll see if I have it. It may have been archived to one 
of my DVD's if I do, and I never built an index of what was on them. But 
I'll see if I can find it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] totem: something wrong with gstreamer-plugins-ugly

[Michael A. Peters]

ken wrote:

> 
> 
> So how are people getting totem to play movies?
> 
> tia.
> 
> 

I hope no one crucifies me for suggesting closed source, but I got tired 
of the issues with gstreamer-plugins-whatever and just purchased the 
fluendo codec pack.

http://www.fluendo.com/shop/product/complete-set-of-playback-plugins/

Not only does it "just work" (in both CentOS 5.x and Ubuntu Jaunty) but 
it works better than the plugins-bad and plugins-ugly ever did for me, 
especially for windows media video.

The only drawback is that they don't have an AC3 decoder. My 
understanding is that in actuality they do, but are still having trouble 
getting licensing worked out with Dolby.

I solve that issue with (only ever is an issue for me with mkv files) by 
using the following shell script:

#!/bin/bash

base=`echo $1 |sed -e s?"\.mkv$"?""?`

vidTrack=`mkvinfo ${base}.mkv |grep "Track type" |grep -n "video" |cut 
-d":" -f1`
audTrack=`mkvinfo ${base}.mkv |grep "Track type" |grep -n "audio" |cut 
-d":" -f1`

mkvextract tracks ${base}.mkv ${vidTrack}:${base}.h264
mkvextract tracks ${base}.mkv ${audTrack}:${base}.ac3

a52dec -o wavdolby ${base}.ac3 > ${base}.wav
rm -f ${base}.ac3
normalize-audio ${base}.wav


ffmpeg -i ${base}.h264 -i ${base}.wav -map 0:0 -map 1:0 -vcodec copy 
-acodec libfaac -ab 128k -y -f mp4 ${base}.mp4

rm -f ${base}.h264 ${base}.wav

-=-=-

It also doesn't play DVD's but I use xine for that, the few times I do 
need to do it (fluendo sells a dvd player too, that does do AC3, but 
reviews I've read on their dvd player are poor. The plugins though work 
well, very well)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT TTW Email Interface

[Michael A. Peters]

Susan Day wrote:
> Hi;
> I don't know what these things are called so that I can look for an OS 
> solution. I want to install an email server interface like Hotmail where 
> people can check their email TTW. What is this called? Any recommendations?
> TIA,
> Susan

I set up an imap server (dovecot) but firewall the standard ports, 
providing access via squirrelmail. It works quite well.

I also set up SpamAssassin and ClamAV with a web interface for adding to 
their personal whitelist and blacklist. Procmail filtering is also 
possible (I use it on mine) but I have not written an interface to write 
the recipes yet (but all the users have procmail set up, that's what 
actually filters spam into their spam folder)

Anyway - look at Squirrelmail. It's free and makes a nice web based imap 
client.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to send mail from console

[Michael A. Peters]

Jussi Hirvi wrote:
> Here is what I use:
> 
> mail -s "My email subject" m...@domain.com <$myfile
> 
> On some (older?) systems the command is email instead of mail. Check
>   man mail
> 
> Regards,
> Jussi

mail is the standard unix command.
Has been as long as I can remember, and I believe it is also part of LSB 
but I'm not positive on that.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [story] Thank goodness for links and caching DNS

[Michael A. Peters]

Jorge Fábregas wrote:
> On Thursday 14 January 2010 12:52:15 Michael A. Peters wrote:
>> This is the second time in the last 6 months that all three of my ISP's 
>> nameservers have gone down,
> 
> You can also use Google's free Caching Nameservers (a recent offering) with 
> some easy-to-remember ip's;
> 
> 8.8.8.8  and  8.8.4.4
> 
> They come handy in situations like these.
> 
> HTH,
> Jorge

Thanks!
Moot point now, but good to know about them.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] [story] Thank goodness for links and caching DNS

[Michael A. Peters]

Right in the middle of doing something important on my Ubuntu box, the 
web quit working. However, I could get to sites in my /etc/hosts file.

Sure enough, all three of my ISPs nameservers were down.

I'm not a DNS guy, but on my CentOS boxes I always installed a caching 
DNS out of the box since it was part of the obvious install options. So 
I set the DNS to one in my Ubuntu box, and of course the port was closed.

So I ssh'd on in, opened 53 in the firewall, and the port was still 
closed. Tried running Firefox from the CentOS box via X forwarding over 
ssh but oddly, that seemed to lauch local Ubuntu firefox which didn't 
work. All of my CentOS boxes are headless, so all my boxes with working 
nameserver resolution thus only had text internet, which I haven't used 
in years.

locate named.conf only showed some file in dbus that I knew wasn't 
right, but I was able to use links and find what I needed on google, the 
caching nameserver conf file has a slightly different filename than 
standard bind named.conf.

I followed the warning, installed the system config utility for 
modifying it, but damn - for someone who doesn't know bind, that tool is 
scary looking, intimidating, I was afraid I was going to break my 
working caching nameserver if I messed around in it.

So I backed up the file and hand edited it to add the IP to listen on, 
restarted bind, and am back in business.

This is the second time in the last 6 months that all three of my ISP's 
nameservers have gone down, I wonder if they really are the same 
physical box, maybe even same network interface. What's the point of 
them having three if they all go down at same time?

Ah well, I don't need them anymore for that. Thankfully the caching 
nameservers were already installed on my CentOS boxes, two of them now 
listens on their external interface, never again will I use my ISPs 
nameserver.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Rhythmbox won't play mp3 files

[Michael A. Peters]

Kevin Kempter wrote:

> 
> 
> Anyone know what else I need to make rhythmbox recognize/play mp3 files?

I don't know about rhythmbox - but fluendo has a free mp3 plugin that 
works extremely well for other GStreamer apps.

http://www.fluendo.com/shop/product/fluendo-mp3-decoder/

It won't allow you to use GStreamer apps to encode mp3's - but I always 
do that with lame anyway.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Laptop for CentOS-5

[Michael A. Peters]

Michael A. Peters wrote:

> 
> Back to laptop question - I have always preferred the Thinkpad T20 
> series

should read "T Series" - T20 is quite deprecated now ;)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Laptop for CentOS-5

[Michael A. Peters]

Les Mikesell wrote:
> On 1/8/2010 3:06 PM, Christoph Maser wrote:
>> Am Freitag, den 08.01.2010, 16:35 +0100 schrieb Eero Volotinen:
>>> Well, centos is not optimal system for laptop due to old drivers and
>>> so on.
>>>
>>> Personally I prefer ubuntu, fedora or opensuse on laptops.. or OSX.
>>>
>> Well that is really what the OP asked for NOT. There have been good
>> answers so far, why do Apple-junkies always tend to advertise apple
>> stuff even to other long time apple users?
> 
> Assuming you wanted an answer... For one thing the powerbooks got 'close 
> lid, sleep, open lid wake up, grab a fresh network connection and 
> continue' right about a decade ago

but they still only have one mouse button, making them a PITA for 
anything other than OS X.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Laptop for CentOS-5

[Michael A. Peters]

Robert Heller wrote:

> 
> Just about all of the low-end Dell boxes (laptops or desktops) tend to
> be low-quality boxes -- you gets what you pay for.  Higher end Dells
> seem to be OK (eg 'Workstations', servers, etc.). 

In October I found a discard Dell Optiplex GX50 - older low-end dell. 
Found it in an illegal dump pile in a field.

Replaced dead hard drive, re-attached heat sink to CPU (had become 
detached, probably when dumped - perhaps a blessing, whoever built it 
had used way too much thermal paste).

It's been running CentOS 5.x 24/7 since without a hitch.
But for laptops I think you are correct, and my found computer did have 
a problem (dead drive) when found.

-=-

Back to laptop question - I have always preferred the Thinkpad T20 
series over anything else. I would suggest running Ubuntu on it, I have 
moved all my desktop stuff to Ubuntu.

Most laptop vendors that I have seen that pre-install Ubuntu install the 
32-bit version. I use 64-bit and have no regrets, so I would recommend 
burning the 64-bit iso and installing that.

Two notes though with 64bit -

1) Don't use the Ubuntu packaged flash plugin. It is 32-bit and will 
pull in a bunch of 32-bit plugins. Get the "alpha" 64-bit plugin for 
Linux from Adobe. Works very well for me (in Ubuntu and CentOS) - and is 
more stable than the 32-bit plugin running in a wrapper.

2) I have no clue about installing a native 64-bit Java plugin. I don't 
have one and don't want one. Maybe icedtea is working for 64-bit better 
now? I got sick and tired of Java media in web pages being generally 
crappy and problematic, so I refuse to install a Java plugin anymore, 
but if you need Java plugin (IE for your work) check to make sure 64-bit 
browser plugin exists before going 64-bit (though 32-bit may work via 
wrappers)

General Desktop Note - CentOS or Ubuntu or Fedora -

1) Give Google Chrome and Midori a try. I really like both, Chrome is a 
little more polished but not open source, Midori is open source but has 
some bugs still with HTML5 multimedia (IE it won't play them if they are 
not set to autostart, but also won't revert to fallback)

2) If you don't mind using software that isn't FOSS, spend the money on 
the fluendo codec package -

http://www.fluendo.com/shop/product/complete-set-of-playback-plugins/

It handles h.264/WMV/DivX/etc. extremely well, "just works", and comes 
packaged in both RPM and .deb (as well as tarball). It does not provide 
AC3 decoding, that's my only gripe, but it does just about everything 
else much better in my experience than the "free" gstreamer plugins.

I haven't tried the fluendo DVD player (which does do AC3 decoding) but 
reviews I've seen on it are not very good, stick with something like VLC 
or Xine (my choice) for DVD playback seems to be better.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FireWire in CentOS 5.3

[Michael A. Peters]

Michael A. Peters wrote:
> Akemi Yagi wrote:
> 
>> If the current firewire kernel driver in CentOS does not work for you,
>> take a look at:
>>
>> http://blog.toracat.org/2008/12/getting-kino-to-work-on-centos-5/
>>
>> that I wrote some time ago when I tried to get my camcorder to work.
>>
>> Hope this helps,
> 
> Thanks!

With respect to permissions on the device - I did the same thing I did 
for serial port -

/etc/security/console.perms.d/51-custom.perms :

-=-=-=-=-=-
# device classes -- these are shell-style globs
=/dev/ttyS0
=/dev/fw0

# permission definitions
 0600  0660 root.uucp
 0600  0600 root.root
-=-=-=-=-=-


The perms are correct after logging in, once I have the camera I guess 
I'll see if it works.

As far as the hard drive I'll use, I think I will go SATA-II just to 
avoid any issues.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] FireWire in CentOS 5.3

[Michael A. Peters]

Akemi Yagi wrote:

> 
> If the current firewire kernel driver in CentOS does not work for you,
> take a look at:
> 
> http://blog.toracat.org/2008/12/getting-kino-to-work-on-centos-5/
> 
> that I wrote some time ago when I tried to get my camcorder to work.
> 
> Hope this helps,

Thanks!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] FireWire in CentOS 5.3

[Michael A. Peters]

I am being given a digital camcorder.

It uses Mini DV tapes and either connects via typical RCA cables (IE to 
a tv) or via FireWire. I don't have the brand on hand, but I was told it 
can be ripped to DV like any standard FireWire camcorder (I believe 
dvgrab will be sufficient).

I just installed an older FireWire card I have that I used at one point 
in Fedora for my iPod. It was a PITA back then because sometimes an 
update to Fedora would break the kernel module, so I ended up just using 
USB. That was some time ago.

