Re: [SLUG] Reuse or Recycle Your Old Computer
Edwin Humphries wrote: Surely it rather depends on what the intended use of the old computer is? I've heard of using old computers as routers, NAS boxes and so on, and whilst I applaud the idea of extending useful life, using a 75-100W PC to do the job of a 10-15W router is hardly energy efficient - or cost effective. Yep. Consider that the CubieTruck with a SSD pulls 10W peak, 5W typ and will happily run a web server capable of pushing 1Gbps. The CubieTruck is about $114, a 120GB SSD is about $100. If that replaces a 95W headless computer (aka “old laptop”) then the CubieTruck uses $160pa less electricity. So the payback period is about 1.5 years (less if the house has air conditioning). I’d also be careful when comparing old v new computers that you include the entire system, especially if moving from a CRT to LCD screen. The flip side is that old computers can be outstanding value for money when used as computers. For example Aspitech offer a Core2Duo desktop computer with LCD screen for $170 including Windows and Office. If you desperately need a computer for uni essays then it’s hard to do better than one of these and a monochrome laser printer (and yeah, Aspitech are Linux-friendly if you ask). -glen -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] making fgets fail during testing
The usual technique is to interpose your own library call above the usual call. See LD_PRELOAD and dlsym(). For an interpreted language like PHP use strace and friends to see which library calls the PHP fgets() uses (it need not be fgets(), it could be read()). -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] TCP/IP over I2C
David Lyon wrote: It's interesting that I2C is a actually a multi-master master/slave system. So there doesn't appear any theoretical reason as to why it wouldn't work. The lack of two I2C ports on the RPi would be a practical reason. The sense of master and slave carries electrical implications, so a port can't change from one to the other without restarting the bus and all of its devices. -glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] TCP/IP over I2C
On 02/06/2013, at 9:31 AM, Chris Barnes wrote: yeah. come to think of it. the whole master/slave process of I2C would probably make it terribly difficult to implement tcp/ip since each device would have to be able to switch from slave to master to be able to send broadcasts like arp requests, netbios name requests, etc. Otherwise the slaves can only send data in response to a request from the master. I2C slave support depends on the particular I2C driver. It isn't very common and won't be in a mainstream kernel. As for the master/slave issue, that's easily solved if designed in from the start as I2C is a multi master system so you give those particular nodes both master and slave functions. Of course the RPi has only one I2C port. There's not much call for IP over I2C as the I2C bus has a maximum capacitance of 400pF. That's a couple of metres. Also, the value of the pull-up resistors will vary with the capacitance (ie, cable length), and in this high capacitance environment you'll want to use an active I2C terminator. This is all easy enough to arrange on a PCB, but gets problematic when using cabling and you're starting to talk daughterboards to hold all of this additional logic, not just connecting one RPi to another. What you'll often find on PCBs is I2C used for simple devices and a USB hub used for complex devices. For example the RPi itself uses USB to attach its ethernet port. USB brings device enumeration, peer operation at the protocol level, device profiles and so on. The RPi is a mobile phone CPU. So its I2C is really focussed at firmware downloads to the radio devices, a simple power-on self test (enumerate that the devices which should be reachable are in fact reachable), and commanding FPGAs and devices (such as bringing the transmit amplifier online) - IPv4 works fine on broadcast-less media, that was it's original use. In this case you'd hardcode the I2C link layer address and it's corresponding IPv4 address. In the GPIO case you don't care about the address at the other end of a point-to-point link, stuff which is addressed for your subnet but which is not the null address or your address needs to be transmitted. In the USB case there's an adaption protocol (CDC or RNDIS). IPv6 is simpler, you'd just include the i2c address in the lower bits of the IPv6 address. What you usually do isn't to run IP cover I2C, but to run IP to lightweight controller software, which then bangs the I2C bus. There's a special web-like protocol: REST over CoAP over IPv6 which is focussed on being easily proxied from a full REST/HTTP/TCP/IP. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] TCP/IP over I2C
On 03/06/2013, at 10:15 AM, Chris Barnes wrote: Wow thanks for that Glen. Stacks of useful info. Given me a bit more to think about. Personally, if I were building a cluster of RPis I'd use the serial console for remote management. The main reason for that is that crash information gets printed to the console. I'd pull the RS-232 console pins back to a board, terminate them on the Prolific RS-232/USB chips, connect those chips using a cascade of USB hub chips, and present that to the management console (say, the USB port of another RPi). It would see a /dev/ttyUSB__ per RPi. All this is low speed stuff, so you could breadboard it. You'd make all that sensible by using conserver http://www.conserver.com/. Configure conserver to - record seen messages from each RPi to syslog. - enable the console ... command to allow you to connect to a particular RPi's console. You can even set up sshd so that if you SSH to a particular service, then sshd executes conserver's console ssh_service_name command, allowing you to SSH directly to the console of a particular RPi without touching the command line of the management computer. In fact if you use IPv6 you can give each console SSH its own IPv6 address. That in turn means you could use one of the parallel SSH clients to issue commands simultaneously to the consoles of all of the RPis. I wouldn't usually manage the cluster like using ssh -- that's what Puppet is for -- but it is very useful all of the same. The other software you need to know about is collectd. This is how the management platform does capacity planning for all of the machines in the cluster. In your prototype of the cluster simply use retail parts rather than build a board: - a RS-232/USB dongle, with the RS-232 interface being 3.3V. For example https://www.modmypi.com/raspberry-pi-accessories/cables/USB-to-TTL-Serial-Cable-Debug-Console-Cable-for-Raspberry-Pi - a powered USB hub, one from the list at http://elinux.org/RPi_VerifiedPeripherals#Powered_USB_Hubs Density-wise, I'd see you building the rack by using a bespoke 2RU shelf holding 46 RPis, each shelf including a 48 port 10/100 ethernet switch with 1Gbps uplink. At the top of the rack you'd lose 3RU for the 5V rectifier (which you'd drop down the rack using Cable TV power cable and vampire taps into the power bus of each shelf); 1RU for a 24 port 1000 ethernet switch with four 10Gbps ports; 1RU for the management platform (Intel server with 10GE interface) and its disks. That means the 45RU rack hold 20 shelves of 46 RPi each, giving a cluster of 920 RPis per rack. Power draw would be about 6,500W per rack. The result would be about 644,000 BogoMIPS. For comparison the Supermicro FatTwin and a 10GE switch consumes 5RU, 2,000W for 896,000 BogoMIPS, and that includes 48 spinning disks. -glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] DNS server getting hammered.
On 07/04/2013, at 10:28 AM, Jake Anderson wrote: Presumably the requests are generally coming from a limited subset of addresses. I suggest grepping your logs, and pulling out all the requests matching those patterns. then pull out the distinct addresses. then just putting a firewall block rule in place. This doesn't really help much. The rates up from individual compromised machines are quite low, even major ISPs only see 0.5Mbps or so from compromised machines using DNS reflector DDoS. That's the essence of the distributed attack -- data rates are low enough to be underneath the radar from most viewpoints (although obviously not from viewpoint of the network being flooded). Configure a DNS primary or secondary server so that it only answers for non-recursive queries and only for those zones for which it is a primary or a secondary. If you are being hammered, then limit the size of the Additional Records to the minimum (e.g., make clients query for a second time to resolve a CNAME). Configure a DNS forwarder so that it only answers for the IP addresses range of the expected clients, and is bound only to the interface on which those queries are expected. Do give answers for unallocated networks rather than letting them recurse (see RFC1604). I really should update AUSCERT's AL1999-004 http://www.auscert.org.au/render.html?it=80template=1 although apart from updating the bogon list and adding IPv6 there's not really that much which has changed in 13 years. -glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] date sorting on second last string
On 2012-08-06 Jobst Schmalenbach trolled:
Dear I say it ... Excel does a good job at this.
Export as csv, import into Excel, select the column and sort.
That won't give the result you want, due the varying number of columns
in each record. If you fix that then the sort command can trivially sort
the file anyway.
On 2012-08-03 lists asked:
how could I date order sort on penultimate string to end up with date
ordered ?
Job 1978924 (8) Ttt Pp 20-11-2012 Notes
Job 1923886 Ccc Pl 31-08-2012 Notes
Unix is a set of tools which you string together. So let's extract the
sort field and and decorate the start of the line with its sort field:
awk '{ printf %s %s\n, $(NF-1), $0 }'
and then sort by it
sort -t '-' -k 3n -k 2n -k 1n
and finally undecorate the sort key we added
cut -f 2- -d ' '
For example, if the file is fred.txt (all the following is one line, the
wraps are added by my mailer):
awk '{ printf %s %s\n, $(NF-1), $0 }' fred.txt | sort -t '-' -k 3n -k
2n -k 1n | cut -f 2- -d ' '
This technique is well known and is documented in the usage examples in
the 'sort' info page.
-glen
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Editing a text file (to preserve line-endings) - how to do it ?
On 02/08/12 13:50, David Lyon wrote: Anyway, the document is full of mixed cr and cr+lf data. I need to preserve the 'delicate' mix and edit the file. You poor bastard. I'm assuming the CRs are the mainframe doing overprinting to get bold text, and the CR LF is for new lines. Emacs will do this, as it treats the CRs as data. If it auto-detects DOS format then just turn off DOS mode. In the worst case it has a hex editting mode. vim has a binary mode that looks the goods too. Again you might need to disable DOS mode before editing and saving. -- Glen Turner www.gdt.id.au/~gdt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] disabling ipv6 on centos? telnet localhost fails
On 21/06/12 18:15, Michael Fox wrote: I'd be inclined to drop localhost.localhost and localhost from the ipv6 section of the hosts file.. Please don't do that. policyd doesn't support IPv6, so just hardcode the well-known IPv4 address 127.0.0.1 in the MTA and raise a bug against policyd. -- Glen Turner www.gdt.id.au/~gdt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Linux and Apache limits on number of files in a directory
In all seriousness, it's simple enough to run up Apache with the workload you think you want (even if the filenames are nonsense and the file contents all identical). So do that. Then you can do your capacity planning with numbers rather than assumptions. The point of a CMS isn't to quickly serve files. It's to easily administer content. Everyone runs a cache in front of their CMS, and the CMSs themselves are designed to work that way. There isn't much difference in serving speed between the cache and Apache. Having said that, it's amazing how many these small percentages whittle away performance. We serve about 8TB a day from one machine running Apache simply because we don't run any fanciness. But you're not really in that class of content serving, so I'd serious think about the efficiency-to-you of a CMS with a serving cache. -glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Force mounting usb storage read only
Since you haven't got a reply let me outline some possibilities. Firstly, I'll describe the drive insertion process, so you know where all the funny subsystem names fit together: - the kernel detects the inserted drive and calls a hotplug program - the common hotplug program is udev - udev looks up udev rules, perhaps setting environment variables for use by subsequent programs - for a USB disk these rules result in a dbus message - the graphical system (gnome, kde, etc) sees these messages, does some user interface goodness, and calls udisks - udisks calls polkit to see if the operation is allowed - udisks calls the kernel to mount the disk - the files appearing on the disk have the usual modes, ACLs, and SELinux context. Now you can change either udev or polkit rules to prevent the disk being mounted at all. udev to stop the disk ever being seen and then to turn the disk off is probably the best way. There's a special authorized file under /sys for each USB drive to allow that. As far as I can tell you can't use udev or polkit to determine mount options. You might be able to strip the w attribute off the /dev/sd?[a-z]+ USB storage device using udev. See the MODE parameter. You'll be thrilled to hear that with so many moving parts that the mount options are hardcoded into the file src/device.c of the udisks package. There is one twist: if the disk is seen in /etc/fstab then the parameters there are used. That's not particularly useful in this situation. Note that what you want isn't strictly the drive to be mounted with ro but for no files to be able to be written to the drive. So you may be able to use ACLs or SELinux to achieve your goal. Personally, I'd start with a SELinux rule covering the /media directory and work my way back from there, ending with an altered udisks-daemon program. The reason for that is the SELinux and ACLs are security constraints and their designers have thought long and hard about preventing people working around them. For example, they'll still work even if there is a graphical manager that mounts the disk directly rather than using udisks. Let us know how you go, Glen -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: [Linux-aus] Australian distributor product page for Raspberry Pi (Model B)
http://au.element14.com/raspberry-pi/raspbrry-pcba/sbc-raspberry-pi-model-b/dp/2081185 Hi Jeff, Do you know if there is actual stocked product behind that page? Cheers, Glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] mkdir
Cal Edwards wrote: I want to be able to create a new subdir and be sure that it has the same ownership as topdir. It depends how the directory is created. If they use mkdir from the shell then the best you can do is to force the group to match the parent directory -- search for sticky bit on directory. Even that might not give the group access, it depends on the user's umask. If they create the directory through Samba then there's no shortage of hooks to force directory ownerships and permissions. man smb.conf -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] advice for new laptop...
