hi ya
On Sat, 30 Oct 2004, Rishi wrote:
> > the server you buy, is herein "blessed/certified to work with debian"
> > - see the incompatibility list as what was previously
> > posted for what is known NOT to work
>
> joking apart. :-) .. really what I meant was once I tried to i
> - if you cannot be down for more than 5 minutes... you should have 2
> complete independent systems ( properly configured and tested for
> high-availability ... ) which has NOTHING to do with raid or mirror'ing
> - if you cannot afford the extra hardware and extra time
> to co
> the server you buy, is herein "blessed/certified to work with debian"
> - see the incompatibility list as what was previously
> posted for what is known NOT to work
Hi Alvin,
joking apart. :-) .. really what I meant was once I tried to install
Debian Woody on an HP server and i
hi ya
On Sat, 30 Oct 2004, Rishi wrote:
> This is the response I got from IBM in India... Why are they not
> certifying Debian GNU/Linux on their servers?
they do atas their told, or they find they behinds on the other side of
the ibm door
> Is there something Debian as the organization can d
Hi,
This is the response I got from IBM in India... Why are they not
certifying Debian GNU/Linux on their servers?
Is there something Debian as the organization can do to get firms like
IBM to certify their hardware on it?
Regards
Rishi
-- Forwarded message --
From: Hemanth Ku
G'day,
From: "Russell Coker" <[EMAIL PROTECTED]>
> On Fri, 29 Oct 2004 09:56, "Donovan Baarda" <[EMAIL PROTECTED]>
wrote:
> > I actually run pdnsd. I find it leaner and simpler than named. However,
is
> > "run named on all hosts" really better than "run nscd on all hosts"?
>
> That's debatable. S
also sprach Craig Sanders <[EMAIL PROTECTED]> [2004.10.30.0340 +0200]:
> of course, you can be a bit looser with with keys if you're
> confident that physical access to the machines AND to the network
> segment they are on is properly restricted, AND you have firewall
> or other access rules to pre
On Sat, Oct 30, 2004 at 12:37:31AM +0200, martin f krafft wrote:
> also sprach Craig Sanders <[EMAIL PROTECTED]> [2004.10.30.0015 +0200]:
> > 3. when a machine is being built or rebuilt, install the correct
> > ssh keys in /etc/ssh. they can be fetched via password-protected
> > http or https or f
Based on a cursory look at how FAI works, if you're worried about
a 'laptop attack' -- i.e, an untrusted person with access to your network
media -- I think there are more problems than just SSH keys.
None of the tftp/dhcp/pxe stuff is really designed with security
in mind. It seems to me that any
martin f krafft said on Sat, Oct 30, 2004 at 01:35:33AM +0200:
> FWIW, there is no cfengine host (yet). I am still somewhat taken
> aback by its complexity. Just reinstalling the machines with FAI
> seems simpler and cleaner.
Yeah, I haven't gotten around to using it in production either. :)
>
also sprach Mark Ferlatte <[EMAIL PROTECTED]> [2004.10.30.0059 +0200]:
> Very little. I would use cfengine to push your ssh keys from your
> cfengine host right after FAI.
FWIW, there is no cfengine host (yet). I am still somewhat taken
aback by its complexity. Just reinstalling the machines with
also sprach Mark Ferlatte <[EMAIL PROTECTED]> [2004.10.30.0050 +0200]:
> DHCP doesn't let you specify the DNS search path. You'll need to
> do it some other way, should you desire this functionality.
I found -- to my surprise -- that it's possible to have multiple
search lines in /etc/resolv.conf
Martin F Krafft said on Fri, Oct 29, 2004 at 07:03:02PM +0200:
> As far as I can tell, there remains one problem: we use SSH
> hostbased authentication between the nodes, and while I finally got
> that to work, every machine gets a new host key on every
> reinstallation, requiring the global databa
martin f krafft said on Fri, Oct 29, 2004 at 10:38:39AM +0200:
> In /etc/resolv.conf, the search parameter can take multiple values.