I scrapped that computer but kept the cards, and have now installed the 
card in my current computer in hopes that I will be able to go from the 
camera to HD in preparation for editing / transcoding (to theora) for 
the web.

lspci reports the following info:

01:08.0 FireWire (IEEE 1394): Texas Instruments TSB12LV26 IEEE-1394 
Controller (Link)

What is the current state of FireWire in CentOS ?

Will there be a need to build a custom kernel I boot into when I want to 
attach the camera and rip digital video from it?

If it matters, I'm 64-bit.

I assume I can always plug the camera into my DVD recorder attached to 
my TV and slip then rip the content from the DVD-R in CentOS but I 
suspect I'll get better quality going straight from camera to hard disk 
as I believe the above method is digital to analog to digital, and I 
believe using dvgrab also results in higher resolution to start with.

On the subject of hard disk, I'm probably going to buy another disk for 
ripping the content. I can go SATA II internal but I'm a little worried 
about heat since my home is not air conditioned, would an external 
FireWire drive be a good option or am I better really better off going 
internal SATA II?

The card (and camera) are original FireWire 400, not the faster FireWire 
800 that's been out for awhile now.

Thanks for any suggestions.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Gallery2 under CentOS-5.3

[Michael A. Peters]

Timothy Murphy wrote:
> I asked about 18 months ago if gallery2 was available
> in any of the CentOS repositories,
> and it seemed that at that time it was not.
> However, there was some talk of putting it in epel or epel-testing.
> But I looked just now, and did not find it there.
> 
> I actually installed gallery2 on my server
> by following the instructions at
> .
> But I've had a slight http problem on the server
> which might be related to gallery2
> (wireshark seemed to show some odd calls on gallery2);
> so I was wondering if there was yet an official CentOS implementation?
> 
> 

I no longer am using gallery 2 but awhile back I did it using the noarch 
RPMs from Fedora 9.

However, I was running php 5.2.6 and not the 5.1.x that CentOS ships 
with. I do not believe that makes a difference.

If I recall - I also had to install php-Smarty from Fedora 9 (also a 
noarch rpm).

F9 I think is EOL - so try the F10 noarch RPMs. Look in F10 updates first.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 3.5 Issues

[Michael A. Peters]

Mike A. Harris wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Ron Blizzard wrote:
> 
> (followup on original post from previous reply)
> 
>> I downloaded Firefox 3.5 from the M. Harris site and, for the most
>> part, have had good luck with it. But I have also had hard crashes
>> that take down CentOS, not just Firefox.
> 
> That is definitely not a firefox bug.
> 
> 
>> It happened to me twice on eBay (on the same page) -- and now I can
>> replicate it as many times as I want by going to...
>>
>> http://wiki.centos.org/Newsletter
>> ...and choosing one of the two newsletters, linked there.
> 
> I've just visited that page and clicked on both links and it works fine.
>  I've even disabled all of my security/privacy extensions on that page
> and it still works fine.  If the page is causing your system to crash,
> I'd start examining /var/log/messages and your X server log for kernel
> panics or Oops et al.

Where it happens with me is the i386 build on a Thinkpad T20.
I'll have to check the driver.

It does not happen on my x86_64 running proprietary nvidia driver.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 3.5 Issues

[Michael A. Peters]

Michael A. Peters wrote:

> 
> My suspicion is that it has to do with the language packs, since the 
> same src.rpm built w/o disabling language packs doesn't crash in CentOS 
> 5.3 on either arch.

I feel like such a dope.

I forgot to run createrepo on my private i386 repo so when I removed the 
mh built 3.5 and yum installed firefox to get what I built, it grabbed 
3.0.11 and I didn't even notice.

I realized this when I looked at the spec file and saw there was no way 
in hot firey place that the default start page could be anything other 
than the fedora start page.

Since I don't feel like crashing my laptop, I won't check it now - but I 
*don't* know that my i386 ff35 build works with the crash page, I only 
know the x86_64 works - and it probably isn't language packs, the 
language packs aren't in my x86_64 or i386 builds.

I thought they were because I saw a bunch of language packs after the 
i386 yum install that grabbed 3.0.11 that I though grabbed 3.5.

Arrgggh.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 3.5 Issues

[Michael A. Peters]

Robert Nichols wrote:
> John R Pierce wrote:
>> Ron Blizzard wrote:
>>> I downloaded Firefox 3.5 from the M. Harris site and, for the most
>>> part, have had good luck with it. But I have also had hard crashes
>>> that take down CentOS, not just Firefox.
>>>
>>> It happened to me twice on eBay (on the same page) -- and now I can
>>> replicate it as many times as I want by going to...
>>>
>>> http://wiki.centos.org/Newsletter
>>>
>>> ...and choosing one of the two newsletters, linked there.
>>>
>>>   
>> FWIW (about $0.0002), Firefox 3.5 on Windows XP (32bit) doesn't crash on 
>> either newsletter.
> 
> Nor does Firefox 3.5 running on Fedora 11.  No problem at all.
> 
> +0.0002   ;-)
> 

My suspicion is that it has to do with the language packs, since the 
same src.rpm built w/o disabling language packs doesn't crash in CentOS 
5.3 on either arch.



I wonder if that is what triggers it - IE a crash when FireFox can't 
find the language pack for "en".

Maybe try fetching the page with wget, removing that, and see what happens?

Also of interest - the mh build gave a Fedora start page, the build I 
did gave a CentOS start page. Maybe his mock config didn't define the 
rhel macro, so the build did some thing the Fedora way.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 3.5 Issues

[Michael A. Peters]

Michael A. Peters wrote:
> Michael A. Peters wrote:
> 
>>> I'm writing for a couple reasons.
>>>
>>> I'm curious to see if this is only my problem, or if other have
>>> experienced it or can replicate it.
>> Confirmed - also i386 mharris packaging.
> 
> update - it didn't actually bring the OS down, it brought X11 down - 
> though it looked like CentOS was down. Pressing the power button 
> (thinkpad) resulted in X11 restarting followed by a clean shutdown.

My own i386 build of firefox also does not crash (built when I did 
x86_64 build but I never installed it until now).

Only difference in spec file was I added pcre-devel to BuildRequires 
before building it - but the my build also has all the language packs.

Not sure if that's the difference or not.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 3.5 Issues

[Michael A. Peters]

Michael A. Peters wrote:

>> I'm writing for a couple reasons.
>>
>> I'm curious to see if this is only my problem, or if other have
>> experienced it or can replicate it.
> 
> Confirmed - also i386 mharris packaging.

update - it didn't actually bring the OS down, it brought X11 down - 
though it looked like CentOS was down. Pressing the power button 
(thinkpad) resulted in X11 restarting followed by a clean shutdown.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 3.5 Issues

[Michael A. Peters]

Ron Blizzard wrote:
> I downloaded Firefox 3.5 from the M. Harris site and, for the most
> part, have had good luck with it. But I have also had hard crashes
> that take down CentOS, not just Firefox.
> 
> It happened to me twice on eBay (on the same page) -- and now I can
> replicate it as many times as I want by going to...
> 
> http://wiki.centos.org/Newsletter
> 
> ...and choosing one of the two newsletters, linked there.
> 
> I'm writing for a couple reasons.
> 
> I'm curious to see if this is only my problem, or if other have
> experienced it or can replicate it.

My x86_64 build does not crash on the newsletters, interestingly enough.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox 3.5 Issues

[Michael A. Peters]

Ron Blizzard wrote:
> I downloaded Firefox 3.5 from the M. Harris site and, for the most
> part, have had good luck with it. But I have also had hard crashes
> that take down CentOS, not just Firefox.
> 
> It happened to me twice on eBay (on the same page) -- and now I can
> replicate it as many times as I want by going to...
> 
> http://wiki.centos.org/Newsletter
> 
> ...and choosing one of the two newsletters, linked there.
> 
> I'm writing for a couple reasons.
> 
> I'm curious to see if this is only my problem, or if other have
> experienced it or can replicate it.

Confirmed - also i386 mharris packaging.

Tring x86_64 (rebuild of his src.rpm) momentarily ...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hardware requirements for Centos 2

[Michael A. Peters]

Niki Kovacs wrote:
> Dmitry a écrit :
>> Hi.
>>
>> Could you please give me advice about issue described below.
>>
>> My friends have to use a PC with old hardware for a few months. They've 
>> got 128MB of RAM, 20 GB hard drive; Pentium 3 processor.
>>
>> At the moment they have windows xp running on it, but it's very slow.
>>
>> What are the system requirements for CentOS 2 or any other version of 
>> this OS that may be suitable?
>>
>> Can you recommend any other Linux distro that would be easy to install 
>> and to use?
> 
> Yes. CentOS 5. Start with a minimal install (base system). Install and 
> configure X. Only install packages you really need, be sure to 
> deactivate all unnecessary services. Go for XFCE, IceWM, Fluxbox or some 
> other lighter window manager. This sort of configuration is running in 
> my neighbour's home, I installed it for them on their old PIII-500 with 
> 128 MB RAM.
> 

To add - I run CentOS 5 just fine on an IBM Thinkpad T20 (700MHz PIII 
when plugged in, 550MHz on battery) with 384MB of ram.

I ran it just fine on 256MB until one of the ram modules died. I then 
ran it on 128MB painfully while waiting for the replacement (256MB) chip 
to arrive. Note though that I'm running the full gnome GUI.

Disable JavaScript except when you absolutely must have it, browsing 
with JS / flash enabled crashes low memory machines.

Don't use OpenOffice - AbiWord an Gnumeric both do well on low memory 
machines. For that matter, so does LaTeX as it just uses a text editor 
until you are ready to compile your document, but LaTeX has quite a 
learning curve.

If the 20GB HD is a 5400RPM (probably is) try to get a 7200RPM drive - 
that's what I did in my old laptop and the difference was night and day.

If it is a desktop, and you do replace the drive with faster spinning, 
if there's room to continue using the older drive - you can use the 
older drive as dedicated swap, which will help a lot. You don't need 
20GB of swap, you can partition it, but don't use the non swap for 
anything much other than storage of stuff you don't need to access often.

This, btw, is what I love about Linux. Old hardware stays useful for 
much longer, reducing waste in the land fills.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dag's comment at linuxtag

[Michael A. Peters]

Les Mikesell wrote:
> Michael A. Peters wrote:
>> How it interacts with epel I don't really care about, but it should not 
>> update vendor packages, and anything that requires an updated vendor 
>> package will be broken on yum configurations that protect the base install.
> 
> I think you've confused rpmforge with something else.   If you are happy with 
> a 
> base install you probably shouldn't be using it.
> 

I only use rpmforge for a few packages, I use priorities and it is set 
to lowest. I think my nvidia driver is from them, and one dependency I 
need for xine non-free (private package) I think is from them. I use to 
maintain my own nvidia driver via the old kmod rebuild every update 
method but their packaging was superior.

I don't know what rpmforge has in general, I was just replying to the 
comment about needing to update python in order to get a package to 
build. Python really should not be updated. Parallel install OK, but 
updating the system python is asking for a fubar system.

If rpmforge does not do that, then it clearly isn't an issue.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] server is always getting hacked

[Michael A. Peters]

Robert Heller wrote:
> At Wed, 01 Jul 2009 16:08:08 -0600 CentOS mailing list  
> wrote:
> 
>> On Wed, 01 Jul 2009 15:05:58 -0700
>> Gary Greene wrote:
>>
>>> . With sudo,
>>> you get a record of what command was executed with superuser rights by whom
>>> at whenever given hour.
>> sudo bash
> 
> Which in turn is logged.  Such a log entry might raise a red flag.
> 
> 

Speaking of logged - I don't do this but Dad set up his systems 
(solaris) to immediately boot the user and send an alert to the operator 
if the root user issued the id command and had not become root from a 
member of the wheel group.