On Sun, 2011-12-04 at 11:55 +1100, simran wrote: . is there truly nothing obvious that is a good replacement for mac users to move back to linux. Just a heads-up that installing any distribution of Linux on the current Mac hardware is a nightmare. If you are buying a computer to run Linux, don't buy a Mac. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] advice for new laptop...
I found it to be utterly easy: Boot Favourite CD/DVD Install as usual With respect James, that has not been my experience with a 2011 MacBook Pro at all. Distribution DVDs don't even boot, standard boot loaders don't support Apple's UEFI, the kernel dies. And sure, I've got Fedora working now. But wasn't something I'd put anyone else through. Apparently the next Fedora release will work out of the box -- but that's 12 months since the hardware appeared. -Glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Alternatives to Gnome3
Andrew wrote: What I find annoying about these conversations is that if you had gone and bought an Apple with Mac OS X you would be perfectly reasonably working through learning how to use a new Desktop and not complaining about it at all. But here we are admonishing the GNOME hackers had the temerity to do something new and different. It's not new and different, it's new and worse. As a little thought experiment, here's the mouseclicks to launch a word processor: - MacOS - 3 - Applications | LibreOffice | TextDocument - Windows 7 - 3 - Win | LibreOffice | Writer - GNOME3 - 4 - Activities | Applications | Office | LibreOffice Writer The real shame of the GNOME3 interface is that you don't see any mention of LibreOffice until click 3. MacOS and Windows both manage that on click 1. Window management is just pathetic. You've got a few applications running and you want to flip back and forward between two of them (eg, to move content into a document you are writing). You need to know far too much keystroke magic rather than just click once on a menu bar. For the record, I use Fedora for real work, MacOS too. Fedora used to be more usable than MacOS, despite all of the Apple hype to the contrary. Now Fedora is much less efficient at doing the simple stuff, like launching applications or switching between them. A fair whack of that seems to be from GNOME getting some Apple envy, perhaps not realising that they were already better. The lock icon on configuration menus is a prime example of copying poor ideas from Apple. -Glen-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Affordable wireless AP hardware to support 30+ connections
Got to say I'm a bit surprised you're maxing out so early. I do wonder if you aren't maxing out the CPU by running WPA2/802.1x since those APs don't do AES in hardware, but the CPU was sized for crypto to be done in hardware (unfortunately all of the crypto supported in the WRT54G hardware is now broken), From memory I've happy run a IT conference of 90-odd networking people from a single WRT54GS running without crypto (ie, open). OpenWRT running bridging and certainly not doing any NAT or other deep packet work. I did replace the pathetic antennas with two real ones and I hoisted the whole thing into the stage lighting rig so it had line of sight to every laptop. So the AP didn't need any fancy RF features (which is a good thing, since the WRT54GS has no fancy RF features). Unfortunately, just one of those colinear antennas is more than your budget. The WRTs are really old APs these days. A modern commercially-oriented AP can do a 300 person lecture theatre. They've also got much better RF systems, and so can squeeze in more than three channels into a site. You might want to see if you can score some from an organisation doing a g--n upgrade. Perhaps check the usual second-hand suppliers. I'm not sure if Cisco, etc have software relicensing schemes for charities like Microsoft does. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ssh key-based auth not working Ubuntu without GUI (X) login??
On Tue, 2011-08-23 at 09:57 +1000, Sonia Hamilton wrote: I've come across an interesting feature on the later Ubuntu's - ssh key-based authentication to a target box doesn't appear to work, unless I've logged onto the target box through the GUI (X). Guessing here, hopefully a guess which starts you on the path to an answer. 1) I'd use ls -l to check the contents and permissions of /home/sonia/.ssh/authorized_keys you want sonia:sonia -rw--- You might want to look in /var/log/daemon.log on the target for the messages from the ssh server. 2) When you log into GNOME that starts gnome-keyring-daemon. This implements ssh-agent but looks into the GNOME keystores (which includes, but is not limited to, ~/.ssh). I do wonder if the ssh keys being used by gnome-keyring-daemon and the ssh keys in ~/.ssh/id_* might be different??? You might want to compare the fingerprints which are output in ssh -v and in the system log. Maybe command line ssh and gnome-keyring-agent are simply offering differing keys, only one of which works. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Federal Gov Open Source Policy
On 06/02/11 21:03, Kevin Saenz wrote: That is a majority of the time they would need to be DSD approved and each open source project would need to pay a minimum of $50k to get DSD to qualify it. Without DSD approval open source will not get a look in when it comes to networks that are rated Protected and higher. The trick with compliance is to read the documents carefully, not to be overawed by the security theatre of it all. That can be tricky when the customers are overawed too. DSD are as bound by the policies are you are, so the policies cut both ways. The most relevant paragraph is this one: Selecting products without security functions Agencies selecting products that do not provide a security function, or selecting products whose security functions will not be used, are free to follow their own acquisition guidelines. [Australian Government Information Security Manual, November 2010] Note that this applies whatever the classification of the network the software is used on. So if you want to bid particular software for use even on a Top Secret network then all you need only show is that the software performs no security function. There can be some irony here, as you may note as you disable HTTPS on the webserver :-) If your bid does require a security function (eg, the experienced person writing the tender specified HTTPS) then don't despair. You'll find some Linux distributors have done excellent work acquiring NSA or NIST certification for basic security functions (PAM, OpenSSL, Mozilla NSS, etc) BTW Red Hat Linux 5 is a standout. It even has MLS (ie, can use unclassified, restricted, protected and confidential information on the same system without the all the information being tainted up to confidential) evaluated to EAL4 (ie, the highest which can be obtained on generic hardware). The implementation is much easier to use than some other trusted operating systems. Presumably Red Hat intend to gain EAL4 for RHEL6. It is even possible to build DSD-approved gateways to the Internet from Restricted or Protected networks using open source components. For a long time in the history of the Internet in Australia the only DSD-approved gateways were built from FOSS products. In short, don't be afraid of information assurance requirements. Just read them carefully. Any FOSS vendor should be able to sell a non-MLS desktop configuration into a Protected or Confidential network with no great drama. If you see a requirement for MLS or a gateway security function then these are specialised fields and you might think carefully about if you have the internal expertise to respond. There are many consultancies in the information assurance field that aren't interested in what you do best (installation, configuration, support and so on) so you might look towards a partnership for those more specialised tenders. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Suggestions for a monochrome printer.
On Sun, 2010-05-23 at 02:00 +1000, wbenn...@turing.une.edu.au wrote: Can anyone suggest a monochrome printer with duplex function that works with Linux, for domestic use? I've been told that, with duplex function, it will cost an arm and a leg. It certainly costs more, because duplex is a business feature and pricing is set accordingly. You need to find a manufacturer which doesn't have that mindset. eg: Samsung ML-1640 monochrome laser, USB $101.56 Samsung ML-2851ND monochrome laser, duplex, ethernet $288.56 I've got a old monochrome Samsung and it has worked well for over five years. Consumables are about $110. The printer shipped with half-full consumables and no USB cable, which was pretty obnoxious. So although it works well, I expect you can do better. -- Glen Turner www.gdt.id.au/~gdt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Error in Time() command
On Sun, 2010-05-23 at 17:02 +0800, tenz...@iinet.net.au wrote:
I'm seeking a preferably citeable reference to the amount of error
in the returned result from a Time() command. I want to be
able to quote the level of error in timing the execution speed
of my project.
man time gives the answer.
These statistics consist of (i) the elapsed real time
between invocation and termination, (ii) the user CPU
time (the sum of the tms_utime and tms_cutime values
in a struct tms as returned by times(2)), and (iii)
the system CPU time (the sum of the tms_stime and
tms_cstime values in a struct tms as returned by times(2)).
man 2 times says that these data types are clock_t and
times() returns the number of clock ticks that have
elapsed since an arbitrary point in the past.
and
The number of clock ticks per second can be obtained
using: sysconf(_SC_CLK_TCK);
so
#include stdio.h
#include unistd.h
int main(void) {
printf(_SC_CLK_TCK is %ld\n, sysconf(_SC_CLK_TCK));
return 0;
}
which says for my platform
_SC_CLK_TCK is 100
Now the measuring precision may not match the reporting precision. But
the quantum of your kernel's task scheduler is somewhere between 100 and
1000 (see the CONFIG_HZ kernel compilation flag), so it is safe to say
that the reported precision of the tms API is the source of maximum
error.
If you need more precise runtimes and more details of consumed resources
then see the TASKSSTATS system. The documentation which accompanies the
kernel source contains sample code which will print all process exits
and the resources used to a high precision.
You also have control of the error. If you are lacking precision, then
give the program a task which makes it run for 10x or 100x longer.
As for citable you've got Buckley's. Shove the argument and program
above into an appendix and cross-reference it as you would any other
minor experiment or incidental proof. In general, these intermediate
results don't contribute to word count, but do check the local policy.
