Re: New open source project

[Gregory Seidman]

On Mon, Jun 12, 2023 at 12:26:35PM +0200, the2nd wrote:
> i am developing an open source OTP authentication server and currently
> searching for someone to test it. I hope its okay to ask for this on this
> list.
> 
> There is no documentation yet but i can write a step by step guide if
> someone is interested in testing my project.
[...]

No documentation is one thing, but no justification for why this is useful
or better than existing OTP options like otpw-bin and libpam-otpw means
that you aren't likely to find a lot of interest.

You did a thing, and you've announced it, but why should anyone care
(beyond the intellectual exercise) that you did it? This isn't to say it's
a waste or not worth doing, just that you haven't explained why it isn't.

> Regards
> the2nd
--Gregory

Re: Fetchmail in Bullseye?

[Gregory Seidman]

Fetchmail continues to retrieve my email successfully. Could your clock
possibly be skewed enough to affect TLS negotiation?

--Gregory

On Mon, May 08, 2023 at 01:39:14AM -0700, John Conover wrote:
> 
> My fetchmail, (from the repository,) has started timing out with a
> SOCKET error on connections I've used for years. Both fetchmail and
> openssl are from the repository.
> 
> fetchmail: 6.4.16+GSS+NTLM+SDPS+SSL-SSLv2-SSLv3+NLS+KRB5
> openssl: 1.1.1n  15 Mar 2022
> 
> Anyone else having similar problems?
> 
> Thanks,
> 
> John
> 
> -- 
> 
> John Conover, cono...@panix.com, http://www.johncon.com/
> 
> 

Re: what's the right way to resolve localhost's IPs

[Gregory Seidman]

On Wed, Mar 22, 2023 at 10:06:40AM +0800, Jeremy Ardley wrote:
> 
> On 22/3/23 09:12, f...@dnsbed.com wrote:
> > Hello,
> > 
> > In my shell script, how to get the localhost's IPs (eth0 and eth1)
> > correctly?
> > I know I can run 'ifconfig' and grep etc, but it's maybe not that
> > graceful.
> 
> On Debian the preferred  command is
> 
> root@debian12:~# ip a
[...]
> You can also output in .json format
> 
> root@debian12:~# ip -j a
[...]
> 
> and if you write a script like this (and make it write protected and
> executable)
[...]

For those of us who like using jq for this kind of thing:

#!/bin/sh

ip -j a | jq -r '
.[] | {
"name": .ifname,
"addr": .addr_info |
map(select(.family ==  "inet")) |
.[0].local
} |
select(.addr) |
.name + ": " + .addr'

> you can do
> 
> ip -j a | ./ipv4_addresses.py
> lo: 127.0.0.1
> enp7s0: 10.31.40.68
> 
> or on a fancier setup
> 
> ip -j a | ./ipv4_addresses.py
> lo: 127.0.0.1
> eth0: 10.31.40.4
> eth0: 10.31.40.5
> eth0: 10.31.40.101
> docker0: 172.17.0.1
> 
> > -- 
> 
> Jeremy
> (Lists)
--Gregory

Re: RAID1 + iSCSI as backup (was Re: More RAID weirdness: external RAID over network)

[Gregory Seidman]

On Fri, Mar 17, 2023 at 06:05:27PM -0700, David Christensen wrote:
> On 3/17/23 12:36, Gregory Seidman wrote:
[...]
> > This thread has piqued my interest, because I have been lax in doing proper
> > backups. I currently run a RAID1 mirroring across three disks (plus a hot
> > spare). On top of that is LUKS, and on top of that is LVM. I keep meaning
> > to manually fail a disk then store it in a safe deposit box or something as
> > a backup, but I have not gotten around to it.
> > 
> > It sounds to me like adding an iSCSI volume (e.g. from AWS) to the RAID as
> > an additional mirror would be a way to produce the off-site backup I want
> > (and LUKS means I am not concerned about encryption in transit). It also
> > sounds like you're saying this is not a good backup approach. Ignoring
> > cost, what am I missing?
> > 
> > > Reco
> > --Gregory
> 
> I would not consider using a cloud device as a RAID member -- that sounds
> both slow and brittle.  Live data needs to be on local hardware.
[...]

Thinking about it more, that makes sense. Maybe the right approach is to
split the difference. I can manually fail a mirror, dd it over to an iSCSI
target, then re-add it.

> On 3/17/23 13:52, Dan Ritter wrote:
> > Three different things:
> >
> > resiliency in the face of storage failure: RAID.

And what I'm really trying to achieve is resiliency in the face of all the
drives failing, e.g. due to a fire or other catastrophe.

> > restoration of files that were recently deleted: snapshots.

I don't have automated LVM snapshotting set up, but I could and probably
should. That would cover that use case.

> > complete restoration of a filesystem: backup.

This can be achieved with the same off-site full-disk backup.

> > (and technically, a fourth: complete restoration of points in
> > time: archives).

That isn't a use case I've considered, and I don't think it's a use case I
have.

[...]
> > -dsr-
[...]
> I would add:
> 
> * ECC memory.

In place, yes.

> * Check-summing filesystems (I prefer ZFS-on-Linux).
[...]
> With four disks, the OP could use two in a ZFS mirror for live data, use
> zfs-auto-snapshot for user-friendly recovery, and use the other two
> individually as on-site and off-site backup media.

I do like the checksumming ZFS offers. The main reason I haven't switched
to ZFS, aside from already having a working setup with RAID/LUKS/LVM and
not wanting to fix what isn't broken, is that ZFS encryption is per volume
instead of the entire pool overall. That means that I either need to create
an encrypted ZFS volume for each of my existing LVM filesystems,
multiplying the hassle of unlocking them all, or I need to create a single
encrypted ZFS volume and put LVM on top of it. Is there a better way?

> David
--Gregory

RAID1 + iSCSI as backup (was Re: More RAID weirdness: external RAID over network)

[Gregory Seidman]

On Fri, Mar 17, 2023 at 06:00:46PM +0300, Reco wrote:
[...]
> PS There's that old saying, "RAID is not a substitute for a backup".
> What you're trying to do sounds suspiciously similar to an old "RAID
> split-mirror" backup technique. Just saying.

This thread has piqued my interest, because I have been lax in doing proper
backups. I currently run a RAID1 mirroring across three disks (plus a hot
spare). On top of that is LUKS, and on top of that is LVM. I keep meaning
to manually fail a disk then store it in a safe deposit box or something as
a backup, but I have not gotten around to it.

It sounds to me like adding an iSCSI volume (e.g. from AWS) to the RAID as
an additional mirror would be a way to produce the off-site backup I want
(and LUKS means I am not concerned about encryption in transit). It also
sounds like you're saying this is not a good backup approach. Ignoring
cost, what am I missing?

> Reco
--Gregory

Re: exim4 smarthost selection based on sender

[Gregory Seidman]

I *think* I followed that syntax, but I'm not sure because I am not super
familiar with exim4 config. If I'm reading that correctly:

if the from header matches .*xxx.org
then
use smtp.xxx.net
else if the subject matches SSS
then
use mail.SSS.net
else
use smtp.googlemail.com

Is that right? If so, since my use case is all mail goes through the paid
service except what's coming from a single address, is this what I want?

dc_smarthost='"${if 
match{${lc:$header_from:}}{myem...@somegoogledomain.com}{smtp.googlemail.com::587}{smtp.mypaidservice.com::587}}"'

In addition, is the header match case insensitive and/or can it be?

--Gregory

On Sun, Nov 27, 2022 at 02:26:26PM -0500, Marc Auslander wrote:
> On 11/27/2022 12:20 PM, Gregory Seidman wrote:
> > I send email from several email addresses. I pay for an email service for
> > both sending and receiving email, but I pull it down locally (via POP with
> > fetchmail) and send messages from my Debian server with mutt. All of those
> > email addresses wind up forwarding to the address with the paid service,
> > but I neither send nor receive messages directly with that email address.
> > One of the addresses I send from is hosted by Google, and therefore when I
> > send from that address through my paid service (which is how exim4 is
> > configured, using it as a smarthost) recipients usually see a warning about
> > the message being unverified or suspicious. This is presumably because of
> > DKIM or something.
> > 
> > What I'd like to do is configure exim4 as it is for most outgoing mail, but
> > to use GMail as the smarthost when the sender is that one particular email
> > address. Can someone guide me or give me a hint, please?
> > 
> > --Gregory
> I used a simple solution:
> 
> dc_smarthost='"${if
> match{${lc:$header_from:}}{.*xxx.org}{smtp.xxx.net::587}{${if 
> match{${lc:$header_subject:}}{SSS}{mail.SSS.net}{smtp.googlemail.com::587"'
> 
> Note you can test for any header.
> 
> 

exim4 smarthost selection based on sender

[Gregory Seidman]

I send email from several email addresses. I pay for an email service for
both sending and receiving email, but I pull it down locally (via POP with
fetchmail) and send messages from my Debian server with mutt. All of those
email addresses wind up forwarding to the address with the paid service,
but I neither send nor receive messages directly with that email address.
One of the addresses I send from is hosted by Google, and therefore when I
send from that address through my paid service (which is how exim4 is
configured, using it as a smarthost) recipients usually see a warning about
the message being unverified or suspicious. This is presumably because of
DKIM or something.

What I'd like to do is configure exim4 as it is for most outgoing mail, but
to use GMail as the smarthost when the sender is that one particular email
address. Can someone guide me or give me a hint, please?

--Gregory

Re: Keep config?

[Gregory Seidman]

On Mon, Sep 27, 2021 at 12:02:52PM +0200, Hans wrote:
> Hi folks,
> 
> just an easy question: How can I force to keep or overwrite a configuration 
> during an upgrade? As I do not want it set fixed, I am searching for a 
> solution by setting a command. 
[...]

In addition to the other responses in this thread, I'll put in a plug for
the etckeeper package. I'm a big fan of keeping versioned history of my
configs in a local git repo.

> Best regards
> Hans
--Gregory

Re: Postgresql ODBC driver not found

[Gregory Seidman]

On Thu, Sep 23, 2021 at 08:18:45AM -0400, Henning Follmann wrote:
> On Thu, Sep 23, 2021 at 08:44:42AM +0200, Pierre Couderc wrote:
> > Thank you very much!
> > 
> > See below :
> > 
> > On 9/22/21 3:37 PM, Henning Follmann wrote:
> > > On Wed, Sep 22, 2021 at 11:07:28AM +0200, Pierre Couderc wrote:
> > > > It is here I see it/them with:
> > > > 
> > > > odbcinst -q -d
> > > > 
> > > > but not with :
> > > > 
> > > >    SQLHENV env;
> > > >    SQLCHAR driver[256];
> > > >    SQLCHAR attr[256];
> > > >    SQLSMALLINT driver_ret;
> > > >    SQLSMALLINT attr_ret;
> > > >    SQLUSMALLINT direction;
> > > >    SQLRETURN ret;
> > > >    SQLAllocHandle(SQL_HANDLE_ENV, SQL_NULL_HANDLE, );
> > > >    SQLSetEnvAttr(env, SQL_ATTR_ODBC_VERSION, (void *) SQL_OV_ODBC3, 0);
> > > > 
> > > >    direction = SQL_FETCH_FIRST;
> > > >    while(SQL_SUCCEEDED(ret = SQLDrivers(env, direction,
> > > >     driver, sizeof(driver), 
> > > > _ret,
> > > >     attr, sizeof(attr), 
> > > > _ret))) {
> > > >      direction = SQL_FETCH_NEXT;
> > > >      printf("%s - %s\n", driver, attr);
> > > >      if (ret == SQL_SUCCESS_WITH_INFO) printf("\tdata truncation\n");
> > > >    }
> > > > 
> > > > What do I miss...?

I don't see where you ask for the PostgreSQL ODBC connection in particular.
Maybe I'm the one missing something?

> > > The ability to clearly describe your problem!
> > Sorry I tried to be minimum... But here are more details?
> 
> Not sorry, but what do you expect? That everybody has a magic crystal
> bowl to fill in missing information?

Hey, ease up. Missing information makes it harder to diagnose the issue,
but there is no need to be rude about it.

[...]
> > >Did you compile it? And if so, how?
> > Yes, with default tools (gcc under debian bulllseye linked with libodbc)
> 
> Are you kidding me? That is not additional information. Just you
> being condescending.
> Strike one.
> 
> > >You installed odbcunix I assume.
> > >How did you configure it?
> > Correctly.
> 
> Really? REALLY?
> Strike two.

Wow, seriously rude.

[...]
> can you please connect to your database with:
> 
> isql "PostgreSQL Unicode"  
> 
> and perform a minimum check like:
> select 1;
[...]

That's helpful, and I look forward to seeing the response to this.

> -H
> 
> -- 
> Henning Follmann   | hfollm...@itcfollmann.com

--Gregory

Re: Bash script problem

[Gregory Seidman]

Re: scanner recommendation

[Gregory Seidman]

https://www.usa.canon.com/internet/portal/us/home/products/details/scanners/photo-scanner/canoscan-lide-110

It's a cheap workhorse. I haven't tried it with Linux but it doesn't
require any special software or drivers on macOS, which makes me think it
is entirely open standard.

--Gregory

On Sun, Apr 18, 2021 at 03:57:30PM -0400, Default User wrote:
> Hi!
> 
> It may be time for a new scanner.
> 
> For years I have used a Visioneer OneTouch 7100 usb flatbed scanner on
> various x86 computers running various versions of Debian and
> simple-scan.
> 
> Currently:
> Debian Unstable (updated, of course)
> Linux 5.10.0-6-amd64 #1 SMP Debian 5.10.28-1 (2021-04-09) x86_64 GNU/Linux
> Cinnamon 4.8.6-2
> Dell Inspiron 3542 (laptop, circa 2015), 64-bit
> Scanner software: simple-scan, from Debian Unstable repositories
> Use case: light duty home use.
> 
> For years it worked "okay".  But it suddenly started producing scans
> with a narrow pink stripe down the left side of the scan image
> produced.
> 
> I tried installing xsane (too complicated for me), which I did not
> configure at all.  And if I just clicked the scan button in xsane it
> would "dim out" and then do nothing.  As a bonus, simple-scan then no
> longer worked; upon clicking scan in simple-scan it would just do
> nothing, with a rotating "activity busy" circle displaying
> indefinitely.
> 
> So I uninstalled (purged) both xsane and simple-scan, re-installed
> simple-scan, then rebooted.
> Simple-scan now "works", but still produces the pink stripe down the
> image left side, just as before.
> 
> : (
> 
> Note: the scanner is (about) 20 years, so no parts or service
> available from Visioneer.
> 
> : (
> 
> So . . .
> Can anyone recommend a good replacement scanner?
> 
> I am really hoping to get something that works "out of the box", with
> little or no configuration, etc.
> 
> 

Re: Running debian on WSL (windows-system-for-linux)

[Gregory Seidman]

On Thu, Mar 25, 2021 at 08:02:32PM -0700, Dan Hitt wrote:
> Does anybody have any experience running debian on a WSL
> (windows-system-for-linux) machine?

Yes, I use WSL2 on my work machine and run Debian in it.

[...]
> In particular, i would like to
> (a) be able to remotely access the WSL debian just as if it were debian
> box, including having ssh, rsync, and x windows

This is entirely doable. Once you get ssh going you have rsync and X11
tunneling. You don't mention what you'll be connecting from, but if it
doesn't have an X11 server you can run a VNC server under Debian that is an
X11 server, and tunnel VNC over SSH to get to that desktop from whatever
your client is.

> (b) occasionally do the same sorts of things from its console

Easy. It's even pretty easy to run an X11 server on Windows (XMing is an
option, though I prefer Cygwin's X11... yes, I use both WSL2 and Cygwin,
and I mostly use Cygwin) and display to it from WSL2.

> (c) not have to manually set up and keep alive daemons or special services,

I am not entirely certain whether WSL2 comes up on Windows boot, but it
runs services normally when it comes up. You will probably have to muck
with the Windows firewall to redirect ports on the Windows host to the
internal WSL2 IP address. I can't say I've done that. I think WSL2 may be a
per-user thing, so I'm not sure if it can run when you aren't logged in. If
you have yourself logged in with WSL2 up, though, I expect you can switch
users and it will still be up.

> (d) as an extra, keep the debian and windows things on separate disks, if
> possible.

WSL2 uses a file on disk essentially as a block device. I vaguely remember
it being possible to use a disk partition directly, but I don't remember.
You can configure where the disk file lives when you create the WSL2 guest.

> I'm not looking for a multi-boot situation, as i want to be able to access
> the WSL apparatus while the console is engaged with doing windows
> operations for somebody else (and i guess the converse as well, although
> i'm pretty foggy about sshing into windows).

There is also definitely a way to set up Cygwin's ssh as a Windows service
(and it might be automatic, though I'm not sure). That may be what you want
for getting in, then you can use WSL2 from that shell for your other
purposes.

> Thanks in advance for any advice or pointers.
> dan

Good luck,
--Gregory

Re: Jus thinking - Low level X GUI with shaders

[Gregory Seidman]

On Sun, Feb 07, 2021 at 10:07:28PM -0500, Stefan Monnier wrote:
> > You have reinvented NeWS with Display PostScript
> > . Don't get me wrong, it was a great
> > idea, ahead of its time, and not especially well (or efficiently)
> > implemented at the time, so it may well be ripe for reinvention.
> 
> I think nowadays the idea is called HTML, where the display server is
> called "web browser" and Javascript has replaced Display Postscript.

You're not wrong, in the sense that that covers a wide variety of use
cases. There remains a niche for rich desktop GUIs that 1) can display
remotely, 2) execute sandboxed code on the display server, and 3) play nice
with a windowing system rather than being just a "page". I wouldn't be
unhappy with that sandboxed code being JavaScript (or even WASM). I would
be unhappy with every GUI app I use running a web server and launching a
browser to http://localhost:/

> Stefan
--Gregory

Re: Jus thinking - Low level X GUI with shaders

[Gregory Seidman]

On Sun, Feb 07, 2021 at 10:53:19AM +0100, Marek Mosiewicz wrote:
> Hi,
> 
> I would like to share my thoughts considering remote appliation
> problem.
> 
> In beginnig there was X server :) It was designed in mind to enable
> using of applications in distributed environment. You could open window
> which was just running on other computer.
[...]
> But I just look into idea that you do not need to do so. I think it
> could be possible to pass shader program to X server (even as string).
> This shader program could be whole GUI lib. It could manage theme,
> layouts, fonts, widgets, data model on its own on x server. It would
> depend on widget system how exchange data between client and server.
[...]

You have reinvented NeWS with Display PostScript
. Don't get me wrong, it was a great
idea, ahead of its time, and not especially well (or efficiently)
implemented at the time, so it may well be ripe for reinvention. Given that
we have much better facilities for sandboxing and hardware accelerated
graphics than we did at the time, now might be the time.

> Cheers,
>Marek Mosiewicz
>http://marekmosiewicz.pl
--Gregory

Re: Linux router AP with reserved IPs on wlan0?

[Gregory Seidman]

If you want a Linux router/AP, I recommend OpenWRT over Debian. It runs on
a variety of router hardware, but also PCs: 
https://openwrt.org/docs/guide-user/installation/openwrt_x86

Importantly, it uses UCI
 for configuration of
switches, networks, 802.11 (wifi) radios, SSIDs, firewalls, etc. which
substantially simplifies handling the issues you are encountering. Its web
interface (luci) works directly with the UCI config files, so it's easy to
switch between editing a file and working in the web UI.

