Xfree86-4 and large default fonts
I've recently upgraded from potato to testing, including the switch to Xfree86 version 4. Everything is great except that the default font size for many applications (like netscape and ddd) is now rather huge. I use 800 x 600 screen size, and specify 75 dpi in my xservers file (the actual dpi is more like 63). Anybody else have this problem? Anybody know how to solve it on a system wide basis? I'm at a loss as to why that suddenly happened. Any help would be appreciated. Thanks in advance. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Hope is the dream of a waking man." - Aristotle
local time
My systems clock is set for my local time zone (or used to be), which always worked well before. Now it lists the time in UTC (correctly, meaning that the time listed is about 5 hours off of the actual time). This is causing problems with cron. Anybody remember where to configure that stuff? /etc/timezone is set correctly... I just can't find where to tell the system to use CST directly on the hardware clock. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Wise men talk because they have something to say; fools, because they have to say something." - Plato (429-347 BC)
Re: ICMP firewall info?
None that I've seen or experienced. The ignore_bogus one in particular screens out invalid icmp packets, and it's doubtful that your interested in icmp broadcasts (if you were, you would probably know it). On Sun, Jun 24, 2001 at 02:14:18AM -, John Conover wrote: > Any disadvantages to using icmp_echo_ignore_broadcasts and > icmp_ignore_bogus_error_responses in firewall rules? > > Thanks, > > John > > -- > > John ConoverTel. 408.370.2688 [EMAIL PROTECTED] > 631 Lamont Ct. Fax. 408.379.9602 http://www.johncon.com/ > Campbell, CA 95008 Cel. 408.772.7733 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "To live is to dream and to die is to awaken." - Unknown
Re: Broken Library : How to fix?
On Sun, Jul 08, 2001 at 06:57:12PM -0500, Erik de Castro Lopo wrote: > Hi all, > > I'm having a little trouble installing the python-base package on a > Potato system. > > Here's where it gets up to: > > (Reading database ... 30058 files and directories currently installed.) > Unpacking python-base (from .../python-base_1.5.2-10potato11_i386.deb) ... > Setting up python-base (1.5.2-10potato11) ... > python: error while loading shared libraries: libreadline.so.3: cannot open > shared object file: No such file or directo y > > So it looks like libreadline is broken. How do I fix this? I can't > even figure out which package libreadline.so.3 is part of. You can find which package owns a file by going to the bottom of the debian packages page (http://www.debian.org/distrib/packages) and entering the file name in the "Search the Contents of the Latest Release" search field. libreadline.so.3, as it turns out, doesn't exist, but you can probably get away with creating a symlink to libreadline.so.4, like so: ln -s /lib/readline.so.4 /lib/readline.so.3 -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Love conquers all things; let us too surrender to Love." - Virgil, Eclogues
Re: Off Topic: iptables, ping, traceroute
On Mon, Jul 16, 2001 at 02:30:29PM -0500, William Jensen wrote: > I've setup a fairly restrictive set of rules for iptables and have been, > up to this point, extremely satisfied with its performance. However, > I've recently started having some signifiant issues with my cable modem > provider and they routinely want to ping and traceroute to my machine. > This requires me to take down my firewall and wait for them to finish, > then put it back up. I'd like to make, as part of my rule set, ping and > traceroute able to get through. So far I've done this for my input chain > for ping > > -A INPUT -p icmp -j ACCEPT > > For traceroute I've done this: > > -A INPUT -p ip -j ACCEPT > > These appear to work, however, am I overlooking something from a > security > point of view by allowing any icmp and ip's through? Is there a > better > way? You could further limit your rules by specifying the source address of you cable modem provider, something like: -A INPUT -p icmp -s provider.cable.net -j ACCEPT Just figure out from your logs what ip address(es) they use for their pings, and then they will be able to ping you as they please, but nobody else will be able to. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "A conservative is a man who believes that nothing should be done for the first time." - Alfred E. Wiggam
Re: Off Topic: iptables, ping, traceroute
Tue, Jul 17, 2001 at 04:22:25PM +0200, Walter Hofmann wrote: > On Mon, 16 Jul 2001, John Patton wrote: > > > On Mon, Jul 16, 2001 at 02:30:29PM -0500, William Jensen wrote: > > > I've setup a fairly restrictive set of rules for iptables and have been, > > > up to this point, extremely satisfied with its performance. However, > > > I've recently started having some signifiant issues with my cable modem > > > provider and they routinely want to ping and traceroute to my machine. > > > This requires me to take down my firewall and wait for them to finish, > > > then put it back up. I'd like to make, as part of my rule set, ping and > > > traceroute able to get through. So far I've done this for my input chain > > > for ping > > > > > > -A INPUT -p icmp -j ACCEPT > > > > > > For traceroute I've done this: > > > > > > -A INPUT -p ip -j ACCEPT > > > > > > These appear to work, however, am I overlooking something from a > > > security > > > point of view by allowing any icmp and ip's through? Is there a > > > better > > > way? > > > > You could further limit your rules by specifying the source > > address of you cable modem provider, something like: > > > > -A INPUT -p icmp -s provider.cable.net -j ACCEPT > > If William blocks all ICMP packets then I'm not suprised that he has > connection problems. ICMP is there for a reason. In particular, if he > blocks ICMP type destination-unreachable/fragmentation-needed then all > his connections, which, at some point, run over a low MTU link will > break sooner or later. This usually happens after the first big packet > gets send over the connection. > This is because blocking ICMP breaks PMTU discovery. > > Really, ICMP is there for a reason. Nobody should expect to get away > with blocking it, unless they are accepting random connection hangs and > similar problems. Using iptables with connection tracking, it isn't a problem as long as established/related stuff is let in. If William is running public services, most icmp protocols should be allowed from whom-ever, but if he is simply trying to make his stand-alone private machine invisible to ping sweeps, then blocking icmp is perfectly reasonable, and won't cause any problems. -- John Patton [EMAIL PROTECTED] "Believe those who are seeking the truth; doubt those who find it." - Andre Gide
Re: Am I being attacked?
Probs to those ports are very common lately. They are probably script kiddies doing sweep scans on those ports looking for potential machines to attack. Since you are blocking those ports you are most likely safe (you aren't an easy candidate). If you got dozens of logs from the same source you should be concerned about a dedicated attack. Meanwhile you're just noticing what happens all the time, every day (slightly alarming, isn't it?) On Wed, Jul 18, 2001 at 09:16:09AM -0700, Bruce Perens wrote: > The answer is probably yes, but do the following indicate script-kiddie > probes? They are directed at portmap, lpr, and nmbd. I don't know why the > ones on the smtp port were rejected. The .184 system is my router. > > Thanks > > Bruce > > Packet log: input DENY eth0 PROTO=6 216.103.219.35:17956 216.15.108.184:111 > L=40 S=0x00 I=3466 F=0x T=108 SYN (#10) > Packet log: input DENY eth0 PROTO=6 202.66.169.18:4439 216.15.108.184:515 > L=60 S=0x00 I=43201 F=0x4000 T=47 SYN (#10) > Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 > L=78 S=0x00 I=18430 F=0x T=114 (#10) > Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 > L=78 S=0x00 I=18686 F=0x T=114 (#10) > Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 > L=78 S=0x00 I=18942 F=0x T=114 (#10) > Packet log: input DENY eth0 PROTO=6 210.101.105.16:3546 216.15.108.184:111 > L=60 S=0x00 I=13241 F=0x4000 T=47 SYN (#10) > Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 > S=0x00 I=57801 F=0x4000 T=110 SYN (#10) > Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 > S=0x00 I=57847 F=0x4000 T=110 SYN (#10) > Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 > S=0x00 I=57880 F=0x4000 T=110 SYN (#10) > Packet log: input DENY eth0 PROTO=6 209.10.200.83:2151 216.15.108.184:111 > L=60 S=0x00 I=14138 F=0x4000 T=56 SYN (#10) > Packet log: input DENY eth0 PROTO=6 210.178.232.1:4935 216.15.108.184:111 > L=60 S=0x00 I=38311 F=0x4000 T=41 SYN (#10) > Packet log: input DENY eth0 PROTO=6 64.65.56.45:1274 216.15.108.184:515 L=60 > S=0x00 I=146 F=0x4000 T=46 SYN (#10) > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "Doubt is not a pleasant condition, but certainty is absurd." - Voltaire [Francois Marie Arouet] (1694-1778)
Re: procmail script question
I would pipe the contents of echo to a shell script. In that script you could test for xmms with something like the following: #!/bin/bash xmms=`ps -ef | grep xmms | grep -v grep` if [ "X$xmms" = "X" ]; then # xmms not running echo "$* | festival --tts" else # xmms running xmms -u echo "$* | festival --tts" xmms -p fi I haven't tested this script or anything, but it (or something close to it) should work. Put it in ~/bin, and call it from your procmailrc script instead of festival. (Make sure that ~/bin is in you path, or use the entire path). On Sun, Jul 22, 2001 at 02:43:30PM -0700, Lang Hurst wrote: > I use the following procmail script to make festival speak the FROM and > SUBJECT headings of new email through my speakers: > > SUBJECT=`formail -xSubject: \ > | expand | sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'` > SENDER=`formail -xFrom: \ > | expand | sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'` > :0c > | echo "New mail from " $SENDER ". the subject is " $SUBJECT | festival --tts > > That works great. However I am often listening to my vorbis collection. > When my music is playing and a new email comes in, the festival output just > gets garbled with the music. I would like to set up a procmail script that > says > > if xmms is playing: > xmms -u #pause xmms > > process new email > > if xmms was playing: > xmms -p #start playing again > > I just don't know how to test for a process, and the two books I have on the > subject are too basic, or I'm missing the page. Any help appreciated. > > -Lang > > > -- > "Plan to throw one away. You will anyway." > - Fred Brooks, "The Mythical Man Month" > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "Excess on occasion is exhilarating. It prevents moderation from acquiring the deadening effect of a habit." - W. Somerset Maugham
Re: install dpkg without dpkg
Probably the easiest thing would be to reinstall everything, but if you really want to the ar command (which is built into sash, BTW, and is on the rescue disk if I remember correctly) will unpack deb files. Just get your hands on dpkg...deb, unpack it, and manually move files into their proper locations. You may also need to do the same for some lib...deb files in order to get dpkg working. Once you get dpkg working you can install apt, and have it reinstall everything (you just need to generate a list of all packages you had installed before... for that the /var/lib/dpkg dir must be intact. You can then use `dpkg -l > file` and edit until you have a valid list, or I have a perl script that simply extracts the full package names if you like. Of course, that would require a functioning perl). Reinstall would most likely be easier. But whatever you do, good luck. On Thu, Jul 26, 2001 at 01:48:11PM -0300, Miguel Griffa wrote: > Hi, > I posted a similar msg few days ago, and having no response, I > reformule :) > > My woody system got severrr FS damage, and lots of binaries are broken > (including apt, dpkg...) > how can I install dpkg and apt ? > also, how can I reinstall all installed packages? > > Thanks in advance > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "To be or not to be. That's not really a question." - Jean Luc Godard
Re: INIT: Id "1" respawning too fast: disabled for 5 minutes
You should be able to fix this by editing the /etc/inittab file and either adding the -L flag to all of your getty entries, or by changing getty to something like mingetty (which requires the mingetty package). On Sun, Aug 05, 2001 at 06:21:44PM +0200, Jan Tammen wrote: > Hello again, > I discovered another problem: > > After booting my machine (info see below) with a newly compiled kernel > 2.4.6, I get the following message on the "first console": > > INIT: Id "1" respawning too fast: disabling for 5 minutes > > After 5 minutes the same again ... however, the other consoles are usable > without problems. > > Any suggestions? tia, Jan. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstein
Re: Galeon (unstable): Cannot find a schema for galeon preferences (gconf)
