date:20110223

On Wed, Feb 23, 2011 at 9:06 AM, yonatan pingle
 wrote:
> you should have a look at your I/O disk status.
>
> try with iostat -dx 5 to see the disk utilization info over time.
> when it comes to slowdown on a virtual environment on a Desktop grade
> machine,  i suspect disk I/O latency and bottleneck as a cause.

Thanx, I don't know how to interpret the results (yet), but here's the
current output:


Device: rrqm/s   wrqm/s   r/s   w/s   rsec/s   wsec/s avgrq-sz
avgqu-sz   await  svctm  %util
sda   0.0027.20  0.00  6.80 0.00   448.0065.88
0.000.59   0.35   0.24
sda1  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
sda2  0.0027.20  0.00  6.80 0.00   448.0065.88
0.000.59   0.35   0.24
dm-0  0.00 0.00  0.00 27.80 0.00   222.40 8.00
0.010.35   0.09   0.24
dm-1  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-2  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-3  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-4  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-5  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-6  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-7  0.00 0.00  0.00  0.40 0.00 6.4016.00
0.000.00   0.00   0.00
dm-8  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-9  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-10 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-11 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-12 0.00 0.00  0.00  2.80 0.0097.6034.86
0.000.00   0.00   0.00
dm-13 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-14 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-15 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-16 0.00 0.00  0.00  3.00 0.00   121.6040.53
0.000.00   0.00   0.00
dm-17 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00

Although, most of those values change the whole time, as such:

Device: rrqm/s   wrqm/s   r/s   w/s   rsec/s   wsec/s avgrq-sz
avgqu-sz   await  svctm  %util
sda   0.00 1.00  0.00  0.80 0.0017.6022.00
0.000.00   0.00   0.00
sda1  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
sda2  0.00 1.00  0.00  0.80 0.0017.6022.00
0.000.00   0.00   0.00
dm-0  0.00 0.00  0.00  1.40 0.0011.20 8.00
0.000.00   0.00   0.00
dm-1  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-2  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-3  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-4  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-5  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-6  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-7  0.00 0.00  0.00  0.40 0.00 6.4016.00
0.000.00   0.00   0.00
dm-8  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-9  0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-10 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-11 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-12 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-13 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-14 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-15 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-16 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00
dm-17 0.00 0.00  0.00  0.00 0.00 0.00 0.00
0.000.00   0.00   0.00




>
> check that your disk is running at

Re: [CentOS] security cameras

On Tue, Feb 22, 2011 at 9:31 PM, Always Learning  wrote:
>
> On Tue, 2011-02-22 at 18:04 -0800, John R Pierce wrote:
>
>> TCP/IP cameras would work with any OS, most just FTP or whatever the
>> pictures to a webserver you provide, or they run their own server and
>> you can wget the pics off them.   but I've never seen any IP cameras I'd
>> call really cheap.   Panasonic makes a nice line of them, some even have
>> remote pan/zoom via a http interface.
>
> Try Ebay especially the Chinese, including Hong Kong, suppliers. For
> example compared to the English prices the Chinese prices are much
> cheaper. However one has to wait 2 to 3 weeks for postal delivery.
>
> Delivery to the USA is usually quicker than to England. The Chinese
> preferred payment currency is USD.

Been there, done that. You're often much better off with known brands,
like Logitech, for simple webcams on your existing server. I've used
this effectively for rack security in a datacenter: as long as you're
not polling the webcams constantly, they're not too bad of a bandwidth
pig, either. They've been around long enough to be stable and workable
in Linux, as well.

If you want a full-blown remote TCP monitoring system, look at Axis.
They're historically very Linux compatible, they have all the features
you might want, and while they're not cheap they have all the features
you might need.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

2011-02-23 Thread Thomas Dukes

Check bluecherry.net

I've have for Topica cameras running for over three years. No problems and
good people to deal with.

Eddie 

> -Original Message-
> From: centos-boun...@centos.org 
> [mailto:centos-boun...@centos.org] On Behalf Of Nico Kadel-Garcia
> Sent: Wednesday, February 23, 2011 7:50 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] security cameras
> 
> On Tue, Feb 22, 2011 at 9:31 PM, Always Learning 
>  wrote:
> >
> > On Tue, 2011-02-22 at 18:04 -0800, John R Pierce wrote:
> >
> >> TCP/IP cameras would work with any OS, most just FTP or 
> whatever the 
> >> pictures to a webserver you provide, or they run their own 
> server and 
> >> you can wget the pics off them.   but I've never seen any 
> IP cameras 
> >> I'd call really cheap.   Panasonic makes a nice line of them, some 
> >> even have remote pan/zoom via a http interface.
> >
> > Try Ebay especially the Chinese, including Hong Kong, 
> suppliers. For 
> > example compared to the English prices the Chinese prices are much 
> > cheaper. However one has to wait 2 to 3 weeks for postal delivery.
> >
> > Delivery to the USA is usually quicker than to England. The Chinese 
> > preferred payment currency is USD.
> 
> Been there, done that. You're often much better off with 
> known brands, like Logitech, for simple webcams on your 
> existing server. I've used this effectively for rack security 
> in a datacenter: as long as you're not polling the webcams 
> constantly, they're not too bad of a bandwidth pig, either. 
> They've been around long enough to be stable and workable in 
> Linux, as well.
> 
> If you want a full-blown remote TCP monitoring system, look at Axis.
> They're historically very Linux compatible, they have all the 
> features you might want, and while they're not cheap they 
> have all the features you might need.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Air Conditioning - ON!

On Feb 22, 2011, at 3:35 PM, Ian Murray  wrote:

> Only joking. I take your point, but the critical fixes being held up for a 
> dot 
> release isn't really very Enterprise friendly either. I think it fair to say 
> that CentOS is not suitable for the enterprise unless the servers are 
> non-public, on a secure network and the risk of internal hacking is low. That 
> is 
> just an unfortunate nature of a rebuild project but it does make the release 
> time a sensitive matter.
> 
> Karanbir tweeted during FOSDEM that the Belgian police use CentOS. As 
> everyone 
> who is paying attention knows that any exploit that RedHat has released an 
> updated package for post is 5.6 is sat waiting to be exploited on those 
> police 
> servers because it won't make the CentOS repositories until 5.6 is out. I 
> wonder 
> if the Belgian police know that.
> 
> So if anybody can be bothered to check the errata from upstream and want 
> to 
> do some mischief.fill your boots...
> 
> http://toolbar.netcraft.com/site_report?url=http://www.polfed-fedpol.be

The best thing CentOS gives you is choice.

If your critical machines need updates in a more timely manner, then put RHEL 
on them. For those that don't put CentOS on them and save $$$.

Free is free and it comes free of warranty or guarantee or any other tee.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

2011-02-23 Thread m . roth

Nico Kadel-Garcia wrote:
> On Tue, Feb 22, 2011 at 9:31 PM, Always Learning 
> wrote:
>>
>> On Tue, 2011-02-22 at 18:04 -0800, John R Pierce wrote:
>>
>>> TCP/IP cameras would work with any OS, most just FTP or whatever the
>>> pictures to a webserver you provide, or they run their own server and
>>> you can wget the pics off them.   but I've never seen any IP cameras
>>> I'd call really cheap.   Panasonic makes a nice line of them, some even
>>> have remote pan/zoom via a http interface.

> If you want a full-blown remote TCP monitoring system, look at Axis.
> They're historically very Linux compatible, they have all the features
> you might want, and while they're not cheap they have all the features
> you might need.

At work, we use the package motion. Does everything, including writing
.avi? .asf? files to the home directory which is nsf mounted. Trivial load
on the network for monitoring.

We've got *really* cheap old webcams. Do see if you can get USB 1.1, not
1.0

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

On Wed, Feb 23, 2011 at 4:12 PM,   wrote:
> Nico Kadel-Garcia wrote:
>> On Tue, Feb 22, 2011 at 9:31 PM, Always Learning 
>> wrote:
>>>
>>> On Tue, 2011-02-22 at 18:04 -0800, John R Pierce wrote:
>>>
 TCP/IP cameras would work with any OS, most just FTP or whatever the
 pictures to a webserver you provide, or they run their own server and
 you can wget the pics off them.   but I've never seen any IP cameras
 I'd call really cheap.   Panasonic makes a nice line of them, some even
 have remote pan/zoom via a http interface.
> 
>> If you want a full-blown remote TCP monitoring system, look at Axis.
>> They're historically very Linux compatible, they have all the features
>> you might want, and while they're not cheap they have all the features
>> you might need.
>
> At work, we use the package motion. Does everything, including writing
> .avi? .asf? files to the home directory which is nsf mounted. Trivial load
> on the network for monitoring.
>
> We've got *really* cheap old webcams. Do see if you can get USB 1.1, not
> 1.0
>
>          mark
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


I've been following this thread closely, and am interested in setting
up some surveillance in the office using Linux as well.

What open source software can I use for large streams, like upto 256
on Linux? We currently use Indigo, which is super expensive and runs
on Windows.

-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to optimize CentOS XEN dom0?