--Gregory

On Sat, Feb 06, 2021 at 02:29:08AM -0800, John Conover wrote:
> 
> A wireless router made with hostapd/dnsmasq/dhcpcd is fairly easy, and
> works well with iptables, with one shortcoming.
> 
> After antagonizing the Google for hours, I can not find any way to add
> reserved IPs based on the the MAC address of devices connected on
> wlan0, (presumably in dhcpcd.conf.) Seems kind of a simple oversight
> for a wireless AP.
> 
> Am I correct in my assumption?
> 
> Thanks,
> 
> John
> 
> -- 
> 
> John Conover, cono...@rahul.net, http://www.johncon.com/
> 
> 

ZFS guidance

[Gregory Seidman]

I've been running 10+ LVM volumes on top of dmcrypt on top of md RAID1 on
Debian for many, many years and it has served me well. I've been
double-mirroring (i.e. three active drives in the RAID array) for the last
several with the idea that I can manually fail a disk, pull it out (and
replace with a fresh drive), and put it somewhere safe off-site as an easy
approach to backup (and I'm only concerned with disaster recovery, not
individual file recovery).

I have new server hardware I'm planning on moving things to, and I'm
considering making a change to my approach. I've been hearing good things
about ZFS for a long time, and I understand that encryption has been
supported for several years. Assuming that I have three physical disks to
dedicate (separate from the three I am currently using) I'm seeking
guidance on the following:

1. Can an entire ZFS array be encrypted, rather than individual volumes? I
 don't want to have to enter the password for each volume, just once 
when
 bringing up the whole array.

2. Is there a way to tune ZFS such that it can tolerate the loss of any two
   out of three disks? Redundancy is more important to me than total
 available storage.

3. Is there any equivalent off-site backup mechanism like my current
   fail-and-remove approach?

Note that I am not worried about the effort involved in moving data. This
is a home setup and downtime is tolerable.

Thanks,
--Gregory

Re: package of cfdisk

[Gregory Seidman]

On Sun, Nov 01, 2020 at 11:53:18PM +0100, gregoire roumache wrote:
> Hello,
> 
> I've found multiple bugs while using the command : cfdisk. I've written a
> report to sub...@bugs.debian.org, however it was rejected because I didn't
> specify a package (line at the very first line of the mail body).
> Unfortunately, I couldn't determine what package cfdisk was part of. If you
> could give me its name, it would be very helpful!

You can determine what package a file comes from using dpkg -S:

% dpkg -S $(which cfdisk)
fdisk: /sbin/cfdisk

> Sincerely,
> Grégoire Roumache
--Gregory

Bizarre packet loss

[Gregory Seidman]

First off, here's the network architecture:

ISP (untrusted) router (NAT)
 |
OpenWRT (trusted) router (NAT) ... wireless device
 |
Cisco (unmanaged) switch---+
 | |
Netgear (unmanaged) switchwired device
 |
Debian server

If I ping the Debian server from OpenWRT, the wireless device, or the wired
device I get 25%-30% packet loss *unless* I am pinging an external IP from
the Debian server at the same time, at which point the packet loss goes
below 1%. I have no explanation for this.

But wait, it's even weirder than that. Pinging from one wireless device to
another wireless device *also* shows significant (~20%) packet loss unless
the Debian server is pinging an external IP. Note that pinging an external
IP from a wired or wireless device doesn't seem to have any impact.

I suspect that something bad is happening at the Ethernet layer that I'm
just not seeing, but I don't know where it's coming from or what I'm
looking for. I've used tcpdump from the places where I can (OpenWRT, Debian
server, wired and wireless devices) and looked at it in Wireshark, but nothing
jumps out at me.

There is a pretty strong chance that this isn't coming from the Debian
server at all, but a ping from it has some magical effect on the network.
I've been fighting this for days and I'm just at a loss. I'd very much
appreciate any advice or options to try.

Thanks,
--Gregory

Re: Release netboot installer fails

[Gregory Seidman]

On Mon, May 27, 2019 at 11:32:46AM +0100, Brian wrote:
> On Sun 26 May 2019 at 11:18:52 -0400, Gregory Seidman wrote:
> 
> > This is mostly to document what I encountered, because I haven't had time
> > to put it in a bug. (I don't know if I will get around to it, honestly. If
> > someone else wants to put it in they should feel free and post a response
> > to the list with the bug link.)
[...]
> > I would hope this is fixable.
> 
> Bug #749991?

Cripes, that's a grave bug that's five years old. And yes, that's the
issue. For convenience:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749991

> -- 
> Brian.
--Greg

Release netboot installer fails

[Gregory Seidman]

This is mostly to document what I encountered, because I haven't had time
to put it in a bug. (I don't know if I will get around to it, honestly. If
someone else wants to put it in they should feel free and post a response
to the list with the bug link.) I also have a bonus warning regarding
encrypted root at the end.

First, the premise I'm working from:

The released netboot installer (i.e. netboot.tar.gz) downloadable via
https://www.debian.org/distrib/netinst should be capable of
installing the stable distribution, and should probably support any
options it presents.

If there isn't agreement on that, well, don't even bother with the rest.

Using the amd64 netboot (pxelinux.0, etc.), I had my machine PXE boot.
Everything boots and run fine until it tries to load installer components,
at which point it apparently loads udebs from the testing distribution with
kernel modules that don't match the installer kernel. At that point the
installation cannot proceed since it can't find disks without the drivers
for them (e.g. sd_mod).

I would have thought that the udebs for the stable distribution installer
would remain (wait for it) stable. I'm a little unclear on whether there is
any segregation of udebs by distribution at all. I haven't delved into the
details of the installer, and I regret that I don't have time to do so, but
I would hope this is fixable.

*** Bonus Warning ***

This is a caveat, not a complaint or even really a bug report.

I ultimately wound up using a daily netboot build and successfully
installed. This led to a whole other issue having to do with disk
encryption. The stable distribution has cryptsetup v1.x, but testing has
v2.x. Since the daily netboot is based on testing it uses cryptsetup 2.x to
format an encrypted partition, and that defaults to the LUKS2 disk format. The
stable distribution only has cryptsetup v1.x, which does not understand the
LUKS2 format. Thus guided partitioning with an encrypted LVM partition
containing root cannot be used when installing the stable distribution from
a testing-based installer. Since Buster is pretty close to release, as I
understand it, I chose to install testing and use LUKS2.

I'd argue that the installer should offer a choice between LUKS1 and LUKS2,
particularly if the user has chosen Expert Install. Meanwhile, I just want
to make people aware of the pitfall.

--Greg

Re: AI spam filter

[Gregory Seidman]

Spamassassin has a Bayesian classifier (a standard AI technique) in
addition to its rules-base classification. You train it on positive (spam)
and negative (non-spam) messages. I've been using it for at least a decade
and I've been very happy with its increasing accuracy as I retrain it on
correct and incorrect classifications it's made. At this point I get few
errors either way.

--Greg

On Sun, May 13, 2018 at 12:03:01PM +0200, Nicolas George wrote:
> Hi.
> 
> For years I have been using bogofilter as my main spam filter. But
> nowadays, neural networks and machine learning have made enormous
> progress.
> 
> I wonder if there is somewhere in Debian a spam filter (working on the
> same principles as bogofilter: a stand-alone program that reads a mail
> from its input and outputs a diagnosis) based on these technologies and
> that people find satisfactory.
> 
> Any advice?
> 
> Regards,
> 
> -- 
>   Nicolas George

Re: Does bash have a tool ?

[Gregory Seidman]

On Sun, Mar 04, 2018 at 09:26:51AM -0600, Richard Owlett wrote:
> My eventual goal is to create a personalized FAQ.
> To that end I've collected all my outgoing mail which DOES NOT have "Re:" in
> the Subject into a single file {used standard SeaMonkey tools}.
> 
> Using a text editor's search function I've placed "KEY1" at the
> beginning of the body of each message. Similarly, I've placed "KEY2" at the
> end of each body.
> 
> Searches led to  which
> describes tools to do word frequency tasks, primarily with bash builtins.
> 
> First I need to eliminate the irrelevant text between "KEY2" of the previous
> message and "KEY1" of the message of interest. It should be straight forard
> to do in BASIC.

awk '/^KEY1$/,/^KEY2$/' infile > outfile

> But is there an already tested function for that?
> TIA
--Greg

Re: customizing systemd config

[Gregory Seidman]

On Fri, Aug 11, 2017 at 07:04:54PM +0200, Christian Seiler wrote:
> Hi there,
> 
> On 08/11/2017 04:42 AM, Gregory Seidman wrote:
> > I'm trying to recreate under systemd something I had previously cobbled
> > together with shell scripts and init levels under sysvinit.
> > 
> > Only a few services ran under init 2, the default set in /etc/inittab,
> > including privoxy and ssh; the rest of the services I wanted running, such
> > as fetchmail, exim4, courier-imap, apache2, etc. would be started at init
> > level 3. Those services required an encrypted volume (actually a RAID that
> > was an encrypted LVM PV for a VG with several volumes) to be configured and
> > mounted before they could be started.
> 
> I've blogged about this very scenario a while back:
> https://blog.iwakd.de/headless-luks-decryption-via-ssh
> 
> Note that I wrote that mainly to explain some details about
> systemd using a specific example, I personally am not actually
> using that kind of setup. For a headless server of mine I use
> full disk encryption (LUKS) for everything except /boot and
> unlock the entire system in the initramfs. I also mention that
> approach in my blog post, but wanted to stress it here again
> because I think that the initramfs-based decryption is the
> better way to do this. For that alternative take a look at:
> https://projectgus.com/2013/05/encrypted-rootfs-over-ssh-with-debian-wheezy/

This not only gave me the understanding I was looking for, but a
new perspective on it as well. Thank you!

> Regards,
> Christian
--Greg

customizing systemd config

[Gregory Seidman]

I'm trying to recreate under systemd something I had previously cobbled
together with shell scripts and init levels under sysvinit.

Only a few services ran under init 2, the default set in /etc/inittab,
including privoxy and ssh; the rest of the services I wanted running, such
as fetchmail, exim4, courier-imap, apache2, etc. would be started at init
level 3. Those services required an encrypted volume (actually a RAID that
was an encrypted LVM PV for a VG with several volumes) to be configured and
mounted before they could be started.

I wrote a shell script that I'd run manually which would take the
encryption password (via /etc/init.d/cryptdisks start), ensure that the
volume group was found, mount the filesystems, then run init 3. There was
also a flag in case I needed to get the VG up without mounting any volumes
(e.g. to run a manual fsck on some volume).

I have a new server with a fresh install of stretch and I'm trying to make
it just a systemctl start (or stop) to achieve the following:

1) the default.target (i.e. multi-user.target) is equivalent to init 2 with
   minimal services
2) "systemctl start decrypted" gets the encrypted VG up and running but
   doesn't mount any filesystems
3) "systemctl start operating" makes sure everything in "decrypted" is up
   before mounting the volumes then launching the various services
4) "systemctl stop operating" stops the various services and attempts to
   unmount those filesystems
5) "systemctl stop decrypted" stops everything from "operating" and shuts
   down the volume group and decryption

The first challenge is that the cryptsetup package still installs itself
(cryptdisks and cryptdisks-early) in /etc/init.d, which means that systemd
goes through a process I don't properly understand to run it; it seems to
be generating a unit file in /run/systemd/generator.late for it using the
lsb header on the /etc/init.d script. (Also, by default and installed as
part of the systemd package, /lib/systemd/system/cryptdisks.service is a
symlink to /dev/null which, I believe, prevents the generated service from
being enabled.)

It looks like (and according to the systemd.unit man page) I can override
the generated cryptdisks.service unit file with configuration in
/etc/systemd/system/cryptdisks.service.d/override.conf, at least according
to what "systemctl edit cryptdisks" creates. I know that's a piece of the
puzzle, but I'm still missing something.

If I'm even on the right track (and if I'm not please set me straight), I
have the following questions (and probably more to come):

1) Should "decrypted" and "operating" be .target units or something else?
2) What would I put in e.g. /etc/systemd/system/fetchmail.d/override.conf
   to prevent it from starting under multi-user.target? Or is it a matter
   of removing symlinks from /*/systemd/*/*.wants directories?
3) Is there a systemd command to help me with managing this (including
   transitive wants)? Or is it requires? What's the difference between
   wants and requires anyway?
3) What would I put in /etc/systemd/system/cryptdisks.d/override.conf to
   remove its "Before=checkfs.service" reverse dependency?
4) How do I specify the post-decryption mounts? Can I just set them up in
   /etc/fstab as noauto then symlink the generated .mount units to a
   .wants?

Thanks in advance,
--Greg

Re: Failing disk advice

[Gregory Seidman]

On Mon, Mar 06, 2017 at 12:17:03PM +0100, Mirko Parthey wrote:
> On Sun, Mar 05, 2017 at 08:38:27PM -0800, David Christensen wrote:
> > On 03/05/2017 01:02 PM, Gregory Seidman wrote:
> > >I have a disk that is reporting SMART errors. It is an active disk in
> > >a (kernel, not hardware) RAID1 configuration. I also have a hot spare
> > >in the RAID1, and md hasn't decided it should fail the disk and switch
> > >to the hot spare. Should I proactively tell md to fail the disk (and
> > >let the hot spare take over), or should I just wait until md notices a
> > >problem?
> > 
> > I'm confused by "I also have a hot spare in the RAID1".  Do you have a
> > two-member RAID1 with a hot spare, or a three-member RAID1?  I would
> > prefer the latter:
> > 
> > https://manpages.debian.org/jessie/mdadm/md.4.en.html
> 
> Refining this advice a bit, I would convert the spare to a full RAID
> member now, without explicitly failing the disk that reports SMART
> errors first.
> Assuming you have a two-member RAID1 with a hot spare, the command
> should be similar to this (untested):
>   mdadm -G /dev/mdX -n 3 
> This ensures you keep redundancy during further maintenance actions.

I was unaware that this was possible. I've run it and mdadm -D reports that
it is now in the "clean, degraded, rebuilding" state. Thank you! I wish I
had room in my system to add the fourth (which I've ordered) without
removing the failing disk, but I do not.

> Which SMART errors do you get, and who reports them?

I get emails sent to root:

This message was generated by the smartd daemon running on:

   host name:  XX
   DNS domain: YY

The following warning/error was logged by the smartd daemon:

Device: /dev/sdc [SAT], 8 Currently unreadable (pending) sectors

Device info:
ST31500341AS, S/N:9VS43CV9, WWN:5-000c50-0208aa9a3, FW:CC1H, 1.50 TB

For details see host's SYSLOG.

You can also use the smartctl utility for further investigation.
The original message about this issue was sent at Wed Dec 14 00:51:36 
2016 EST
Another message will be sent in 24 hours if the problem persists.

...and...

This message was generated by the smartd daemon running on:

   host name:  XX
   DNS domain: YY

The following warning/error was logged by the smartd daemon:

Device: /dev/sdc [SAT], 8 Offline uncorrectable sectors

Device info:
ST31500341AS, S/N:9VS43CV9, WWN:5-000c50-0208aa9a3, FW:CC1H, 1.50 TB

For details see host's SYSLOG.

You can also use the smartctl utility for further investigation.
The original message about this issue was sent at Wed Dec 14 00:51:37 
2016 EST
Another message will be sent in 24 hours if the problem persists.

(Yes, I know, I've been letting it do this since mid-December, which is not
great.)

> What is the output of the following command for the failing drive?
>   smartctl -A /dev/sdY

# smartctl -A /dev/sdc  
smartctl 6.4 2014-10-07 r4002 [i686-linux-3.16.0-4-686-pae] (local 
build)
Copyright (C) 2002-14, Bruce Allen, Christian Franke, 
www.smartmontools.org

=== START OF READ SMART DATA SECTION ===
SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME  FLAG VALUE WORST THRESH TYPE  
UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate 0x000f   119   099   006Pre-fail  
Always   -   205161943
  3 Spin_Up_Time0x0003   100   091   000Pre-fail  
Always   -   0
  4 Start_Stop_Count0x0032   099   099   020Old_age   
Always   -   1055
  5 Reallocated_Sector_Ct   0x0033   099   099   036Pre-fail  
Always   -   41
  7 Seek_Error_Rate 0x000f   092   060   030Pre-fail  
Always   -   1743842168
  9 Power_On_Hours  0x0032   039   039   000Old_age   
Always   -   53898
 10 Spin_Retry_Count0x0013   100   100   097Pre-fail  
Always   -   0
 12 Power_Cycle_Count   0x0032   100   100   020Old_age   
Always   -   85
184 End-to-End_Error0x0032   100   100   099Old_age   
Always   -   0
187 Reported_Uncorrect  0x0032   097   097   000Old_age   
Always   -   3
188 Command_Timeout 0x0032   100   098   000Old_age   
Always   -   133146017827
189 High_Fly_Writes 0x003a   007   007   000Old_age   
Always   -   93
190 Airflow_Temperature_Cel 0x0022   060   040   045Old_age   
Always   In_the_past 40 (Min/Max 26/45 #502)
194 Temperature_Celsius

Failing disk advice

[Gregory Seidman]

I have a disk that is reporting SMART errors. It is an active disk in a
(kernel, not hardware) RAID1 configuration. I also have a hot spare in the
RAID1, and md hasn't decided it should fail the disk and switch to the hot
spare. Should I proactively tell md to fail the disk (and let the hot spare
take over), or should I just wait until md notices a problem?

--Greg

Re: Mac OS x intergration

[Gregory Seidman]

On Tue, Feb 03, 2015 at 02:44:29PM +0100, Valerio Pachera wrote:
 Hi, is there a way to use debian edu as centralized authentication
 system for mac os x and host the users' home directories on it?
 
 If yes, did anyone tried it? :-)

I haven't tried it, but I know OS X can use LDAP for authentication. A
quick search for linux ldap os x turned up this as the first hit:

http://vuksan.com/linux/mac-os-x-ldap/openldap-mac-os-x-authentication.html

 Thank you.
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150203201347.gd29...@anthropohedron.net

systemd support for init level use case

[Gregory Seidman]

I'm on stable, but I'm reading the threads about systemd and I want to be
prepared for the next stable release. I run a RAID1 with an encryption loop
and LVM on top of that for my home directories and a number of data volumes
(i.e. nothing system-critical like /usr or /var).

I boot into init level 2, which does not bring up the RAID, much less
encryption, LVM, or mounted filesystems. I then log in as root on the
console and run a script to bring up the additional filesystems,
particularly the encryption. This requires interaction to supply the
password. Once the filesystems are mounted, the script runs /sbin/telinit 3
to start additional services which depend on those filesystems (apache2,
exim4, fetchmail, etc.).

I don't always want to bring everything up, and I certainly don't want boot
to hang on user input waiting for the encryption password. Does systemd
have some init level equivalent? Should I be modeling my script as several
custom systemd services (which are not automatically started), including
some virtual service that depends on all the ones I'm currently bringing up
as init level 3?

Note that I am not complaining about the upcoming switch to systemd, just
trying to understand and prepare for the implications for my particular
needs.