I don't know about the package, but you can find the script in the galeon source package, at least as found on the galeon web site. http://galeon.sourceforge.net The package is only a couple of megabytes in size. On Sun, Aug 12, 2001 at 10:21:03AM -0400, Sean wrote: > For what it's worth, the latest CVS Galeon compiles up fine on Sid. > > Sean > > On Fri, 10 Aug 2001 23:56:51 -0700 > "Karsten M. Self" wrote: > > > I'm getting a dialog box with the following error when running Galeon > > after the latest unstable upgrade: > > > > Cannot find a schema for galeon preferences. > > Check your gconf setup, look at galeon FAQ for more information. > > > > Looking in the FAQ, I see: > > > > We provide a script in the Galeon source root directory to setup a > > basic gconf installation. > > > > You have to run it passing $sysconfdir as the first paramater. In > > most cases: > > > > ./setup-gconf-source /etc > > > > Expert mode > > --- > > > > 1. Edit the "path" file in the directory $sysconfdir/gconf/1. > > > > A basic configuration for the default backend would look > > like: > > > > xml:readonly:/etc/gconf/gconf.xml.mandatory > > include "$(HOME)/.gconf.path" > > xml:readwrite:$(HOME)/.gconf > > xml:readonly:/etc/gconf/gconf.xml.defaults > > > > ...I don't find a setup-gconf-source file in the Galeon package. I'm > > sufficiently a non-GNOME user that I've no idea how to go about setting > > up a gconf schema (let alone what the damned things are). > > > > I did find /etc/gconf/schemas/galeon.schemas, but it doesn't appear to > > be doing the trick. Note it's listed in conffiles (below). > > > > Anyone got a fix for this? > > > > Galeon package info: > > > > Package: galeon > > Status: install ok unpacked > > Priority: optional > > Section: web > > Installed-Size: 3864 > > Maintainer: Jared Johnson <[EMAIL PROTECTED]> > > Version: 0.11.3+0.12pre1-0.1 > > Config-Version: 0.11.3-1.1 > > Depends: gconf (>= 1.0.3), gdk-imlib1 (>= 1.9.10-5), libart2 (>= > > 1.2.13-5), libaudiofile0, libc6 (>= 2.2.3-7), libdb3 (>= > > 3.2.9-1), libesd0 (>= 0.2.22-4) | libesd-alsa0 (>= 0.2.22-4), > > libgconf11 (>= 1.0.3), libgdk-pixbuf2 (>= 0.11.0-2), > > libglade-gnome0, libglade0, libglib1.2 (>= 1.2.0), libgnome-vfs0 > > (>= 1.0.1), libgnome32 (>= 1.2.13-5), libgnomesupport0 (>= > > 1.2.13-5), libgnomeui32 (>= 1.2.13-5), libgnorba27 (>= > > 1.2.13-5), libgtk1.2 (>= 1.2.10-1), liboaf0 (>= 0.6.5), > > liborbit0 (>= 0.5.8), libpanel-applet0 (>= 1.4.0.4-2), > > libstdc++2.10-glibc2.2, libxml1 (>= 1:1.8.14-3), oaf (>= 0.6.5), > > xlibs (>> 4.1.0), zlib1g (>= 1:1.1.3), mozilla-browser (>= > > 2:0.9.3), libxml1 (>= 1.8.14), libpanel-applet0 > > Suggests: gtm > > Conffiles: > > /etc/sound/events/galeon.soundlist a28407fd42b9c1ba0b2eec3f9bc339d3 > > /etc/gconf/schemas/galeon.schemas newconffile > > > > > > -- > > Karsten M. Self > > http://kmself.home.netcom.com/ > > What part of "Gestalt" don't you understand? There is no K5 > > cabal > > http://gestalt-system.sourceforge.net/ > > http://www.kuro5hin.org > >Free Dmitry! Boycott Adobe! Repeal the DMCA! > > http://www.freesklyarov.org > > Geek for Hire > > http://kmself.home.netcom.com/resume.html > > > > > -- > OpenGPG key available from http://frodo.net.dhis.org/GnuPG/sjohnson.asc -- John Patton [EMAIL PROTECTED] "The most important service rendered by the press and the magazines is that of educating people to approach printed matter with distrust." - Samuel Butler (1612-1680)
Re: How to Bastille a Debian System?
Another thing that you can do that Bastille does is install the libsafe package to protect yourself from buffer overflows and the like. That is pretty painless... although it did cause some really bizare errors when I tried to compile mozilla. You should also install iptables with a default policy of denying everything that you don't specifically want in. You will also need tripwire and some sort of logchecking utility. Finally, subscribe the the debian security announce mailing lists and stay on top of the security updates. Between this and task-harden, you should have a pretty good approximation of what bastille linux does... although you would still do well to learn as much as you can about security and to apply that to your system. If you're serious about hardening your system and are willing to spend some time on it, you can also install LIDS (or something similar), which impliments mandatory access controls. Properly configured it would make it impossible for someone to install a rootkit, for example, or for anyone to read your shadow password file... even with root access. This isn't a simple install however: It will take work to configure your system so that it is both secure AND functioning. On Thu, Aug 16, 2001 at 10:36:26AM -0500, Lance Peterson wrote: > Since the Bastille project only supports RedHat and Mandrake (so says > their web site), how would I go about hardening my Debian System in the > same way that Bastille does for the other distros? > > Maybe if I knew what got hardened, I could harden it myself (now get > your minds out of the gutter here - I know that sounds bad!!) > > Lance Peterson > > __ > FREE voicemail, email, and fax...all in one place. > Sign Up Now! http://www.onebox.com > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "It is love, not reason, that is stronger than death." - Thomas Mann, The Magic Mountain.
Re: Compiling Packages
You might try compililing the source by hand. Go into /usr/src/exim, type `./configure` then `make` then `make install` (if the first make worked). You still might have problems, but often that works just fine. If that doesn't work you might try downloading and compiling the original exim source from wherever its home is. You might also try compiling libdb3 from source... if things break you can always delete the libdb3.so file(s) and reinstall libdb2. (libdb is not so critical as to disable you're system or anything. dpkg and apt will both work without it, at least). If you do these things you will want to create dummy deb packages to satisfy dependencies. Look at the equivs package for doing this. On Fri, Aug 17, 2001 at 09:50:28AM +0200, Sean Preston wrote: > Hi > > I have Debian 2.2 R3 installed which comes with exim version 3.12 I do not > want ot upgrade my base system to testing or unstable as the server is a > production server and I am not sure what problems may arise. So I setup my > apt sources to have deb-src for testing and got the source for exim 3.31 > which is in there. I am now having a problem creating the packages. I > used the command deb-buildpackage (is this the correct command?) which > created them all but the problem I have is that the new exim needs libdb3 > and libdb2 but when trying to install libdb3 it conflicts with libdb2 and > too many things require libdb2. How do I get around this problem? > > Thanks > Sean > > -- > # Sean Preston[EMAIL PROTECTED] > # System Administrator & Programmer > # Health Systems Trust http://www.hst.org.za > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "A conservative is one who admires radicals centuries after they're dead." - Leo Rosten
Re: libc6 downgraded; system won't boot
You can manually install the lib files. Boot your machine from a rescue disc or the installation disk, get to a command prompt, and mount your hard drive. You can then extract the contents of the libc6_2.2.3-11_i386.deb file with the following command: ar x libc6*.deb It will unpack three files. Move data.tar.gz to your hard drives root (/) and unzip and untar it. That should install the libraries. You should now be able to boot your machine, at which point you can use dpkg to install the deb file officially. On Mon, Aug 20, 2001 at 10:42:20AM -0400, Bruce Best (CRO) wrote: > > I have a HP Omnibook 500 with Debian installed (started out as a potato box, > though had a few packages directly from sid, including KDE 2.2beta, with > corresponding library upgrades. Please, no finger-wagging about the > inappropriateness of mixing stable & unstable packages; I know). The library > upgrades included libc6 2.2.3 from sid. > > Despite the mixed packages, the system was very stable. However, I loaned > the laptop to my brother-in-law to take to a conference. While at the > conference, someone offered to install a genetic sequencing program, from > a binary package (the author was unable to provide source). This package > needed libc6 2.1 in order to run. So, the well-meaning friend proceeded to > install libc6 2.1, overwriting the existing libc6 2.2.3 installation. This > rendered most programs on the machine non-operational. For instance, though > they had a terminal window already open, they could not get root access > (i.e., could not run su), so could not undo what they had done. They were > able to download the libc6_2.2.3-11_i386.deb package to the machine, but > couldn't do anything with it once it was there. > > The machine was eventually rebooted, and of course could not start at all > without the requisite libc6 libraries. This is the state it was returned to > me in. > > So, the questions I have are as follows; > > 1. Will it be possible to reinstall just the libc6 2.2.3 package? So far, I > have been unable to boot the machine, even with a rescue disk, but assuming > I can do that, would it just be a matter of dpkg -i libc6_2.2.3-11_i386.deb? > > > 2. Assuming I can't access the existing linux partitions at all, a complete > reinstall of Debian would not be a problem (/home is on a separate > partition, so I would not lose any data). I would prefer to go "straight to > woody" if possible. Is it currently possible to install woody via ftp, or > should I install potato and do an apt-get dist-upgrade? > > Thanks, > > Bruce > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "It is dangerous to be right in matters on which the established authorities are wrong." - Voltaire [Francois Marie Arouet] (1694-1778)
Re: custom kernel compilation
On Sun, Aug 26, 2001 at 07:45:02PM -0500, [EMAIL PROTECTED] wrote: > > All, > > I'm trying to compile what is essentially a custom kernel (2.4.8); > however, the only thing I'm -certain- I want to customize is module > version support ... I need this to be disabled (I'm working through the > 2nd ed. of O'Reilly's "Device Drivers" book). > > After prepping to assure that I'm not gonna wind up with an expensive > ottoman once I do this, I fired up make menuconfig. To be sure, most of > the available options are things about which it can be truly said that I > *just don't know* whether I want to enable them or not! > > But in the sub-menu "Loadable Module Support" there is an option - on by > default - that reads "Set version information on all module symbols." I'm > guessing that THIS is the puppy I want to set to off, but ... I'm just > checking. > > Can someone confirm? Thank you so much. That would be it. As for the other stuff, read the help dialogs. They really are quite helpful. You may want to keep your original kernel available in case your new one doesn't work, though. Temporarily setting up an option in lilo to load your original kernel is easiest. Otherwise you would need to use your rescue disk or some such thing. -- John Patton [EMAIL PROTECTED] "Let us have faith that right make might; and in that faith, let us, to the end, dare to do our duty as we understand it." - Abraham Lincoln
Re: Linksys EtherFast 10/100 v5 has no IRQ
On Tue, Aug 28, 2001 at 07:07:44AM -0700, [EMAIL PROTECTED] wrote: > In my ongoing effort to put a second NIC in my computer I have purchased a > new NIC, an EtherFast 10/100 version 5. However, Linux or my box doesn't see > the NIC enough to give it an IRQ number. Everything else seems in order when > I pull up cat /proc/pci, except there is no IRQ number... I'm trying to use > the tulip driver that came w/ the 2.4.9 kernel, tulip.c version 0.9.15-pre6 I've had one of the those cards before (my cable provider issues them)... they are basically crap. Not only was I never able to get it working under linux, but I've talked to a couple of knowledgable people who couldn't do it either. My recomendation: Put that card in a windoze machine, a get a slightly better card for you linux one. I use a D-link DFE-538TX myself... it's only about $20 and works without a hitch (indeed, it even comes with a linux driver in case the one with your kernel doesn't work). -- John Patton [EMAIL PROTECTED] "As long as people will accept crap, it will be financially profitable to dispense it." - Dick Cavett
Re: Loadlin Memory Limit
Just give it the option mem=256M, just like you would with lilo, etc. On Tue, Aug 28, 2001 at 02:01:29PM -0400, Robert Mosher wrote: > I recently started using Loadlin as my boot manager, and I noticed that > Linux only sees 64MB of my 256MB of RAM. Is there a way I can fix this? > > Note: I'm using loadlin because I have Windows on hda and Linux on hdc. > As far as I can tell LILO won't work in this situation. Though if I could > use LILO, GRUB or another boot loader to solve my memory problem that > would be an appreciated solution as well. > > Please CC replies to [EMAIL PROTECTED] . > > Thanks, > Rob Mosher > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "When people are free to do as they please, they usually imitate each other." - Eric Hoffer (1902-1983)
Re: Mail - reasons for trying the fetchmail/procmail/mutt route