On Feb 23, 2011, at 3:42 AM, Rudi Ahlers  wrote:

> On Wed, Feb 23, 2011 at 9:06 AM, yonatan pingle
>  wrote:
>> you should have a look at your I/O disk status.
>> 
>> try with iostat -dx 5 to see the disk utilization info over time.
>> when it comes to slowdown on a virtual environment on a Desktop grade
>> machine,  i suspect disk I/O latency and bottleneck as a cause.
> 
> Thanx, I don't know how to interpret the results (yet), but here's the
> current output:
> 
> Device: rrqm/s   wrqm/s   r/s   w/s   rsec/s   wsec/s avgrq-sz
> avgqu-sz   await  svctm  %util

Knowing the columns helps here,

rrqm/s and wrqm/s, mean read/write requests merged a second, shows how well 
scheduler is merging contiguous io operations

r/s and w/s, read/write io operations a second

rsec/s and wsec/s, read/write sectors a second, I usually use the -k option so 
it displays as kilobytes a second

avgrq-sz, shows average request size in the unit of choice, here being sectors, 
I wish it'd separate reads from writes, but oh well

avgqu-sz, average amount of io operations waiting for service, smaller is better

await, average time an io operation waited on queue to be serviced in ms, again 
smaller is better

svctm, last time it took to service an io operation, how long the drive took to 
perform the operation from when it left queue to when a result was returned

%util, the estimated drive utilization based on svctm, await and avgqu-sz

For lockups though I'd look at dmesg and xen log, xmlog I think is the command.

The number one reason for lockups though is most likely memory contention 
between domUs and dom0.

What are you running in dom0? What are your memory reservations like?

-Ross
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

2011-02-23 Thread Mike

On Tue, 22 Feb 2011, ken wrote:

> I heard about some inexpensive security cameras which get their power
> through the same cat5 cable which delivers the data/pictures (which
> would simplify wiring tremendously).  Does anyone know about these?  Do
> they work with Linux, particularly CentOS?
>
>
> tnx 4 tips.
>

I've been meaning to try ZoneMinder (www.zoneminder.com) for some time but 
have not just yet.  In any case there is some good info on cameras in a 
few places on that site, "Hardware Compatibility List" section of the 
forum for one.

-- Mike
:wq
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

> I heard about some inexpensive security cameras which get their power
> through the same cat5 cable which delivers the data/pictures (which would
> simplify wiring tremendously).  Does anyone know about these?  Do they
> work with Linux, particularly CentOS?

I have a security camera, though not powered through the cat5, will have to 
check that out...  Anyway, I'd recommend these sites:

http://www.zoneminder.com/
http://www.cctvcamerapros.com/ 

Right now I have my camera attached to an RF modulator and splitter which 
merges the signal onto the coax run on channel 65 so I can watch it on my TV.  
As far as integrating with Linux, would check out Zone Minder link above, 
otherwise if you modulate onto your TV stream like I did you can then just use 
mythtv or any capture program if you wanted to schedule captures, etc.

Have fun,

Josh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unicode in C++

2011-02-23 Thread Michael D. Berger

On Tue, 22 Feb 2011 19:51:38 -0500, Nico Kadel-Garcia wrote:

> On Tue, Feb 22, 2011 at 5:37 PM, Michael D. Berger
>  wrote:
>> On my CentOS box, in C++ programs, is there a way to print Unicode
>> characters?
>>
>> Thanks,
>> Mike.
> 
> Why do you want to?

Off topic.

> And what sort of monitor or client are you using?
> Xterm, Putty, NX, SSH,

Xterm.

> And what do you mean by "print"? Do you mean send to a printer, or get
> them to display correctly on your screen?

   cout <<  << endl;

and they will appear on my screen, or:

   ofstream  os("myfile");
   os <<  << endl;

And they will appear in myfile which may them be printed or
edited with vi.

Thanks,
Mike.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Alternative to cPanel

Hello all,

I'm looking to setup a new CentOS box for a buddy of mine who
wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my
own on a Debian box he colo'd running a basterdized qmail/tinydns and custom
built httpd/mysql/etc (I was young).  It worked ok but time to move on and I
don't have time to maintain all those packages.  I also don't have
time to write another CP or port my PoS to it.  I'm also just going to use the
default  packages (bind, postfix, etc) instead of the DJB stuff.

Main requirements are fairly straightforward:

1. able to add/manage domains, ssl cert management, manage DNS records
2. able to manage email accounts and anti-spam settings
3. able to add/manage mysql and pgsql (nice to have)
4. user management - ftp/ssh accounts, password change, etc.
5. nice to have: add a wordpress blog / xcart store to a site
6. nice to have: users have own login to do some of the above for their domain 
only
7. nice to have: integrated website stats (awstats or equiv)
8. not optional - should have a focus on security

Stuff like viewing logs, automated billing, hosting plans, managing backups,
bandwidth monitoring, uploading web pages, managing server patches,
adding new software, etc. I don't mind leaving off or doing myself.  Willing to
pay a license, but not a huge budget.

I was leaning towards webmin/virtualmin but thought I'd check with this list
for any suggestions.  Had bad experiences with Plesk from a while
ago so leaving that off the table.  We have experience with cPanel
through another fail host, it's ok but too much stuff and too
expensive.

Josh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unicode in C++

2011-02-23 Thread Michael D. Berger

On Tue, 22 Feb 2011 23:53:20 +0100, Nicolas Thierry-Mieg wrote:

> Michael D. Berger wrote:
>> On my CentOS box, in C++ programs, is there a way to print Unicode
>> characters?
> 
> google knows...

I haven't found it.  Please see the other response I just sent
for clarification of what I need.

Thanks,
Mike.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] squashfs in the hundreds of GB range

2011-02-23 Thread Boris Epstein

Hello listmates,

I am running mksquashfs trying to archive a 400GB+ directory. It has already
taken about a day and the resultant archive is only about 40GB thus far and
the command is not done yet. Has anyone made a squashfs that size? Is it
normal for the process to take this long? If it is not - what am I doing
wrong.

I am using the most basic syntax:

mksquashfs  

The process is running at 100% CPU.

Thanks for any and all help.

Boris.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

2011-02-23 Thread Lucian

On Wed, Feb 23, 2011 at 2:49 PM, Trutwin, Joshua  wrote:
>
> I was leaning towards webmin/virtualmin but thought I'd check with this list
> for any suggestions.  Had bad experiences with Plesk from a while
> ago so leaving that off the table.  We have experience with cPanel
> through another fail host, it's ok but too much stuff and too
> expensive.

+1 for Virtualmin.
People will brag that it's insecure etc, but it has always done the
job for me and I have more than 100 installations of it. I never had
security problems because of it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

2011-02-23 Thread ken

On 02/22/2011 09:02 PM B.J. McClure wrote:
> Not sure it will answer your question but there was an article in
> December 2010 issue of Linux Magazine re surveillance cameras and linux.
> 
> HTH.
> 
> B.J.
> 
> 

BJ, I looked around Linux Mag's site for quite a while, did a couple
searches, and browsed the contents Dec 2010 and quite a few issues
before and after that, but couldn't find any article about selecting
and/or setting up surveillance cameras... except one on implementing
motion detection in cameras.  Is that the one you were thinking of?

Still, thanks much.  I'll probably come back to that one later.  If some
other info source comes to you, I'd be glad to hear about it.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unicode in C++

2011-02-23 Thread Scott Robbins

On Wed, Feb 23, 2011 at 02:44:11PM +, Michael D. Berger wrote:
> On Tue, 22 Feb 2011 19:51:38 -0500, Nico Kadel-Garcia wrote:
> 
> > On Tue, Feb 22, 2011 at 5:37 PM, Michael D. Berger
> >  wrote:
> >> On my CentOS box, in C++ programs, is there a way to print Unicode
> >> characters?
> >>
> > And what sort of monitor or client are you using?
> > Xterm, Putty, NX, SSH,
> 
> Xterm.

Make sure to use uxterm, not xterm.  (Should be included with any
installation of xterm.)

> 
> > And what do you mean by "print"? Do you mean send to a printer, or get
> > them to display correctly on your screen?
> 
>cout <<  << endl;
> 
> and they will appear on my screen, or:
> 
>ofstream  os("myfile");
>os <<  << endl;
> 
> And they will appear in myfile which may them be printed or
> edited with vi.

Depending upon the characters, you may not be able to get them in a
console, but as long as you're using X, they should appear in an xterm.  


-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

2011-02-23 Thread B.J. McClure


Wed Feb 23 10:49:46 EST 2011, RHEL 6, Linux 2.6.18-194.32.1.el5 athlon


On Wed, 2011-02-23 at 10:30 -0500, ken wrote:
> On 02/22/2011 09:02 PM B.J. McClure wrote:
> > Not sure it will answer your question but there was an article in
> > December 2010 issue of Linux Magazine re surveillance cameras and linux.
> > 
> > HTH.
> > 
> > B.J.
> > 
> > 
> 
> BJ, I looked around Linux Mag's site for quite a while, did a couple
> searches, and browsed the contents Dec 2010 and quite a few issues
> before and after that, but couldn't find any article about selecting
> and/or setting up surveillance cameras... except one on implementing
> motion detection in cameras.  Is that the one you were thinking of?


Sorry about that.  I cannot find the article on their website.  Page 30
in the paper version by Marcel Gagne.  Did have some stuff on motion
detection but article was broader than that and the links at the end of
the article might be useful, especially this one:

http://www.lavrsen.dk/foswiki/bin/view/Motion/WorkingDevices 

Good luck.

B.J.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

2011-02-23 Thread Len Kuykendall




> Date: Wed, 23 Feb 2011 10:30:56 -0500
> From: geb...@mousecar.com
> To: centos@centos.org
> Subject: Re: [CentOS] security cameras
> 
> On 02/22/2011 09:02 PM B.J. McClure wrote:
> > Not sure it will answer your question but there was an article in
> > December 2010 issue of Linux Magazine re surveillance cameras and linux.
> > 
> > HTH.
> > 
> > B.J.
> > 
> > 
> 
> BJ, I looked around Linux Mag's site for quite a while, did a couple
> searches, and browsed the contents Dec 2010 and quite a few issues
> before and after that, but couldn't find any article about selecting
> and/or setting up surveillance cameras... except one on implementing
> motion detection in cameras.  Is that the one you were thinking of?
> 
> Still, thanks much.  I'll probably come back to that one later.  If some
> other info source comes to you, I'd be glad to hear about it.
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


The article starts on page 30 of the December 2010 issue of Linux Magazine.  
The article is titled "Webcam Surveillance".