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140724234317.ga23...@anthropohedron.net

Re: exim4 fetchmail delivery more than 10 rejected

[Gregory Seidman]

On Tue, May 27, 2014 at 09:47:09PM -0400, Harry Putnam wrote:
 Jonathan Dowland j...@debian.org writes:
 
  Hi,
 
  This is a common problem (I remember hitting it myself, once upon a time!)
  The Debian Exim FAQ recommends changing fetchmail's behaviour, rather than
  Exim's:
 
  https://wiki.debian.org/PkgExim4UserFAQ#Exim_stops_delivery_after_ten_messages_are_received
 
 Thanks, and yeah I read that before posting and was sort of amazed at
 the way the burden of getting around what is a quite an unpopular
 default in exim4 was to shift it to fetchmail. hehe... pretty slick.
 
 I saw how to use the fetchmail trick right off but felt like, `hey wait
 a minute..' I'm ready this to find a way to make a more sensible
 setting for my situation in exim4.
 
 That section tells you the setting can be altered but never says how
 in any detail, instead slipping right into the fetchmail crutch.
[...]

So I read about this and was wondering why I don't have this problem since
I've been using exim and fetchmail for years and years. My memory at this
point is fuzzy, but I think I may have encountered the situation where mail
was getting queued and one way or another, possibly using fetchmailconf,
stumbled upon throwing a batchlimit 10 on each poll line. The result is
that fetchmail deliberately ends (and reestablishes, if necessary) the SMTP
connection every 10 messages.

Yes, it's another fetchmail-based workaround, but I figured it was worth
mentioning in this thread for the benefit of anyone else who might stumble
upon it in the future. It might even make sense to put it into that FAQ on
the wiki; I'd argue it's a better solution than postconnect since it
doesn't require the fetchmail user to be in the Debian-exim group, and
doesn't require giving up on exim by going straight through procmail.

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140528021518.ga3...@anthropohedron.net

REDUX: Re: Migrating 32 - 64

[Gregory Seidman]

Thanks to everyone for the helpful input. It looks like there is no
advantage to converting to 64-bit, which is just fine with me. The new
machine has 4GB of RAM, so I am not hitting address space issues. I don't
do anything more CPU-intensive than spam filtering. I do occasionally do
some I/O-intensive stuff (particularly backups onto its external RAID),
plus I have a GigE switch, so a GigE port does matter to me.

It looks like it will be worth my while to copy partitions over to the new
disk, if only so I can increase the size of my root partition (which I
foolishly made too small). Beyond that, it looks like the transition will
be very easy. Thank you all for the guidance. Now it's time to burn a live
CD and get copying.

--Greg

On Mon, Aug 12, 2013 at 02:08:40PM -0600, Bob Proulx wrote:
 Stan Hoeppner wrote:
  Moral of the story?  The OP may need to spend ~$30 USD for an Intel
  PCI NIC to guarantee it'll work on the first go.  He probably gave not
  much more than this for entire used machines.  Factor in that you can
  get a brand new mobo/cpu/RAM combo with GbE and GPU today for ~$100
  USD, and spending any money for just the GbE NIC for the old machine
  seems not a prudent investment.
 
 David Christensen wrote:
  I agree that it's very hard to justify spending money on obsolete
  hardware.  I must have subconsciously assumed the OP had a spare
  Gigabit NIC (I have a couple in my spare parts inventory).
 
 I agree with all of the above sentiment.  Sometimes you just have to
 let go of the old hardware.  But I was responding to a thread talking
 about adding a network card.  Maybe I should have said _if_ you are
 going to put another network card in the box _then_ stop there.
 
 Note that it wouldn't need to be a GigE card.  It seems to me that any
 old 10/100 card should be enough for this machine.  I prefer the old
 tulip based cards like the Linksys etherfast ones.  If you ask around
 to your friends or a local user group you can probably find one of
 those laying around unused that they would give you for free.  And
 that removes the cost part from the equation.
 
  Without a free NIC, I'd probably: back up the old box (burn to
  optical, use external drive, whatever), build the new box, move the
  old HDD into the new box, and proceed from there.
 
 Moving the old hard drive to the new machine for a local disk to disk
 copy to the new drive should be easy.  I guess that depends upon the
 vintage of old disk though!  But if I had an old 20G disk and had just
 bought a new 1T disk then I would certainly simply image the old drive
 onto the new one and set the old drive on the shelf as a backup for a
 while.
 
 In other thoughts... I agree that there isn't a reason to upgrade a
 particular system from 32-bit to 64-bit.  If you have a 32-bit machine
 then I can't see any reason to upgrade to a 64-bit machine.  I still
 have many 32-bit machines.
 
 However if you are building a new 64-bit machine with today's
 inexpensive ram and are putting 8G or more ram into it then I would
 definitely recommend using 64-bits for the *new* system given that it
 has much more ram in it.  The PAE kernels are fine.  But nothing is as
 simple as a large flat address space.  Firefox is quite the pig.  I
 have routinely killed it on my machine when I have seen that it is up
 around 2G in memory size.  I think it is only a matter of time before
 Firefox will routinely bump against the 3G limit.  Especially now that
 almost every web site is more Javascript and image intense than
 before.  Past history being the imperfect predictor of the future.
 This will eventually be a 32-bit issue for FF to lean out.  But of
 course a 64-bit system won't have that limitation.  I still would not
 recommend (yet) to migrate an existing system from 32-bit to 64-bit.
 Maybe for Jessie it will come together however.  I think that is
 actually very likely for Jessie.
 
 Bob



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130812234517.ga7...@anthropohedron.net

Migrating 32 - 64

[Gregory Seidman]

I have a low-cost (i.e. old and refurbished) server at home, but it's
showing indications of impending hardware failure (e.g. the on-board NIC
was being reset automatically every 2 seconds for a while because it was
hanging). As a result, I have purchased a new (old and refurbished)
machine. The difference is that this one has an x86-64 whereas the old one
is 32-bit.

Ideally, I'd like to move the HD from the old one to the new one, boot, and
tell it to upgrade all the packages for the new architecture. Is it that
easy? Are there complications I need to watch out for? Is there anything I
should do to prepare before moving the disk (e.g. must I replace LILO with
grub)?

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130811002543.ga20...@anthropohedron.net

RAID 1, SMART error, hot spare

[Gregory Seidman]

I have two eSATA drives in a RAID 1, and smartd has started reporting
errors on it:

Device: /dev/sdb [SAT], 9 Currently unreadable (pending) sectors
Device: /dev/sdb [SAT], 9 Offline uncorrectable sectors

The first message, on June 11, was 6 sectors. I ordered a new HD and
enclosure that day. It went up to 8 sectors on June 12. By June 14 I had
installed the new HD and added it to the RAID as a hot spare. On June 28 it
went up to 9 sectors.

Given that I have the hot spare in place, do I need to do anything? Should
I fail /dev/sdb with mdadm preemptively? Or just wait until it fails on its
own?

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130630130428.ga...@anthropohedron.net

Re: Questions about Netatalk running on Debian server

[Gregory Seidman]

On Sun, May 06, 2012 at 11:09:37PM -0600, Paul E Condon wrote:
[...]
 Does anyone have netatalk 2.2.2-1 working under Wheezy?  Can you point
 me to some debugging instructions?  Or, can you lead me through some
 tests to discover what is going wrong?

I have netatalk that I built from wheezy src to run on my squeeze system.
It is serving as a Time Capsule (i.e. network Time Machine backup volume)
for two laptops running the latest MacOS X (10.7.3 Lion).

I added the following line to /etc/netatalk/afpd.conf:

- -transall -uamlist uams_dhx2.so -nosavepassword

I added the following lines to /etc/netatalk/AppleVolumes.default (after
commenting out the existing Home Directory line; replace x and y
with usernames):

==snip=
~/ $u allow:x,y cnidscheme:dbd options:usedots,upriv,noadouble

/mnt/timemachine/tm1 TimeMachine1 allow:y cnidscheme:dbd 
options:usedots,upriv,tm
/mnt/timemachine/tm2 TimeMachine2 allow:x cnidscheme:dbd 
options:usedots,upriv,tm
==snip=

Note that /mnt/timemachine/tm[12] are mountpoints for LVM partitions. I
also had to touch .com.apple.timemachine.supported in each of the Time
Machine mountpoints.

I don't remember if I had to modify /etc/default/netatalk, but I have these
two lines which make sure the right servers start:

CNID_METAD_RUN=yes
AFPD_RUN=yes

DHX2 seems to be the right choice for UAM. Users connect with their unix
usernames and passwords. None of the choices are tremendously secure. See 
the Authentication section of
http://netatalk.sourceforge.net/2.2/htmldocs/configuration.html for
details.

Let me know if you have any further questions.

 Please help.
 Paul E Condon   
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120509010017.ga17...@anthropohedron.net

[OT] FLOSS implementation of ActiveSync server?

[Gregory Seidman]

Recent versions of MS Exchange Server implement a protocol (targeted at
mobile devices) named ActiveSync. I know that Google supports ActiveSync
for its various services, but those are the only two implementations of the
protocol AFAIK. I'm hoping there's actually a FLOSS ActiveSync
implementation I hadn't run across. Does anyone know of one?

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111002025336.ga20...@anthropohedron.net

Re: X on a virtual server

[Gregory Seidman]

On Sun, Jun 26, 2011 at 10:59:52AM -0400, William Hopkins wrote:
 On 06/26/11 at 03:11am, Eric d'Halibut wrote:
  I'm thinking that in order to set up a remote X login to a given
  machine, that X must be running and configured on that machine. But X
  doesn't want to configure itself on a virtual private server that
  has NO PHYSICAL VIDEO CARD, or so it seems to me at present.
 
 yes, if you want to log in remotely to X, X must be present VNC is
 designed for this purpose. VNC will run a virtual X server and allow you
 to connect to it remotely.

The other alternative is XDMCP, which is designed for this sort of thing.
This may be of some use:

http://tldp.org/HOWTO/XDMCP-HOWTO/

 Liam
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110626170259.ga6...@anthropohedron.net

Re: X on a virtual server

[Gregory Seidman]

On Sun, Jun 26, 2011 at 01:44:12PM -0400, Eric d'Halibut wrote:
 On 6/26/11, Gregory Seidman gsslist+deb...@anthropohedron.net wrote:
 
  The other alternative is XDMCP, which is designed for this sort of thing.
 
 I don't think so. It -- XDMCP -- afaik requires a running X, and X
 requires a video device. I learn that even X.org's dummy driver is
 itself a dummy!

No, XDMCP does not require running X (on the server). I don't know if gdm
or kdm can do it, though I'd expect so, but xdm is perfectly happy to run
headless. See this thread from 1999:

http://lists.debian.org/debian-user/1999/07/msg01406.html

 I am going to try x11vnc. Thank you all!

Not a bad choice, but not necessarily the best either. It depends on your
purpose.

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110627001442.ga11...@anthropohedron.net

OTP for RoundCube

[Gregory Seidman]

I'm trying to do something that may not make a whole lot of sense, but bear
with me. My current setup includes courier-imap (and courier-imap-ssl)
using /etc/courier/userdb for authentication and apache2 (with a valid SSL
cert). I've installed RoundCube and gotten it working nicely with apache,
but I'd like to be able to authenticate with one-time passwords as well as
a normal password. (I sometimes want to log in from systems I don't trust
to type in a replayable password, but it usually isn't an issue.) I want to
avoid being forced to use OTP exclusively. If I have to set up separate
accounts where one exclusively requires OTP and the other exclusively
requires a normal password, that's fine. It's also fine if the OTP sequence
is unrelated to the normal password set for the account.

I did some Googling and it seems to be theoretically possible to use the
http_authentication plugin from the roundcube-plugins package (thank you
backports) in conjunction with the libapache2-mod-authn-sasl Apache module
to get one-time password support. I haven't been able to figure out how to
get that working, however. First off, I can't figure out how to configure
OTP for SASL. Second, RoundCube doesn't seem to be picking up the
username and password from the HTTP auth. I've reached the end of the
resources I could find by Googling, so I'm hoping someone can enlighten me.
Help?

--Greg
P.S. I don't care what variety of OTP it is. Opie, something else, it
 doesn't matter to me. I'm planning on printing out a sequence of
 passwords, so I don't need a generator anywhere but on the server
 itself.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110508143656.ga9...@anthropohedron.net

Re: Daily email from my remote calendar

[Gregory Seidman]

On Wed, Mar 30, 2011 at 06:02:54PM -0700, Dr. Ed Morbius wrote:
 on 07:54 Wed 30 Mar, Gregory Seidman (gsslist+deb...@anthropohedron.net) 
 wrote:
  On Tue, Mar 29, 2011 at 03:42:53PM -0700, Dr. Ed Morbius wrote:
   on 08:55 Tue 29 Mar, Gregory Seidman (gsslist+deb...@anthropohedron.net) 
   wrote:
I'm looking for something that I can run as a nightly cron job to
email me what's on my calendar for the next day. My calendar is
stored remotely and is available via CalDAV and WebDAV. Before I
write something myself, does anyone know of an existing tool to do
that? Remember, I'm looking for something I can run on my server,
not a web service somewhere.
   
   While not directly answering your question, there's the calendar(1)
   utility, part of the bsdutils package.
  
  That would be perfect if it could work from a set of .ics files. I
  wonder if there is something similar that does.
 
 Yeah, no such beast AFAIK, though other tools (KDE's Kalendar / Kontact
 PIM) do work with .ics files AFAIU.

Actually, I discovered I had written most of what I needed almost three
years back: http://rubyforge.org/projects/calterm/ (specifically
ical_events.rb).

   Otherwise:  you should be able to mount the remote calendar via FUISE,
   grab it via cadaver, or other similar means.
  
  Ah, good call on mounting it, I hadn't thought of that. I now have it
  mounted via davfs2. That solves half the problem.
 
 What's the other half?

The other half is extracting the events I care about. In this case, there
was a little more to it because I'm mounting CalDAV rather than simple
WebDAV (from Apple's MobileMe), and each calendar is broken up into a whole
bunch of .ics files (the number and path of which can vary). Gathering all
the paths for all the .ics files then reading them all in and parsing them
isn't particularly fast, but since I'm planning on running it as a cron job
in the wee hours on my own machine I'm not too worried about it.

 Dr. Ed Morbius, Chief Scientist /|
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110331114608.gv7...@anthropohedron.net

Re: Daily email from my remote calendar

[Gregory Seidman]

On Tue, Mar 29, 2011 at 03:42:53PM -0700, Dr. Ed Morbius wrote:
 on 08:55 Tue 29 Mar, Gregory Seidman (gsslist+deb...@anthropohedron.net) 
 wrote:
  I'm looking for something that I can run as a nightly cron job to email me
  what's on my calendar for the next day. My calendar is stored remotely
  and is available via CalDAV and WebDAV. Before I write something myself,
  does anyone know of an existing tool to do that? Remember, I'm looking for
  something I can run on my server, not a web service somewhere.
 
 While not directly answering your question, there's the calendar(1)
 utility, part of the bsdutils package.

That would be perfect if it could work from a set of .ics files. I wonder
if there is something similar that does.

 Otherwise:  you should be able to mount the remote calendar via FUISE,
 grab it via cadaver, or other similar means.

Ah, good call on mounting it, I hadn't thought of that. I now have it
mounted via davfs2. That solves half the problem.

 Dr. Ed Morbius, Chief Scientist /|
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110330115410.gu7...@anthropohedron.net

Daily email from my remote calendar

[Gregory Seidman]

I'm looking for something that I can run as a nightly cron job to email me
what's on my calendar for the next day. My calendar is stored remotely
and is available via CalDAV and WebDAV. Before I write something myself,
does anyone know of an existing tool to do that? Remember, I'm looking for
something I can run on my server, not a web service somewhere.

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110329125523.ga31...@anthropohedron.net

Re: Your favorite version control software

[Gregory Seidman]

On Fri, Mar 25, 2011 at 06:06:12PM +0100, Mathieu Malaterre wrote:
 On Fri, Mar 25, 2011 at 5:59 PM, Boyd Stephen Smith Jr.
 b...@iguanasuicide.net wrote:
  On 2011-03-25 11:39:17 Jason Hsu wrote:
 Why do you prefer Subversion for the central repository and git for laptops?
 ...
  For laptops, or in any case where you may not have an active, reliable
  connection to the central repository, subversion just fails. ?You can't
  commit, branch, etc. ?All of the distributed VCSes support disconnected
  operations, even if they aren't the default.
 
 Even with LAN access to your SVN server, try a svn-bisect and then
 compare it to a git-bisect.

I'll agree that git-bisect is pretty awesome, but I can do it with git-svn
when I need to. I also like git stash, and the line-by-line git add is
pretty great when I need it. All of that is accessible via git-svn.

 There is no going back to SVN, once you understand the whole
 decentralized approach. git merge just works. I do agree that setting
 up the git server to refuse most delete operation take some time and
 tweaking.

Either I don't get it or I won't drink the Kool-Aid. It's hard to say
which. I understand the value of the decentralized approach for a
decentralized project. That includes many open source projects. I believe
that git is absolutely the best choice for the Linux kernel, for example.

On the other hand, I *really* value a repository-wide, monotonically
increasing version number. When I'm setting up source control for a
project, I'll always go with subversion. Even if everyone working on the
project uses git through git-svn and pulls changesets from one another, I
want the central repository to have sequential revision numbers for
commits. I want to be able to identify a revision number in a release that
indicates all of the commits of which it is composed (i.e. any number less
than that revision number). The whole GUID thing is fine for passing
changes around, but it's meaningless for a release.

So, yeah, git is great on the client side, but I want a central repository
that is more oriented toward points in time than changesets. I can have
both with git-svn.

 Mathieu
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110325190024.ga10...@anthropohedron.net

Re: Your favorite version control software

[Gregory Seidman]

On Thu, Mar 24, 2011 at 03:33:44PM -0500, Jason Hsu wrote:
 What's your favorite version control software for software development?
 Subversion?  Git?  Something else?

Subversion for the central repository, git (via git-svn) on the road (i.e.
on laptops).

 Jason Hsu jhsu802...@jasonhsu.com
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110324211438.gl7...@anthropohedron.net

Re: utilizing the Scroll key

[Gregory Seidman]

On Sun, Mar 20, 2011 at 02:58:33PM +0100, lee wrote:
 I would like to use the scroll key to switch the function of the Del
 key on the numpad so that pressing the Del key on the numpad either
 produces a comma (,) or a colon (.), depending on the state of the
 Scroll key. There?s even a LED on the keyboard to display the state of
 the Scroll key, the LED doesn?t light when pressing the Scroll key.
 
 How would I do this?

You'll need some way of triggering execution on a keypress. Many window
managers provide this facility, but I don't know which one you use and I
haven't spent any time customizing any of the modern ones (the last one I
made any effort to customize was tvtwm, so sue me).

Once you figure out how to bind a key to executing something, you'll write
a script that will store its state somewhere (/tmp, most likely) and use
xmodmap (in the x11-xserver-utils package, man xmodmap for details) to
change the keysym the Del key produces. In fact, xmodmap can probably make
Scroll control that LED, though you might find that it interferes with
other behavior.

You will probably find xev (in the x11-utils package, man xev for details)
instructive in figuring out various keycodes and keysyms. You'll probably
also want to run the script at X login so you are in a known state when
things start up.