On Thu, Nov 29, 2001 at 04:08:34PM -0400, cmasters wrote: > The problem with this is that often, I have 300+ emails to then sort through > one by one. I imnagine I could use those nifty 'save/send/folder ...' hooks > for processing of mail ~after~ I've recieved it, but I'd like to be able to > read mail from 'debian-user','[EMAIL PROTECTED]','[EMAIL PROTECTED]' all > in their own folders, which I can then ~delete~ specific messages from. I don't know what getmail does, but fetchmail will gather your mail from your ISP and will send it straight to exim (or sendmail, etc) for processing. By default, exim will use procmail to sort your mail if you have a procmail recipe in your home directory (~/.fetchmailrc). It's not too difficult to set up procmail rules to presort your email into special "inboxes" in your mail dir. You can then configure mutt to recognize those inboxes... once set up it works very efficiently. Here is a part of my procmail file: MAIL=/var/spool/mail/john PATH=$HOME/bin:/usr/local/bin:/usr/bin:/bin MAILDIR=$HOME/Mail DEFAULT=$MAIL :0: * ^from.*debian-user Inboxes/debian-user :0 * ^from.*debian-kde /dev/null Mail from debian-user get's put into the inbox ~/Mail/Inboxes/debian-user while mail from debian-kde get's deleted (for the time being). Here is part of my muttrc file: # declare inboxes (! is the default) mailboxes ! \ +Inboxes/debian-user # refile mailing list email into specific folders after reading mbox-hook +Inboxes/debian-user +debian-user mbox-hook +Inboxes/debian-kde +debian-kde # declare mailing lists subscribe debian-user subscribe debian-kde Just look at the appropriate man pages for further details. It will require some work, but once set up will then be much easier to deal with. > That's the one thing that GUI mail apps have going for them. ~But~ > 'kmail', 'evolution', and 'cronos' are buggy; the ~stable~ version of > 'balsa' that I have has segfaulted since day one; and an exhaustive > search for mail clients on freshmeat resulted in a tone of MUA's for > IMAP and/or POP3, but very few for reading ~local~ mail. Most if not all of those programs can read local mail boxes. It's not advertised because it's a totally standard feature. Being able to directly interact with IMAP and/or POP3, OTOH, is a major selling point, especially for people who are used to windows. -- John Patton [EMAIL PROTECTED] "Those who dream by day are cognizant of many things which escape those who dream only by night." -Edgar Allen Poe
Re: Is LIDS a good idea?
On Fri, Nov 30, 2001 at 11:31:08AM +1000, [EMAIL PROTECTED] wrote: > I just stumbled upon this LIDS (Linux Intrusion Detection/Defense > System) see: http://www.lids.org > > I just wanted to know if anyone is using this and what they think of it. > Is it hard to set up? What happens when you do an apt-get dist-upgrade > - will it refuse to change the binaries you want to upgrade? Is > something like Tripwire / AIDE better because it doesn't stop root > from changing/deleting files but will tell you later which ones have > changed. > > Anyone with any experience in using this LIDS? I've been using lids for a while. It has the potential of giving you quite good security in the case you do get broken into (ie- it would be damn near impossible to install a usable root kit). It is also fairly easy to work with, all things considered. But it does come at a price: developing a system that is both secure and functional (even functioning at all) is tricky and a good deal of work. Having said that, I feel that lids is a pretty good product. For example, one of the big problem areas in using mandatory access controls (MACs) is system startup. With lids you can choose exactly when to start enforcing the controls, which is nice since that allows you to get most of your system up and running before activating lids. After that you can turn the access controls on or off by giving a passphrase, so if you need to install packages or whatever you can just turn them off for a bit. One really nice feature of lids when doing that is that permissions are relaxed for that tty only... access controls are still enforced for all other users. I recommend giving it a shot if you are interested in strong security and are willing to put in a fair amount of work for it. -- John Patton [EMAIL PROTECTED] "Everything should be as simple as it is, but not simpler." -Albert Einstein
Re: Is LIDS a good idea?
On Thu, Nov 29, 2001 at 06:36:32PM -0800, Alvin Oga wrote: > lids tries to prevent you and [h/cr]ackers from changing > files its supposed to be protecting... > a simple "attr +i /etc/passwd" will prevent it from > being changed too attr permissions can be changed by anyone who has managed to get root permissions. Not so with lids... changing files protected by lids requires a special passphrase. That way even if someone manages to get root (via buffer overflow or whatever) they will find themselves unable to install root kits and the like... assuming that your system is secured properly. attr perms are really only useful in preventing you (root) from accidently erasing something and so forth: it doesn't provide any actual security functionality. Lids is just one part of system security. Tripwire, libsafe, etc all still have important roles. -- John Patton [EMAIL PROTECTED] "I know the answer! The answer lies within the heart of all mankind! The answer is twelve? I think I'm in the wrong building." -Peppermint Patty,
md5 passwords
Okay, I know how to tell pam to use md5 passwords, but has anybody actually done this after using regular crypt passwords? I have a number of accounts with existing passwords in /etc/shadow... what happens to them? I've been wanting to upgrade to md5 passwords for a while, but I'm afraid of totally hosing my system. Any input on this would be greatly appreciated. Thanks. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Contrary to popular belief, Unix is user friendly. It just happens to be very selective about who its friends are."
Re: Security through paranoia
On Fri, Mar 30, 2001 at 05:48:28PM -0300, [EMAIL PROTECTED] wrote: I think that this is generally a great idea. There is definately a need for a more secure system than the default, and besides, efforts to create a fortified port could lead to improvements in the standard distro as well. > Alright... my idea is to create something that makes Debian enters > that list. But what?... It could be a port!!! Like Debian Hurd, or Debian > m68k, > or Debian Alpha, and so on (We can call this Debian Paranoid ;-) ) Maybe not an entire port... but at least some specially labeled security enhanced packages (like versions that end in _se or something). > But why an entire port? These are the reasons: > * everything must be recompiled under stackguard > (http://www.immunix.org/stackguard.html). This would prevent the > famous > "stack smashing" attack. Only suid root and other potentially hazardous programs should need to be compiled in this way... definately not everything, which would be a LOT of work for no good reason. > * glibc must be patched with formatguard > (http://www.immunix.org/formatguard.html). This would prevent the > "format bugs", a bug in the printf function. > * libsafe (http://www.avayalabs.com/project/libsafe/index.html) must be > incorporated, in order to prevent several buffer overflow exploits. Again, this isn't so important with non-suid packages... although general libs that could ever potentially be used by a suid program would have to be protected as well. > * the kernel may be patched with the latest security patches, not only > from the official tree, but also the followings: > * Openwall (http://www.openwall.com/linux/), which adds a new > Security section in kernel configuration. This is one of the > most known patches around; > * HAP-linux (http://www.theaimsgroup.com/~hlein/hap-linux/), > which is a set of patches incremental to the first one. > * LIDS (http://www.lids.org), which is a Intrusion Detection > System patched into the kernel. > * Linux IP Personality patch > (http://ippersonality.sourceforge.net/), > which makes remote SO query very hard (I guess only kernel > 2.4 is > supported). > * NSA Security-Enhanced patch (http://www.nsa.gov/selinux/), > which > adds mandatory access controls to linux. It would be good to have a port with selinux... but this definately should not be in the regular distro (not yet!) Of course, selinux is new and may warrent some time to establish itself. > * Stealth Kernel Patch (http://www.energymech.net/madcamel/fm/), > (I guess this one is too early yet) which hides your machine > from > the network. > * SysRq_X patch (http://pusa.uv.es/~ulisses/sysrq_X.tar.gz), > which > adds the option to execute a program when system crashes > (using Alt-SysRq-X) > * SubDomain kernel extension > (http://www.immunix.org/subdomain.html), > which is a better implementation of the chroot jail concept. > * International Kernel Patch (http://www.kerneli.org), which > permits > loopback encryption filesystems > * every package that deals with network must be defaultly configured to > the > most paranoid options (e.g. Squid should have lots of headers filters > turned on, etc) > * PAM must come with md5 hash enabled by default. I think that md5 should be the default regardless... although people should be given the option during install. Again, I think that this would be A GOOD THING. There are many corporations and other environments that could really use the added security. I think that the availability of a highly secure distro or port would further establish linux (indeed, Debian) as a first class industrial strength OS. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "I can resist everything but temptation." - Oscar Wilde pgpA8VcD6VVyj.pgp Description: PGP signature
Re: Security through paranoia 2
In thinking about the possibility of creating a more secure version of debian linux, I wonder if suid programs should not be automatically compiled with Stack Guard (or the like) and linked to libs with Format Guard. The Stack Guard part would be really easy, although Format Guard may be a little tricky. Would it be possible to create special versions of the appropriate libs that suid programs would link to for the Format Guard stuff (which apparently breaks some programs)? Anyway, these things are non-intrusive and would contribute to the security of any system. If suid programs are not compiled with these protections by default, then it would be really nice to have these security enhanced versions packaged in a consistent way and retrievable with a task package. Other things, such as LIDS or Subdomain, could easily enough be packaged as kernel patches, much like reiserfs and so on. Same with selinux... although that replaces a number of packages as well. Having these things as packages would allow anyone who was interested to easily add them to their debian system. No need for a port... admins could pick and choose with a simple apt-get the security measures they want, allowing them to create a nicely customized system to fit their individual needs. I definitely think that having these things available would be a boon for debian as a distribution, keeping debian on the competitive edge. For the most part I don't even think that it would be all that difficult. Stack guard: http://www.immunix.org/stackguard.html Format guard: http://www.immunix.org/formatguard.html Subdomain:http://www.immunix.org/subdomain.html LIDS: http://www.lids.org selinux: http://www.nsa.gov/selinux/ -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "What luck for the rulers that men do not think." - Adolf Hitler (1889-1945) pgpvdxTtsH7VD.pgp Description: PGP signature
Re: tty5 respawning too fast - disabled
I'm not sure why it happens exactly, but there is an easy fix for it. As root, edit /etc/inittab. Towards the bottom there will be a bunch of lines that look like the following: 1:2345:respawn:/sbin/getty -L 38400 tty1 2:23:respawn:/sbin/getty -L 38400 tty2 3:23:respawn:/sbin/getty -L 38400 tty3 4:23:respawn:/sbin/getty -L 38400 tty4 5:23:respawn:/sbin/getty -L 38400 tty5 6:23:respawn:/sbin/getty -L 38400 tty6 You will want to add the -L switch to each one. That option disables carrier-detection, which is responsible for the problems. You don't need carrier detection anyway unless you are connecting to your box via a dumb terminal from a remote location (you almost certainly aren't). On Mon, Apr 02, 2001 at 12:14:41PM -0500, Jason Pepas wrote: > lately i have been having a problem where the console reports "INIT: ID5 is > respawing to often and will be disabled for 5 minutes" > > ID5 i figured out is tty5, because I cannot access it when this happens (at > first I thoguht it meant PID 5, which was kswapd). > > I remember reading that certain processes are respawned by init when they get > killed, and your terminals (tty's) are one such process > > but what could be killing it like that and causing it to respawn? > > jason > [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "As long as people will accept crap, it will be financially profitable to dispense it." - Dick Cavett
Re: Voodoo2 && Linux