Len
  ___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unicode in C++

2011-02-23 Thread Mihai T. Lazarescu

On Wed, Feb 23, 2011 at 02:46:24PM +, Michael D. Berger wrote:

> On Tue, 22 Feb 2011 23:53:20 +0100, Nicolas Thierry-Mieg wrote:
> 
> > Michael D. Berger wrote:
> >> On my CentOS box, in C++ programs, is there a way to print Unicode
> >> characters?
> > 
> > google knows...
> 
> I haven't found it.

Strange.  "Using Unicode in C/C++":

http://evanjones.ca/unicode-in-c.html

pops on top of a plain search for "unicode c++" in Google:

http://www.google.it/search?q=unicode+c%2B%2B

Mihai
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] LVM problem after adding new (md) PV

2011-02-23 Thread Tomasz Nowak

Hello,
I have a weird problem after adding new PV do LMV volume group.
It seems the error comes out only during boot time. Please read the story.

I have couple of 1U machines. They all have two, four or more Fujitsu-Siemens
SAS 2,5" disks, which are bounded in Raid1 pairs with Linux mdadm.
First pair of disks has always two arrays (md0, md1). Small md0 is used
for booting and the rest - md1 is used as PV for volume group (vg0).
When I need to enlarge the volume, I just add 2 new disks, create
a raid 1 array of their whole space I add it as another mdX to vg0.

That has been working fine since yesterday.  I received new disks
branded by Toshiba (Toshiba bought Fujitsu-Simens hdd business)
which were supposed to be added as disk no 3 and 4.
As far as I remember I've done everything in the same way as before:

- They come out as sdc and sdd, so I
- fdisk /dev/sdc, created one primary parition of whole space, type fd
- the same with /dev/sdd
- mdadm --create /dev/md2 -R -l 1 -n 2 /dev/sdc1 /dev/sdd1
- array has been created and syncronized
- pvcreate /dev/md2
- vgextend vg0 /dev/md2

and it looks fine:
--
# cat /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sdb2[1] sda2[0]
  140488320 blocks [2/2] [UU]

md2 : active raid1 sdd1[1] sdc1[0]
  292961216 blocks [2/2] [UU]

md0 : active raid1 sdb1[1] sda1[0]
  3148608 blocks [2/2] [UU]
--
# pvdisplay
  --- Physical volume ---
  PV Name   /dev/md1
  VG Name   vg0
  PV Size   133.98 GB / not usable 11.62 MB
  Allocatable   yes
  PE Size (KByte)   32768
  Total PE  4287
  Free PE   1695
  Allocated PE  2592
  PV UUID   AufZRm-QbFC-xRj1-OxwW-Z2w2-qbkM-qzoEcP

  --- Physical volume ---
  PV Name   /dev/md2
  VG Name   vg0
  PV Size   279.39 GB / not usable 14.94 MB
  Allocatable   yes
  PE Size (KByte)   32768
  Total PE  8940
  Free PE   8940
  Allocated PE  0
  PV UUID   qeDW2q-nq5b-Yh5U-5sKY-7Rkd-1UXh-LAxL8j
--
# vgdisplay
  --- Volume group ---
  VG Name   vg0
  System ID
  Formatlvm2
  Metadata Areas2
  Metadata Sequence No  1010
  VG Access read/write
  VG Status resizable
  MAX LV0
  Cur LV8
  Open LV   2
  Max PV0
  Cur PV2
  Act PV2
  VG Size   413.34 GB
  PE Size   32.00 MB
  Total PE  13227
  Alloc PE / Size   2592 / 81.00 GB
  Free  PE / Size   10635 / 332.34 GB
  VG UUID   5cF1dk-1CMM-qiuf-CyNY-aCmw-8Hx8-4iO12I
--
# lvdisplay
  --- Logical volume ---
  LV Name/dev/vg0/d0v
  VG Namevg0
  LV UUIDq7zmrV-EykH-jPzR-smYJ-eehh-3Gbx-ebu5wK
  LV Write Accessread/write
  LV Status  available
  # open 1
  LV Size3.00 GB
  Current LE 96
  Segments   1
  Allocation inherit
  Read ahead sectors auto
  - currently set to 256
  Block device   253:0

[...] this part may be skiped as it's very long an irrelevant.
There are no errors here.
--

And now please take a look what happens during boot:


[...]
scsi0 : ioc0: LSISAS1078 C2, FwRev=01180400h, Ports=1, MaxQ=276, IRQ=20
mptsas: ioc0: attaching ssp device: fw_channel 0, fw_id 1, phy 0, sas_addr 
0x50e01f975022
  Vendor: FUJITSU   Model: MBB2147RC Rev: 0105
  Type:   Direct-Access  ANSI SCSI revision: 05
SCSI device sda: 287277984 512-byte hdwr sectors (147086 MB)
sda: Write Protect is off
SCSI device sda: drive cache: write back
SCSI device sda: 287277984 512-byte hdwr sectors (147086 MB)
sda: Write Protect is off
SCSI device sda: drive cache: write back
sda: sda1 sda2
sd 0:0:0:0: Attached scsi disk sda
mptsas: ioc0: attaching ssp device: fw_channel 0, fw_id 2, phy 1, sas_addr 
0x50e01f602f42
  Vendor: FUJITSU   Model: MBB2147RC Rev: 0105
  Type:   Direct-Access  ANSI SCSI revision: 05
SCSI device sdb: 287277984 512-byte hdwr sectors (147086 MB)
sdb: Write Protect is off
SCSI device sdb: drive cache: write back
SCSI device sdb: 287277984 512-byte hdwr sectors (147086 MB)
sdb: Write Protect is off
SCSI device sdb: drive cache: write back
sdb: sdb1 sdb2
sd 0:0:1:0: Attached scsi disk sdb
mptsas: ioc0: attaching ssp device: fw_channel 0, fw_id 3, phy 2, sas_addr 
0x5392b8028856
  Vendor: TOSHIBA   Model: MBF2300RC Rev: 0107
  Type:   Direct-Access

[CentOS] additional info

2011-02-23 Thread Tomasz Nowak

I forgot to mention that after creation of md2 I've added a new line to 
/etc/mdadm.conf:

# cat /etc/mdadm.conf
DEVICE partitions
MAILADDR root
ARRAY /dev/md0 level=raid1 num-devices=2 
UUID=91518bd3:79953138:f203f159:f2795fde
ARRAY /dev/md1 level=raid1 num-devices=2 
UUID=5b6722ca:b325344b:4ab40fc6:c3f1d6b4
ARRAY /dev/md2 level=raid1 num-devices=2 
UUID=45e2f59b:1be94f42:5d55c385:da4faf78

# mdadm --examine --scan
ARRAY /dev/md0 level=raid1 num-devices=2 
UUID=91518bd3:79953138:f203f159:f2795fde
ARRAY /dev/md1 level=raid1 num-devices=2 
UUID=5b6722ca:b325344b:4ab40fc6:c3f1d6b4
ARRAY /dev/md2 level=raid1 num-devices=2 
UUID=45e2f59b:1be94f42:5d55c385:da4faf78

-- 
Tomasz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

2011-02-23 Thread David Sommerseth

On 23/02/11 16:24, Lucian wrote:
> On Wed, Feb 23, 2011 at 2:49 PM, Trutwin, Joshua  wrote:
> +1 for Virtualmin.
> People will brag that it's insecure etc, but it has always done the
> job for me and I have more than 100 installations of it. I never had
> security problems because of it.

That one user with more than 100 installations haven't experienced security
issues with a product doesn't mean that there is no security issues.

It can just as much mean nobody tried to hack any of those installations,
or that they have tried but not succeeded yet, or that there are no
security issues ... but to distinguish this, then you need to have more
solid arguments than "I haven't experienced it" ... because you might not
have experienced it _yet_.

kind regards,

David Sommerseth

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

US-CERT encourages users and administrators using the affected
versions of BIND to upgrade to BIND 9.7.3.

Optionally, one can wait on a backport.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

On Wed, Feb 23, 2011 at 4:49 PM, Trutwin, Joshua  wrote:
> Hello all,
>
>
>
> I'm looking to setup a new CentOS box for a buddy of mine who
> wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my
> own on a Debian box he colo’d running a basterdized qmail/tinydns and custom
> built httpd/mysql/etc (I was young).  It worked ok but time to move on and I
> don't have time to maintain all those packages.  I also don't have
> time to write another CP or port my PoS to it.  I’m also just going to use
> the
>
> default  packages (bind, postfix, etc) instead of the DJB stuff.
>
> Main requirements are fairly straightforward:
>
> 1. able to add/manage domains, ssl cert management, manage DNS records
> 2. able to manage email accounts and anti-spam settings
> 3. able to add/manage mysql and pgsql (nice to have)
> 4. user management - ftp/ssh accounts, password change, etc.
> 5. nice to have: add a wordpress blog / xcart store to a site
> 6. nice to have: users have own login to do some of the above for their
> domain only
> 7. nice to have: integrated website stats (awstats or equiv)
> 8. not optional - should have a focus on security
>
> Stuff like viewing logs, automated billing, hosting plans, managing backups,
> bandwidth monitoring, uploading web pages, managing server patches,
> adding new software, etc. I don't mind leaving off or doing myself.  Willing
> to
>
> pay a license, but not a huge budget.
>
> I was leaning towards webmin/virtualmin but thought I'd check with this list
> for any suggestions.  Had bad experiences with Plesk from a while
> ago so leaving that off the table.  We have experience with cPanel
> through another fail host, it's ok but too much stuff and too
> expensive.
>
> Josh
>
> ___


How many domains do you need to manage that cPanel is too expensive?