> However, when using DHCP, this field is populated by 'option
> domain-name', which lists the domain name only, and must not do
> anything else, or headless clients
also sprach Craig Sanders <[EMAIL PROTECTED]> [2004.10.30.0015 +0200]:
> 3. when a machine is being built or rebuilt, install the correct
> ssh keys in /etc/ssh. they can be fetched via password-protected
> http or https or ftp or even tftp, then decrypted and untarred.
> since they're encrypted y
On Fri, Oct 29, 2004 at 07:03:02PM +0200, Martin F Krafft wrote:
> As far as I can tell, there remains one problem: we use SSH hostbased
> authentication between the nodes, and while I finally got that to
> work, every machine gets a new host key on every reinstallation,
> requiring the global data
On Fri, 29 Oct 2004 22:38:34 +0200, martin wrote in message
<[EMAIL PROTECTED]>:
> also sprach Arnt Karlsen <[EMAIL PROTECTED]> [2004.10.29.2054 +0200]:
> > ..have each node scp those keys and whatever else you want from
> > the boot server, say from each node's /etc/rc.local. _Combine_ some
>
On Saturday 07 August 2004 01:33, Donovan Baarda wrote:
> G'day,
>
> - Original Message -
> From: "Mark Bucciarelli" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, August 07, 2004 12:17 AM
> Subject: Restoring /etc
>
> > I screwed up my /etc directory bigtime. I wanted to
also sprach Wouter Verhelst <[EMAIL PROTECTED]> [2004.10.29.1508 +0200]:
> It assumes that all DNS servers use the same configuration format,
> or that all DNS servers in a given zone run the same software,
> which simply is an incorrect assumption.
It has suited me just fine. I am thankful that d
On Friday 29 October 2004 16:39, martin f krafft wrote:
> also sprach Mark Bucciarelli <[EMAIL PROTECTED]> [2004.10.29.1920
+0200]:
> > what about some kind of cheap usb storage for each machine?
>
> Then I could just take the USB stick, put it onto my laptop, and
> subvert the NFS home directorie
On Fri, 29 Oct 2004, martin f krafft wrote:
> also sprach Mark Bucciarelli <[EMAIL PROTECTED]> [2004.10.29.1920 +0200]:
> > what about some kind of cheap usb storage for each machine?
>
> Then I could just take the USB stick, put it onto my laptop, and
> subvert the NFS home directories.
Glue it
Hi
You can get out your cable toner tool and see if it picks up the noise
by just waving the wand around. Sometimes if a fan or something is
putting off noise, it puts off noise across a lot of spectrum and it
will be obvious what is causing the noise.
The fact that you have multiple systems sh
also sprach Mark Bucciarelli <[EMAIL PROTECTED]> [2004.10.29.1920 +0200]:
> what about some kind of cheap usb storage for each machine?
Then I could just take the USB stick, put it onto my laptop, and
subvert the NFS home directories.
--
Please do not send copies of list mail to me; I read the l
also sprach Arnt Karlsen <[EMAIL PROTECTED]> [2004.10.29.2054 +0200]:
> ..have each node scp those keys and whatever else you want from
> the boot server, say from each node's /etc/rc.local. _Combine_ some
> node hardware based ID schemes, say nics mac addresses, cpuid, etc.
How do you suggest t
On Fri, 29 Oct 2004 19:03:02 +0200, Martin wrote in message
<[EMAIL PROTECTED]>:
> Dear wizards,
>
> [I assume cluster stuff to be better here than -user. Please tell me
> if you think otherwise]
>
> We have just converted our 40 node cluster to FAI and now it's
> running shiny sarge at the pre
On Friday 29 October 2004 13:03, Martin F Krafft wrote:
> So these are the four possible ways I can think of, and not a single
> one is satisfactory.
i'm a wizard-wannabe, but i'll reply anyway.
what about some kind of cheap usb storage for each machine?