I have a Voodoo2 card, and although there are no accelerated xservers that will work for it AFAIK, the glide-v2 package (along with glide2-base, etc) will allow programs that use opengl to make use of your card (such as kde2, which requires it for some reason). On Fri, Apr 06, 2001 at 02:14:44PM +0500, dim wrote: > Hello All! > > Is there any way to make my Voodoo2 works under Linux? > > I know that Xwindows && Linux kernel supports Voodoo3,Voodoo5,Voodoo > Banshee... > > But I only have Voodoo2 G111 by 3Dfx Interactive. (It is software > compatible to Voodoo Graphics && Voodoo Rush.) > > If there is no way to use my Voodoo2 under Linux, tell me please, > which video card I must have to have no problems in Linux && have 3d > acceleration near to Voodoo by features. > Unfortunately I can't upgrade my Voodoo2 cause finance problems. So I > only can downgrade it. :( > > I have 3Dfx Interactive Voodoo2 G111 with 12M RAM in couple with > S3 Virge DX with 4M RAM. > > Thank You all. > Excuse my terrible english, plz. > -- > Best regards, > dim mailto:[EMAIL PROTECTED] > > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Excess on occasion is exhilarating. It prevents moderation from acquiring the deadening effect of a habit." - W. Somerset Maugham
internet filter
Hi, My son just turned 10, and I was interested in being able to set up some sort of internet filter for him. I don't need to tie his hands as far as browsing goes, nor do I need something that is childproof or otherwise beyond his ability to circumvent. I just want something that would prevent him from accidentally stumbling upon certain types of questionable sites... you know: have him type in "kids" in a search engine only to be confronted with links to child porn sites. I've looked into Junkbuster and that's a possibility... but that doesn't allow filtering based on content, just specific sites. Are there free software packages that can filter content? Anybody with experience in this? Also, if anybody knows of a child safe search engine, that would be greatly appreciated as well. I know that no solution is perfect... I'm just looking for something that would help protect him from the darker sides of the internet until he's ready for it. I would be grateful for any ideas. Thanks. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so." - Mark Twain
Re: How to compile the debian way?
On Sun, Apr 08, 2001 at 08:55:02AM +1000, Mark Devin wrote: > Do I just apt-get install equivs - how do I use that? > How do I use 'stow'? Yup. I don't get the stow bit either, but you can apt-get equivs. Read the README in /usr/share/doc to learn how to use it... it's quite easy. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "A jury consists of twelve persons chosen to decide who has the better lawyer." - Robert Frost
Re: Help! Accidentally started deleting /usr
It is possible, although not particularly easy, to genuinely recover deleted files. Check out the following link... especially the article "Bring out your dead": http://www.fish.com/forensics/ It's a pretty cool site regarless. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Our truest life is when we are in dreams awake." - Henry David Thoreau
Re: Installing KDE and Gnome
Neither Gnome nor KDE will take over your system. I have both of them set up as well as Blackbox, Window-maker, and fvwm with no conflicts whatsoever. On Sun, Apr 08, 2001 at 12:53:29PM -0700, Robin Rowe wrote: > Hi. I want to install KDE and Gnome, but still boot in console mode and be > able to use my non-desktop startx. I don't want to have an automatic > graphical startup (XDM, etc.). I'm thinking that what I want is to create a > startk and startg that work like startx. I don't think that creating scripts like that will be very easy to do. If you want to be able to choose on the fly you can use kdm or gdm... they will give you a drop-down list of window managers to choose from. Note that you can still log into a console when using the graphical display managers, just hit ctrl-alt-F1 and log in. To use startx you will probable have to edit your .xsession file whenever you want to change window managers. > This configuration is so I can test software with and without KDE and Gnome. > Normally, I just run startx and Blackbox. I've never used KDE or Gnome, and > am concerned those installations may try to take over my system (which may > be what typical users would expect). > > How do I install and set up KDE and Gnome to run optionally? Install them if you have the space... you don't have to run them if you don't want. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Death: to stop sinning suddenly." - Anonymous
Re: Voodoo2 && Linux
On Mon, Apr 09, 2001 at 12:17:33PM +0500, dim wrote: > Don't You tell me where can I get more info about these packages && > where from can I get it all? Just use apt-get install glide2-base and device3dfx-source. You can read about how to use them under /usr/share/doc. To be able to fully use this you may need to recompile your kernel with the device3dfx-source patches applied, although my experience has been that it's not necessary unless you plan to play games in xwindows. You might also look into the mesag3-glide2 package, which apparently also supports voodoo2 cards. I haven't tried it personally, though. > And what the programs can use Voodoo? (You just said about kde2) > (Desktop managers, something like 3D Studio or Maya, something else?) There arn't very many packages that take advantage of gl acceleration. xlockmore-gl does, and a few games do, but that's about it AFAIK. Go to www.debian.org and browse through it's packages... many packages which use opengl have a -gl extension on their names. > Is there any programs to configure Voodoo2 under Linux? > How can I check it's perfomance? Don't know about either of those. Hope this helps. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "What orators lack in depth they make up for in length." - Charles de Secondat, Baron de Montesquieu (1689-1775)
tcpd permission denied
Looking at my logs, I see that there are MANY messages that look like the following: Apr 11 07:03:43 debian inetd[19041]: execv /usr/sbin/tcpd: Permission denied The permissions for tcpd are: -rwxr-x---1 root root 4.1k Feb 11 2000 /usr/sbin/tcpd Are the above errors normal, or are the permissions on tcpd wrong? I will say that I do get finger requests which are run through tcp wrappers via inetd... unless something weird is happening with that. Oh, and if it's important: I'm running a potato system, kernel 2.2.19. Thanks for you help. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "A man will fight harder for his interests than for his rights." - Napoleon Bonaparte
Re: internet filter
Thanks for your suggestions everybody. I had looked at a couple of child-safe search engines like yahooligans which search off of a list of approved sites, but google's content filter works much, much better. Also, dansguardian, when combined with squid-guard, looks excellent. Thanks! refences: http://www.google.com http://dansguardian.org/ http://www.squidguard.org/ -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "A conservative is one who admires radicals centuries after they're dead." - Leo Rosten
Re: Blank screensaver
xset -s off Personally, I stuck this in the end (almost) of the /etc/X11/Xsession file so that it get automatically turned off when I (or anybody else) log in. Otherwise, you could put it in your .xinitrc file, or whatever else get's automatically loaded when you start your x session. On Mon, Apr 16, 2001 at 09:09:18AM -0600, Russell May wrote: > How do I disable the automatic blank screensaver that kicks in? > > -Russell May -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "I can resist everything but temptation." - Oscar Wilde
Re: Still having problems with the blankscreen
Hmmm... I would look into computer's bios settings. If I had to guess, I would say that your bios is using some sort of power management. On Tue, Apr 17, 2001 at 11:43:43AM -0600, Russell May wrote: > This occurs under the console (no X) as well as X. > I have tired all the setterm commands listed in the man pages, but my monitor > still blanks out after 10 minutes of nonuse. I have looked through the init.d > stuff and haven't found anything. Any ideas, suggestions? Thanks. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "The only fool bigger than the person who knows it all is the person who argues with him." - Stanislaw Jerszy Lec (1909- )
Re: logcheck
Copy the logcheck entries to /etc/logcheck/logcheck.ignore, cut out specific stuff like dates, and replace cut out parts with .* (the entries are regular expressions). If you still get messages, copy those entries to logcheck.violations.ignore as well. Be as specific as possible... and remember that the ignore files are case sensitive. On Wed, Apr 18, 2001 at 04:34:05PM -0700, [EMAIL PROTECTED] wrote: > i have logcheck installed on a few systems. i cleared out most > of the things generating the reports but..it still emails me > every hour and the only contents of the email are the log entries > of it sending the previous email(messages about root sending > email to me using postfix). any way to get rid of those so only > emails that contain something useful are generated? being emailed > by a program about activities it performs isnt ideal for me :) -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Hope is the dream of a waking man." - Aristotle
Re: firewall log messages
Hmmm... that is rather strange. PROTO=17 is the icmp protocol, but there is definately no icmp type 513. Also, according to the log, you are receiving a packet from your address over your ethernet card... which is questionable at best. However, I can't think of any hacking purpose for sending such a packet, and so I tend to think that it was generated erroneously from someplace. My suggestion is to silently DENY anything that reaches you're box that isn't destined for you. Lot's of weirdness will be quietly discarded that way. On Thu, Apr 19, 2001 at 01:38:07PM -0600, Robert Kerr wrote: > I'm using a cable modem, and have it firewalled at my box. Every now and > then I get the following messages on the current console > > Packet log: input REJECT eth0 PROTO=17 65.6.x.x:513 > 65.255.255.255:513 > L=160 S=0x00 I=20143 F=0x T=64 (#5) > 24.7.73.5 sent an invalid ICMP error to a broadcast. > 24.7.73.5 sent an invalid ICMP error to a broadcast. > > where the 65.6.x.x is my address. > > Why are these coming? Are they warning me of something important? and > if not, can I send them to a log instead of my console? I would imagine that those messages are being logged... look at /var/logs/kernel and/or /ver/logs/messages (or try using grep to find them). If you can't find them, make sure that your firewall is logging everything somewhere, preferably through syslog (if you're using ipchains or iptables, it will be logging through syslog.) Finally take a look at /etc/syslog.conf to make sure that everything is being logged somewhere. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Wise men talk because they have something to say; fools, because they have to say something." - Plato (429-347 BC)
Re: firewall log messages
Whoops... what was I thinking??? udp port 513 is the who service, which could conceivably be used for malicious purposes. None-the-less, silently denying messages not intended for you will still solve that part of the problem. On Thu, Apr 19, 2001 at 04:12:35PM -0400, Noah L. Meyerhans wrote: > On Thu, Apr 19, 2001 at 03:09:34PM -0500, John Patton wrote: > > Hmmm... that is rather strange. PROTO=17 is the icmp > > protocol, but there is definately no icmp type 513. > > You must be running a different IP implementation than the rest of the > world. Look up protocol 17 in /etc/protocols. > > noah > > -- > ___ > | Web: http://web.morgul.net/~frodo/ > | PGP Public Key: http://web.morgul.net/~frodo/mail.html > -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Bigot: One who is obstinately and zealously attached to an opinion that you do not entertain." - Ambrose Bierce - The Devil's Dictionary
Re: firewall log messages
I did a little bit of research, and it appears to be a known bug in some tcp stack or another. Nobody seems to know exactly where it's comming from, but the feeling is that it's not malicious. Check out the following link (and it's follow up messages) for more info, as well as a fix of sorts. http://lists.samba.org/pipermail/samba/2000-September/024636.html (BTW- Other messages on the subject seem to confirm that it's basically a software bug in somebody else's computer). On Thu, Apr 19, 2001 at 04:25:34PM -0400, Noah L. Meyerhans wrote: > On Thu, Apr 19, 2001 at 03:21:14PM -0500, John Patton wrote: > > Whoops... what was I thinking??? udp port 513 is the who > > service, which could conceivably be used for malicious > > purposes. None-the-less, silently denying messages not > > intended for you will still solve that part of the problem. > > Well, except for the fact that the message *originated* from him. I > suspect he installed rwhod without realizing (or is it rstatd? I don't > remember, having purged them long ago). I almost made the same mistake > that you did, not realizing at first that the packets originated on his > machine. Had that not been the case then ignoring the packets > completely would make the most sense. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "An egotist is a person of low taste- more interested in himself than in me." - Ambrose Bierce
Re: How to remove messages from mbox based on relative date?