Have you looked at the free alternatives, like:
ehcp
Webmin + Virtualmin
vhcs
ISPConfig
etc?

-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread Brunner, Brian T.

> -Original Message-
> From: centos-boun...@centos.org 
> [mailto:centos-boun...@centos.org] On Behalf Of Larry Vaden
> Sent: Wednesday, February 23, 2011 12:27 PM
> To: CentOS mailing list
> Subject: 
> [CentOS]http://www.securityweek.com/high-severity-bind-vulnera
> bility-advisory-issued
> 
> US-CERT encourages users and administrators using the affected
> versions of BIND to upgrade to BIND 9.7.3.
> 
> Optionally, one can wait on a backport.

Optionally, start BIND with the parameter to restrict BIND to one thread
(-n 1).
This prevents the deadlock which, though fatal to BIND when it happens,
is a remote probability.
***
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error please
notify the system manager. This footnote also confirms that this
email message has been swept for the presence of computer viruses.
www.Hubbell.com - Hubbell Incorporated**

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread m . roth

Larry Vaden wrote:
> US-CERT encourages users and administrators using the affected
> versions of BIND to upgrade to BIND 9.7.3.
>
> Optionally, one can wait on a backport.

Larry, go away. You don't seem to contribute anything at all to the list,
other than your obnoxiousness, and your desire to start flamewars, which
presumably give you some kind of jollies.

Yes, most of us saw this today on slashdot, if nowhere else. I would
expect RH to have the fix out in a day or two, and CentOS to have it out
the same day.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

2011-02-23 Thread Andy Hull


On 11-02-23 09:49 AM, Trutwin, Joshua wrote:


Hello all,

I'm looking to setup a new CentOS box for a buddy of mine who
wants to do hosting on a server via CoLo, Years ago I whipped up a CP 
of my
own on a Debian box he colo'd running a basterdized qmail/tinydns and 
custom
built httpd/mysql/etc (I was young).  It worked ok but time to move on 
and I

don't have time to maintain all those packages.  I also don't have
time to write another CP or port my PoS to it.  I'm also just going to 
use the


default  packages (bind, postfix, etc) instead of the DJB stuff.



I recently ran across DTC (gplhost.com). It seems to have all the major 
bells and whistles, but I have not made it far enough down the "Back 
Burner Todo List" to actually check it out myself yet.


Originally, I heard about it on FLOSS Weekly on the Twit Network: 
http://twit.tv/floss144


Andy
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread Markus Falb

On 23.2.2011 18:27, Larry Vaden wrote:
> US-CERT encourages users and administrators using the affected
> versions of BIND to upgrade to BIND 9.7.3.
> 
> Optionally, one can wait on a backport.

Ahhh!

Have a look at the relevant bugzilla ticket at
https://bugzilla.redhat.com/show_bug.cgi?id=679496
and read

...snip
This issue did not affect the versions of bind as shipped with
Red Hat Enterprise Linux 4, 5, or 6.
snap...

-- 
Best Regards, Markus Falb



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread Digimer

On 02/23/2011 12:55 PM, m.r...@5-cent.us wrote:
> Larry Vaden wrote:
>> US-CERT encourages users and administrators using the affected
>> versions of BIND to upgrade to BIND 9.7.3.
>>
>> Optionally, one can wait on a backport.
> 
> Larry, go away. You don't seem to contribute anything at all to the list,
> other than your obnoxiousness, and your desire to start flamewars, which
> presumably give you some kind of jollies.
> 
> Yes, most of us saw this today on slashdot, if nowhere else. I would
> expect RH to have the fix out in a day or two, and CentOS to have it out
> the same day.
> 
>mark

Mark,

  I don't want to raise the drama, so please don't take this wrong. In
this case though, I do think that a warning on the ML about a security
issue is justified. You can't be too careful.

  That said, Larry, your recent messages to the list have been
problematic. Reactions like this to your messages should be a pretty
clear indication that your messages have been less than contributing to
the community. Take a step back and think about your posts until stress
has diminished.

  Everyone else; I'll admit right off that I am just another user. That
said, there are list admins. If there are issues with a given poster,
please locate these admins and send a private email. This is equal parts
effective and helps to keep the drama to a minimum.

  With this, I'll withdraw from this discussion.

-- 
Digimer
E-Mail: digi...@alteeve.com
AN!Whitepapers: http://alteeve.com
Node Assassin:  http://nodeassassin.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

2011-02-23 Thread Keith Roberts

On Tue, 22 Feb 2011, ken wrote:

> To: CentOS Mailing List 
> From: ken 
> Subject: [CentOS] security cameras
> 
> I heard about some inexpensive security cameras which get their power
> through the same cat5 cable which delivers the data/pictures (which
> would simplify wiring tremendously).  Does anyone know about these?  Do
> they work with Linux, particularly CentOS?

AFAIK there are different options you can take with this.

Webcam USB camera or a PAL/NTS CCTV camera with a phono or 
BNC connector.

Use a PCI based video capture card to connect CCTV cameras 
to. Not sure about the software to use though.

Use a stand alone DVR - digital Video recorder to capture 
and record sound/video, as well as simultaneous monitor and 
IP broadcast over the net. Some of these boxes run Linux and 
an integral web server. You can also manage and control 
the DVR across the net.

You might find these links helpfull:

http://www.henrys.co.uk/cctv.htm
http://en.wikipedia.org/wiki/Digital_Video_Recorders

I think you will get far better video quality using CCTV 
cameras than a webcam on a USB port.

Kind Regards,

Keith Roberts

-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

On 02/23/11 10:16 AM, Keith Roberts wrote:
> I think you will get far better video quality using CCTV
> cameras than a webcam on a USB port.

you may think that, but those solutions you mentioned are all NTSC 
composite video, while even a $30 USB webcam now days is 2 megapixels or 
higher.

anyways, the OP wants cameras that connect to the network and get their 
power off the ethernet cable, not a USB or a CCTV camera.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel


On 2/23/2011 9:49 AM, Trutwin, Joshua wrote:


I was leaning towards webmin/virtualmin but thought I'd check with 
this list

for any suggestions.  Had bad experiences with Plesk from a while
ago so leaving that off the table.  We have experience with cPanel
through another fail host, it's ok but too much stuff and too
expensive.

Josh



Josh,

I have been running webmin/virtualmin/usermin for a number of years. A 
few things factored into my decision. The main one was I didn't want to 
be stuck inside of a 'box'. So far, 'almost anything' you want to do via 
command line has no interference with what is done via the interface. 
Also, within most of the modules, is the ability to simply open the 
config files for the service and do direct edits. The Webmin project is 
very active. If you have a problem or perceived bug, and no one else 
gets around to answering, you will normally hear back from Jamie Cameron 
the man behind it all, within hours of making a post. That is very rare 
these days. Basically, I find the system very flexible and highly 
configurable. In fact, there are several of my ideas for the system that 
have been put into place. In fact one, years ago, was to get the CentOS 
OS recognized within the system and it was done and of course still does.


The downside is that the interfaces are a bit geeky. One thing I would 
like to see is a total rewrite of all the module interfaces in Usermin 
in an attempt to better define things for the layman. Yes, the end user 
can do things that you allow. No, most end users won't really understand 
what they're trying to do. I think those 'boxes' in Plesk and cPanel 
better address those items due to the nature of 'boxes'. When I say 
'boxes', I'm referring to the Windows world config boxes that pop up 
forcing you down a particular road with no method for customizations.


John Hinton
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

2011-02-23 Thread Lucian

On Wed, Feb 23, 2011 at 5:18 PM, David Sommerseth
 wrote:
> That one user with more than 100 installations haven't experienced security
> issues with a product doesn't mean that there is no security issues.

I absolutely agree. Didn't want to imply Webmin is "unhackable"; it's
just not that bad as some people say it is.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

2011-02-23 Thread Les Mikesell

On 2/23/2011 12:36 PM, John R Pierce wrote:
> On 02/23/11 10:16 AM, Keith Roberts wrote:
>> I think you will get far better video quality using CCTV
>> cameras than a webcam on a USB port.
>
> you may think that, but those solutions you mentioned are all NTSC
> composite video, while even a $30 USB webcam now days is 2 megapixels or
> higher.
>
> anyways, the OP wants cameras that connect to the network and get their
> power off the ethernet cable, not a USB or a CCTV camera.

Trendnet has some.  You'd need to get the java plugin working to view 
them in a linux browser - not sure about full-time recording software. 
If you don't have enough to justify a POE switch, you can get individual 
power bricks that plug into the line to add power at a convenient place.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread James Hogarth

>  I don't want to raise the drama, so please don't take this wrong. In
> this case though, I do think that a warning on the ML about a security
> issue is justified. You can't be too careful.
>

Except that this issue does not affect BIND in rhel and thus CentOS
therefore making it yet more pointless drivel from the OP.

He obviously has a fascination with the BIND version in rhel but after
reading all his nonsense and looking at the texoma site I doubt it had
anything to do with the alleged hack of his server.

James
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

2011-02-23 Thread Lucian

On Wed, Feb 23, 2011 at 6:47 PM, John Hinton  wrote:
>The Webmin project is very active. If you have
> a problem or perceived bug, and no one else gets around to answering, you
> will normally hear back from Jamie Cameron the man behind it all, within
> hours of making a post. That is very rare these days.

Yup, their support is awesome, at least this was my experience.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

> +1 for Virtualmin.
> People will brag that it's insecure etc, but it has always done the job for me
> and I have more than 100 installations of it. I never had security problems
> because of it.