He was a university admin, they had to have telnet open because of grad 
students doing research in countries that did not allow secure 
connections. Most of the time, that single action got the hacker off 
before any damage was done. Those were primarily Solaris systems he 
dealt with.

They also had a log server that everything was logged to (off the 
network, fed I think by serial cable if I recall but it may have been 
cat 5 - sun had funny looking serial ports that took a cat 5 jacks to 
me), as local logs are easily modified once you have a root shell.

But I don't personally deal with any systems that big and complex.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] server is always getting hacked

[Michael A. Peters]

Warren Young wrote:
> Michael A. Peters wrote:
>> I still don't understand how using sudo instead of su makes it more secure.
> 
> Let's start with the simple case where only one person needs superuser 
> type privileges on a given machine.  What, then, is the difference 
> between sudo and su -?  There has to be one all-powerful superuser on 
> such a machine, right?

The difference is that the root user (when sshd is properly configured) 
can not log in remotely even if the root password is guessed. While it 
is possible to set a different password for sudo, if a brute force gets 
your password the remote use can then sudo login or sudo sh.

I remember one of my passwords that I thought was good, I typed it in 
some web form that checks the security of password, and it turned out my 
password was one character off of a leet speak translation of a klingon 
word, and therefore while not super weak, was vulnerable to brute force 
by someone using a klingon dictionary (and they are readily available).

Requiring a pass phrase works to mitigate that, but on multiuser 
systems, unless everyone using it is a geek, requiring pass phrase just 
isn't possible. It is too difficult for the common user to set up.

> 
> That's true, but it ignores human nature.  Human nature, in a world 
> without sudo, is to leave a root terminal up all the time so you don't 
> have to keep su'ing up to root and then logging back out.  The default 
> configuration for sudo ameliorates this problem by remembering your 
> password for a short time, so you can do another sudo command shortly 
> after without giving your password again.  Once the user stops invoking 
> sudo long enough to let the timer expire, root privileges are 
> automatically revoked.

That is a valid point, but only really matters if you make a habit of 
leaving your workstation without locking your screen, which if you have 
root access, is the kind of thing that should get you fired because all 
kinds of nasties can be done while you are at the bathroom. I use to 
screw with the .bashrc file of the web developers when they went to 
lunch w/o locking their screen. None of them had root on sensitive 
systems though.

It was funny to watch one of them reinstall because his cdrom kept 
ejecting every time he used the ls command - but he did not wipe /home 
after his reinstall.

> 
> This has two main benefits to security:
> 
> 1. On walking away from your computer, you're less likely to leave it in 
> a state that gives anyone walking up to it root access.
> 
> 2. The extra "sudo" prefix you need in front of every command you want 
> run as root makes it less likely that you will accidentally run a 
> command as root that you should only run as a regular user.

That's what su --command is for.
I very rarely have a root shell open because most things can be done via

su -c 'foo'

> 
> Now take the more common case for an enterprise distro like CentOS, 
> where more than one person needs some level of superuser access.  sudo 
> provides more benefits in that case:

Yes it does, but should be not be configured to allow spawning of a 
shell, as almost every single sudo install I have ever seen does, 
effectively creating numerous root passwords.

Saying that using sudo instead of su makes a box more secure is only 
true if your system administrator knows how to configure sudo. If they 
do, then they probably don't need to be told to use sudo. If they don't, 
then they should be pointed to documentation that explains the inherent 
dangers.

Otherwise, human nature is to allow sudo to do anything, because it 
work, but is not secure - just like almost every freaking php web app 
out there in the install file tells users to chmod 777 directories and 
files. It works for both mod_php and php-cgi, but is not secure (and is 
not the best way in either scenario, especially on shared hosts, which 
really should run php as a cgi negating the need for chmod all together)

Another option is to properly set up the system to begin with - a lot of 
what junior admins need to do can be done with wrappers, and some things 
don't need root access at all - IE set up a texlive user for texlive 
administration and your tex guy doesn't need root to update the system 
tex install (either via the tlmgr or rsync).

Using sudo instead of su does not make a system more secure. It can, but 
it can also make it less secure.

// gets of soap box

-=-=-=-=-

With respect to pam management of su - that's cool, wasn't aware there 
was a pam module that did that.

Still not as good as bsd su IMHO as it relies on pam, but it's something 
I'm definitely going to start using.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dag's comment at linuxtag

[Michael A. Peters]

Radu-Cristian FOTESCU wrote:
>> Buildlogs are available from:
>>
>> http://packages.sw.be/comix/_buildlogs/
>>
>> I hope you come back and tell me what was your problem.
> 
> I have to be back on my continent before addressing this issue.
> So far, I can see that the build of Comix seems to have been done
> by Dries, and that it was successful in April 2009.
> 
> I am pretty much sure I can prove it *won't* compile on any EL5 clone
> with the officially available versions of:
> BuildRequires: python, python-imaging, pygtk2-devel
> 
> I am not sure what mushrooms were installed on the build machine.
> It *doesn't* build with:
>   pygtk2-devel-2.10.1-12.el5.i386
>   python-imaging-devel-1.1.5-5.el5.i386
> Which is whatever EL5 has.
> 
> I can see that RF has a slightly newer version of 
>   python-imaging-1.1.6-2.el5.rf.i386
> but as long as the SPEC file doesn't require a newer version
> than 1.1.5, nor does the tarball's Makefile, I *don't* pull
> updates from RF.

I don't find updating something like python acceptable.
If I have to update the CentOS provided python, then the newer python 
had better be packaged as a compat package that does not conflict with 
the vendor supported version of python, or I don't want it.

I'd run Fedora or Ubuntu if I wanted to break RHEL compatibility.

If the issue of it building is the python version, then it should be 
backported or not included in the repo. That's my opinion.

I've had enough stuff I build on my system break when an EPEL package 
updates the version (IE xine-lib which had several updates to version in 
past 6 months or so), updating versions is not something an enterprise 
distribution should do without careful thought, and neither should third 
party general repos.

Third party specific repos (IE a repo dedicated to newer php) - that's a 
different story, and requires the user add excludes to things like base 
and updates yum configuration. But a general purpose repo that provides 
add ons should not update base packages.

How it interacts with epel I don't really care about, but it should not 
update vendor packages, and anything that requires an updated vendor 
package will be broken on yum configurations that protect the base install.

While maybe not HFS compliant, it should be possible to build a newer 
python in, say, /opt/rpmforge and rpmforge (or whatever) packages that 
specifically need that newer python can call /opt/rpmforge/bin/python 
full path.

Most library packages can have updates available with a simple 
foo-compat package name, devel packages sometimes conflict but you can 
usually leave the devel packages in repo and let them be installed by 
mock during build of software that needs the alternate library version.

There are solutions for most things that do not require replacing a 
vendor supplied package. Hell, even gnome can be updated into /opt if 
you wanted newer gnome but stability of centos base (probably would take 
a hell of a lot of compat packages though ...)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Playing with php 5.3.0

[Michael A. Peters]

Even though I do not recommend it for production yet, I packaged and am 
playing with php 5.3.0 - src.rpm at

http://www.clfsrpm.net/php53/

(needed epel to build)

Other than the suhosin loadable module messing up pear's ability to do 
anything, initial tests show it working fairly well.

Looks like the enchant module is a nogo on CentOS (aspell too old) but 
in the few hours of testing, none of my code (yet) is broken in it.

There are some warnings in the log files w/ respect to squirrelmail and 
setting time zone (stock centos squirrelmail), I'll have to look into 
that, and the php src.rpm there actually has a minor bug - it should 
obsolete/provide pecl-Fileinfo, but I'll wait for suhosin to come up 
with their patch to core php before I bother to update.

Anyway, it's there for anyone who feels like playing with 5.3.0 to see 
what breaks, you just to rebuild the src.rpm.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] server is always getting hacked

[Michael A. Peters]

Michael A. Peters wrote:
> Sander Snel wrote:
> 
>> 10. use sudo instead of su -
> 
> How does that help?

I still don't understand how using sudo instead of su makes it more secure.

If the user does not have the root password that the only danger to su - 
is brute force from local account, but you can protect against that, and 
the same issue exists with sudo.

With sudo, very often the password is same as the admin's password - so 
if the admin account is brute forced the cracker then can use sudo to 
gain root.

What would be a security enhancement would be to borrow the bsd su which 
only allows you to su to root from a wheel group account.

I never understood why gnu su didn't implement that.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dag's comment at linuxtag

[Michael A. Peters]

Radu-Cristian FOTESCU wrote:

> 
> As I said, and as everyone on this list knows: 
> KB is not a person to talk with. Usually, KB would
> throw offensive assertion to people. No matter 
> what KB would say, and no matter how important is
> KB to the CentOS project, a quick search through 
> the centos ML archives would show that KB is not 
> someone easy to deal with.

Not been my personal experience.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dag's comment at linuxtag

[Michael A. Peters]

Radu-Cristian FOTESCU wrote:

> 
> 
>> If a SRPMS builds under CentOS 5.0 and it doesn't
>> under 5.3,then this package is broekn.
>>
>> Ok, you're making it yourself very hard now, but I 
>> will accept scripts/tools that can verify this. 
>> I don't think any other repository is 
>> even doing this though.
> 
> Now you're wrong. You must be wrong.


Unfortunately there has not been the binary compatibility I had hoped 
for. The move to FireFox 3 was an understandably necessary change that 
broke some stuff, but other things (especially in EPEL) have been 
updated that in a perfect world would have only had security patches and 
functionallity fixes backported to them.

However, the man power just doesn't exist to maintain EPEL that way.

> 
> Say, TUV releases EL5.3. I am *sure* they rebuild *all* the
> packages, not only whatever was affected on the way from 5.2->5.3.
> 
> This is what *each* and every repo should be doing when EL releases
> a point update: to rebuild EVERYTHING, just to check it still works.

This I agree with, to a point.
Not everything needs a rebuild pushed, but certainly anything that 
doesn't build should have the spec fixed for new release, a mass rebuild 
(even if not all are actually pushed) can detect that.

I suspect again though it is a matter of resources not existing.
If shared libraries rarely ever changed though, then there would be less 
of this type of problem, but unfortunately they do change, at least in 
the third party repos.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] server is always getting hacked

[Michael A. Peters]

Sander Snel wrote:

> 10. use sudo instead of su -

How does that help?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [offtopic] Fedora 11 RPM's funny?

[Michael A. Peters]

Frank Cox wrote:
> On Wed, 24 Jun 2009 16:55:52 -0700
> Michael A. Peters wrote:
> 
>> Are they any utilities, other than installing Fedora 11 and setting the 
>> macros described in that thread and rebuilding the src.rpm, to resolve 
>> the issue?
> 
> What about extracting it manually?  The built-in Nautilus doodad can pull 
> files
> out of rpms.
> 

Thank you!
That seems to work, though I have to manually put the files in my rpm 
build tree. Better than nothing I suppose :)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [offtopic] Fedora 11 RPM's funny?

[Michael A. Peters]

Michael A. Peters wrote:
> Is there something funny about rpm in Fedora 11 that causes cpio errors 
> when trying to install src.rpm's in CentOS 5.3, or am I just getting 
> repeated bad downloads?
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

Ah -

https://fcp.surfsite.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=70857&forum=11

Seems like rpm in Fedora 11 does some stuff that breaks backwards 
compatibility.