--
Glen Turner
http://www.gdt.id.au/~gdt/
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Error in Time() command
On Mon, 2010-05-24 at 09:02 +1000, Peter Chubb wrote: Actually it doesn't give the whole answer. Wow, thanks heaps Peter. tenzero: so there are 1000 (CONFIG_HZ) samples per second. For each sample your program is one of: not scheduled, running in user, running in system, or has yielded the processor due to a blocking event such as I/O or an explicit sleep(). It is possible that all processes yield and you get scheduled twice in one sample -- I'd note that, and then ignore the possibility. Run an infinite loop in another process if it worries you. That bastard will never yield, and so your process will never be scheduled twice in a tick. If you have multiple CPUs, bind one infinite loop to each CPU. In reality, unless your results are odd, this is a lot of work to exclude an unlikely case. With luck, your program is such that you can use strace to count the blocking events on a single run of your program. Then pretend that the scheduler tick misses every one of these. So if you program has 10 blocking events and runs for 1.00 second then there result has a bound of [1.00, 1.01]. Including the reporting error from the API [0.99, 1.02]. You will save yourself a world of statistics if your better program's range falls completely under the worse program's range. In your Appendix you acknowledge Peter's contribution with a footnote (eg, Thanks to Dr Peter Chubb of UNSW for explaining the sampling nature of the Linux task accounting). In general, you don't cite these sort of e-mail discussions since they are all care and no responsibility discussions rather than a considered opinion ready for peer review. Of course, where the posting becomes a part of the record (such Linus's announcement of Linux) then you reference. You will see from this discussion the common research hassle that determining the error of an experiment is usually more work than determining the result. Best of luck with your studies, Glen -- Glen Turner Australia's Academic Research Network (AARNet) www.gdt.id.au/~gdt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: Time Pedantry
On Wed, 2010-04-07 at 11:57 +1000, Jamie Wilkinson wrote: On 3 April 2010 12:51, Nick Andrew n...@nick-andrew.net wrote: Pity that unix time_t ignores leap seconds :-) And the corollary that anyone using ntpd or other time synchronisation discipline now has a gettimeofday() that breaks the POSIX definition. The point of an operating system is to present a useful abstraction of the hardware, including the time of day clock. An abstraction which includes all the arcana of timekeeping isn't actually that useful for most applications. time_t -- despite its shortcomings -- is a fine abstraction, so much so that most operating systems designed since have stolen this abstraction rather than use a structure of Y/M/D H:M:S as done by pre-UNIX operating systems. If you do need to track the arcana then there are multiple abstractions of increasing complexity, all of which are deficient for some users, all of which are less and less useful to everyday applications. Dissing time_t because it is so simple is to miss the point. It is a good abstraction because it is simple and the majority of the applications which use it wouldn't know or care what to do with a leap second. As for the specific point, there's nothing to stop difftime() applying leap second adjustments. -- Glen Turner www.gdt.id.au/~gdt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Beating the filter
Note that once the filtering legislation is passed this discussion, and others concerning the use of VPNs with an intent to avoid ISP filtering will be Refused Classification material (instruction in matters of crime). Just saying, in case people still think that the proposed filtering legislation won't have any effects :-) -- Glen Turner www.gdt.id.au/~gdt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ubuntu network manager dns
On Sat, 2010-03-27 at 21:37 +1100, Ashley Maher wrote: However /etc/resolv.conf was empty. (As has been noted by some users I found using google) So I statically entered some dns servers into /etc/resolv.conf from the telstra list. Pinging the ip number of the server works fine. Pinging the web address fails. The 3G infrastructure and the BigPond infrastructure are not the same. In any case, it's an Ubuntu bug. Disconnect from the 3G service. Edit /etc/resolv.conf to add server 10.11.12.13 (or any IPv4 address) and then reconnect to the 3G service. For some reason Notwork Mangler doesn't like editing an empty /etc/resolv.conf -- Glen Turner www.gdt.id.au/~gdt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Skype submitting SILK codec to IETF
From: Barrett-Bowen, Neil To: Glen Turner Date: Mon, 22 Mar 2010 00:47:47 + Subject: RE: SILK IP License Request Message-ID: 7e09d250a0d81f4bb9c5206d9ac6a156018c8c2...@dub-mexms-002.corp.ebay.com In-Reply-To: 1268956113.2084.30.ca...@ilion Glen, We have recently made some big change to the SILK program and have submitted the SILK source code to IETF. This means that you can freely download and use SILK for evaluation purposes by visiting https://developer.skype.com/silk. As stated on the web site, the use of the SILK codec for any other purpose than for your internal evaluation and testing requires an additional license to Skype IP. We are currently finalising the terms of this license and we will have these ready for review in due course. BR, Neil Barrett-Bowen Business Development IP Licensing Skype -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IPv6 DDNS and DHCP3
On 22/03/10 13:08, Peter Chubb wrote: Has anyone added scripts to dhcpd.conf to control DDNS records based on MAC address? See ddns-hostname in dhcpd.conf(5). You can set it to an expression, see dhcp-eval(5). The vector hardware contains the MAC address. Note that you can log an expression, which is useful for debugging the expression. You just keep renewing the DHCP lease until the log looks good, then assign write the ddns-hostname clause. See this for the leading zero trick https://lists.isc.org/pipermail/dhcp-users/2009-January/007726.html and the remainder of that mailing list for fine info. In general though, I'd recommend against DHCPv6 outside of a residential ISP scenario (and even there the hosts will autoconf, it's the router which takes it's address from DHCPv6). Autoconf + stateles DHCPv6 seem to have much less difficulties. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Skype submitting SILK codec to IETF
Erik de Castro Lopo produced the glyphs: ... Definitely not Open Source. They're obviously having an internal discussion. Let's wait until that finishes before jumping to conclusions. The IETF will force clarity regarding the patent license when Skype tries to move from Draft down the RFC standards track. Then we will see if Royalty Free terms are offered with their patent license. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Skype submitting SILK codec to IETF
Let's see how this goes: Subject: SILK IP License Request From: Glen Turner To: SILK Support Message-ID: 1268956113.2084.30.ca...@ilion Date: Fri, 19 Mar 2010 10:18:35 +1030 Name: Glen Turner Title: N/A Company: N/A Address: XX XX XX, X XX , Australia E-mail: x...@xxx.xx.xx Phone: +61 XXX XXX XXX (UTC+10:30) SkypeID (optional): N/A Product Name (optional): gstreamer Description of how you intend to use SILK (optional): Implement a SILK codec plugin for the GNOME gstreamer media processing libraries. gstreamer is used by many Linux distributions for media support. I note Skype's IPR Declaration to the IETF at https://datatracker.ietf.org/ipr/1164/ states: Skype is currently contemplating the licensing terms. It is the intention that there will be a royalty free license option available to companies implementing the standard. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Skype submitting SILK codec to IETF
On Thu, 2010-03-18 at 19:44 +1100, Amos Shapira wrote: What do people have to say about Skype open-sourcing and submitting their SILK codec to IETF as a proposed standard (http://share.skype.com/sites/en/2010/03/advances_in_audio.html)? The IETF accepts RFCs which require patents in order to implement as long as the submitter provides a patent license on RAND terms. RAND terms without a royalty-free license are of no use for free software. In that respect this small print on the blog post is not promising: * Use of SILK is subject to the applicable licensing terms. For more information please contact us. But conversely https://datatracker.ietf.org/ipr/1164/ says: Skype is currently contemplating the licensing terms. It is the intention that there will be a royalty free license option available to companies implementing the standard. So we will just have to wait and see. In practice, RFCs containing non-RF RAND patents have had a great deal of difficulty progressing down the IETF standards track in recent years (eg, Microsoft's terms for its patents in SenderID doomed the progress of that draft RFC). -- Glen Turner www.gdt.id.au/~gdt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] one serial port multiple readers
On Wed, 2009-12-30 at 18:45 +1100, Del wrote: USB serial ports are easy and cheap: 1 serial port per consumer Yeah, in this case that wasn't going to work because the object on the end of the serial port is (a) expensive and (b) susceptible to the sort of voltage drops that can be caused by parallelising serial ports. Yep, any PPS signal will be totally stuffed. BTW, I think you asked the wrong question. For example, I personally would have fed the NMEA messages into a NMEA channel on D-BUS, allowing any application to subscribe to the message flow. But to get that answer the question is about sharing messages, not about sharing serial ports. Best wishes, Glen -- Glen Turner www.gdt.id.au/~gdt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Australian government to censor your internets
On 18/12/09 02:38, Adam Kennedy wrote: ... with no noticable slow down of the internet. That's what the text of the Enex report said. But when you look into the experiment's results data in the back of the report, then that's not what their experiments showed. I'm contacting Enex to ask about their choice of statistical measures[1] and for access to the experiment's data[2]. [1] As one example, they subtract mean averages without including standard error. If you've ever sat through Statistics 101 then you will know how poor that is. Their treatment of missing values and zero values is also inconsistent. For example, if a filtered service is unavailable whilst a non-filtered service is available then this is treated as a completely missing observation, biasing the analysis towards low response times. [2] When university researchers do an experiment they are required to archive the raw data so that shortcomings in analysis can be corrected. I'm sure you've all heard the furore when climate change researchers at University of East Anglia deleted raw data. It will be interesting to see if work for DCBDE is held to the same standard. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] attaching lots of disks to PowerEdge 860?
On Tue, 2009-09-29 at 21:46 +1000, Dean Hamstead wrote: ATAoE is l2 protocol so no its not routable, but ATAoE is a published standard and the drivers are in the kernel since 2.6.11. A published specification, not a published standard. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] open office and .xlsx files
On 24/09/09 22:37, Chris Allen wrote: I have lately acquired a .xlsx spreadsheet from MS Office 2007 and tried to process same in Open Office (3.0.1) but cannot open it. Is there a logical reason for this? Is there a work around for it? I had thought that OpenOffice.org 3 and later supported .xlsx. To check this I just exported a spreadsheet from Office 2007 on Windows Xp and OpenOffice 3.1.1 on Fedora 11 opened it just fine, modulo substitution of fonts. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Chinese intruder yesterday
On 14/08/09 05:32, Jim Donovan wrote: He was evidently working from a list I really wish distributors would add a sshin group by default, drop the first user's account in it, and let the sysadmin add any further users that might need remote access. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Chinese intruder yesterday
On 14/08/09 21:28, Rick Welykochy wrote: Dare I ask why the distro should drop the first user's account in sshin? Headless installs. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
On 19/07/09 09:06, Amos Shapira wrote: Hello, I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink). I hung on to a old 10Base-T hub for exactly this purpose, and as a wireshark capture from Linux less and less replicates what appears on the wire (due to network cards becoming smarter and smarter) it is worthwhile. You'd be luck to find a 100Mbps hub, there were simply too few made compared with 100Mbps switches. You can use a switch in monitor or span (a Cisco-ism) mode, and pretty much all enterprise class 100Base-TX switches have that feature. You may not want them for a home network, because they produce enterprise-class noise. If you are looking at this for security purposes, then note that there are well-known defeats for switch-based monitoring. The usual approach for that application is either a RJ-45 electrical tap or a 1000Base-LX optical splitter. The optical splitter having the advantage of being unpowered and misbehaviour of the monitoring interface being unable to pull down the monitored interface. So an optical tap is the usual choice for enterprise, but you're looking at 3 SFPs (say, $900-$3000), 2 taps ($400), and 2 SFP-carrying PC ethernet interfaces ($600), and various optical cables ($400). I strongly encourage our university customers to attach to AARNet via an optical tap, even if they don't currently have a monitoring machine attached. You can buy the RJ45 taps from various security suppliers. The best ones are powered with the two MII/GMII interfaces basically wired to each other. You might find the search terms calea and lawful interception useful. The wired one someone posted to this thread should work at 100Mbps, but will fail at GbE. The system relies upon the combined capacitance of the system being small, so use Cat6 and keep all cables short. It's too dodgy for enterprise use, as any component failure (perhaps even powering off one of the nodes) would pull down the monitored link. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] two silly bash questions I can't find in google
On 16/06/09 22:06, david wrote: Q1.why does sed lose the first line? cat blah | while read line ; do sed s/t/T/ ; done Think about the return value of sed with no input. while swallows the first line, then cat prints the rest. You want this: cat blah | while read line ; do echo $line | sed s/t/T/ ; done which will have trouble with some characters in the input. I don't understand why you didn't choose a direct file redirection rather than a pipe: sed s/t/T/ blah Q2. what does the @ mean? date -d @1174306440 I can't find a reference to @ in the date man page. That man page says: The full documentation for date is maintained as a Texinfo manual. Which indeed it is: 28.8 Seconds since the Epoch If you precede a number with `@', it represents an internal time stamp as a count of seconds. The number can contain an internal decimal point (either `.' or `,'); any excess precision not supported by the internal representation is truncated toward minus infinity. Such a number cannot be combined with any other date item, as it specifies a complete time stamp. Internally, computer times are represented as a count of seconds since an epoch--a well-defined point of time. On GNU and POSIX systems, the epoch is 1970-01-01 00:00:00 UTC, so `...@0' represents this time, `...@1' represents 1970-01-01 00:00:01 UTC, and so forth... -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] two silly bash questions I can't find in google
Whoops, must turn on threading so the response from others are seen. Bad Glen -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Proprietary colour names (was GIMP was...)