Thanks for all the posts.

Curious about the "people will brag that it's insecure" - is there a poor track 
record of security problems with webmin?

I noticed these: 

http://www.webmin.com/security.html 
http://tensixtyone.com/perma/woes-of-webmin
http://doxfer.webmin.com/Webmin/SecuringWebmin

I certainly don't plan to allow access to webmin save for a couple selected 
IP's and I'm not surprised to see any web application have security 
vulnerabilities.  But if it's on par with something like phpbb as far as 
security problems go, I'll probably look elsewhere. 

Josh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

On 2/23/2011 12:18 PM, David Sommerseth wrote:
>
> That one user with more than 100 installations haven't experienced security
> issues with a product doesn't mean that there is no security issues.
>
> It can just as much mean nobody tried to hack any of those installations,
> or that they have tried but not succeeded yet, or that there are no
> security issues ... but to distinguish this, then you need to have more
> solid arguments than "I haven't experienced it" ... because you might not
> have experienced it _yet_.
>
>
> kind regards,
>
> David Sommerseth
>
You are right David. The more you run on a server, the more you are 
vulnerable. That said, every control panel I have read about also has a 
history of security issues. So does just about every other 'server' 
application at one time or another. Each time this discussion comes up, 
security is mentioned. I don't want to start something here... I run 
some sendmail servers and some postfix servers. I find it odd that folks 
talk about the long history of security issues with sendmail. Well, 
sendmail has a "long history". Postfix does not. Both seem to address 
any issues rapidly and that is what matters. Both seem to be very robust.

There is another real world side to this. There is always some 
percentage of a chance that you will be taken down due to a security 
issue. There is always a percentage of a chance that you will be taken 
down by a system admin that lacks experience in some area. I would say 
system admins break things far more often than the outside world. And, 
in the real world of hosting, we are constantly 'pressed' for a 'Control 
Panel'. Clients simply expect it these days. I would dare say that those 
'percentages' of uptime are greater with a control panel and an average 
admin, and any security issues that come with that, vs. no control panel 
and maybe a really dumb thing being done by someone. Heck, I'm generally 
my own worst enemy on my systems. Not that the outside world hasn't done 
some things to me over the years.

Still a good point David. Adding anything like this does provide other 
ways in. I can say that having been on the Webmin list for about 7 or 8 
years, very rarely has there been something critical to address. Most 
have been compatibility issues with various OSs.

John Hinton
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

On 2/23/2011 2:04 PM, Trutwin, Joshua wrote:
>> +1 for Virtualmin.
>> People will brag that it's insecure etc, but it has always done the job for 
>> me
>> and I have more than 100 installations of it. I never had security problems
>> because of it.
> Thanks for all the posts.
>
> Curious about the "people will brag that it's insecure" - is there a poor 
> track record of security problems with webmin?
>
> I noticed these:
>
> http://www.webmin.com/security.html
> http://tensixtyone.com/perma/woes-of-webmin
> http://doxfer.webmin.com/Webmin/SecuringWebmin
>
> I certainly don't plan to allow access to webmin save for a couple selected 
> IP's and I'm not surprised to see any web application have security 
> vulnerabilities.  But if it's on par with something like phpbb as far as 
> security problems go, I'll probably look elsewhere.
No where close! And I know that from a few phpbb installs being hacked 
on some of my webmin servers. LOL!!!

John Hinton
> Josh
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued


Many thanks to Markus Falb for publishing his excellent research - the
same research that Larry could also have done.

"This issue did not affect the versions of bind as shipped with
Red Hat Enterprise Linux 4, 5, or 6."

James Hogarth wrote:

> He obviously has a fascination with the BIND version ...

Larry doesn't. Larry is desperate to win 'approval' or 'praise' from
others. He means well.  Larry should seek help, confide in someone and
unload all his problems privately and confidentially. Then he will be,
and feel, a lot better.

Great to know this list has good researchers like Markus Falb.


With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unicode in C++

2011-02-23 Thread Cameron Kerr

The same as on any other Linux box.

Some important tips for beginners:

*  Don't forget to set your locale appropriately at the beginning of 
your program.

*  Use ONE encoding CONSISTENTLY (utf-8 or utf-16) inside your program, 
and trans-code appropriately to/from outer encodings (all such transcoding 
should happen at the IO edges). If using UTF-16, make sure you standardise on 
an byte order if you are storing the files. UTF-8 doesn't have that issue. 
US-ASCII is also UTF-8 (the reverse is not true).

*  Do not mix data representations. As much as you can, try to stay 
with either wide-characters (where every character is represented as a single 
32-bit codepoint) or multi-byte (eg. UTF-8, UTF-16).

*  Yes, UTF-16 is also a multi-byte character set.

*  Learn about Unicode Normalisation: it is important when comparing 
strings. It is VERY IMPORTANT when comparing strings in a security context.

*  Software you will want to learn:
libiconv for transcoding.
IBM's Components for Unicode (ICU). This is a large suite of 
commonly needed Unicode algorithms that libc doesn't have.

Hope it helps,
Cameron

On 23/02/2011, at 11:37 AM, Michael D. Berger wrote:

> On my CentOS box, in C++ programs, is there a way to print
> Unicode characters?
> 
> Thanks,
> Mike.
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

> > I certainly don't plan to allow access to webmin save for a couple selected
> > IP's and I'm not surprised to see any web application have security
> > vulnerabilities.  But if it's on par with something like phpbb as far as 
> > security
> > problems go, I'll probably look elsewhere.

> No where close! And I know that from a few phpbb installs being hacked on
> some of my webmin servers. LOL!!!

Haha same (pristing phpbb, latest source, hacked in weeks).  I don't even know 
what to compare to phpbb - phpnuke maybe?  I won't even bother mentioning a 
certain DNS server as it's already being discussed ad nauseum.  :)

Anyway - OT now.  Appreciate the feedback on the thread, I have some research 
to do...

Josh
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

On Wed, Feb 23, 2011 at 1:03 PM, James Hogarth  wrote:
>
> Except that this issue does not affect BIND in rhel and thus CentOS
> therefore making it yet more pointless drivel from the OP.

Please take off the blinders and realize there are lots of folks (some
x% of a million or more) on this list who compile from current source
in order to minimize their risks and are therefore the subject
audience.

On the one hand, you have Paul Vixie and crew (authors of BIND) and
US_CERT saying "US-CERT encourages users and administrators using the
affected versions of BIND to upgrade to BIND 9.7.3."  On the other
hand, you have "don't bother me with reality, I'm comfortable, am not
affected and don't want to read messages to those who are affected."

Wisdom from a top security manager at Internet2 was presented on this
list.  Ignore his advice all you want.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

On Wed, Feb 23, 2011 at 1:14 PM, Always Learning  wrote:
>
> Many thanks to Markus Falb for publishing his excellent research - the
> same research that Larry could also have done.
>
>        "This issue did not affect the versions of bind as shipped with
>        Red Hat Enterprise Linux 4, 5, or 6."

You are overlooking those on the list who are affected.  Enuf said.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread Eero Volotinen

2011/2/23 Larry Vaden :
> On Wed, Feb 23, 2011 at 1:03 PM, James Hogarth  
> wrote:
>>
>> Except that this issue does not affect BIND in rhel and thus CentOS
>> therefore making it yet more pointless drivel from the OP.
>
> Please take off the blinders and realize there are lots of folks (some
> x% of a million or more) on this list who compile from current source
> in order to minimize their risks and are therefore the subject
> audience.

It is not wise to install packages from sources because it messes the package
management.

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

> Please take off the blinders and realize there are lots of folks (some x% of a
> million or more) on this list who compile from current source in order to
> minimize their risks and are therefore the subject audience.
> 
> On the one hand, you have Paul Vixie and crew (authors of BIND) and
> US_CERT saying "US-CERT encourages users and administrators using the
> affected versions of BIND to upgrade to BIND 9.7.3."  On the other hand, you
> have "don't bother me with reality, I'm comfortable, am not affected and
> don't want to read messages to those who are affected."

I've only been subscribed here a week and this topic seems very heated, so 
sorry if this stirs the pot up again, but don't patches for these things get 
back-ported?  So even if you're running bind v9.5.1 on CentOS/upstream 4/5.x 
you'd still have security fixes like those in this article backported right?

And yeah I suppose rolling your own is always an option but in my experience 
it's to easy to get behind.  This seems more like a Slackware approach tho, 
nothing against Slack of course!

Josh
 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread Les Mikesell

On 2/23/2011 1:21 PM, Larry Vaden wrote:
> On Wed, Feb 23, 2011 at 1:03 PM, James Hogarth  
> wrote:
>>
>> Except that this issue does not affect BIND in rhel and thus CentOS
>> therefore making it yet more pointless drivel from the OP.
>
> Please take off the blinders and realize there are lots of folks (some
> x% of a million or more) on this list who compile from current source
> in order to minimize their risks and are therefore the subject
> audience.

Someone who thinks they can do things better themselves than RH does it 
probably isn't going to take advice from a random mail list poster.  And 
when you compile your own source you take on the responsibility of 
tracking updates yourself.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

On Wed, Feb 23, 2011 at 1:25 PM, Eero Volotinen  wrote:
>
> It is not wise to install packages from sources because it messes the package
> management.

Agreed; that is why folks like Jeff Johnson and John Stanley share
their knowledge about how to do it such that your outcome doesn't
occur.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] massive mirror errors

I'm trying to ...

yum groupinstall "Development Tools" on a reasonably current 5.5 system
and getting massive mirror failures... is there a problem, or is this
my employer's network messing up?