On Mon, Apr 23, 2001 at 06:05:07PM -0700, Mike Fedyk wrote: > Hi, > > I have a .procmailrc and am filtering, but now I don't want to have to > delete my messages when they get old in certain mbox files. > > Can I run procmail with another conf file and have it send messages with a > "delivered" date older than N days? Is procmail even the right tool, I'm > not so sure... I don't know of an appropriate program for that, but I don't think that procmail is it. Procmail is really only used to filter incoming mail. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "The mind, once stretched by an empowering idea, can never fully shrink to its original dimensions." - Unknown
Re: Data recovery
Check out the following link: http://www.fish.com/forensics/ Especially the coronor's toolkit stuff. Undeletion is hard however: unless you have irreplacable stuff under /usr/local like project reports or something, it would probably be easier just to reinstall everything. On Tue, Apr 24, 2001 at 08:41:02PM -0700, Jason Whittle wrote: > I managed to reformat my /usr/local partition (ext2; not backwards > compatible) and I was wondering > if there was any way to recover some of the data I lost by doing that. I > haven't written anything > to the partition since reformatting, so nothing's been zeroed except the very > highest-level stuff. > Is this sort of thing possible, or should I just remount it and start filling > it up again? > > Cheers, > Jason Whittle > > P.S. Please cc me with all replies. > > __ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "All my life I've wanted to be someone; I guess I should have been more specific." - Jane Wagner/Lily Tomlin (1939- )
Re: Building modules with make-kpkg
On Mon, Oct 15, 2001 at 01:25:54PM +0100, Ross Burton wrote: > I've build a custom kernel using make-kpkg, but I'm now getting a new > sound card so I need to build a module. Would it be possible to build a > package which just contains the new module from the source tree, or do I > have to rebuild an entire kernel package just to get a new module? I don't know about using kpkg, but you can easily do this the old fashioned way. Just enter the source directory and select the module you want using `make menuconfig` or `make xconfig`. Then run `make dep` (if it tells you to), followed by `make modules` and `make modules_install`. That's it! You won't even need to reboot. -- John Patton [EMAIL PROTECTED] "Destiny is not a matter of chance, it is a matter of choice; it is not a thing to be waited for, it is a thing to be achieved." - William Jennings Bryan
Re: ip_always_defrag
On Tue, Oct 16, 2001 at 12:29:36PM +0300, George Karaolides wrote: > The command > > cat /proc/sys/net/ipv4/ip_always_defrag > > returns an integer which seems to vary all the time. > > I would like to set this (to 1) for security reasons, but seem to be > unable to do so because of this. I'm not sure about what ip_always_defrag is meant to return when called like that (probably some info that is useful to the developers), but you can set it in the following way: echo 1 > /proc/sys/net/ipv4/ip_always_defrag -- John Patton [EMAIL PROTECTED] "The mind is not a vessel to be filled but a fire to be kindled." - Plutarch
Re: Non-Debian kernel source
On Wed, Oct 17, 2001 at 02:55:58PM +, Vittorio wrote: > Hi, > > I'm using potato with Bunk's 2.4.9 kernel suitably compiled for my > hardware. > > Now I wonder if - according to your very revered opinion - it would be > reproachable, disgusting to install a 2.4.12 (or better the forthcoming > 2.4.13) kernel downloaded directly from www.kernel.org and compiled in > the ordinary way make dep clean bzImage . > > I mean: what really is against it? There is no problem in doing that what-so-ever. I have a number of programs compiled from direct source, including the kernel. The great thing about linux (not just Debian) is that you have the choice to do things how you want. The debian package system is wonderful, but you are certainly not restricted to it. Of course, when you compile from directly aquired source, it becomes your responsibility to handle any problems/build issues/etc that arise. But then, I've never had any problems with the kernel source. -- John Patton [EMAIL PROTECTED] "'Tis strange--but true; for truth is always strange, stranger than fiction." - Bryron, Don Juan
Re: IPchains output
On Thu, Oct 18, 2001 at 10:27:21AM +1000, Craig wrote: > Hi, > I am curious as what each field refers to I know that the example is, date > hostname then deny 24.242.71.87 src port 137 to my box on port 137 proto 17 > which I believe is udp, however the rest fails me (also does someone have a > complete listing of proto numbers to names (such as proto 17 udp?) You can look at the iptables manpage for detains on those other entries, but in my opinion they really aren't terribly important. FWIW, what's important to me is the time, source/dest ports/addresses, protocols, chain, and reason for denial (which I provide from my rules). That probably wasn't terribly helpful, but here is an answer for your second question. You can look at the following links for information on various internet things: protocol numbers:http://www.iana.org/assignments/protocol-numbers port numbers:http://www.iana.org/assignments/port-numbers icmp numbers:http://www.iana.org/assignments/icmp-parameters multicast addresses: http://www.iana.org/assignments/multicast-addresses address spaces: http://www.iana.org/assignments/ipv4-address-space Hope that helps. -- John Patton [EMAIL PROTECTED] "A cynic is a man who knows the price of everything, and the value of nothing." - Oscar Wilde
Re: lpr and pdf
On Mon, Oct 22, 2001 at 08:51:31AM -0400, Andrew Perrin wrote: > I don't know about a HOWTO, but basically you need to use a filter that > routes the pdf file through pdf2ps; it can then be interpreted by whatever > you use for other ps files (e.g., a postscript printer or a ghostscript > filter). If you have trouble with this (I do with the nice laser printers at work), you can manually convert the pdf documents to ps using acrobat reader. Just type `acroread -toPostScript file.pdf`. If you know what your doing you could probably get your printer to do that automatically. -- John Patton [EMAIL PROTECTED] "Thales was asked what was most difficult to man; he answered: 'To know one's self.'" - Diogenes
Re: Shell emulator with tabs for gnome/gtk
On Wed, Oct 24, 2001 at 06:48:47AM +0800, csj wrote: > I'm looking for a shell emulation program that has tabs (like the > one you see in galeon or gedit). The one I'm presently using, > powershell, does have tabs (which I found, thanks to apt-cache search). > But I have some issues with it ;-). Now are there any other gnome- or > gtk-based shell emulators that has a similar feature to let me keep my > desktop "as uncluttered as possible"? I don't know of any other choices (unfortunately), but the cvs version of powershell has been working pretty well for me. Of course, you need to be running testing or unstable and have a bunch of dev packages installed to have any chance of compiling it. -- John Patton [EMAIL PROTECTED] I can answer any question. (Often the answer is "I don't know")
Re: allowing root X apps
On Sun, Oct 28, 2001 at 10:08:48PM -0500, Justin R. Miller wrote:
> What is the best, most secure way to allow root to run X-based apps
> while I'm logged in as my non-privileged user? I've tried xhost
> +localhost and that does not seem to do the trick.
This is what I do, which consistently works for me. I have the
following code in /root/.bashrc:
case "`tty`" in
/dev/pts/[0-9])
if [ "X$LOGNAME" != "Xroot" ]; then
xauth -f /root/.Xauthority merge /home/$LOGNAME/.Xauthority
fi
;;
esac
--
John Patton [EMAIL PROTECTED]
"Do well and you will have no need for ancestors." -Voltaire
Re: Help! I have destroyed my /etc/init.d/lpd
On Thu, Nov 01, 2001 at 01:32:28PM +0100, Debian User wrote: > Is there a easy way to regain the file? Or does it help if I get a copy > from another (i386 potato 2.2.19pre9) machine? If so, can somebody post > it or send it to me ([EMAIL PROTECTED])? apt-get --reinstall install lpr -- John Patton [EMAIL PROTECTED] "We have to dare to be ourselves, however frightening or strange that self may prove to be." -May Sarton
Re: v2.4.14 kernel compile problem
On Tue, Nov 06, 2001 at 02:11:52PM +0800, Patrick Cheong Shu Yang wrote: > Another one of those release many and release quick again > > Uuughh... > > I remember someone once said regarding the impending release of 2.4.0 > and why it was taking so long...that Linus just has much higher > standards...oh oh...this is definitely not in the correct direction in > support of the previous comment... The thing is that they tried to accomplish ALOT in 2.4... everything that they did is good and will lead to the linux kernel being a genuinely excellent kernel that can rightly compete with commercial unices, but all of the changes has introduced some new bugs that need to be worked out. The thing is, do you want a super stable toy kernel that works well for hobbyists and low-end desktop machines (one that is simple but inefficient)? Or do you want a kernel that strives to be the best... one that runs efficiently and well even under high load? The 2.2 series is quite stable, but it cannot compete with most commercial unices or even freeBSD on high end machines, while the 2.4 kernel has gone a long way towards being able to do so. But high end power and efficiency comes at the cost of much greater complexity, which is that much harder to maintain flawlessly. Also keep in mind that 2.4 is being actively worked on (despite it's declaration of being stable), and so it cannot be counted on to run perfectly just yet. Give it some time... Linus' standards are both high and ambitious, and when the smoke clears the kernel should be really top notch. -- John Patton [EMAIL PROTECTED] "Too bad all the people who know how to run this country are busy running taxicabs or cutting hair." -George Burns
Re: Mutt - Procmail Question
On Sat, Nov 10, 2001 at 07:48:00PM +0530, Jijo Jose A wrote: > hi all > still i used procmail 3.21.20010831.3.22pre-1 for mail processing and mutt > 1.3.22-1 as MUA, to remove the unwanted headers i wrote '|cat | formail -k -X > From: > -X Return-Path: -X Date:.. >>my_mbox' in .procmailrc as the action line > for a condition. but i started 'mutt -f my_mbox ', my_mbox is not a > mailbox > error will occured. > how can i solve this ? A couple of possibilities come to mind. A line looking like: From [EMAIL PROTECTED] is used to seperate different emails. If it's being removed you will have problems. The other thing is that the mbox format is picky about certain things, like trailing empty lines. Look at the actual file and find out what doesn't look right and then fix your procmail action accordingly. Try looking up the specifications for mbox style mail boxes online to find out what's wrong with your file. -- John Patton [EMAIL PROTECTED] "Love conquers all things; let us too surrender to Love." -Virgil, Eclogues
Re: When ROOT->startx, what file executes the window manager program ?