--
To UNSUBSCRIBE, email to [EMAIL PROT
Dear wizards,
[I assume cluster stuff to be better here than -user. Please tell me
if you think otherwise]
We have just converted our 40 node cluster to FAI and now it's
running shiny sarge at the press of the on button. Thanks to Thomas
Lange for a really incredible solution (FAI), and Mark Burg
On Fri, Oct 29, 2004 at 11:18:45PM +1000, Russell Coker wrote:
> If there was a choice between running only nscd or only named then nscd might
> be a reasonable option. But given that every serious network will need a
> caching DNS proxy (for which task it's unfortunate that there is nothing
>
Hello,
Theodore Knab a Ăcrit :
I was just wondering if you all use STP in your server rooms.
We have been using UTP, but recently I have been getting
'carrier errors' on interfaces in one rack.
Well...
I use SFTP cords for patch panel, but from wall outlet to server,
I use UTP.
Note : I use 100 Mb/
I was just wondering if you all use STP in your server rooms.
We have been using UTP, but recently I have been getting
'carrier errors' on interfaces in one rack. After changing the cables to
longer coiled UTP cables and tucking the excess in the between the server and
rack, carrier errors increa
On Fri, 29 Oct 2004 09:56, "Donovan Baarda" <[EMAIL PROTECTED]> wrote:
> I actually run pdnsd. I find it leaner and simpler than named. However, is
> "run named on all hosts" really better than "run nscd on all hosts"?
That's debatable. Some people will say that DNS servers are too much of a
sec
On Fri, Oct 29, 2004 at 12:04:51PM +0200, martin f krafft wrote:
> also sprach Wouter Verhelst <[EMAIL PROTECTED]> [2004.10.29.1112 +0200]:
> > How is djbdns good? In that it doesn't correctly implement the
> > RFCs on some crucial parts of the DNS protocol?
> >
> > (hint: search for 'AXFR' or 'IX
On Friday 29 October 2004 10.38, martin f krafft wrote:
> My question is how to add additional domain names to search when
> using dhcp in the smartest possible way.
>
> We are using resolvconf if it matters.
IIRC you can edit the basis resolv.conf template, and add these entries
there, somewher
also sprach Wouter Verhelst <[EMAIL PROTECTED]> [2004.10.29.1112 +0200]:
> How is djbdns good? In that it doesn't correctly implement the
> RFCs on some crucial parts of the DNS protocol?
>
> (hint: search for 'AXFR' or 'IXFR', and see what mr. Bernstein has
> to say about that. No, rsync is /not/
also sprach Wouter Verhelst <[EMAIL PROTECTED]> [2004.10.29.1126 +0200]:
> Most DHCP clients allow you to override configuration sent by the DHCP
> server. I am using this on my home LAN server in /etc/dhclient.conf:
>
> supersede domain-name "grep.be debian.org";
> prepend domain-name-servers 127
On Fri, Oct 29, 2004 at 10:38:39AM +0200, martin f krafft wrote:
> In /etc/resolv.conf, the search parameter can take multiple values.
> However, when using DHCP, this field is populated by 'option
> domain-name', which lists the domain name only, and must not do
> anything else, or headless client
On Wed, Oct 27, 2004 at 09:56:24AM -0300, Federico Lazcano wrote:
> Hello everyone:
>
> I need an advice on reporting in web pages (MRTG-Like) the activities of
> a mail system build on Postfix + Amamisd-new + Spamassassin.
>
> Any clue?
>
> I'm using Debian Sarge.
Try munin. We've been usin
On Thu, Oct 28, 2004 at 06:10:33PM +0200, martin f krafft wrote:
> also sprach Russell Coker <[EMAIL PROTECTED]> [2004.10.28.1520 +0200]:
> > Run named on localhost.
>
> What an extraordinarily bad advice, IMHO. BIND is too much a piece
> of crap.
>
> I really suggest djbdns. I know, it's nonfree
On Tue, Oct 26, 2004 at 01:00:36PM +0800, Xu Jialing wrote:
> Subject: please advice me any good stuff to immegrate debian system to ipv6 network
> ? thx
Please don't do it that way, this makes properly replying to your
message much harder, and it also increases the risk of your mail being
filter
In /etc/resolv.conf, the search parameter can take multiple values.
However, when using DHCP, this field is populated by 'option
domain-name', which lists the domain name only, and must not do
anything else, or headless clients won't work anymore. The same
happens with changing domain-name in /etc/
40 matches
Mail list logo