(45/74):
rpm-build-4.4.2.3-20.el5_5.1.i386.rpm

| 302 kB 00:03
http://mirror.singleedge.com/pub/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.nwresd.org/pub/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://hpc.arc.georgetown.edu/mirror/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.its.uidaho.edu/pub/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.flhsi.com/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm:
[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.highspeedweb.net/CentOS/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.atlanticmetro.net/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://ftp.lug.udel.edu/pub/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm:

[Errno 14] HTTP Error 404: Not found
Trying other mirror.
http://mirror.vcu.edu/pub/gnu%2Blinux/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm:

[Errno 12] Timeout:
Trying other mirror.
http://mirrors.greenmountainaccess.net/centos/5.5/addons/i386/CentOS/imake-1.0.2-3.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.singleedge.com/pub/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.nwresd.org/pub/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://hpc.arc.georgetown.edu/mirror/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.its.uidaho.edu/pub/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.flhsi.com/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.highspeedweb.net/CentOS/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.atlanticmetro.net/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm:

[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://ftp.lug.udel.edu/pub/centos/5.5/addons/i386/CentOS/libXaw-1.0.2-8.1.i386.rpm:

[Errno 4] IOError:
Trying other mirror.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] massive mirror errors

On 02/23/11 11:53 AM, John R Pierce wrote:
> I'm trying to ...
>
> yum groupinstall "Development Tools" on a reasonably current 5.5 system
> and getting massive mirror failures...   is there a problem, or is this
> my employer's network messing up?

fyi, yum clean all  seems to have fixed it.  fastestmirrors musta been 
messed up.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

On Wed, 2011-02-23 at 13:23 -0600, Larry Vaden wrote:
> On Wed, Feb 23, 2011 at 1:14 PM, Always Learning  wrote:
> >
> > Many thanks to Markus Falb for publishing his excellent research - the
> > same research that Larry could also have done.
> >
> >"This issue did not affect the versions of bind as shipped with
> >Red Hat Enterprise Linux 4, 5, or 6."
> 
> You are overlooking those on the list who are affected.  Enuf said.

Larry,

I suspect the vast majority of Centos 5 users simply install Centos
software. They do not routinely install non-Centos versions to replace
Centos versions.

This list is about Centos versions of software - hence its simple title,
the "Centos Mailing List". 

If a user installs non-Centos versions of software it is for the user to
take extra precautions if case of bugs affecting non-Centos software.

If you had done the necessary research Centos users would not get
alarmed at serious reports of dangerous bugs in Centos software. Your
posting clearly inferred the dangers affected the Centos version which,
it subsequently transpired, was untrue. I hope you can understand this
point that there is a distinct difference between Centos application
software and non-Centos application software running on the Centos
operating system.

With best regards,

Paul.
England,
EU.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread Keith Keller

On Wed, Feb 23, 2011 at 07:28:15PM +, Trutwin, Joshua wrote:

[ > Larry Vaden wrote: (please don't snip attributions)]

> > Please take off the blinders and realize there are lots of folks (some x% 
> > of a
> > million or more) on this list who compile from current source in order to
> > minimize their risks and are therefore the subject audience.

If they have compiled from source then it is by definition not a CentOS
issue.

> > On the one hand, you have Paul Vixie and crew (authors of BIND) and
> > US_CERT saying "US-CERT encourages users and administrators using the
> > affected versions of BIND to upgrade to BIND 9.7.3."

Anyone running a CentOS-provided version of BIND is not using an
affected version.

> > On the other hand, you
> > have "don't bother me with reality, I'm comfortable, am not affected and
> > don't want to read messages to those who are affected."

Those messages are offtopic on this mailing list, so I sympathize with
people who have the attitude you describe.  Someone who had more
credibility with the list might be able to post offtopic messages (which
they would have marked [OT]) without causing a flamewar.

> I've only been subscribed here a week and this topic seems very heated, so 
> sorry if this stirs the pot up again, but don't patches for these things get 
> back-ported?  So even if you're running bind v9.5.1 on CentOS/upstream 4/5.x 
> you'd still have security fixes like those in this article backported right?

If you're running BIND 9.5.1, you are not susceptible to the bug that
Larry posted at all.  In general, security bugs that are applicable to
RHEL packages are patched upstream then rebuilt and released by CentOS.

> And yeah I suppose rolling your own is always an option but in my experience 
> it's to easy to get behind.  This seems more like a Slackware approach tho, 
> nothing against Slack of course!

Rolling one's own is an option for any distribution, including CentOS.
But rolling one's own by definition removes those packages from the
support stream for that distro, so should be taken into consideration
when deciding whether to roll one's own or not.

--keith

-- 
kkel...@wombat.san-francisco.ca.us

pgpfJ3cDXHMbA.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] openldap problems authenticating

2011-02-23 Thread Deyan Stoykov

On 23.02.2011 00:49, Tim Dunphy wrote:
> Hello list,
>
> I am running an openldap 2.4 server under FreeBSD that was working
> well until the config was tweaked by someone on the team without
> properly documenting their work
>
> # /usr/local/etc/ldap.con on ldap server (FreeBSD 8.1)
>
> host LBSD.summitnjhome.com
> base dc=summitnjhome,dc=com
> sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com
> bindpw {SSHA}secret
> scope sub
> pam_password exop
> nss_base_passwd ou=staff,dc=summitnjhome,dc=com
> nss_base_shadow ou=staff,dc=summitnjhome,dc=com
>
> # grep for ldap account shows ldap account on the ldap server itself succeeds
>
> [root@LBSD2:/usr/local/etc/openldap] #getent passwd | grep walbs
> walbs:secret/:1002:1003:Walkiria Soares:/home/walbs:/usr/local/bin/bash
> [root@LBSD2:/usr/local/etc/openldap] #grep walbs /etc/passwd
> [root@LBSD2:/usr/local/etc/openldap] #
>
> # /etc/ldap.conf on ldap client (centos 5.5)
>
> host LBSD2.summitnjhome.com
> base dc=summitnjhome,dc=com
> sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com
> bindpw {crypt}secret

Is the value of bindpw in /etc/ldap.conf actually a crypt hash? It 
should be cleartext.

HTH,
Deyan


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advis ory-issued

2011-02-23 Thread R P Herrold

On Wed, 23 Feb 2011, Larry Vaden wrote:

> Please take off the blinders and realize there are lots of folks (some
> x% of a million or more) on this list who compile from current source
> in order to minimize their risks and are therefore the subject
> audience.

and it is on topic in this venue, just how?  You might as well 
exhort:

- Look both ways before crossing the street

- Always buckle your seatbelt

- Never use an ISP that requires provising sufficient personal 
information as needed to facilitate identity theft [1]; and 
solicts credit card information without any indication of PCI/CISP
controls or privacy policy [2]

Mailman provides for 'per poster' moderation.  It's time here, 
I think

-- Russ herrold

1. http://www.texoma.net/it/pricing.html
"All suscribers [sic] must supply their choice of
social security or driver's license number for unique
identification within our accounting system"
2. https://secure.texoma.net/make_payment.php

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advis ory-issued

2011-02-23 Thread m . roth

R P Herrold wrote:
> On Wed, 23 Feb 2011, Larry Vaden wrote:
>
>> Please take off the blinders and realize there are lots of folks (some
>> x% of a million or more) on this list who compile from current source
>> in order to minimize their risks and are therefore the subject
>> audience.
>
> and it is on topic in this venue, just how?  You might as well
> exhort:

> Mailman provides for 'per poster' moderation.  It's time here,
> I think

Moderator - here's a second vote to moderate Larry *out*.

 mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

On Wed, Feb 23, 2011 at 11:27 AM, Larry Vaden  wrote:
> US-CERT encourages users and administrators using the affected
> versions of BIND to upgrade to BIND 9.7.3.
>
> Optionally, one can wait on a backport.

This message is RECALLED even though:

1) US-CERT used the word "affected."
2) the "optionally" was directed to those who might have used
RHEL/CentOS' excellent facility to draw in code from other repos.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread Markus Falb

On 23.2.2011 21:47, Larry Vaden wrote:
> On Wed, Feb 23, 2011 at 11:27 AM, Larry Vaden 
>  wrote:
>> US-CERT encourages users and administrators using the affected
>> versions of BIND to upgrade to BIND 9.7.3.
>>
>> Optionally, one can wait on a backport.
> 
> This message is RECALLED even though:
> 
> 1) US-CERT used the word "affected."
> 2) the "optionally" was directed to those who might have used
> RHEL/CentOS' excellent facility to draw in code from other repos.

You dont got it ? Another try: There will be no backport, because bind
in RHEL/CentOS is not affected. But yes, optionally one can wait...

-- 
Best Regards, Markus Falb, waiting...



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: please moderade or remove Larry Vaden

Can an admin please moderate ALL posts from Larry Vaden, or remove him
from the list?

-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

On 2/23/2011 2:23 PM, Larry Vaden wrote:
> On Wed, Feb 23, 2011 at 1:14 PM, Always Learning  wrote:
>> Many thanks to Markus Falb for publishing his excellent research - the
>> same research that Larry could also have done.
>>
>> "This issue did not affect the versions of bind as shipped with
>> Red Hat Enterprise Linux 4, 5, or 6."
> You are overlooking those on the list who are affected.  Enuf said.

Larry,

Did you get your broken nameserver(s) fixed? Or are you maybe just 
complaining here trying to get a new release out which more than likely 
will not fix your issue, but it is easier to blame CentOS than to look 
at your install? If so, you more than likely will be let down when you 
find there is no magic wand in a new update.