On Sun, Nov 11, 2001 at 10:47:33PM -0500, Courtney Thomas wrote: > Greetings ! > > After 'startx' is issued by ROOT.. > > from what file is my window manager started ? > > I know for a "normal" user, but not for ROOT. AFAIK, it should be the same file: /root/.xinitrc -- John Patton [EMAIL PROTECTED] "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -Albert Einstein
Re: procmail script question
On Sun, Jul 22, 2001 at 02:43:30PM -0700, Lang Hurst wrote: > I use the following procmail script to make festival speak the FROM and > SUBJECT headings of new email through my speakers: > > SUBJECT=`formail -xSubject: \ > | expand | sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'` > SENDER=`formail -xFrom: \ > | expand | sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'` > :0c > | echo "New mail from " $SENDER ". the subject is " $SUBJECT | festival --tts > > That works great. However I am often listening to my vorbis collection. > When my music is playing and a new email comes in, the festival output just > gets garbled with the music. I would like to set up a procmail script that > says > > if xmms is playing: > xmms -u #pause xmms > > process new email > > if xmms was playing: > xmms -p #start playing again > > I just don't know how to test for a process, and the two books I have on the > subject are too basic, or I'm missing the page. Any help appreciated. This is a little ugly, but it should work: :0 | pid=`ps -ef | grep ^$USER | grep -v grep | grep xmms`; \ if [ "X$pid" != "X" ]; then echo ... | festival --tts; fi Fill in the ... with the whole echo command above, of course. $USER should be your user name, if it's not already set. -- John Patton [EMAIL PROTECTED] "It is dangerous to be right in matters on which the established authorities a wrong." -Voltaire
Re: When ROOT->startx, what file executes the window manager program ?
On Mon, Nov 12, 2001 at 07:48:57AM +, Johnny Ernst Nielsen wrote: > In most cases the user's .xsession file will end with the execution of a > window manager. > See if you have a .xsession in the /root directory. xdm uses .xsession, while startx uses .xinitrc. -- John Patton [EMAIL PROTECTED] "The man who never makes a mistake always takes orders from one who does." -Daisy Bates
Re: procmail conditions
You can do this:
:0
* 1^0 ^cond 1
* 1^0 ^cond 2
* 1^0 ^cond 3
/dev/null
It uses scoring to do exactly what you want.
On Wed, Aug 29, 2001 at 08:54:34PM -0700, Jason Majors wrote:
> Is there a way to OR procmail conditions?
> I have lots of lines like so:
> :0
> * (^From:.*Reel\.com)
> /dev/null
> :0
> * (^From:.*sonypictures\.com)
> /dev/null
>
> and I'd like to make them more like this:
>
> :0
> * (^From:.*Reel\.com) OR
> * (^From:.*sonypictures\.com)
> /dev/null
>
> I tried to DeMorganize them like:
> * ! {
> * ! (^From:.*Reel\.com)
> * ! (^From:.*sonypictures\.com)
> }
>
> But that doesn't work.
>
> And ideas?
>
> Thanks,
> Jason
>
>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
--
John Patton [EMAIL PROTECTED]
"Any fool can criticize, condemn, and complain - and most
fools do." - Dale Carnegie
Re: DRI
Run glxinfo to see if DRI is working. If it is, it will say "direct rendering: Yes", among many other things. If not, make sure that XF86Config is loading the dri module and that your video card is set up properly. Also be sure that dri support is properly compiled into your kernel... it's not by default (I don't think) since you have to specify which sort of card you have. On Thu, Aug 30, 2001 at 08:15:43PM -0400, Eric Whitestone wrote: > I have a Voodoo 4/5 and I am running kernel 2.4.8 on potato. I just installed > quake and got it to run, but it runs so slow that it isn't playable. I was > wondering if there was a way to check if i had the correct drivers, or if i > need to download some drivers. I want to see if DRI is working, or if i need > to edit something in my Xfree86config. I am running x4.0.1. Any help is > greatly appreciated. Thank You! > > --Eric > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "Don't go around saying the world owes you a living; the world owes you nothing; it was here first." - Mark Twain [Samuel Langhornne Clemens] (1835-1910)
Re: Oops, I blew away dpkg/dselect
Deb files are ar archives containing 3 files. Download dpkg...deb, and then run the following command to unpack it: ar x dpkg...deb One of the files it will create is data.tar.gz. Move that file to root (/), and gunzip/untar it. It will install all of the needed binaries and libraries. You will then be able to use dpkg to formally install itself. On Tue, Sep 04, 2001 at 12:52:05PM -0500, Matt Wehland wrote: > Well I screwed the pooch on this one. > I am rebuilding a potatoe system for a web/mail server. I wanted to use > some newer packages (latest mailman, postfix etc). > Somewhere there was a dependency for a newer version of dpkg. No problem I > just dl the latest dpgk and added it to my local repository (I also dl > whatever dependency's were required). > The problem comes in that while upgrading something puked but the older > version of dpkg was removed (yes I had to type in 'removing this may screw > up your system' or something like that). > The newer version of dpkg wasn't installed. Now I can't install anything, > including dpkg (either version) since dselect (or apt-get) return and error > '/usr/bin/dpkg' returned and error. Not suprising since dpkg isn't there. > I am just in the process of rebuilding this system so starting over doesn't > really bother me (I actually want to try some new things I've learned to > par down the packages installed). > But I would like to learn how to get around this problem in case I manage > to do something this stupid in the future on a more important system. > > The only solution I can think of is to copy the binaries I need off of > another system. > > Any else have any other ideas? > > I will be playing with this more when I get home from work later. > > Thanks, > Matt > > > >Matt Wehland [EMAIL PROTECTED] > Computer Network Specialist >MCSE CCNA > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "Our truest life is when we are in dreams awake." - Henry David Thoreau
Re: local entry in menu
Break it up into 2 distinct files and put each of them in /usr/lib/menu. Make sure that the permissions are good. Also, for StarOffice, you may need to use the full pathname instead of the tilde (I'm not sure about that one). update-menus should then work. As for the sed error, I always get that as well, but my menus seem to be just fine anyway. On Wed, Sep 05, 2001 at 10:22:22AM -0300, Mario Olimpio de Menezes wrote: > > Hi, > > I'm not being able to put a local entry in menu. > I've tried /etc/menu/package, also $HOME/.menu/package without > success. Bellow are the file contents I'm trying: > > /etc/menu/mozilla: > ?package(mozilla):needs="x11" section="Apps/Net" \ > title="Netscape 6" command="/usr/local/netscape/netscape" \ > icon="/usr/local/netscape/icons/mozicon16.xpm" > > /etc/menu/StarOffice: > ?package(StarOffice52):needs="x11" section="Apps/Editors" \ > title="StarOffice 5.2" command="~/office52/soffice" \ > icon="/usr/local/office52/share/kde/icons/so52.xpm" \ > hints="Beginner,Big" > > Every time I run update-menus, the entries are not added and I > get the following error: > /etc/menu# update-menus -d > (lots of lines deleted) > Update-menus[7874]: Running method:/etc/menu-methods//fvwm > Update-menus[7874]: Running method:/etc/menu-methods//kdm > sed: -e expression #1, char 1: Unknown command: ``-'' > > This message appears long after the files were read, both in > /etc/menu and in $HOME/.menu > Any hints? > > []s, > Mario O.de Menezes"Many are the plans in a man's heart, but > IPEN-CNEN/SP is the Lord's purpose that prevails" > http://curiango.ipen.br/~mario Prov. 19.21 > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "The mind is its own place, and in itself can make a heaven of Hell, a hell of Heaven." - John Milton
Re: shell script for bash [timeboy@Calculusterix]
You might try something like this: ( sleep 15 ; exec fetchmail ) & On Wed, Sep 05, 2001 at 06:09:05PM +0200, Timeboy wrote: > > Hi! > > I like to write a litte shell script that first makes a connection to my ISP > and then runs fetchmail. This is no problem for me. But cause it takes some > seconds till the connection to ISP is done, the script needs to wait for 5 or > 10 seconds bevore it runs fetchmail. How can i do this waiting with a bash > kommand? > > Timo > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- John Patton [EMAIL PROTECTED] "Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." - Albert Einstein
Re: OT: tail -f | while read
On Thu, Sep 06, 2001 at 01:23:09PM +0200, Martin F Krafft wrote: > > tail -f /var/log/syslog | grep something | while read i; do myprog $i; done > > i basically need to run myprog as soon as a new entry in syslog > happens that matches the criteria of the grep call. it needs to happen > immediately. > I couldn't get a variation of that working either... but if myprog is a perl script and is driven by the while(<>) loop, then you should be able to just pipe the output of the grep right into it, like so: tail -f /var/log/syslog | grep something | myprog I'm not sure if that can be done directly with a shell script though. -- John Patton [EMAIL PROTECTED] "Don't ever become a pessimist, Ira; a pessimist is correct oftener than an optimist, but an optimist has more fun- and neither can stop the march of events." - Robert A. Heinlein - Time Enough For Love
Re: OT: tail -f | while read
On Thu, Sep 06, 2001 at 09:47:01PM +0200, Martin F Krafft wrote: > also sprach John Patton (on Thu, 06 Sep 2001 02:33:01PM -0500): > > I couldn't get a variation of that working either... but if > > myprog is a perl script and is driven by the while(<>) loop, > > then you should be able to just pipe the output of the grep > > right into it, like so: > > > >tail -f /var/log/syslog | grep something | myprog > > > > I'm not sure if that can be done directly with a shell > > script though. > > why not, what's the difference??? > > and could someone give me a perl one-liner that takes each such line > fed into its STDIN, and for each line, calls an external shell script > with the entire line as argument? You know what, not only did a 1 liner not work, but I tried implimenting a perl wrapper to call a shell script, and that didn't work either. I'm really pretty confused about that, actually. There must be something going on with how bash (or the system) handles nameless pipes that is causing grief here... but I don't know what. Maybe the output is buffered or something... if anybody has any thoughts on this I would be interested in hearing it. Meanwhile, you might try running it on the tcsh shell. Otherwise you might just be better off writting a more complicated script that does everything itself and is run from cron every few minutes or so. -- John Patton [EMAIL PROTECTED] "Death: to stop sinning suddenly." - Anonymous
Re: give me "fish" & you feed me for a day..teach me 2 fish & u feed me 4ver!
