Re: Any idea when CVE-2016-5696 is going to get fixed?

[John T. Haggerty]

On Fri, Aug 26, 2016 at 9:11 PM, Perry E. Metzger 
wrote:

> On Fri, 26 Aug 2016 21:06:15 +0200 Frederic Marchal
>  wrote:
> > On Friday 26 August 2016 11:04:04 Perry E. Metzger wrote:
> > > According to:
> > >
> > > https://security-tracker.debian.org/tracker/CVE-2016-5696
> > >
> > > Wheezy and Jessie are still vulnerable. The attack in question is
> > > kind of bad (it allows blind injection of arbitrary data into
> > > things like http downloads) and has been known for a few weeks
> > > now to the general public.
> >
> > I don't think the issue is that bad.
> >
> > It allows an attacker to find out if you are connected to a
> > particular web site and makes it easier to interrupt the transfer
> > by sending a RST or SYN packet or inject junk data to corrupt the
> > flow. It's simple denial of service.
>
> You are completely wrong. This attack allows you to inject
> *meaningful* things into the data flow. It isn't denial of service,
> it is one of the most flexible data injection attacks in years.
>
> At the security conference where the attack was presented, as a show
> of force, the presenters demonstrated that they could hijack arbitrary
> http: connections from several US newspapers and inject whatever
> traffic they like using this.
>
> Indeed, as a bit of comedy, they used this to do their presentation!
> They had a web browser to go to a newspaper's site and injected their
> slides for the talk into the newspaper's web page return and
> presented their talk that way! You will be able watch the video
> yourself online when Usenix posts it soon.
>
> This means, for example, that you can inject javascript into the pages
> coming off of (say) a newspaper's unencrypted web site, and this
> lets you do untold mischief. With this attack, you could, for
> example, have weaponized the attacks described against iOS yesterday
> (resulting in an iOS emergency update) without getting a user to
> click on a malicious page, simply by injecting malicious javascript
> into a real page of a site hosted on a debian server. (I link to the
> report of that particular incident below, to give one a taste of the
> modern threat environment.)
>
> This is a horribly bad attack. Thinking this is nothing but denial of
> service could not be more incorrect.
>
> > But to achieve that, you must be downloading something from a web
> > site the attacker is actually targeting. The attacker must know you
> > are doing so or find out by sheer luck.
>
> "Sheer luck" isn't hard at all. There are a half dozen good ways
> understood to people in the field where you can figure out what
> sites someone is looking at regularly if you are targeting them
> without needing to listen in on their connection directly.
>
>
Having read several texts on internet security, I'd be interested in what
you are referring to. You mean compromise the physical machine they are on
to view their browser history? Break into their home? Packet sniffing?



> > The download must be long
> > enough (more than one minute) for the attacker to discover the set
> > of parameters that will make the attack successful.
>
> You've forgotten how the modern web works. People have http:
> connections live for very long periods of time, with dynamic content
> flittering back and forth over the channel. It isn't like 1996 any
> more where someone downloaded some static HTML and closed the TCP
> connection until the next page was downloaded when they clicked
> again. It hasn't been like that in a very long time.
>
>
So you are referring to the "netstat" output from the system itself? So
physically redraw the page they are on even if they haven't refreshed the
page?


> > That's unlikely to succeed on a massive scale if you ask me!
>
> You clearly didn't watch the presentation of people
> doing this attack successfully against real web pages while people
> were using them. This isn't theoretical. You should also remember
> that we're no longer in the "but who would do *that*" world. If you
> want to understand the threat model people live under now, read
>
> https://citizenlab.org/2016/08/million-dollar-dissident-
> iphone-zero-day-nso-group-uae/
>
>
Seems to be the NSA from reading about that.


> > Beside, the attacker can't possibly know what you are downloading
> > and how much data has already been downloaded. There is no way he
> > can inject anything useful into the downloaded data.
>
> Watch the real world demos. As I said, the videos are online. What
> you say is wrong.
>
> Perry
> --
> Perry E. Metzgerpe...@piermont.com
>
>

I'd love to see that as well. I don't keep up with many conferences that I
don't personally attend. Is there a cost?

-- 
"The death of one man is a tragedy, the death of 10 million is a statistic"
-- Joseph Stalin

"Omnia mutantur, nihil interit"
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_

Re: Getting fqdn, postfix, Comcast to all play nice together

[John T. Haggerty]

On Fri, Aug 26, 2016 at 7:08 PM, Mark Fletcher <mark2...@gmail.com> wrote:

>
>
> On Sat, Aug 27, 2016 at 8:38 AM John T. Haggerty <jpcoo...@gmail.com>
> wrote:
>
>> Any thoughts for or against Amazon?
>>
>>
> Please don't top post on this list, it breaks up the flow of the thread
> for people who read the thread after it's finished. The primary purpose of
> the list is to get your questions answered, but the secondary purpose is to
> help those who come after, and top posting impedes that.
>

So I need to reply to the comment block in this manner then to avoid that?
I've not heard much about that term, and it's been a while that I've used
mailing lists. I can understand however, if that's the case.


>
> Anyway, I'm a fairly heavy Amazon web services user, using multiple
> Workspaces instances (remote desktops), EC2 instances (servers), RDS
> instances (database, in my case MySQL), and Elastic Beanstalk (self-scaling
> web site). I find it performant and highly reliable. I can't vouch for the
> tech support as I haven't really had to use them. They have a user forum
> which is not terrible but not great. The documentation can be a bit
> frustrating but if you are willing to devote the time to wading through the
> adverto-babble the information is there.
>
> Interesting so, the "Workspace" is basically like a vnc into the computer
you could access from ec2 but entirely separate and used for
desktop/non-server use? If so that would be theoretically awesome for some
interesting cases. It could help me not to have to pony up the dough to
Microsoft et all directly for a piece of software I may not use all the
time, not to mention doing interesting interactive things.

Beanstalk sounds interesting as well but almost overlapping ec2, almost
like ec2 on demand just for apache I would guess.



> All that sets me back about $250 a month. No doubt not the cheapest but
> you have to decide if what you want is cheap or good -- you don't typically
> get both, except sometimes temporarily by luck.
>
> Mark
>


Nice, but I guess you must get some sort of residual income from that
otherwise it wouldn't be important? Good to know that would show a real
world use case to give me an idea.


-- 
"The death of one man is a tragedy, the death of 10 million is a statistic"
-- Joseph Stalin

"Omnia mutantur, nihil interit"
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_

Re: Getting fqdn, postfix, Comcast to all play nice together

[John T. Haggerty]

I like that. I'm worried about one of the requirements here (under "Things
you will need"):

"

   - A  permanent *internet connection *and an* IP address* for your mail
   server that does not change. The IP address should *not be blacklisted* on
   the internet. Check the IP address at web sites like
   http://www.anti-abuse.org/multi-rbl-check/ or http://rbl-check.org/. If
   your IP address shows up on black lists then other mail servers on the
   internet will likely refuse your emails or consider them spam."

Out of curiosity I ran against the second website and tried to see if the
present IP the router has has an issue. So far only two marginal servers
have an issue with the current one out of what looks like (about) dozens.
I'm currently on a "free" year trial of Amazon EC2 from AWS. I was
concerned about the costs. Compared to others. It looks like this could be
done for under 15.00 USD for a cost. Any thoughts for or against Amazon?