Note that this is a brute force mechanism. I don't know of any other
approach, however, and I'm confident it will do the job. Please don't ask
me for further details; the man pages and a bunch of experimentation are
all you need. I did similar trickery back in the 90s, but I'd have to do
the same reading and experimentation to figure out how to recreate it.

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110320172013.ga32...@anthropohedron.net

Re: raid10 and lvm problem on new lenny install

[Gregory Seidman]

On Sat, Mar 19, 2011 at 10:02:24PM -0400, Jim Green wrote:
 this is what I have from fdisk -l, I have lvm on /dev/md1, md1 is a
 raid10 array with 4x2T drives.
 Disk /dev/md1: 4000.5 GB, 4000525058048 bytes
 2 heads, 4 sectors/track, 976690688 cylinders
 Units = cylinders of 8 * 512 = 4096 bytes
 Sector size (logical/physical): 512 bytes / 512 bytes
 I/O size (minimum/optimal): 524288 bytes / 2097152 bytes
 Disk identifier: 0x

Note that 4000525058048 != 4 x 2^40 (4398046511104)

 this is what I have from pvdisplay
   --- Physical volume ---
   PV Name   /dev/md1
   VG Name   2600k
   PV Size   3.64 TiB / not usable 0
   Allocatable   yes
   PE Size   4.00 MiB
   Total PE  953799
   Free PE   831052
   Allocated PE  122747
   PV UUID   WUpkTR-xyCK-HGOc-Hk7Q-OfBp-Mqsz-GubCy7

2^40 = 1099511627776

4000525058048 / 1099511627776 = 3.6384563446044921875 ~= 3.64

 I don't know why I only have a 3.64T pv size, it should be 4T I think,
 in the installation of lenny i use ext3 for all the partitions,
 also I set the unused space for each partition as 1%.
 
 Thank you if you  have an explanation or if you have ways to reclaim
 the 0.36 T from my arrays.

The difference is between what vendors use to describe their drives (TB,
meaning trillions of bytes) and what sane computer systems use (TiB,
meaning 2^40 bytes).

 Jim
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110320021554.ga29...@anthropohedron.net

Not spam (was Re: SPAM SPAM SPAM !!! Re: Sip?)

[Gregory Seidman]

On Mon, Mar 14, 2011 at 09:11:47PM -0400, Rob Owens wrote:
 I've seen posts like this on Freecycle, and they're almost always spam or
 malware.  I haven't looked at this link, and I suggest you don't either.

That's quite an overreaction. The URL redirects to
http://planet.gnu.org/gnutelephony/?p=14 which seems to be perfectly
legitimate and, indeed, related to SIP as the subject claims. So, yeah, not
spam.

Frankly, I find your fear of spam and malware somewhat laughable. If you
don't trust an URL, grab it with something like wget (as I did) to see
where it redirects. If you don't even trust that, you can always just
telnet to it and see what the HTTP response is. Saying you won't even
look at it is silly, but suggesting that others shouldn't either is
outright absurd.

 -Rob
--Greg

 On Tue, Mar 15, 2011 at 11:08:20AM +1000, Heddle Weaver wrote:
  With reference to some of the posts I have seen here lately, this looks
  interesting: *http://tinyurl.com/4syb4j9
  *Regards,*
  
  *Weaver.*
  *
  -- 
  
  Religion is regarded by the common people as true,
  by the wise as false,
  and by the rulers as useful.
  
  ??? Lucius Ann??us Seneca.
  
  Terrorism, the new religion.
 
 
 -- 
 To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
 with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive: http://lists.debian.org/20110315011147.gc22...@aurora.owens.net
 
 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110315011941.gb7...@anthropohedron.net

Re: RAID start at boot

[Gregory Seidman]

On Tue, Feb 22, 2011 at 09:22:29PM -0500, Tom H wrote:
 On Tue, Feb 22, 2011 at 8:45 PM, Andrew Reid rei...@bellatlantic.net wrote:
  Is there a way to make sure my RAID (level 1) won't be started degraded? On
  boot, one disk is found before the others, and the RAID is started before
  the others are seen. (They are seen at different times because I am
  transitioning from USB to eSATA, and the one eSATA disk is seen before any
  USB disk.) I start my RAID manually anyway (not as part of the boot
  process), so I'd be just as happy if it was never automatically started,
  but I *really* don't want it started with just one disk.
 
  ?According to the mdadm.conf man-page, you can specify an array
  with the name ignore in that file (and rebuild the initramfs,
  presumably), and this will cause mdadm to never automatically
  assemble the array.
 
  ?You could then presumably assemble it by hand specifying
  the name to mdadm -A whatever later on.
 
  ?I actually checked the man-page because I was *sure* there
  was a --no-degraded option in there somewhere. ?There is such
  an option for the mdadm command, but it's not clear if it can
  be gotten in to the boot-time environment or not.
 
 You can also take a look and change
 # INITRDSTART:
 #   list of arrays (or 'all') to start automatically when the initial ramdisk
 #   loads. This list *must* include the array holding your root filesystem. 
 Use
 #   'none' to prevent any array from being started from the initial ramdisk.
 INITRDSTART='all'
 in /etc/default/mdadm before running update-initramfs or dpkg-reconfigure.

Ah, this looks really promising. Thank you. I'll see whether it worked the
next time I reboot (which, I hope, won't be for a few hundred days).

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110223123045.gc3...@anthropohedron.net

RAID start at boot

[Gregory Seidman]

Is there a way to make sure my RAID (level 1) won't be started degraded? On
boot, one disk is found before the others, and the RAID is started before
the others are seen. (They are seen at different times because I am
transitioning from USB to eSATA, and the one eSATA disk is seen before any
USB disk.) I start my RAID manually anyway (not as part of the boot
process), so I'd be just as happy if it was never automatically started,
but I *really* don't want it started with just one disk.

Note that I already have append=quiet noresume raid=noautodetect in my
lilo.conf (and have run lilo to install it), and neither mdadm nor
mdadm-raid run at init level 2 or S. Nonetheless, my RAID keeps coming up
at boot, degraded, with one disk.

--Greg



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110221150804.ga15...@anthropohedron.net

Re: RAID start at boot

[Gregory Seidman]

On Mon, Feb 21, 2011 at 04:38:29PM +0100, martin f krafft wrote:
 also sprach Gregory Seidman gsslist+deb...@anthropohedron.net 
 [2011.02.21.1608 +0100]:
  Is there a way to make sure my RAID (level 1) won't be started
  degraded? On boot, one disk is found before the others, and the RAID is
  started before the others are seen.
 
 Add rootdelay=10 to the kernel command line in lilo.conf, provided you
 are using a recent initramfs.

I don't think that will do what I want. The RAID in question is not my root
filesystem.

  .''`.   martin f. krafft madduck@d.o  Related projects:
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110221155107.gb3...@anthropohedron.net

Re: xterm question

[Gregory Seidman]

On Tue, Feb 15, 2011 at 09:06:02AM +, Brian wrote:
 On Mon 14 Feb 2011 at 18:25:29 -0800, Mike McClain wrote:
 
  Every time I launch X I open a couple of xterm windows but have to
  Ctrl Middle click in the window to set the VT font to large before
  it's usable to my old eyes. I'd like to automate that but have never
  figured out how.
  I've tried set-vt-font in .Xdefaults but that didn't help and don't
  see anything in the xterm man page that makes me think it would do
  the trick.
 
 XTerm*font: 10x20
 
 in .Xresources.

This is the right approach. Incidentally, it doesn't matter whether it's
.Xdefaults or .Xresources or anything else, as long as your .xinitrc (or
whatever X startup system you're using) runs xrdb on it. I'll just add one
thing.

I used to have a large and complex .Xdefaults file. A lot of it was
actually Netscape stuff, so that should give you an idea of the timeframe
we're talking about. Now that pretty much the only thing I configure is
xterm, I have a (nearly) empty .Xdefaults file. Instead, I have a file
named XTerm in my home directory. It isn't loaded with xrdb, but by xterm
itself (as part of the Xt initialization, if anyone cares). I've been
passing that XTerm file from one home directory to another (works great on
OS X) for years now. There is, in fact, a tremendous level of flexibility
to xterm (which is the main reason I won't use rxvt or gnome-terminal or
something equally new and improved), and its X resources give you access
to all of it. Unfortunately, it's largely Xt arcana, so it takes some
research to figure it all out. I've found that research valuable, but YMMV.

Anyhow, I've included my XTerm file below. Feel free to hate the background
color choice, and anything else. I offer it only as an example. Note that
the vast majority of it is taken directly from /etc/X11/app-defaults/XTerm
and /etc/X11/app-defaults/XTerm-color.

--Greg

XTerm*toolBar: false
XTerm*alwaysHighlight:  false
XTerm*AutoRaise:True
XTerm*IconFont: nil2
XTerm*JumpScroll:   true
XTerm*ScrollBar:on
XTerm*Scrollbar:on
XTerm*SimpleMenu*BackingStore:  NotUseful
XTerm*SimpleMenu*Cursor:left_ptr
XTerm*SimpleMenu*HorizontalMargins: 16
XTerm*SimpleMenu*Sme.height:16
XTerm*SimpleMenu*menuLabel.font:
-adobe-helvetica-bold-r-normal--*-120-*-*-*-*-iso8859-*
XTerm*SimpleMenu*menuLabel.vertSpace:   100
XTerm*VT100*boldColors: on
XTerm*VT100*color0: #22
XTerm*VT100*color10:green
XTerm*VT100*color11:yellow
XTerm*VT100*color12:blue
XTerm*VT100*color13:magenta
XTerm*VT100*color14:cyan
XTerm*VT100*color15:white
XTerm*VT100*color1: red3
XTerm*VT100*color2: green3
XTerm*VT100*color3: brown4
XTerm*VT100*color4: blue3
XTerm*VT100*color5: magenta3
XTerm*VT100*color6: cyan3
XTerm*VT100*color7: gray90
XTerm*VT100*color8: gray30
XTerm*VT100*color9: red
XTerm*VT100*colorBD:white
XTerm*VT100*colorMode:  on
XTerm*VT100*colorUL:yellow
XTerm*VT100*dynamicColors:  on
XTerm*VT100*font1:  nil2
XTerm*VT100*font2:  5x7
XTerm*VT100*font3:  6x10
XTerm*VT100*font4:  7x13
XTerm*VT100*font5:  9x15
XTerm*VT100*font6:  10x20
XTerm*activeIcon:   true
XTerm*backarrowKeyIsErase:  false
XTerm*foreground:   black
XTerm*background:   bisque
XTerm*borderColor:  black
XTerm*bottomShadowContrast: -90 
XTerm*cursorColor:  Black
XTerm*deleteIsDEL:  on
XTerm*fontMenu*font-doublesize*Label:   Doublesized Characters
XTerm*fontMenu*font-linedrawing*Label:  Line-Drawing Characters
XTerm*fontMenu*font-loadable*Label: VT220 Soft Fonts
XTerm*fontMenu*font1*Label: Unreadable
XTerm*fontMenu*font2*Label: Tiny
XTerm*fontMenu*font3*Label: Small
XTerm*fontMenu*font4*Label: Medium
XTerm*fontMenu*font5*Label: Large
XTerm*fontMenu*font6*Label: Huge
XTerm*fontMenu*fontdefault*Label:   Default
XTerm*fontMenu*fontescape*Label:Escape Sequence
XTerm*fontMenu*fontsel*Label:   Selection
XTerm*fontMenu.Label:   VT Fonts
XTerm*horizontal.background:navajowhite2
XTerm*horizontal.shadowWidth:   3
XTerm*horizontal.thickness: 20
XTerm*lprCommand:   lpr
XTerm*mainMenu*8-bit control*Label: 8-Bit Controls
XTerm*mainMenu*allowsends*Label:Allow SendEvents
XTerm*mainMenu*backarrow key*Label: Backarrow Key
XTerm*mainMenu*continue*Label:  Send CONT Signal
XTerm*mainMenu*delete-is-del*Label: Delete is DEL
XTerm*mainMenu*hangup*Label:Send HUP Signal
XTerm*mainMenu*hpFunctionKeys*Label:HP Function-Keys
XTerm*mainMenu*interrupt*Label: Send INT Signal
XTerm*mainMenu*kill*Label:  Send KILL Signal
XTerm*mainMenu*logging*Label:   Log to File
XTerm*mainMenu*meta-esc*Label:  Meta Sends Escape
XTerm*mainMenu*num-lock*Label:  Alt/NumLock Modifiers
XTerm*mainMenu*oldFunctionKeys*Label:   Old Function-Keys
XTerm*mainMenu*print*Label: Print Window
XTerm*mainMenu*quit*Label:  Quit
XTerm*mainMenu*redraw*Label:Redraw 

Re: OpenOffice has become LibreOffice?

[Gregory Seidman]

On Tue, Feb 15, 2011 at 03:22:53PM +0100, Erwan David wrote:
 On Tue, Feb 15, 2011 at 03:08:22PM CET, Frank Lanitz fr...@frank.uvena.de 
 said:
  Am 15.02.2011 15:02, schrieb teddi...@tmo.blackberry.net:
   
   Tom H said;
   
   It's not a Debian change but a split away from Oracle.
   
   ---
   
   Why? I was afraid Oracle was gonna screw up a bunch of Sun's open 
   projects, but they have been doing good as far as I have been able to 
   tell (the latest ver. of Virtual Box is awesome and yummy open source 
   goodness...
  
  I'm afraid you missed a lot of news last weeks/month. MySQL, Solaris,
  OpenOffice (which now became to Oracle OpenOffice)..
 
 And now are fears for Qt...

There's no reason to fear for Qt. It's LGPL
http://dot.kde.org/2009/01/14/qt-everywhere-45-be-relicensed-lgpl?page=2,
and there's a poison pill
http://www.kde.org/community/whatiskde/kdefreeqtfoundation.php where the
latest version of Qt is released under the BSD license if Nokia doesn't
keep developing it.

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110215144229.gb7...@anthropohedron.net

Re: How To Temporarily Suspend Network Traffic

[Gregory Seidman]

On Tue, Feb 01, 2011 at 03:56:05PM +0200, Volkan YAZICI wrote:
 I want to temporarily suspend the network traffic on a particular
 interface -- if possible, in microsecond granularity. For this purpose,
 ifup/ifdown ioctl() calls doesn't work. That is, for wireless,
 connection isn't get recovered; for wired, it takes at least 2 seconds
 to recover. I tried using tc, but it doesn't accept rate 0 parameter.
 Neither iwconfig wlan0 rate 0 has any effect. (Moreover, in iwconfig
 manual it is told that values below 1000 are card specific and are
 usually an index in the bit-rate list.) Do you have any suggestions? Or
 can you point me to some other resource/mailing-list that I can consult?

It depends on exactly what behavior you're aiming for. If you just want all
packets going in or out on that interface to be dropped, you can do it
pretty effectively with iptables. The following will drop all packets
coming in through the wlan0 interface:

iptables -A PREROUTING -i wlan0 -j DROP

This will drop all packets destined to be sent out the wlan0 interface:

iptables -A POSTROUTING -o wlan0 -j DROP

You can remove each rule by changing the -A to a -D.

Now, those are the actual commands to run from the shell. You aren't going
to get microsecond granularity that way. You can, however, dig into the
iptables source and see what system calls it's making as a result of those
options and use it in your own code. I don't know if that will get you to
microsecond granularity, but you'll have to do your own profiling to check.

 Regards.
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110201141616.gf11...@anthropohedron.net

Re: How To Temporarily Suspend Network Traffic

[Gregory Seidman]

On Tue, Feb 01, 2011 at 07:40:06PM +0200, Volkan YAZICI wrote:
 On Tue, 1 Feb 2011 09:16:16 -0500, Gregory Seidman writes:
[...]
 Thanks Greg, but there is a small anomaly with this method. For
 instance, if I
 
 1. issue
 
  $ pv -q -L 10k /tmp/200k.dat | nc 192.168.1.1 7000
 
from terminal A,
 
 2. and after a few seconds issue
 
  # iptables -A OUTPUT -i wlan0 -j DROP  \
   sleep 2  \
   iptables -D OUTPUT -i wlan0 -j DROP
 
command (pay attention that I used OUTPUT chain instead of
{PRE,POST}ROUTING), as expected, transfer hangs up for 2 seconds, and
finishes without a problem.

I note that you are only doing this once, so there is a 2 second
interruption as expected.

 On the other hand, in the 2nd step, if I issue
 
   # while /bin/true; do \
iptables -A OUTPUT -i wlan0 -j DROP  \
usleep 10  \
iptables -D OUTPUT -i wlan0 -j DROP
 
 command (usleep is a small C program I wrote, see the attachment),
 transfer hangs after some point and stops for ~30-40secs and finishes
 when I stop the while loop. Do I miss anything? Any suggestions?

Here you are interrupting for 100,000 usecs (which is 100msecs, I believe),
but you don't sleep at all between interruptions in the while loop. That
means that it only has the time between the execution of the iptables
command at the end of the loop and the execution of the iptables command at
the beginning of the loop to actually transmit any packets. It is
unsurprising that it hangs. Make sure you sleep for a while after removing
the iptables rule.

 Best.
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110201181515.gh11...@anthropohedron.net

Re: How To Temporarily Suspend Network Traffic

[Gregory Seidman]

On Tue, Feb 01, 2011 at 08:26:53PM +0200, Volkan YAZICI wrote:
 On Tue, 1 Feb 2011 13:15:15 -0500, Gregory Seidman writes:
  On Tue, Feb 01, 2011 at 07:40:06PM +0200, Volkan YAZICI wrote:
  [...]
# while /bin/true; do \
 iptables -A OUTPUT -i wlan0 -j DROP  \
 usleep 10  \
 iptables -D OUTPUT -i wlan0 -j DROP
  
  command (usleep is a small C program I wrote, see the attachment),
  transfer hangs after some point and stops for ~30-40secs and finishes
  when I stop the while loop. Do I miss anything? Any suggestions?
 
  Here you are interrupting for 100,000 usecs (which is 100msecs, I believe),
  but you don't sleep at all between interruptions in the while loop. That
  means that it only has the time between the execution of the iptables
  command at the end of the loop and the execution of the iptables command at
  the beginning of the loop to actually transmit any packets. It is
  unsurprising that it hangs. Make sure you sleep for a while after removing
  the iptables rule.
 
 Indeed, sleeping more than I want is what I try to avoid. In other
 words, I'm inclined to believe that running iptables externally doesn't
 provide an interruption mechanism in milli/microsecond granularity. Any
 other suggestions?

Well, I suggested before that you look into the iptables code and make the
system calls it does rather than executing it externally.

 Regards.
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110201183526.gi11...@anthropohedron.net

eSATA problems with ThermalTake BlacX Duet

[Gregory Seidman]

I have a BlacX Duet with two 1.5TB drives in it. When I connect it via USB,
both drives show up as SCSI disks and all is well. I'd really like SMART
support, though, so I want to connect it via eSATA instead. When I do,
though, I get a series of SATA errors to the console about not being able
to establish a link and attempting to reset. I have another drive connected
via the same SATA card, and it works just fine as well (including SMART).

Has anyone had any success with connecting to this device via eSATA? What
am I missing?