Andrew Cowie wrote: On Mon, 2009-05-18 at 15:53 +0100, Richard Ibbotson wrote: ... much better than it was but some sort of Pantone colour integration would be good (eventually). An open source version of that would need to be implemented. Which is what the hold up is, at least as I understand it. The Pantone colour palate (specifically their name-to-ink-colour mappings) is Pantone's proprietary intellectual property and they have chosen not to let them be used in libre ways. Hi Andrew, The PANTONE CMS gamut is wider than CMYK or RGB. Since there's no way of accurately displaying PANTONE colours on a RGB screen or CMYK page PANTONE will still sell their swatch cards. I can understand that PANTONE can trademark their mixed ink names. I can understand that PANTONE may patent the inks themselves. But I don't understand how using that trademarked name to identify the ink mix product breaches trademark law. Otherwise I'd better start asking sales assistants for their Kola nut carbonated drink rather than Cola-Cola(TM). I'd be more than happy if PANTONE support consisted of a box asking for the text of the PANTONE colour, the RGB I'd like to use to display that on the screen and the CMYK I'd like to use when printing drafts. In practice, that would work by choosing a colour from the swatch, and entering it's name. Then hold the swatch to the screen until a good RGB match is found. Press a button to test print a gamut surrounding that RGB match, hold the test print to the swatch, enter the corresponding CMYK digits against the best match. Remember that only one or two spot colours are usually used. And this procedure automatically calibrates the screen and printer for the spot colour. Then the software need not carry the trademarked names, nor name-to-RGB, nor name-to-CMYK mappings. In fact, such software wouldn't be specific to the PANTONE CMS at all. Which, it seems, would serve PANTONE right. Cheers, Glen -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Proprietary colour names (was GIMP was...)
david wrote: Excuse my ignorance, but isn't this roughly what colour management (http://www.argyllcms.com/?) is supposed to do? The main purpose of colour management is that the colour you use on one device is accurately displayed on another device. For example, if you scan an object and display that object on the screen, then when holding the object against the screen you can see no differences of colour between the object on the screen and the original object in your hand. The way we do that is to give each device a colour profile which describes adjustments which need to be made against a theoretical colour space for a given colour to come out right. A problem is that there are multiple theoretical colour spaces -- as differing technologies can show a wider or narrower range of colours. So a computer screen (RGB), a three-colour plus black (CMYK) and spot printing (mixes of inks, but those mixes cannot overlap) all form differing colour spaces. And you can see from the mixed-ink case that the spaces can have internal gaps too. There are also other colour spaces not used at all in printing, but in other fields. Some colour management systems attempt to translate between the differing colour spaces. This is moderately successful, but also fails when the gamuts of the two spaces do not overlap. For example, there is no way to accurately represent a mirrored finish as opposed to a flat finish ink on CMYK or RGB. Even CMYK/RGB is problematic -- RGB colour are a light box, whereas CMYK colours are printed. So at equivalent resolutions photographs look much better on RGB screens (which goes back to the old-time serious photographer's preference for slides over paper). Going the other way, the black ink in CMYK allows much better control over dark shades than with RGB. Colour is a complicated field. I hope this gives you the flavour of it. To answer your question, there is a PANTONE colour space. In theory a CMS could convert between devices using PANTONE (actually a no-operation, since all PANTONE printers are pre-calibrated to be identical). In theory, a space-converting CMS could handle spot printing technologies such as PANTONE. In practice, the whole point of spot printing is precise control of printed colour and a designer isn't going to leave it to some subsystem to convert an RGB pixel to the exact shade they have in mind. They want to enter that exact shade into the application. With PANTONE spot printing in particular, there's perhaps some legal questions. Which Andrew mentioned in a previous post. Having written all of the above, it is well worth the hassle to get the DPI of your screen correct (so that 1inch in the application is one inch on the display) and to colour calibrate the screen, printer and scanner. Increasingly manufacturers are releasing nominal values for these calibrations for each model, and in the long run the hope is that some calibration good enough for all but the most fussy will occur out of the box. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Lenovo wins $150m NSW schools deal or April Fools joke?
Marghanita da Cruz wrote: So, the school kids are being taught to develop content for four colour industrial printing, rather than websites? I should hope that in an art or technical drawing class the students have the opportunity to use the correct technology for the medium they are working in -- be that RGB, CMYK or PANTONE. Telling students that they must only present their computer- generated images on three-colour illuminated media seems to me to be the sort of petty fascism that disenchants students and oppresses teachers. It doesn't stand to the credit of the free software movement that this long-outstanding bug in its premier graphics package continues, and of course that bug should stand against free software in an evaluation of software alternatives. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Laptops with Linux pre-installed?
Andrew Cowie wrote: Chatting with Bdale about this a few months ago, he articulated that there was a vast difference in HP's laptop line between systems targeted at the consumer audience, and systems targeted at the corporate market. Notably, the consumer-targeted systems rapidly change chipsets based on whatever was forklifted into a large bin in the corner this morning, whereas the corporate systems were deliberately manufactured with a defined load-out that would stay the same throughout the support lifespan of the system. [Which is impressive if true. There's nothing worse than taking a machine in for servicing and getting a new motherboard back with _completely_ different hardware in it] He also seemed to be saying that their focus with Linux support (ie, drivers and availability installed at time-of-sale) was [would be?] in the corporate product set. This is certainly also true of Dell's support for Linux on their desktops -- corporate line has certification and support, consumer line doesn't. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] GIMP (Was: Lenovo wins $150m NSW schools deal or April Fools joke?)
elliott-brennan wrote: I've never been shown the difference (as in, here are examples of a photograph) and I don't know if most (the majority of) people would notice or care either way. The difference is mainly apparent when using shades around black. That's a part of the printer's palette (ie, CMYK) where RGB lacks sufficient resolution to describe all that the printer can do. Getting silver shades is particularly hard in RGB. Also lacking in GIMP and Inkscape is support for spot printing and multi-colour processes. PANTONE is the most common of those process -- it is commonly used to print logos onto things. In short, you wouldn't notice with photos, but if you're trying for a moderate level of graphics arts on paper then the lack of ability to describe all that the printer is capable of gets old pretty quickly. As a simple example, I had to ditch GIMP to get a sun rising effect on some PR material I was preparing. Similarly, the lack of PANTONE support sucks if you are printing stuff like your sporting club's logo onto water bottles or whatever. I got particularly burned by Inkscape having an error in the image flattening -- the image had white over a gray spot, but this didn't flatten into a hole in the gray spot, leading to Tasmania being dropped. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Calendar Server
Bedework is popular at universities, mainly because it easily deals with multiple calendars per user and talks to everything but Exchange clients (which is squarely in their plans). It may be a bit over-the-top for a small company's needs. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Defining Mainsteam
Daniel Pittman wrote: Out of curiosity, what number of users are you considering real users here? I agree with what you are saying, but you certainly seem to have a much, much higher standard than I (at least) am used to for real use. There's also features that don't add anything to an experiment but are needed for the real world. Accessibility and internationalisation spring to mind for software, packaging and parts availability for electronics. And dare I say documentation? -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Defining Mainsteam
Malcolm Johnston wrote: All this may be just me. I haven't had a decent look at distros like Ubuntu, and this is why I ask my question. What, in a nutshell, is their appeal? One one level it's all Unix, of course, but, given that, what are the appealing differences? In the past few years Linux has gone past the boundaries defined by Unix. The area this is most noticeable is in the APIs used by applications programmers (it's not xlib anymore) and in handling the new ways hardware works (hot plug everything, suspend/resume). The appeal of Ubuntu and Fedora is that they are now beyond trying to develop a reasonable Unix-like operating system. They're now trying to produce a superb operating system -- one that is easy and pleasant to use, where new hardware Just Works, where single machine systems administration doesn't require command line genius. Older distros thought it was fine that I needed to be an expert in graphics to connect a projector. That's a fail for me, since my expertise is in networking. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] [Fwd: Re: Computers software for schools]
Daniel Pittman wrote: IIRC, this is usually by billing for a copy of Windows to run on everything, regardless of what actually runs on it, so the cost of Linux is now hardware + Windows + Linux, no savings available. So what alternative do you propose? That every machine be inspected to see what operating system it is running on some census date? We've been there with Sun machines running the various BSDs and it really, really hurt just for a few hundred machines. Only an insane love of bureaucracy would try that on a few hundred thousand machines. Better to negotiate a discount for the estimated proportion of machines running another OS and pay on the number of machines in the assets register. You'll note that NSW was delighted that it didn't even need to count machines, but could base its payment on student enrolments (ie, a figure it has easily to hand). The state gov't schemes are also different in one other aspect: the software is paid by the gov't, not by the school. As far as the school is concerned the software cost is $0. Now, if I could have a moment to soapbox, why are Linux advocates bitching? Apple sell into exactly the same situation, and do quite well out of education, thank you. Can Linux not compete against a $0 alternative, is its only competitive edge the saving of license fees? I don't believe so. I believe that Linux is a more useful operating system -- easier to use, more secure, more stable, more applications and a view of computing wider than that of mere business. I especially believe that the ability to open the hood, to observe the blinkenlights, to treat the computer as a deterministic tool rather than a black box governed by moods and whims, brings large advantages to the act of teaching. I don't believe this based on some mystical faith. I've used both Windows Xp and Ubuntu Linux on my Eee, and Ubuntu outshines Windows in every way. I feel sad that Linux wasn't selected as the operating system my daughter will use at school. But the reasons for that sadness are not at all financial. If Linux succeeds, then the financial will take care of itself. I doubt the education department really enjoys $m of funding being top-sliced to pay for software when there are so many other uses for $m within the education system. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Installing 8.04 on a Dell Optiplex GX260 - woe is me
elliott-brennan wrote: What the hell has this been created for? For installing Microsoft Windows NT 4.0 on machines with more the 2GB of RAM. For Linux you can leave Dell's OS Install Mode off. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Defining automount points for USB and SD devices in Ubuntu
Howard Lowndes wrote: Greetz all, long time no write - another story. I have switched to Ubuntu from Fedora, at least for desk/lap top use and I have hit a small snag. When I stick in a USB or SD storage device with an explicit device label, it automagically mounts the device at /media/device_label, which is great except that it's not where I want a device with an explicit label to be mounted. What config file defines where such a device gets automounted? I haven't checked, but you're probably looking a a udev event being notified to hal which then sends a udev message which gets picked up by a listener in the desktop which then runs gnome-mnt or equivalent. These are guesses based on observed behaviour (such as the lack of automatic mounting from text mode). udev runs some name cleaning scripts, so that the volume name isn't a covert channel for a exploit, and drops the volume name into a variable. I imagine /media is coded into the desktop mount utility. I wouldn't fight it myself. Simply because it's nice and it works and stuff like SELinux is going to try and enforce the standard location. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] [OT] how to wipe a mini dv tape?
Hi Sonia, If you have a stack of tapes it might be worth the ten minutes seeing if Tech Rentals or an office equipment supplier to military contractors similar has a tape degausser in their rental stock. These are big electromagnets, usually intended to erase low-level classified e-waste. For example: http://www.veritysystems.com/degaussers/degausser.asp?id=1240 They'll easily wipe a big box of tapes in a day's rental. They're designed to wipe traditional 1/2 reel tapes, so they'll certainly work for MiniDV. Cheers, Glen -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Downloading files with .asc extention.