Are they any utilities, other than installing Fedora 11 and setting the 
macros described in that thread and rebuilding the src.rpm, to resolve 
the issue?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] [offtopic] Fedora 11 RPM's funny?

[Michael A. Peters]

Is there something funny about rpm in Fedora 11 that causes cpio errors 
when trying to install src.rpm's in CentOS 5.3, or am I just getting 
repeated bad downloads?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Another Postfix (or procmail ??) question

[Michael A. Peters]

Is there a simple way to strip out what I assume is a header that asks 
for a receipt that the message was delivered?

I never like to send such receipts, and they are annoying.

It mostly happens on a couple lists I'm on (not this one) - I don't just 
want it for myself, I may be setting up a list soon and if soon, would 
want to strip such requests out of the message before the list server 
sends it to the list.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix question: How to reject email with a certain subject header

[Michael A. Peters]

John R Pierce wrote:

> 
> The problem with that approach is that its global to the server.I 
> dislike putting filtering rules like that in the system, and prefer to 
> do them on a per user basis, hence my postmailrc suggestion (except I 
> don't know if CentOS uses postmail as the delivery agent for postfix)
> 
> 

I don't believe it does.
At least not with a standard postfix configuration.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 update do RHEL 5.3

[Michael A. Peters]

Filipe Brandenburger wrote:

> 
> If you really need Red Hat, you should do a clean install. Period.

++
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to build php5-cgi from source

[Michael A. Peters]

Tim Ke wrote:
> Does anyone has experience on how to build php5-cgi from source?

If you need newer than php 5.1.x you can start with the current Fedora 
src.rpm - all the build dependencies are in EPEL.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hosting provider with CentOS shell?

[Michael A. Peters]

Matt Harrington wrote:
> I need a hosting provider just like Dreamhost.net's shared hosting
> service, but with a CentOS shell instead of Debian.  Any pointers?

Linode offers you a xen virtual host - you can pick any distro you want, 
including CentOS, and you get root. About $20 a month.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] XSS (was Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....)

[Michael A. Peters]

Bob Hoffman wrote:

 > Since each install uses the same pages basically, it is easy for a 
autobot
 > to find them all and zero day your forums, xss your whatever, and so on.
 >
 > Dang scary to leave JS on at alleven though you basically have too.

Mozilla is beginning to address this issue with Content Security Policy

-=-
http://people.mozilla.org/~bsterne/content-security-policy/
-=-

CSP will require pro-active webmasters who use it and browsers that 
enforce the client side enforcement, but it's a step in the right direction.

I wrote a php class that partially implements CSP server side as an 
output filter

-=-
http://www.clfsrpm.net/xss/
-=-

It's DOMDocument based and thus requires the php xml stuff, I've only 
tested it under php 5.2.9 but it should work in 5.x.

The class does have some limitations, namely the document must be fully 
constructed and sent through the class before any of it is sent to the 
browser so web apps that do a lot of echo() and print() have to be 
re-written to not send anything until the page is fully constructed, and 
I've also found it has performance issues on complex pages with a lot of 
nodes, so for those kinds of pages I just create the page with the 
dynamic content first, send it through the filter, then create the nodes 
for static content I know is clean and use DOMDocument facilities to add 
those nodes before outputing the page to the client.

It's not possible to completely implement CSP server side, but the class 
will catch most violations of a CSP policy and thus give some protection 
to users who are not running a CSP aware web browser.

Another gotcha with the class, it seems importHTML() is not mb safe so 
if using importHTML() to get the document into a DOMDocument object for 
filtering, and the document contains any multi-byte characters, it seems 
libxml2 will encode them and there seems to be no way to stop it from 
doing it (at least with the php wrapper to libxml2). However if the 
document to be filtered is xhtml, you can use importXML() on it libxml2 
does the right thing in leaving the mb characters alone. Once filtered, 
you can use saveHTML() to produce html instead of xhtml for browser 
compatibility, it seems saveHTML() is mb safe.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Michael A. Peters]

Neil Aggarwal wrote:
> Maco:
> 
>> i have other mandriva boxes and they all are ok. i m just so 
>> surprised that a centos box got compromised.
> 
> If you are not doing anything silly in your server
> configuration, this is not a CentOS issue.
> 
> Anything *can* be hacked.  It just so happens
> that it was your CentOS box this time.

My two cents here

I'm probably stating the obvious here for many users, but ... -

For web apps installed from CentOS / EPEL /etc - modify the 
configuration file to change apache alias directive.

Look at your web logs sometime, whether or not you use apps like 
phpmyadmin or squirrelmail, you will see requests to where CentOS (and 
other distros) make those apps available by default.

These requests are usually either brute force attacks against those apps 
or trying known (often patched if you keep yum up to date) exploits for 
them.

By changing the alias in the configuration file, when a new exploit is 
found and the script kiddies launch their scripts against the web, 
they'll likely miss your box unless they know where to send the request to.

Yes, that's security by obscurity, but security by obscurity will 
protect you from most script kitty attacks, and may prevent you from 
being owned by a close to zero day exploit.

For things like squirrelmail, don't allow it over http, require it be 
done over https to avoid any sniffing (open networks at coffee shops or 
student labs or common places for sniffing).

I recommend using suhosin for php - and use some of the suhosin 
directives that lock down the php install, such as not allowing shell 
execution from within php.

That will break some apps (IE squirrelmail requires exec to send a 
message) but you can specifically enable it for certain web apps and you 
may be able to patch some apps to no longer need shell execution (IE I 
believe that squirrelmail could be patched to use php's native mail 
interface, maybe even easily by using phpMailer, but I've not tried).

If you look in pear and pecl, you can sometimes find native ways to do 
what many apps currently want shell execution for - IE if you use shell 
execution for ImageMagick, there's a pecl binary extension you can build 
to do it in pure php w/o calling exec() thus allowing you turn off 
exec() via suhosin.

Many web applications are (historically anyway) vulnerable to sql 
injection attacks. These attacks can be used to get password hashes that 
allow the attacker to crack user accounts and elevate their privileges 
within the web app. Many of web applications out there in common use 
have not been audited.

SQL injection can pretty much be neutered by using prepared statements, 
so check your web app to see if it uses prepared statements and if it 
doesn't, port it to use prepared statements.

I personally port them to use the pear::mdb2 abstraction layer at the 
same time, giving me a little more flexibility in case I ever decide I 
don't want to use MySQL anymore.

And for user password hashes, one thing you'll find is that there are 
some passwords that are very commonly used, so if all you do to make 
your hash is some variant of md5sum($pass . $salt) and a cracker does 
get the hash - he just has to look for hashes that occur often and try 
the passwords used frequently against those accounts.

md5sum($pass . strtolower($username) . $salt) or something like that 
results in unique hashes for two accounts even if the two accounts have 
identical passwords.

Another problem many web applications have is they want the 
configuration file to be writeable by the web server - and even worse, 
executed by the web server as a script. I do not believe that is the 
case for any web apps in rhel/centos or epel, but for something you grab 
off the web (IE the sphyder search engine) that often is the case. Any 
web app that has a hole can then be used to trick apache into writing to 
that configuration file resulting in apache then executing the malicious 
code.

Make damn sure those configuration files are only readable by the web 
server, hand edit them to make changes. If you MUST use the admin 
interface of those apps to change configuration, then make a database 
table to hold the configurations and port the app to get its 
configuration from the database rather than flat file that apache can 
write to that the web app then parses as php.

Basically, audit every app out there you plan to use - the people who 
write these web applications often don't take security into 
consideration before they upload them to their server for your consumption.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[Michael A. Peters]

Les Mikesell wrote:

> 
> I'd recommend looking at backuppc instead of amanda if you mostly want 
> on-line storage.  Its storage scheme will hold a much longer history in 
> the same amount of space and it has a handy web interface for browsing 
> and restores.

I'd rather have something that has a client side daemon that just does 
it w/o users needing to initiate it.

I'm not worried about longer history, anything I do I need history on I 
already do with svn.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[Michael A. Peters]

Gordon Messmer wrote:
> On 06/01/2009 07:52 PM, Michael A. Peters wrote:
>> I've read a lot of different reports that suggest at this point in time,
>> kernel software raid is in most cases better than controller raid.
> 
> There are certainly a lot of people who feel that way.  It depends on 
> what your priorities are.  Hardware RAID has the advantage of offloading 
> some calculations from the CPU, and has a write cache which can decrease 
> memory use.  However, both of those are relatively expensive, and 
> there's no clear evidence that your money is better put into the RAID 
> card than into faster CPU and more memory.  Another important 
> consideration is that hardware RAID will (must!) have a battery backup 
> so that any scheduled writes can be completed later in the case of power 
> loss.  If you decide to use software RAID, I would strongly advise you 
> to use a UPS, and to make sure your system monitors it and shuts down in 
> the event of power loss.

Yes - my home systems are all on UPS with automated shutdown after 5 
minutes of no power. Display is on there too, so that in event of power 
outage while I'm using, I can save all my work.

I guess from the discussion that hardware raid is definitely still the 
way to go for servers, where the guy at the colo can simply swap out a 
dead drive if need be w/o any serious downtime etc.

What I'm personally interested in doing is building an amanda server for 
my home network, backing up /home and /etc from my 3 other computers, 
but virtual tapes (disk images) instead of real tapes, once blueray 
media becomes cheap enough to burn the virtual tapes as a secondary 
backup, but I primarily want the virtual tapes stored on a redundant 
raid so that recovering will be easier (no need to go from blue ray 
unless the raid failed)

I'm guessing for that software raid is probably good enough because the 
unit will be idle most of the time and cpu cycles won't be a needed 
commodity. In fact, I may even want something that sleeps and wakes on 
lan activity so that it doesn't waste as much power when it's just 
sitting there.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Why yum-cron is only at x86_64 system?

[Michael A. Peters]

MontyRee wrote:
> Hello, all.
> 
> 
> I have operated centos 4.x and 5.x system.
> 
> for 4.x system, I auto update using yum and for 5.x system, using
> yum-cron.
> 
> but I can't find any yum-cron package (i386) like below.
> 
> # yum search yum-cron(at i686, centox 5.3)
> 
> Warning: No matches found for: yum-cron No Matches found
> 
> # yum search yum-cron(at x86_64, centos 5.3) 
>  Matched:
> yum-cron = 
> yum-cron.noarch : Files needed to run yum updates as a cron job
> 
> 
> I don't know why the result was different?
> 
> 
> Thanks in advance.

To the best of my knowledge, yum-cron is depricated and has been
replaced with an update daemon of it's own.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[Michael A. Peters]

-=- starting as new thread as it is off topic from controller thread -=-

Ross Walker wrote:

 >
 > The real key is the controller though. Get one that can do hardware
 > RAID1/10, 5/50, 6/60, if it can do both SATA and SAS even better and
 > get a battery backed write-back cache, the bigger the better, 256MB
 > good, 512MB better, 1GB best.

I've read a lot of different reports that suggest at this point in time, 
kernel software raid is in most cases better than controller raid.

The basic argument seems to be that CPU's are fast enough now that the 
limitation on throughput is the drive itself, and that SATA resolved the 
bottleneck that PATA caused with kernel raid. The arguments then go on 
to give numerous examples where a failing hardware raid controller 
CAUSED data loss, where a raid card died and an identical raid card had 
to be scrounged from eBay to even read the data on the drives, etc. - 
problems that apparently don't happen with kernel software raid.

The main exception I've seen to using software raid are high 
availability setups where a separate external unit ($$$) provides the 
same hard disk to multiple servers. Then the raid can't really be in the 
kernel but has to be in the hardware.