On Fri, Aug 26, 2016 at 5:57 AM, メット <m...@pmars.jp> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
>
>
> On 2016年8月25日 18:15:48 JST, "John T. Haggerty" <jpcoo...@gmail.com> wrote:
> >I have the following issue (seems to be common although my details seem
> >to
> >differ):
> >
> >1. I recently registered a new domain as WWW.whatever.org or whatever.
> >
> >2. Postfix gets installed.
> >
> >3. "Internet site " is enabled fqdn added.
> >
> >4. Email cannot be sent out to my Gmail address since it magically
> >"times
> >out" when contacting the servers (even though telnetting to mine and
> >Gmail's works fine at port 25)
> >
> >5. In theory thus should mean that they aren't blocking 25, and it
> >should
> >work.
> >
> >6. In the core wiki for Postfix I have the MX record of my server
> >updated
> >from the registrar to mail.whatever.org (pita since it's dynamic and
> >not
> >static).
> >
> >7. I want to avoid using gmail's smtp and comcast's servers since I'd
> >love
> >to host this on my own.
> >
> >How can this be accomplished in Debian (not Ubuntu, or something else)?
> >(I
> >get irritated at Ubuntu specific explanations {which usually don't
> >work}
> >getting all the search results)
> >
> >Any help would be appreciated as I spent ~3 days of work and wiping the
> >entire OS in case I went wrong somewhere.
>
>
> Hi,
> Try the following site, they have well explained tut:
> workaround.org
> HTH
> -BEGIN PGP SIGNATURE-
> Version: APG v1.1.1
>
> iQE9BAEBCgAnBQJXwC6RIBxNZXR0IEhlbF9LZWl0YWkgPG1ldHRAcG1hcnMuanA+
> AAoJEPao4OPC92NkC9QH/1iM8M4M/lARITPasXVl0+2ugl6SDozrobu2Iiwr6Iqo
> uDA1LNuGViX5yaF3ozA5X2krRj1EqadGVnQXs/iIh390YbJPFIRmD47nfnMzl9FR
> VKSE/RnZIdyDhfrUEmX6TOm8OrT1cwocPdh/TNwtdWpsaWJ4lZIMPP5J3VX+ovVz
> BjNqzvggrRxTsqY8NT4Da4OVha3UH4ptjXW215jmPKM0XIrKHEL4vO/TUVw5xal3
> AFhkmwNatoCaJuS8g+B675JKKmu3TG449+V9GsRcm9sPM0mTLFxYfulrX/p8P5n+
> 8pv2wSm1uTLmYMpE9sfCmQRGgDLqTIpdeZvjxrxbjPc=
> =v8BH
> -END PGP SIGNATURE-
>
>


-- 
"The death of one man is a tragedy, the death of 10 million is a statistic"
-- Joseph Stalin

"Omnia mutantur, nihil interit"
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_

Re: Getting fqdn, postfix, Comcast to all play nice together

[John T. Haggerty]

I have been able to create websites, and am able to use the fqdn to show up
my web page I have hosed on the server. I just have to have ddclient update
the ip address with the dns settings. I just have the box NATed behind the
router.

On Fri, Aug 26, 2016 at 4:47 PM, emetib <chadbra...@gmail.com> wrote:

> On Thursday, August 25, 2016 at 4:20:05 AM UTC-5, John T. Haggerty wrote:
> > I have the following issue (seems to be common although my details seem
> to differ):
> >
> > 1. I recently registered a new domain as WWW.whatever.org or whatever.
> >
> > 2. Postfix gets installed.
> >
> > 3. "Internet site " is enabled fqdn added.
> >
> > 4. Email cannot be sent out to my Gmail address since it magically
> "times out" when contacting the servers (even though telnetting to mine and
> Gmail's works fine at port 25)
> >
> > 5. In theory thus should mean that they aren't blocking 25, and it
> should work.
> >
> > 6. In the core wiki for Postfix I have the MX record of my server
> updated from the registrar to mail.whatever.org (pita since it's dynamic
> and not static).
> >
> > 7. I want to avoid using gmail's smtp and comcast's servers since I'd
> love to host this on my own.
> >
> > How can this be accomplished in Debian (not Ubuntu, or something else)?
> (I get irritated at Ubuntu specific explanations {which usually don't work}
> getting all the search results)
> >
> > Any help would be appreciated as I spent ~3 days of work and wiping the
> entire OS in case I went wrong somewhere.
>
> from what i have read in the past it's comcast(cable providers in general)
> that have their ports closed for people trying to run mail servers on home
> accounts, business accounts can have them.
>
> you could try to have your dynamic hostname provider send your incoming
> mail to a different port and then just configure your postfix to listen
> there.  this might also work for your outgoing, yet not sure.
>
> check with comcast blocking what ports.  sometimes they will block
> 80(http) also.
>
> good luck.
>
>


-- 
"The death of one man is a tragedy, the death of 10 million is a statistic"
-- Joseph Stalin

"Omnia mutantur, nihil interit"
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_

Re: Getting fqdn, postfix, Comcast to all play nice together

[John T. Haggerty]

So how do you dynamically specify getting a connection to be secured or
not. If it's only Gmail, why van I telnet to their port and get their mail
server?

Seems counterintuitive.

On Aug 25, 2016 5:54 AM, "Mark Fletcher" <mark2...@gmail.com> wrote:

>
> On Thu, 25 Aug 2016 at 18:16, John T. Haggerty <jpcoo...@gmail.com> wrote:
>
>> I have the following issue (seems to be common although my details seem
>> to differ):
>>
>> 1. I recently registered a new domain as WWW.whatever.org or whatever.
>>
>> 2. Postfix gets installed.
>>
>> 3. "Internet site " is enabled fqdn added.
>>
>> 4. Email cannot be sent out to my Gmail address since it magically "times
>> out" when contacting the servers (even though telnetting to mine and
>> Gmail's works fine at port 25)
>>
>> 5. In theory thus should mean that they aren't blocking 25, and it should
>> work.
>>
>> 6. In the core wiki for Postfix I have the MX record of my server updated
>> from the registrar to mail.whatever.org (pita since it's dynamic and not
>> static).
>>
>> 7. I want to avoid using gmail's smtp and comcast's servers since I'd
>> love to host this on my own.
>>
>> How can this be accomplished in Debian (not Ubuntu, or something else)?
>> (I get irritated at Ubuntu specific explanations {which usually don't work}
>> getting all the search results)
>>
>> Any help would be appreciated as I spent ~3 days of work and wiping the
>> entire OS in case I went wrong somewhere.
>>
> Gmail doesn't block port 25 but they do refuse all non-secured attempts to
> connect.
>
> Mark
>

Getting fqdn, postfix, Comcast to all play nice together

[John T. Haggerty]

I have the following issue (seems to be common although my details seem to
differ):

1. I recently registered a new domain as WWW.whatever.org or whatever.

2. Postfix gets installed.

3. "Internet site " is enabled fqdn added.

4. Email cannot be sent out to my Gmail address since it magically "times
out" when contacting the servers (even though telnetting to mine and
Gmail's works fine at port 25)

5. In theory thus should mean that they aren't blocking 25, and it should
work.

6. In the core wiki for Postfix I have the MX record of my server updated
from the registrar to mail.whatever.org (pita since it's dynamic and not
static).

7. I want to avoid using gmail's smtp and comcast's servers since I'd love
to host this on my own.

How can this be accomplished in Debian (not Ubuntu, or something else)? (I
get irritated at Ubuntu specific explanations {which usually don't work}
getting all the search results)

Any help would be appreciated as I spent ~3 days of work and wiping the
entire OS in case I went wrong somewhere.

Re: Failure to install request-tracker4 in Jessie Newest

[John T. Haggerty]

I really hope I don't have to mess around with the source in this case,
because in theory Debian has this already from the package I installed
right?

I'm referring to the following citation:
https://www.question-defense.com/2009/12/29/invalid-command-fastcgiexternalserver-perhaps-misspelled-or-defined-by-a-module-not-included-in-the-server-configuration


On Thu, Apr 7, 2016 at 4:10 PM, John T. Haggerty <jpcoo...@gmail.com> wrote:

> So I was able to get into the advice on these installations but it seems
> that I've hit another snag on this, namely activating fast cgi, and getting
> it to be loaded by RT. Apparently fastcgi is installed in Apache, but
> getting Apache to load RT's call to fastcgi (? I guess) is failing.
>
> The apache.conf is below:
>
> # This is the main Apache server configuration file.  It contains the
> # configuration directives that give the server its instructions.
> # See http://httpd.apache.org/docs/2.4/ for detailed information about
> # the directives and /usr/share/doc/apache2/README.Debian about Debian
> specific
> # hints.
> #
> #
> # Summary of how the Apache 2 configuration works in Debian:
> # The Apache 2 web server configuration in Debian is quite different to
> # upstream's suggested way to configure the web server. This is because
> Debian's
> # default Apache2 installation attempts to make adding and removing
> modules,
> # virtual hosts, and extra configuration directives as flexible as
> possible, in
> # order to make automating the changes and administering the server as
> easy as
> # possible.
>
> # It is split into several files forming the configuration hierarchy
> outlined
> # below, all located in the /etc/apache2/ directory:
> #
> #   /etc/apache2/
> #   |-- apache2.conf
> #   |   `--  ports.conf
> #   |-- mods-enabled
> #   |   |-- *.load
> #   |   `-- *.conf
> #   |-- conf-enabled
> #   |   `-- *.conf
> #   `-- sites-enabled
> #   `-- *.conf
> #
> #
> # * apache2.conf is the main configuration file (this file). It puts the
> pieces
> #   together by including all remaining configuration files when starting
> up the
> #   web server.
> #
> # * ports.conf is always included from the main configuration file. It is
> #   supposed to determine listening ports for incoming connections which
> can be
> #   customized anytime.
> #
> # * Configuration files in the mods-enabled/, conf-enabled/ and
> sites-enabled/
> #   directories contain particular configuration snippets which manage
> modules,
> #   global configuration fragments, or virtual host configurations,
> #   respectively.
> #
> #   They are activated by symlinking available configuration files from
> their
> #   respective *-available/ counterparts. These should be managed by using
> our
> #   helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf.
> See
> #   their respective man pages for detailed information.
> #
> # * The binary is called apache2. Due to the use of environment variables,
> in
> #   the default configuration, apache2 needs to be started/stopped with
> #   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly
> will not
> #   work with the default configuration.
>
>
> # Global configuration
> #
>
> #
> # ServerRoot: The top of the directory tree under which the server's
> # configuration, error, and log files are kept.
> #
> # NOTE!  If you intend to place this on an NFS (or otherwise network)
> # mounted filesystem then please read the Mutex documentation (available
> # NOTE!  If you intend to place this on an NFS (or otherwise network)
> # mounted filesystem then please read the Mutex documentation (available
> # at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
> # you will save yourself a lot of trouble.
> #
> # Do NOT add a slash at the end of the directory path.
> #
> #ServerRoot "/etc/apache2"
>
> #
> # The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
> #
> Mutex file:${APACHE_LOCK_DIR} default
>
> #
> # PidFile: The file in which the server should record its process
> # identification number when it starts.
> # This needs to be set in /etc/apache2/envvars
> #
> PidFile ${APACHE_PID_FILE}
>
> #
> # Timeout: The number of seconds before receives and sends time out.
> #
> Timeout 300
>
> #
> # KeepAlive: Whether or not to allow persistent connections (more than
> # one request per connection). Set to "Off" to deactivate.
> #
> KeepAlive On
>
> #
> # MaxKeepAliveRequests: The maximum number of requests to allow
> # during a persistent connection.

Re: Failure to install request-tracker4 in Jessie Newest

[John T. Haggerty]

So I was able to get into the advice on these installations but it seems
that I've hit another snag on this, namely activating fast cgi, and getting
it to be loaded by RT. Apparently fastcgi is installed in Apache, but
getting Apache to load RT's call to fastcgi (? I guess) is failing.

The apache.conf is below:

# This is the main Apache server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian
specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because
Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as
possible, in
# order to make automating the changes and administering the server as easy
as
# possible.

# It is split into several files forming the configuration hierarchy
outlined
# below, all located in the /etc/apache2/ directory:
#
#   /etc/apache2/
#   |-- apache2.conf
#   |   `--  ports.conf
#   |-- mods-enabled
#   |   |-- *.load
#   |   `-- *.conf
#   |-- conf-enabled
#   |   `-- *.conf
#   `-- sites-enabled
#   `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the
pieces
#   together by including all remaining configuration files when starting
up the
#   web server.
#
# * ports.conf is always included from the main configuration file. It is
#   supposed to determine listening ports for incoming connections which
can be
#   customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and
sites-enabled/
#   directories contain particular configuration snippets which manage
modules,
#   global configuration fragments, or virtual host configurations,
#   respectively.
#
#   They are activated by symlinking available configuration files from
their
#   respective *-available/ counterparts. These should be managed by using
our
#   helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
#   their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables,
in
#   the default configuration, apache2 needs to be started/stopped with
#   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly
will not
#   work with the default configuration.


# Global configuration
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE!  If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# NOTE!  If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at );
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:${APACHE_LOCK_DIR} default

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5


# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups On

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a 
# container, error messages relating to that virtual host will be
# If you do not specify an ErrorLog directive within a 
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error 

Re: Failure to install request-tracker4 in Jessie Newest

[John T. Haggerty]

That was able to work, however at the moment I've run into an issue that I
think I had years before namely the inability of the base installation
(even with the questions that the system asks during configuration of
request-tracker4) failing to give anything but a 404 error when hitting up
localhost/rt. I can get the basic apache page under localhost however.

So far the tutorials seem to be tailored for anything other than debian, or
a "it worked,no problems" response from most of them.

Ideas?

On Wed, Apr 6, 2016 at 4:36 PM, Christian Seiler <christ...@iwakd.de> wrote:

> Hi,
>
> On 04/07/2016 12:14 AM, John T. Haggerty wrote:
> > deb cdrom:[Debian GNU/Linux 8.3.0 _Jessie_ - Official amd64 DVD Binary-1
> > 20160123-19:03]/ jessie contrib main
> >
> > deb cdrom:[Debian GNU/Linux 8.3.0 _Jessie_ - Official amd64 DVD Binary-2
> > 20160123-19:03]/ jessie contrib main
> >
> > deb cdrom:[Debian GNU/Linux 8.3.0 _Jessie_ - Official amd64 DVD Binary-3
> > 20160123-19:03]/ jessie contrib main
>
> So here you still have the DVDs as your primary archive source, and no
> network mirror. This is possible to do, but if for any reason you (or
> something you ran where you didn't necessarily know the side effects
> of) deleted your /var/lib/apt/lists/ at some point, apt-get update will
> not automatically restore the package lists from the CDs.
>
> You have two options:
>
> A. Switch over to use a network mirror for installations. In that case,
> remove the cdrom lines (but _only_ the cdrom lines) and add something
> like the following to your sources.list:
> deb http://httpredir.debian.org/debian jessie main
> Then run apt-get update again.
>
> B. Continue using the DVDs, but have APT re-read the lists of packages.
> For that, also remove the cdrom lines, and then run the following
> command:
> apt-cdrom add
> It will prompt you to insert the DVD. After it has copied the list
> from the DVD and you get the command line back, run it again and repeat
> the process for all 3 DVDs. Then run apt-get update again.
>
> After either of these procedures, you should be able to install the
> package you wanted to install.
>
> IMPORTANT:
>
> There's a subtle difference between both of the methods: the network
> mirrors carry only the _latest_  Jessie point release, which is now
> 8.4. So if you add a network mirror, there will be a few upgrades
> available and you'll upgrade to that next point release. If you stick
> with the DVDs, you'll remain on 8.3 with the exception of security
> updates, which you have enabled.
>
> > # jessie-updates, previously known as 'volatile'
> > # A network mirror was not selected during install.  The following
> entries
> > # are provided as examples, but you should amend them as appropriate
> > # for your mirror of choice.
> > #
> > # deb http://ftp.debian.org/debian/ jessie-updates main contrib
> > # deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
> > # wheezy-backports
> > deb http://ftp.debian.org/debian/ wheezy-backports main
>
> This has nothing to do with your problem, but I would not recommend
> using wheezy-backports in combination with Jessie. (It shouldn't
> hurt, as all packages in wheezy-backports should also be in jessie
> in basically the same version, but it's not what you should have
> there.) If you need backports _for_ jessie, replace that with
> jessie-backports. See http://backports.debian.org/ and
> http://backports.debian.org/Instructions/ for details.
>
> Regards,
> Christian
>
>


-- 
"The death of one man is a tragedy, the death of 10 million is a statistic"
-- Joseph Stalin

"Omnia mutantur, nihil interit"
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_

Re: Failure to install request-tracker4 in Jessie Newest

[John T. Haggerty]

The update commend as root updated the list and the like, Reattempting the
install also failed.