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110113195207.ga17...@anthropohedron.net

Re: set privoxy to rewrite http to https

[Gregory Seidman]

On Sat, Jan 01, 2011 at 03:46:09AM -0800, S Mathias wrote:
[...]
 The problem is: e.g.: facebook...
 
 if i go to 
 https://www.facebook.com/
 
 that's ok, it's https.
 But all the links are http on the site..
 if i click on a http link, it will request the page on http, and THEN
 it switches to https. Heres the problem. 
 
 How/where could i write a privoxy rule, to rewrite all the http links
 to https? [so that it would by always trully over https]
[...]

Here's how you would do it with a filter in Privoxy, but it won't actually
work. I'll explain below, and give a better solution. This would go in a
.filter file in /etc/privoxy/ (probably user.filter):

FILTER: https_dammit Make explicit http links into https links
s/href=http:/href=https:/g

Now, in some .action file (probably user.action):

{ +filter{https_dammit} }
.facebook.com

You can add as many domains, one per line, below .facebook.com as you like.
This will modify, on the fly, the HTML you receive from the domains listed.
It won't work, however, because if you are requesting the HTML via HTTPS
then it isn't passing through Privoxy at all. Privoxy isn't an HTTPS proxy,
just an HTTP proxy (it will pass a connection to an HTTPS server, but it
will not actually do SSL).

Instead, you can set up Privoxy to respond to requests to a particular
domain with a 301 (or 302, I forget) response and the https:// version of
the URL. This may or may not cause trouble with POST requests, so you may
have to add likely POST paths to an action turning off the redirect (this
goes in user.action):

{ +redirec...@http://@https://@} }
.facebook.com

( -redirect }
www.facebook.com/some/post/path

Note that none of this is tested, so you may have to play with it a bit to
get it working.

 thank you for any information
 Happy New Year!
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110102160846.ga3...@anthropohedron.net

Re: Wayland Unity -- any repercussions on Debian?

[Gregory Seidman]

On Tue, Nov 09, 2010 at 07:53:19AM -0600, Mark Allums wrote:
[...]
 With Ubuntu 10.04, and even more so with Meercat and now with this, it  
 seems like Ubuntu has jumped on the crazy train.  I hope they don't get  
 *too* far away from Debian, for dozens of reasons, but it might be  
 interesting to see what happens.  In the meantime, I hope Debian remains  
 stable and reliable.

 I like GNOME and LXDE, and Unity doesn't particularly excite me. Perhaps 
 I've become stodgy.

There are three approaches to this sort of thing:

1) Everything I want and need I have. Maintain the status quo so I can use
   my tools instead of adapting to changes in them.

2) If it's new, I want to play with it, try it out, and improve it. Tried
   and true is great and all, but it can always be better.

3) I don't feel a pressing need for this new stuff, but if something
   compelling comes along that requires it, I could be convinced.

Most people fall into that third category. I'm one of them. I use an older
version of Vim because I want to stay on (mostly) stable. The features of
the newer versions aren't quite compelling enough to go through maintaining
a testing/unstable mix. A few more useful features (especially since I use
a newer Vim on Windows and Cygwin/X11 at work), though, and I might go for
it.

When and if an application comes along that only has a Wayland/Unity GUI
that a lot of people really, really want, there will be people interested
in making Wayland and Unity work, work well, and work seamlessly on Debian.
(I'm not certain, but I have a sneaky suspicion that a lot of the drive
behind making Java easier to install and manage on Debian was Azureus, and
the desire to silence the unending stream of questions about how to get
things working as a result.) Personally, I'll wait and see.

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20101109141255.gw10...@anthropohedron.net

Re: Wayland Unity -- any repercussions on Debian?

[Gregory Seidman]

On Tue, Nov 09, 2010 at 01:57:15PM +, Camale?n wrote:
[...]
 I see not good technical reason for introducing the change. At least not 
 nowadays.
 
 And that is one of the reasons I always fear business decisions (we
 should not forget that Canonical is the company behind Ubuntu) because
 business decisions can be founded on market/marketing issues and not
 technicalities and the latter are the only ones that should lead to these
 kind of changes.

Don't be too down on them. Wayland and Unity might really be a good path
forward. It is a grand experiment that can only be executed wholeheartedly
by fiat, and Canonical is taking it on. We in Debian-land get to reap the
benefits of Ubuntu's experiment if they get it working well, but don't have
to deal with the upheaval until a lot of the kinks are smoothed out and
don't have to touch it at all if the experiment fails. I call it win-win
(and I also call it better you than me).

 Greetings,
 Camale??n
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20101109141845.gx10...@anthropohedron.net

Re: Graphical diff/patch viewer

[Gregory Seidman]

On Thu, Nov 04, 2010 at 10:30:13AM +0100, Rob Gom wrote:
 [cut]
 
  You have to be comfortable in vim, but you can use the following:
 
  gvim +vert diffpatch patchfile originalfile
 
  If you aren't comfortable with vim, you *might* be able to use the
  following, but no guarantees (I don't have a patch file handy to determine
  whether this will work):
 
  gvim -y +vert diffpatch patchfile originalfile
 
  Regards,
  Robert
  --Greg
 
 Those are big patches, consisting of several files/directories. Would
 gvim handle that? But still I need an original file, which I perceive
 as downside.

I can't say I've tried it with multi-file patches, but vim tends to be
pretty robust.

Also, of course you need an original file. If you don't have an original
file there is nothing to look at other than the patch file itself. What
is there to visualize without an original?

 Regards,
 Robert
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20101104123744.gq10...@anthropohedron.net

Re: Graphical diff/patch viewer

[Gregory Seidman]

On Wed, Nov 03, 2010 at 09:08:13AM +0100, Rob Gom wrote:
 Hi all,
 do you know/is there any graphical patch/diff viewer in Debian (or for
 Linux in general)? Such a tool would produce side by side view of
 changes/deletions/inserts.
 There is kompare for KDE, but it is unreliable - produces false
 results for specific patches (bug not reported yet, as I have to
 reproduce it with something I can make
 public). To be honest, I have looked at meld, beyond compare, diffuse,
 xxdiff, tkdiff and found nothing appropriate.
 Do you know anything else? Have I missed anything?

You have to be comfortable in vim, but you can use the following:

gvim +vert diffpatch patchfile originalfile

If you aren't comfortable with vim, you *might* be able to use the
following, but no guarantees (I don't have a patch file handy to determine
whether this will work):

gvim -y +vert diffpatch patchfile originalfile

 Regards,
 Robert
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20101103112635.gn10...@anthropohedron.net

Re: Verbatim 1TB external HDD

[Gregory Seidman]

On Mon, Aug 23, 2010 at 04:05:38PM +0100, Lisi wrote:
 I have been asked to set this HDD up as a backup device on a Lenny
 system.  It will primarily be used for photographs and personal files. 
[...]
 What would people recommend in this situation?  Reformat or use FAT32?
 And if reformat, to what?  I think that his slightly aged computer would
 probably blow a gasket if asked to use ext4, so am wondering about ext3.
[...]

Use ext3. And see below.

 As of now, I am intending to clone (dd?  Clonezilla?) the internal HDD
 onto it and then show the user how to copy and paste new files onto it as
 he goes along, with me syncing the whole thing periodically.  Since I
 will not be there most of the time, this strikes me as simple and
 workable.  But anacron may also be a possibility.
[...]

I recommend making it an LVM physical volume and creating a volume group on
top of it. Create a logical volume the exact size of the volume you are
backing up, then use dd to copy it for the first time (boot from a CD, if
necessary, so the source volume isn't mounted). Then create an LVM snapshot.

For each backup cycle (in a script called from cron), mount it and use
rsync to only change what needs changing, then unmount it and create an LVM
snapshot. Create the snapshots with names that include the date. To avoid
running out of space, you'll probably want to cull older snapshots from
time to time. For example, you might back up nightly, but you only want to
keep the last three days, the first of the month for a year, and the first
of the year from the previous year. You can automate this in the backup
script as well.

You should also create a script that will mount the available backups
(i.e. LVM snapshots) readonly in well-named directories (i.e. including the
backup date), and another to unmount them all.

 Thanks in advance for any comments.
 Lisi
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100823155327.gf4...@anthropohedron.net

Re: Verbatim 1TB external HDD

[Gregory Seidman]

On Mon, Aug 23, 2010 at 12:24:08PM -0400, S Scharf wrote:
[...]
  For each backup cycle (in a script called from cron), mount it and use
  rsync to only change what needs changing, then unmount it and create an LVM
  snapshot. Create the snapshots with names that include the date. To avoid
  running out of space, you'll probably want to cull older snapshots from
  time to time. For example, you might back up nightly, but you only want to
  keep the last three days, the first of the month for a year, and the first
  of the year from the previous year. You can automate this in the backup
  script as well.
 
  You should also create a script that will mount the available backups
  (i.e. LVM snapshots) readonly in well-named directories (i.e. including the
  backup date), and another to unmount them all.
 
 I did something like that for a while, but the mount time to recognize all
 of the LVM internal pointers for the snapshots was extreme (1/2 hour!).
[...]

I have never had such a problem. Were you unmounting before snapshotting?
Maybe your snapshots were in an inconsistent state.

 Stuart
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100823171356.gh4...@anthropohedron.net

Which disk is failing?

[Gregory Seidman]

I have a RAID1 (using md) running on two USB disks. (I'm working on moving
to eSATA, but it's USB for now.) That means I don't have any insight using
SMART. Meanwhile, I've been getting occasional fail events. Unfortunately,
I don't get any information on which disk is failing.

When the system comes up, it seems to be entirely random which disk comes
up as /dev/sda and which comes up as /dev/sdb. In fact, since my root disk
is on SATA, at least one time it came up as /dev/sda and the USB drives
came up as /dev/sdb and /dev/sdc, though I think that was under a different
kernel version. When I get a failure email, it tells me that it might be
due to /dev/sda1 failing -- except when it tells me that it might be due to
/dev/sdb1 failing. When things are working, mdadm -D /dev/md0 looks like
this:


/dev/md0:
Version : 00.90
  Creation Time : Wed Feb 22 20:50:29 2006
 Raid Level : raid1
 Array Size : 312496256 (298.02 GiB 320.00 GB)
  Used Dev Size : 312496256 (298.02 GiB 320.00 GB)
   Raid Devices : 2
  Total Devices : 2
Preferred Minor : 0
Persistence : Superblock is persistent

Update Time : Thu Jul 22 07:30:46 2010
  State : clean
 Active Devices : 2
Working Devices : 2
 Failed Devices : 0
  Spare Devices : 0

   UUID : e4feee4a:6b6be6d2:013f88ab:1b80cac5
 Events : 0.17961786

Number   Major   Minor   RaidDevice State
   0   8   170  active sync   /dev/sdb1
   1   811  active sync   /dev/sda1

When it fails, however, the device names disappear and it just tells me
it's clean, degraded and shows an active disk, a removed disk, and a faulty
spare without any device names.

I even tried doing dd if=/dev/md0 of=/dev/null to see if I could get the
light flickering on one and not the other, but I just get I/O errors. Once
a disk fails, the RAID seems to go into a nasty state where it reads
properly through the crypto loop and LVM I have on top of it, but the
filesystems become read-only and the block devices just give errors. Worse,
the first indication (even before the mdadm email) that something is wrong
is a message to console that an ext3 journal write failed.

What I've been doing (which makes me tremendously uncomfortable since I
know a disk is failing) is to reboot and bring everything back up. This has
been working, but I know it's just a matter of time before the failing disk
becomes a failed disk. I could wait until then, since presumably I'll then
know which is which, but who knows what data corruption is possible between
now and then?

So, um, help?

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100722113802.gb10...@anthropohedron.net

Re: Which disk is failing?

[Gregory Seidman]

On Thu, Jul 22, 2010 at 03:27:50PM +0200, randall wrote:
 On 07/22/2010 02:54 PM, Michal wrote:
 On 22/07/10 12:38, Gregory Seidman wrote:
[...]
 So, um, help?

 --Greg

 cat /proc/mdstat can help but you need to get the serial numbers. Do  
 this;

 ~# hdparm -i /dev/sda
[...]

# hdparm -i /dev/sda
 HDIO_GET_IDENTITY failed: Invalid argument

/dev/sda:

# hdparm -i /dev/sdb
 HDIO_GET_IDENTITY failed: Invalid argument

/dev/sdb:

 you could also try smartctl -a /dev/sda to get the disks serial numbers

# smartctl -a /dev/sda
smartctl version 5.38 [i686-pc-linux-gnu] Copyright (C) 2002-8 Bruce Allen
Home page is http://smartmontools.sourceforge.net/

Device: ST332062 0A   Version: 3.AA
scsiModePageOffset: response length too short, resp_len=4 offset=4 bd_len=0
 Terminate command early due to bad response to IEC mode page
A mandatory SMART command failed: exiting. To continue, add one or more '-T 
permissive' options.

# smartctl -a /dev/sda -T permissive
smartctl version 5.38 [i686-pc-linux-gnu] Copyright (C) 2002-8 Bruce Allen
Home page is http://smartmontools.sourceforge.net/

Device: ST332062 0A   Version: 3.AA
scsiModePageOffset: response length too short, resp_len=4 offset=4 bd_len=0
 Terminate command early due to bad response to IEC mode page

Error Counter logging not supported
scsiModePageOffset: response length too short, resp_len=4 offset=4 bd_len=0
Device does not support Self Test logging


Neither of these tools seem to be of much use here.

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100722142710.gc10...@anthropohedron.net

Re: Which disk is failing?

[Gregory Seidman]

On Thu, Jul 22, 2010 at 08:32:28AM -0500, Stan Hoeppner wrote:
 Gregory Seidman put forth on 7/22/2010 6:38 AM:
  I have a RAID1 (using md) running on two USB disks. (I'm working on moving
  to eSATA, but it's USB for now.) That means I don't have any insight using
  SMART. Meanwhile, I've been getting occasional fail events. Unfortunately,
  I don't get any information on which disk is failing.
 
 Are any USB communication errors being logged along with the md and ext3 
 errors?

I'm not seeing anything in /var/log/{dmesg,syslog,kern.log}. Is there
somewhere else I should be looking?

 Are you sure it's a disk drive problem and not an issue with the kernel
 drivers, system BIOS, USB controller, cabling, or a combination thereof?

I'm not 100% sure, but it's the most likely possibility.

 How long (days, weeks, months, years) did this exact setup function properly
 before you started seeing these problems?

Months. I switched from Mac hardware to PC hardware when the Mac
motherboard finally died after 10 years a few months ago. Most of the same
hardware (cables, drives, enclosures, etc.) had been working well for a
couple of years before that.

 Did you recently perform any major software upgrades (kernel/drivers)
 shortly before this problem surfaced?

No.

 Is this a laptop?  If so which make/model?

Nope, it's a tower:
ThinkCentre M52 3.2GHz Intel Pentium IV Desktop PC

 What's the make/model of the USB disk drives?

The two USB drive enclosures are different makes and models, and I don't
have them handy to check (I'm at work right now). They aren't no-name crap,
though. Incidentally, one is an eSATA  USB, the other is IEEE1394 and USB.

The drives are either Seagate or Western Digital. I don't remember which at
this point, since it's been a while since I put them in their enclosures.

 What is the age of each piece of hardware we're discussing?

The tower was purchased refurbished, but is probably circa 2004. The
drives, cables, and enclosures are no more than two years old.

 Stan
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100722144537.gd10...@anthropohedron.net

Re: Spamassassin Cutoff

[Gregory Seidman]

On Sun, Jul 11, 2010 at 02:56:25PM +0300, David Baron wrote:
 Where might I set the cutoff number of points of spamassassin? Currently 
 (defaults to) 5 and I get a lot of false alarms at 5.2, for example.
 
 Alternatively, where might I lower the points for its internal ruleset?

You can do both in ~/.spamassassin/user_prefs

Syntax examples:

required_hits 5

score PGP_SIGNATURE -0.5
score MIME_HTML_ONLY 2

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100712010616.gb10...@anthropohedron.net

Re: howto setup my own wikipedia site

[Gregory Seidman]

On Tue, Apr 20, 2010 at 08:37:08PM +0200, Jozsi Vadkan wrote:
 Can anyone post a link, howto install/setup a wikipedia-like site? 
 
 I just want to put my stiky-notes to my own wikipedia site.

apt-get install mediawiki

That will install the required software. You'll want to read the docs to
figure out if you need to configure anything extra.

 Thank you
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100420184421.gw8...@anthropohedron.net

Re: HTTP Filter Proxy

[Gregory Seidman]

On Thu, Jan 21, 2010 at 11:15:07AM +, Liam O'Toole wrote:
 On 2010-01-21, Glenn English g...@slsware.com wrote:
  On Jan 20, 2010, at 8:13 PM, Kun Niu wrote:
  Roman Gelfand wrote:
  Can somebody recommend HTTP filter proxy software or softwares?
 
  Filter what? Privoxy does a reasonable job on ads. Squid has acls and
  a bunch of other stuff that you config yourself. And they can run in
  serial...
 
 Seconded. Privoxy chained with squid make a good combination. There are
 plenty of tutorials on the web to help you set it up.

Another vote for privoxy. You can configure it to block whatever you like
based on URL pattern or HTTP headers (e.g. Content-Type), not to mention
blocking just cookies, rewriting content (e.g. adding or removing
autocomplete=off in form tags), etc. I think there is even a facility to
block images based on dimensions, though I haven't played with it.

Unless you need the caching, though, I don't see much value in adding squid
to the mix. I've been using privoxy alone for years with great success.
 Liam
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: eSATA woes

[Gregory Seidman]

On Fri, Dec 18, 2009 at 03:30:18AM -0600, Stan Hoeppner wrote:
 Gregory Seidman put forth on 12/17/2009 10:37 AM:
 
  It's automatically detected and the sata_sil24 module loads. The problem
  comes when I try to connect an eSATA enclosure. I get console messages
  immediately upon connecting an eSATA drive, but it goes through a cycle of
  trying to establish a link, timing out, resetting, retrying, etc. a few
  times before finally giving up.
 
 This is most likely caused by massive electrical signaling errors.  How
 many different eSATA cables have you tried?  You don't even mention
 cables in your post, yet this is always the _first_ thing you should
 check/swap when you have problems with external devices.
 
 Try another eSATA cable and report back.

I tried a couple of cables that came with the enclosures, but I recently
received some longer (and probably better) cables that I will try tonight
or tomorrow. Thanks for the suggestion, and I'll report back.

 Stan
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

eSATA woes

[Gregory Seidman]

I've been running a RAID1 on Firewire for years, but I really want SMART
monitoring and SATA drives (and enclosures) keep getting cheaper. I'm
running on older hardware with only PCI slots, no PCI-E or PCI-X, so I
picked up a PCI SATA card with two SATA ports and two eSATA ports. It shows
up in lspci like this:

0001:10:12.0 RAID bus controller: Silicon Image, Inc. SiI 3124 PCI-X Serial ATA 
Controller (rev 02)

It's automatically detected and the sata_sil24 module loads. The problem
comes when I try to connect an eSATA enclosure. I get console messages
immediately upon connecting an eSATA drive, but it goes through a cycle of
trying to establish a link, timing out, resetting, retrying, etc. a few
times before finally giving up.