I'd be very interested in hearing opinions on this subject.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Changing a user's shell on CentOS Directory Server?

[Michael A. Peters]

Bill Campbell wrote:
> On Sun, May 31, 2009, Matt Harrington wrote:
>> Should unprivileged users be able to change their shell with lchsh on
>> 5.3 and, if it matters, CentOS Directory Server?  lchsh seems to
>> require more open permissions than those which come with a default
>> installation:
> 
> Personally I would not permit uses to change their shells, but
> require appropriate admin privileges.  I have seen systems hacks
> made via webmin or usermin where the user's shell was changed
> from /bin/false to /bin/bash, then the account used to install
> user-level bots that definately should not have been there.

Any tool that changes the shell should have a whitelist of shells the 
user account must currently be set to or it exits, and probably should 
validate the new shell is in that white list as well before it changes it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrade GTK2 from 2.10 to 2.12 ?

[Michael A. Peters]

Niki Kovacs wrote:
> nate a écrit :
>> Try it out and see what happens.. since the version change seems
>> pretty minor I wouldn't expect too much breakage .. Though to be
>> on the safe side it's probably good to install it to another
>> directory(/usr/local or something) and change the package name so
>> it doesn't conflict.
>>
>> When building your new programs just be sure that you point them
>> to the other version of GTK via LD_LIBRARY_PATH CPPFLAGS etc..
>>
> 
> I did quite a lot of researching and fiddling, and in the end, after 
> weighing the pros and the cons... I guess I'll wait for CentOS 6 to 
> build these new apps.

If I recall - gtk is one of the nicer apps in that it properly uses 
pkgconfig allowing multiple versions to be installed side by side.

What you could probably do is take a more recent src.rpm from a more 
recent Fedora and change the package name to compat-gtk2 and it probably 
will nicely install side (including devel packages) with stock gtk2+

Note that if what you want are newer GNOME apps - GNOME libraries 
version often so you may find yourself needing to build several newer 
libraries to get a modern GNOME application to build.

I've not tried building a newer gtk2+ on CentOS but until I switched to 
CentOS, I frequently built older versions of gtk2+ to install side by 
side with stock Fedora because Fedora was so bleeding edge that some 
small developer base special projects I used were always 1 or 2 versions 
behind.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] problem with centos upgrade

[Michael A. Peters]

John R Pierce wrote:
> fabian dacunha wrote:
>> Dear All,
>>
>> I have a centos 5 server running my mail and Dns working fine
>>
>> but when i try to do u yum ugrade or yum update it gives me lots of perl
>> errors and it terminates
>>
>> OS is centos 5 (final)
>>
>> the part of errors reported
>> -
>>
>>   file /usr/lib/perl5/5.8.8/Math/BigFloat.pm from install of
>> perl-5.8.8-18.el5_3.1 conflicts with file from package
>> perl-Math-BigInt-1.86-1
>>   
> .
> 
> 
> have you by any chance ever used CPAN to install perl modules ?
> 
> 

cpan wouldn't cause RPM conflicts, since rpm doesn't know about what 
CPAN installs.
Chances are he has some perl RPM's from a third party repo.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] madwifi not working for 5.2 x64

[Michael A. Peters]

Michael A. Peters wrote:
> Dag Wieers wrote:
>> On Fri, 10 Apr 2009, sumit agarwal wrote:
>>
>>> i installed madwifi on 5.2 x64 but it dosent seem to be working
>>> any clues?
>> For people with madwifi issues or looking for a better solution to Atheros 
>> support, the elrepo repository is tesing new backported ath5k drivers that 
>> Red Hat is preparing for RHEL 5.4. We think we have fixed all known 
>> issues, but to help us with improved Atheros support in CentOS 5.4 we need 
>> to make sure Red Hat ships something that works across all boards.
>>
>> So if you have an Atheros chipset and want to help test the newer ath5k 
>> driver, go to:
>>
>>  http://elrepo.org/linux/testing/el5/i386/RPMS/
>> or  http://elrepo.org/linux/testing/el5/x86_64/RPMS/
>>
>> and try the kmod-ath5k and kmod-mac80211 packages for your kernel. (First 
>> remove the madwifi driver though, to make sure there is no interference a 
>> reboot may help too).
>>
> 
> I'll test it on my i386 for sure.
> Mine is AT&T Plug-n-share

Works - but the lights are different.
The "Act" and "Link" like use to alternate when looking for a network, 
and blink together when connected (madwifi) - not the Act light is off 
and the Link light Link light is solid.

But the driver seems to work (i386)

02:00.0 Ethernet controller: Atheros Communications Inc. Atheros 
AR5001X+ Wireless Network Adapter (rev 01)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] madwifi not working for 5.2 x64

[Michael A. Peters]

Dag Wieers wrote:
> On Fri, 10 Apr 2009, sumit agarwal wrote:
> 
>> i installed madwifi on 5.2 x64 but it dosent seem to be working
>> any clues?
> 
> For people with madwifi issues or looking for a better solution to Atheros 
> support, the elrepo repository is tesing new backported ath5k drivers that 
> Red Hat is preparing for RHEL 5.4. We think we have fixed all known 
> issues, but to help us with improved Atheros support in CentOS 5.4 we need 
> to make sure Red Hat ships something that works across all boards.
> 
> So if you have an Atheros chipset and want to help test the newer ath5k 
> driver, go to:
> 
>  http://elrepo.org/linux/testing/el5/i386/RPMS/
> or  http://elrepo.org/linux/testing/el5/x86_64/RPMS/
> 
> and try the kmod-ath5k and kmod-mac80211 packages for your kernel. (First 
> remove the madwifi driver though, to make sure there is no interference a 
> reboot may help too).
> 

I'll test it on my i386 for sure.
Mine is AT&T Plug-n-share

I also have a PCI version I could test on my x86_64 though I'd have to 
find where I put it (I ran ethernet into my home office years ago) if 
x86_64 really isn't much untested.

Is this a non tainting driver?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB issues

[Michael A. Peters]

Jerry Geis wrote:
> I am using centos5.3 x86_64 on a gigabyte GA-MA78GM-US2H motherboard.
> 
> When I insert a USB thumbdrive its detected with dmesg, I mount it and 
> start to copy files.
> Then I start getting errors:
> sdd: assuming drive cache: write through
>  sdd: sdd1 sdd2
> sd 7:0:0:0: Attached scsi removable disk sdd
> sd 7:0:0:0: Attached scsi generic sg4 type 0
> usb-storage: device scan complete
> usb 1-5: reset high speed USB device using ehci_hcd and address 5
> usb 1-5: device descriptor read/64, error -110
> usb 1-5: device descriptor read/64, error -110
> usb 1-5: reset high speed USB device using ehci_hcd and address 5
> usb 1-5: device descriptor read/64, error -110
> usb 1-5: device descriptor read/64, error -110
> usb 1-5: reset high speed USB device using ehci_hcd and address 5
> usb 1-5: device not accepting address 5, error -110
> 
> I have also tried connecting a USB hub into my computer and using that.
> Then plugging the thumbdrive into the hub. I get the same results.
> 
> I have never had USB issues before - any ideas?

I had the same issue on my asus board (nvidia chipset).
Moving the UPS to a different USB port allowed it to function and moving 
the monitor hub to a different USB port allowed it to function again.

I'm not sure if it is a bad port or what, the ports that caused issue 
with my UPS and my display did not have the issue in Fedora with the 
CentOS problem devices and work for other things in CentOS.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Random server reboot after update to CentOS 5.3

[Michael A. Peters]

JohnS wrote:

> 
> My sejustion is unplug everything hooked to it but the power and network
> cabling. Open it up while it is running, and shake the cables lightly
> ( don't jerk on them). External disk array, unplug it also. USB floppies
> and cd drives unplug emmm all. 
> 
> Is it under a heavy load? High cpu usage? Some times when there is a
> power supply on the verge of dying you don't really know until disk I/O
> climbs real high thus pulling loads of wattage.

That's my guess.
I'd swap out the power supply.

My personal experience with ram issues is either kernel panic or 
filesystem funnyness (sometimes resulting in filesystems being remounted 
read only). My experience with disk I/O issues is that forcing fsck 
reveals filesystem errors with high frequency.

Rebooting machines in my experience is almost always a failing power 
supply (or faulty power source - check your UPS, when they start to go 
bad they can cause issues).

If it was a kernel issue, I suspect more people would be experiencing 
(unless it is caused by a third party kmod)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PHP 5.2 or greater availability

[Michael A. Peters]

sbeam wrote:
> On Monday 18 May 2009 19:46, Kaplan, Andrew H. wrote:
>> Is there a repository that has php version 5.2 or greater available for use
>> with the Centos 5.3 distribution?
>> This includes the development libraries package. Thanks.
> 
> Just finished compiling php 5.2.9 from the sprms I found here:
> http://oss.oracle.com/projects/php/
> 
> works fine despite the slight Oracle smell - but they should really 
> make a repository.

I also have src.rpm's here:

http://www.clfsrpm.net/php/

I use to maintain binary repo but that's a lot of work I no longer have 
time for.

If I'm not mistaken, the Oracle src.rpm's are based on Fedora.
So are mine, except mine also has the suhosin core patch.

> 
> Once used Jason Litka's repository but it sees a bit stale now:
> http://www.jasonlitka.com/2007/11/16/upgrading-to-php-525-on-rhel-and-centos/

Mine currently has 5.2.9 but I probably won't update it, other than 
maybe to add security patches as vulnerabilities are found.

I'm only running 5.2.9 myself because I wanted to report a bug and the 
php devel team wants you to try the latest version first. Since 5.2.9 
didn't break anything of mine, I kept it. (oh - and my bug wasn't a bug, 
it was my mis-understanding of the still poorly documented DOMDocument 
class related to namespaces)

centos also has some php 5.2.x I believe in their testing repo.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Adding an 'official' CentOS image to the Amazon EC2 (Electronic Compute Cloud)

[Michael A. Peters]

Jason Aubrey wrote:
> I'm starting to use the EC2 cloud (as are others) and noticed that all
> the available CentOS images seem to be of dubious origin.
> I think it would further the reputation and popularity of CentOS if it
> were represented in an official way.
> 
> In case people aren't aware, when you create an AWS (Amazon Web
> Services) account there's a management console that shows a list of
> available images.  Of this list, some are published by Amazon, others
> are uploaded anonymously, or you can upload your own.

I haven't heard of it before. It looks interesting.
Is it basically a xen, or is it it's own environment?

I run CentOS inside a xen at linode - they have a 5.0 image and I 
believe a 4.x image. They only have i386, I don't know if a home brewed 
x86_64 image would work but it doesn't really matter for me since I'm 
only using my instance as a web server (fully updated to 5.3, and 
customized with EPEL and my own php build).

Anyway, I suspect xen (or similar) virtual machines are soon to be the 
standard way non-managed web serving accounts with shell access is done.

My previous host - the people were good, I requested some perl / tcl 
modules and they were installed, but then when they upgraded the OS my 
site broke and I had to request them again. Then they changed server 
operating systems (a good move - they were running a bleeding edge 
distro and they moved to debian stable) the uid/gid of apache changed 
and they didn't use the old uid/gid breaking apache write permission and 
I could not run chown myself so I had to file a ticket, etc. - with xen 
virtual machines, I never have to file a request ticket as I have root 
so it is better both for me and the hosting company and it is 
inexpensive enough that it undoubtedly will soon be the standard way 
anything more than basic web hosting and less than managed web hosting 
is done.

To get to my point, I think it would thus be beneficial for CentOS to 
produce an official virtual machine image for servers that providers can 
use and/or users can upload and use on providers that don't offer a 
CentOS image.