This is a bug in the Apache configuration. Read http://httpd.apache.org/docs/2.2/mod/mod_mime.html#multipleext The server has IfModule mod_mime.c AddEncoding x-gzip .gz AddEncoding x-compress .Z AddEncoding x-bzip2 .bz2 /IfModule and maybe AddType entries as well (probably via a trashy /etc/mime.types). It should have the more complex but correct: IfModule mod_mime.c FilesMatch \.gz$ AddEncoding x-gzip .gz /FilesMatch FilesMatch \.Z$ AddEncoding x-compress .Z /FilesMatch FilesMatch \.bz2$ AddEncoding x-bzip2 .bz2 /FilesMatch /IfModule wget -S http://www.example.com/fred.tar.gz Content-Type: application/x-tar Content-Encoding: x-gzip Note carefully that some browsers will now un-encode the file prior to writing it to disk (ie, fred.tar.gz will now save as the uncompressed fred.tar). You can also configure Apache so that .gz.asc and .bz2.asc are a special case prior to .asc. # PGP IfModule mod_mime.c AddType application/pgp-signature .sig .tar.gz.asc .tar.bz2.asc ... /IfModule IfModule mod_autoindex.c AddDescription PGP signature .sig .tar.gz.asc .tar.bz2.asc ... /IfModule # Text IfModule mod_mime.c AddType text/plain .txt .asc ... /IfModule IfModule mod_autoindex.c AddDescription Text document .txt .asc ... /IfModule -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] More on the USB modem.
wbenn...@turing.une.edu.au wrote: Many thanks to those who replied to my original enquiry. I asked around on the business of the modem's being snooped. Nobody seems quite sure. The general consensus of opinion was that, as the modem used the broadband in the manner of a mobile phone, it *couldn't* be snooped. And if it couldn't be snooped, there was no need of encryption. I'm new to this thread. A core concept of security is limiting trust. By assuming encryption by the link you are adding the ISP, router manufacturer, switch manufacturer, link provider, base station manufacturer, card manufacturer and card firmware programmers to the things you need to trust. That unnecessary expansion of trust is poor security practice. You should also look at things from the telco's point of view. Warrantless interception is illegal. Although the telco will take some measures to protect you from the criminality of others, they are not going to go to massive lengths to do so. In your particular case, you've not considered the entire problem. Sure the link from card to basestation has some crypto (it's in the telco's interest, as they don't want people contesting their bills). But the often-microwave link from the basestation to the exchange? That strikes me as the point where your data can most likely be collected off the air (even if that link is encrypted, that link will have the worst key management, probably unchanged from the day it was installed). -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] AU Online Bookstores
Being from out of the country, I'm not familiar with the best AU-based places to buy (hopefully used) IT books. Besides shipping books from Amazon, does anybody have any place (online or brick) they would recommend? Many people are happy with www.abebooks.com. Not Australian, but a fine marketplace for second-hand books. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: Netbook experiences?
Daniel Pittman wrote: I was specifically interested in the claim by the OP that the custom kernel was *faster*, and that this improved boot time, especially by virtual of removing drivers. It is faster to boot. And it seems that a fair bit of that is from built-in drivers. Looks like there's a lot of fat which could come out of the udev system. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Linux training course for experienced Windows admin
Hi folks, Looking for a good Linux training course for someone with a deep background in PC hardware and Windows. Pref held in Sydney. Thank you, Glen -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] HUAWEI E169 USB Modem on Fedora 10
OK. The new version of NetworkManager has explicit support for GSM modems. So forget using kppp and so on or things will get terminally confused. The way this beast works is: - you insert the device - UDEV tells HAL that it has been inserted - HAL looks up a XML-based information file. These are where the rubber hits the road. The system files are in /usr/share/hal/fdi/ and any files you may write go into /etc/hal/fdi/ - HAL determines from the USB vendor/model codes it was handed that you've got a GSM modem. The policy files contain related details like which USB Serial port to use for PPP, what dialing algorithm to use, etc. - HAL pumps these details to NetworkManager, probably via DBUS - NetworkManager daemon chats with the NetworkManager applet to grab other data, such as PIN numbers - NetworkManager kicks off PPP using the combined information from HAL and the NM applet. Since you imply you're using KDE, I've no idea if the KDE network manager applet can prompt for GSM PINs. I use a Telstra card and 'simply' had to add another .fdi file to the HAL policy to make it work. I modelled it on the files for similar equipment that were already in the /usr/share/hal collection. You might be even better off and simply need to add a USB model to an existing entry. There's a XML merge statement which will do that nicely so that there's no need to edit the system-provided files, but add one under /etc/fdi/information. Personally I found the lack of man pages or other documentation simply outrageous and the whole exercise reminded me why I hate the Linux vendors' cheapskate engineering and lack of even basic QA. More change can be expected in this area, since there's obvious overlap between udev and HAL (not to mention the gazillion existing methods used to do keycode assignment). Hopefully it will also integrate all devices, at last allowing effective policy -- such as sysadmins being able to ban removable storage devices (or mount them with wheel access only). ?xml version=1.0 encoding=UTF-8? deviceinfo version=0.2 device match key=info.category string=serial !-- Telstra Series 7 (Sierra Wireless 880U HSDPA modem) This appears as USB/serial ports: 0 Sierra Wireless AT command port (UMTS) 1 Sierra Wireless DM port 2 Sierra Wireless CNS port 3 Sierra Wireless data port -- match key=@info.parent:usb.vendor_id int=0x1199 match key=@info.parent:usb.product_id int_outof=0x6855 match key=@info.parent:usb.interface.number int=0 match key=serial.port int=2 append key=info.capabilities type=strlistmodem/append append key=modem.command_sets type=strlistGSM-07.07/append append key=modem.command_sets type=strlistGSM-07.05/append /match /match /match /match /match /device /deviceinfo If it works in Ubuntu, you might want to compare the FDI files /usr/share/hal/fdi/information/10freedesktop/10-modem.fdi or simply look through that file paying attention to USB IDs. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Ubuntu, Network Manager, USB 3G, ZTE Support, How to Help?
Tom Deckert wrote: Hi, The 3G USBModem I purchase does not work when I plug it in to Ubuntu Intrepid Ibex. I want it to just work. I emailed here, and Ubuntu Forums, and then finally thought to contact the manufacturer, ZTE. I told them adding Linux support would be easy, all they needed to do was provide information about their devices to the Linux community. On their support forum, they responded: What information do you need? So, what information do I need? To whom do I need to provide it? I know: Model: MF626 VendorID = 0x19d2 ProductID = 0x2000 (Storage) ProductID = 0x0031 (modem) A person at the ZTE forums reported the Device Map: DIAG VID=0x19D2,PID=0x0031 MI=00 NMEA VID=0x19D2,PID=0x0031 MI=01 TCard VID=0x19D2,PID=0x0031 MI=02 Modem VID=0x19D2,PID=0x0031 MI=03 The modem commands are: AT+ZOPRT=5 - makes the device to stay in online mode AT+ZCDRUN=8 - disables auto-run AT+CGDCONT - configures the correct APN profile These devices look like a modem to Linux. Like a modem you issue AT commands and use PPP to establish the Internet link. That's an illusion of course, since the PPP connection terminates on the card itself, and the card communicates with the telco infrastructure using another set of protocols. You can get a view of that world from the DIAG port, and the protocol for that port is vendor-specific. Usefully, the DIAG port will cough up received signal strength information. The NMEA port is a USB serial device view of an artificial NMEA device (NMEA is the serial protocol used to network boat electronics). The NMEA protocol could be used to access the timing signal of the GSM protocol, or there might be a full GPS receiver in the USB stick. You'll need to ask, and you'll need specs on what NMEA sentences activate which features. The Tcard is your USB storage device. Typically manufacturers are including these to give distributors a simple way to distribute their driver software with the device. I've only ever seen one device where this also held the firmware for the device -- more typically the firmware is upgraded through the DIAG port. I'm not sure who's job it is to figure out that when a MF626 is plugged in, it should ignore the USB Mass Storage and just set up the modem to run. You want all of the on-board devices to come up: you just need to push the IDs into the USB serial driver (there's module options if you want to experiment prior to coding). For the modem and NMEA serial devices you want the features and the AT commands or NMEA sentences to use those features. Sierra Wireless gives these out in their manuals, and they are a nice example to provide your manufacturer. Question: Should I file A) HAL bug report, B)NetworkManager bug report, C) HAL and NetworkManager bug reports? D) Something else? If the serial driver doesn't automatically load, then it needs IDs added, and this involves udev. If it does load then it's up to HAL to organise the correct user-space response. For the GSM modem that's sending a D-Bus message with the serial device ID, which Network Manager receives. Later NM understands GSM modems. Although that sounds a lot of work, copying the XML HAL configuration from another GSM modem is simple. As you can see, udev and HAL duplicate some functions, and there's a move to combine the two. For the NMEA device, HAL doesn't understand these at all. Which is a shame, as there's a growing need for applications to share info from location and time devices. Without developing all that, ensuring udev loads the USB serial driver and you can see the sentences in a terminal emulator is about all which can be done. The DIAG port will need a driver. From what I've seen to date, this can be a trivial module layered over USB serial. The storage works, as it should. Would be worthwhile seeing if there's a HAL option to hint to the desktop system not to bring this device to the user's immediate attention (ie, create desktop icon, but don't open the file manager). -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Keeping wife on linux
Robert Barnett wrote: My wife and I have a shared computer at home, however, I seem to be facing a loosing battle for her experiences with linux to remain pleasant. I am running fedora core 9 with additional packages from the Livna repository Ah, an experience I know well. * We've not been able to find a way to purchase songs from Yahoo or iTunes. I've tried foxy tunes and wine without much success. iTunes isn't going to work. Every time a good free iTunes client gets a following Apple go and alter the iTunes backend to defeat it. I got it working under Wine, but it was a painful experience I wouldn't recommend. * We've had some difficulty with video codecs. Channel nine or ten is using a codec which includes advertisements but only works for Windows Media Player 10+. Is that still true, both the sites seems to have moved to flash? What you need is the Windows codecs download from mplayer.org. This is blatant copyright infringement (a copy of the Windows DLLs), which is why they aren't in Livna. I've been toying with using vmware and running XP SP2, but I think that it would leave me with two systems to maintain rather than one. I may also have to buy a new machine (dual core) to meet the system requirements. If you want to play videos flowingly and access the USB port for the iPod you'd better happier with dual boot. VMWare and Fedora are not a happy mix. You might want two try KVM if you have a CPU with virtualisation features. Which can be checked by looking for output from egrep '^flags.*(vmx|svm)' /proc/cpuinfo Otherwise Qemu is nice but slow. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Where to buy cheap Cisco routers?
Peter Chubb wrote: Also, have you considered other manufacturers? For example, I'm a bit of a fan of the HP Procurve routers ... they're similarly functional to the CISCO ones but a bit cheaper, depending on what you want to do. And I really like their warranty (basically, if it dies because I get to use a lot of manufacturer's routers, and for a small business HP is currently at the sweet spot. You might also ask Juniper. Their new EX is a very capable switch/router, but I'm not across the pricing. If you buy then watch out for: - the maintenance trap -- this is often based on RRP, not the price you bought the router at. As Peter points out, HP's lifetime free software and hardware maintenance is a big plus (and the main reason they are the world's second-largest switch supplier). - the software train trap -- this is where the two features you want are supported but not in the one software image. So you buy thinking the box will do the job, but in practice it can't. - the resale trap -- often the software EULA doesn't allow the software to be resold. So you can buy the hardware cheap on the second-hand market but then face a substantial licensing fee for the software. - the GBIC/SFP checksum trap. Some manufacturers only allow use of their branded optics, despite almost all manufacturers using Finisar parts. Cisco and HP are notorious here. For example, the nice HP 24 port GbE switch costs less than the HP-branded optics. If you have a multi-building office you'll want to use GBIC/SFPs to interconnect the buildings (using UTP runs the risk of a grounding issue destroying the switches). Equally, finding a reasonably-priced SFP-based GbE card for a Linux box is difficult. In the router look for: - VLANs, at least 16. - enough QoS for voice, such as a voice VLAN or, better, DSCP-based QoS - SNMP, with per-port stats, especially error counters (the ethernet MIB has these) - a way to back up and restore the config across the network. - a routing protocol, preferably OSPF, so you can grow the network. - rapid spanning tree for switch ports (802.1w) - IPv6 support (IPv6 forwarding, OPSFv3) As for buying one, any of the suppliers which sell to medium sized business will sell you a Cisco router (Alphawest, etc.) A fair few online retailers will as well. Also, don't dismiss the Linux box for reliability reasons -- there are plenty of small distros that will fit in flash and flash/IDE converters are plentiful. The usual problem is the learning curve, but if you've never configured Cisco IOS before you'll find it has a substantial learning curve too. Router reliability comes from hardware design, but the space you'll be buying in has precious few reliability features in the hardware (such as redundant, hot-swappable power and CPU, hot-swappable interfaces, passive backplane, hitless software upgrade, etc). -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Fortress .... err Firewall Australia
Rev Simon Rumble wrote: This one time, at band camp, Kyle wrote: Is this possibly for real? Yes. Our political overlords realise it will cost a fortune, will slow down our internets and won't work. They're being successfully wedged by the shrill wowsers like Hetty Johnstone that being anti-filtering is equivalent to being pro kiddy porn. Hi Simon, I think that fairly describes the last lot in government. This lot seem to be serious. That are being wilfully blind to the effects on reliability and performance. They still think of the Internet as the Interweb, forgetting about the huge amount of hidden traffic carrying phone calls, building global scientific instruments, and so on. Even from the perspective of the Interweb the proposal is stupid. Cheers, Glen -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] bind non chroot setup
Voytek Eymont wrote:
I've copied /etc/named.conf and zone files, edited for chroot path,
edited for chroot path is the error.