I've tried three different enclosures now, only one of which uses eSATA
multiport, and they all exhibit the same behavior. Two of the enclosures
also support USB, and work fine when plugged into a USB port. This isn't a
viable long-term solution, however, since it still doesn't get me SMART
monitoring and, much more importantly, the old hardware only supports USB
1.1 thus runs the disks incredibly slowly.

Can anyone point me to a specific enclosure that is known to work well
under Linux? Could it be a problem with the card rather than the
enclosures? How can I fix this?

--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: eSATA woes

[Gregory Seidman]

On Thu, Dec 17, 2009 at 07:30:07PM +, Camale?n wrote:
 On Thu, 17 Dec 2009 11:37:53 -0500, Gregory Seidman wrote:
  I've been running a RAID1 on Firewire for years, but I really want SMART
  monitoring and SATA drives (and enclosures) keep getting cheaper. I'm
  running on older hardware with only PCI slots, no PCI-E or PCI-X, so I
  picked up a PCI SATA card with two SATA ports and two eSATA ports. It
  shows up in lspci like this:
  
  0001:10:12.0 RAID bus controller: Silicon Image, Inc. SiI 3124 PCI-X
  Serial ATA Controller (rev 02)
 
 Just a hint: check the BIOS of the card (you usually get there by 
 pressing F8 key) and look whether it has been setup to function as a RAID 
 device or JBOD.
 
 My wild guess is that a RAID configuration could be a bit problematic 
 and thus avoiding/interfering the communication with external e-sata 
 ports.

That's an interesting thought, but it's a bit complicated by the fact that
the old hardware in question is a G4-era Mac. Any idea how to check on that
without a BIOS? I literally have no PC hardware available.

 Greetings,
 Camale??n
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: request for a mono vote.

[Gregory Seidman]

On Sun, Jul 26, 2009 at 01:36:43PM +0300, aprekates wrote:
 O/H Gregory Seidman ??:
 On Sat, Jul 25, 2009 at 08:06:31PM +0300,  ?? wrote:
 As a dedicated  debian user i want to express my concerns and worries
 regarding mono inclusion in main and i  ask for a vote for mono in
 non-free/main because:

 1) I feel like microsoft is not clear about the license issues.

 This seems pretty clear:

 http://port25.technet.com/archive/2009/07/06/the-ecma-c-and-cli-standards.aspx
 http://www.betanews.com/article/Microsoft-moves-C-NET-CLI-to-community-license-helps-Mono/1246980965

 2) MS is a monopoly in desktop OS market and its monopoly aggresive
 behavior has been proven in courts and is evident every day. see
 netbook market for example.  Wouldnt a pro-ms pro-monopoly  move harm
 the excellent name Debian has  build?

 That has nothing to do with Mono. Mono is not tied to MS in any way. The
 software has been implemented independently and under open source
 licenses (GPL, LGPL, and MIT X11, depending on which piece):

 http://www.mono-project.com/Mono,_a_technical_whitepaper#Mono_Licensing

 3) Is essential to me and the way i perceive the debian identity to has
 a clear position out of middleware rivalries of multinationals
 companies not favoring or taking sides.

 I can't parse this sentence. Rather, I can't tell whether you are
 claiming that Debian should or should not have a clear position. It
 doesn't matter, of course, since Debian has a clear position on
 licensing, not software rivalries.

 Perl, Python, PHP, Ruby, TCL, etc. are all available in Debian main, as
 are a couple of Java interpreters. As long as they are under open source
 licenses and are unencumbered by patent threats (or stupid encryption
 export laws), they belong in main. 

 +1 for a voting procedure.

 +1 for understanding the relevant patent licensing, code licensing, and
 Debian policy

 -1 for calling for a vote without that understanding

 I think you see the technical angle and not a broader concern that i
 tried to draw, maybe hastily , vaguely or not expert-legaly i admit. I
 see the fog of a middleware  battle going on for decades and mono is the
 linux implementation of MS middleware .

I don't think you understand what Mono is. It is an implementation of the
Common Language Infrastructure (CLI) and the C# language as laid out in
ECMA-335 and ECMA-334 (ISO/IEC 23271 and ISO/IEC 23270), respectively, plus
a bunch of libraries including a GTK+/GNOME library (GTK#) and
reimplementation of several .NET libraries, plus a few applications built
for it.

While the included .NET libraries do include MS-designed middleware (e.g.
ASP.NET), they are not required to use Mono nor any of the GTK#-based GNOME
applications. The applications included with the Mono distribution also
generally do not require any reimplementations of Microsoft's
non-standardized .NET libraries.

 Also i dont see how Perl, PHP , Ruby , TCL are compared with the extent
 of a middlewe API like java,or .net. Do they provide the same
 functionality in scope ? Correct  me , but i think that that argument is
 valid for java mainly. Not sure, but i think that java and .net are more
 ambitious than scripting languages , and programming languages . So i
 think it'be vary informative to draw a parallel about mono and java free
 implementations and discuss about merits ands risks for possibly default
 inclusion in  debian and generally in dists.

Perl, Python, PHP, Ruby, and TCL are all languages with language runtimes,
compilers/interpreters, and libraries, as are Java and the CLI. They are,
indeed, similar in scope.

In terms of risks, both (some implementations of) Java and (the
standardized and GTK# portions of) Mono are entirely Free and free. There
is no greater risk in including Mono or, say, OpenJDK than there is in
including PHP or Perl. In terms of merits, there is a great deal of
excellent FOSS built for all of the above, and it's desirable to be able to
package and include that software in Debian as well.

 Finally forgive me for being suspicious about the benevolent monopolist
 who runs from court to court! .Dont expect me to sympathize with pro-ms
 pro-monopolist moves.

Developing applications for Mono, especially when not relying on .NET
libraries, has nothing to do with supporting Microsoft in any way. Running
applications on Mono has nothing to do with supporting Microsoft. Your
suspicion of Microsoft has nothing to do with Mono.

You may weigh them differently depending on your values and needs, but the
only reasonable things to judge software on are freedom, price, and
quality. As long as your software freedoms are protected, as they are with
Mono, all that's left are price and quality. The price is right (free), so
it's just a question of quality, and Mono is high quality software.
Furthermore, the design of the CLI and the C# language are excellent
(though I'm not 100% thrilled with the design of the core library),
regardless

Re: request for a mono vote.

[Gregory Seidman]

On Sat, Jul 25, 2009 at 08:06:31PM +0300,  ?? wrote:
 As a dedicated  debian user i want to express my concerns and worries
 regarding mono inclusion in main and i  ask for a vote for mono in
 non-free/main because:

 1) I feel like microsoft is not clear about the license issues.

This seems pretty clear:

http://port25.technet.com/archive/2009/07/06/the-ecma-c-and-cli-standards.aspx
http://www.betanews.com/article/Microsoft-moves-C-NET-CLI-to-community-license-helps-Mono/1246980965

 2) MS is a monopoly in desktop OS market and its monopoly aggresive
 behavior has been proven in courts and is evident every day. see netbook
 market for example.  Wouldnt a pro-ms pro-monopoly  move harm the
 excellent name Debian has  build?

That has nothing to do with Mono. Mono is not tied to MS in any way. The
software has been implemented independently and under open source
licenses (GPL, LGPL, and MIT X11, depending on which piece):

http://www.mono-project.com/Mono,_a_technical_whitepaper#Mono_Licensing

 3) Is essential to me and the way i perceive the debian identity to has
 a clear position out of middleware rivalries of multinationals companies
 not favoring or taking sides.

I can't parse this sentence. Rather, I can't tell whether you are claiming
that Debian should or should not have a clear position. It doesn't matter,
of course, since Debian has a clear position on licensing, not software
rivalries.

Perl, Python, PHP, Ruby, TCL, etc. are all available in Debian main, as are
a couple of Java interpreters. As long as they are under open source
licenses and are unencumbered by patent threats (or stupid encryption
export laws), they belong in main. 

 +1 for a voting procedure.

+1 for understanding the relevant patent licensing, code licensing, and
Debian policy

-1 for calling for a vote without that understanding

 chomwitt
--Greg


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Freeze SO Linux, it's possible?

[Gregory Seidman]

On Wed, Dec 10, 2008 at 05:51:02PM +0100, Carlos Carrero Gutierrez wrote:
 Hi, i would like to freeze my linux in order to freeze the OS, then,
 when I reboot the computer all changes that i made in the computer
 dissapears and it returns to the previous OS freezed.
 
 In windows there is something similar, called Deep Freeze (it's
 freeware).
 
 Somebody could help me? 
 
 Thank you very much, I appreciate your help.

The closest thing I know of is LVM snapshots, but you need any relevant
partitions (including, presumably, the root partition) to be LVM
partitions. You should probably investigate LVM to evaluate whether this is
what you want.

--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: OT: Looking for free email service with disposable email addresses

[Gregory Seidman]

On Mon, Nov 17, 2008 at 11:16:49AM +0100, Martin wrote:
 Hi, I have free email account at yahoo.com.au. It has feature that I
 am used to, namely disposable email addresses. But unfortunately I
 have troubles with it too. More often than I would like it lost (does
 not accept) email send to me. All the time I receive replays from this
 mailing list but not the original mail, lot of time I get notification
 from daemon that mails form this ML are bounced back ...
 
 Therefore I am looking for another free email provider. What I need is
 POP3 or forwarding, and disposable addresses. Those I found very useful
 tool in fighting spam.

I love SpamGourmet http://spamgourmet.com/, myself. I've been using it
for years and love it. It's so good I'd pay a subscription fee if they
charged. As it is, I've donated and will in the future.

 Martin
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Sunbird server?

[Gregory Seidman]

On Thu, Sep 18, 2008 at 02:40:43AM -0500, Depo Catcher wrote:

 I use the SunBirds (on Windows/Linux) and my girlfriend uses the gmail  
 Calendars

 Is there any ways to sync the two together?  I might be able to get her  
 to switch to the SunBirds.

Sunbird is a CalDAV client, and Google Calendar is a CalDAV server.
Google's CalDAV support is in beta, but so is most of Google's software,
and Sunbird is a 0.x release anyway. See heere for useful information:

http://blog.heatery.com/2008/08/enabling-google-caldav-for-mozilla.html

--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Do Debian's users care about the AGPL?

[Gregory Seidman]

On Thu, Sep 04, 2008 at 12:58:01PM +0300, Andrei Popescu wrote:
[...]
 * webapps
 - Author writes a spreadsheet program
 - some company customizes the program and ads support for an own 
   proprietary file format, but they will most likely:
   o put it up on own servers to generate revenue rather then
   o sell it to other service providers
 
 By using GPL in this scenario, people accessing the service will find 
 themselves locked-in due to the proprietary file format, while with the 
 AGPL everybody has a chance to implement support for it.

I call bullshit. People are locked into the service because their data
exists on the server's filesystem rather than their own, regardless of what
format it is in. Having the source code for the service does not change
that in any way. The AGPL does not address lock-in at all.

If we take Google's office apps as an example, you'll notice that you are
not locked into using either the spreadsheet or the word processor. That
isn't because you have source code freedoms (you don't) but because you can
download your files in standard and free formats (OpenOffice). You can also
download presentations as PowerPoint files, and one could argue that that
is free since OOo will read it.

In my opinion the AGPL leans a little too much toward I wrote it so you
have to do what I say rather than share and share alike. I don't believe
it will be any more effective in achieving the goals of Free software than
the plain old GPL.

 Also, reading the archives of debian-legal it seems to me the biggest 
 concern is whether the requirement of providing the source doesn't put a 
 too high *financial* burden (ex. hosting, bandwidth, etc. costs) on 
 providers of AGPL webapps.

Is that even relevant to the DFSG?

 Regards,
 Andrei
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Do Debian's users care about the AGPL?

[Gregory Seidman]

On Thu, Sep 04, 2008 at 04:54:54PM +0300, Andrei Popescu wrote:
 On Thu,04.Sep.08, 08:51:13, Gregory Seidman wrote:
  On Thu, Sep 04, 2008 at 12:58:01PM +0300, Andrei Popescu wrote:
  [...]
   * webapps
   - Author writes a spreadsheet program
   - some company customizes the program and ads support for an own 
 proprietary file format, but they will most likely:
 o put it up on own servers to generate revenue rather then
 o sell it to other service providers
   
   By using GPL in this scenario, people accessing the service will find 
   themselves locked-in due to the proprietary file format, while with the 
   AGPL everybody has a chance to implement support for it.
  
  I call bullshit. People are locked into the service because their data
  exists on the server's filesystem rather than their own, regardless of what
  format it is in. Having the source code for the service does not change
  that in any way. The AGPL does not address lock-in at all.
  
 If people store their data with the provider (or use a provider who 
 doesn't provide options) it is their choice and it really doesn't matter 
 if the application is GPL, AGPL or closed source, but I'm not sure how 
 many people would use such a service.

Correct.

  If we take Google's office apps as an example, you'll notice that you are
  not locked into using either the spreadsheet or the word processor. That
  isn't because you have source code freedoms (you don't) but because you can
  download your files in standard and free formats (OpenOffice). 
 
 (I think you meant ODF)

Yes, sorry, ODF.

 But if the only option would be some binary and proprietary format
 *specific* to Google Apps you would be forced to use their service just
 to open the file on your own computer and we are back at where we are now
 with MS Office[*]. This is the case I was talking about and the GPL
 doesn't cover this, AGPL does.
[...]

This is a strawman. The AGPL doesn't make it difficult to accomplish the
same thing, it just requires a little more hoop jumping.

Consider an AGPL'd app that has some open file format download. Evil Inc.
takes said app, tears out the bit that sends the open format to the user
and has it write to (server side) disk instead, then provides a link to a
separate, closed source web app that reads the AGPL'd app's open format
from disk and converts it to a proprietary format for download. Evil Inc.
releases its changes to the AGPL'd app without exposing anything about
their proprietary format. You, as a user, lose, and the AGPL was no help at
all.

 Regards,
 Andrei
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Do Debian's users care about the AGPL?

[Gregory Seidman]

On Thu, Sep 04, 2008 at 10:35:16AM -0500, Christofer C. Bell wrote:
 On Thu, Sep 4, 2008 at 9:42 AM, Gregory Seidman
 [EMAIL PROTECTED] wrote:
  Consider an AGPL'd app that has some open file format download. Evil Inc.
  takes said app, tears out the bit that sends the open format to the user
  and has it write to (server side) disk instead, then provides a link to a
  separate, closed source web app that reads the AGPL'd app's open format
  from disk and converts it to a proprietary format for download. Evil Inc.
  releases its changes to the AGPL'd app without exposing anything about
  their proprietary format. You, as a user, lose, and the AGPL was no help at
  all.
 
 If the modified AGPL application by Evil, Inc., is doing a conversion
 to a proprietary format as in your example, then the export functions
 for the format are part of the application and thus included in the
 source changes Evil, Inc. releases.  This necessarily exposes the
 proprietary format to reimplementation.

You are incorrect. Reread the scenario I described. The AGPL'd web app
writes an open format to disk. There is an independent and closed codebase
that reads that open format, converts it to a proprietary format, and sends
it to the user. The AGPL'd code, which Evil Inc. will distribute, includes
the pre-existing open format export functionality (though no longer exposed
to the user) and the code to call that export and issue a 302 redirect to
the closed web app to actually serve the download. The AGPL'd code does not
include anything to read or write the proprietary format, even though the
site appears to the user to download it seamlessly, and the codebase which
does is closed and unavailable without violating the AGPL.

 Chris
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: trn nntp authorization

[Gregory Seidman]

On Thu, Sep 04, 2008 at 11:22:58AM -0400, rir wrote:
 On Wed, Sep 03, 2008 at 11:43:50AM -0400, Gregory Seidman wrote:
  On Tue, Sep 02, 2008 at 09:56:09AM -0400, rir wrote:
 
   How do I get trn to authorize.  I can connect manually:
 
   $ telnet newsgroups.comcast.net nntp
   Trying 216.196.97.136...
   Connected to comcast.dca.giganews.com.
   Escape character is '^]'.
   200 News.GigaNews.Com
   authinfo user _username_
   381 more authentication required
   authinfo pass _password_
   281 News.GigaNews.Com
  
  You should have a /etc/trn4/access.def file, which has decent comments on
  what to set. I set the following:
  
  NNTP Server
  Auth User
  Auth Password
  Force Auth
 
 I have /etc/trn4/access.def readable and containing:
 
 #NNTP Server = /etc/news/server
 NNTP Server = nonesuch.none
 Auth User = [EMAIL PROTECTED]
 Auth Password = mypass
 
 But trn4 seems to ignore the file. It seems that trn4 is looking
 to /etc/news/server, always.  If I put a bogus hostname
 in access.def, trn looks to /etc/news/server; if /etc/news/server
 is empty I get:
 
 Connecting to /etc/news/server.../etc/news/server: Unknown host.
 failed.
 
 There is a /usr/share/trn4/access.def, but it is just a symlink to
 /etc/trn4/access.def.

It turns out that /etc/news/server contains the hostname of my news server
(and nothing else). Try that.

 Thanks,
 rir
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: trn nntp authorization

[Gregory Seidman]

On Tue, Sep 02, 2008 at 09:56:09AM -0400, rir wrote:
 I am trying to use trn 4.0-test76 (Apr 2, 2001) on Debian 3.1.
 How do I get trn to authorize.  I can connect manually:
 
 $ telnet newsgroups.comcast.net nntp
 Trying 216.196.97.136...
 Connected to comcast.dca.giganews.com.
 Escape character is '^]'.
 200 News.GigaNews.Com
 authinfo user _username_
 381 more authentication required
 authinfo pass _password_
 281 News.GigaNews.Com
 quit
 
 How do I set up trn to authorize like this.

You should have a /etc/trn4/access.def file, which has decent comments on
what to set. I set the following:

NNTP Server
Auth User
Auth Password
Force Auth

 Thanks.
 rir
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: SVN Behind Proxy

[Gregory Seidman]

On Tue, Aug 12, 2008 at 01:12:35PM +0700, Zaki Akhmad wrote:
 I am trying to get some source code with SVN. My access to Internet is
 behind proxy. How do I set the SVN (I use subversion package) so that
 I can access the source code?
 
 Here's the command I should write (example)
 $ svn checkout http://blabla.googlecode.com/svn/trunk/ blabla-read-only

Most commandline apps that can use an HTTP proxy read the http_proxy
environment variable. If you are using a bash-like shell, try:

export http_proxy=http://my-proxy-server.com:8080/
svn checkout http://blabla.googlecode.com/svn/trunk/ blabla-read-only

This assumes that your proxy is running on port 8080 of
my-proxy-server.com; modify appropriately. I'm not 100% certain svn
supports HTTP proxies, but if it does then this is likely how to specify
it.

 Zaki Akhmad
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: [Solved] Re: how to close port 113 ident xinetd

[Gregory Seidman]

On Sat, Aug 02, 2008 at 09:03:10PM -0400, Jimmy Wu wrote:
 On Sat, Aug 2, 2008 at 6:43 PM, Ansgar Burchardt [EMAIL PROTECTED] wrote:
  Hi,
 
  Jimmy Wu [EMAIL PROTECTED] writes:
 
  I tried doing an nmap scan on myself the other day and found that tcp
  port 113 was open.  Nmap listed the service as ident.  I am trying to
  remove this service since I don't think I need it, but I can't figure
  out how.  I removed the package pidentd, after which nmap reported the
  port was still open, but changed its service description to auth?.
 