It should be a small image with basically just the server install, once 
running in xen users can yum install whatever they need to their hearts 
content.

I don't know who created the image linode uses, it was missing some 
stuff a server should have (IE screen and alpine, though alpine I 
believe is EPEL and not rhel/centos) but was missing very little and was 
a very complete basic server.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hardening

[Michael A. Peters]

Jim Perrin wrote:
> On Fri, May 1, 2009 at 12:22 PM, Stephen John Smoogen  
> wrote:
>> On Fri, May 1, 2009 at 10:19 AM, Jason Todd Slack-Moehrle
>>  wrote:
>>> Hi All,
>>>
>>> What tips does everyone have on hardening a CenOS Server that is
>>> running web, e-mail, ssh, ftp, mysql, coldfusion and will be
>>> processing payments from www?
>> NSA hardening guidelines would be a good start. The CIS hardening
>> guidelines would be also good. After that you want to look at specific
>> hardening guidelines for apache
> 
> The NSA guide is a very good start, and
> http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf compliments
> it rather well.
> You might also want to have a look at the DoD STIG guidelines, though
> reading them will make your eyes bleed.
> 

For php, you really want to run php built with the suhosin patch and run 
the suhosin module as well.

I'm not sure, but I seem to recall there being a suhosin patched php 
either in testing or centos plus.

Assuming you run php.

I can't really comment on the others.

One of the nice things about suhosin is it does transparent encryption 
of cookies / sessions (you can tweak it) making things like session 
theft a lot more difficult.

I believe suhosin patch/module is standard in bsd ports, I'm not sure 
why it isn't standard in RHEL (maybe because it can cause issues with 
some php accelerators ??)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 5.3 on an EeePC??

[Michael A. Peters]

Beartooth wrote:

> 
>   I try never to install Ffx anywhere without NoScript, Adblock, 
> and several more.

I do not use Adblock because I am a member of an online community that 
specifically forbids blocking of advertisements, their primary revenue 
source.

An exception is made for noscript - which will block flash 
advertisements not on white listed servers because they do not expect a 
user to compromise security measures (it's a geek community) to use the 
site, and the advertiser has the option of using a standard jpeg or gif 
banner which won't be blocked by noscript (but will be blocked by adblock).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 5.3 on an EeePC??

[Michael A. Peters]

David M Lemcoe Jr. wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Beartooth wrote:
>> I have an ASUS EeePC 701 (with 2GB of RAM and an 8 GB card), on
>> which I've installed CentOS on the hard-drive-plus-card. But it can't
>> even use my eth0.
>>
>>Some one on a local LUG, where I had mentioned that other OSs did fine
>> with all the same exact hardware, suggested that CentOS, being designed
>> for stability rather than the bleeding edge, likely lacks drivers; so I
>> need to get some.
>>
>>Anybody know what drivers (for wireless as well as ethernet cable) I
>> need, and how/where to get ones to fit CentOS??
>>
> I'm sure it's possible, but unless you plan not to use X, you won't
> have that much space left to work with! And CentOS needs a bit of RAM
> to perform well anyway.

I'm using CentOS 5.3 on an old IBM Thinkpad T20 with 384 MB of RAM and 
it works just fine. Yes, slower than my desktop, but extremely useable 
for web browsing and e-mail - which is the EeePC target market.

I probably have a faster disk drive (7200 RPM) but I bet his EeePC has a 
faster processor and it certainly has more RAM.

The key - Don't use Open Office, use AbiWord and Gnumeric instead.
OpenOffice is total bloat.

Install NoScript - FireFox quit crashing on the laptop as soon as I 
installed NoScript. Turns out a lot of advertisers run cpu/ram heavy 
flash and js that really bog limited hardware down.

Don't use Evolution - I'm using thunderbird which works well for imap 
w/o too many messages in a folder.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 5.3 on an EeePC??

[Michael A. Peters]

nate wrote:
> Beartooth wrote:
>>  I have an ASUS EeePC 701 (with 2GB of RAM and an 8 GB card), on
>> which I've installed CentOS on the hard-drive-plus-card. But it can't
>> even use my eth0.
>>
>>Some one on a local LUG, where I had mentioned that other OSs did fine
>> with all the same exact hardware, suggested that CentOS, being designed
>> for stability rather than the bleeding edge, likely lacks drivers; so I
>> need to get some.
>>
>>Anybody know what drivers (for wireless as well as ethernet cable) I
>> need, and how/where to get ones to fit CentOS??
> 
> Why do you want CentOS on an EeePC ? It's not really intended for
> that purpose, if your having to ask where to get the drivers for it
> your probably not suited for running CentOS on the EeePC. Your better
> off with Fedora, or Ubuntu or something that has broader hardware
> support.

I don't have an EeePC but I like to run the same distro on everything.
So since my remote server, lan server, desktop, and laptop run CentOS - 
that's what I would want on an EeePC as well.

With respect to the nic, my suspicion is that you may just need either 
the Fedora kernel or a patch from the Fedora kernel.

With CentOS 5.0 - the onboard gigabit nic on my Asus board worked OOB in 
Fedora 8 or 9 (forget which) but did not work in CentOS - though CentOS 
did see it and tried to use forcedepth (I think that was it), which 
worked in Fedora but not well CentOS. So I just use a PCI card (though I 
suspect onboard would work now, why change it?)

Can't do that with an EeePC - but you probably could rebuild the Fedora 
kernel for the EeePC.

I wonder if a working driver for the EeePC nic is something that could 
be patched into the CentOS plus kernel ??
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

[Michael A. Peters]

Lanny Marcus wrote:
> On Fri, Apr 17, 2009 at 6:44 PM, Robert Nichols
>  wrote:
> 
>> My problem with NoScript is that there is virtually no site that I visit
>> that does not require scripting to function properly.

I think there is a mis-understanding of how noscript works.

By default it blocks ALL scripts.
Click on the little noscript icon on bottom right corner of firefox to 
whitelist a host.

Once whitelisted - any scripts (with very few exceptions - scripts that 
explicitly look like exploits) served from that host will be allowed.

Most sites serve scripts from numerous different hosts - but usually you 
only have to whitelist the host you are visiting, as most scripts served 
from other hosts are advertisement scripts.

XSS usually involves a script served from another domain called in the 
page you are viewing, so noscript is extremely effective at blocking them.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

[Michael A. Peters]

Lanny Marcus wrote:
> On Fri, Apr 17, 2009 at 1:17 PM, Scott Silva  wrote:
> 
>> Noscript will give you an idea of just how many sites run a script of some
>> kind. You will see a large part of sites just look different when the scripts
>> don't run, and some don't function at all. Not that it is a bad thing, it 
>> will
>> just make you think a lot.
> 
> Yes, it has made me think about the scripts on the web sites we visit.
> I am probably the most conservative surfer in the house.  The 4 sites
> I visit the most are all very reputable. They all have a lot of stuff
> which is flagged by NoScript.  The site which prompted this thread has
> a bunch of embedded youtube videos on the home page and a lot is
> flagged by NoScript there.

I whitelist my router, youtube, etc. and the domains for forums I visit.

I sometimes disable noscript when making purchases because some vendors, 
upon checkout, send you to a different domain for CC processing - and 
sometimes the lack of script screws that up (which is stupid, JavaScript 
should NEVER be required for CC processing - but alas, often it is - 
some web devs think they have to do everything under the sun with Ajax 
even when a virtually static page would be just as good).

That's the beauty of noscript - you can permanently whitelist a domain, 
temporarily whitelist a domain, temporarily whitelist all domains on a 
page, etc.

facebook is a real pita - I've bitterly complained to them and asked 
them to use only one or two servers for script serving but they won't 
fix it, so I rarely use my facebook.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

[Michael A. Peters]

Lanny Marcus wrote:
> My belief is that this is not possible, but there are many extremely
> knowledgeable people participating on this list and I would like to
> know if it is in fact possible. I am running CentOS 5.3 (32 bit) fully
> updated. Browser is Mozilla Firefox v.3.0.7.
> 
> I believe both times this happened, once yesterday and once today, I
> was surfing on the web site of my favorite singer/musical group; or in
> the forum, which is a highly restricted area. Today when it happened,
> I believe I was looking at a video coming from YouTube.com
> 
> I contacted the webmaster, someone I communicate with frequently,
> thinking that something on one or more of his web pages is infected,
> but he wrote back, thinking that my box (dual boot MS Windows XP and
> CentOS on the same hard drive) is infected by this malware and that
> his web site is clean. Below is part of the description he sent me in
> an email. I have seen the pop ups, a request to install
> Install-2006-60.exe which I declined, etc. Comes from
>   Is there any way the Firefox web
> browser could have been corrupted by this, while using CentOS Linux?
>  TIA!  Lanny

My experience is that when browsing on any OS and you come across an 
error message stating that your computer is infected and you need to 
install such and such software, the web site I was visiting has an XSS 
exploit that was taken advantage of to try and get you to manually 
install a piece of malware.

Install the FireFox extension "noscript" and be very careful about what 
domains you authorize scripting from.

The fact that an XSS attack was able to give you a phony message means 
the same site could have XSS that reads your cookie and steals your 
session ID.

Noscript reduces the odds of such attacks being succesful.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DKMS and new(er) Nvidia-drivers

[Michael A. Peters]

Sorin Srbu wrote:
>> -Original Message-
>> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf
>> Of Scott Silva
>> Sent: Wednesday, April 08, 2009 8:19 PM
>> To: centos@centos.org
>> Subject: Re: [CentOS] DKMS and new(er) Nvidia-drivers
>>
>> on 4-6-2009 5:55 AM Sorin Srbu spake the following:
>>> I got the DKMS-system working and now have the Nvidia-drivers v173.08
>>> installed (using rpmforge as suggested previously). Unfortunately this
>>> particular driver version gives me screen artifacts so as to make the 
>>> screen
>>> more or less unreadable.
>>>
>> You could always try and make a newer version yourself using the old one as a
>> template. Here is some help;
>>
>> http://www.linuxjournal.com/article/6896
>>
>> http://www.dell.com/downloads/global/power/1q04-ler.pdf
>>
>> http://linux.dell.com/dkms/dkms-ols2004.pdf
> 
> Ok, thanks. I'll see if I can some sense of the instructions. 8-)
> 
> Strangely enough, only the systems running an Amd cpu gives the screen 
> artefacts. Go figure...

What the artifacts?
I switched to the DKMS module in rpmforge and am running an AMD CPU.
Only think I've noticed is a weird issue with the cursor in thunderbird, 
I don't know if that is nvidia related or not though. It is annoying and 
I don't recall it being there before I updated the driver.

Asus M2N board
AMD X2 CPU (I think a 5200 - I forget - 2.6 GHz)
nVidia Corporation NV42 [GeForce 6800 XT] (rev a2)


nvidia-x11-drv-173.08-1.beta.el5.rf
kernel 2.6.18-128.1.6.el5 x86_64
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] yum clean all

[Michael A. Peters]

There seems to be a lot of this needed lately.
I suspect the issue is 5.2 -> 5.3 transition.