Remove and reinstall
bind-utils
bind-libs
bind
bind-chroot
to get back to a clean situation.
Now edit /var/named/chroot/etc/named.conf. The
filenames in that file are as if the daemon is
running with the root changed to /var/named/chroot.
So:
options {
directory /var/named; // Actually /var/named/chroot/var/named/
dump-file /var/named/data/cache_dump.db; // And so on
statistics-file /var/named/data/named_stats.txt; /And so on
...
include /etc/rndc.key; // Actually /var/named/chroot/etc/rndc.key
zone example {
type master;
file data/example; // Actually /var/named/chroot/var/named/data/example
allow-update {
localhost;
};
};
include /etc/named.rfc1912.zones; // Actually
/var/named/chroot/etc/named.rfc1912.zones
It's all pretty easy. You just need to keep everything in /var/named/chroot
and then strip that prefix from the file names when you refer to them.
--
Glen Turner http://www.gdt.id.au/~gdt/
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Comp TIA+ / CLP
Blindraven wrote: The only place I've found so far is http://www.simt.nsw.edu.au/lpi1.php - but they want 2grand. All I want to do is sit the exam which is only supposed to be around $70. The LPI can be passed by self-study -- you can download the syllabus and build your own study programme around that. The $2K courses have their role, but a disciplined person willing to do a few months of evenings of self-study doesn't need them. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ADSL2 modems that just simply work with linux -- existed for adsl1
Kyle wrote: ** It seems pretty much every ADSL2 modem is also a router these days and thus has an ethernet port. Of course, that also means you need another power outlet as opposed to powering over USB like the Alcatel stingray did. Most ADSL modems these day are designed to be wireless routers. So powering them separately makes sense. You don't want to have to turn a computer on to power the wireless to be able to use a different computer. If you buy a router without wireless, it's really just the wireless design but lacking the wireless components. I've never had trouble with Linux and a router with an ethernet port. I've always had trouble with routers with USB ports (and not just limited to Linux, but Vista and MacOS as well). As for port forwarding versus PPPOE from a Linux server, it really depends what you want to do. I do PPPOE myself so I can offer IPv6 and videoconferencing to users of my House Area Network. But it's a lot more complex to set up than configuring port forwarding (since you've also got to set up the server to do DHCP and NAT). -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] TFTP server problems.
DaZZa wrote:
Sep 24 09:18:03 fred in.tftpd[29931]: cannot set groups for user nobody
Perhaps you need to pass the user and group in parameters
to in.tftpd rather than as parameters to xinetd. See the -u
parameter and the manual page in.tftpd(8), which says:
-u username
Specify the username which tftpd will run as; the
default is nobody. The user ID, group ID, and (if
possible on the platform) the supplementary group IDs
will be set to the ones specified in the system
permission database for this username.
which implies that without -u the daemon will run as the
nobody user.
I'm not sure in.tftpd could even bind to the listening port
unless it starts as the root user.
If you are running a recent Linux (with IPv6 support)
you may also need to ensure that xinetd doesn't try to
bind the IPv4-only TFTP protocol to a IPv6 socket.
See the flags parameter in xinetd.conf(5).
An example from a running TFTP server is:
service tftp
{
socket_type = dgram
protocol= udp
wait= yes
user= root
server = /usr/sbin/in.tftpd
server_args = -s /srv/tftpboot -c -vv -u tftp -p -U 007
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
On my distro xinetd also references TCP Wrappers, so /etc/hosts.allow
says
in.tftpd: ALL
On my distro a firewall also exists and a iptables rule had to be added
for the TFTP protocol (which runs over UDP). That requires the tftp connection
tracking module nf_conntrack_tftp to be installed so that RELATED rules can
be matched.
--
Glen Turner http://www.gdt.id.au/~gdt/
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Best WINE Front end ..?
What I find useful is winetricks, which makes downloading prerequisite software from various web sites very simple. Having said that, I still haven't got Outlook to work. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] X authorization
jam wrote: This POS is not in operation I'd come at this another way, and use a login theme or screensaver to display the not in use text. Mainly because if the terminal is saying it is not in use then it shouldn't be usable. Whereas if you just paste up a some text using X then the keyboard will still work, which might be confusing when someone cleans the keyboard. Anyway, your problem is almost certainly that X isn't running TCP. That's controlled by the GDM settings. Don't forget to modify the firewall too. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Performance Tuning
Kyle wrote: Ok, a couple of responses thus far. Some further info. The software I can tune myself. I was more looking for Linux specific tuning. * Yes, I was/am concerned about I/O. * But also ensuring the OS itself (system processes) is not hindering anything otherwise. * The RAID is the storage medium. (Hardware RAID) * Incremental change analysis is done client side. * Dual P4's / 1GB RAM * Filesys is ext3 mounted with 'defaults' You've chosen *the* application which most stresses the operating system :-) Cut the problem into three - tune the disk - tune the network - tune the backup software. Disk: - you are writing large files. - RAID5 is not your friend, why not RAID10 since disk is so cheap? - some filesystems do big files better than others (xfs ext3) - you need all spindles running under the same load, so layout your disks that that in mind. You'll probably need four spindles running to ensure that the average write speed exceeds the maximum read speed of the clients. Test this -- the client should not stall. - you are not reading - caching gains you little, so adjust the weighting so caches are cleared down more agressively - discard metadata uselessness (such as atime). - kill all low value disk-using processes (such as Beagle, slocate and other such rubbish, typically run from cron). - The stripe sizes used to build the RAID should be unusually large and should mesh well with the filesystem's extents. Network: - set autotuning for the bandwidth-display product. A reasonable reference is: http://www.gdt.id.au/~gdt/presentations/2008-01-29-linuxconfau-tcptune/ - use jumbo frames (9000B packet 8KB disk block, so very efficient) - avoid firewalls and other bogusness - check every counter on every host/switch/router for errors. You need zero errors. Note the contention between network and disk I/O buffers. These both need low memory. A 32b OS only has 512MB of that, which is a fail for this application (especially since Linux locks hard on kernel memory fragmentation). You need a 64b install. Do the math (which depends on the number of clients), but I think you'll find that 1GB of RAM won't be sufficient and you'll run out of cache before you run out of filesystem bandwidth. Backup software: - chain backups, so only one/two client is running at a time. - avoid rate limiting, it's more efficient for one or two clients racing to the finish rather than have 30 clients all talking slowly. - set any block sizes way big. - work out how the indexing works. Move that off the main backup spindles, so that index updates don't move the disk heads on the backup spindles. Of course, all this needs to be taken with a grain of salt. There's a world of difference between tuning small backup server (where you just want things to complete overnight) and a corporate backup server (where you are more interested in how many clients each machine can back up per night). Finally, what is your offsite strategy? If you're ejecting diskpacks then note that not all chassis are rated to continually do this. Worse still your diskpacks may not fit into a borrowed chassis. Better to use a third-party container and keep a spare container chassis offsite with the diskpacks. Also some backup software needs a full scan of all diskpacks if it the software is asked to do a disaster recovery and this can take a long time. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Glen Turner : The return of the Walled Garden
Erik de Castro Lopo wrote: Is anyone using one of the IPv6 enabled Internode conenctions and care to tell us how it's going? I'm an Internode customer at home (my employer doesn't do domestic premises). So I asked. Internode are currently shipping IPv6 to colocation rack customers. They are working towards shipping it to ADSL customers. They're got in in trial on one of their BRASs, but it's their test BRAS and so won't be solid (since the nature of test is that there's no change control, outage notification, etc). I've got a daughter at uni who will kill me if the Internet is down when an assignment is due (assignments these days are submitted over the Internet), so I had to pass on that. Give it a few months to bed in and for Internode to work out what a ADSL customer offering should look like and things should be very, very fine. The major fly in the ointment is the lack of IPv6 ADSL routers. To my knowledge there's only the Cisco stuff, a D-Link, and Linux boxes doing NAT connected via a ADSL modem. Tunnel brokers are fine for experimentation. It's nice to see Internode offer one, as the AARNet one is incredibly hammered (the most-heavily used Hexago box in the world). But neither the ISP nor the customer will want tunnels in the long run -- gamers cry about latency now, just wait until all their gaming traffic routes via Adelaide :-) What Internode have done is impressive. Someone in the commercial space had to make a start, and they have. More power to their arm. -- Glen Turner http://www.gdt.id.au/~gdt/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Full / partition
On Fri, 2008-08-15 at 17:33 -0400, Geoffrey Cowling wrote: I've just built a new machine for myself, and have put Ubuntu on it (I've usually used Debian), and there seem to be quite a few Ubuntu experts around here. I have a 400G disk, and I partitioned /sdb2 as / and gave it 1G. This was working well until I foolishly mounted a partition from another disk on a subdirectory of it --perhaps 4G. This gave some error messages, and now df says the partition is full and some things I try to do with apt-get give error messages, (incl. is your disk full) I have /boot, /usr /usr/local/ swap /tmp and /home partitions. That's very odd. You say you used 'mount' to add the new partition into the tree of directories. That shouldn't have used any disk on /. Are you sure you didn't attempt 'cp' the contents of the new partition into /? The output of 'df' will show all mounted directories -- does 'df' show your 4G partition at all? Personally, I don't bother with partitions on personal-use computers, they always seem to cause more trouble than they solve for computers used in that role. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Email Domains --- handling of invalid email addresses
Peter Chubb wrote: As a general rule bounces are evil. I'm planning to give a talk at SLUG on this next month, if the committee agree The major exception to that would be messages submitted down the Submission (STMP+TLS+AUTH) port. You know they aren't spam or relayed, so full service can be given. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] bind attacks
Alex Samad wrote: Jun 25 15:20:28 hufpuf named[3574]: client 59.151.50.247#9753: query (cache) './A/IN' denied can somebody shed some light on what they think they can gain ? Perhaps it's a DDoS attack seeking to hide it's originating IP address. Probably best to blackhole responses for exterior requests for .. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Is someone is snooping my wireless?
Jonathan Lange wrote: Recent events have reminded us that randomness is just as important in SSH key generation. I'd save my dice (and my time) for things that actually guard my data. The entire strength of WPA2-PSK depends on the shared key being unguessable; that is, random. So the WPA2-PSK key is actually one of your things that actually guard my data. The thread was discussing using ineffective but very inconvenient barriers to unauthorised home WLAN use. I was simply making the point that secure configuration of WPA2-PSK is all that is required. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] more RS232: USB-RS232, PCI ?
Voytek Eymont wrote: I want to setup a 'data logger' for rain water tanks and hot water storage tanks, for this I'll need at leats 3 RS232 ports USB hub, three USB-Serial converters. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Is someone is snooping my wireless?