  Did you restart xinetd after removing pidentd?
 
  Regards,
  Ansgar
 
 Thank you - I restarted xinetd and the port seems to be closed now (at
 least according nmap and netstat).  I guess since ident wasn't
 mentioned in xinetd.conf, I didn't think to restart it.

xinetd uses separate configuration files for each of the services it
provides (assuming your /etc/xinetd.conf has the line includedir
/etc/xinetd.d per the Debian default). Part of the pidentd package is an
xinetd config file that is placed in the /etc/xinetd.d directory. When you
uninstalled pidentd that file was removed, but you still had to restart
xinetd for it to reread its config (which no longer included the ident
service).

 Thanks again to everyone who replied,
 Jimmy Wu
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: project: wired/wireless router

[Gregory Seidman]

On Mon, Jun 30, 2008 at 12:26:28AM +0100, Sam Kuper wrote:
 Greg,
 
 I can confirm that the Buffalo WHR-HP-G54 is very stable under OpenWRT White
 Russian, which gives you (yet) another option if you go down the path of
 buying a new router/AP device.
 
 Alternatively, if you're set on using your existing box as your router/AP,
 why not use a USB Wi-Fi device if you're going to be occupying the sole PCI
 slot with an ethernet card? USB Wi-Fi dongles are often cheaper than
 Ethernet ones. (NB. If I've failed to notice that your box doesn't have USB,
 then please disregard this comment.)

I just wanted to report on the hardware I decided on. I couldn't find a
well-supported USB WiFi dongle, especially one that was a reasonable price
and showed any prayer of being able to work as an AP. I also realized I
already had a USB wired dongle lying around from an old TiVo (now replaced
with a TiVo that has builtin ethernet). So now I'm purchasing a Netgear
Super G PCI card (WG311TNA), which is supported by madwifi as an AP. The
USB dongle is, regrettably, USB 1.1, but since it will be connected to the
cable modem (which only provides around 3Mb bandwidth), it should be fine.

Once I have the hardware, it's just a matter of figuring out how to set up
the iptables for NAT routing and appropriate firewalling. Actually, since I
don't have wireless needs at the moment, I can start working on it this
weekend even before I receive the wireless card, assuming I have sufficient
hubs (which I might).

 Sam
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: project: wired/wireless router

[Gregory Seidman]

On Sun, Jun 29, 2008 at 02:06:57PM -0500, Ron Johnson wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On 06/29/08 10:31, j t wrote:
  On Sun, Jun 29, 2008 at 4:43 AM, Ron Johnson [EMAIL PROTECTED] wrote:
  Adding all this extra equipment is going to cost you *much* more
  than buying a Linksys WRT56GL and reflashing it with the Tomato or
  DD-WRT firmware.
  
  OK, I've just spent 10 minutes searching for Linksys WRT56GL (a pair
  of donkey ears for me, please)
  
  I realize that googling returns 259 hits, but there's no wrt56gl on
  Linksys's support website, and dd-wrt doesn't have it in their list of
  supported hardware.
  
  Ron, is this just a typo?
 
 Yup.  Sorry. It's the WRT54GL.
 http://www.newegg.com/Product/Product.aspx?Item=N82E16833124190

I've heard of this. I was kind of hoping to do all this with Debian, but it
sounds like the WRT54GL is a better bet, but only if it can actually
firewall the wired subnet from the wireless subnet. A little bit of
googling hasn't given me the answer to that either way. Does anyone know?

 Ron Johnson, Jr.
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: project: wired/wireless router

[Gregory Seidman]

On Mon, Jun 30, 2008 at 12:26:28AM +0100, Sam Kuper wrote:
 I can confirm that the Buffalo WHR-HP-G54 is very stable under OpenWRT
 White Russian, which gives you (yet) another option if you go down the
 path of buying a new router/AP device.
 
 Alternatively, if you're set on using your existing box as your
 router/AP, why not use a USB Wi-Fi device if you're going to be occupying
 the sole PCI slot with an ethernet card? USB Wi-Fi dongles are often
 cheaper than Ethernet ones. (NB. If I've failed to notice that your box
 doesn't have USB, then please disregard this comment.)

I hadn't even considered USB WiFi. I like the idea. The existing box does
have USB, so that's workable. Now I just need to do a bit of research on
which USB WiFi devices are well supported by 2.6.18 (I think that's what's
in Debian stable).

The box has one PCI slot, several (three? four?) USB ports, and an on-board
wired ethernet port. I also have a wired ethernet PCI card lying around
somewhere and I think I have a suitable wired hub, so it's just a matter of
the USB WiFi. Comparing the certainty of the software being able to run
separate interfaces and route properly, not to mention the familiarity of
Debian, to the WRT stuff where you are restricted to a 2.4 kernel and I
don't feel certain it supports the configuration I need, it looks to me
like my existing box is a better approach.

Now I just need to learn iptables really well so I can configure it. Any
book suggestions?

 Sam
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

project: wired/wireless router

[Gregory Seidman]

I have a mini case with a VIA motherboard and CPU. It has an on-board
ethernet port. I'd like to use it as a Linux firewall/NAT router to replace
the (wired only) LinkSys I have now. It only has one PCI slot, but I want
to be able to provide both wired and wireless LAN access. I'm looking for
both hardware suggestions (i.e. a PCI card with both wired and wireless
ethernet that is supported by the kernel in stable) and configuration help.

My requirements are:

1) Wireless is an independent subnet from the wired, and is firewalled from
   the wired LAN in the same way as the outside world.

2) Several open ports forwarded to not necessarily the same port on a
   machine on the wired LAN (e.g. ports 80, 22, 443).

3) WPA encryption on wireless.

4) UPNP support (wired and wireless).

5) NAT/DHCP support (wired and wireless).

6) Prioritize all wired traffic over wireless.

7) Prioritize all SIP (VoIP) traffic (via wired) over everything else.

Basically, I want my VoIP line to get the best bandwidth available on the
external connection, wired to get priority over wireless, and wireless to
be firewalled from the external interface (no forwarded ports at all,
except UPNP), but wired firewalled from both wireless and external
interfaces (with some forwarded ports). I don't feel the need to run my own
DNS, though, just routing.

--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: project: wired/wireless router

[Gregory Seidman]

On Sat, Jun 28, 2008 at 10:04:52PM +0200, oneman wrote:
 On 28-jun-2008, at 18:30, Gregory Seidman wrote:

 I have a mini case with a VIA motherboard and CPU. It has an on-board
 ethernet port. I'd like to use it as a Linux firewall/NAT router to
 replace the (wired only) LinkSys I have now. It only has one PCI slot,
 but I want to be able to provide both wired and wireless LAN access. I'm
 looking for both hardware suggestions (i.e. a PCI card with both wired
 and  wireless ethernet that is supported by the kernel in stable) and
 configuration help.

 Maybe not the answer that you were looking for. But seeing what your  
 requirements are, I'd simply add a two or four port ethernet card to the 
 case and plug a wireless bridge into one of the ports. This would be a 
 hassle free setup and give you all the options you need without having to 
 hunt down that probably rare or non existent card with both wireless and 
 wired. This would also give you the future proof posibility to add 
 another wireless bridge when a new and better standard is hitting the 
 market. (I love to have both 802.11b and 802.11n bridges on my network, 
 so I can have the 802.11n bridge running at its fastest setting).

Good advice. Suggestions on make/model for a multiport card supported by
the stable distribution's kernel?

 Groet,
 Peter Teunissen
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: OT: Laptop for College Bound Student?

[Gregory Seidman]

On Wed, Jun 11, 2008 at 03:55:14PM -0700, Paul Johnson wrote:
 On Wed, 2008-06-11 at 09:31 -0400, Gregory Seidman wrote:
[...]
  I love Debian, but for a laptop I'd go Mac and MacOS X every time. I'd even
  lean Mac for a desktop.
 
 I have reservations for Apple laptops in general because the input
 devices built in have, historically, sucked.  Until 1997 (and far later,
 possibly not even today, in public schools with Apple hardware), you
 couldn't find a keyboard made by Apple that had the key bumps on the
 correct (F and J) keys, only the wrong keys that only Apple and Apple
 alone seems to have put them on (D and K).  Going to school where the
 keyboards were predominantly Apple even if the hardware connected to
 them was not, and having been taught by my folks to type the right way
 on a PC keyboard in kindergarten (these computer things are probably
 going to take off, it's probably best if the boy knows how to type),
 this was especially annoying and bothersome for most of my childhood.
 
 Continuing the tradition of inferior input, MacBooks today come
 pre-crippled by lacking a proper mouse.  It's 2008, and even Apple runs
 NeXT now:  Put 3 buttons and maybe a scroll rocker on the on-board mouse
 already!

Mac input devices have come a long way. I have an older MacBook Pro in
front of me and the bumps are on F and J. It also has a nice touchpad which
maps the following:

1 finger tap = left-click
2 finger tap = right-click
1 finger drag = mouse move
2 finger drag = scroll (vertical and horizontal)

There is also the actual button for left-click or left-click-and-drag. The
touchpad can be configured to support left-click-and-drag with a
tap-then-drag but I don't like it. When I need a middle-click or
right-click-and-drag the modifier keys are sufficient (in X11, middle-click
is Option-click and right-click is Command-click). My understanding is that
the touchpad on the MacBook Air provides even better input, including
multi-touch gestural input ported from the iPhone, and that this newer
touchpad has found its way to the new MacBook Pro and maybe MacBook.

I also use a (tragically no longer manufactured) Kensington Expert Mouse
PRO trackball which has appropriate buttons that just work. In fact,
essentially any third-party USB input device Just Works. And the Mighty
Mouse that comes with desktop systems supports right-click out of the box
(though it requires changing a preference).

  At this point in time, unless money is *really* tight, I'd get a MacBook.
  $1199 gets you 2G memory, 1 year warranty, 802.11a/b/g/n,
 
 Is n ready for prime-time?  Last I heard it was still in the draft
 stages and subject to change.

I don't know.

  That's without the student discount, by the way. The student discount
  brings it down to $1089, or $1272 with AppleCare. It also comes with a free
  iPod (8GB iPod Touch or 8GB iPod Nano or you can pay an extra $100 for the
  16GB iPod Touch or $200 for the 32GB) when you buy it as a student. The
  free iPod is an online rebate thing. The student discount is available
  online, of course (look for the Education link at store.apple.com).
 
 The low price with student discount is the only reason I'm not
 eliminating it entirely from my consideration.  What would be a
 dealbreaker, though, is if I could only get it with OS X.  How much
 cheaper is it if it ships with no operating system?  I'd rather keep my
 familiar Debian.

It should not be surprising that Apple hardware is not sold without an
Apple operating system. Given that the OS sells retail for $129, and the
consensus is that Apple's business is hardware and any software is geared
toward selling hardware, the part of the bundle cost that can be attributed
to the OS and bundled apps is negligible. Of course, there is nothing
preventing you from wiping the drive and installing Debian.

You might try out MacOS X for a while first, though. I find it pleasant. I
find that with a combination of Fink (kind of like apt-get, but you wind up
treating it more like Gentoo because the binary packages are way older than
the source packages and it makes it really easy to build everything from
source packages), various free native apps, third-party X11
http://xquartz.macosforge.org/, and one self-built package (pidgin,
because Fink hasn't updated from gaim), I'm in good shape.

I still live in mainly xterms. I deal with my email by remote displaying
from my home machine (a Debian box) over ssh. I use pidgin, as I mentioned,
for IM (and integrate it with Growl using a python script that talks DBus).
I use gvim (in X11) for editing. I use native Firefox for browsing, native
X-Chat http://xchataqua.sf.net/ for IRC, bundled Preview for image and
PDF viewing, etc. Lots of good free/Free software, lots of good shareware,
lots of good commercial software if/when I need it (and when my employer is
paying for it).

This is already off-topic and veering farther off, but I want to make it
clear that I'm not recommending Apple hardware

Re: OT: Laptop for College Bound Student?

[Gregory Seidman]

On Thu, Jun 12, 2008 at 04:06:55PM +, Paul Johnson wrote:
 On Thu, 2008-06-12 at 11:54 -0400, Robert Baron wrote:
 
  Mac input devices have come a long way. I have an older
  MacBook Pro in
  front of me and the bumps are on F and J. It also has a nice
  touchpad which
  maps the following:
  
  1 finger tap = left-click
  2 finger tap = right-click
  1 finger drag = mouse move
  2 finger drag = scroll (vertical and horizontal)
 
 I believe the original design decision was to make an easier to use
 input device.  Expecting people to learn obscure mouse gestures to do
 the same thing everybody has already been doing with standard buttons is
 fundamentally contrary to that goal:  It's time Apple got around to
 admitting that and putting a reasonable pointing device on the MacBook
 in the first place.

Actually, using two fingers for the second mouse button is very natural, as
is dragging around with two fingers as if you were dragging around the area
you are looking at. I originally thought the lack of a second and third
button would really get in my way, but I took to the two-finger gestures
very quickly.

  I also use a (tragically no longer manufactured) Kensington
  Expert Mouse PRO trackball which has appropriate buttons that
  just work. In fact, essentially any third-party USB input
  device Just Works. And the Mighty Mouse that comes with
  desktop systems supports right-click out of the box (though it
  requires changing a preference).
 
 And you have to know that the secondary click is squeezing the mouse.  I
 never found that out on my own and was only informed of that last night.
 Why hide the secondary function so thoroughly?  It's like Apple is
 trying to design hardware that is as obscure to use as they accuse the
 Windows UI itself of being.

Nope, the right-click is just the same as any other two-button mouse.
Pushing the mouse down with a finger to the left of the top of the mouse is
a left-click, pushing the mouse down with a finger to the left of the top
of the mouse is a right-click. The squeeze is an entirely different
operation, and can be bound to a variety of actions. If you just use the
mouse as you are used to using a two-button mouse, it just works (assuming
you have enabled the right-click in preferences).

 Paul Johnson
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: OT: Laptop for College Bound Student?

[Gregory Seidman]

On Thu, Jun 12, 2008 at 04:39:22PM +, Paul Johnson wrote:
 On Thu, 2008-06-12 at 12:12 -0400, Gregory Seidman wrote:
  Nope, the right-click is just the same as any other two-button mouse.
  Pushing the mouse down with a finger to the left of the top of the mouse is
  a left-click, pushing the mouse down with a finger to the left of the top
  of the mouse is a right-click. The squeeze is an entirely different
  operation, and can be bound to a variety of actions. If you just use the
  mouse as you are used to using a two-button mouse, it just works (assuming
  you have enabled the right-click in preferences).
 
 Either way, it still proves my ultimate point:  Apple originally
 designed a single-button mouse to keep the learning curve as low as
 possible.  The fact we're having this much discussion over how to make
 use of modern Apple mice suggests they're failing miserably at the
 intuition part of the simple mouse.  They have managed to take
 something with very little learning curve and made it an order of
 magnitude more difficult and less obvious to use than similar competing
 products, which seems to me is counter to Apple's overall UI goals.

Actually, if you sat down to use the mouse you'd find it worked just as you
expected. Or if you plugged in a mouse you were used to. But Apple
continues to design the system around a single-button mouse to make a
friendly learning curve. You don't need a second button to interact with
Mac applications. A click-and-hold brings up contextual menus the same way
a right-click does. For those of us who expect something different,
however, that is supported as well.

It's clear to me that you are arguing this from a position of dedicated
ignorance. When was the last time you tried to use a Mac? Perhaps a trip to
an Apple store would give you some experience on which you could base your
end of this discussion. Don't forget to ask the employees at the store to
help you out. If you tell them you want to see how to use the Mighty Mouse
as a two-button mouse, they'll be happy to help set the appropriate
preference.

If you don't want to actually interact with the user input devices and user
interfaces we're discussing, I certainly can't make you. You do have to
admit to yourself, however, that dismissing it out of hand with no
experience is no different from those who say Linux is too hard or isn't
ready for the desktop without ever trying it out.

 Paul Johnson
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: OT: Laptop for College Bound Student?

[Gregory Seidman]

On Wed, Jun 11, 2008 at 08:58:53AM -0400, Thomas H. George wrote:
 The college is offering packages starting at $1,399 (Dell Latitude D630)  
 and $1,499 (Lenoveo ThinkPad T61) all with 2GB memory, 10/100/1000  
 Ethernet, Wireless, 1394 Port, Bluetooth, Vista 32Bit Business OS,  
 SmartCare/4in1 Media Card Reader and Microsoft Office 2007 Professional  
 pre-installed by certified technicians located on campus.  Three year  
 warranty and 1GB Flash Drive thrown in.

 Money is tight, of course.  If I were the student and there is a  
 modest-priced laptop with Debian and OpenOffice I'd take it in a flash.   
 I'm not the student, I'm his 79 year old grandfather and I don't want  
 him to start off at a disadvantage.  There are certainly many college  
 students and recent grads that subscribe to this list.  I would value  
 your insights.

I love Debian, but for a laptop I'd go Mac and MacOS X every time. I'd even
lean Mac for a desktop.

At this point in time, unless money is *really* tight, I'd get a MacBook.
$1199 gets you 2G memory, 1 year warranty, 802.11a/b/g/n, 1394 port,
10/100/1000 Ethernet, Bluetooth, etc. Add $249 for 3 years of AppleCare 
warranty (definitely worth it, and many credit cards will actually double
or add a year to the warranty period). NeoOffice (MacOS port of OpenOffice)
is free and works well, or you can install Debian side-by-side and use
OpenOfficee.

That's without the student discount, by the way. The student discount
brings it down to $1089, or $1272 with AppleCare. It also comes with a free
iPod (8GB iPod Touch or 8GB iPod Nano or you can pay an extra $100 for the
16GB iPod Touch or $200 for the 32GB) when you buy it as a student. The
free iPod is an online rebate thing. The student discount is available
online, of course (look for the Education link at store.apple.com).

(I do not work for Apple. I do not own Apple stock, but my wife does.)

 Tom
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Blocking Gmail ads

[Gregory Seidman]

On Thu, May 15, 2008 at 09:44:50PM -0500, Jordi Guti?rrez Hermoso wrote:
 On 15/05/2008, Gregory Seidman [EMAIL PROTECTED] wrote:
 
   Looks like Apple did terrible harm by devoting resources to improving
   the functionality and releasing them to the world, eh? Oh, but it
   isn't getting back to KHTML quickly, you say? That sometimes happens
   in a code fork.
 
 Well, the rules (LGPL) say that they have to give back the code.

No, they don't. They say that if you distribute something built with the
code, you have to release the code. There is a common misconception that
the (L)GPL forces people give their changes to the original authors (or
current maintainers). This is not supported by the actual language of the
(L)GPL, nor by the GNU Foundation's intent in creating the (L)GPL.

Furthermore, if you actually read the Free Software Definition
http://www.gnu.org/philosophy/free-sw.html you will notice that the
four freedoms listed specifically support Apple's behavior. They wanted to
run the KHTML code as a Mac web browser (freedom 0), they wanted to adapt
it to work well on the Mac (freedom 1), they wanted to distribute it with
their operating system (freedom 2), and they wanted to make it a
best-in-class web browser engine (freedom 3). 