The contents are:

#

# deb cdrom:[Debian GNU/Linux 8.3.0 _Jessie_ - Official amd64 DVD Binary-1
20160123-19:03]/ jessie contrib main

deb cdrom:[Debian GNU/Linux 8.3.0 _Jessie_ - Official amd64 DVD Binary-1
20160123-19:03]/ jessie contrib main

deb cdrom:[Debian GNU/Linux 8.3.0 _Jessie_ - Official amd64 DVD Binary-2
20160123-19:03]/ jessie contrib main

deb cdrom:[Debian GNU/Linux 8.3.0 _Jessie_ - Official amd64 DVD Binary-3
20160123-19:03]/ jessie contrib main

deb http://security.debian.org/ jessie/updates main contrib
deb-src http://security.debian.org/ jessie/updates main contrib

# jessie-updates, previously known as 'volatile'
# A network mirror was not selected during install.  The following entries
# are provided as examples, but you should amend them as appropriate
# for your mirror of choice.
#
# deb http://ftp.debian.org/debian/ jessie-updates main contrib
# deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
# wheezy-backports
deb http://ftp.debian.org/debian/ wheezy-backports main
On Apr 6, 2016 14:26, "Christian Seiler" <christ...@iwakd.de> wrote:

> On 04/06/2016 10:23 PM, John T. Haggerty wrote:
> > There is a /etc/apt/sources.list.d/ but only have a chrome.txt or
> something
> > like that in there.
>
> That's good to know, but that doesn't answer my other questions: what
> is the contents of your /etc/apt/sources.list (without .d) and what
> happens when you do the following as root?
>
> apt-get update
>
> Without that information, we won't be able to help you.
>
> Regards,
> Christian
>
>

Re: Failure to install request-tracker4 in Jessie Newest

[John T. Haggerty]

There is a /etc/apt/sources.list.d/ but only have a chrome.txt or something
like that in there.

On Wed, Apr 6, 2016 at 2:18 PM, Christian Seiler <christ...@iwakd.de> wrote:

> On 04/06/2016 10:12 PM, John T. Haggerty wrote:
> > I would like to get request tracker working but the main package fails to
> > install. I am getting the following errors: [...]
> >
> >  request-tracker4 : Depends: libhtml-mason-perl (>= 1:1.43) which is a
> > virtual package.
>
> libhtml-mason-perl is not actually a virtual package - and the only
> way APT would think that is if you don't have an APT source that
> includes it, but you do have another APT source that references it.
>
> Since the current version of request-tracker4 is available in both
> the main Debian archive as well as the security repository (because
> of a security update from last August, see DSA 3335-1), my suspicion
> is that you _only_ have the security archive enabled in your
> sources.list _or_ the download of the main sources.list failed for
> some reason.
>
> Therefore, answers to the following questions will allow us to figure
> out what is wrong on your system:
>
>  - what is your /etc/apt/sources.list?
>(Also, are there files in /etc/apt/sources.list.d?)
>  - what happens if you do "apt-get update" or "apt update" or
>"aptitude update"?
>
> Regards,
> Christian
>
>


-- 
"The death of one man is a tragedy, the death of 10 million is a statistic"
-- Joseph Stalin

"Omnia mutantur, nihil interit"
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_


sources.list
Description: Binary data

Failure to install request-tracker4 in Jessie Newest

[John T. Haggerty]

I would like to get request tracker working but the main package fails to
install. I am getting the following errors:

sudo aptitude install request-tracker4
The following NEW packages will be installed:
  request-tracker4{b}
0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 3,071 kB of archives. After unpacking 22.9 MB will be used.
The following packages have unmet dependencies:
 request-tracker4 : Depends: libhtml-mason-perl (>= 1:1.43) which is a
virtual package.
Depends: libapache-session-perl (>= 1.53) which is a
virtual package.
Depends: libdbix-searchbuilder-perl (>= 1.66) but it is
not going to be installed.
Depends: liblocale-maketext-fuzzy-perl (>= 0.11) which
is a virtual package.
Depends: libtext-wikiformat-perl which is a virtual
package.
Depends: libmodule-versions-report-perl (>= 1.03) which
is a virtual package.
Depends: libtree-simple-perl (>= 1.04) which is a
virtual package.
Depends: libperlio-eol-perl which is a virtual package.
Depends: libdata-ical-perl which is a virtual package.
Depends: libhtml-quoted-perl which is a virtual package.
Depends: libtext-password-pronounceable-perl which is a
virtual package.
Depends: libregexp-common-net-cidr-perl which is a
virtual package.
Depends: libregexp-ipv6-perl which is a virtual package.
Depends: libcgi-psgi-perl (>= 0.12) which is a virtual
package.
Depends: libhtml-mason-psgihandler-perl (>= 0.52) which
is a virtual package.
Depends: libdata-guid-perl which is a virtual package.
Depends: libhtml-formattext-withlinks-perl (>= 0.14)
which is a virtual package.
Depends: libhtml-formattext-withlinks-andtables-perl
which is a virtual package.
Depends: libcrypt-x509-perl which is a virtual package.
Depends: libcss-squish-perl which is a virtual package.
The following actions will resolve these dependencies:

 Keep the following packages at their current version:
1) request-tracker4 [Not Installed]



Accept this solution? [Y/n/q/?] q


There is no other "solution" aside from quiting. For some bizarre reason
those packages seem to not exist as names :(

Any help would be appreciated in advance.

-- 
"The death of one man is a tragedy, the death of 10 million is a statistic"
-- Joseph Stalin

"Omnia mutantur, nihil interit"
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_

Fwd: new laptop: DVD or Blu-ray

[John T. Haggerty]

Future proofing mostly. Blueray drives should be backwards compatible with
DVD.

-- Forwarded message -
From: ken geb...@mousecar.com
Date: Thu, Aug 20, 2015, 04:54
Subject: new laptop: DVD or Blu-ray
To: CentOS mailing list cen...@centos.org, Debian Users 
debian-user@lists.debian.org


One of the build options for a laptop I'm looking at buying is DVD vs
Blu-Ray.  I've never used Blue-ray before, so is there some compelling
reason, as a Linux guy, to want to get Blu-ray?

Re: Issues with openvpn and virtualbox as the sole networking provider

[John T. Haggerty]

Hopefully my replies are being received. I would hate to think that there
is another issue as well :-( presently I have got the BP and to the point
where I can ping the VPNs specific IP address I don't have any other
internet connection to the entire guest image after the connection is made
aside from this. I'm not sure why there's such an asymmetry between Android
version of this process and Linux version since they have some of the same
utilities in much the same internal structure. if I'm leaving information
out the necessary I'd love to know what I have to provide.
On May 21, 2015 10:24 AM, John T. Haggerty jpcoo...@gmail.com wrote:

 It seems that this could get fixed fairly easily as this must happen a
 great deal
 On May 20, 2015 18:31, John T. Haggerty jpcoo...@gmail.com wrote:

 Also this workaround fails to work

 http://www.blackmoreops.com/2015/03/01/setup-vpn-on-kali-linux/ Again
 provider agnostic

 On Wed, May 20, 2015 at 6:28 PM, John T. Haggerty jpcoo...@gmail.com
 wrote:

 For example here
 http://www.ibvpn.com/billing/knowledgebase/50/Set-up-the-PPTP-VPN-connection-on-Linux-Network-Manager-GUI.html
 fails to work for me on Debian gnome. This is not the provider in question
 however.

 On Tue, May 19, 2015 at 2:31 PM, John T. Haggerty jpcoo...@gmail.com
 wrote:

 I don't know if I am able to convey this correctly but here goes:

 I have been using Linux for a while but had a hiatus of about 10 years
 so it's been a slow requisition of learned skills. To that end I was
 thrilled that VirtualBox technology came out recently in order to give this
 a much easier time in connecting to the network and using operating systems
 seamlessly.

 I installed the virtual box package and got the newest Debian DVD ISO
 and was able to get it all installed from what looks like a complete
 install. My issues are with my VPN provider that I use. They provide all
 the configuration on their end so I have no need to be able to offer server
 configs and the like nor can I randomly copy files over. I have a oven
 file, a .crt or certification file and of course my username and password.
 This seems to be good enough to get my android devices connected with a
 port of ovpn.