That said... I personally believe that upstream provides a rather stock 
install of bind, perhaps meant more for an intranet than the internet? 
Bind just might be the single hardest part of running a webserver. But, 
I spent a number of days reading on hardening bind and then the testing 
and moving into production. Larry, have you done this?

If texoma.net is one of the affected domains, I note that there are some 
problems with DNS for that domain. The 2 level3.net nameservers are not 
providing either full or maybe correct information. If this is the case 
for other domain you manage, this is a serious problem and as DNS can be 
rather finicky, might be the root of your entire perceived problem.

And, if you think you had an injection, please do some googling on 
hardening bind. There is a lot of good information out there. To me, 
this is what is needed today and is well beyond a standard bind 
installation done by CentOS.

If in fact texoma.net is an example of the problem with all of the 
domains under your control, please fix your own house and quit 
complaining here until you have cleaned up things on your end. What I 
see has 0 to do with the bind version on CentOS. In fact, if you don't 
fix this before an upgrade, you may have a larger mess afterwards.

I don't envy the task as I know very well that this is not easy. 
Alternatively, maybe you should consider using a service such as 
dnsmadeeasy... although they recently experienced a significant downtime 
themselves due to a huge DoS attack coming in from all over the world.

Is it possibly a bit hypocritical to complain about other people's 
houses being dirty when you live in a dirty house yourself?

Best,
John Hinton
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advis ory-issued

On Wed, Feb 23, 2011 at 2:43 PM, R P Herrold  wrote:
>
> - Never use an ISP that requires provising sufficient personal
> information as needed to facilitate identity theft [1]; and
> solicts credit card information without any indication of PCI/CISP
> controls or privacy policy [2]

Thanks for the constructive criticism. The pricing page has been taken
down until it can be updated.  The language is from 1995.

Wrt the payment mechanism, that will take longer to fix, but we will fix it.

We will also look at BCPs wrt privacy.

Again, thanks for the constructive criticism.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Air Conditioning - ON!

2011-02-23 Thread Ryan Ordway

On Feb 22, 2011, at 2:56 PM, Johnny Hughes wrote:
> On 02/22/2011 02:35 PM, Ian Murray wrote:
>> 
>> 
>> I did think about that when when I made my earlier comment. The trouble is 
>> is 
>> that it obviously isn't working because we have these list flame-ups.
> 
> I think 8 million unique machines disagree with you assessment.  Who
> knows, maybe all 8 million are wrong and the 10-20 people who are
> discussing it on this list are right.

Zing!

Not to mention I'd think the Belgian police might be more concerned at your 
invitation for mischief on their systems. 

Just because CentOS is a relatively small operation compared to commercial 
offerings or maybe other community offerings, does not mean that it is any less 
suited for critical applications. Perhaps the CentOS project could use some 
more man power to insure updates are not stalled because a key player is 
unavailable at the wrong time, but I don't think it's a situation that only 
CentOS suffers from. With CentOS it is perhaps more visible -- we know when the 
update was available upstream and how long it took to show up in CentOS repos. 
This is less obvious upstream, unless you are paying close attention to every 
individual Open Source project that upstream draws from... in which case 
perhaps you could use some of that time contributing to CentOS. Problem solved.

--
Ryan Ordway   E-mail: rord...@oregonstate.edu
Unix Systems Administrator   rord...@library.oregonstate.edu
OSU Libraries, Corvallis, OR 97331Office: Valley Library #4657

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread Kai Schaetzl

Larry Vaden wrote on Wed, 23 Feb 2011 13:21:23 -0600:

> Please take off the blinders and realize there are lots of folks (some
> x% of a million or more) on this list who compile from current source
> in order to minimize their risks and are therefore the subject
> audience.

Nonsense, there is no "minimization of risk" by doing so.

Please don't argue about the worthiness of your information. It's been 
said to you time and again that most here do not wish to see that kind of 
"information". Thanks.

Kai


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

2011-02-23 Thread yonatan pingle

On Wed, Feb 23, 2011 at 4:49 PM, Trutwin, Joshua  wrote:
> Hello all,
>
>
>
> I'm looking to setup a new CentOS box for a buddy of mine who
> wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my
> own on a Debian box he colo’d running a basterdized qmail/tinydns and custom
> built httpd/mysql/etc (I was young).  It worked ok but time to move on and I
> don't have time to maintain all those packages.  I also don't have
> time to write another CP or port my PoS to it.  I’m also just going to use
> the
>
> default  packages (bind, postfix, etc) instead of the DJB stuff.
>
> Main requirements are fairly straightforward:
>
> 1. able to add/manage domains, ssl cert management, manage DNS records
> 2. able to manage email accounts and anti-spam settings
> 3. able to add/manage mysql and pgsql (nice to have)
> 4. user management - ftp/ssh accounts, password change, etc.
> 5. nice to have: add a wordpress blog / xcart store to a site
> 6. nice to have: users have own login to do some of the above for their
> domain only
> 7. nice to have: integrated website stats (awstats or equiv)
> 8. not optional - should have a focus on security
>
> Stuff like viewing logs, automated billing, hosting plans, managing backups,
> bandwidth monitoring, uploading web pages, managing server patches,
> adding new software, etc. I don't mind leaving off or doing myself.  Willing
> to
>
> pay a license, but not a huge budget.
>
> I was leaning towards webmin/virtualmin but thought I'd check with this list
> for any suggestions.  Had bad experiences with Plesk from a while
> ago so leaving that off the table.  We have experience with cPanel
> through another fail host, it's ok but too much stuff and too
> expensive.
>
> Josh
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Hey there,
some are run with ispconfig some with cPanel , some use DirectAdmin
control panel ,
DirectAdmin which proven itself to be a reliable hosting panel "layman
friendly" , would be my suggestion.
if you are talking about hosting your own stuff, it won't be needed
,but when it comes to providing third party access to the account,
cPanel or DirectAdmin are the best choice.




-- 
Best Regards,
Yonatan Pingle
RHCT | RHCSA | CCNA1
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread Kai Schaetzl

Larry Vaden wrote on Wed, 23 Feb 2011 14:47:13 -0600:

> This message is RECALLED

Please stop this! Please understand that there is a reply button on your 
mail client, use it!

Kai


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued


On Thu, 2011-02-24 at 00:31 +0100, Kai Schaetzl wrote:

> Larry Vaden wrote on Wed, 23 Feb 2011 14:47:13 -0600:
> 
> > This message is RECALLED
> 
> Please stop this! Please understand that there is a reply button on your 
> mail client, use it!

I thought 'recall' was a Micro$oft facility. Centos is a Linux system. I
don't think it runs on Micro$oft. 

My systems simply ignore all 'recalls'.

>From Larry's web site: http://www.texoma.net/it/contact_us.html

ab...@texoma.net to report violations of netiquette

-- 

With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

On Feb 23, 2011, at 2:04 PM, "Trutwin, Joshua"  wrote:

>> +1 for Virtualmin.
>> People will brag that it's insecure etc, but it has always done the job for 
>> me
>> and I have more than 100 installations of it. I never had security problems
>> because of it.
> 
> Thanks for all the posts.
> 
> Curious about the "people will brag that it's insecure" - is there a poor 
> track record of security problems with webmin?
> 
> I noticed these: 
> 
> http://www.webmin.com/security.html 
> http://tensixtyone.com/perma/woes-of-webmin
> http://doxfer.webmin.com/Webmin/SecuringWebmin
> 
> I certainly don't plan to allow access to webmin save for a couple selected 
> IP's and I'm not surprised to see any web application have security 
> vulnerabilities.  But if it's on par with something like phpbb as far as 
> security problems go, I'll probably look elsewhere. 

One nice thing, depending on how you look at it, about webmin is it's in Perl 
so it's easy to customize and audit (if you have enough time).

You could conceivably strip it down to the bare essentials needed and audit it 
line by line to give you some comfort level. Then run it with selinux enabled 
and everything properly labeled so if someone does break it they can't get too 
far.

Just make sure for Internet facing services it isn't setup to allow access to 
essential system configs, where even selinux wouldn't help you.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread David Brian Chait


>From Larry's web site: http://www.texoma.net/it/contact_us.html

>ab...@texoma.net to report violations of netiquette

To quote Rodney King.."Can't we all just get along?"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RECALL: http://www.securityweek.com/high-severity-bind-vulnerability-advisory-issued

2011-02-23 Thread aurfalien

On Feb 23, 2011, at 3:42 PM, David Brian Chait wrote:

>
>> From Larry's web site: http://www.texoma.net/it/contact_us.html
>
>> ab...@texoma.net to report violations of netiquette
>
> To quote Rodney King.."Can't we all just get along?"

Yea its like Dork Wars 2011.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] security cameras

On Wed, Feb 23, 2011 at 9:12 AM,   wrote:
> Nico Kadel-Garcia wrote:
>> On Tue, Feb 22, 2011 at 9:31 PM, Always Learning 
>> wrote:
>>>
>>> On Tue, 2011-02-22 at 18:04 -0800, John R Pierce wrote:
>>>
 TCP/IP cameras would work with any OS, most just FTP or whatever the
 pictures to a webserver you provide, or they run their own server and
 you can wget the pics off them.   but I've never seen any IP cameras
 I'd call really cheap.   Panasonic makes a nice line of them, some even
 have remote pan/zoom via a http interface.
> 
>> If you want a full-blown remote TCP monitoring system, look at Axis.
>> They're historically very Linux compatible, they have all the features
>> you might want, and while they're not cheap they have all the features
>> you might need.
>
> At work, we use the package motion. Does everything, including writing
> .avi? .asf? files to the home directory which is nsf mounted. Trivial load
> on the network for monitoring.
>
> We've got *really* cheap old webcams. Do see if you can get USB 1.1, not
> 1.0
>
>          mark

Yeah, I know that one. I wrote some of the early RPM's for it. It had
integration issues way back at RedHat 6.2, but has improved a lot
since then.