Jonathan Lange wrote: Of course, the more interesting question is WHY!?!?! Apologies, I had thought it was obvious. Keys are often given in a hexadecimal representation. Each 4 bits is a hex digit, written using 0...9A...F. So a d16 will generate a hex digit of randomness. Two d16s will generate two hex digits, which is 2*4=8 bits, which is commonly called a byte. With a pair of d16s a 63-byte key can be generated in 63 throws, five minutes or so. The other side of this is (1) it's very hard for computers to generate random numbers, and using a computer to generate a random key you then use on the same computer is full of security issues. (2) it's very hard for humans to generate strings of random numbers. They avoid number at the extremes and avoid repeated digits (a 60 byte string would have a run of 6 repeated digits about one time in five). The result is very non-random. So you can see the attraction of a d16 dice. Secret shared keys are very common in computing (not just WPA-PSK, but RADIUS and BGP). Having difficult-to-guess (ie, random) keys is very important and a vital assumption in their security. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Is someone is snooping my wireless?
You really can go too far, and wireless security is a prime example of pointless defence in depth. All that not using a ESSID broadcast, no DHCP, MAC address filtering do is the raise the time and hassle it takes to get on the network. Which means that there is (or soon will be) a script somewhere that will do all this hassle in a few seconds. The only thing you need to do is to configure well the single defence which can't be subverted: only offer WPA2 with CCMP (which includes AES encryption) for connecting to the access point. For a home you'd use WPA2-PSK (pre-shared key). Make that secret key random and long (more than 40 characters). But there's little security reason not to put that password on a post-it note on the access point for the convenience of visitors. Then you can run ESSID broadcast and DHCP and your valid machines will automatically connect when they see the network. Security and convenience. From a IP point of view, the aim is to limit the broadcasts on the wireless LAN, since 802.11 performs poorly when broadcasting. So the WLAN gets its own routed subnet. It gets DHCP responses containing the address of a Samba WINS server. Then Windows machines don't broadcast service information, but use unicast to register them with the WINS server. [ Note that Windows machines need Xp SP3 or a download for Xp SP2 to run WPA2. Also the authentication is limited to pre-shared key (PSK, which is OK) or protected EAP (PEAP, which has a designed-in security issue). Linux's Network Manager/wpa_supplicant supports WEP/WPA/WPA2 and all authentication methods which uses passwords or secrets. Note that older chipsets won't support AES and performance can suffer when the WPA2 AES encryption is done by software instead. If you find youself being dragged along by the Dungeons and Dragons crowd to the shops one day, then grab a pair of 16-sided dice. Each throw will give one byte of randomness for keys.] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Opinions on Sender Policy Framework and Domain Keys
Has anyone else implemented these? Are they worthwhile? Problems? SPF is very little trouble, gives very little protection, but enough to be worth the hassle. DomainKeys offers more protection. dk-milter is easy to set up, the DNS is easy to set up. I've also found that rejecting all SMTP mail addressed from my domain works well in reducing spam (mail from my domain should use SMTP-Submission). -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] allowing controlled access from dynamic IP
Voytek Eymont wrote: so what's the best way to have controlled access from dynamic IP ? Perhaps is it better not to bother with access control but to use authentication and authorisation. If you persist with access control you just end up with some VPN/tunnelling insanity as opposed to something as simple as using HTTPS with PKI and denying access to those that don't hold a certificate signed by you. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] : Increasing filesystem reliability (was : Filesystem which allows online fsck?)
Erik de Castro Lopo wrote: Does anyone have anything else to suggest? mount ext3 with options: journal=data,barrier=1,noatime,user_xattr Create the fs with a bigger journal than usual, this will improve performance with journal=data. Our scientists often forgo filesystems entirely if the application is simple (eg, data collection). For example, they'll zero the partition at the start. To record an observation they'll seek to a position based on the time (or observation number reported by the data hardware) and sync write the fixed-length observation with a checksum. Note that Linux's performance with sync-ing is poor on a multi-use machine (since all buffers are synced, not just the application's buffers). Note that barrier=1 won't work with LVM or DM, you need a real partition. You might want to consider a distro like OpenWrt which minimises the amount of incidental disk I/O done by the distribution and allows a definite split between a read-only partition and a read-write partition. The the amount of read-write disk to be recovered will be smaller (since read-only partitions don't need recovery). -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] : Increasing filesystem reliability (was : Filesystem which allows online fsck?)
James Gray wrote: mount ext3 with options: journal=data,barrier=1,noatime,user_xattr Do you actually mean data=journal? Yes I do, my apologies. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs)
Peter Miller wrote: As a profession, we have two choices: 1. start licensing and accrediting ourselves, with a structure we can live with, OR 2. wait for Some Really Bad Shit to happen, with a software defect as the root cause, and have the politicians force something upon us... something baroque, bureaucratic and onerous. That assumes that most people in computing do tasks akin to engineering. I think that's an affectation. It seems to me that most people I meet in computing do tasks akin to motor mechanics and light regulation akin to motor mechanics is what is needed. Such an analogy also recognises that there is a range of experience, a range of employers, and even people who prefer to fix their own car. But anyway the real problem is that computers are a tool. By insisting on accreditation you are saying that people can't use the tool without a 3-4 year education. At the moment I'm surrounded by physicists and astronomers -- let me float the idea that they shouldn't program computers And it's not like you can't exempt their systems from some accreditation scheme. Telescopes are essentially huge lumps of moving metal and they can readily kill. Trying to distinguish user from programmer is also dire. If a Excel macro a program? And if you forbid the use of Java by the unwashed, do you then simply get systems written in Excel macros? Cheers, Glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Minimum username length?
Anyone know if there is a default minimum username length for some (or all) current Linux distros? One character. My employer allows people to choose their username and a lot of people use initials (of 2-5 letters). If you are setting up a new policy, I'd suggest something not based on name at all. Mainly because one of the few constitutional rights we have is the ability to change our name after marriage, and sysadmins that refuse to change the associated username find themselves on the losing side. But of course, technically changing the username is a real pain, so better not to place yourself there at all. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Debian SSH vulnerability: act now!
Martin Visser wrote: Of course, capturing traffic between client and server across the internet is not easy unless the bad guys are located in a carrier and an ISP, so the risk here is probably quite small. I'm not too worried about carriers or ISPs. It's in our interest to keep software up to date and to prevent vulnerabilities and intrusions. But there's a lot of ADSL modems out there which are never updated. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] search engine for company network (OT)
Sebastian Spiess wrote: Does anyone has a idea, something I could investigate further? a software name? I index my server's disks using htdig. There are backends for .PDF .DOC, OpenDocument and so on and it's not at all difficult to add support for other file formats (basically you write a small program to spit out the text in the file. I wrote one to pull the ID3 tags from my music files, based on that I wouldn't expect any trouble writing one for DXF.) The way it works is that I present my servers disks via Samba, NFS and WebDAV. Reading WebDAV is just like reading a web server. So htdig will index it fine and when users search they use the web interface and pull the matching file using HTTP when they click on the link. Obviously you protect both htdig and the WebDAV using HTTPS and authentication. htdig isn't perfect. But it's a nice lightweight search engine, well worth the hassle installing and will get you started enough so that if you want something heavier then you'll have a much better notion of your requirements. It took me as long to set up consistent authentication between Samba, NFS and Apache as to do everything else. Your mileage may vary depending what mechanism you use for authentication. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Fedora netinst?
Geez, I have been spoilt. I've been doing Debian net installs for what must be close to a decade. Give it a break. Distributions have their strengths and weaknesses, otherwise we'd all use the One Distro to Rule Them All. Unable to read package metadata. This may be due to a missing repodata directory. Please ensure that your install tree has been correctly generated. Cannot retrieve repository metadata (repomd.xml) for repository: anaconda- base-200711021053.i386. Please verify its path and try again. Abort? I've googled this, but the only responses I can find refer to CDROM installs. Did you do a recursive copy? The repodata (repository data) is a package manager-independent way of listing packages, their information, and their dependencies. It is in a directory named repodata. Repodata is created using the createrepo command. This is in the createrepo package in almost all distros. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Fedora netinst?
On Fri, 2008-05-09 at 22:09 +1000, Erik de Castro Lopo wrote: Can fedora do a net install via a proxy? No. It's supposedly going to be half-there in Fedora 8 (proxying will work from stage 2 of the install onwards). You can bodgy it. Set up a transparent proxy and re-write the URLs the use the explicit proxy. Plan B is simply to download the whole thing to somewhere local using wget and run a HTTP server from there. That's how I upgrade my machines at home, since it avoids multiple downloads from the ISP and is much faster than an install from a DVD, taking maybe 15 minutes. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Convert Document with ascii Text to Html
Yogesh Kumar K wrote: How to convert Document of text and Ascii value to convert in to html , is any command is available in linux , i tryied few command in linux as follow , If you have lots of files: http://txt2html.sourceforge.net/ If you don't want to install it and only have a few files, use the demo page, paste in your text and use the Save as... option in your browser to save the result. If you only have one file and you want to control the formatting to match your preferences you can use OpenOffice, which writes surprisingly nice HTML. Open the file, re-format it to suit, and Save As... HTML. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Easy way to duplicate a setup?
DaZZa wrote: OK guru's. :-) I'm in a situation where I need to duplicate on a mass basis - to the order or 3000-5000 units - a Linux setup off a headless box. All the destination boxes will be identical in specification, and the same as the original. At this point (trial - only 15 to do), I've made an image of the disk using DD to a USB attached drive - which works, and gets the new boxes working, but takes 3+ hours to dump the image back to the new boxes. 3+ hours over 5000 machines is not really acceptable. :-) Is there a better way to do this? Something which will make a smaller image and dump back quicker - most of the disk is empty, there's only about 15 gig of actual data/setup on a 160 gig drive - and still maintain the partition setup/bootability like using DD does? Willing to listen to anyone who has a cluestick and is willing to apply it. We use PXE to boot RedHat's kickstart. That installs the OS. It then runs a script. We have a RPM file which contains as dependencies the names of all of the packages we want installed and the second-last step of the kickstart is a yum install ... of that RPM (and all of its dependencies, which is the point). The last step is to run cfengine to update and maintain the configurations. Total takes about 20m from power-on to running across a 1Gbps network. You're not clear what these boxes are and what they are for. If they are for general PC use, then I'd do exactly as we have done. Because then when fielded the machines will be easy to maintain (if you want to add a package, then you add it to the meta-RPM, and the overnight yum update will pull it in; similarly if you want a widespread change of config cfengine can do that fine). I'd probably substitute puppet for cfengine, for no other reason than its newer. Have a look at past lca miniconfs and SAGE-AU conferences. Running up thousands of machines across the university break is a popular uni sysadmin topic. As is the subsequent administration of those machines. If not, then you've got some alternatives: - put the shipping config into RPMs as well, and drive the whole thing from kickstart. - format the disk, then drop the 15GB of data on top (like this: the dev machine create a 15GB partition, create the filesystem, save it using dd. On the target, dd the file into the disk. Use growfs to expand the fileysystem to the end of the 150GB partition.) Now you've copied only 15GB to get your 150GB filesystem. Either way, I'd drive the build from packages. That is one of the big lessons of the OpenWrt project -- packages have benefits for embedded software too (configuration control, etc). -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: Sending mail from within a highly locked down network
Mary Gardiner wrote: Everyone's solutions have been pretty interesting[1]. I'm surprised (although, yes, I knew) that there aren't less sysadmin-y solutions: blocking outgoing SMTP is getting pretty common. Networks *should* block outgoing SMTP from anything but authorised mail servers. They should, however, allow IMAPS (993) and Authenticated SMTP (587 to allow users to exchange mail with third-party servers. In this day and age mail servers shouldn't relay unauthenticated mail from within a network to the outside. That's just asking for one infected PC to drop the entire domain into a spam blacklist. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ppp0: error fetching interface information device not found
Sounds like the module isn't loaded early enough at boot time. Fedora will load the module the first time the interface is referenced as it has a entry in /etc/modprobe.conf for each interface, for example: alias eth0 3c59x alias eth1 3c59x alias eth2 8139too I couldn't find such a file on our CentOS 5 systems and couldn't find an equivalent insmod anywhere in the init scripts. Using /etc/modprobe.conf and a suitable alias statement is the usual technique for loading modules in Fedora and RHEL when they aren't loaded by udev. Something like the Debian approach can be done by creating an executable /etc/rc.modules containing #!/bin/sh /sbin/modprobe 3c59x /sbin/modprobe 8139too but I wouldn't recommend that. The modules then always get loaded (including in single user mode) so there's no easy way to recover from a module which panics during boot. Better to let the modules be loaded via modprobe.conf as the device is used, that is, later in initialisation. This makes reaching single user mode depend on less software working correctly. That in turn means that more problems can be fixed remotely, not by asking someone to insert a Recovery CD. I couldn't find such a file on our CentOS 5 systems and couldn't find an equivalent insmod anywhere in the init scripts. Maybe you can just force an insmod in the pppd configs or init script as a work around until you find the right way. Ugly. Probably sinful too. -- Glen Turner http://www.gdt.id.au/~gdt/ 0416 295 857 or +61 416 295 857 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ADSL modem recommendations (with bridging)
On Thu, 2008-03-06 at 17:43 +1100, Peter Hardy wrote: Pete, who measures his traffic in gross nybbles to reduce confusion. Is that 4-bit IBM nybbles or 6-bit DEC nybbles? he he he -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] ADSL modem recommendations (with bridging)
On Fri, 2008-02-29 at 09:42 +1100, Peter Hardy wrote: On Thu, 2008-02-28 at 23:11 +1100, Erik de Castro Lopo wrote: Can anybody recommend an ADSL modem that does up to an including ADSL2+, is Linux friendly and easy to set up in bridging or half bridging mode? It would also be nice if the adminstrative functions were still accessible when it is in bridging mode. I have a D-Link DSL-502T, which is a couple of years old by now. I use one of those, in bridging mode. Happy apart from no Annex M support (for increased uplink speeds). -- Glen Turner http://www.gdt.id.au/~gdt/ 0416 295 857 or +61 416 295 857 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Printer problem
On Thu, 2008-02-21 at 14:23 +1100, [EMAIL PROTECTED] wrote:
The printer is a Lexmark c532dn and I'm runninf Gutsy G on a laptop.