 The issues are with getting networking to recognize the vpn as the sole
 transparent provider on the instance end. It can initialize and create the
 tun0. I tried to get this configured but it seems that getting this done
 assumes several things which are not accurate in my case:

 1. I want to run both a client and server and have complete access to
 both (the provider I work with handles all the server stuff and I don't
 have to do that, and it technically works without it).

 2. All the key generation, random other stuff that the wiki assumes is
 required is apparently not required.

 3. I'm not able to get any documentation from the net that seems to
 disagree with my need to do this at all (Google searches keep
 re-referencing the document with every single re-phrasing of the request I
 need).

 4. I tried to mess with iptables and the like and get that to work
 which only succeeded in shutting off all access to websites that I tried to
 use

 5. No one has apparently had any issues with Network Manger or it's kin
 that weren't easily solved, and or have never used the virtualization
 technology.g

 I'm sure I have to check things out but I need to know if anyone has
 done this before, what else I need to share (and what I can and must keep
 private due to not wanting to void my privacy)

 Thanks for the help

 --
 The death of one man is a tragedy, the death of 10 million is a
 statistic -- Joseph Stalin

 Omnia mutantur, nihil interit
 (Translation:
 Everything changes, nothing is lost.)
 -- Ovid, _Metamorphoses_




 --
 The death of one man is a tragedy, the death of 10 million is a
 statistic -- Joseph Stalin

 Omnia mutantur, nihil interit
 (Translation:
 Everything changes, nothing is lost.)
 -- Ovid, _Metamorphoses_




 --
 The death of one man is a tragedy, the death of 10 million is a
 statistic -- Joseph Stalin

 Omnia mutantur, nihil interit
 (Translation:
 Everything changes, nothing is lost.)
 -- Ovid, _Metamorphoses_

Re: Issues with openvpn and virtualbox as the sole networking provider

[John T. Haggerty]

It seems that this could get fixed fairly easily as this must happen a
great deal
On May 20, 2015 18:31, John T. Haggerty jpcoo...@gmail.com wrote:

 Also this workaround fails to work

 http://www.blackmoreops.com/2015/03/01/setup-vpn-on-kali-linux/ Again
 provider agnostic

 On Wed, May 20, 2015 at 6:28 PM, John T. Haggerty jpcoo...@gmail.com
 wrote:

 For example here
 http://www.ibvpn.com/billing/knowledgebase/50/Set-up-the-PPTP-VPN-connection-on-Linux-Network-Manager-GUI.html
 fails to work for me on Debian gnome. This is not the provider in question
 however.

 On Tue, May 19, 2015 at 2:31 PM, John T. Haggerty jpcoo...@gmail.com
 wrote:

 I don't know if I am able to convey this correctly but here goes:

 I have been using Linux for a while but had a hiatus of about 10 years
 so it's been a slow requisition of learned skills. To that end I was
 thrilled that VirtualBox technology came out recently in order to give this
 a much easier time in connecting to the network and using operating systems
 seamlessly.

 I installed the virtual box package and got the newest Debian DVD ISO
 and was able to get it all installed from what looks like a complete
 install. My issues are with my VPN provider that I use. They provide all
 the configuration on their end so I have no need to be able to offer server
 configs and the like nor can I randomly copy files over. I have a oven
 file, a .crt or certification file and of course my username and password.
 This seems to be good enough to get my android devices connected with a
 port of ovpn.

 The issues are with getting networking to recognize the vpn as the sole
 transparent provider on the instance end. It can initialize and create the
 tun0. I tried to get this configured but it seems that getting this done
 assumes several things which are not accurate in my case:

 1. I want to run both a client and server and have complete access to
 both (the provider I work with handles all the server stuff and I don't
 have to do that, and it technically works without it).

 2. All the key generation, random other stuff that the wiki assumes is
 required is apparently not required.

 3. I'm not able to get any documentation from the net that seems to
 disagree with my need to do this at all (Google searches keep
 re-referencing the document with every single re-phrasing of the request I
 need).

 4. I tried to mess with iptables and the like and get that to work which
 only succeeded in shutting off all access to websites that I tried to use

 5. No one has apparently had any issues with Network Manger or it's kin
 that weren't easily solved, and or have never used the virtualization
 technology.g

 I'm sure I have to check things out but I need to know if anyone has
 done this before, what else I need to share (and what I can and must keep
 private due to not wanting to void my privacy)

 Thanks for the help

 --
 The death of one man is a tragedy, the death of 10 million is a
 statistic -- Joseph Stalin

 Omnia mutantur, nihil interit
 (Translation:
 Everything changes, nothing is lost.)
 -- Ovid, _Metamorphoses_




 --
 The death of one man is a tragedy, the death of 10 million is a
 statistic -- Joseph Stalin

 Omnia mutantur, nihil interit
 (Translation:
 Everything changes, nothing is lost.)
 -- Ovid, _Metamorphoses_




 --
 The death of one man is a tragedy, the death of 10 million is a
 statistic -- Joseph Stalin

 Omnia mutantur, nihil interit
 (Translation:
 Everything changes, nothing is lost.)
 -- Ovid, _Metamorphoses_

Re: Issues with openvpn and virtualbox as the sole networking provider

[John T. Haggerty]

Also this workaround fails to work

http://www.blackmoreops.com/2015/03/01/setup-vpn-on-kali-linux/ Again
provider agnostic

On Wed, May 20, 2015 at 6:28 PM, John T. Haggerty jpcoo...@gmail.com
wrote:

 For example here
 http://www.ibvpn.com/billing/knowledgebase/50/Set-up-the-PPTP-VPN-connection-on-Linux-Network-Manager-GUI.html
 fails to work for me on Debian gnome. This is not the provider in question
 however.

 On Tue, May 19, 2015 at 2:31 PM, John T. Haggerty jpcoo...@gmail.com
 wrote:

 I don't know if I am able to convey this correctly but here goes:

 I have been using Linux for a while but had a hiatus of about 10 years so
 it's been a slow requisition of learned skills. To that end I was thrilled
 that VirtualBox technology came out recently in order to give this a much
 easier time in connecting to the network and using operating systems
 seamlessly.

 I installed the virtual box package and got the newest Debian DVD ISO and
 was able to get it all installed from what looks like a complete install.
 My issues are with my VPN provider that I use. They provide all the
 configuration on their end so I have no need to be able to offer server
 configs and the like nor can I randomly copy files over. I have a oven
 file, a .crt or certification file and of course my username and password.
 This seems to be good enough to get my android devices connected with a
 port of ovpn.

 The issues are with getting networking to recognize the vpn as the sole
 transparent provider on the instance end. It can initialize and create the
 tun0. I tried to get this configured but it seems that getting this done
 assumes several things which are not accurate in my case:

 1. I want to run both a client and server and have complete access to
 both (the provider I work with handles all the server stuff and I don't
 have to do that, and it technically works without it).

 2. All the key generation, random other stuff that the wiki assumes is
 required is apparently not required.

 3. I'm not able to get any documentation from the net that seems to
 disagree with my need to do this at all (Google searches keep
 re-referencing the document with every single re-phrasing of the request I
 need).

 4. I tried to mess with iptables and the like and get that to work which
 only succeeded in shutting off all access to websites that I tried to use

 5. No one has apparently had any issues with Network Manger or it's kin
 that weren't easily solved, and or have never used the virtualization
 technology.g

 I'm sure I have to check things out but I need to know if anyone has done
 this before, what else I need to share (and what I can and must keep
 private due to not wanting to void my privacy)

 Thanks for the help

 --
 The death of one man is a tragedy, the death of 10 million is a
 statistic -- Joseph Stalin

 Omnia mutantur, nihil interit
 (Translation:
 Everything changes, nothing is lost.)
 -- Ovid, _Metamorphoses_




 --
 The death of one man is a tragedy, the death of 10 million is a
 statistic -- Joseph Stalin

 Omnia mutantur, nihil interit
 (Translation:
 Everything changes, nothing is lost.)
 -- Ovid, _Metamorphoses_




-- 
The death of one man is a tragedy, the death of 10 million is a statistic
-- Joseph Stalin

Omnia mutantur, nihil interit
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_

Re: Issues with openvpn and virtualbox as the sole networking provider

[John T. Haggerty]

For example here
http://www.ibvpn.com/billing/knowledgebase/50/Set-up-the-PPTP-VPN-connection-on-Linux-Network-Manager-GUI.html
fails to work for me on Debian gnome. This is not the provider in question
however.