Putting something like this in /etc/cron.daily/
when near a major update *might* make the transition times between point 
releases easier -

#!/bin/bash

RANGE=120
number=$RANDOM
let "number %= $RANGE"
delay=`/usr/bin/expr $number \* 60`
sleep $delay
/usr/bin/yum clean all > /dev/null 2>&1
/usr/bin/yum makecache > /dev/null 2>&1

-=-
Point of the random delay is to not have lots of people hit all the 
servers at once.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Repo for Abiword

[Michael A. Peters]

cen...@911networks.com wrote:
> Hi,
> 
> I need to run Abiword on CentOS 5.3, any repository?
> 

EPEL has 2.6.4
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Using cdrecord on CentOS

[Michael A. Peters]

Niki Kovacs wrote:
> Hi,
> 
> I'd like to use cdrecord on the command line. I'm currently reading the 
> relevant chapter in Carla Schroder's "Linux Cookbook". Unfortunately, 
> some of the tricks and hints included in the book don't seem to work the 
> same way on a standard CentOS 5 install.
> 
> 1) Am I supposed to be root to use cdrecord and burn an .iso file?

I've found it works much better if you are root.

> 
> 2) How do I specify a device? 'cdrecord -scanbus' doesn't seem to work. 
> Say my CD burner is /dev/hdc, would 'cdrecord dev=/dev/hdc' be the 
> correct way to address it?

cdrecord -dev=/dev/hdc -speed=24 -dao -pad file.iso

(of course your options may vary)

Note for SATA burners, /dev/scd0

is probably what you want. For PATA/ATAPI (what it sounds like you have) 
then /dev/hdc probably is best - I haven't burned an old ATA burner in a 
long time.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mock Questions

[Michael A. Peters]

Joseph L. Casale wrote:
> Just started using mock to rebuild some srpms. I have two I want to
> rebuild, problem is the first creates a dep that is required by the second.
> 
> Is there an automated way to populate an additional repo/cache that mock
> would look at when building the second so I could queue both?
> 
> Although I haven't tried, I presume I could drop the output from the first
> build into a dir, createrepo it and add that into the config file then build
> the next package but that's not very slick :)
> 
> Thanks!

That's what I do.
It is slick.

I've got a shell script that takes a list of packages.

The script defines a destination directory.
Before it builds a package, it removes any repo stuff in that directory 
and runs createrepo on it.

The destination directory is part of the mock configuration file.
It then builds the package and upon success moves the results to the 
destination directory.

Works extremely well for me.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fwd: wifi card shows in device manager , but cant configure wifi

[Michael A. Peters]

sumit agarwal wrote:
> 
> 
> -- Forwarded message --
> From: *sumit agarwal*  >
> Date: Fri, Apr 10, 2009 at 3:00 AM
> Subject: wifi card shows in device manager , but cant configure wifi
> To: centos@centos.org 
> 
> 
> hi ,
> 
> i just finished installing Cent OS 5.2 x64 on my thankpad
> my hardware list shows the following
> 
> Atheros Communications Inc.
> AR5212 802.11abg NIC
> 
> but when im trying to set up wireless network i cannot find the 
> appropriate wifi card.. when adding wifi connection
> pls help

I believe the madwifi driver is what you need.
madwifi is what I use for my Atheros based wifi card -

Atheros Communications Inc. Atheros AR5001X+ Wireless Network Adapter 
(rev 01)

It's a different model than yours.
I build the driver myself, I don't know what repos have it prebuilt but 
I suspect rpmforge probably would.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] when to reboot after updates

[Michael A. Peters]

Les Mikesell wrote:

> 
> And in one case, I got kicked off of my ssh connection in mid-update. 
> I'm still not sure what happened there but I had to install yum-utils 
> and run yum-recover-transaction to continue.
> 

That's why I use screen for remote updates.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS automatically blocks port 80 out-of-the-box

[Michael A. Peters]

David M Lemcoe Jr. wrote:
> Maybe I just haven't installed enough distros, but the times I've installed 
> CentOS, I've had to remember that by default, iptables is blocking inbound 
> port 80 requests. This leads me to believe that I have a non-OS firewall 
> error because I can ping but not http request. 
> 
> Is there a particular reason for this? Or is it a fail on my end?

Very few ports are open out of the box.
I'm not sure, but I think if you choose the webserver (or is it server 
??) option at install it might have port 80 open.

Port 22 is open for ssh. I think 631 (cups) is as well, but not positive.

You can configure the firewall with system-config-securitylevel-tui 
after install (it runs during firstboot as well) where you can easily 
tell it to turn on port 80 (and/or 443) for web services.

pinging a box has nothing to do with ports are blocked, open, or closed.
You can filter pings but I don't believe the firewall does by default.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How do I determine if I have to rebuild rpms for 5.3?

[Michael A. Peters]

Robert Moskowitz wrote:
> I built rpms for Miredo 1.1.5-1 on Centos 5.2 from the fc8 rpms.
> 
> How do I determine if I have to rebuild it for Centos 5.3?

You probably don't.
If there was a shared library that version you may need to but then yum 
would tell you.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] python 2.4 - CentOS 4.7

[Michael A. Peters]

Tom Brown wrote:
>> Sorry. :O. I know I got that Python SOMEWHERE.
>>   
> 
> lets see how far i get building it from .src.rpm

Careful - Red Hat uses python for a lot of stuff so you need to make 
sure ant 2.4 rpm you build does not conflict with system python.

My recommendation would be to compile from source and install it in 
/usr/local
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] system-config-date-tui ??

[Michael A. Peters]

Ignacio Vazquez-Abrams wrote:
> On Mon, 2009-04-06 at 10:57 -0700, Michael A. Peters wrote:
>> ...where is the format for /etc/sysconfig/clock specified?
> 
> /usr/share/doc/initscripts-*/sysconfig.txt

Ah crap.
It's a xen but since the hardware clock doesn't appear to be UTC then I 
guess I have to leave that the way it is because I can't alter the 
hardware clock.

I suppose I have to set the time zone on a per user basis, bashrc then.

I'll have to file a complaint and ask that they use utc for hardware 
clock on their xen hosts.

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] system-config-date-tui ??

[Michael A. Peters]

Remote box keeps reverting the localtime to Eastern (America/New_York).

cd /etc
rm localtime && ln -s /usr/share/zoneinfo/UTC localtime

fixes it - but it seems to revert from time to time, I presume from yum 
updates (or possibly an init script ??)

In /etc/sysconfig there is a config file for it. I'd rather not manually 
edit it, it looks simple enough, but I'd rather use the tool if there is 
one.

system-config-date wants to pull in ~ 20MB of stuff I don't want that 
looks like it is needed for a gui config tool, but yum can't find a 
system-config-date-tui alternative.

Is there a text UI / console alternative, and what it is called?

If not, where is the format for /etc/sysconfig/clock specified?

Install is a xen image (originally CentOS 5.0), so selecting the desired 
local time at install wasn't an option.

Right now it says:

ZONE="America/New_York"
UTC=false
ARC=false

Would changing ZONE to

ZONE="UTC"

be enough to keep my desired UTC localtime?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Shadow passwords NOT md5'ed ?

[Michael A. Peters]

Bill Campbell wrote:
> On Sun, Apr 05, 2009, Ralph Angenendt wrote:
>> Michael A. Peters wrote:
>>> Ralph Angenendt wrote:
>>>> Frédérique Da Luene wrote:
>>>>> Useradd newuser : ok
>>>>> passwd newuser : ok
>>>>>
>>>>> The password is not MD5, only 3DES.
>>>> Again: Have you looked if passwd on your machine is the one from CentOS?
>>>>
>>> I would suggesting copying the binary to a known clean machine to check 
>>>   the md5sum to verify. If you might have been hacked, you can't check 
>>> the md5 on that box.
>> Yupp. The last times I had to handle/help in such situations, the binaries
>> were clearly way off for the machines - often a comparing ls -l is enough, 
>> but
>> not all the time.
> 
> This will tell if the program is different and works on any RPM
> based system regardless of their package contents.
> 
> rpm -V `rpm -qf /bin/login`

This assumes that rpm and the library it uses have not been compromised.
I personally suspect the machine has been compromised.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Update

[Michael A. Peters]

JohnS wrote:
> On Sun, 2009-04-05 at 11:34 -0500, Lanny Marcus wrote:
>> On Sun, Apr 5, 2009 at 6:59 AM, Jim Perrin  wrote:
>>> On Sun, Apr 5, 2009 at 7:40 AM, jarmo  wrote:
 I found reason, why update wont go. I have installed much newer
 glibc, than what comes with 5.3. I needed that, because of couple
 radioamateur progs.
 Now have to think, how do I downgrade glibc. If I try remove, there's
 over 600 pagages, which have to remove and that's not good.
>>> I'm rather surprised that your system is even 'mostly' funcitonal
>>> after having updated glibc. It's a core package that nearly everything
>>> in the distro requires, and is built against. I'm curious as to why
>>> you forced in a glibc update instead of rebuilding radioamateur  to
>>> suit the existing glibc?
>> Jarmo: If you need the "latest and greatest" stuff, to run the ham
>> radio software, this may not be the best distro for you. This is an
>> Enterprise distro, which rarely,  if ever, has the "latest and
>> greatest". If you break it, you get to keep the pieces. Read  the
>> information on the CentOS Wiki, about why not to do what you did and
>> how to configure the priorities plugin.   73,  Lanny
> 
> My Two CentOS!
> It is the latest and greatest for Ham Radio. 
> http://hamlib.sourceforge.net/
> Or you can get it from Karans Repo "karan.org"
> 
> The average ham want have a clue how to use it on CentOS. I've often
> thought about a Wiki Article on it. I'm just waiting on Yaesu FT 9000DX
> support.
> 
> Hamlib is just that a "Libary" other apps interface with the lib to be
> able to use it. If the OP wants a turn key system he look the Debian
> Way. It provide everything from logging to radio control.

Yes - as long as it builds on CentOS then CentOS is a good platform if 
you want stability. Newer distro's like Fedora etc. often have other 
instability issues because they are bleeding edge in too many areas.

But if you have a specific need, what you need builds on CentOS, then 
using a stable OS as your base certainly shouldn't be discouraged.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Shadow passwords NOT md5'ed ?

[Michael A. Peters]

Ralph Angenendt wrote:
> Frédérique Da Luene wrote:
>> Useradd newuser : ok
>> passwd newuser : ok
>>
>> The password is not MD5, only 3DES.
> 
> Again: Have you looked if passwd on your machine is the one from CentOS?
> 

I would suggesting copying the binary to a known clean machine to check 
  the md5sum to verify. If you might have been hacked, you can't check 
the md5 on that box.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Having trouble installing flash player on centos 5.3 desktop machine

[Michael A. Peters]

Linda Stark wrote:
> 
>  > Date: Sat, 4 Apr 2009 12:28:24 -0600
>  > From: thea...@sasktel.net
>  > Subject: Re: [CentOS] Having trouble installing flash player on 
> centos 5.3 desktop machine
>  > To: centos@centos.org
>  > CC: nads...@live.com
>  >
>  > On Sat, 04 Apr 2009 11:14:53 -0700
>  > Linda Stark wrote:
>  >
>  > > Thanks I'll do some research on google.
>  >
>  > It's not clear to me if your Centos installation is x86_64 or i386. 
> If it's
>  > x86_64, then do this:
>  >
>  > yum install curl.i386
>  >
>  >
>  > --
>  > MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
> 
> Ah,
> 
> Still kind of new to Linux, how can I check?
> 
> I think it's i386 though.

rpm -q kernel

If it shows i686 then you are on an i386 install and disregard the 
x86_64 note.

Definitely try the

yum install curl

thing that was mentioned - the adobe rpm via yum works just dandy on my 
i386, so it may be an issue of a dependency that adobe neglected to require.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Having trouble installing flash player on centos 5.3 desktop machine

[Michael A. Peters]

Linda Stark wrote:
> Hi,
> 
> I'm having trouble getting the flash player installed onto my centos 
> desktop.
> 
> When i go to the adobe site, I click on the YUM for Linux version, then 
> install it, and PC says "/tmp/adobe-release-i386-1.0-1.noarch-1.rpm is 
> already installed" - but it's not working.