 Which they did, in large chunks, a year later, in ways that were
 impossible to put back into KDE. They didn't break any written rules,
 just didn't act in a way that is traditional in the free software
 community. They acted like a corporation would (this is not a compliment,
 despite what the profitable == moral people think).

So the problem is that they aren't traditional? Yeah, whatever. They
produced a better, more flexible, more functional version of the library
and have consistently fulfilled and exceeded their responsibilities for
maintaining it as Free software. That they did it by taking it in-house
instead of trying to convince the people who tied it to KDE that it should
be more general is utterly irrelevant.

 Forking is generally seen as a hostile falling apart within our
 community. Forking happens with big disagreements, negative publicity,
 and internal flamewars. Xemacs vs Emacs, XFree86 vs Xorg, Funpidgin vs
 Pidgin... And I don't see Apple's forking as a friendly move either.
 And it's taken a long time for KDE to benefit from it, and in the
 meantime the whole thing caused flamewars within KDE.

It's easy for people to take offense. Apple did what it did for business
reasons, not to piss off KDE. The KDE folks didn't like that Apple made
their code way better and released it in a form that people outside of KDE
actually wanted to use? Yeah, not feeling any sympathy here. Apple took a
weird, niche browser from a bunch of not-invented-here coders and made it
good. So good that the library ON WHICH KDE IS BASED decided to incorporate
it.

Is it hostile to fork code? How about creating an independent, competing
codebase (e.g. KHTML vs. Gecko)? Again, no sympathy.

 Fiasco, I insist.
[...]

And I call bullshit.

   Not KHTML? Actually, since WebKit is part of Qt
   these days, KDE could just ditch KHTML and use WebKit instead.
 
 It's not so easy. Technical obstacles loom ahead:
 
http://www.kdedevelopers.org/node/3073

The technical obstacles there are not with ditching KHTML, but with porting
the advantages KHTML currently has over WebKit; the article doesn't go into
detail about what those advantages are. It also makes two important points:
bug-for-bug compatibility with Safari has advantages (if you're using the
same engine as a significant installed base, web sites might actually gear
content to work around your quirks instead of just ignoring you), and
pushing their patches through Qt's branch (i.e. WebKitQt) is a good
alternative to dealing with Apple's turnaround on patches. It sounds to me
like it's mostly a problem with bruised egos, for which I have (say it with
me) no sympathy.

 - Jordi G. H.
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Blocking Gmail ads

[Gregory Seidman]

On Fri, May 16, 2008 at 07:34:19AM -0500, Jordi Guti?rrez Hermoso wrote:
 On 16/05/2008, Gregory Seidman [EMAIL PROTECTED] wrote:
[...]
   That they did it by taking it in-house instead of trying to convince
   the people who tied it to KDE that it should be more general is
   utterly irrelevant.
 
 No, that's the whole point. Because they didn't work with free
 developers, they actually created a lot of strife for KDE. They took the
 code and told the kdevelopers to fork off.

There is no strife here. Apple didn't try to take over the KDE project, or
the KHTML project. They took the code and ran with it. KDE developers took
offense because they expected that anyone who improved their code would do
so with the same goals as the developers, i.e. improving KDE. That is an
unrealistic expectation. Apple didn't care about KDE and is under no
obligation, legal or ethical, to care about KDE. If the KDE developers want
to benefit from Apple's improvements to the code then they will have to put
in some effort, but they got along just fine (as far as they were
concerned) without those improvements before Apple got involved.

  It's easy for people to take offense. Apple did what it did for
  business reasons,
 
 Ah, here we go. I was waiting for the profitable==ethical slant.
 Whatever.

I never made that implication. Consider that Apple had a motivation (need a
web browser component) and had five options to get it:

1) license some non-free code from someone
2) write their own in-house and keep it closed
3) write their own in-house and release it as FOSS
4) bend an existing FOSS project to their needs
5) take FOSS code and adapt it to their needs without interfering with the
   current maintainers

Which of these is best for the FOSS community? #1 and #2 provide no value
to anyone but Apple. #3 provides arguable value, but who needs yet another
immature, competing browser engine? #4 would piss off lots of people and
probably wouldn't even work. Only #5 is both respectful of the FOSS
community and actually produces worthwhile software. And remember that the
profit motive is what makes the first two choices, which are of no value to
FOSS, less viable.

   Is it hostile to fork code? How about creating an independent, competing
   codebase (e.g. KHTML vs. Gecko)? Again, no sympathy.
 
 Competition is good. Forking fragments efforts.

Bullshit twice over. Forking builds on what already exists. Unless your
competing codebase is based on designs that are both significantly better
than what you're competing against and so fundamentally different that they
can't be accommodated by the existing codebase, a whole new codebase is a
waste of duplicated effort in *addition* to fragmenting effort. Both
forking and entirely new, competing codebases fragment effort, but at least
forking minimizes wasted effort reinventing the wheel.

  a problem with bruised egos,
 
 Did you read the article at all? It's not about egos. It really is
 *hard* to put Webkit into KDE. Apple ignored KDE's patches, and gave
 the impression that they wanted gratis employees, not collaborators.
 They didn't play nice with KDE, whatever other benefits to Webkit may
 bring to the world at large, but KDE got a lot of problems because of
 the whole thing.

Apple had no more reason to play nice with KDE than KDE had to play nice
with Apple. Their goals are completely unrelated. Apple doesn't want gratis
employees, they want *paid* employees whose vested interests are dictated
by their employer. As long as Apple and KDE have different goals then they
will not benefit one another by working together except accidentally, e.g.
through Qt. The hearts and minds behind KHTML considers it important to be
able to embed kparts in web pages to handle various content types. Apple
doesn't give a rats ass about integrating with KDE, nor should they. They
do, however, consider rich text editing a priority, and KDE isn't as
concerned about that.

I'm still not feeling sympathy for the KHTML folks. It sounds more like
*they* want the gratis employees, but paid by Apple. They want Apple to
deal with KDE's turnaround on patches instead of having to deal with
Apple's turnaround on patches. Both sides want their own release cycles and
control of the codebase. And they both have it!

As things stand, Apple has shown itself to be a better custodian of the
library, in the sense that it has greater functionality with a broader
appeal (note that those are not separate -- the functionality WebKit has
over KHTML is of broader appeal than the functionality KHTML has over
WebKit; I'm not going to open a can of worms about which one is objectively
more functional). More end users benefit from Apple's codebase than KHTML.

Should KDE simply give up control of the codebase and go with WebKitQt?
Well, it's an option, but it's really up to them. If control of the
codebase and the advantages of KHTML over WebKit are worth more to them
than the improvements in WebKit, then they are right

Re: Blocking Gmail ads

[Gregory Seidman]

On Fri, May 16, 2008 at 01:40:30PM -0400, Brian McKee wrote:
 On Fri, May 16, 2008 at 9:09 AM, Gregory Seidman [EMAIL PROTECTED] wrote:
  Apple doesn't give a rats ass about integrating with KDE, nor should
  they. They do, however, consider rich text editing a priority, and KDE
  isn't as concerned about that.
 
 This is the one statement I think could be modified - Apple doesn't
 care about about integrating with KDE, and thus lost the opportunity
 to keep reaping the benefits that the KDE guys could have provided on
 going.   I'd like to think that the companies that try harder to work
 with the existing community will do better in the long term -
 spending some of their resources on things they didn't care about
 would return them effort by others on things they do care about.

Why do corporations contribute to FOSS? Because (in their analysis) the
benefits of doing so outweigh the costs, including the opportunity cost of
pursuing another option (see my previous post on the options Apple had).
At a finer granularity, there's some analysis about *how* they will
contribute. Is the benefit of potential future improvements to the code by
the current developers worth the cost of working within the KDE community?

Remember that while cost ultimately boils down to dollars, time to market
and PR can be measured in dollars as well. Will an acceptably functioning
adaptation of the code be unacceptably delayed by going through the
existing community? On balance, is the PR issue with walking into a
community and trying to change its focus (even bearing the gift of code)
greater than the PR issue of forking it?

Also, remember the crucial difference in focus. If what the KDE guys are
working on for the foreseeable future (i.e. their stated priorities) is not
of interest, the potential future benefit of their improvements to the code
goes way down. In addition, giving up that benefit isn't really giving up
that benefit.

Just as the KDE guys can expend some effort to take improvements from
WebKit and port them to KHTML, Apple can expend some effort to take
improvements from KHTML and port them to WebKit. If there is some
improvement that is of sufficient value and is easier to port than
reimplement, you can bet that's what will happen. That kind of
cross-pollination is one of the beauties of FOSS. If KHTML is consistently
improving in ways that matter to Apple, I wouldn't be surprised to see
Apple making an effort to make the codebases converge.

Right now, cost/benefit analysis recommends a separate codebase (and
community). That can change, but it's only going to change if the KDE guys
are working on things that matter to Apple. If KDE's and Apple's interests
become aligned, there could be a convergence. Since they weren't initially
(and still aren't), there is a fork.

 There's nothing illegal or immoral about it - it's just short sighted
 to believe that the code was worth taking, but the coders weren't
 worth the effort required (in a direction they didn't care about) to
 keep them on board.

I don't think of it as taking the code without the coders. It's taking the
code without the agenda. Apple has their own agenda. Anyone willing to
follow that agenda, including people working on KHTML, are welcome; on the
other hand, Apple expects to have to pay people to follow their agenda,
which is why paid Apple employees are working on WebKit. This is the only
way they could work with the code without treading on KDE's agenda.

While many authors feel strongly that they have the right to set the agenda
for their code, that is specifically what the (L)GPL seeks to avoid. Just
as we object to being told what we can do with closed code, so should we
object to being told what we can do with Free code.

 Brian
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Blocking Gmail ads

[Gregory Seidman]

On Thu, May 15, 2008 at 06:53:26PM -0500, Jordi Guti?rrez Hermoso wrote:
 On 15 May 2008 19:40:21 -0400, Luke S Crawford [EMAIL PROTECTED] wrote:
  Jordi Guti?rrez Hermoso [EMAIL PROTECTED] writes:
...  Apple taking code without
   giving back in a usable way, or not giving back at all?
 
  see Darwin-  Apple is giving away a bunch of it's OS-level advances.
 
 I was thinking more about the KHTML/Webkit fiasco. Looks like the code
 is finally finding its way back to KDE, but Apple didn't make it easy
 to happen.
[...]

I believe what Apple did is fork the code. KHTML had code useful to Apple,
but not goals useful to Apple. They decided to call it WebKit (renaming is
allowed by the GPL/LGPL) and have been maintaining a separate code
repository. As a result, KHTML is used in exactly one environment
(Konqueror/KDE) and WebKit is used in all kinds of places (Safari, the Qt
library, Adobe AIR, Google's Android, GNOME's Epiphany, etc.).

Looks like Apple did terrible harm by devoting resources to improving the
functionality and releasing them to the world, eh? Oh, but it isn't getting
back to KHTML quickly, you say? That sometimes happens in a code fork.

I don't think this counts as a fiasco, sorry. Apple played by the rules and
it benefited everyone. (Not KHTML? Actually, since WebKit is part of Qt
these days, KDE could just ditch KHTML and use WebKit instead. Whether they
choose to or not has nothing to do with it.) Remember that forking is one
of the rights the copyleft seeks to protect.

 - Jordi G. H.
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Blocking Gmail ads

[Gregory Seidman]

On Tue, May 13, 2008 at 05:03:27PM -0500, Jordi Guti?rrez Hermoso wrote:
 I'm getting a little tired of Gmail serving me Matlab ads whenever I'm
 browsing the Octave mailing lists. That's quite obnoxious. It looks
 like it's tricky to block Google ads, since it looks like Google can
 detect when you're using Adblock and serves you ads in tables
 instead, making them harder to block.
 
 Can anyone suggest a fix? I only use Gmail for mailing lists nowadays,
 and have moved my personal email to a server in an undisclosed
 location in a remote island... ;-)
 
 I'd be happy with a solution that either blocks all Gmail ads or a
 better method to browse the 14 mailing lists I'm currently subscribed
 to, many of them high-volume. I'm beginning to miss Usenet.

I do all my web browsing through privoxy (apt-cache show privoxy). 
My adblock.action file, which does a good job of blocking lots of ads,
including gmail's, is pasted below. It also blocks a lot of web bugs and
traffic trackers. It isn't perfect, but it vastly improves my web browsing
experience.

 - Jordi G. H.
--Greg

{+block }
.247realmedia.com
.2o7.net
.adbasket.net
.adbrite.com
.adbureau.net
.adknowledge.com
.adlegend.com
.adnetwork.com
.adroll.com
.adserver.com
.adserver.yahoo.com
.adspeed.net
.adsrevenue.net
.adtech.de
.advertising.com
.afy11.com
.atdmt.com
.backbeatmedia.com
.bannerspace.com
blcadserv.shinycomics.com
blogads.com
.blogads.com
stocker.bonnint.net
.burstmedia.com
.burstnet.com
.casalemedia.com
.chitika.net
.claxonmedia.com
.clickforensics.com
.contextweb.com
.coremetrics.com
.doubleclick.net
.esomniture.com
.falkag.net
.fastclick.net
.google-analytics.com
.googlerank.info
.googlesyndication.com
.hitbox.com
.humanclick.com
.indieclick.com
.industrybrains.com
.intellitxt.com
.interclick.com
.interclick.net
.keenmercial.com
gavzad.keenspot.com
merv.keenspot.com
www.keenspot.com/premium*
.kontera.com
.lostfrog.com
.marketwatch.com
.maxserving.com
.mediaplex.com
.overture.com
.paypopup.com
.pheedo.com
.pointroll.com
.primaryads.com
.projectwonderful.com
publish.blanklabelcomics.com
.quantserve.com
.ru4.com
.edge.ru4.com
http.edge.ru4.com
.sitemeter.com
.smarttargetting.co.uk
spa.snap.com
.specificmedia.com
.statcounter.com
.tacoda.net
.textads.biz
syndication.thedailywtf.com
.trackalyzer.com
.trafficmp.com
.tribalfusion.com
.ttzmedia.com
.ugamsolutions.net
.unicast.com
.valueclick.com
.vibrantmedia.com
.web-stat.com
.xplusone.com
.yceml.net
.yieldmanager.com
.zedo.com
ss1.zedo.com
ad.
ad1.
ad2.
adremote.
adsremote.
ads.
ads1.
ads2.
adserv.
adserver.
adv.
advert.
banner.
banners.
metrics.
servedby.
stats.
stats1.
stats2.
webad.
webads.
.facebook.com/beacon/
feeds.feedburner.com/~a/
www.davidszondy.com/images/shop.gif
/(.*/)?adv/.*
/(.*/)?ads/
/(.*/)?adx/.*
/(.*/)?adserver/.*
/(.*/)?banners/.*
/(.*/)?phpAdsNew/.*
/(.*/)?RealMedia/.*
/(.*/)?dealtime_iframe.php\?.*


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Most inexpensive debian friendly laserjet printer? total cost of ownership including laserink?

[Gregory Seidman]

On Mon, May 05, 2008 at 12:58:25AM -0400, Mitchell Laks wrote:
 Hi,
 
 I tend to print out a lot of documentation on the software for projects
 that I work on. Therefore I go through alot of laserjet cartidges on my
 postscript compatible hp laserjet 1200 printer.
 
 My latest cartridge just needs to be replaced again.
 
 I am tired of paying so much money for the new laser ink cartiridges each 
 time.
 
 I have read recently a wall street analyst say that 
 'consumers are stupid - they buy printers by the cost of hardware
 not total cost of ownership'.
 
 are there any truly cheaper approaches? Can we buy a postscript laserprinter
 that is not designed to use proprietary cartridges that we must
 buy from the company at inflated prices?
[...]

If you insist on laser, I got nothing. If you'll go inkjet, I can recommend
continuous flow systems. The idea is that you don't use the expensive, tiny
cartridges, but use large bottles of ink attached to the print head via
tubes instead. You can buy the ink in very large bottles, and at good
prices. I've been quite happy with mine. See
http://mediastreet.com/site/n2.html

 Mitchell
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: svn command

[Gregory Seidman]

On Mon, Mar 31, 2008 at 03:45:49PM +0100, Rodolfo Medina wrote:
 Hi to Debian users.
 
 What package should I install in my Debian Etch system to use the `svn'
 command?  My search was not successful.

apt-get install subversion

 Thanks for any reply
 Rodolfo
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: RAID suggestions?

[Gregory Seidman]

On Tue, Mar 18, 2008 at 04:33:19PM -0500, Ron Johnson wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On 03/18/08 16:03, Damon L. Chesser wrote:
  Ron Johnson wrote:
 
  On 03/18/08 15:41, Damon L. Chesser wrote:
  [snip]
   
  changes in HD tech).  6.  I have seen dozens of catastrophic  hardware
  controller failures with complete data lost and not one mdadm failure.
  
 
  That just means you're using sucky hardware.  We've been using h/w
  controllers for 15 years, and never had a problem.
 
  Of course, they are proprietary, and from a Tier 1 vendor, cost a
  lot of money, and maintenance fees are high.
 
  But we've never lost data from a controller failure.  (And damned
  little loss from any other reason, either, since there's a 24x7
  admin staff that pays attention to drive failure lights, and
  replaces them immediately.)
 
  And that detailed care makes all the difference in the world!  Now limp
  along with a drive failure, add a controller that needs updating and
  perform the update.  Suddenly you find the meta data is unstable and
  you can not recover from it.  I have NOT seen data loss from a
  professional, on the ball data center.
 
 Well heck, no one who cares about his data would do that...  You
 replace the drive, let it rebuild, and *then* do the update.
 
 Or... don't buy sucky h/w in the first place.  If you *really* care
 about your data, you spend the extra bucks for quality h/w that has
 a competent support staff behind it.  And you pay for an adequate
 backup solution!
 
 Otherwise, you are blaming on the h/w the sins of the humans who
 bought the crummy h/w.

See, here's the thing. That I in RAID is for inexpensive. The idea is to
increase reliability on the cheap. You could engineer an amazing HD with a
MTBF rating of 150 years (hyperbole, but you get the point), but it would
be hideously expensive. Unless you are using RAID to improve I/O rather
than for redundancy, putting expensive hardware into the equation defeats
the purpose of a RAID in the first place.

Since I don't have major I/O performance requirements, just redundancy
requirements, I use software RAID. I probably always will. I know that even
if 3ware (for example -- replace with the name of your favorite HW RAID
manufacturer) goes out of business, my computer catches fire, and one of my
mirrored drives dies, I can buy an off-the-shelf system, install Debian,
and rebuild my RAID.

 Ron Johnson, Jr.
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: HTTP through SSH?

[Gregory Seidman]

On Wed, Feb 27, 2008 at 11:27:16PM +0530, Masatran, R. Deepak wrote:
 My Debian computer has a intranet IP address and cannot access the internet
 directly. I currently use a proxy server. I have a non-super-user account on
 a Fedora web server that has an intranet IP address, and an internet IP
 address. How can I use the web server account to bypass the proxy server?
 
 I looked at some webpages on tunneling, but could not adapt them to solve my
 problem. Kindly help.

ssh -D 8000 -N -f yourhost

Now set your web browser to use localhost:8000 as a SOCK4 proxy.

 Masatran, R. Deepak
--Greg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]