On Tue, May 19, 2015 at 2:31 PM, John T. Haggerty jpcoo...@gmail.com
wrote:

 I don't know if I am able to convey this correctly but here goes:

 I have been using Linux for a while but had a hiatus of about 10 years so
 it's been a slow requisition of learned skills. To that end I was thrilled
 that VirtualBox technology came out recently in order to give this a much
 easier time in connecting to the network and using operating systems
 seamlessly.

 I installed the virtual box package and got the newest Debian DVD ISO and
 was able to get it all installed from what looks like a complete install.
 My issues are with my VPN provider that I use. They provide all the
 configuration on their end so I have no need to be able to offer server
 configs and the like nor can I randomly copy files over. I have a oven
 file, a .crt or certification file and of course my username and password.
 This seems to be good enough to get my android devices connected with a
 port of ovpn.

 The issues are with getting networking to recognize the vpn as the sole
 transparent provider on the instance end. It can initialize and create the
 tun0. I tried to get this configured but it seems that getting this done
 assumes several things which are not accurate in my case:

 1. I want to run both a client and server and have complete access to both
 (the provider I work with handles all the server stuff and I don't have to
 do that, and it technically works without it).

 2. All the key generation, random other stuff that the wiki assumes is
 required is apparently not required.

 3. I'm not able to get any documentation from the net that seems to
 disagree with my need to do this at all (Google searches keep
 re-referencing the document with every single re-phrasing of the request I
 need).

 4. I tried to mess with iptables and the like and get that to work which
 only succeeded in shutting off all access to websites that I tried to use

 5. No one has apparently had any issues with Network Manger or it's kin
 that weren't easily solved, and or have never used the virtualization
 technology.g

 I'm sure I have to check things out but I need to know if anyone has done
 this before, what else I need to share (and what I can and must keep
 private due to not wanting to void my privacy)

 Thanks for the help

 --
 The death of one man is a tragedy, the death of 10 million is a
 statistic -- Joseph Stalin

 Omnia mutantur, nihil interit
 (Translation:
 Everything changes, nothing is lost.)
 -- Ovid, _Metamorphoses_




-- 
The death of one man is a tragedy, the death of 10 million is a statistic
-- Joseph Stalin

Omnia mutantur, nihil interit
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_

Issues with openvpn and virtualbox as the sole networking provider

[John T. Haggerty]

I don't know if I am able to convey this correctly but here goes:

I have been using Linux for a while but had a hiatus of about 10 years so
it's been a slow requisition of learned skills. To that end I was thrilled
that VirtualBox technology came out recently in order to give this a much
easier time in connecting to the network and using operating systems
seamlessly.

I installed the virtual box package and got the newest Debian DVD ISO and
was able to get it all installed from what looks like a complete install.
My issues are with my VPN provider that I use. They provide all the
configuration on their end so I have no need to be able to offer server
configs and the like nor can I randomly copy files over. I have a oven
file, a .crt or certification file and of course my username and password.
This seems to be good enough to get my android devices connected with a
port of ovpn.

The issues are with getting networking to recognize the vpn as the sole
transparent provider on the instance end. It can initialize and create the
tun0. I tried to get this configured but it seems that getting this done
assumes several things which are not accurate in my case:

1. I want to run both a client and server and have complete access to both
(the provider I work with handles all the server stuff and I don't have to
do that, and it technically works without it).

2. All the key generation, random other stuff that the wiki assumes is
required is apparently not required.

3. I'm not able to get any documentation from the net that seems to
disagree with my need to do this at all (Google searches keep
re-referencing the document with every single re-phrasing of the request I
need).

4. I tried to mess with iptables and the like and get that to work which
only succeeded in shutting off all access to websites that I tried to use

5. No one has apparently had any issues with Network Manger or it's kin
that weren't easily solved, and or have never used the virtualization
technology.g

I'm sure I have to check things out but I need to know if anyone has done
this before, what else I need to share (and what I can and must keep
private due to not wanting to void my privacy)

Thanks for the help

-- 
The death of one man is a tragedy, the death of 10 million is a statistic
-- Joseph Stalin

Omnia mutantur, nihil interit
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_

CPU's and system monitor

[John T. Moran]

I installed Debian sarge today and the install went good. I couldn't get 
the system to boot with the 2.6.8 smp kernel so I changed the repository 
to unstable and installed the 2.6.11.1 kernel. Everything went fine and 
no problems. System shows no bad behaviour. The one thing I noticed is 
the System monitor is only showing one cpu. I have an Intel d865gbf 
board with a 3.0 HT P4. I also have an Ubuntu 5.04 install on another 
hard drive and it shows 2 cpu's.

I checked the /proc/cpuinfo file and it is listing a cpu0 and cpu1.
Any help with why System monitor would only show one cpu and any oher 
ways to check if the HT is being used correctly? Thanks.

John
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

dazed and confused

[John T]

I am trying to install Debian on my pc without any
success.
When I am prompted to install after following prevoius
instructions I am to select the install source. when I
select CDROM as that is what came with the book, the
response say cdrom mount failed. In the bookit says to
usedselect alt+f2 keys but I can not do that untill I
have a password and I can not set a password until the
system is installed
I am confused and depressed.
what do I have to do to get this installed? from cd

__
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

Install problem (bug?) Mylex vs. Woody

[John T. Croteau]

I was very pleased when I saw that the Woody root disk now supports the
Mylex block device driver (/dev/rd/*).  This was to mean no more RH or
Slackware for me.  

However, I have run into a slight problem with the Debian install script
and looking for suggestions or wondering if it should be submitted as a
bug. 

fdisk creates the partions with a name like '/dev/rd/c0d0p2'  c0 = first
controller, d0 = first array pack, p2 = partition 2.

When I tell the Debian install script to format and mount the partition,
it sees it as '/dev/rd/c0d02' (dropping the 'p') and thus can't format it
because '/dev/rd/c0d02' is not a valid device file.  I said fine, and
created a '/dev/rd/c0d02' device and it was able to format it.  However,
it could not mount it.  After it mounts, a dialog box comes up immediately
and informs me that The root device has unexpectedly changed, from
/dev/rd/c0d02 to /dev/rd/c0d0p2.

Now, I am stuck in this vicious circle and can't get any further until it
mounts the partitions without warnings.

Any ideas would be greatly appreciated!
 
Thanks.

- JT

2.2.x boot/root needed

[John T. Croteau]

Does anyone happen to have a rescue boot/root with a 2.2.x kernel on it
that I could get a copy of?

I am installing a new workstation with a fairly new SCSI controller with
a kernel level driver, manufacturer supplied, that requires 2.2.5.  The
controller in question is a new DPT SmartRaid V.  Please DO NOT reply and
tell me that there has been kernel support for DPT cards since 2.0.x days.
The new SmartRaid V cards are, however, not compatible with the older EATA
drivers.  In the past, DPT driver development was done by third parties.
However, now DPT has written the drivers themselves but it currently only
works with 2.2.5.

I was able to replace the kernel on the slink rescue floppy with the 2.2.5
kernel that I compiled, however the install script barfs due to
incompatabilities with 2.2.x.

Anyone have a boot/root working with a 2.2.x kernel or know what I have to
do to make a custom boot/root work with 2.2.x?  Open to other suggestions
as well.

Thanks alot.

- JT

Re: libc6-2.1.1 ... safe to install?

[John T. Croteau]

I am going to stick with 2.0.7 until gnu makes 2.1 available again.  I
just love political issues.

- JT

Re: Cannot get full speed download on ppp

[John T. Larkin]

 I don't what i have done to my system. Recently i found that my 
 download speed from our server at most can give me 2.6k byte/s ftp.

You should try two things:
1) Use hdparm to optimize the performance of your disks.  I recomend
   the '-u' option to unmask the IRQ for data transfers.  Be careful
   with this, as it (supposedly) has been known not to work on some
   systems and causes severe data corruption.
2) Use irqtune to give the serial port the highest priority.