I'd like to connent it to a network, but the installation programs I've
consulted don't mention it.
Someone suggested CUPS.
Has anyone any experience with this model?
Looking at the specs it is a fairly standard PostScript
printer with a ethernet port.
ATTACH THE PRINTER, GIVE IT A NAME AND ADDRESS
The first thing to do is to plug it into the ethernet.
Your DHCP server will give it an address and print its
ethernet MAC address in the log file.
DHCPDISCOVER from 00:12:34:12:34:56 via eth0
Since it's useful for printers to have a fixed name
enter one in /etc/dhcpd.conf
host lexmark-c523dn-1 {
hardware ethernet 00:12:34:12:34:56;
option host-name lexmark-c523dn-1;
option domain-name printers.example.edu.au;
ddns-hostname lexmark-c523dn-1;
ddns-domainname printers.example.edu.au;
}
If you don't run Dynamic DNS then do it the old fashioned
way by giving it a fixed IP address in DHCP
host lexmark-c523dn-1 {
hardware ethernet 00:12:34:12:34:56;
option host-name lexmark-c523dn-1;
option domain-name printers.example.edu.au;
fixed-address 1.2.3.4;
}
and manually updating your DNS zones
lexmark-c523dn-1.printers.example.edu.au. IN A 1.2.3.4
in-addr.arpa.4.3.2.1. IN PTR lexmark-c523dn-1.printers.example.edu.au.
You might want to add
option ntp-servers 1.2.3.1;
option log-servers 1.2.3.2;
as this will put the right time on the printer and send any messages
to your site's syslog server so you can see what happened when things
go wrong.
Now restart the printer and it will pick up its new address
and name.
Although this is a lot of messing about, avoiding configuring the
IP address onto the printer manually is well worth the hassle.
Using DHCP as widely as possible makes network changes later
on much more simple. Using DHCP with DDNS makes life very,
very simple.
CONFIGURE PRINT QUEUE
Configure the printer into CUPS. There's some nice GUIs for
this. I really recommend using the GUI interface, then
checking the configuration file afterwards. You see
something like this in /etc/cups/printers.conf
DefaultPrinter lexmark-c523dn-1
Info Lexmark C532dn colour laser printer
Location Room 101
DeviceURI ipp://lexmark-c523dn-1.printers.example.edu.au/ipp/port1
...
/Printer
I really recommend using the GUI interface, then checking the
configuration file afterwards.
If the printer isn't in the GUI then select the Generic Postscript
option and say you have a .PPD file. A PPD is a printer description
file and it tells CUPS and other programs about the printer's
capabilities.
Look on linuxprinting.org for a PPD file. If there isn't one then
look on the CD that came with the printer and look for a .PPD file
there. You may need to use cabextract or unshield to explode
installer data files. Some Windows PostScript drivers use PPD
files, so there will be one somewhere.
Linux has excellent support for PostScript printers. You'll be
very pleased with the results.
PRINTERS FOR SMALL BUSINESS
If you have an office, rather than just one computer, then set
up a VLAN just for printers, say VLAN 10 with addresses 10.10.10.*/24.
Put an interface of the CUPS server on this VLAN and another interface
of that server on the routed network of your office. Now users
can only see the CUPS queues -- this is a good thing.
The CUPS server will advertise all the printers it knows of, and
Linux and MacOS X users need no configuration to use the printer.
You can gateway CUPS into Samba. Do this at the CUPS server.
The Samba server can contain the Windows printer drivers too,
so visitors with Windows machines can easily use your printer
too.
The printers cannot be contacted directly from the office network
or from the Internet. This means you don't need to worry if
the printer software has a vulnerability (and a lot of then do).
The CUPS server is acting as an application-specific firewall
for the printers.
--
Glen Turner http://www.gdt.id.au/~gdt/
0416 295 857 or +61 416 295 857
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Thanks - Re: How do I relocate /home
I actually managed to get it right, and /home was relocated from /hda1 to /hda3, though the increase in storage space thus gained on /hda1 was only mb's, despite the transfer process stating that data moved was in the vicinity of 2.2 gb. Are you sure the data was moved, or was it just copied and the old data never erased? When you mount /dev/hda3 onto /home any files that were on /dev/hda1 under the /home mount point are no longer seen, but still take up space. You might want to boot into single user mode, umount /home and see what remains under the /home mount point (directory). -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] How do I relocate /home ?
create /home on /hda3 Not quite. /dev/hda3 should contain user1/ user2/ user3/ which are the directories which are on /dev/hda1 as /home/user1 /home/user2 /home/user3 You then mount /dev/hda3 /home The UUID and volume label can be used as alternative ways to identify /dev/hda3. This is worthwhile doing as the volume name might change depending what kernel you are running (thanks to changes in the ATA disk handling). e2label /dev/hda3 /home mount LABEL=/home /home The distinction between label and UUID only matters in a storage area network. I suggest you do all this in single user mode and use the explicit mount command rather than rebooting until you have verified that everything (especially dot-files, ownerships and permissions) is just right. You can always umount /home, mfks /dev/hda3, mount /dev/hda3 /mnt and try the tar/rsync again. Then edit /etc/fstab to reflect the contents of the mount command. Then reboot with a recovery CD in hand (mis-editing fstab is one way to really break a machine). Everything was so much easier before UUID. Just think of it as a filesystem label which is generated by the operating system rather than chosen by you. It's not very useful when you actually know the disk's name, as you do here, so just use the disk name whilst doing mounting for the copy. When you add the disk to fstab use whatever UUID mkfs placed on the filesystem. This allows the boot process to deal with disks which have changed name (because their address on the SAN has changed, you've moved ATA cables around, etc). Thoughts vary whether the filesystem label or the UUID is best to use in fstab. In your case there is no possible collision of names and it doesn't matter. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] tool for displaying time in different timezones?
tzselect -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Macs/Linux comaptibility
On Thu, 2008-01-03 at 20:12 +1100, Chris Allen wrote: I notice when when I look at boxes for new hardware ( some software) it often says it will run a PC or MAC with rarely a mention of Linux. I presume that means under M$ systems for the PC. For the MAC, I understand the standard operating system is bases on Unix (or Linux). Does this imply that if it runs for a MAC, it will also run on a Linux PC? Afraid not. MacOS X is FreeBSD with some major modifications: - some subsystems are replaced (such as the init system) - a range of proprietary drivers (graphics, modem, etc) - a graphical system - the binaries carry around a lot of additional information (such as icons) MacOS binaries will not run on Linux. Only the most boring Apple source code will recompile on Linux (eg, standalone text mode commands). Going the other way, a lot of Linux utilities will recompile on the Mac. Interestingly, Linux works fine on Apple hardware. I'm writing this using Ubuntu on a PowerBook G4. My main work computer is a MacBook Pro running Fedora, and my main home computer is a Mac Mini running Fedora. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] USB to serial
On Tue, 2007-12-18 at 12:59 +1100, Alan L Tyree wrote: Is there anything that I need to look for in these USB to serial converters? Any special software needed? We (AARNet) use the Keyspan USA-19HS. They are about $49 from the distributor. We selected them mainly for continuity of supply -- you can certainly see other devices around for a lot less. They require a firmware download and a driver, both of these are built into recent Linux (eg, not RHEL3). Absolutely solid and no complaints. Since you are a customer and AustLII is such a fantastic resource (I'd just die without your online copy of the Telco Act), drop me your snail-mail address privately and Santa will send you one. Some USB-serial devices use the character device profile in USB. These don't require a special driver, but can't do handshaking. Personally, when configuring routers these days I use a Bluetooth-serial dongle, which I hang off about 10cm of shortened Cisco console cable. Gets rid of the cable across the computer room floor, which is always a trip hazard when making physical changes (about the only time you need to jack into the console, as opposed to coming in via a console server). I picked it up in the USA for US$40 and have never seen its like again. I'd love to know if something similar can be sourced locally so that other staff members can stop stealing mine. Cheers, Glen -- Glen Turner http://www.gdt.id.au/~gdt/ Tel: 0416 295 857 or +61 416 295 857 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Anyone have access to machines with IPv6?
What I'm after is someone who has a proper IPv6 network and is willing to capture some IPv6 DNS traffic. You are welcome to bring up a tunnel to AARNet's IPv6 tunnel broker and create and capture your own IPv6 DNS traffic. I'm afraid I can't provide you with traffic captures of our customer's traffic. That requires an interception warrant. Cheers, Glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Quick and dirty mail/spam server
OP: Scalable and professional mail server ? Sendmail. JW: Ha ha ha ha. OP: Please explain. Yes please Jeff. Of the 40-odd Australian universities about a third use sendmail. So unless you are running something like hotmail, what are the demonstrated scalability issues with sendmail for sites of less than 100,000 users? Scalability no longer depends on the MTA. It is determined by spam and virus checking. It's not uncommon to see one machine running the MTA and ten machines running a scan farm. You might want to consider that prior to its integration of Sendmail's milter interface Postfix had real scalability problems in practice because its poor integration of scanners. Now that Postfix has milter support Postfix is usually the better choice for a MTA. But the difference between PostFix and Sendmail is hardly large enough to be laughable, as you imply. Sendmail could well be the better long-run choice for a large site: it supported RBLs, scanning API and LDAP integration long before competing MTAs and can be expected to continue to have earlier support for features which matter to large sites. I don't see that scalability matters much anyway -- it's a hurdle, once you have enough of it you don't need any more. There are plenty of other criteria to choose between MTAs: security design; willingness to enhance the product; availability of support; and ease or flexibility of configuration. Having a preference for a MTA is fine. We are in the fortunate circumstance of having a choice of reasonable products, so I don't see that discussions like ha ha ha ha help people choose which of those products best fits their needs. Best wishes, Glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