On Thu, Sep 06, 2001 at 11:16:03PM +, [EMAIL PROTECTED] wrote: > Greetings, > > Some questions; > > 1. is there a resource out there somewhere that can clearly explain "ld" and > "ld" related problems and how to fix them? I sometimes build from source and > most of the time I get stuck with "ld" related problems and I have to bother > a lot of people on how to resolve it instead of resolving it myself... Not sure about that... > it's like the saying "give them fish and you feed them for a day...teach > them to fish and you feed them forever!" ...but, most ld problems are simply that it (the linker) cannot find a required library file. Like as follows: > /usr/bin/ld: cannot find -lperl It cannot find the library file called libperl, which is either because you don't have it installed, or because the linker isn't looking for it in the right place. (Just replace the -l part with lib and you will have the library name.) The slocate package is perfect for finding out if the lib is on your computer somewhere: slocate libperl If it's not installed, you need to find which package you need. Go to the debian packages page (http://www.debian.org/distrib/packages) and punch in libperl into the bottom form. Look for the library file name, which should end in something like '.so' (hopefully it will show up). That package is what you need... install it and you should be good-to-go. If you do have the library installed (which is probably the case here... I would be suprised if you didn't have perl on your machine) then you need to tell ld where to look. In this case, you need to either edit the Makefiles yourself or pass the appropriate flag to configure, like so: LDFLAGS=-L/location/of/lib ./configure Run configure just like that, plus whatever other options you want to give it. The flag is -L which is immediately followed by the directory your lib file can be found. Again, slocate is great for figuring that out in a hurry. This flag must appear in the linking phase, which is usually covered by the LDFLAGS variable. I hope this helps. -- John Patton [EMAIL PROTECTED] "What orators lack in depth they make up for in length." - Charles de Secondat, Baron de Montesquieu (1689-1775)
Re: give me "fish" & you feed me for a day..teach me 2 fish & u feed me 4ver!
> On Debian, at least, the library usually needed for compilation is the > static one (libfoo.a) as the shared libraries are "stripped" making > symbol resolution difficult. The shared library will still be used > for the runtime unless there isn't one to begin with or static linking > is specified. Dude, that is so totally incorrect. There are literally only a couple of binaries that are statically compiled, which is what the .a files are used for. And stripping doesn't in any way make symbol resolution difficult. In any case, unless you are very specifically creating a statically compiled program (which is unlikely), you need the shared (.so) lib files. -- John Patton [EMAIL PROTECTED] "You're only young once, but you can be immature forever." - Larry Andersen
Re: Ethernet Card D-Link DFE-530TX
I have this card, and I use the 8139too.o driver. In menuconfig I selected 'Realtek rtl-8139' as well as 'support for older RTL-8129/8130...'. I don't know if that last one is necissary, but my card does work fine. -- John Patton [EMAIL PROTECTED] "To be or not to be. That's not really a question." - Jean Luc Godard
Re: .config in kernel source?
On Thu, Sep 20, 2001 at 02:42:48PM -0300, Alejandro Diego Garin wrote: > I have downloaded the kernel-source-2.4.9 and I couldn't find the debain > .config file for this version of the kernel. Is debian giving the configure > options used in the kernel-compilation ? I need to do some changes and want > to keep the debian options... The config file does not come with the package (although perhaps it should). It is generated by make config... but of course you will have to go through everything the first time through and configure things the way you like. Customizing the kernel to your own machine does have it's advantages though. The resulting kernel will be smaller, faster, and more secure. And once you do it once you can just copy over your .config file each time you do a kernel upgrade... except perhaps between major releases. -- John Patton [EMAIL PROTECTED] "By doing just a little every day, I can gradually let the task completely overwhelm me." - Ashleigh Brilliant
Re: Deleting duplicate messages with formail/procmail
On Mon, Sep 24, 2001 at 11:02:31AM -0400, Jason Rashaad Jackson wrote: > OK. Due to some ignorance on my part (errors with my procmail filters as > well as using 'formail -s procmail' with extreme prejudice) I now have many > many MANY copies of individual messages in all my mail folders. Is there a > way that I can run a filter to delete all but the original (or just all > copies) message out of a specific folder? I tried including dupcheck.dc > from the procmail-lib package, then running formail -s procmail with the > source as the original folder and the output to a new folder, but I wound up > with the same info in both folders. As always, any help offered will be > much appreciated. I'm not sure about what you are doing with formail currently, but I have the following at the top of my .procmailrc script and it works great: # avoid duplicate messages :0 Whc: msgid.lock | formail -D 16384 Admin/msgid.cache :0 a: Admin/duplicates Duplicates get dumped into the file duplicates in ~/Main/Admin just in case I want to see them. A nightly cron job removes them by moving that mail file to duplicates.old. I would go through your procmail script and make sure that it isn't creating duplicates when it shouldn't be. I would go light on the 'c' flag... it should only be used when you want a duplicate made. -- John Patton [EMAIL PROTECTED] "The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt." - Bertrand Russell
Re: OT: netfilter inquiry
On Wed, Sep 26, 2001 at 10:10:22AM +0800, Rino Mardo wrote: > here's the message i'm getting: > > ip_tables: (c)2000 Netfilter core team > ip_conntrack (1023 buckets, 8184 max) > iptables: Table does not exist (do you need to insmod?) > iptables v1.2.3: log-level `info' ambiguous > > the third line is what i was getting with version 1.2 that's why i upgraded. > the last line i got only when i upgraded to version 1.2.3 and i don't see why > it would be ambiguous. As for line 3, I would make sure that everything is properly selected in your kernel configuration, and that the modules (if you're using modules) are getting loaded. As for thr 4th line, that's a recent bug. You can get around it by using the log-level number instead (3 or 4... I can't remember which one is info). -- John Patton [EMAIL PROTECTED] "Believe those who are seeking the truth; doubt those who find it." - Andre Gide
Re: In mail, 'From' becomes '>From'
On Thu, Sep 27, 2001 at 01:44:33PM -0700, Karsten M. Self wrote: > I've been noticing this on a number of messages both from and to me. > > Some lines beginning with 'From' are rewritten as '>From'. Needless to > say, this utterly borks things like GPG signatures. > > I have no idea where this is happening (I run exim, fetchmail and mutt), > or even if it's characteristic of my system, my ISP > (Earthlink/Mindspring), or other mail intermediaries. > > Suggestions? The thing is that mail messages are simply text files. Indeed, normal mailfiles concatenate all messages into the same file. That requires that there be text based means by which the header is differentiated from the body of the message and the messages are differentiated from each other. ALL email messages start with a line that begins with "From ", and so when an email program sees that it knows that the last message has ended and that it's at the begining of a new message. Of course, if you start a line in the message body that begins with "From" and a space you don't mean that a new email message follows, and any email transport program that isn't brain-dead (like exim) will escape that line before sending it on it's way. This is appropriate. You can avoid this by changing that word in any way, such as by not capitalizing it. But it's really not a big deal... it shouldn't be interpreted as quoted text since a quotation begins with a "> " (note the added space). -- John Patton [EMAIL PROTECTED] "The fellow who thinks he knows it all is especially annoying to those of us who do." - Harold Coffin
Re: In mail, 'From' becomes '>From'
On Thu, Sep 27, 2001 at 03:50:33PM -0500, Dave Sherohman wrote: > I suspect that this is probably being done by "helpful" software on > some intermediary machine, most likely either the sender's or your > ISP's, as I use exim and mutt and have used fetchmail in the past, > but don't recall ever actually seeing this happen. Exim does this by default. I can, for example, send a message to myself over the localhost and the From will get escaped. This is, anyway, standardized behavior. -- John Patton [EMAIL PROTECTED] "Everything should be as simple as it is, but not simpler." - Albert Einstein
Re: connect to ntp server
On Fri, Sep 28, 2001 at 04:22:05PM -0400, Titus Barik wrote: > I want to connect to an NTP server to sync my desktop clock in Debian > (Woody). Is ntpdate the preferred way to do this? Generally, ntpd is prefered, but there is overhead involved. When running ntpd, you always have the ntp daemon running, for example, which amounts to over 4mb's on my machine. If you're not terribly concerned with keeping your clock totally accurate, running ntpdate once a day (or so) from cron may be best. Even then your machine shouldn't really get more than a second or so off... which is not usually a problem when your not running public internet services. -- John Patton [EMAIL PROTECTED] "Emacs is a nice OS - but it lacks a good text editor. That's why I am using Vim." - Anonymous
Re: directly installing a deb package
On Wed, Oct 03, 2001 at 10:10:36PM +0100, Alex Hunsley wrote: > I've downloaded a .deb package from the net and want to install it. How do I > tell apt-get that I'm giving it a direct file name rather than having it > looking at the places in sources.list? The package is sitting in /tmp at the > moment, and I've tried adding file:/tmp to sources.list, but still no luck - I > think it's adding things like stable or main to the path. Just use `dpkg -i filename.deb`. -- John Patton [EMAIL PROTECTED] "Minds are like parachutes. They only function when they are open." - Sir James Dewar, Scientist (1877-1925)
Re: procmail
On Thu, Oct 04, 2001 at 01:02:06AM +0200, [EMAIL PROTECTED] wrote: > if I use procmail, do I still need fetchmail? or exim/qmail? or procmail > can do the filtering, sending and receiving mail... You still need fetchmail and exim (or whatever). Procmail only does 2 related things: it filters email, and it serves as a simple local transport. Exim will use procmail automatically if it finds it. -- John Patton [EMAIL PROTECTED] "A cynic is a man who knows the price of everything, and the value of nothing." - Oscar Wilde
Re: procmail
On Wed, Oct 03, 2001 at 07:31:49PM -0400, Stephen Gran wrote: > Thus spake [EMAIL PROTECTED]: > > if I use procmail, do I still need fetchmail? or exim/qmail? or procmail > > can do the filtering, sending and receiving mail... > > apropos procmail: > procmail (1) - autonomous mail processor > > From the http://packages.debian.org site: > Can be used to create mail-servers, mailing lists, sort your incoming > mail into separate folders/files (real convenient when subscribing to > one or more mailing lists or for prioritising your mail), preprocess > your mail, start any programs upon mail arrival (e.g. to generate > different chimes on your workstation for different types of mail) or > selectively forward certain incoming mail automatically to someone. > From grep procmail > /var/lib/apt/lists/ftp.us.debian.org_debian_dists_woody_main_binary-i386_Packages > (sorry about the long wrap): > Recommends: exim | sendmail | mail-transport-agent | fetchmail > > So, it looks like yes. Procmail cannot download email from your isp all by itself, nor can it send mail over the internet. Procmail was designed to process incoming mail in various ways using regular expressions and is good at it. In following the unix ideal of doing one thing well and letting others do everything else, procmail relies on other programs to process mail over the internet, etc. Procmail is not a spooler by design, and cannot actually do anything to mail on it's own except for deliver it to local mail files. It can change the mail destination if you tell it to, but for anything else it relies on externel programs. It is very much like a shell script in that way. It CAN be used as PART of a mail server... but only as the filtering/processing part. It can't actually BE a mail-server all by itself however. In short, you WILL need other programs such as exim and fetchmail in order to be able to use email. -- John Patton [EMAIL PROTECTED] "Any fool can criticize, condemn, and complain - and most fools do." - Dale Carnegie
Re: How to generate a random number?