 I used to be able to
 get 3.1K bytes/s downloading  compressed file.
I really don't know why you used to be able to get this performance,
but no longer (unless you just happened to hit a really busy time of
day, and your ISP couldn't get data fast enough).  My 386-40, with an
old 8250 uart and external 28.8 modem, can get thru-put of 2.8ish for
transfers.  This generates about 6000 interupts per second, and pretty
much pushes the limits of the old hardware (a newer 16550 uart would 
help by greatly reducing the number of interupts).  
I'm slightly confused by your situation, because you really should
have no problems with a p-133 and internal modem or 16550 uart on the
serial port.  
Anyway, try it, and if it helps

Good luck,
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin

Re: running script files.

[John T. Larkin]

On Feb 7, A. M. Varon wrote
 It seems that shell scripts i have made in my debian distrib. doesn't run.
 you need to put ./ in front in order for it to execute.

Bash will only execute programs which are specified in your path (to
see what your path is, type echo $PATH).  If . is not in your path,
then it won't execute programs in the current directory.  If you want
to be able to execute things in the current directory without specifying
the ./ before it, then try this (in bash):
export PATH=$PATH:.
This will add . to the end of your path.  To do this every time you
log in (without retyping it every time), put that line in ~/.bashrc.  This
is a script that is run every time a shell is started by you, and in
particular, it is run when you log in.
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin

Re: Weird: networking problem?

[John T. Larkin]

On Mar 6, Yanhui Liu wrote
 I connected my desktop and notebook computers, both are running linux
 2.0.27, using the plip module. The desktop is set up as the gateway. The
 strange thing is that the notebook can ping the desktop, but the desktop
 cannot ping the notebook. I am new to networking. Does anybody know
 what's wrong?

My first guess is the routing tables on the laptop.  There is a program
called route which shows and sets the routing tables for linux.  Routes
tell the kernel where to send things--if it doesn't know where to
send them, they don't go anywhere.
So, on you desktop, if you type in route -n, you should see something 
like:

Destination Gateway Genmask Flags Metric RefUse Iface
127.0.0.1   0.0.0.0 255.255.255.255 UH  00  ...  lo
IPaddress 0.0.0.0 255.255.255.0   ...

Where IPaddress is the address of your laptop.  My guess is, your lap-
top doesn't have one of these lines.  To fix that, try
route add IPaddress-of-desktop on your laptop.

If this doesn't work, or you want to know exactly how these routes work,
write me some email off the list.
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin

Re: Running files

[John T. Larkin]

   how can I run a file that is not a command file?  Like I have a 
 file called startup, how do I run it?  

What sort of file is it?  If you know that it's an executable file, you
probably need to set the execute bit on the file.  You can do with
chmod u+x filename.  Check out the man page for chmod for more info.
If startup is a script of commands you want to run, make sure you
have the line #!/bin/sh at the top of the script.

 And where can I find minicom, or 
 any of the other comm programs?  
Take a look at the directory structure on the ftp sites.  There is
a debian/stable and a debian/unstable.  Pick the one you want
to use (probably stable).  Under this, there is a binary-architecture
directory.  If you have a PC, you'll want binary-i386.  Then there
are a bunch of directories based on section.  For instance, all the
comm programs are in debian/stable/binary-i386/comm.  

 And where can I get pico, the text editor?
Check out debian/non-free/binary/pico_3.95L-7.deb on an ftp mirror,
such as aij.st.hmc.edu (not to plug my own mirror, or anything...).
This isn't in the stable or unstable trees probably because it's not
under the GPL -- the GNU Public License.
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin

Re: x windows

[John T. Larkin]

  well i got 1.2.2 installed and i was wondering about x 
  windows, could anyone tell me how much disk space i will 
  need to run this. i have an old 386 with 4m ran and 20mb 
  of swap space.

 am quite impressed with its abilities.  I don't think I'd try xwin with
 less than say 300, 400 is better and of course, (if your budget 
 allows)700 or more would probably do a single user machine for some time.

I disagree.  At home I've an old 386-40 which ran X, netscape, PPP, xv
and almost nothing else in 40 megs of drive space.  It does, however,
have 8 megs of ram and an S3 accelerated card, which makes X almost 
bearable.  While Linux will run X with only 4 megs of ram, you probably
won't be able to do much except for wait for it to swap.  I'd really
recomend at least 8 megs of ram.

-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin

Re: Installation problem which now is network problem

[John T. Larkin]

 Unfortunately it's not up and running to that extent I would like to. I have
 no contact at all with the network and with the Internet in particular. I
 think I have to make some changes in the network configuration. The question
 is: How do I reconfigure the network when I've already installed Linux. I
 don't want to reinstall it for a small matter like this.

Hopefully, you answered yes when asked by the installation script if you're
directly connected to the network.  If so, edit the file /etc/init.d/network
and put in the proper values.  Check your IP address, make sure it's yours.
The NETMASK value depends on your network. For a class C network, it is
255.255.255.0, the NETWORK address just replaces the 4th (and last) field of
your IP address with a 0. BROADCAST again depends on the kind of network
you have.  Usually replace the last field of your IP address with 255 for
a class C network.  Your gateway is dependent on your network.  Usually
replace the last field of your IP with 1 (mine is weird -- it's 200. Again,
dependent on your local net).

If you need more info, feel free to email me off the list.  For instance, if
you don't have a /etc/init.d/networks file.
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin

Re: wu-ftpd

[John T. Larkin]

 ls, I get no output.  Only the following shows up:
 
 ftp ls
 200 PORT command successful.
 150 Opening ASCII mode data connection for /bin/ls.
 226 Transfer complete.
 ftp

This is probably because ls can't find the proper libraries it needs to load.
When a user uses anonomous ftp, it chroots to the ftp directory.  So if
ls is a shared executable (find this out by typing in file ./ls in your
ftp/bin directory) you need the shared libraries.  For tar and ls, I have
the following libs in ftp/lib:
ld-linux.so.1
libc.so.5
which are symlinks to the proper versions of ld-linux and libc that you have
in the lib directory.
I do believe you need a ld.so.cache in ftp/etc/.  The way I created mine was
by copying ldconfig to the ftp directory, and running it after running
chroot to the directory.  I'm sure there are better ways of doing it, but
that worked.

 Accounts that I have setup for testing purposes and existing accounts seem 
 to work.  Should I have  removed the crypted password from /etc/passwd?  
 I do have a copy of passwd and group in  /home/ftp/etc without passwords
 in them.  ls has also been copied to /home/ftp/bin, as suggested
 by man wu-ftpd.
You should leave passwords in /etc/passwd, but don't have any passwords in
ftp/etc/passwd.

-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin

Re: IMPORTANT: RSA Data Security Challenge participants please read

[John T. Larkin]

On Feb 26, Jens B. Jorgensen wrote
 Karl Ferguson wrote:
  At 07:03 PM 25/02/97 PST, Bruce Perens wrote:
  the Linux group. It looks as if we do have a chance. It would be real
  embarassing to beat them. So please, if you are participating, change your
  reporting address to [EMAIL PROTECTED] NOW. 
  Why is it such a bad thing to beat the Linux group?  The whole idea is to
  increase the awareness of Debian Linux - when people see we're in the
  number 2 slot or even number 1, we'll have good publicity.
 Yeah. If the folks at gzero.net will add the numbers from
 [EMAIL PROTECTED]
 to [EMAIL PROTECTED] then why would we want to change?! I think that is
 all the more reason *not* to change because we can help the greater
 cause
 while at the same time getting airplay for Debian? 

I think it may be an excellent idea to _ask_ the other non-debian
members of the linux community and see what they think.  We can 
talk all we want, and it won't change what they think we're doing.  
If the rest of the linux world doesn't mind if we run under 
[EMAIL PROTECTED] (especially if that email address is just added
to the total for [EMAIL PROTECTED]), then all is well and good.  If they
think we're impertenent snobs, perhaps we should change.

As a side note:
Harvey Mudd should be producing somewhere between 3 and 4 M kps by 
tomarrow.  Right now, most of us are running under [EMAIL PROTECTED],
but we can change that if Bruce still disagrees with our possition.
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: NT and Microsoft can go to hell!

[John T. Larkin]

On Feb 24, Robert Nicholson wrote
 Does anybody know how to run lilo once you've executed a shell from the
 rescue disk? Basically I'm having a problem because / is the /ramdisk0
 and not my harddrive. I think I need to rerun Lilo. 