Amusingly, someone I worked with was insisting, *insisting* that
anything that came out in newer kernels, they could backport to their
modified 2.0.x optimized kernel, because *of course* their patches
were so clever and so important that they could never be ported
forward, a newer kernel could never hope to match it. But good USB and
webcam support was only workable in the 2.2. kernels, backporting it
to 2.0 was ridiculously infeasible. And the "upgrade versus backport
war" was on!!!

We seeing the same things with new features in RHEL/CentOS releases,
such as Samba features and OpenSSH major releases and Bind.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unicode in C++

On Wed, Feb 23, 2011 at 9:44 AM, Michael D. Berger
 wrote:
> On Tue, 22 Feb 2011 19:51:38 -0500, Nico Kadel-Garcia wrote:
>
>> On Tue, Feb 22, 2011 at 5:37 PM, Michael D. Berger
>>  wrote:
>>> On my CentOS box, in C++ programs, is there a way to print Unicode
>>> characters?
>>>
>>> Thanks,
>>> Mike.
>>
>> Why do you want to?
>
> Off topic.

*Very* relevant. If it's for a specific app, or for parsing inputs
from web forms, or handling Kanji from PDF for pstext output, or emacs
editing over a serial port, it matters.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternative to cPanel

2011-02-23 Thread Garry Dale

Trutwin, Joshua wrote:
> Hello all,

Hi, Josh. The CentOS lists are really not the appropriate place for this 
thread. No doubt there are many members of the CentOS community who can 
and will help. However, I'm quite certain that CentOS is wholly separate 
from the other, so threads on the CentOS lists should only pertain to 
CentOS. Perhaps those willing to assist you might contact you 
personally.  Just a friendly suggestion from a user.

Regards.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] current bind version

2011-02-23 Thread Machin, Greg

Hi.

I have had an enquiry from the Network and Security guy. He wants to
know why CentOS 5.5 /RHEL 5 is using a very old version of bind
"bind-chroot-9.3.6-4.P1.el5_5.3" when the latest release that has many
security fixes is on 9.7.3 . I understand that its to maintain a known
stable platform by in introducing new elements etc .. Is there an
official explanation / document that  I can direct him to.

 

Thanks

 

Greg Machin
Systems Administrator - Linux
Infrastructure Group, Information Services

 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: Ecommerce hosting

2011-02-23 Thread Thomas Dukes

Would appreciate some suggestions for ecommerce hosting.  Been using, cough,
cough, godaddy, for about 5 or 6 yrs but in the last year or so, they really
suck. Did the hosting myself for a while prior to going with godaddy but I
don't have time to babysit. Seems godaddy would rather spend millions
advertising during the Super Bowl than put that money to good use.

TIA!!

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] current bind version

On Wed, Feb 23, 2011 at 9:08 PM, Machin, Greg
 wrote:
> Hi.
>
> I have had an enquiry from the Network and Security guy. He wants to know
> why CentOS 5.5 /RHEL 5 is using a very old version of bind
> “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many
> security fixes is on 9.7.3 . I understand that its to maintain a known
> stable platform by in introducing new elements etc .. Is there an official
> explanation / document that  I can direct him to.

The "bind97" packages is in RHEL 5.6.  RedHat pubishes such major
component upgrades as separate packages, so people using the older
version get updates, but who want the major upgrades are free to
install them and get separate support.

Our faithful CentOS maintainers have not yet completed their
publication of CentOS 5.6. I'm sure they'd appreciate your help doing
so, although I've had some difficulty reverse engineering enough of
their build structure to parallel their work.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] current bind version

On Thu, 2011-02-24 at 15:08 +1300, Machin, Greg wrote:

> I have had an enquiry from the Network and Security guy. He wants to
> know why CentOS 5.5 /RHEL 5 is using a very old version of bind
> “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many
> security fixes is on 9.7.3 . I understand that its to maintain a known
> stable platform by in introducing new elements etc .. Is there an
> official explanation / document that  I can direct him to.

It is my understanding the security issue neither affects the Red Hat
version of Bind nor the Centos derivative for operating system releases
4 and 5. 

This subject was mentioned here with some passion in the last 48 hours
but I don't keep copies.

Please suggest to your "guy" he needs to do some Googling to find recent
emails from this mailing list and other sources which may provide
further information.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] current bind version

2011-02-23 Thread Steve Walsh



On 02/24/2011 01:08 PM, Machin, Greg wrote:


Hi.

I have had an enquiry from the Network and Security guy. He wants to 
know why CentOS 5.5 /RHEL 5 is using a very old version of bind 
"bind-chroot-9.3.6-4.P1.el5_5.3" when the latest release that has many 
security fixes is on 9.7.3 . I understand that its to maintain a known 
stable platform by in introducing new elements etc .. Is there an 
official explanation / document that  I can direct him to.




Hi Greg

Probably an idea to point your N&S guys at the RH 'backporting' Page - 
https://access.redhat.com/security/updates/backporting/?sc_cid=3093


Basically, the version is kept the same to minimise impact on users, 
whilst bugfixes and security errata from future versions are 
'backported' to the version that ships with the relevant RHEL version.


Also worthwhile pointing them at the BIND CVE in the Redhat Bugzilla, 
which advises on the impact on the RHEL versions - 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0414



Regards

Steve
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Ecommerce hosting

2011-02-23 Thread Machin, Greg

If you want a full virtual host I'm running on Linode without an issues
so far. Been with them for a year and a half. www.linode.com

Greg Machin
Systems Administrator - Linux
Infrastructure Group, Information Services

Open Polytechnic | Kuratini Tuwhera

Phone +64 4 914 5254 or 0508 650200 ext 5254 | Fax +64 4 913 5759
3 Cleary Street, Waterloo | Private Bag 31914, Lower Hutt 5040
http://www.openpolytechnic.ac.nz
Please consider the environment before printing this email.


-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Thomas Dukes
Sent: Thursday, 24 February 2011 3:19 p.m.
To: CentOS
Subject: [CentOS] OT: Ecommerce hosting

Would appreciate some suggestions for ecommerce hosting.  Been using,
cough,
cough, godaddy, for about 5 or 6 yrs but in the last year or so, they
really
suck. Did the hosting myself for a while prior to going with godaddy but
I
don't have time to babysit. Seems godaddy would rather spend millions
advertising during the Super Bowl than put that money to good use.

TIA!!

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] current bind version

On Feb 23, 2011, at 9:08 PM, "Machin, Greg"  
wrote:

> Hi.
> 
> I have had an enquiry from the Network and Security guy. He wants to know why 
> CentOS 5.5 /RHEL 5 is using a very old version of bind 
> “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many 
> security fixes is on 9.7.3 . I understand that its to maintain a known stable 
> platform by in introducing new elements etc .. Is there an official 
> explanation / document that  I can direct him to.
> 

Please check out:

https://access.redhat.com/security/updates/backporting/?sc_cid=3093

RHEL maintains application binary interfaces during the lifetime of their 
releases. Only for applications that can no longer be feasibly maintained 
through backporting (ie firefox) do they update the version mid release.

A lot of people don't understand the backporting way of maintaining a stable 
platform across a release, it took me a while to appreciate it.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] current bind version

2011-02-23 Thread Machin, Greg

Thank you all for helping to clarify this. 

 

Thanks

 

Greg Machin
Systems Administrator - Linux
Infrastructure Group, Information Services

 

From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Ross Walker
Sent: Thursday, 24 February 2011 3:51 p.m.
To: CentOS mailing list
Cc: 
Subject: Re: [CentOS] current bind version

 

On Feb 23, 2011, at 9:08 PM, "Machin, Greg"  
wrote:

Hi.

I have had an enquiry from the Network and Security guy. He wants to 
know why CentOS 5.5 /RHEL 5 is using a very old version of bind 
“bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many security 
fixes is on 9.7.3 . I understand that its to maintain a known stable platform 
by in introducing new elements etc .. Is there an official explanation / 
document that  I can direct him to.

 

Please check out:

 

https://access.redhat.com/security/updates/backporting/?sc_cid=3093

 

RHEL maintains application binary interfaces during the lifetime of their 
releases. Only for applications that can no longer be feasibly maintained 
through backporting (ie firefox) do they update the version mid release.

 

A lot of people don't understand the backporting way of maintaining a stable 
platform across a release, it took me a while to appreciate it.

 

-Ross

 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unicode in C++

2011-02-23 Thread Michael D. Berger

On Wed, 23 Feb 2011 17:01:37 +0100, Mihai T. Lazarescu wrote:

[...]

Thanks, I did a slightly different search and I didn't get
such good results.

Mike.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] current bind version

On 02/23/11 6:08 PM, Machin, Greg wrote:
>
> Hi.
>
> I have had an enquiry from the Network and Security guy. He wants to 
> know why CentOS 5.5 /RHEL 5 is using a very old version of bind 
> “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many 
> security fixes is on 9.7.3 . I understand that its to maintain a known 
> stable platform by in introducing new elements etc .. Is there an 
> official explanation / document that I can direct him to.
>
>

to put it bluntly, your security guy is pretty much worthless as such if 
he thinks security is audited by checking version numbers.

sadly, this is too common.






___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Ecommerce hosting

2011-02-23 Thread Frank Cox

On Wed, 23 Feb 2011 21:18:59 -0500
Thomas Dukes wrote:

> Would appreciate some suggestions for ecommerce hosting.

Depends on what you want.  I use beanstream for the bit of stuff that I do.

-- 
MELVILLE THEATRE ~ Melville Sask ~ www.melvilletheatre.com
www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] current bind version