On Thu, Oct 04, 2001 at 09:21:34PM +0800, Liu Tao wrote: > I use random() in my program to generate a random number, > but every time when I restart my program I get the same number. > How can I get different random numbers each time? Look at srandom() to seed the generator. You can seed it with the current time, or with a couple of bytes from /dev/urandom, and so forth. -- John Patton [EMAIL PROTECTED] "They couldn't hit an elephant at this dist..." - General John B. Sedgwick Last words, 1864
Re: Is everyone else seeing duplicate old posts?
On Thu, Oct 04, 2001 at 10:41:32PM -0500, hmike wrote: > The stuff I'm seeing seems to always be coming through: > > X-Envelope-Sender: > [EMAIL PROTECTED] > > and seems to have been received from the list server and then resent? > > Anyone else getting this? Yup. -- John Patton [EMAIL PROTECTED] "Nature never deceives us; it is always we who deceive ourselves." - Jean-Jacques Rousseau, Emile
Re: Trying to figure out where the kernel sources went.
On Fri, Oct 05, 2001 at 04:00:31PM +0200, [EMAIL PROTECTED] wrote: > apt-get install kernel-source-2.2.19pre17 > > and also > > apt-get install kernel-headers-2.2.19pre17 You don't need the headers package if you install the source one... the headers come with the source. I would `dpkg -r kernel-headers-2.2.19pre17`. > /usr/src/kernel-headers-2.2.19pre17-compact > /usr/src/kernel-headers-2.2.19pre17-idepci > > Which one of those two do I use? Uname doesn't specify either of them. I would delete them both. > There's also a file kernel-source-2.2.19pre17.bz2 in /usr/src I presume these > are the kernel sources, but shouldn't they be unpacked somewhere? If I need to > do that myself, where should I put them? It's not automatically unpacked. Do a `bzcat kernel-source* | tar xv` or something to unpack it (you will need bzip2 to be able to do this). It will create a dir called something like `kernel-2.2.19pre17`. You then need to create a link to it like so: ln -s /usr/src/kernel-2.2.19pre17 /usr/src/linux It's important that it be called "linux"... a number of utilities assume that that's where your kernel source is. > P.S. I have found the kernel how-to, but that didn't answer my questions. If you unpack the original kernel source from kernel.org it will be unpacked into a directory named "linux" already. Hence the how-to's and so forth assume that you don't need any help on that part. Good luck... and if you need any more help just ask. Oh, make sure that you can boot with your original kernel in some way before installing the new one. You most likely won't get it perfectly right the first time through. -- John Patton [EMAIL PROTECTED] "Contrary to popular belief, Unix is user friendly. It just happens to be very selective about who its friends are."
Re: mounting /tmp and setting permissions
On Mon, Oct 08, 2001 at 12:29:04AM +0200, Carel Fellinger wrote: > Its permissions are wrong, so they need to be set right after /tmp is > mounted. For the time being I've added a line to this effect to > /etc/init.d/mountall.sh. I know I could add my own file to the init.d > setup, but this being such a common setup I expected to find a place > to do this. But I fail to find it:( The permissions should stay the same once they are set. I have /tmp on it's own partition and I only had to set it once. Note that the permissions HAVE to be 1777 (that's read, write, and exec for everyone, with the sticky bit set). If you're trying to set it to something else, there might be something in the startup scripts that is reseting it back to it's standard values (although I didn't see anything in there doing that), hence the need to change it's permissions each time. > Talking about /tmp and booting, I wonder what happens to lost+found: > deleted or preserved. preserved. lost+found is special. -- John Patton [EMAIL PROTECTED] "The important thing is never to stop questioning." - Albert Einstein
Re: GCC cannot create executables
On Mon, Oct 08, 2001 at 05:23:17PM -0400, Jonathan Kemp wrote: > Hi there people, > > I have a problem with my linux box. Everytime I try to ./configure a > tarball, I get this error msg : > > loading cache ./config.cache > checking host system type... i686-pc-linux-gnu > checking target system type... i686-pc-linux-gnu > checking build system type... i686-pc-linux-gnu > checking for gcc... gcc > checking whether the C compiler (gcc ) works... no > configure: error: installation or configuration problem: C compiler > cannot create executables. The thing that comes to mind is whether or not you have write permission in the directory you are running configure from. That particular test is performed by having gcc compile a small program... if it can't write the result to a file it will fail with the above message. -- John Patton [EMAIL PROTECTED] "There are two things that are infinite; Human stupidity and the universe. And I'm not sure about the universe." - Albert Einstein
Re: 2.4.10 and swap usage
On Mon, Oct 08, 2001 at 03:28:48PM -0700, Mike Pfleger wrote: > Hello, all. > > I was building a web-browsable directory of constructivist and post- > constructivist art, and when I was done mucking about, I noticed that > gkrellm was reporting that swap was about 40% used. To my dismay, > closing the GIMP and Netscape did not free any swap. Can I assume that Once memory is moved into swap space, it will stay there until it's called for. Therefore removing those programs won't necissarily cause an immediate decline in swap usage. Perhaps most of that swap space was being used by X... a major culprit on my system... and/or other programs. Removing NS and the GIMP wouldn't necissarily reduce the swap space by too much in that case. > NS had consumed this swap building it's image cache prior to display? It very possible. It's also possible that all of the images, etc, being drawn on screen were causing xwindows to bloat. Or perhaps the sheer size of NS and the GIMP caused a large part of X (and other rarely used utilities) to get swapped out. Who knows > I thought the swap issues had finally been licked in this release of the > kernel.(?) Back to 2.2.x for this production box, I suppose? :( Swap works much, MUCH better on my machine since switching to 2.4.10. It was noticably bad before, and now it works quite nicely. -- John Patton [EMAIL PROTECTED] "Life is the art of drawing sufficient conclusions from insufficient premises." - Samuel Butler (1612-1680)
problem installing dhelp
When trying to install dhelp, I get the following weird message: dhelp_parse: can't open /var/lib/dhelp/titles Even if I purge dhelp and then reinstall (so that /var/lib/dhelp is deleted) it still happens. Yes, I'm running as root; no, the immutable bit is not set; and no, I'm not currently running any sort of advanced security software like LIDS. Anybody have ANY idea why this could be happening? I'm at a loss. Any insight on this would be greatly appreciated, as I really like the services dhelp provides. Thanks in advance. -- John Patton [EMAIL PROTECTED] "Never mistake knowledge for wisdom. One helps you make a living; the other helps you make a life." - Sandra Carey
downgrading with apt
Is there a way to force apt-get to install downgraded packages? One or two packages are no problem... using dpkg works just fine with them. But how could you downgrade your system from testing to stable, for example? Is it even possible? AFAIK, apt wont even download packages if it thinks that they are older than what's registered. If I could at least get it to do that, then I could have dpkg install them over the newer versions. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Every generation laughs at the old fashions, but follows religiously the new." - Henry David Thoreau (1817-1862)
Re: Low Memory Install?
On Thu, Jun 07, 2001 at 01:16:45PM -0500, Kenneth Pronovici wrote: > I have a friend who's interested in getting my help to install Linux > for the first time... but his spare machine only has 4MB of RAM. The > last time I tried to install Linux on a machine with that little RAM > was in 1996 or 1997 when I was using RedHat 4.2. RedHat's installer > wouldn't even run properly on a machine with that little RAM, and I > ended up falling back on an older "low memory" version of Slackware. > > My question is: can I successfully complete a minimal Debian install > with only 4MB of RAM, or is this a losing proposition that's just going > to frustrate me? Debian is ultimately designed to be a full fledged linux system. You may very well get it to fit... but it will be a squeez. You may want to look into something like Small Linux (http://www.superant.com/smalllinux/), which was specifically designed to work within 4 mb's of ram. You can even run a tiny version of X with it. I'm not sure what you could do with such a system, but it may be fun. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "They couldn't hit an elephant at this dist..." - General John B. Sedgwick Last words, 1864
rescue cd
Does anyone know how one would go about creating a debian rescue cd? Something bootable, with enough utilities on it to really be able to fix a system. A custom made ramdisk would be perfect. I've been trying to figure out how to do this, with no luck. Any hints or pointers would be great. Thanks. -- John Patton [EMAIL PROTECTED] Get my GnuPG public key: finger [EMAIL PROTECTED] "Every man has his own destiny: the only imperative is to follow it, to accept it, no matter where it leads him." - Henry Miller, The Wisdom of the Heart
Loosing internet after suspend
After bringing up my system after a suspend to disk, i lose internet access. When i try to restart networking, i get the following: SIOCSIFADDR: No such device eth0: ERROR while getting interface flags: No such device eth0: ERROR while getting interface flags: No such device Bind socket to interface: No such device Failed to bring up eth0. eth0 is, of course, the card that connects to my cable modem. The only way i know to get it back is to restart the computer! I've looked everywhere i can think of to look, but i just don't know how to reactivate that device. My wife is getting angry with Linux, which isn't good! If someone could help me out here i would greatly appreciate it. Even just some ideas about where to look would be good. If you need any other information about my system, please just let me know. Thanks in advance!
Re: Re: Loosing internet after suspend
Okay. I have a regular ethernet card built into my laptop's motherboard. I use Openbox for my desktop, whilst my wife uses Gnome. I use powersaved for power management, which in turn uses acpid. What i have done so far is make changes to the powersaved config scripts. I have instructed it to restart networking, acpid, and the firewall to no avail (before discovering that eth0 itself no longer existed in /dev). I then tried unloading and re-loading the module that my ethernet driver uses (natsemi), but that doesn't help. Then i tried manually restarting several of the init.d scripts that seemed promising in an effort to bring up the eth0 device (no luck). I've done alot of searching on the internet besides that and really didn't find anything useful. It seems to me that something in the boot process checks for the existence of that device (/dev/eth0) and creates it, but i can't figure out what that is. There must be some way to tell the kernel (or something) to create it! I just don't even know where to look though. Does MAKEDEV still work? My only thought is to manually create the device from the init.d/networking script if it doesn't exist, but that seems like a kludge and fragile besides. Basically i'm wondering if anybody knows of the proper way to do this. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