I don't know if this is the recommended usage, but I just did it and
it works.  Mount your root parition in /mnt.   Edit /mnt/etc/lilo.conf
and change all of the paths from /boot/... to /mnt/boot/... etc.  
I also had to create a /boot directory.  Then run
/mnt/sbin/lilo -C /mnt/etc/lilo.conf
It will create a file in /boot.  I just moved that file to /mnt/boot,
reset the computer, and everything works fine and dandy now.  But don't
forget to change /etc/lilo.conf once you reboot.
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: HELP! XDM locked me out of Linux!

[John T. Larkin]

 Is there any way to skip the XDM startup file?  Maybe if I start up in 
 single user mode?  Is there a LILO option for that?

Assuming that linux is your kernel image with lilo, at the lilo prompt,
you can try one of the following:
LILO: linux single
or
LILO: linux emergency

single brings you up in single user mode.  emergency brings up
just enough to run a root shell--ie, it doesn't mount anything but the
root partition (and it mounts that read-only), doesn't run any start-up
scripts or anything else.

Hope this helps.
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: load now pegs at 1

[John T. Larkin]

 Hi folks, little anomyly that I'd like to share.  I had a few probs with
 dpkg, and bash, which are now take care of thanks to the list. :-)  Only
 things is now I notice a load which doesn't drop below 1, even when I am
 not doing anything. 

First, run something like top to see if anything is taking up 
processor time.  If you notice a process using about 95% of the processor,
this would be the problem.

 Should I be looking for any other problems that I might not be aware of?
Yes.  Some processes can go into uninteruptable sleep.  They stay in
the run queue (and hence increase the load) but they don't suck up all
of the available processor cycles.  I had a problem with these when I
tried to gunzip a file on a bad filesystem.  I'm not sure how the 
filesystem got corrupted while mounted -- but the process could not
be killed, and I had to reboot so that I could unmount the partition and
check it with fsck.

 This is a single user machine p100 with 32megs of
 ram, and 16M of swap(I know should be 64...)
Well, it just depends on what you use.  I have 48 megs of ram, and almost
never touch my 32 megs of swap.  Why waste disk space on more?
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: IPX loading every 5 minutes

[John T. Larkin]

 properly.  Now I'm having a similar problem, except instead of not being
 loaded, it's being loaded every five minutes.  An excerpt from my messages

 Okay, now does anyone have a good idea as to how to suppress it?  :)

The three ways I see of surpressing it:
1) Stop using IPX.  
2) Insert the ipx module with insmod rather than kerneld.  This
  way it won't be removed and thus won't have to be loaded again.
3) Compile IPX into your kernel.  Then the ipx module won't have
  to be loaded at all.

I'd recommend 2 as the best solution.  If there is some reason you can't
keep ipx loaded all the time, you can change the behaviour of kerneld
so that it takes more than 300 seconds to unload a module.  But then
ipx would stay loaded anyway, because the 300+ second timer would be
reset every 300 seconds.

-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Finger?

[John T. Larkin]

I got an odd message today while using finger.  While logged into
tty1 on the local console, I typed in finger and got the response:

No one logged on.

This was obviously incorrect, since I was logged on. 
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: Debian installation

[John T. Larkin]

 Boot  Begin Start  End  Blocks  System
   /dev/hda1  *   1 1   163   82120+ Linux native
   /dev/hda2164   164   244   40824  Linux swap
   
   /dev/hda3245   245  1260  512064  Linux native
   /dev/hda4   1024  1261  2484  616896  Extended
   /dev/hda5   1024  1261  1870  307408+ Linux native
   /dev/hda6   1024  1871  2484  309424+ Linux native
 
 Something is wrong here.  If Extended means what it does in the dos world 
 i.e. as opposed to primary, something is very wrong.  hda1-4 should be 
 primary and hda5-... would be extended.  This means that when it says 
 Extended, Extended is a type, such as linux native, dos fat, HPFS, NTFS.

This assertion is incorrect.  If you want extended partitions, in either
dos or linux, the 4th primary partition is labeled extended and
the partition information for the extended partitions and the extended 
partitions themselves are contained within /dev/hda4.

From what I see on this parition table, it looks valid.
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: Debian installation

[John T. Larkin]

  This assertion is incorrect.  If you want extended partitions, in either
  dos or linux, the 4th primary partition is labeled extended and
  the partition information for the extended partitions and the extended 
  partitions themselves are contained within /dev/hda4.
 
 Then how come the kernel says something like hda1, hda2 hda5,hda6
 shouldn't it be hda1, hda4 hda5,hda6 I take this to mean I have primary 
 on hda1 and an extended on hda2 with logical hda5, and hda6 in it. (or 
 something like that language, not sure on the extended/logical thing).

Yes, you're right.  Rather than saying the 4th primary partition I should
have said one of the 4 primary partitions.
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: pppd and ethernet error (dialup)

[John T. Larkin]

 Feb 18 20:46:37 uk pppd[1065]: Connect: ppp0 -- /dev/ttyS1
 Feb 18 20:46:41 uk pppd[1065]: local IP address 194.247.41.27
 Feb 18 20:46:41 uk pppd[1065]: remote IP address 194.247.41.30
 Feb 18 20:46:41 uk pppd[1065]: ppp not replacing existing default route to 
 eth0[0.0.0.0]
 So the connection establishes ok, it something to do with internal network 
 running on 10.0.0.1 on eth0.  Has anybody got any ideas how i can get around 
 this or fix it ?
Yes, it does have something to do with your internal network.  Since you
probably already have a route in the routing table, ppp won't add a new one.
Try doing this after ppp is up and running:
route add default gw 194.274.41.30 metric 1

This should make net trafic go over ppp by default, but your local net should
(hopefully) still work.

 Feb 18 20:46:41 uk pppd[1065]: Cannot determine ethernet address for proxy ARP
Sorry, don't know anything about that error

-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Bug with libraries?

[John T. Larkin]

Two friends of mine receintly installed the stable Debian distribution,
and both had the same problem.  (One installed about 2 months ago, the
other 2 days ago from an updated mirror).  
The file /etc/ld.so.conf did _not_ include the line:
/usr/X11R6/lib

This was bad; everything linked with the x libraries couldn't run
since they couldn't find the libraries.  They had installed a bunch of
X packages, so one of the packages should have been responsable for making 
sure that this line was added to /etc/ld.so.conf, correct?

Thanks much,
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: linux file systems - frag-up

[John T. Larkin]

 Can anybody out there familiar with linux filesystem formats tell 
  me if I need to be concerned with file system fragmentation.

I've never had a problem with file-system fragmentation.  As long as you
leave some space free on the filesystem (this is part of the reason for 
5% reserved for root), it will figure out how not to fragment your drive.
Running an ext2 fs about 90% full for about a year led to 8-9%
fragmentation.  While this isn't _great_, it doesn't get much worse
than that.

I've heard rumors of an ext2 file system defrag program -- but I don't
think I'd trust my data to it.
-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: NE2000 compatible card problem

[John T. Larkin]

 Dear Linuxer,
 
 I have try with several NE2000 compatible cards with 10BaseT and BNC  
 autodetected. None of them works with the 10BaseT interface but works 
 fine with the BNC interface.

What kind of cards are these?  Do they support _both_ 10base-t and 10base-2,
or do you have 2 cards, each which support 1 interface?  Are they software
or hardware (jumper) configurable?

If you have an NE2000 card which supports both 10baseT and 10base2, then
you must properly tell it which interface you're useing.  This may be
done with a jumper on the board, or done with software you should have
received with the card.

Next, are you sure you have working cables and hub for the 10BaseT?  Unlike
10base2 (BNC) you can't connect 2 cards directly together, but must use
a hub between them.  Most cards and hubs have link lights that light up when
a proper connection has been established.  If these don't come on, you
may have bad cables, or your card may be configured for BNC.

 I did not find information in the Ethernet-Howto. Does anybody know 
 the problem and solution?
 

Thanks for checking the docs first :).

-- 
- John Larkin   
- [EMAIL PROTECTED]
- http://aij.st.hmc.edu/~jlarkin