I had a hell of a time getting it work on my x86_64 desktop when FireFox 
3 was released.

Then I found out about an experimental x86_64 plugin -

http://labs.adobe.com/downloads/flashplayer10.html

No pretty installer, just a plugin. Put it in 
/usr/lib64/mozilla/plugins/ (and get rid of any others) and restart firefox.

Are you by chance on x86_64?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 5.3 Update Success

[Michael A. Peters]

Kevin Krieser wrote:
> On Apr 4, 2009, at 9:30 AM, Michael A. Peters wrote:
>
> 
> Kernel problems happen. 

Yes - I've had mixed results with power management with and audio on 
laptops before in Fedora with kernel updates, but none recently.

Going from Fedora 8 to CentOS 5 broke my thinkpad sleep (it doesn't wake 
up if you close the lid) - haven't tried lately. That was fixed in 
Fedora towards end of FC6 lifespan. In F8 it worked quite well (I 
skipped F7 and only ran F8 long enough to know the poor thing couldn't 
handle it).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache SSL key pass phrase question

[Michael A. Peters]

Markus Falb wrote:
> On Fri, 03 Apr 2009 17:06:38 -0500, Lanny Marcus wrote:
> 
>> Backup servers need *maximum* protection too..
> 
> agreed, but...
> maximum protection would mean turning network off.
> but that could turn out as a little inconvinience.
> 
> webservers that cant boot without human intervention are not acceptable 
> for me. but thats me. i understand that other people may have another 
> opinion, and thats fine.

I agree. Apache has to start for me.

My server is a linode hosted xen vm.
It does not have 100% uptime - it's rarely down, but it has been down 
before (I can tell from the logs - this site w/ the ssl is new but I 
have other stuff hosted on it).

Anyway - the site is just a site to record reptiles and amphibian 
sightings in my county, the only thing I'm using ssl for is user 
registration and login so that password is not sent plain text.

Hardly cause to be overly paranoid (I was a good boy and did set 
root:root 0600 permissions though). In fact using ssl may already be 
overly paranoid, most sites of this type don't - which is a pet peeve of 
mine (too many people use wireless and too many people use the same 
password for everything, passwords really need to be encrypted when sent)

I don't backup /etc/pki - I have the apache keys backed up, the server's 
ssl keys backed up, but only backup I have planned of the server is 
weekly rpm -qa, /etc/httpd, /etc/php.ini, mysql database, and user 
uploaded images. Everything else is cake to do from a fresh install and 
what I have at home.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 5.3 Update Success

[Michael A. Peters]

Timothy Murphy wrote:
> Kai Schaetzl wrote:
> 
>> I updated two machines yesterday. No problems after reboot so far. Very 
>> smooth. 
> 
> I also updated two servers in the last few days without any problems.
> I don't think I have ever had such a simple upgrade of any system.

I have - twice before.
Once was when I went from 5.0 to 5.1 and once when I went from 5.1 to 5.2

:D
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Update Issue

[Michael A. Peters]

nate wrote:
> John Hinton wrote:
> 
>> Error Downloading Packages:
>>   kernel - 2.6.18-128.1.6.el5.i686: failure:
>> RPMS/kernel-2.6.18-128.1.6.el5.i686.rpm from updates: [Errno 256] No
>> more mirrors to try.
>>
>> Is this just me? I've tried at different times from different machines
>> and it seems that all other files are being downloaded just fine.
> 
> Have you checked the sites to see if it is there by hand?
> 
> Just by coincidence I was checking out for some NFS fixes and
> downloaded that exact kernel from mirrors.kernel.org earlier today
> for testing, so that mirror should have it..unless they deleted
> it for some reason.

I use rsync to locally mirror centos updates from mirrors.kernel.org and 
that kernel came in yesterday's rsync (at 5PM Pacific).

Today's rsync failed (I've been running my rsync in cron since 5.1 - the 
script is good) so mirrors.kernel.org may be experiencing some temporary 
issues, but yes, they definitely have it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Apache SSL key pass phrase question

[Michael A. Peters]

I just set up a secure server.

Followed the godaddy instructions for key generation/installation - and 
the server wanted my pass phrase to start.

When I started developing I followed instructions for a self signed cert 
and everything went dandy.

Anyway - after a little googling and an uneasy feeling that I messed up 
and godaddy might charge me a fee to resubmit for a new cert, I found 
the following solution -

openssl rsa -in secure.shastaherps.key.old -out secure.shastaherps.key

After running that and entering my pass phrase, no pass phrase is 
required to start the server and it seems like the browsers don't 
complain, so I think I'm set, but I thought I'd verify that all really 
is well and that doing that isn't going to cause any issues.

If I understand it correctly, the phrase was needed when Apache starts 
in order to decrypt the key, and all I did above was decrypt the key so 
that apache doesn't have to, correct?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Godaddy hell...

[Michael A. Peters]

Robert wrote:
> Niki Kovacs wrote:
> 
> 
>> I'm in France (Europe),
> 
> 
> C'mon, Niki! Give us a break. Our knowledge of world geography is not 
> THAT bad on this side of the Atlantic.  :-)

Where's the Atlantic? Is that up in Canada?

;)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Don't forget to use torrents for your downloads!

[Michael A. Peters]

Sorin Srbu wrote:
>> -Original Message-
>> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf
>> Of John R Pierce
>> Sent: Thursday, April 02, 2009 6:38 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] Don't forget to use torrents for your downloads!
>>
>>> here is a bit more trivia for those interested: the 4 main 'seeds' that
>>> came up were each running with 100mbps open uplinks. Atleast one person
>>> in the early stages was running at 200 odd mbps.
>>>
>>
>> geez, makes me wonder if I should even bother to leave mine running with
>> a 50kbyte/sec uplink ca (thats about 500kbps)...   if I raise the cap
>> much higher, it seriously throttles my home network (6Mbps in, 700k
>> out)... I know, I know, I should implement some form of QoS or packet
>> prioritization at my firewall.
> 
> Every little stream helps when using bittorrent, even at 50kbps upstream, so
> keep seeding! ;-)
> 
> I think my ISP at home has done something with regard to p2p. I can't seed
> at home anymore for some reason... 8-/

Mine limits me to 40k up - leave it running long enough though, and it 
is easy to give back several times what you took.

As far as home networks, I found that when I was running NAT on Linux 
(RH8 through FC2 days) - bt really screwed up my home network. However, 
when using hardware routers, even the cheap consumer kind (Linksys) the 
home network is fine. I think bt is very hard on software routing.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] filesystem rpm fails when /home is NFS mounted

[Michael A. Peters]

R P Herrold wrote:
> On Thu, 2 Apr 2009, Michael A. Peters wrote:
> 
>> My guess is a scriptlet is failing - quite possibly because an SELinux
>> chcon command fails in those conditions. They probably need to change
>> the chcon portion of the scriptlet to add a ||: after the command so it
>> doesn't bomb out.
> 
> Guessing is fun and good exercise, but I addressed this matter 
> in the initial post responding to Paul

Yeah, looks like I missed the mark on that one big time.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] filesystem rpm fails when /home is NFS mounted

[Michael A. Peters]

Tsai Li Ming wrote:
> 
> Scott Silva wrote:
>> on 4-2-2009 2:00 PM Anne Wilson spake the following:
>>> On Thursday 02 April 2009 21:40:59 R P Herrold wrote:
 On Wed, 1 Apr 2009, Paul Heinlein wrote:
> I don't know if it's a bug or a feature, but the
> filesystem-2.4.0-2.el5.centos rpm won't upgrade cleanly if /home is an
> NFS filesystem.
 I confirm this is present in 5.3 where /home is an NFS mount,
 and that I missed it in testing.  A workaround is:

 1. Boot into single user node.
 2. run: /sbin/service network start
 3. run: yum -y update filesystem

 If your system emitted the warning, but did not 'bail', it is
 safe to retieve the rpm locally, and to run:

 # rpm -Uvh filesystem*rpm --force

 as there are no scripts in play:

 [herr...@centos-5 ~]$ sudo rpm -q --scripts filesystem
 [herr...@centos-5 ~]$

 The cause is the NFS root_squash being in effect when a NFS
 overmount is on a mountpoint, it seems.  /home happens to
 express it

 It seems Paul and I are the last two users of NFS mounted
 /home left.

>>> I have /home exported and ran the upgrade from this laptop over the 
>>> network, 
>>> where that directory is mounted and displayed in a folderview under KDE4.  
>>> I 
>>> had no problems whatsoever.  Is this the sort of situation you mean?
>>>
>>> Anne
>> The way I read it was their /home was mounted on NFS, not just exported.
>>
>>
> 
> I had a problem with /mnt or /media too with a mounted ISO. Had to 
> umount the ISO before filesystem rpm can be updated. This happened when 
> I yum update to RHEL 5.3 recently.
> 

My guess is a scriptlet is failing - quite possibly because an SELinux 
chcon command fails in those conditions. They probably need to change 
the chcon portion of the scriptlet to add a ||: after the command so it 
doesn't bomb out.

Someone should take a look at the spec file, add the ||: after the chcon 
(or whatever it might be) and if it allow the package to update, file a 
bug report upstream so it gets fixed in rhel svn.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Torrent software choice

[Michael A. Peters]

Spiro Harvey wrote:
> On Thu, 2 Apr 2009 18:41:33 -0400
> Robert Spangler  wrote:
>> So what is everyone using for their torrent?
>> What is the best?
> 
> amusing. There is no such thing as the "best", only the best fit to your
> needs.
> 
> For a start, what front end do you want? gnome, kde, tcl, cli, cli with
> curses, web based? Do you want it to disappear in your system tray? do
> you want to feed it into screen so you can log back into it at work and
> review its status? do you want to have the status pasted in a section
> of conky?
> 
> Anybody who tells you what is "best" is just telling you their
> favourite, which is almost always useless information. 

I use the standard torrent client in EPEL via a shell script.

mkdir /src/torrent/{active,nonactive}

(owned by my standard user)

this shell script in ~/bin

#!/bin/bash
# ~/bin/bt.sh
[ -f /tmp/lock_bt ] && exit 0
[ -f ~/lock_bt ] && exit 0
running="`/bin/ps aux |/bin/grep launchmany |/bin/grep "python" |wc -l`"
if [ $running -lt 1 ]; then
pushd /srv/torrent > /dev/null 2>&1
/bin/date >> date.log
nohup /usr/bin/launchmany-console active/ > torrent.log &
popd > /dev/null 2>&1
fi

-=-
Then I have this in my crontab:

02,07,12,17,22,27,32,37,42,45,47,52,57 * * * * sh /home/mpeters/bin/bt.sh

Every 5 minutes it runs - and does nothing if already running.
When I want to start a new torrent - I just throw the torrent in 
/srv/torrent/active/

When I no longer want to run that torrent - I move the .torrent file 
into /srv/torrent/nonactive

Works well except there seems to be a memory leak in the EPEL torrent 
client - sometimes the system becomes sluggish and cpu usage spikes. 
Killing the client returns the system to zippy - and it automagically 
starts again within 5 minutes.

I may modify the above script to kill the client when the system load 
average is high - as that will take care of the leak problem for me and 
prevent it from running when I'm intentionally pounding the system.

Anyway - that has worked swell for me for years, other than the memory 
leak issue.

When I want to see the progress of a torrent -

tail -f /src/torrent/torrent.log

That file can get rather large, but it is wiped clean whenever the 
client is started.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos