From brian at planetshwoop.com Tue Oct 1 07:33:01 2002
From: brian at planetshwoop.com (Brian Sobolak)
Date: Tue, 1 Oct 2002 09:33:01 -0500 (CDT)
Subject: [buug] login accounting, webmail
Message-ID: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com>
hi everyone
I got a message today that said:
Doing login accounting:
total 420.72
brian 420.72
as part of my monthly security run output for my FreeBSD 4.5 box.
Exactly what does the figure represent? Anyone point me to a man page
where I can find more?
Also, I wrote about a month ago asking for how to solve the problem of
having my domain not work internally on the firewall. I don't know why I
didn't think of it, but of course Ian's solution of a well constructed
hosts file worked fine.
Also worth noting: SquirrelMail rules. The most recent version no longer
requires global parameters be turned on (a security risk and why it was
banned at a lot of hosting companies). This is probably one of the best
mail clients I've ever used.
brian
From dave at mikamyla.com Tue Oct 1 08:43:13 2002
From: dave at mikamyla.com (Dave Barry)
Date: Tue, 1 Oct 2002 08:43:13 -0700
Subject: [buug] login accounting, webmail
In-Reply-To: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com>
References: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com>
Message-ID: <20021001154313.GA8486@mikamyla.com>
On Tue, Oct 01, 2002 , Brian Sobolak wrote:
>
> hi everyone
>
> I got a message today that said:
>
>
> Doing login accounting:
> total 420.72
> brian 420.72
>
>
> as part of my monthly security run output for my FreeBSD 4.5 box.
>
> Exactly what does the figure represent? Anyone point me to a man page
> where I can find more?
'man ac' provides:
>If the file /var/log/wtmp exists, a record of
>individual login and logout times are written to it by login(1) and
>init(8), respectively. Ac examines these records and writes the
>accumulated connect time (in hours) for all logins to the standard
>output.
--
Dave Barry
Disgruntled Windows Monkey http://psax.org/~dave
Happy Linux User! dave at mikamyla.com
From unixjavabob at yahoo.com Tue Oct 1 11:03:07 2002
From: unixjavabob at yahoo.com (Bob Read)
Date: Tue, 1 Oct 2002 11:03:07 -0700 (PDT)
Subject: [buug] login accounting, webmail
In-Reply-To: <20021001154313.GA8486@mikamyla.com>
Message-ID: <20021001180307.99330.qmail@web13802.mail.yahoo.com>
> > 420.72
I believe this number is the current stardate....no,
wait! The current stardate is 56249.1 :
http://www.echelonfleet.com/html/body_stardate_calculator.htm
=====
-----------------------------------------
Bob Read
Senior Unix Administrator/DBA/Programmer
cell (510)-703-1634
unixjavabob at yahoo.com
-----------------------------------------
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
From rick at linuxmafia.com Tue Oct 1 11:14:27 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 1 Oct 2002 11:14:27 -0700
Subject: [buug] login accounting, webmail
In-Reply-To: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com>
References: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com>
Message-ID: <20021001181427.GP19163@linuxmafia.com>
Quoting Brian Sobolak (brian at planetshwoop.com):
> I got a message today that said:
>
>
> Doing login accounting:
> total 420.72
> brian 420.72
>
>
> as part of my monthly security run output for my FreeBSD 4.5 box.
You'd better get that cheque to Marshall Kirk McKusick in the mail
_today_. I hear they go after deadbeats with pitchforks.
--
Cheers, "Teach a man to make fire, and he will be warm
Rick Moen for a day. Set a man on fire, and he will be warm
rick at linuxmafia.com for the rest of his life." -- John A. Hrastar
From atporter at primate.net Tue Oct 1 11:12:41 2002
From: atporter at primate.net (Aaron T Porter)
Date: Tue, 1 Oct 2002 11:12:41 -0700
Subject: [buug] login accounting, webmail
In-Reply-To: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com>
References: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com>
Message-ID: <20021001181241.GG19502@primate.net>
On Tue, Oct 01, 2002 at 09:33:01AM -0500, Brian Sobolak wrote:
> Also worth noting: SquirrelMail rules. The most recent version no longer
> requires global parameters be turned on (a security risk and why it was
> banned at a lot of hosting companies). This is probably one of the best
> mail clients I've ever used.
Of course you're using this over SSL and your IMAP server only
binds to localhost, right? Squirrel mail is indeed neat, some of the
plugins are quite clever.
From webmaster at hawaiidakine.com Wed Oct 2 12:51:09 2002
From: webmaster at hawaiidakine.com (al plant)
Date: Wed, 02 Oct 2002 09:51:09 -1000
Subject: [buug] CD Rom Burner on FreeBSD
Message-ID: <3D9B4E2D.D174FE54@hawaiidakine.com>
Hi,
Anyone have the name of a brand of CD Burner that works under FreeBSD?
Aloha! Al Plant - Webmaster http://hawaiidakine.com
Providing FAST DSL Service for $28.00 /mo. Member Small Business Hawaii.
Running FreeBSD 4.5 UNIX & Caldera Linux 2.4 & RedHat 7.2
Support OPEN SOURCE in Business Computing. Phone 808-622-0043
From jzitt at josephzitt.com Wed Oct 2 12:58:03 2002
From: jzitt at josephzitt.com (Joseph Zitt)
Date: Wed, 2 Oct 2002 12:58:03 -0700
Subject: [buug] NTP Time Setting
Message-ID: <20021002125803.4b759955.jzitt@josephzitt.com>
I'm trying to figure out how to set my system clock by a remote system,
but the more that I read, the less I understand. Could someone suggest
a one-liner command (or something similarly simple) by which I could
set my clock from an appropriate host?
Thanks for any enlightenment.
--
| josephzitt at josephzitt.com http://www.josephzitt.com/ |
| http://www.metatronpress.com/jzitt/ http://www.mp3.com/josephzitt/ |
| == New book: Surprise Me with Beauty: the Music of Human Systems == |
| Comma / Gray Code Silence: the John Cage Discussion List |
From dave at mikamyla.com Wed Oct 2 13:28:53 2002
From: dave at mikamyla.com (Dave Barry)
Date: Wed, 2 Oct 2002 13:28:53 -0700
Subject: [buug] NTP Time Setting
In-Reply-To: <20021002125803.4b759955.jzitt@josephzitt.com>
References: <20021002125803.4b759955.jzitt@josephzitt.com>
Message-ID: <20021002202853.GA21333@mikamyla.com>
Quothe Joseph Zitt , on Wed, Oct 02, 2002:
> I'm trying to figure out how to set my system clock by a remote system,
> but the more that I read, the less I understand. Could someone suggest
> a one-liner command (or something similarly simple) by which I could
> set my clock from an appropriate host?
>
> Thanks for any enlightenment.
The deprecated way of doing this is:
$ ntpdate
I use:
$ ntpdate tick.mit.edu
but check out a list of public ntp servers at
http://www.eecis.udel.edu/~mills/ntp/clock1.htm
I believe the official way of doing things is to run ntpd locally,
and have it adjust the clock gradually, rather than in one foul swoop via
ntpdate.
--
Dave Barry
Disgruntled Windows Monkey http://psax.org/~dave
Happy Linux User! dave at mikamyla.com
From jzitt at metatronpress.com Wed Oct 2 13:45:25 2002
From: jzitt at metatronpress.com (Joseph Zitt)
Date: Wed, 2 Oct 2002 13:45:25 -0700
Subject: [buug] NTP Time Setting
In-Reply-To: <20021002202853.GA21333@mikamyla.com>
References: <20021002125803.4b759955.jzitt@josephzitt.com>
<20021002202853.GA21333@mikamyla.com>
Message-ID: <20021002134525.63d9c911.jzitt@metatronpress.com>
On Wed, 2 Oct 2002 13:28:53 -0700
Dave Barry wrote:
> I believe the official way of doing things is to run ntpd locally,
> and have it adjust the clock gradually, rather than in one foul swoop
> via ntpdate.
Yep, it appears that I do have ntpd running, but it doesn't appear to
be doing anything. I've found a page with a bewildering plethora of
possibilities at http://www.eecis.udel.edu/~ntp/ntp_spool/html/ntpd.htm
but I haven't figured out how get it to actually set the time on my
system.
One concern that I have about its working automatically is that I'm on
dialup (ugh), and so it probably wouldn't be able to check itself on a
regular schedule. Would this be a problem?
--
| josephzitt at josephzitt.com http://www.josephzitt.com/ |
| http://www.metatronpress.com/jzitt/ http://www.mp3.com/josephzitt/ |
| == New book: Surprise Me with Beauty: the Music of Human Systems == |
| Comma / Gray Code Silence: the John Cage Discussion List |
From psoltani at ultradns.com Wed Oct 2 14:26:32 2002
From: psoltani at ultradns.com (Patrick Soltani)
Date: Wed, 2 Oct 2002 14:26:32 -0700
Subject: [buug] CD Rom Burner on FreeBSD
Message-ID: <3DBB075EEB95944492E127F2B9A96FAF5DDBC6@ultra-exchange.ultradns.com>
I have not tested all the brands, but from my experience, any run of the mill cd burner should work although scsi works much better than IDE. I have had very limited success with IDE burners, but Scsi's should be very straight forward; Plextor, sony, etc.
Regards,
Patrick Soltani.
> -----Original Message-----
> From: al plant [mailto:webmaster at hawaiidakine.com]
> Sent: Wednesday, October 02, 2002 12:51 PM
> To: FreeBSD
> Subject: [buug] CD Rom Burner on FreeBSD
>
>
>
> Hi,
>
> Anyone have the name of a brand of CD Burner that works
> under FreeBSD?
>
> Aloha! Al Plant - Webmaster http://hawaiidakine.com
> Providing FAST DSL Service for $28.00 /mo. Member Small
> Business Hawaii.
> Running FreeBSD 4.5 UNIX & Caldera Linux 2.4 & RedHat 7.2
> Support OPEN SOURCE in Business Computing. Phone 808-622-0043
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
>
From billoomal at yahoo.com Wed Oct 2 14:37:40 2002
From: billoomal at yahoo.com (HD)
Date: Wed, 2 Oct 2002 14:37:40 -0700 (PDT)
Subject: [buug] Spare Peecees
Message-ID: <20021002213740.47738.qmail@web13005.mail.yahoo.com>
Hi,
I happen to be moving from the area, and I have a
three peecees to give away. I am looking for a home
for them where they would probably be used and not
salvaged :)
1 Pentium 90 x 24 mb RAM x 540 mb drive
1 Pentium 100 x 32 mb ram x 540 mb drive + cdrom (NIC
mostly works)
1 Dell XPS P100c (I am guessing that is a Pentium
100mhz - no hard drive)
- 2 old monitors, not the greatest but good enough for
console
- keyboards + mice for two computers
Please let me know at the earliest, since I need to
resolve this by today or latest by tomorrow.
I live in Berkeley, and you would have to arrange to
pick them up.
Cheers!
HD
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
From dave at mikamyla.com Wed Oct 2 14:33:47 2002
From: dave at mikamyla.com (Dave Barry)
Date: Wed, 2 Oct 2002 14:33:47 -0700
Subject: [buug] NTP Time Setting
In-Reply-To: <20021002134525.63d9c911.jzitt@metatronpress.com>
References: <20021002125803.4b759955.jzitt@josephzitt.com> <20021002202853.GA21333@mikamyla.com> <20021002134525.63d9c911.jzitt@metatronpress.com>
Message-ID: <20021002213347.GA21542@mikamyla.com>
Quothe Joseph Zitt , on Wed, Oct 02, 2002:
> One concern that I have about its working automatically is that I'm on
> dialup (ugh), and so it probably wouldn't be able to check itself on a
> regular schedule. Would this be a problem?
>
Probably more of a headache than its worth. I guess it depends on whether or
not your dialup is connected all the time.
I would suggest just running ntpdate as part of your dialup script, that way
you'll sync every time you connect. Your other option is to run ntpd, and
have it demand-dial when it needs to sync, but this seems like overkill, as I
imagine it will be dialing quite often.
--
Dave Barry
Disgruntled Windows Monkey/technician http://psax.org/~dave
Happy Linux User! dave at mikamyla.com
From itz at speakeasy.org Wed Oct 2 15:10:06 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 02 Oct 2002 15:10:06 -0700
Subject: [buug] NTP Time Setting
In-Reply-To: <20021002213347.GA21542@mikamyla.com>
References: <20021002125803.4b759955.jzitt@josephzitt.com>
<20021002202853.GA21333@mikamyla.com>
<20021002134525.63d9c911.jzitt@metatronpress.com>
<20021002213347.GA21542@mikamyla.com>
Message-ID: <867kh08pc1.fsf@kronstadt.homeunix.net>
Joseph> One concern that I have about its working automatically is
Joseph> that I'm on dialup (ugh), and so it probably wouldn't be able
Joseph> to check itself on a regular schedule. Would this be a
Joseph> problem?
Dave> Probably more of a headache than its worth. I guess it depends
Dave> on whether or not your dialup is connected all the time. I
Dave> would suggest just running ntpdate as part of your dialup
Dave> script, that way you'll sync every time you connect. Your other
Dave> option is to run ntpd, and have it demand-dial when it needs to
Dave> sync, but this seems like overkill, as I imagine it will be
Dave> dialing quite often.
Have a look at chrony:
http://chrony.sunsite.dk/index.php
It is an alternative ntp client, more lightweight in some ways IIRC,
and good behaviour on a dial-up connection is one of its selling
points.
I would enclose my config file, except I myself switched to ntpd after
a lifetime of chrony use just a couple of months ago.
--
Ian Zimmerman, Oakland, California, U.S.A.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
EngSoc adopts market economy: cheap is wasteful, efficient is expensive.
From jan at caustic.org Wed Oct 2 15:27:04 2002
From: jan at caustic.org (f.johan.beisser)
Date: Wed, 2 Oct 2002 15:27:04 -0700 (PDT)
Subject: [buug] CD Rom Burner on FreeBSD
In-Reply-To: <3D9B4E2D.D174FE54@hawaiidakine.com>
Message-ID: <20021002152445.H67581-100000@pogo.caustic.org>
On Wed, 2 Oct 2002, al plant wrote:
> Anyone have the name of a brand of CD Burner that works under FreeBSD?
any of the brands should work.
if it's IDE, use burncd(8) to do the burn.
FreeBSD is remarkably agnostic about such things.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
From jan at caustic.org Wed Oct 2 15:32:36 2002
From: jan at caustic.org (f.johan.beisser)
Date: Wed, 2 Oct 2002 15:32:36 -0700 (PDT)
Subject: [buug] NTP Time Setting
In-Reply-To: <20021002125803.4b759955.jzitt@josephzitt.com>
Message-ID: <20021002152714.C67581-100000@pogo.caustic.org>
On Wed, 2 Oct 2002, Joseph Zitt wrote:
> I'm trying to figure out how to set my system clock by a remote system,
> but the more that I read, the less I understand. Could someone suggest
> a one-liner command (or something similarly simple) by which I could
> set my clock from an appropriate host?
if the system is online 24/7, or "most of the time" you may just use ntpd.
the simplest config file will define the driftfile (essentially the "lag
time" between the server and the NTP client), and the server.
[root at pogo jan] {35}$ cat /etc/ntp.conf
# NTP conf file for POGO.caustic.org
#
driftfile /etc/ntp.drift
server 128.118.25.3 # clock.psu.edu
server 17.254.0.26 # time.apple.com
server 204.34.198.41 # tock.usnogps.navy.mil
> Thanks for any enlightenment.
hope this gives you a starting point.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
From billoomal at yahoo.com Wed Oct 2 15:32:43 2002
From: billoomal at yahoo.com (HD)
Date: Wed, 2 Oct 2002 15:32:43 -0700 (PDT)
Subject: [buug] Spare Peecees
In-Reply-To: <20021002213740.47738.qmail@web13005.mail.yahoo.com>
Message-ID: <20021002223243.64643.qmail@web13005.mail.yahoo.com>
In response to the earlier questions:
- The monitors are 14 inch monitors
- All the drives are IDE
- I can take a guess on the memory modules;
24 mb = 3 x 8mb?
32 mb = 2 x 16 mb
I am sorry, I can't be more precise (coz I would have
to open the boxes up), I am in a huge rush to get a
lot of other things done.
Thanks once again.
HD
--- HD wrote:
> Hi,
> I happen to be moving from the area, and I have a
> three peecees to give away. I am looking for a home
> for them where they would probably be used and not
> salvaged :)
>
> 1 Pentium 90 x 24 mb RAM x 540 mb drive
> 1 Pentium 100 x 32 mb ram x 540 mb drive + cdrom
> (NIC
> mostly works)
> 1 Dell XPS P100c (I am guessing that is a Pentium
> 100mhz - no hard drive)
> - 2 old monitors, not the greatest but good enough
> for
> console
> - keyboards + mice for two computers
>
> Please let me know at the earliest, since I need to
> resolve this by today or latest by tomorrow.
>
> I live in Berkeley, and you would have to arrange to
> pick them up.
>
> Cheers!
> HD
>
> __________________________________________________
> Do you Yahoo!?
> New DSL Internet Access from SBC & Yahoo!
> http://sbc.yahoo.com
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
From webmaster at hawaiidakine.com Wed Oct 2 20:14:21 2002
From: webmaster at hawaiidakine.com (al plant)
Date: Wed, 02 Oct 2002 17:14:21 -1000
Subject: [buug] Floppy Mounting
Message-ID: <3D9BB60D.4DD9AA25@hawaiidakine.com>
Hi,
I have a FreeBSD 4.5 box that I want to use a floppy drive on to load
some files on to the BOX.
For some reason when I installed the box the CDrom and all other drives
were created in the /etc/fstab directory.
But the floppy is not there.
I have done it in Linux to create this, but FreeBSD is different.
Do you know what the steps are to create the /dev/fd0 /floppy and so
on in the fstab?
Or can you point me to a how-to. The three references I have here on the
shelf assume that the files were already created with the installation
so they just describe how to mount them.
Or should I look at a hardware issue with the floppy?
Thanks,
Aloha! Al Plant - Webmaster http://hawaiidakine.com
Providing FAST DSL Service for $28.00 /mo. Member Small Business Hawaii.
Running FreeBSD 4.5 UNIX & Caldera Linux 2.4 & RedHat 7.2
Support OPEN SOURCE in Business Computing. Phone 808-622-0043
From mjh at icir.org Wed Oct 2 21:12:41 2002
From: mjh at icir.org (Mark Handley)
Date: Wed, 02 Oct 2002 21:12:41 -0700
Subject: [buug] Floppy Mounting
In-Reply-To: Your message of "Wed, 02 Oct 2002 17:14:21 -1000."
<3D9BB60D.4DD9AA25@hawaiidakine.com>
Message-ID: <24083.1033618361@vulture.icir.org>
>Hi,
>
>
>I have a FreeBSD 4.5 box that I want to use a floppy drive on to load
>some files on to the BOX.
>
>For some reason when I installed the box the CDrom and all other drives
>were created in the /etc/fstab directory.
>
>But the floppy is not there.
>
>I have done it in Linux to create this, but FreeBSD is different.
>
>Do you know what the steps are to create the /dev/fd0 /floppy and so
>on in the fstab?
>
>Or can you point me to a how-to. The three references I have here on the
>shelf assume that the files were already created with the installation
>so they just describe how to mount them.
>
>Or should I look at a hardware issue with the floppy?
Look in /var/run/dmesg.boot
You should see something like:
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
If this isn't there, then the OS isn't probing the floppy drive. If
it is, then you should be able to mount it using the mount command.
Make a directory to use as a mount point:
mkdir /floppy
If it's a DOS floppy:
mount -t msdos /dev/fd0 /floppy
If it's a UFS (Unix) floppy:
mount /dev/fd0 /floppy
When you're happy it works, don't forget to cd out of /floppy and do
"umount /floppy" before ejecting the floppy.
If you have any problem with the device, you might try:
cd /dev
./MAKEDEV fd0
But this shouldn't be necessary.
Assuming you can manually mount the floppy successfully, then you
might add an fstab entry something like:
# Device Mountpoint FStype Options Dump Pass#
/dev/fd0 /floppy msdos rw 0 0
"msdos" should be replaced with "ufs" if you're going to be mounting
Unix floppies. But I usually don't put /floppy in fstab, because I
sometimes mount Unix floppies and sometimes DOS floppies, and so I
just mount them manually, as above.
Hope this helps,
Mark
From jan at caustic.org Wed Oct 2 21:14:41 2002
From: jan at caustic.org (f.johan.beisser)
Date: Wed, 2 Oct 2002 21:14:41 -0700 (PDT)
Subject: [buug] Floppy Mounting
In-Reply-To: <3D9BB60D.4DD9AA25@hawaiidakine.com>
Message-ID: <20021002204629.F67581-100000@pogo.caustic.org>
On Wed, 2 Oct 2002, al plant wrote:
> I have a FreeBSD 4.5 box that I want to use a floppy drive on to load
> some files on to the BOX.
>
> For some reason when I installed the box the CDrom and all other drives
> were created in the /etc/fstab directory.
well, the obvious starting point is "man fstab"
> But the floppy is not there.
floppies rarely are. being that they're somewhat useless overall (i tend
to tar files to them, or occasionally use them as boot floppies..)
> I have done it in Linux to create this, but FreeBSD is different.
>
> Do you know what the steps are to create the /dev/fd0 /floppy and so
> on in the fstab?
you're close. generally, floppies don't need to be mounted.. if you do,
you might not have the right fstype.
> Or can you point me to a how-to. The three references I have here on the
> shelf assume that the files were already created with the installation
> so they just describe how to mount them.
http://www.freebsd.org/handbook/
> Or should I look at a hardware issue with the floppy?
you may also want to go through the freebsd-questions archive at:
http://marc.theaimsgroup.com
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
From cmsclaud at arches.uga.edu Wed Oct 2 21:14:30 2002
From: cmsclaud at arches.uga.edu (Claude Rubinson)
Date: Thu, 3 Oct 2002 00:14:30 -0400 (EDT)
Subject: [buug] Cat-5 cable?
Message-ID:
I was wondering if anyone had some spare Cat-5 cable (with connectors)
that they bring to the meeting tomorrow? I'm looking for around 20-25
feet and would be happy to pay you for your trouble.
Thanks,
Claude
From jammer at weak.org Wed Oct 2 22:02:23 2002
From: jammer at weak.org (Jon McClintock)
Date: Wed, 2 Oct 2002 22:02:23 -0700
Subject: [buug] Cat-5 cable?
In-Reply-To:
References:
Message-ID: <20021003050222.GC18642@weak.org>
On Thu, Oct 03, 2002 at 12:14:30AM -0400, Claude Rubinson wrote:
> I was wondering if anyone had some spare Cat-5 cable (with connectors)
> that they bring to the meeting tomorrow? I'm looking for around 20-25
> feet and would be happy to pay you for your trouble.
I can bring some...How many connectors do you need?
-Jon
From cmsclaud at arches.uga.edu Wed Oct 2 22:13:07 2002
From: cmsclaud at arches.uga.edu (Claude Rubinson)
Date: Thu, 3 Oct 2002 01:13:07 -0400 (EDT)
Subject: [buug] Cat-5 cable?
In-Reply-To: <20021003050222.GC18642@weak.org>
Message-ID:
On Wed, 2 Oct 2002, Jon McClintock wrote:
> On Thu, Oct 03, 2002 at 12:14:30AM -0400, Claude Rubinson wrote:
> > I was wondering if anyone had some spare Cat-5 cable (with connectors)
> > that they bring to the meeting tomorrow? I'm looking for around 20-25
> > feet and would be happy to pay you for your trouble.
>
> I can bring some...How many connectors do you need?
Just two. Thanks!
Claude
From itz at speakeasy.org Sat Oct 5 00:56:00 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 05 Oct 2002 00:56:00 -0700
Subject: [buug] lcc, the alternative C compiler
Message-ID: <86y99duxnz.fsf@kronstadt.homeunix.net>
At the meeting i mentioned lcc, the light fast ANSI C compiler. It
turns out there's a recent version (4.2) out that can once again be
built on Linux/gcc/glibc. Some of the tests appear to fail but
bootstrapping the compiler with itself, the ultimate test, succeeds,
so I think the failures are just due to obsolete inputs.
It can be downloaded from
http://www.cs.princeton.edu/software/lcc/
(Unfortunately the build is quite labor-intensive for those addicted
to autoconf.)
--
Ian Zimmerman, Oakland, California, U.S.A.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
EngSoc adopts market economy: cheap is wasteful, efficient is expensive.
From billoomal at yahoo.com Fri Oct 11 10:16:18 2002
From: billoomal at yahoo.com (HD)
Date: Fri, 11 Oct 2002 10:16:18 -0700 (PDT)
Subject: [buug] Migrating from Exchange 5.5 to Linux
Message-ID: <20021011171618.11941.qmail@web13005.mail.yahoo.com>
Hi,
I am considering migrating my mail server from
Exchange 5.5 to a linux based email server. I have
searched the web a little and haven't found any white
paper or anything of the sort.
Could someone recommend some sites with appropriate
information and/or even suggest some mail servers to
use?
Thanks a lot!
Cheers!
HD
__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
From rick at linuxmafia.com Fri Oct 11 10:38:15 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 11 Oct 2002 10:38:15 -0700
Subject: [buug] Migrating from Exchange 5.5 to Linux
In-Reply-To: <20021011171618.11941.qmail@web13005.mail.yahoo.com>
References: <20021011171618.11941.qmail@web13005.mail.yahoo.com>
Message-ID: <20021011173814.GE32418@linuxmafia.com>
Quoting HD (billoomal at yahoo.com):
> Could someone recommend some sites with appropriate information and/or
> even suggest some mail servers to use?
Have a look at
http://www.suse.com/us/business/products/suse_business/email_server/
It's actually just a bunch of standard, good open-source components
(Postfix, Apache, Cyrus IMAP, OpenLDAP, OpenSSL) preconfigured to work
well with one another, plus a couple of proprietary components: YaST2
for graphical administration, and SkyrixGreen for integrated scheduling
and group discussions.
Usually, when you're trying to convince pointy-hairs to use a Unix mail
solution, they instead drag you onto Exchange Server to get its
scheduling, group discussions, and perceived "integration". The SuSE
bundle seems designed to overcome the management-moron syndrome.
And you should point out that, unlike Exchange Server, the SuSE Linux
eMail Server (which is what they call it) won't corrupt its message
store a couple of times a year.
--
Cheers, Long ago, there lived a creature with a
Rick Moen voice like a vacuum cleaner. We know little
rick at linuxmafia.com about it, but we do know that it ate cats.
From wfhoney at pacbell.net Fri Oct 11 10:45:24 2002
From: wfhoney at pacbell.net (Bill Honeycutt)
Date: Fri, 11 Oct 2002 10:45:24 -0700
Subject: [buug] Migrating from Exchange 5.5 to Linux
References: <20021011171618.11941.qmail@web13005.mail.yahoo.com>
Message-ID: <3DA70E34.8DC5F8D5@pacbell.net>
Not wanting to steal Rick Moen's thunder...but he sent me the following
regarding MTA's recently:
http://linuxmafia.com/~rick/linux-info/mtas
Hope this is useful...I thought it was!
HD wrote:
>
> Hi,
> I am considering migrating my mail server from
> Exchange 5.5 to a linux based email server. I have
> searched the web a little and haven't found any white
> paper or anything of the sort.
>
> Could someone recommend some sites with appropriate
> information and/or even suggest some mail servers to
> use?
>
> Thanks a lot!
>
> Cheers!
> HD
>
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
From rick at linuxmafia.com Fri Oct 11 11:25:14 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 11 Oct 2002 11:25:14 -0700
Subject: [buug] Migrating from Exchange 5.5 to Linux
In-Reply-To: <3DA70E34.8DC5F8D5@pacbell.net>
References: <20021011171618.11941.qmail@web13005.mail.yahoo.com> <3DA70E34.8DC5F8D5@pacbell.net>
Message-ID: <20021011182514.GG32418@linuxmafia.com>
Quoting Bill Honeycutt (wfhoney at pacbell.net):
> Not wanting to steal Rick Moen's thunder...but he sent me the following
> regarding MTA's recently:
>
> http://linuxmafia.com/~rick/linux-info/mtas
>
> Hope this is useful...I thought it was!
'Long as you're doing that:
http://linuxmafia.com/~rick/linux-info/webmail
--
Cheers,
Rick Moen FORTH heart if honk then.
rick at linuxmafia.com
From atporter at primate.net Fri Oct 11 13:55:31 2002
From: atporter at primate.net (Aaron T Porter)
Date: Fri, 11 Oct 2002 13:55:31 -0700
Subject: [buug] Migrating from Exchange 5.5 to Linux
In-Reply-To: <20021011173814.GE32418@linuxmafia.com>
References: <20021011171618.11941.qmail@web13005.mail.yahoo.com> <20021011173814.GE32418@linuxmafia.com>
Message-ID: <20021011205531.GA26812@primate.net>
On Fri, Oct 11, 2002 at 10:38:15AM -0700, Rick Moen wrote:
> And you should point out that, unlike Exchange Server, the SuSE Linux
> eMail Server (which is what they call it) won't corrupt its message
> store a couple of times a year.
Where's the job security in that?!??
From jan at caustic.org Fri Oct 11 13:58:46 2002
From: jan at caustic.org (f.johan.beisser)
Date: Fri, 11 Oct 2002 13:58:46 -0700 (PDT)
Subject: [buug] Migrating from Exchange 5.5 to Linux
In-Reply-To: <20021011205531.GA26812@primate.net>
Message-ID: <20021011135755.J30424-100000@pogo.caustic.org>
On Fri, 11 Oct 2002, Aaron T Porter wrote:
> Where's the job security in that?!??
be the only person on your block with the skills to fix it when it does
die and kill the message store.
just charge more per repair.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
From psoltani at ultradns.com Fri Oct 11 14:34:36 2002
From: psoltani at ultradns.com (Patrick Soltani)
Date: Fri, 11 Oct 2002 14:34:36 -0700
Subject: [buug] Migrating from Exchange 5.5 to Linux
Message-ID: <3DBB075EEB95944492E127F2B9A96FAF5DDC10@ultra-exchange.ultradns.com>
you definitely want try the following link:
http://www.postfix.org/
It is a very secure open source mail server which has a lot of built-in capabilities for third party modules such as virus scanners, spam filter, etc.
Regards,
Patrick Soltani.
> -----Original Message-----
> From: HD [mailto:billoomal at yahoo.com]
> Sent: Friday, October 11, 2002 10:16 AM
> To: buug at weak.org
> Subject: [buug] Migrating from Exchange 5.5 to Linux
>
>
> Hi,
> I am considering migrating my mail server from
> Exchange 5.5 to a linux based email server. I have
> searched the web a little and haven't found any white
> paper or anything of the sort.
>
> Could someone recommend some sites with appropriate
> information and/or even suggest some mail servers to
> use?
>
> Thanks a lot!
>
> Cheers!
> HD
>
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
>
From john at jjdev.com Fri Oct 11 16:24:38 2002
From: john at jjdev.com (johnd)
Date: Fri, 11 Oct 2002 16:24:38 -0700
Subject: [buug] Migrating from Exchange 5.5 to Linux
In-Reply-To: <20021011171618.11941.qmail@web13005.mail.yahoo.com>
References: <20021011171618.11941.qmail@web13005.mail.yahoo.com>
Message-ID: <20021011232438.GB5909@master.theunixman.com>
On Fri, Oct 11, 2002 at 10:16:18AM -0700, HD wrote:
> Hi,
> I am considering migrating my mail server from
> Exchange 5.5 to a linux based email server. I have
> searched the web a little and haven't found any white
> paper or anything of the sort.
>
> Could someone recommend some sites with appropriate
> information and/or even suggest some mail servers to
> use?
Check out
http://asg.web.cmu.edu/cyrus/
From todd at LANtech-HI.com Sun Oct 13 14:17:27 2002
From: todd at LANtech-HI.com (Todd Lee)
Date: Sun, 13 Oct 2002 11:17:27 -1000
Subject: [buug] RE: Buug digest, Vol 1 #388 - 8 msgs
In-Reply-To: <20021012143832.2784.12096.Mailman@weak.org>
Message-ID: <002a01c272fd$ef2077d0$0101000a@lantech1>
I was wondering the same thing. I have used many mailers, as far as MTA's
go, Exchange is easily beaten, but the main selling point of Exchange is its
groupware ability i.e. the sharing of public folders. I've also looked at
bynari.net and a few other suites like oracle's communicator, these all have
the same licensing constraints although, they will run on many flavors of
*nix. I was wondering if there was a GPL'd version out there that I never
heard of?
Thanks
Todd
Message: 1
Date: Fri, 11 Oct 2002 10:16:18 -0700 (PDT)
From: HD
To: buug at weak.org
Subject: [buug] Migrating from Exchange 5.5 to Linux
Hi,
I am considering migrating my mail server from
Exchange 5.5 to a linux based email server. I have
searched the web a little and haven't found any white
paper or anything of the sort.
Could someone recommend some sites with appropriate
information and/or even suggest some mail servers to
use?
Thanks a lot!
Cheers!
HD
From rick at linuxmafia.com Tue Oct 15 07:42:41 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 15 Oct 2002 07:42:41 -0700
Subject: [buug] RE: Buug digest, Vol 1 #388 - 8 msgs
In-Reply-To: <002a01c272fd$ef2077d0$0101000a@lantech1>
References: <20021012143832.2784.12096.Mailman@weak.org> <002a01c272fd$ef2077d0$0101000a@lantech1>
Message-ID: <20021015144241.GT32418@linuxmafia.com>
Quoting Todd Lee (todd at LANtech-HI.com):
> I was wondering the same thing. I have used many mailers, as far as MTA's
> go, Exchange is easily beaten, but the main selling point of Exchange is its
> groupware ability i.e. the sharing of public folders. I've also looked at
> bynari.net and a few other suites like oracle's communicator, these all have
> the same licensing constraints although, they will run on many flavors of
> *nix. I was wondering if there was a GPL'd version out there that I never
> heard of?
*ix guys will tell you that point'n'drool groupware isn't difficult to
find. There are all sorts of Webified things like wiki software, for
example. (Twiki is GPLed, for example, and there is similar stuff made
using Zope.) If *ix guys want a group discussion for themselves,
they'll have a mailing list -- or, better yet, a newsgroup.
The executwits who get the hots for Exchange Server don't _just_ want
group discussion, and they don't _just_ want GUIfied group discussion.
They want "integration". They want the same client software (e.g.,
MS-Outlook) to do everything and anything, without their feeble little
minds having to grasp the distinctions among e-mail, group discussion,
and scheduling.
When you include _that_ in the set of specifications to a *ix author who
publishes tools for people under an open-source or viewable-source
licence, he'll probably say "That level of integration is a bad idea.
Not only does it lock you in to a proprietary, single-source
architecture, but also it prevents you from using best-of-breed for
each. And the whole hairball becomes a single point of failure liability.
And for what?"
If you tell him the executive staff want it anyway, he'll say "OK, since
your executive staff want something really rather stupid, I'm going to
have to spend a lot of time doing dumb, pointless work to put it
together, so for that and to compensate me for what will probably be a
significant support burden, I'm going to charge you a bunch of money and
use proprietary licensing."
And so here we are.
--
Cheers, "That article and its poster have been cancelled."
Rick Moen -- David B. O'Donnel, sysadmin for America Online
rick at linuxmafia.com
From brian at planetshwoop.com Tue Oct 15 11:13:54 2002
From: brian at planetshwoop.com (Brian Sobolak)
Date: Tue, 15 Oct 2002 13:13:54 -0500 (CDT)
Subject: [buug] RE: Buug digest, Vol 1 #388 - 8 msgs
In-Reply-To: <20021015144241.GT32418@linuxmafia.com>
References: <20021012143832.2784.12096.Mailman@weak.org>
<002a01c272fd$ef2077d0$0101000a@lantech1>
<20021015144241.GT32418@linuxmafia.com>
Message-ID: <58651.63.73.213.5.1034705634.squirrel@www.planetshwoop.com>
Rick Moen said:
> Quoting Todd Lee (todd at LANtech-HI.com):
>
> The executwits who get the hots for Exchange Server don't _just_ want
> group discussion, and they don't _just_ want GUIfied group discussion.
> They want "integration". They want the same client software (e.g.,
> MS-Outlook) to do everything and anything, without their feeble little
> minds having to grasp the distinctions among e-mail, group discussion,
> and scheduling.
>
I was just having this dicussion yesterday.
In my experience, people don't even use this "groupware" functions they're
buying in the first place. Beyond meeting scheduling and *maybe* group
address book, I can't say that I've ever really seen these features used.
The times that I have were at tiny companies were people could communicate
with one another directly, so putting things in a shared folder actually
made sense.
The Lotus Notes/Exchange Servers of the world are basically very, very
crappy, extremely overpriced mail clients. Because 90% of the time,
that's what they're used for.
> If you tell him the executive staff want it anyway, he'll say "OK, since
> your executive staff want something really rather stupid, I'm going to
> have to spend a lot of time doing dumb, pointless work to put it
> together, so for that and to compensate me for what will probably be a
> significant support burden, I'm going to charge you a bunch of money and
> use proprietary licensing."
>
> And so here we are.
>
I saw this in action recently.
The guy that sits across the hall from me argues that even though THE
ENTIRE COMPANY thinks pretty much that Notes stinks, we should keep it
because the cost of transitioning away from it would be too high. When I
told him that for the cost of what we pay for one year's worth of Notes
software I could build and buy the email, calendaring, and "groupware"
software for the entire firm, he finally started listening.
I think a big part of the problem is that when the discussion is only
"Notes vs. Exchange", the idea that you could use something else is
shocking.
Does Microsoft use Exchange for Hotmail? I doubt it. I'm *sure* Yahoo
doesn't.
brian
ps I've been thinking about writing a series of "groupware" articles for
DaemonNews, basically covering tools such as mailman, weblog software,
calendaring, etc. Time to get crackin'.
From itz at speakeasy.org Tue Oct 15 23:07:38 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 15 Oct 2002 23:07:38 -0700
Subject: [buug] ANN: pdig - a simpler, better(?) dig in perl
Message-ID: <86fzv6zzkl.fsf@kronstadt.homeunix.net>
I wrote this after having tried - and failed - to come up with a
simple way to parse dig(1) output.
Testing would be appreciated.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdig.1
Type: application/octet-stream
Size: 11856 bytes
Desc: pdig manual page
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdig
Type: application/octet-stream
Size: 4601 bytes
Desc: pdig perl script
URL:
-------------- next part --------------
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From evans at ncseweb.org Thu Oct 17 22:10:28 2002
From: evans at ncseweb.org (Skip Evans)
Date: Thu, 17 Oct 2002 22:10:28 -0700
Subject: [buug] Samba and DHCP
Message-ID: <5.1.0.14.0.20021017220409.02c37458@mail.mindspring.com>
Hi all,
I was having a problem with a Linksys router
that kept giving an IP address to my FreeBSD
box and replacing it's static one, making it
in accessible from the outside (it's basically
just a list server at this point).
To fix the problem I put this in rc.conf
# DHCP disabled 2002-09-18 to prevent linksys from sending
# its IP to this box -- skip
# ifconfig_sis0="DHCP"
hostname="ncseweb2.org"
A friend is helping me get Samba up and going and
thinks this is preventing Samba from working.
Anyone think this is the case? Any kind of resolution
would be helpful. If a diagram of the network layout would
be helpful, contact me off list and I'll attach it to a response.
Thanks! Missed the last couple of buug meetings but plan
on coming back soon.
Skip Evans
Network Project Director
National Center for Science Education
420 40th St, Suite 2
Oakland, CA 94609
510-601-7203 Ext. 308
510-601-7204 (fax)
800-290-6006
evans at ncseweb.org
http://www.ncseweb.org
NCSE now has a one way broadcast news list. Please note that this is NOT a discussion list. You cannot post messages for members to receive. We use this list to broadcast news about the creationism/evolution issue to interested parties.
To sign up send:
subscribe ncse your at email.address
to: majordomo at inia.cls.org
From jan at caustic.org Thu Oct 17 22:16:56 2002
From: jan at caustic.org (f.johan.beisser)
Date: Thu, 17 Oct 2002 22:16:56 -0700 (PDT)
Subject: [buug] Samba and DHCP
In-Reply-To: <5.1.0.14.0.20021017220409.02c37458@mail.mindspring.com>
Message-ID: <20021017221432.M30424-100000@pogo.caustic.org>
On Thu, 17 Oct 2002, Skip Evans wrote:
> A friend is helping me get Samba up and going and
> thinks this is preventing Samba from working.
can you have him explain why he thinks that?
> Anyone think this is the case? Any kind of resolution
> would be helpful. If a diagram of the network layout would
> be helpful, contact me off list and I'll attach it to a response.
i find it very doubtful that samba would not work due to a static IP being
used.
highly doubtful, actually. if anything, i'd check your samba configuration
first and formost.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
From itz at speakeasy.org Thu Oct 17 22:26:33 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 17 Oct 2002 22:26:33 -0700
Subject: [buug] Samba and DHCP
In-Reply-To: <5.1.0.14.0.20021017220409.02c37458@mail.mindspring.com>
References: <5.1.0.14.0.20021017220409.02c37458@mail.mindspring.com>
Message-ID: <8665w0z59y.fsf@kronstadt.homeunix.net>
Skip> hostname="ncseweb2.org"
Skip> A friend is helping me get Samba up and going and thinks this is
Skip> preventing Samba from working.
I can't say if this has anything to do with your Samba problem, but I
have always disliked this kind of alias, where a host is named the
same as the entire domain. Could you give it a hostname of its own,
like lists.ncseweb2.org?
And why is the domain different from your other one (ncseweb.org) anyway?
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From brian at planetshwoop.com Fri Oct 18 08:42:47 2002
From: brian at planetshwoop.com (Brian Sobolak)
Date: Fri, 18 Oct 2002 10:42:47 -0500 (CDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
Message-ID: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
hi fellow good buug people,
I'm thinking about picking up a new PC soon and think I might switch from
my normal FreeBSD self to Linux, since Linux on the desktop is looking
more appealing than it did 18 months ago.
Two Linux questions:
1. Has anyone taken Gentoo Linux for a spin? I know a lot of people on
this list are big Debian fans, but Gentoo looks appealing as well.
2. Anyone tried RH 8.0 and Bluecurve? I probably won't go with Red Hat
since I am not a fan of the RPM system, but I am interested in hearing
people's opinions.
brian
From cmsclaud at arches.uga.edu Fri Oct 18 09:26:31 2002
From: cmsclaud at arches.uga.edu (Claude Rubinson)
Date: Fri, 18 Oct 2002 09:26:31 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
Message-ID: <20021018162631.GA6173@wagner>
On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote:
> 2. Anyone tried RH 8.0 and Bluecurve? I probably won't go with Red Hat
> since I am not a fan of the RPM system, but I am interested in hearing
> people's opinions.
Well, I haven't used Gentoo but I'm certainly aware of Aaron's opinion
on this one. :) You know the sound a cat makes when coughing up a
hairball? That's the same sound that Aaron makes when anyone asks
about RH's new look.
Hope this helps!
Claude
From wfhoney at pacbell.net Fri Oct 18 09:43:19 2002
From: wfhoney at pacbell.net (Bill Honeycutt)
Date: Fri, 18 Oct 2002 09:43:19 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018162631.GA6173@wagner>
Message-ID: <3DB03A27.9EF16997@pacbell.net>
Claude Rubinson wrote:
>
> On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote:
>
> You know the sound a cat makes when coughing up a hairball?
Ack!!! Pfffft!
_____/|
\ . + |
=( )=
U
From john at jjdev.com Fri Oct 18 09:42:50 2002
From: john at jjdev.com (johnd)
Date: Fri, 18 Oct 2002 09:42:50 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
Message-ID: <20021018164250.GA7857@master.compound.theunixman.com>
On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote:
>
> hi fellow good buug people,
>
> I'm thinking about picking up a new PC soon and think I might switch from
> my normal FreeBSD self to Linux, since Linux on the desktop is looking
> more appealing than it did 18 months ago.
>
> Two Linux questions:
>
> 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people on
> this list are big Debian fans, but Gentoo looks appealing as well.
Yes. What do you want to know about it?
I really appreciate the way it builds everything from source. Before
Gentoo I've always usedlackware. I would typically do a minimal install
then build the rest of the system from source. I never used any kind
of package management tools till Gentoo.
Make sure you understand the bandwidth needs gentoo can demand. If you
do a Stage 1 install, it pretty much down loads everything on the fly.
Having a powerful machine is good, too.
I've installed Gentoo on a x86 box and a G4.
If you have the time (like half a day), Gentoo is good. If you just want
to get a server up and running, you may want to pick a different distro.
-johnd
From atporter at primate.net Fri Oct 18 09:57:58 2002
From: atporter at primate.net (Aaron T Porter)
Date: Fri, 18 Oct 2002 09:57:58 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018162631.GA6173@wagner>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018162631.GA6173@wagner>
Message-ID: <20021018165758.GD13295@primate.net>
On Fri, Oct 18, 2002 at 09:26:31AM -0700, Claude Rubinson wrote:
> On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote:
>
> > 2. Anyone tried RH 8.0 and Bluecurve? I probably won't go with Red Hat
> > since I am not a fan of the RPM system, but I am interested in hearing
> > people's opinions.
>
> Well, I haven't used Gentoo but I'm certainly aware of Aaron's opinion
> on this one. :) You know the sound a cat makes when coughing up a
> hairball? That's the same sound that Aaron makes when anyone asks
> about RH's new look.
I dunno, my cat's don't sound quite *that* bad :)
From atporter at primate.net Fri Oct 18 10:04:30 2002
From: atporter at primate.net (Aaron T Porter)
Date: Fri, 18 Oct 2002 10:04:30 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
Message-ID: <20021018170430.GE13295@primate.net>
On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote:
> 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people on
> this list are big Debian fans, but Gentoo looks appealing as well.
Gentoo probably speaks to your FreeBSD roots then. It definately
looks like a nice setup, though I guess I just don't see the point in
compiling everything locally if you're not actually doing it by hand.
From john at jjdev.com Fri Oct 18 10:19:17 2002
From: john at jjdev.com (johnd)
Date: Fri, 18 Oct 2002 10:19:17 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018170430.GE13295@primate.net>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net>
Message-ID: <20021018171917.GA10126@master.compound.theunixman.com>
On Fri, Oct 18, 2002 at 10:04:30AM -0700, Aaron T Porter wrote:
> On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote:
>
> > 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people on
> > this list are big Debian fans, but Gentoo looks appealing as well.
>
> Gentoo probably speaks to your FreeBSD roots then. It definately
> looks like a nice setup, though I guess I just don't see the point in
> compiling everything locally if you're not actually doing it by hand.
> _______________________________________________
The point is the same...why do you compile by hand?
I don't do it for fun, I do it to take advantage of optimizations for my
architecture.
I would say:
I don't see the point in compiling by hand if you can have a package do
it for you.
From atporter at primate.net Fri Oct 18 10:25:59 2002
From: atporter at primate.net (Aaron T Porter)
Date: Fri, 18 Oct 2002 10:25:59 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018171917.GA10126@master.compound.theunixman.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> <20021018171917.GA10126@master.compound.theunixman.com>
Message-ID: <20021018172559.GF13295@primate.net>
On Fri, Oct 18, 2002 at 10:19:17AM -0700, johnd wrote:
> > Gentoo probably speaks to your FreeBSD roots then. It definately
> > looks like a nice setup, though I guess I just don't see the point in
> > compiling everything locally if you're not actually doing it by hand.
>
> The point is the same...why do you compile by hand?
There's definately something to be said for knowing intimately
every package installed on your system, there's also the distribution
downside of dependancy creep installing packages you might want but
certainly don't need (it's kinda scary what Debian thinks I need installed
to use Mozilla). That said, I certainly don't have the time to do it by
hand anymore.
From jeremy at nirvani.net Fri Oct 18 10:28:01 2002
From: jeremy at nirvani.net (Jeremy Brand, B.S.)
Date: Fri, 18 Oct 2002 10:28:01 -0700 (PDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018170430.GE13295@primate.net>
Message-ID:
> On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote:
>
> > 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people
> > on this list are big Debian fans, but Gentoo looks appealing as well.
>
> Thus spake Aaron T Porter:
> Gentoo probably speaks to your FreeBSD roots then. It definately
> looks like a nice setup, though I guess I just don't see the point in
> compiling everything locally if you're not actually doing it by hand.
This was explained to me by a Gentoo user. Basically, he liked it because
all binaries on the system are for the exact processor (IE, i686, etc) as
opposed to the very common distro compiles of i386 or i586. This was a
poor argument, because I asked him how much faster his machine ran and he
could not come up with any numbers.
Not that I agree it's worth the time... I'm not sure if the time saved by
having a i686 copiled /bin/rm command (and friends) is worth the time it
takes to build an entire system.
I think Gentoo appeals to the geeky-new-to-linux crowd, because other
distros have become so easy to use. Think back 10 years, and this comment
makes sense. Remember how nearly every day was a new kernel day, and
every day was a chance that maybe one more piece of hardward worked in
your computer. Ahh... the memories.
However, as most of us have come to pass, we just want to get all that
repetitive crap out of the way and for the most part are willing to trust
someone else's compile for the bulk of our OS and there is no way most of
us have the time to re-compile a whole system!
Jeremy
From brian at planetshwoop.com Fri Oct 18 10:24:36 2002
From: brian at planetshwoop.com (Brian Sobolak)
Date: Fri, 18 Oct 2002 12:24:36 -0500 (CDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018164250.GA7857@master.compound.theunixman.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
<20021018164250.GA7857@master.compound.theunixman.com>
Message-ID: <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com>
johnd said:
> On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote:
>> 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people
>> on this list are big Debian fans, but Gentoo looks appealing as well.
>
> Yes. What do you want to know about it?
If you find the package system complete for your needs, if the package
system actually works.
Another question: if you had a new box and had to choose between Debian
and Gentoo, which would you choose?
> If you have the time (like half a day), Gentoo is good. If you just
> want to get a server up and running, you may want to pick a different
> distro.
>
I'm good enough at FreeBSD now that I can get through that pretty quickly.
This wouldn't be a server system, it'd be a desktop (FreeBSD will stay on
the server). Since there is more desktop software avail. for Linux than
FreeBSD plus FreeBSD tends to be slightly behind on the Xwindows front,
that's why I thought Gentoo might be worth a shot.
brian
From rick at linuxmafia.com Fri Oct 18 11:32:56 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 11:32:56 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018170430.GE13295@primate.net>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net>
Message-ID: <20021018183256.GB23586@linuxmafia.com>
Quoting Aaron T Porter (atporter at primate.net):
> Gentoo probably speaks to your FreeBSD roots then. It definately
> looks like a nice setup, though I guess I just don't see the point in
> compiling everything locally if you're not actually doing it by hand.
Additionally, for the few places where you think it might a significant
difference (may, XFree86), the Debian build tools make it quite easy to
rebuild the debianised source tarballs with compiler options of your
choosing.
But some people are indeed liking Gentoo, others Sourcemage, Rock Linux,
Lunar Linux, etc. All the same basic build-everything-from-source
notion, variously implemented.
--
Cheers, "Learning Java has been a slow and tortuous process for me. Every
Rick Moen few minutes, I start screaming 'No, you fools!' and have to go
rick at linuxmafia.com read something from _Structure and Interpretation of
Computer Programs_ to de-stress." -- The Cube, www.forum3000.org
From rick at linuxmafia.com Fri Oct 18 11:36:04 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 11:36:04 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com>
Message-ID: <20021018183604.GC23586@linuxmafia.com>
Quoting Brian Sobolak (brian at planetshwoop.com):
> Since there is more desktop software avail. for Linux than
> FreeBSD plus FreeBSD tends to be slightly behind on the Xwindows front,
> that's why I thought Gentoo might be worth a shot.
So, give it a shot. All you need sacrifice is a machine state, a
trivial amount of bandwidth draw, and a little of your time.
--
Cheers, "That article and its poster have been cancelled."
Rick Moen -- David B. O'Donnel, sysadmin for America Online
rick at linuxmafia.com
From psoltani at ultradns.com Fri Oct 18 11:32:29 2002
From: psoltani at ultradns.com (Patrick Soltani)
Date: Fri, 18 Oct 2002 11:32:29 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
Message-ID: <3DBB075EEB95944492E127F2B9A96FAF539713@ultra-exchange.ultradns.com>
>
> I don't see the point in compiling by hand if you can have a
> package do
> it for you.
> _______________________________________________
>
How do you know the package give to you by the vendor is clean and not tampered with?
You are trusting the vendor to have given you a good binary, but simply you don't know.
With source, you'd know what is being compiled and built.
Although I saw a warning from SendMail folks that someone had tampered with the sendmail source, however, even this extreme event is caught very fast by folks that do diff of the old source and the new ones. Guess that's the main benefit of the compiling the source; apart from getting high on compiler/linker switches that scroll off of the screen! :-)
Regards,
Patrick Soltani.
From atporter at primate.net Fri Oct 18 11:37:40 2002
From: atporter at primate.net (Aaron T Porter)
Date: Fri, 18 Oct 2002 11:37:40 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539713@ultra-exchange.ultradns.com>
References: <3DBB075EEB95944492E127F2B9A96FAF539713@ultra-exchange.ultradns.com>
Message-ID: <20021018183740.GH13295@primate.net>
On Fri, Oct 18, 2002 at 11:32:29AM -0700, Patrick Soltani wrote:
> > I don't see the point in compiling by hand if you can have a
> > package do it for you.
>
> How do you know the package give to you by the vendor is clean and not
> tampered with? You are trusting the vendor to have given you a good
> binary, but simply you don't know. With source, you'd know what is
> being compiled and built.
>
> Although I saw a warning from SendMail folks that someone had tampered
> with the sendmail source, however, even this extreme event is caught
> very fast by folks that do diff of the old source and the new ones.
> Guess that's the main benefit of the compiling the source; apart from
> getting high on compiler/linker switches that scroll off of the screen! :-)
Blindly compiling packages is no more secure than using
distribution binaries. You gain no inherent security through the act of
running GCC yourself. Do you read the source before you compile it? Would
you catch a backdoor, buffer overflow, trojan if you did? In the past 6
months we've seen both Sendmail and OpenSSH source distributions
backdoored, in the past tcp_wrappers and others. In fact, the OpenSSH
trojan was a compile time exploit -- building your own SSH was the only
way to get hit by that, a binary package would have been safe!
From jeremy at nirvani.net Fri Oct 18 11:49:02 2002
From: jeremy at nirvani.net (Jeremy Brand, B.S.)
Date: Fri, 18 Oct 2002 11:49:02 -0700 (PDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539713@ultra-exchange.ultradns.com>
Message-ID:
Thus spake Patrick Soltani:
> > I don't see the point in compiling by hand if you can have a
> > package do
> > it for you.
> > _______________________________________________
> >
>
> How do you know the package give to you by the vendor is clean and not
> tampered with? You are trusting the vendor to have given you a good
> binary, but simply you don't know. With source, you'd know what is being
> compiled and built.
Do you really know? Most linux vendors ship the source for the binaries
they compile. Yes, it is true they could do it differently, but does
anyone have the time to read the source for binutils every time they
compile, let alone sendmail!
How, or why would you trust Gentoo's source to not be trojened. I don't
think any legitimate vendor would tamper with much, but if you do a build
of Gentoo from a server that has been tampered with, how would you know
unless you _READ_ (and I don't only mean read, but also mean KNOW) the
source wasn't tampered with either.
> Although I saw a warning from SendMail folks that someone had tampered
> with the sendmail source, however, even this extreme event is caught
> very fast by folks that do diff of the old source and the new ones.
> Guess that's the main benefit of the compiling the source; apart from
> getting high on compiler/linker switches that scroll off of the screen!
> :-)
Vendors do this diff with their binaries too.
Note, in the latests sendmail issue. Sendmail's source was tampered with,
however (use redhat as an example), their sendmail was fine. So, who do
you trust more?
Eventually you have to marginally trust someone, or write your own OS.
Jeremy
From psoltani at ultradns.com Fri Oct 18 11:53:40 2002
From: psoltani at ultradns.com (Patrick Soltani)
Date: Fri, 18 Oct 2002 11:53:40 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
Message-ID: <3DBB075EEB95944492E127F2B9A96FAF5DDC38@ultra-exchange.ultradns.com>
> Blindly compiling packages is no more secure than using
> distribution binaries. You gain no inherent security through
> the act of
> running GCC yourself.
No arguments here
Do you read the source before you
> compile it? Would
> you catch a backdoor, buffer overflow, trojan if you did?
Yes and No.
Yes, I check the source code usually thru MD5 finger prints, or pgp signatures.
Also depending on the time I have, I browse thru the code. Do I catch the backdoors, trojans, etc, may be not, but diffing with the older version usually tells you what's up.
With binary you don't have the option! with source you do. that's all.
Oh one more thing, when something does not work, or works as you don't expect it, you can fiddle with the source, but you have NO OPTIONS with binaries.
> In the past 6
> months we've seen both Sendmail and OpenSSH source distributions
> backdoored, in the past tcp_wrappers and others. In fact, the OpenSSH
> trojan was a compile time exploit -- building your own SSH
> was the only
> way to get hit by that, a binary package would have been safe!
I don't blindly trust the source code either. After the compile, built and TESTING, I then roll it out. Remember that catching backdoor, trojans, worms, etc, is possible with good firewall filtering, IDS, coupled with good tcpdumping.
Again, I don't disagree with you on the point raised, however, I believe we have more tools in our arsenal to deal with that when you have the source code.
Regards,
Patrick Soltani.
From jeremy at nirvani.net Fri Oct 18 12:00:21 2002
From: jeremy at nirvani.net (Jeremy Brand, B.S.)
Date: Fri, 18 Oct 2002 12:00:21 -0700 (PDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF5DDC38@ultra-exchange.ultradns.com>
Message-ID:
Thus spake Patrick Soltani:
> With binary you don't have the option! with source you do. that's all.
> Oh one more thing, when something does not work, or works as you don't
> expect it, you can fiddle with the source, but you have NO OPTIONS with
> binaries.
What binaries are you talking about? On linux systems binaries can be
re-built with source anyway. Having a binary-based-packeged system does
not prevent you from (re-)compiling whatever you want.
> I don't blindly trust the source code either. After the compile, built
> and TESTING, I then roll it out. Remember that catching backdoor,
> trojans, worms, etc, is possible with good firewall filtering, IDS,
> coupled with good tcpdumping.
This is a good point. So, why is a source-based-packeged distro better?
My point is still being that source based distros (sourcemage, gentoo) are
no more secure than binary based distros (redhat, debian, suse) based on
the fact that you get to re-compile!
Jeremy
From ms at formulae.org Fri Oct 18 12:10:26 2002
From: ms at formulae.org (Michael Salmon)
Date: Fri, 18 Oct 2002 12:10:26 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF5DDC38@ultra-exchange.ultradns.com>
References: <3DBB075EEB95944492E127F2B9A96FAF5DDC38@ultra-exchange.ultradns.com>
Message-ID: <20021018121026.B17237@formulae.org>
On Fri, Oct 18, 2002 at 11:53:40AM -0700, Patrick Soltani wrote:
> Do you read the source before you
> > compile it? Would
> > you catch a backdoor, buffer overflow, trojan if you did?
>
> Yes and No.
> Yes, I check the source code usually thru MD5 finger prints, or pgp signatures.
> Also depending on the time I have, I browse thru the code. Do I catch the backdoors, trojans, etc, may be not, but diffing with the older version usually tells you what's up.
and how are you sure the md5 hash hasn't been tampered with?
Having an md5 signature is only done on compressed packages (.tar, etc),
this usually stops you from doing such things as diffing with older versions.
Basically I doubt you would do such a thing without keeping the application
tracked with cvs.
I suggest you read the classic paper "Reflections on Trusting trust" by
Ken Thompson. If you happened to have read it already, read it again because
you didnt understand it.
> With binary you don't have the option! with source you do. that's all.
> Oh one more thing, when something does not work, or works as you don't expect it, you can fiddle with the source, but you have NO OPTIONS with binaries.
I disagree. I will make the observation that we are talking about open source
software, which if you have a binary for that would imply you can also
get the source for what made the binary. So then simply uninstall the binary
if it is giving you grief, get the src for it, and bash your head against it.
> > In the past 6
> > months we've seen both Sendmail and OpenSSH source distributions
> > backdoored, in the past tcp_wrappers and others. In fact, the OpenSSH
> > trojan was a compile time exploit -- building your own SSH
> > was the only
> > way to get hit by that, a binary package would have been safe!
>
> I don't blindly trust the source code either. After the compile, built and TESTING, I then roll it out. Remember that catching backdoor, trojans, worms, etc, is possible with good firewall filtering, IDS, coupled with good tcpdumping.
>
> Again, I don't disagree with you on the point raised, however, I believe we have more tools in our arsenal to deal with that when you have the source code.
>
>
> Regards,
> Patrick Soltani.
>
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
From psoltani at ultradns.com Fri Oct 18 12:33:49 2002
From: psoltani at ultradns.com (Patrick Soltani)
Date: Fri, 18 Oct 2002 12:33:49 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
Message-ID: <3DBB075EEB95944492E127F2B9A96FAF539715@ultra-exchange.ultradns.com>
>
> What binaries are you talking about? On linux systems binaries can be
> re-built with source anyway. Having a binary-based-packeged
> system does
> not prevent you from (re-)compiling whatever you want.
>
I work with Solaris, Linux and FreeBSD. Depending on the platform/OS we have to take different routes.
Also take into account that home network is perhaps less critical compared to production network that 10s of 1000 folks beat on them every day around the clock, 366 days a year!;-).
I personally like/use FreeBSD cvsup which gives you "almost" absolute control. Linux is ok, but not as much control, since it is geared to have mass appeal. Again the main process is to verify the source code thru MD5, pgp, etc first. Isolate your systems for build, config, test and more tests. Having the source allows me to fiddle with switches, configurations, right at the "source" rather than config files the binaries use.
It allows me to inject my own debugging info and helps with debugging/troubleshooting. Usually the binaries are optimized with the symbol/debug tables taken out. So, if it breaks, you have no real way of pin pointing it. Of course you can run things like truss, strace, etc, again the difference is obvious we you run a large network v.s. home network.
Binary is what the vendor thinks is "optimized" and "good" for you. Source install is what "you" think is optimized and good for you; in a nut shell.
Lastly, we usually want something that the developer may not have thought about, source allows us to do just that, modify it. Again depending on your point of view, home network/production network that may or may not be an issues.
Apart from these, I guess, it is how much time/resources you'd willing to spend on getting a piece of software running on your machine. perhaps one of the reasons M$ has market share is that it takes all your "options" away from you. I am not a biz kid, I may be wrong.
Regards,
Patrick Soltani.
From itz at speakeasy.org Fri Oct 18 12:48:10 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 18 Oct 2002 12:48:10 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018171917.GA10126@master.compound.theunixman.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
<20021018170430.GE13295@primate.net>
<20021018171917.GA10126@master.compound.theunixman.com>
Message-ID: <86fzv3il51.fsf@kronstadt.homeunix.net>
johnd> The point is the same...why do you compile by hand?
To fix bugs, and things that packagers see as features but are really
bugs (like excessive dependencies, which for me means any dependencies
on either Gnome or KDE).
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From psoltani at ultradns.com Fri Oct 18 12:59:21 2002
From: psoltani at ultradns.com (Patrick Soltani)
Date: Fri, 18 Oct 2002 12:59:21 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
Message-ID: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com>
>
> and how are you sure the md5 hash hasn't been tampered with?
> Having an md5 signature is only done on compressed packages
> (.tar, etc),
> this usually stops you from doing such things as diffing with
> older versions.
> Basically I doubt you would do such a thing without keeping
> the application
> tracked with cvs.
wow, we are getting technical here. from man pages:
" These functions implement the MD5 message-digest algorith,
which takes as input a message of arbitrary length and pro-
duces as output a 128-bit "fingerprint" or "message digest"
of the input. It is intended for digital signature applica-
tions, where large file must be "compressed" in a secure
manner before being encrypted with a private (secret) key
under a public-key cryptosystem such as RSA.
"
The operative word is "intended". You can run MD5 on binary files and is not confined to only compressed files.
In fact Solaris has the MD5 finger prints for ALL the files in the system. I am sure not all of them are ".tar, etc"
> I suggest you read the classic paper "Reflections on Trusting
> trust" by
> Ken Thompson. If you happened to have read it already, read
> it again because
> you didnt understand it.
No I have not read what you consider Security Bible, but will do so when I get a chance. Thanx for the pointer.
> I disagree. I will make the observation that we are talking
> about open source
> software, which if you have a binary for that would imply you can also
> get the source for what made the binary. So then simply
> uninstall the binary
> if it is giving you grief, get the src for it, and bash your
> head against it.
That's exactly the point Yoda. How do you know the binaries you are installing/installed were generated from the source that you have? So, you have to compile it from source and then compare!
Regards,
Patrick Soltani.
From itz at speakeasy.org Fri Oct 18 13:19:51 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 18 Oct 2002 13:19:51 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com>
References: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com>
Message-ID: <86bs5rijo8.fsf@kronstadt.homeunix.net>
Patrick> wow, we are getting technical here. from man pages: " These
Patrick> functions implement the MD5 message-digest algorith, which
Patrick> takes as input a message of arbitrary length and pro- duces
Patrick> as output a 128-bit "fingerprint" or "message digest" of the
Patrick> input. It is intended for digital signature applica- tions,
Patrick> where large file must be "compressed" in a secure manner
Patrick> before being encrypted with a private (secret) key under a
Patrick> public-key cryptosystem such as RSA. "
Patrick> The operative word is "intended". You can run MD5 on binary
Patrick> files and is not confined to only compressed files. In fact
Patrick> Solaris has the MD5 finger prints for ALL the files in the
Patrick> system. I am sure not all of them are ".tar, etc"
Debian has something similar, although not all packages support it.
ls /var/lib/dpkg/info/*.md5sums
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From itz at speakeasy.org Fri Oct 18 13:21:48 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 18 Oct 2002 13:21:48 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com>
Message-ID: <867kgfijkz.fsf@kronstadt.homeunix.net>
Brian> 1. Has anyone taken Gentoo Linux for a spin? I know a lot of
Brian> people on this list are big Debian fans, but Gentoo looks
Brian> appealing as well.
Before this thread utterly flamifies, I'll try to give it a new
direction.
Is there any relation between the Gentoo linux distribution and the
Gentoo gtk-based file manager program?
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From atporter at primate.net Fri Oct 18 13:22:48 2002
From: atporter at primate.net (Aaron T Porter)
Date: Fri, 18 Oct 2002 13:22:48 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539715@ultra-exchange.ultradns.com>
References: <3DBB075EEB95944492E127F2B9A96FAF539715@ultra-exchange.ultradns.com>
Message-ID: <20021018202248.GI13295@primate.net>
Is there any way you could get your MS Client to do sane line
breaks? Cleanly quoting your e-mails is painful.
On Fri, Oct 18, 2002 at 12:33:49PM -0700, Patrick Soltani wrote:
> I personally like/use FreeBSD cvsup which gives you "almost" absolute
> control. Linux is ok, but not as much control, since it is geared to
> have mass appeal.
Where do you lose control with linux? The sources are there, it's
a matter of choice how you use them.
> Again the main process is to verify the source code thru MD5, pgp, etc
> first. Isolate your systems for build, config, test and more tests.
> Having the source allows me to fiddle with switches, configurations,
> right at the "source" rather than config files the binaries use.
That sounds very short sighted... you hard-code your options when
you build your programs rather than using the defined config files? So
changes require a rebuild instead of a HUP? This saves you time and effort
how?
All of this is pulling further and further away from the original
disccusion. Nobody's arguing that in some cases it's a good idea to
compile your own applications, but why does it make sense to compile your
own mv, make, gzip or any of the hundreds of "standard" utils that are
on your system that you are incredibly unlikely to ever want or need to
modify?
From atporter at primate.net Fri Oct 18 13:26:46 2002
From: atporter at primate.net (Aaron T Porter)
Date: Fri, 18 Oct 2002 13:26:46 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com>
References: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com>
Message-ID: <20021018202646.GJ13295@primate.net>
On Fri, Oct 18, 2002 at 12:59:21PM -0700, Patrick Soltani wrote:
> > and how are you sure the md5 hash hasn't been tampered with?
> > Having an md5 signature is only done on compressed packages
> > (.tar, etc), this usually stops you from doing such things as
> > diffing with older versions. Basically I doubt you would do
> > such a thing without keeping the application tracked with cvs.
>
> The operative word is "intended". You can run MD5 on binary files and
> is not confined to only compressed files. In fact Solaris has the MD5
> finger prints for ALL the files in the system. I am sure not all of
> them are ".tar, etc"
But that assumes that you've got an MD5 from the "clean" package.
What if J. Random Hacker upoads a new MD5 with their trojaned package?
Where does Solaris get it's MD5 sums that you're checking? RedHat's rpm's
come with md5sums of every file too, rpm --verify is a great tool for
forensics on a cracked system, though it won't help you much if you build
your own stuff.
From jeremy at nirvani.net Fri Oct 18 13:29:10 2002
From: jeremy at nirvani.net (Jeremy Brand, B.S.)
Date: Fri, 18 Oct 2002 13:29:10 -0700 (PDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539715@ultra-exchange.ultradns.com>
Message-ID:
Thus spake Patrick Soltani:
> > What binaries are you talking about? On linux systems binaries can be
> > re-built with source anyway. Having a binary-based-packeged
> > system does
> > not prevent you from (re-)compiling whatever you want.
> >
> I work with Solaris, Linux and FreeBSD. Depending on the platform/OS we
> have to take different routes. Also take into account that home network
> is perhaps less critical compared to production network that 10s of 1000
> folks beat on them every day around the clock, 366 days a year!;-).
I don't think anyone will disagree having source is a bad thing. The
point of my insertion into this thread is that it is not true that having
a source-only distro is more secure than a binary-distro. I don't see
relevance in all your latest comments on this point.
Also, I don't see how you can assume everyone but yourself is _tinkering_
with only their home network. Quite insulting. So, if I understand you
right, nobody but you has to worry about 365/24 availability. However,
this doesn't have anything to do with the point you are disagreeing with
that a source-based distro is more secure than a binary-based distro.
Like I mentioned before, NOT using a source-based distro like (Gentoo,
Sourcemage, etc) does not keep you from re-compiling anything your have
source code to (even on Solaris!)
You mentioned you also support a Solaris environment. You can not compare
a source based Solaris distro with a binary based Solaris distro, because
one does not exist. Again, I don't see the relavancy (to this thread, in
case that is not clear) - as what we were talking about is binary-based
opensource OS distros (freebsd, debian, redhat) and source-based
opensource OS distros (gentoo, sourcemage) and which is more secure based
on whether you are forced to compile everything (source-based) or it is
compiled for you with the option of re-comipiling (binary-based).
PS, many people might appreciate if you put a few newline characters into
your paragraphs. :)
Jeremy
From psoltani at ultradns.com Fri Oct 18 14:02:18 2002
From: psoltani at ultradns.com (Patrick Soltani)
Date: Fri, 18 Oct 2002 14:02:18 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
Message-ID: <3DBB075EEB95944492E127F2B9A96FAF539717@ultra-exchange.ultradns.com>
Sorry for broken mail client; I don't have a choice.
> Also, I don't see how you can assume everyone but yourself is
> _tinkering_
> with only their home network. Quite insulting. So, if I
> understand you
> right, nobody but you has to worry about 365/24 availability.
> However,
> this doesn't have anything to do with the point you are
> disagreeing with
> that a source-based distro is more secure than a binary-based distro.
I am not sure how you arrived at the conclusion that I am insulting anyone.
I can assure you that is farthest from my mind.
I don't assume I am the only one working 7X24, rather was giving a comparison of the scope
when you do it at home or on a production network. That's all.
I feel almost sorry for responding to what I thought is a friendly discussion.
>
> You mentioned you also support a Solaris environment. You
> can not compare
> a source based Solaris distro with a binary based Solaris
> distro, because
> one does not exist. Again, I don't see the relavancy (to
> this thread, in
> case that is not clear)
You can get source of the suns' tools thru their developers program.
It is not opensource, you are right, however, that option exists for developers.
The point that I was making. We use source for installing everywhere irregard of platform/os.
Also SUN has a database of all the files/tools/everything they ship with the systems in a MD5 database.
You can compare your system's MD5 signatures, generated independently, against the published ones.
Regards,
Patrick Soltani.
From rick at linuxmafia.com Fri Oct 18 17:28:55 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 17:28:55 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com>
References: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com>
Message-ID: <20021019002855.GD23586@linuxmafia.com>
Quoting Patrick Soltani (psoltani at ultradns.com):
> wow, we are getting technical here. from man pages:
> " These functions implement the MD5 message-digest algorith,
> which takes as input a message of arbitrary length and pro-
> duces as output a 128-bit "fingerprint" or "message digest"
> of the input. It is intended for digital signature applica-
> tions, where large file must be "compressed" in a secure
> manner before being encrypted with a private (secret) key
> under a public-key cryptosystem such as RSA.
> "
>
> The operative word is "intended". You can run MD5 on binary files and
> is not confined to only compressed files. In fact Solaris has the MD5
> finger prints for ALL the files in the system. I am sure not all of
> them are ".tar, etc"
I think you may be missing Michael's point, that MD5 hashes are worse
than useless as a check on integrity unless you have high confidence
that the record of blessed MD5 sums has not been tampered with, not to
mention high confidence that the md5sum utility and its operating
environment have not themselves been compromised.
[About Ken Thompson's classic paper, "Reflections on Trusting Trust":]
> No I have not read what you consider Security Bible, but will do so
> when I get a chance. Thanx for the pointer.
http://www.acm.org/classics/sep95/
Thompson dropped this bombshell in 1984, when he was being given an
award by the ACM. He revealed that he had caused the standard C compiler
included in practically all Unix systems to perpetuate a hidden
trojan-horse login on all systems in an ingenious fashion that was
completely undetectable by examining source code for _either_ the login
program _or_ the C compiler itself, and that persisted even if you
recompiled the C compiler from clean sources.
In other words, it's not an adequate remedy even to infallibly audit all
the source code of all packages on your system, and recompile everything
from scratch.
Thompson points out that his malware gremlin could equally well have
been planted in "an assembler, a loader, or even hardware microcode."
From rick at linuxmafia.com Fri Oct 18 17:32:29 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 17:32:29 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <86bs5rijo8.fsf@kronstadt.homeunix.net>
References: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com> <86bs5rijo8.fsf@kronstadt.homeunix.net>
Message-ID: <20021019003229.GE23586@linuxmafia.com>
Quoting Ian Zimmerman (itz at speakeasy.org):
> Debian has something similar, although not all packages support it.
> ls /var/lib/dpkg/info/*.md5sums
It's a more-complex issue than most people would have you believe.
The tools exist. The signing mostly exists. The threat model is such
that _meaningful_ verification is non-trivial.
http://linuxmafia.com/~rick/linux-info/debian-package-signing
--
"Is it not the beauty of an asynchronous form of discussion that one can go and
make cups of tea, floss the cat, fluff the geraniums, open the kitchen window
and scream out it with operatic force, volume, and decorum, and then return to
the vexed glowing letters calmer of mind and soul?" -- The Cube, forum3000.org
From nick at zork.net Fri Oct 18 17:45:37 2002
From: nick at zork.net (Nick Moffitt)
Date: Fri, 18 Oct 2002 17:45:37 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018183604.GC23586@linuxmafia.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> <20021018183604.GC23586@linuxmafia.com>
Message-ID: <20021019004537.GB20811@zork.net>
begin Rick Moen Lives Three Hours from Nowhere quotation:
> Quoting Brian Sobolak (brian at planetshwoop.com):
> > Since there is more desktop software avail. for Linux than FreeBSD
> > plus FreeBSD tends to be slightly behind on the Xwindows front,
> > that's why I thought Gentoo might be worth a shot.
>
> So, give it a shot. All you need sacrifice is a machine state, a
> trivial amount of bandwidth draw, and a little of your time.
With respect, gentoo's demands on bandwidth and time are non-trivial
compared to other distros.
--
A: No.
Q: Should I include quotations after my reply?
From nick at zork.net Fri Oct 18 17:46:43 2002
From: nick at zork.net (Nick Moffitt)
Date: Fri, 18 Oct 2002 17:46:43 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <86fzv3il51.fsf@kronstadt.homeunix.net>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> <20021018171917.GA10126@master.compound.theunixman.com> <86fzv3il51.fsf@kronstadt.homeunix.net>
Message-ID: <20021019004643.GC20811@zork.net>
begin Ian Zimmerman quotation:
> johnd> The point is the same...why do you compile by hand?
>
> To fix bugs, and things that packagers see as features but are really
> bugs (like excessive dependencies, which for me means any dependencies
> on either Gnome or KDE).
For those particular examples, Gentoo uses a "USE" variable in
its configs. Any optional dependencies are listed there (things like
ghostscript, gnome, kde, gtk, qt, etc etc).
--
A: No.
Q: Should I include quotations after my reply?
From nick at zork.net Fri Oct 18 17:47:46 2002
From: nick at zork.net (Nick Moffitt)
Date: Fri, 18 Oct 2002 17:47:46 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018183256.GB23586@linuxmafia.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> <20021018183256.GB23586@linuxmafia.com>
Message-ID: <20021019004746.GD20811@zork.net>
begin Rick Moen Lives Three Hours from Nowhere quotation:
> But some people are indeed liking Gentoo, others Sourcemage, Rock
> Linux, Lunar Linux, etc. All the same basic
> build-everything-from-source notion, variously implemented.
Don't forget gusto, which uses GAR!
--
A: No.
Q: Should I include quotations after my reply?
From nick at zork.net Fri Oct 18 17:49:15 2002
From: nick at zork.net (Nick Moffitt)
Date: Fri, 18 Oct 2002 17:49:15 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018183740.GH13295@primate.net>
References: <3DBB075EEB95944492E127F2B9A96FAF539713@ultra-exchange.ultradns.com> <20021018183740.GH13295@primate.net>
Message-ID: <20021019004915.GE20811@zork.net>
begin Aaron T Porter quotation:
> In fact, the OpenSSH trojan was a compile time exploit -- building
> your own SSH was the only way to get hit by that, a binary package
> would have been safe!
And it was discovered because the source-based packaging
system in OpenBSD detected a checksum mismatch on the upstream
tarballs.
--
A: No.
Q: Should I include quotations after my reply?
From rick at linuxmafia.com Fri Oct 18 18:14:10 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 18:14:10 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019004746.GD20811@zork.net>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> <20021018183256.GB23586@linuxmafia.com> <20021019004746.GD20811@zork.net>
Message-ID: <20021019011410.GH23586@linuxmafia.com>
Quoting Nick Moffitt (nick at zork.net):
> Don't forget gusto, which uses GAR!
Man, that looks sweet: a smoothly building distribution that requires
only a 100kB tarball to start with. I think I might give that a shot,
just for the hell of it.
http://www.bamsoftware.com/software/gusto/
ftp://ftp.bamsoftware.com/pub/gusto/
--
"Is it not the beauty of an asynchronous form of discussion that one can go and
make cups of tea, floss the cat, fluff the geraniums, open the kitchen window
and scream out it with operatic force, volume, and decorum, and then return to
the vexed glowing letters calmer of mind and soul?" -- The Cube, forum3000.org
From rick at linuxmafia.com Fri Oct 18 18:20:55 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 18:20:55 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019004537.GB20811@zork.net>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> <20021018183604.GC23586@linuxmafia.com> <20021019004537.GB20811@zork.net>
Message-ID: <20021019012055.GI23586@linuxmafia.com>
Quoting Nick Moffitt (nick at zork.net):
> With respect, gentoo's demands on bandwidth and time are non-trivial
> compared to other distros.
So I gathered, after making that hasty remark. I had assumed that it
was small relative to, say, downloading binary ISOs (since my a-priori
assumption is that all you pull down is source tarballs as required and
occasional updates to whatever is like the BSD ports skeleton) -- but I
infer that for whatever reason it's a bandwidth hog.
From jan at caustic.org Fri Oct 18 18:21:28 2002
From: jan at caustic.org (f.johan.beisser)
Date: Fri, 18 Oct 2002 18:21:28 -0700 (PDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019012055.GI23586@linuxmafia.com>
Message-ID: <20021018181952.M30424-100000@pogo.caustic.org>
On Fri, 18 Oct 2002, Rick Moen wrote:
> So I gathered, after making that hasty remark. I had assumed that it
> was small relative to, say, downloading binary ISOs (since my a-priori
> assumption is that all you pull down is source tarballs as required and
> occasional updates to whatever is like the BSD ports skeleton) -- but I
> infer that for whatever reason it's a bandwidth hog.
actually, i'd say the BSDs ports collection (FreeBSDs specifically) is
good for a few things, but as the dependancies pile up, having binaries to
download makes everything much faster.
my current area of frustration is things like xmms requiring GNOME (not
just GTK) when you compile it from ports. it's almost enough to make me
switch to using linux.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
From rick at linuxmafia.com Fri Oct 18 18:27:56 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 18:27:56 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018181952.M30424-100000@pogo.caustic.org>
References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org>
Message-ID: <20021019012756.GJ23586@linuxmafia.com>
Quoting f.johan.beisser (jan at caustic.org):
> my current area of frustration is things like xmms requiring GNOME (not
> just GTK) when you compile it from ports. it's almost enough to make me
> switch to using linux.
Yeah, I hear you on that. I despise gratuitous GNOME dependencies, too.
--
Cheers, Remember: The day after tomorrow is the third day
Rick Moen of the rest of your life.
rick at linuxmafia.com
From rick at linuxmafia.com Fri Oct 18 18:45:00 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 18:45:00 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539717@ultra-exchange.ultradns.com>
References: <3DBB075EEB95944492E127F2B9A96FAF539717@ultra-exchange.ultradns.com>
Message-ID: <20021019014459.GL23586@linuxmafia.com>
Quoting Patrick Soltani (psoltani at ultradns.com):
> Also SUN has a database of all the files/tools/everything they ship
> with the systems in a MD5 database. You can compare your system's MD5
> signatures, generated independently, against the published ones.
If the system on which you do that comparison is compromised, then so
might be the tools you use to perform it, or the environment in which
they run. So, the assurance (of no system security compromise, albeit
possibly not of other problems) is somewhat illusory.
From nick at zork.net Fri Oct 18 18:44:19 2002
From: nick at zork.net (Nick Moffitt)
Date: Fri, 18 Oct 2002 18:44:19 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019012055.GI23586@linuxmafia.com>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> <20021018183604.GC23586@linuxmafia.com> <20021019004537.GB20811@zork.net> <20021019012055.GI23586@linuxmafia.com>
Message-ID: <20021019014419.GG20811@zork.net>
begin Rick Moen Lives Three Hours from Nowhere quotation:
> I had assumed that it was small relative to, say, downloading binary
> ISOs (since my a-priori assumption is that all you pull down is
> source tarballs as required and occasional updates to whatever is
> like the BSD ports skeleton) -- but I infer that for whatever reason
> it's a bandwidth hog.
So it's generally true that source code is a less efficient
storage format for code than compiled binaries. Source code often
also contains code segments for each platform, of which only one
segment will be included.
--
A: No.
Q: Should I include quotations after my reply?
From nick at zork.net Fri Oct 18 18:45:11 2002
From: nick at zork.net (Nick Moffitt)
Date: Fri, 18 Oct 2002 18:45:11 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019012756.GJ23586@linuxmafia.com>
References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com>
Message-ID: <20021019014511.GH20811@zork.net>
begin Rick Moen Lives Three Hours from Nowhere quotation:
> Quoting f.johan.beisser (jan at caustic.org):
> > my current area of frustration is things like xmms requiring GNOME
> > (not just GTK) when you compile it from ports. it's almost enough
> > to make me switch to using linux.
>
> Yeah, I hear you on that. I despise gratuitous GNOME dependencies,
> too.
And I'll just pipe up again in this thread to note that
Gentoo's USE system handles this sort of thing nicely.
--
A: No.
Q: Should I include quotations after my reply?
From rick at linuxmafia.com Fri Oct 18 18:52:19 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 18:52:19 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019014419.GG20811@zork.net>
References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> <20021018183604.GC23586@linuxmafia.com> <20021019004537.GB20811@zork.net> <20021019012055.GI23586@linuxmafia.com> <20021019014419.GG20811@zork.net>
Message-ID: <20021019015219.GN23586@linuxmafia.com>
Quoting Nick Moffitt (nick at zork.net):
> So it's generally true that source code is a less efficient storage
> format for code than compiled binaries. Source code often also
> contains code segments for each platform, of which only one segment
> will be included.
Yes, but, on the other hand, ISOs (which were my point of comparison)
include a great deal that doesn't get installed -- if you have any
sense, anyway.
From jan at caustic.org Fri Oct 18 18:50:11 2002
From: jan at caustic.org (f.johan.beisser)
Date: Fri, 18 Oct 2002 18:50:11 -0700 (PDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019014511.GH20811@zork.net>
Message-ID: <20021018184817.F30424-100000@pogo.caustic.org>
On Fri, 18 Oct 2002, Nick Moffitt wrote:
> And I'll just pipe up again in this thread to note that
> Gentoo's USE system handles this sort of thing nicely.
that's a good thing. sadly, i don't use Gentoo, let alone linux.
technically, i should be able to define WANT_GNOME or USE_GNOME as NO in
/etc/make.conf and not have it compiled. the problem is that the FreeBSD
ports have become somewhat chaotic as of late, and don't always obey your
variables.
it's annoying at best, and downright frustrating at all the other times.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
From jan at caustic.org Fri Oct 18 18:50:47 2002
From: jan at caustic.org (f.johan.beisser)
Date: Fri, 18 Oct 2002 18:50:47 -0700 (PDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019015219.GN23586@linuxmafia.com>
Message-ID: <20021018185028.C30424-100000@pogo.caustic.org>
On Fri, 18 Oct 2002, Rick Moen wrote:
> Yes, but, on the other hand, ISOs (which were my point of comparison)
> include a great deal that doesn't get installed -- if you have any
> sense, anyway.
thank goodness for network installs then, since you don't download a bunch
of wasted bits.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
From rick at linuxmafia.com Fri Oct 18 19:47:16 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 19:47:16 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018185028.C30424-100000@pogo.caustic.org>
References: <20021019015219.GN23586@linuxmafia.com> <20021018185028.C30424-100000@pogo.caustic.org>
Message-ID: <20021019024715.GO23586@linuxmafia.com>
Quoting f.johan.beisser (jan at caustic.org):
> thank goodness for network installs then, since you don't download a bunch
> of wasted bits.
Quite right -- even if utterly irrelevant to my point, which concerned
explaining what I meant by "a trivial amount of bandwidth draw", i.e.,
compared to what.
From robert at namodn.com Fri Oct 18 20:04:10 2002
From: robert at namodn.com (Rob Helmer)
Date: Fri, 18 Oct 2002 20:04:10 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019012756.GJ23586@linuxmafia.com>; from rick@linuxmafia.com on Fri, Oct 18, 2002 at 06:27:56PM -0700
References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com>
Message-ID: <20021018200409.A23291@namodn.com>
On Fri, Oct 18, 2002 at 06:27:56PM -0700, Rick Moen wrote:
> Quoting f.johan.beisser (jan at caustic.org):
>
> > my current area of frustration is things like xmms requiring GNOME (not
> > just GTK) when you compile it from ports. it's almost enough to make me
> > switch to using linux.
>
> Yeah, I hear you on that. I despise gratuitous GNOME dependencies, too.
I've heard this alot, and I don't get it. Where is the line
on what's gratuitous?
Just as an aside, you can compile XMMS without GNOME if you want to.
I have no idea what features you lose, but it's doable.
( http://bsdvault.net/viewtopic.php?topic=270&forum=2 )
Anyway, if you have (let's say) 5 applications which all depend on the same
particular GNOME library, you've probably started to save space and compile
time rather than having the applications all have redundant code.
Not that you have the GNOME desktop installed, just apps that use code
generated by the GNOME project.
That argument is somewhat analagous to the old "static vs. dynamic binary"
debate, it makes sense to dynamically link most binaries to ( at least )
libc in most cases.
Using more generic libraries also increases reusability, modularity
and ( given enough time and energy ) stability.
So, as a general rule using the GNOME libs instead of writing your
own ( from a developer's standpoint ) gives you more-or-less stable,
documented, working code that you can plug into your program easily.
Usually the burden of maintaining and improving that code is on someone else,
making some of the work that is secondary to your application not your problem.
From the user, as a general rule you have -
* smaller binaries, fewer libraries overall ( less total disk space used )
* less overall compile time ( assuming you compile each gnome lib once )
* more overall stability
* more consistency ( from a UI point of view )
Admittedly, this is "ideal world" stuff.
For example, if you update gnome libs frequently out of CVS, the
stability/compile time factors may not be there ( CVS/CVSup do
a good job of preserving bandwidth at least ).
Also, there's no guarantee that the libraries are stable, documented,
or any good at all.
However, I feel that those libraries that are part of the GNOME
project have been steadily improving over time, and I think
it's better to put a little effort into an already existing project
than to rewrite all the code yourself.
As it stands today, the core GNOME libs are pretty good. So are the core
KDE libs, and GNUStep is coming along nicely as well. I don't see a point
in writing everything from scratch, especially when there is no benefit to
the user, whether they download source or binaries.
Thanks,
Rob
From rick at linuxmafia.com Fri Oct 18 19:56:22 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 19:56:22 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018200409.A23291@namodn.com>
References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com>
Message-ID: <20021019025622.GP23586@linuxmafia.com>
Quoting Rob Helmer (robert at namodn.com):
> I've heard this alot, and I don't get it. Where is the line on what's
> gratuitous?
Right where I want it to be, of course.
I'm sorry; the argument clinic is down the corridor. This is ironic
mockery, in here.
[blah, blah, code reuse, blah, modularity, blah, blah, stability, blah.]
> Thanks,
> Rob
Any time.
From jan at caustic.org Fri Oct 18 19:55:30 2002
From: jan at caustic.org (f.johan.beisser)
Date: Fri, 18 Oct 2002 19:55:30 -0700 (PDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018200409.A23291@namodn.com>
Message-ID: <20021018194728.G30424-100000@pogo.caustic.org>
On Fri, 18 Oct 2002, Rob Helmer wrote:
> I've heard this alot, and I don't get it. Where is the line
> on what's gratuitous?
ok, my own setup for my desktop, normally:
WM: fluxbox
MP3: xmms
status: gkrellm
browser: mozilla
but, when i build xmms from /usr/ports, it attempts to build gnome. why?
if i HAVE gnome installed, that would be fine. but i don't, and i don't
want it installed, but the ports system is assuming i want it, just
because i typed "make" in /usr/ports/audio/xmms. dumb assumption, but that
one is made anyway.
> Just as an aside, you can compile XMMS without GNOME if you want to. I
> have no idea what features you lose, but it's doable. (
> http://bsdvault.net/viewtopic.php?topic=270&forum=2 )
it's doable, but it's not simple. the hamhanded result is that you don't
have gnome, but you do end up with broken ports, due to some of the horrid
depandancies on the various installs.
i'm really not talking about the use of static vs dynamic libs. trust me,
i LOVE dynamic libraries (as long as they don't break, then i hate them
and get grumpy). this is just about using someone elses idea of what a
port should be.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
From robert at namodn.com Fri Oct 18 20:24:25 2002
From: robert at namodn.com (Rob Helmer)
Date: Fri, 18 Oct 2002 20:24:25 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018194728.G30424-100000@pogo.caustic.org>; from jan@caustic.org on Fri, Oct 18, 2002 at 07:55:30PM -0700
References: <20021018200409.A23291@namodn.com> <20021018194728.G30424-100000@pogo.caustic.org>
Message-ID: <20021018202425.B23291@namodn.com>
On Fri, Oct 18, 2002 at 07:55:30PM -0700, f.johan.beisser wrote:
> On Fri, 18 Oct 2002, Rob Helmer wrote:
>
> > I've heard this alot, and I don't get it. Where is the line
> > on what's gratuitous?
>
> ok, my own setup for my desktop, normally:
>
> WM: fluxbox
> MP3: xmms
> status: gkrellm
> browser: mozilla
>
> but, when i build xmms from /usr/ports, it attempts to build gnome. why?
>
> if i HAVE gnome installed, that would be fine. but i don't, and i don't
> want it installed, but the ports system is assuming i want it, just
> because i typed "make" in /usr/ports/audio/xmms. dumb assumption, but that
> one is made anyway.
I'm guessing by "gnome installed" you mean the whole desktop. It's not
like you have to compile gnome-terminal and the panel and all the
fluff that you probably don't want, it's usually just the core libraries.
>
> > Just as an aside, you can compile XMMS without GNOME if you want to. I
> > have no idea what features you lose, but it's doable. (
> > http://bsdvault.net/viewtopic.php?topic=270&forum=2 )
>
> it's doable, but it's not simple. the hamhanded result is that you don't
> have gnome, but you do end up with broken ports, due to some of the horrid
> depandancies on the various installs.
Hmm.. I guess it could be made simpler. It's just adding a flag to
"make" IIRC.
To the "broken ports" comment : it really depends on how good of a job
the developer did on making the GNOME dependency removeable without
breaking core features of the app I guess.
>
> i'm really not talking about the use of static vs dynamic libs. trust me,
> i LOVE dynamic libraries (as long as they don't break, then i hate them
> and get grumpy). this is just about using someone elses idea of what a
> port should be.
Sure, the maintainer has to make a choice on whether it will require gnome-lib
( or whatever ) by default, that's the same choice I would make, since there's
a relatively straightforward way to disallow it.
Thanks,
Rob
From jan at caustic.org Fri Oct 18 20:14:24 2002
From: jan at caustic.org (f.johan.beisser)
Date: Fri, 18 Oct 2002 20:14:24 -0700 (PDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018202425.B23291@namodn.com>
Message-ID: <20021018200710.X30424-100000@pogo.caustic.org>
On Fri, 18 Oct 2002, Rob Helmer wrote:
> I'm guessing by "gnome installed" you mean the whole desktop. It's not
> like you have to compile gnome-terminal and the panel and all the
> fluff that you probably don't want, it's usually just the core libraries.
well, the libs would be fine. most gnome libs are good, decent, and easy
to use. the problem comes up when i don't want the damned panel, or
gnome-terminal (i am old school - or stupid - i use xterms..). in this
case, none of these need the gnome libs, even. they only really need
freetype and gtk (they have those in common), and that's just about it.
> Hmm.. I guess it could be made simpler. It's just adding a flag to
> "make" IIRC.
no, actually it was a bit rougher than that, sadly. i ended up having to
edit the Makefiles to avoid compiling GNOME. this is even after having
/etc/make.conf set to not build it (you wouldn't believe how much breakage
that caused, whooo wee).
> To the "broken ports" comment : it really depends on how good of a job
> the developer did on making the GNOME dependency removeable without
> breaking core features of the app I guess.
actually, i've found that most developers will let you not use the GNOME
libs. it's a bit harder to get around GTK or QT requirements.
> Sure, the maintainer has to make a choice on whether it will require
> gnome-lib ( or whatever ) by default, that's the same choice I would
> make, since there's a relatively straightforward way to disallow it.
generally, the port maintainer does what's best, and easiest for him. if
he's using KDE for everything, of course his port will depend on it.
the ports stuff has been driving me nuts for a while (why, oh why, would a
machine that doesn't have X installed on it need the GTK front end for
MTR?) but usually when i bother with it.
these days, i'm getting out of using the ports system. it needs a bunch of
cleanup and hopefully options to easily avoid building things you don't
want/need.
it's a small gripe with what's otherwise been a mostly rock solid system.
the shame is that it's slowly driving me torward OpenBSD (or, if the
installer becomes easier to deal with, NetBSD) for all my OS needs.
From robert at namodn.com Fri Oct 18 20:38:57 2002
From: robert at namodn.com (Rob Helmer)
Date: Fri, 18 Oct 2002 20:38:57 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019025622.GP23586@linuxmafia.com>; from rick@linuxmafia.com on Fri, Oct 18, 2002 at 07:56:22PM -0700
References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> <20021019025622.GP23586@linuxmafia.com>
Message-ID: <20021018203857.C23291@namodn.com>
On Fri, Oct 18, 2002 at 07:56:22PM -0700, Rick Moen wrote:
> Quoting Rob Helmer (robert at namodn.com):
>
> > I've heard this alot, and I don't get it. Where is the line on what's
> > gratuitous?
>
> Right where I want it to be, of course.
>
> I'm sorry; the argument clinic is down the corridor. This is ironic
> mockery, in here.
No problem. While I have you here, can you point the way to the constructive
conversations?
>
> [blah, blah, code reuse, blah, modularity, blah, blah, stability, blah.]
I have no idea how this is meant, so I guess I just won't be offended.
Sorry if I came across as preachy; I'm saying it more to the list in general,
not presuming that you don't understand the issues involved, or that you don't
know that XMMS doesn't make a whole lot of use of the gnome libs compared to the
core gnome applications.
I've just heard alot of complaints about dependencies when compiling from
source ( this isn't the first one specifically about the xmms port either ).
I think dependencies on widely-used libraries are almost always a good thing, even
if there are some drawbacks ( like only having 1 or 2 apps actually use the same library ).
I'm curious as to who thinks this is bad and why.
Thanks,
Rob
From jan at caustic.org Fri Oct 18 20:27:35 2002
From: jan at caustic.org (f.johan.beisser)
Date: Fri, 18 Oct 2002 20:27:35 -0700 (PDT)
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018203857.C23291@namodn.com>
Message-ID: <20021018202340.X30424-100000@pogo.caustic.org>
On Fri, 18 Oct 2002, Rob Helmer wrote:
> Sorry if I came across as preachy; I'm saying it more to the list in
> general, not presuming that you don't understand the issues involved, or
> that you don't know that XMMS doesn't make a whole lot of use of the
> gnome libs compared to the core gnome applications.
i don't think anyone here is talking about xmms' use of the gnome libs -
if they're present - to bind in to gnome better. that's fine by all
accounts.
the issue is the automagic inclusion of gnome as a dependancy of the port,
when xmms will compile fine without it. if you try to compile the straight
port, you end up with gnome being built.
> I've just heard alot of complaints about dependencies when compiling
> from source ( this isn't the first one specifically about the xmms port
> either ).
i've never really had a problem compiling xmms from source. i've had
problems with the FreeBSD port collection's xmms port wanting to
build/install gnome. a very different situation.
> I'm curious as to who thinks this is bad and why.
i don't think anyone's said it's bad.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
From cmsclaud at arches.uga.edu Fri Oct 18 20:28:14 2002
From: cmsclaud at arches.uga.edu (Claude Rubinson)
Date: Fri, 18 Oct 2002 20:28:14 -0700
Subject: [buug] [CalLUG-announce] Lunch w/RMS, Tues Oct 22, 373 Soda Hall]
Message-ID: <20021019032814.GA9251@wagner>
----- Forwarded message from callug-announce-admin at brain.CS.Berkeley.EDU -----
You are invited to chat with GNU founder Richard Stallman at lunch hosted by
EECS.
When: Oct 22 - 12 noon to 1:30 pm
Where: 373 Soda Hall
This is a tight space so pls. RSVP to layney at eecs for food count etc (with
same subject line please! :)
You will not receive a confirmation reply - just attend unless you hear
otherwise. Thanks!
Some reading recommended by GNU folks:
http://www.gnu.org/philosophy/free-sw.html
http://www.gnu.org/gnu/thegnuproject.html
http://www.gnu.org/philosophy/free-software-for-freedom.html
http://www.gnu.org/gnu/linux-and-gnu.html
http://www.gnu.org/gnu/why-gnu-linux.html
http://www.gnu.org/philosophy/free-doc.html
Best Regards,
Erica Layne
_________________________________
Erica Layne Morrison
Manager, Department Development
Electrical Engineering & Computer Sciences
University of California, Berkeley
231 Cory Hall 1770
Berkeley, CA 94720
Phone: 510.642.3051
Fax. 510.642.2845
layney at eecs.berkeley.edu
_________________________________
_______________________________________________
Callug-announce mailing list
Callug-announce at callug.cs.berkeley.edu
http://www-callug.cs.berkeley.edu/mailman/listinfo/callug-announce
----- End forwarded message -----
From robert at namodn.com Fri Oct 18 21:04:02 2002
From: robert at namodn.com (Rob Helmer)
Date: Fri, 18 Oct 2002 21:04:02 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018200710.X30424-100000@pogo.caustic.org>; from jan@caustic.org on Fri, Oct 18, 2002 at 08:14:24PM -0700
References: <20021018202425.B23291@namodn.com> <20021018200710.X30424-100000@pogo.caustic.org>
Message-ID: <20021018210402.D23291@namodn.com>
On Fri, Oct 18, 2002 at 08:14:24PM -0700, f.johan.beisser wrote:
> On Fri, 18 Oct 2002, Rob Helmer wrote:
>
> generally, the port maintainer does what's best, and easiest for him. if
> he's using KDE for everything, of course his port will depend on it.
>
> the ports stuff has been driving me nuts for a while (why, oh why, would a
> machine that doesn't have X installed on it need the GTK front end for
> MTR?) but usually when i bother with it.
>
> these days, i'm getting out of using the ports system. it needs a bunch of
> cleanup and hopefully options to easily avoid building things you don't
> want/need.
>
> it's a small gripe with what's otherwise been a mostly rock solid system.
> the shame is that it's slowly driving me torward OpenBSD (or, if the
> installer becomes easier to deal with, NetBSD) for all my OS needs.
That's pretty rough. I guess you're right, maintainers are really the
crux of it, unless you want to duplicate their work.
I do see the appeal to having your desktop be exactly to your specifications,
my desktop has alot more GNOME components than yours so I'm sure that
I don't even notice when something depends on the core GNOME binaries ( your
particular dependency does seem gratuitous, libs I understand but not the binaries ).
--
Rob
From robert at namodn.com Fri Oct 18 21:15:59 2002
From: robert at namodn.com (Rob Helmer)
Date: Fri, 18 Oct 2002 21:15:59 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018202340.X30424-100000@pogo.caustic.org>; from jan@caustic.org on Fri, Oct 18, 2002 at 08:27:35PM -0700
References: <20021018203857.C23291@namodn.com> <20021018202340.X30424-100000@pogo.caustic.org>
Message-ID: <20021018211559.E23291@namodn.com>
On Fri, Oct 18, 2002 at 08:27:35PM -0700, f.johan.beisser wrote:
> On Fri, 18 Oct 2002, Rob Helmer wrote:
>
> > Sorry if I came across as preachy; I'm saying it more to the list in
> > general, not presuming that you don't understand the issues involved, or
> > that you don't know that XMMS doesn't make a whole lot of use of the
> > gnome libs compared to the core gnome applications.
>
> i don't think anyone here is talking about xmms' use of the gnome libs -
> if they're present - to bind in to gnome better. that's fine by all
> accounts.
Well, alot of apps take flak for using gnome libraries instead of
writing their own routines directly against GTK, rather than just
integrating with gnome.
> > I've just heard alot of complaints about dependencies when compiling
> > from source ( this isn't the first one specifically about the xmms port
> > either ).
>
> i've never really had a problem compiling xmms from source. i've had
> problems with the FreeBSD port collection's xmms port wanting to
> build/install gnome. a very different situation.
>
> > I'm curious as to who thinks this is bad and why.
>
> i don't think anyone's said it's bad.
Noone here has, it's just a view I've known alot of people to hold.
Offhand, I'm not sure if XMMS using gnome for anything besides a panel
applet, which is pretty gratuitus.
Not the best segue, I apologize for that. Think I've been jumping
to conclusions again..
Thanks,
Rob
From rick at linuxmafia.com Fri Oct 18 21:03:29 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 18 Oct 2002 21:03:29 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018203857.C23291@namodn.com>
References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> <20021019025622.GP23586@linuxmafia.com> <20021018203857.C23291@namodn.com>
Message-ID: <20021019040329.GQ23586@linuxmafia.com>
Quoting Rob Helmer (robert at namodn.com):
> No problem. While I have you here, can you point the way to the constructive
> conversations?
This is obviously some use of the term "constructive conversation" I've
been aware of until now, encompassing attempts to drag me into pointless
recaps of notorious and unenlightening flamewars.
But, hey, it's a big world, neh?
> Sorry if I came across as preachy;....
That's not the adjective that came most immediately to mind.
If you're honestly seeking someone to discuss the topic with, you'll
have to tug on someone else's sleeve, in any event.
From robert at namodn.com Fri Oct 18 21:32:02 2002
From: robert at namodn.com (Rob Helmer)
Date: Fri, 18 Oct 2002 21:32:02 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021019040329.GQ23586@linuxmafia.com>; from rick@linuxmafia.com on Fri, Oct 18, 2002 at 09:03:29PM -0700
References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> <20021019025622.GP23586@linuxmafia.com> <20021018203857.C23291@namodn.com> <20021019040329.GQ23586@linuxmafia.com>
Message-ID: <20021018213202.F23291@namodn.com>
On Fri, Oct 18, 2002 at 09:03:29PM -0700, Rick Moen wrote:
> Quoting Rob Helmer (robert at namodn.com):
>
> > No problem. While I have you here, can you point the way to the constructive
> > conversations?
>
> This is obviously some use of the term "constructive conversation" I've
> been aware of until now, encompassing attempts to drag me into pointless
> recaps of notorious and unenlightening flamewars.
>
> But, hey, it's a big world, neh?
>
> > Sorry if I came across as preachy;....
>
> That's not the adjective that came most immediately to mind.
>
> If you're honestly seeking someone to discuss the topic with, you'll
> have to tug on someone else's sleeve, in any event.
Well, in any event I apologize for jumping to a conclusion that you
and jan at caustic.org obviously weren't heading for as well, I can
see that from re-reading the original post now that I have a better
understanding of the original situation.
Thanks,
Rob
From nick at zork.net Fri Oct 18 22:30:10 2002
From: nick at zork.net (Nick Moffitt)
Date: Fri, 18 Oct 2002 22:30:10 -0700
Subject: [buug] Gentoo, Bluecurve and Linux too!
In-Reply-To: <20021018184817.F30424-100000@pogo.caustic.org>
References: <20021019014511.GH20811@zork.net> <20021018184817.F30424-100000@pogo.caustic.org>
Message-ID: <20021019053010.GJ20811@zork.net>
begin f.johan.beisser quotation:
> that's a good thing. sadly, i don't use Gentoo, let alone linux.
> technically, i should be able to define WANT_GNOME or USE_GNOME as
> NO in /etc/make.conf and not have it compiled. the problem is that
> the FreeBSD ports have become somewhat chaotic as of late, and don't
> always obey your variables.
Ah, that's a pity, since the ports did this sort of thing
first. It's true that the USE variables in Gentoo are as optional as
they are in BSD ports, but the Gentoo packages tend to be more
meticulously maintained (partly because there's no real notion of "we
are the developers of this core code, and all the rest is just
automation of stuff people should compile manually anyway" the way
there is in BSD).
--
A: No.
Q: Should I include quotations after my reply?
From itz at speakeasy.org Fri Oct 18 23:26:15 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 18 Oct 2002 23:26:15 -0700
Subject: [buug] desktop deps [Was: Gentoo, Bluecurve and Linux too!]
In-Reply-To: <20021018200409.A23291@namodn.com>
References: <20021019012055.GI23586@linuxmafia.com>
<20021018181952.M30424-100000@pogo.caustic.org>
<20021019012756.GJ23586@linuxmafia.com>
<20021018200409.A23291@namodn.com>
Message-ID: <86lm4vdjw8.fsf_-_@kronstadt.homeunix.net>
>> Yeah, I hear you on that. I despise gratuitous GNOME dependencies,
>> too.
Rob> I've heard this alot, and I don't get it. Where is the line on
Rob> what's gratuitous?
It's late, I'm tired and fed up with the way the planet is going, so
I'll bite.
I am one of these people you hear complaining about this. The case
that makes me howl is _not_ that I see a cool app utilizing Gnome
functionality and I say "how dare they"? Rather, I am a happy
longtime user of a gtk program X. X is really nice but, like every
software project, has a couple of bugs. I hear an annyoing bug is
fixed in X2.1, just released. I say "apt-get install X" and bingo!
apt is asking me to download 20M of Gnome libraries - including audio,
panel, CORBA, and what not. I'll never use any of that
functionality (and I can't afford to have all these libraries loaded,
even once). That is gratuitous.
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From robert at namodn.com Sun Oct 20 22:15:05 2002
From: robert at namodn.com (Rob Helmer)
Date: Sun, 20 Oct 2002 22:15:05 -0700
Subject: [buug] desktop deps [Was: Gentoo, Bluecurve and Linux too!]
In-Reply-To: <86lm4vdjw8.fsf_-_@kronstadt.homeunix.net>; from itz@speakeasy.org on Fri, Oct 18, 2002 at 11:26:15PM -0700
References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> <86lm4vdjw8.fsf_-_@kronstadt.homeunix.net>
Message-ID: <20021020221505.A16246@namodn.com>
On Fri, Oct 18, 2002 at 11:26:15PM -0700, Ian Zimmerman wrote:
>
> >> Yeah, I hear you on that. I despise gratuitous GNOME dependencies,
> >> too.
>
> Rob> I've heard this alot, and I don't get it. Where is the line on
> Rob> what's gratuitous?
> functionality and I say "how dare they"? Rather, I am a happy
> longtime user of a gtk program X. X is really nice but, like every
> software project, has a couple of bugs. I hear an annyoing bug is
> fixed in X2.1, just released. I say "apt-get install X" and bingo!
> apt is asking me to download 20M of Gnome libraries - including audio,
> panel, CORBA, and what not. I'll never use any of that
> functionality (and I can't afford to have all these libraries loaded,
> even once). That is gratuitous.
I'm curious as to what gtk program X is ( I sure hope it's not X11 ).
I agree that things like panel are gratuitous, although it's
feasible that the app actually uses the gnome audio libraries, same
for CORBA. If you can't afford to have just the libs loaded ( I do
think things like the base binaries and the panel are gratuitous in
most cases ) then that's kind of a difficult situation ( I assume you
also don't have the time/space to staticly compile the bins you need ).
I did fly off the handle a bit in my original post, there are obviously
going to be cases where it's a pain in the ass for a maintainer to
have one package that can flexibly decide whether the panel exists
or whether it depends on gnome binaries for some reason, and it's
not always possible ( or desirable ) to have seperate package-gnome
package-gtk packages ( plus that confuses users who don't really
care what toolkit the programmer used ).
I use quite a few gtk apps that depend on the gnome libraries, since
I also have a full gnome desktop installed ( mostly for guests, and
for some desktop work I do.. I like the idea of a fully integrated,
consistent desktop, but I'm already addicted to blackbox, and my
machine at home is too slow for a full dt ).
So admittedly, I'm somewhat biased in that I already have gnome-bin,
gnome-lib, CORBA, gnome-audio and all that other stuff installed
( having the seperate gnome1/gnome2 installs is a little obnoxious
though ).
I've seen furors over apps that use alot of gnome functionality, which
formerly were gtk-only ( galeon probably being the most prominent ).
I think it would be a good thing for more GTK apps to move in this
direction, for the reasons I outlined in my original post on
this topic.
Of course, the only benefit you'll ever see if you only run one
app that uses any of the gnome libraries is possibly stability,
you'll probably end up losing more diskspace than if the app
was gtk-only ( or tk, or athena, or straight xlib, whatever ).
--
Rob
From itz at speakeasy.org Sun Oct 20 23:28:35 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 20 Oct 2002 23:28:35 -0700
Subject: [buug] desktop deps [Was: Gentoo, Bluecurve and Linux too!]
In-Reply-To: <20021020221505.A16246@namodn.com>
References: <20021019012055.GI23586@linuxmafia.com>
<20021018181952.M30424-100000@pogo.caustic.org>
<20021019012756.GJ23586@linuxmafia.com>
<20021018200409.A23291@namodn.com>
<86lm4vdjw8.fsf_-_@kronstadt.homeunix.net>
<20021020221505.A16246@namodn.com>
Message-ID: <86hefgl2zw.fsf@kronstadt.homeunix.net>
Rob> I've heard this alot, and I don't get it. Where is the line on
Rob> what's gratuitous?
itz> functionality and I say "how dare they"? Rather, I am a happy
itz> longtime user of a gtk program X. X is really nice but, like
itz> every software project, has a couple of bugs. I hear an annyoing
itz> bug is fixed in X2.1, just released. I say "apt-get install X"
itz> and bingo! apt is asking me to download 20M of Gnome libraries -
itz> including audio, panel, CORBA, and what not. I'll never use any
itz> of that functionality (and I can't afford to have all these
itz> libraries loaded, even once). That is gratuitous.
Rob> I'm curious as to what gtk program X is ( I sure hope it's not
Rob> X11 ).
It's not one program, it's a pattern that has happened more than
once. "Program foo" would have been a better phrase, perhaps :)
Rob> I agree that things like panel are gratuitous, although it's
Rob> feasible that the app actually uses the gnome audio libraries,
Rob> same for CORBA. If you can't afford to have just the libs loaded
Rob> ( I do think things like the base binaries and the panel are
Rob> gratuitous in most cases ) then that's kind of a difficult
Rob> situation ( I assume you also don't have the time/space to
Rob> staticly compile the bins you need ).
The problem is that all the gnome libraries interdepend very tightly,
and so if a program uses just one bit of the functionality (say, the
audio), it is forced to load all of them. At least that's how the
Debian deps are set up.
Rob> I've seen furors over apps that use alot of gnome functionality,
Rob> which formerly were gtk-only ( galeon probably being the most
Rob> prominent ).
Yes, I sure wish galeon were gtk-only. But in that case I actually
understand they genuinely do Gnome-ish things, so I wouldn't call it
gratuitous.
Rob> I think it would be a good thing for more GTK apps to move in
Rob> this direction, for the reasons I outlined in my original post on
Rob> this topic.
I don't think it'll surprise you that I disagree :)
Rob> Of course, the only benefit you'll ever see if you only run one
Rob> app that uses any of the gnome libraries is possibly stability,
Rob> you'll probably end up losing more diskspace than if the app was
Rob> gtk-only ( or tk, or athena, or straight xlib, whatever ).
Disk space is not the issue, it is main store. (96M, I can't afford an
upgrade, and even if I could the upgrade will only take me to 128,
then I need a new motherboard).
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From unix at theunixman.com Tue Oct 22 19:11:38 2002
From: unix at theunixman.com (Evan Cofsky)
Date: Tue, 22 Oct 2002 20:11:38 -0600
Subject: [buug] Blocking sendmail
In-Reply-To: <3D890769.FA29AACB@pacbell.net>
References: <3D890769.FA29AACB@pacbell.net>
Message-ID: <20021023021137.GQ765@uman.local.>
Those look to be outgoing connection attempts which will hang around
until sendmail times out since you are probably dropping outgoing
connection packets.
On 09/18 16:08, Bill Honeycutt wrote:
> Before the catcalls start, let me say that I know that I shouldn't have
> sendmail running when I should be using one of the many perfectly good
> substitutes.
>
> But I have is running on one machine. I filter packets such that only
> localhost can connect, all others packets are rejected. So imagine my
> surprise to see the following in my process status output:
>
> > ps ax
> >
> >... stuff deleted...
> >
> > 2896 ? S 0:00 sendmain: ./g8G7DAJ26233 gateway4.worldnet.att.net:
> >
>
> Yikes!! All packets from both the localnet and DMZ are disallowed, so
> the question becomes, "has someone found an innovative way to use my
> sendmail daemon?"
>
> Thanks in advance!
>
> Bill
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
--
How much does it cost to entice a dope-smoking UNIX system guru to Dayton?
-- UNIX/WORLD's First Annual Salary Survey, Brian Boyle
Evan Cofsky, President, CEO Pacific Development Group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL:
From itz at speakeasy.org Tue Oct 22 22:20:36 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 22 Oct 2002 22:20:36 -0700
Subject: [buug] rms event
Message-ID: <86ptu1loij.fsf@kronstadt.homeunix.net>
I attended the rms event announced last week thanks to Claude. I
won't discuss it further here as it's somewhat OT, but I can talk
about it privately with whoever's interested.
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From unixjavabob at yahoo.com Wed Oct 23 21:56:50 2002
From: unixjavabob at yahoo.com (Bob Read)
Date: Wed, 23 Oct 2002 21:56:50 -0700 (PDT)
Subject: [buug] Success with FreeBSD
Message-ID: <20021024045650.38744.qmail@web13801.mail.yahoo.com>
Hello everyone,
I just completed 2 FreeBSD installs...it's the
first time I've installed any BSD in 2 years.
Installs were totally smooth, and I really like the
/etc/rc.conf.
Of great help was my "The Complete FreeBSD" book
from freebsd.org...this book is my favorite unix
reference manual. IMHO, this book plus "Essential
Unix System Administration" by O'Reilly handle most of
my needs.
Later and see you at the next meeting...
Bob
=====
-----------------------------------------
Bob Read
Senior Unix Administrator/DBA/Programmer
cell (510)-703-1634
unixjavabob at yahoo.com
-----------------------------------------
__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
From chowse at charter.net Thu Oct 24 08:09:30 2002
From: chowse at charter.net (Charles Howse)
Date: Thu, 24 Oct 2002 10:09:30 -0500
Subject: [buug] Convert Linux Gateway to OpenBSD
Message-ID: <000e01c27b6f$5c6f0080$0300a8c0@moe>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello List Members,
I have a rather interesting task ahead...I currently have a small
network here at home that I will describe shortly, and I would like
to convert the gateway machine from Red Hat 7.3 to OpenBSD.
I don't need someone to read the man pages to me, but I would like to
discuss my plan, and refine it in the most professional way possible.
I am capable of installing, and networking the box, getting patched,
recompiling the kernel, installing software, it's just that I don't
have too much experience and I was hoping to get a "safety net" in
place (you!)
Are you available for discussion and to otherwise help?
The reasons I want to convert are:
I want to use the "most secure free operating system out there."
I enjoy learning new operating systems.
I'm currently very interested in security.
I couldn't get my Windows 2000 IIS server online 5 minutes before it
was infected with Code Red.
My basic plan for conversion is as follows:
Outline the services the new gateway must provide.
Test the install and setup on a spare machine, while the old gateway
is still running.
Try to develop a means for a scripted install of the OS, software and
configuration files.
Do the actual conversion (be up, running and patched) in 12 hours or
less.
OK, my little network is named after the 3 Stooges.
I don't have a public domain...if all the PC's were Windows boxes,
this would be a workgroup.
The gateway machine is Curley, the spare machine is Larry, and the
WinXP box is Moe.
(I have address space available for Shemp and Curley_Joe) ;-)
We have a Cable Modem CAT5'd to the gateway machine which runs Red
Hat 7.3 and has 2 nics.
The 1st nic connects to the Cable Modem, and gets a dynamic IP
address from the ISP's dhcp server.
The second nic connects to a 10baseT hub, and has a private IP
address.
Larry has 1 nic with a private address, as does Moe.
I use a 4-port kvm switch for console access to each machine.
Moe shares an HP1100 printer.
I am currently running Apache, sendmail, Monmotha's iptables
firewall,
http://www.mplug.org/phpwiki/index.php?MonMothaReferenceGuide
LogWatch, PortSentry, LogSentry, DNS2Go and maybe more that I can't
think of.
One VERY important service that I MUST have on the new gateway is
DNS2Go.
I get a dynamic IP from my ISP, and using DNS2Go, I send that IP to
their dns servers so that you can click the link to my web server
without knowing my IP address. They provide some software for this,
http://www.deerfield.com/download/dns2go/linux/index.htm
which is working perfectly in Linux, and one of the developers has
just emailed me a beta copy for OpenBSD 3.1 that installed and
started just fine.
Complete list of services that the new machine must provide:
Http
Mail
Stateful firewall w/nat
Intrusion detection software (really need some input here...)
Automated retrieval and installation of security-related patches.
Must print properly to the shared printer on the XP box.
Unsuccessful so far...Print services for Unix is enabled.
#Lpc status all -> ..."waiting for Moe to come up."
No gui needed, don't have the resources. Curley is a P200 w/ 64MB
ram, 8GB & 5GB HDD.
I see that Midnight Commander is listed as broken in the ports/misc
tree, I really need a Norton Commander clone. Demos Commander is
unacceptable, it needs terminal to be vct25 or something like that
and doesn't work then. Ytree takes forever to calculate the size of
files in a big directory, and I just don't like it very much. Any
suggestions?
I'm writing my own HOWTO, with the commands and ftp sites to use for
reference. I'll send it if needed.
OK, sorry to be so long winded.
Thanks in advance for any replies!
Thanks,
Charles Howse, MCP
http://howse.dns2go.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use
iQA/AwUBPbgNKsN9WXdqhOGSEQKkRQCfXCTKitrjsodxXiC0qtIrprrHuj0AnidP
ME7LKV069hFvhR/Ju+iPaNUE
=n4sj
-----END PGP SIGNATURE-----
From itz at speakeasy.org Thu Oct 24 09:27:03 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 24 Oct 2002 09:27:03 -0700
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <000e01c27b6f$5c6f0080$0300a8c0@moe>
References: <000e01c27b6f$5c6f0080$0300a8c0@moe>
Message-ID: <864rbbpzu0.fsf@kronstadt.homeunix.net>
Charles> OK, my little network is named after the 3 Stooges. I don't
Charles> have a public domain...if all the PC's were Windows boxes,
Charles> this would be a workgroup. The gateway machine is Curley,
Charles> the spare machine is Larry, and the WinXP box is Moe. (I
Charles> have address space available for Shemp and Curley_Joe) ;-)
Careful - underscores are non-standard in domain names, better use a
hyphen.
Charles> Intrusion detection software (really need some input here...)
Charles> No gui needed, don't have the resources. Curley is a P200 w/
Charles> 64MB ram, 8GB & 5GB HDD.
The intrusion detectors I have experience with (aide and integrit) are
relatively hoggish beasts. If you think the machine is not good
enough for GUI, I doubt that it will be happy running one of these.
It may be possible (and even advisable, on security grounds) to run
them from another machine over NFS, though. Never tried that - anyone
else care to comment?
Charles> I see that Midnight Commander is listed as broken in the
Charles> ports/misc tree, I really need a Norton Commander clone.
Charles> Demos Commander is unacceptable, it needs terminal to be
Charles> vct25 or something like that and doesn't work then. Ytree
Charles> takes forever to calculate the size of files in a big
Charles> directory, and I just don't like it very much. Any
Charles> suggestions?
Emacs and dired :-)
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From ms at formulae.org Thu Oct 24 09:50:50 2002
From: ms at formulae.org (Michael Salmon)
Date: Thu, 24 Oct 2002 09:50:50 -0700
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <864rbbpzu0.fsf@kronstadt.homeunix.net>
References: <000e01c27b6f$5c6f0080$0300a8c0@moe> <864rbbpzu0.fsf@kronstadt.homeunix.net>
Message-ID: <20021024095050.E40250@formulae.org>
On Thu, Oct 24, 2002 at 09:27:03AM -0700, Ian Zimmerman wrote:
> Charles> Intrusion detection software (really need some input here...)
>
> Charles> No gui needed, don't have the resources. Curley is a P200 w/
> Charles> 64MB ram, 8GB & 5GB HDD.
>
> The intrusion detectors I have experience with (aide and integrit) are
> relatively hoggish beasts. If you think the machine is not good
> enough for GUI, I doubt that it will be happy running one of these.
>
> It may be possible (and even advisable, on security grounds) to run
> them from another machine over NFS, though. Never tried that - anyone
> else care to comment?
I used to like nfr, now I would use snort if I needed one. I'm too lazy
though.
ms
From cmsclaud at arches.uga.edu Thu Oct 24 10:21:57 2002
From: cmsclaud at arches.uga.edu (Claude Rubinson)
Date: Thu, 24 Oct 2002 10:21:57 -0700
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <000e01c27b6f$5c6f0080$0300a8c0@moe>
References: <000e01c27b6f$5c6f0080$0300a8c0@moe>
Message-ID: <20021024172157.GA32181@wagner>
On Thu, Oct 24, 2002 at 10:09:30AM -0500, Charles Howse wrote:
>
> OK, my little network is named after the 3 Stooges.
> I don't have a public domain...if all the PC's were Windows boxes,
> this would be a workgroup.
> The gateway machine is Curley, the spare machine is Larry, and the
> WinXP box is Moe.
> (I have address space available for Shemp and Curley_Joe) ;-)
Actually, I believe that it's spelled "Curly" and "Curly_Joe." Also,
you're forgetting Joe. (Poor Joe, he was only there for a few
episodes and everyone always forgets about him.)
Hope this helps!
Claude
From jan at caustic.org Thu Oct 24 11:21:41 2002
From: jan at caustic.org (f.johan.beisser)
Date: Thu, 24 Oct 2002 11:21:41 -0700 (PDT)
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <000e01c27b6f$5c6f0080$0300a8c0@moe>
Message-ID: <20021024105112.I30424-100000@pogo.caustic.org>
On Thu, 24 Oct 2002, Charles Howse wrote:
> I have a rather interesting task ahead...I currently have a small
> network here at home that I will describe shortly, and I would like
> to convert the gateway machine from Red Hat 7.3 to OpenBSD.
start here:
http://www.openbsd.org/faq/faq9.html
> Are you available for discussion and to otherwise help?
as much as ever, i guess.
> We have a Cable Modem CAT5'd to the gateway machine which runs Red
> Hat 7.3 and has 2 nics.
> The 1st nic connects to the Cable Modem, and gets a dynamic IP
> address from the ISP's dhcp server.
is the "dynamic address" just over DHCP? or is there PPPoE or something
else between them?
either is supported in OpenBSD.
> One VERY important service that I MUST have on the new gateway is
> DNS2Go.
never heard of it. but, google has.
they have a perl version, which should work in OpenBSD with no real
effort. their perl version requires perl 5.6, OpenBSD will be releasing
version 3.2 of the OS soon. it has perl 5.6.1. i don't remember the
version of perl in 3.1, off hand. i tend to use snapshots.
> Complete list of services that the new machine must provide:
> Http
it does web serving?
> Mail
it does SMTP? why not use your ISPs mail gateways?
> Stateful firewall w/nat
easy.
> Intrusion detection software (really need some input here...)
get a beafier machine. IDSs tend to use quite a bit of CPU time while
doing packet analisys. if you're wanting a firewall, it's already doing to
much.
> Automated retrieval and installation of security-related patches.
this is almost always a bad idea. well, automated installation is.
you can use wget to grab the latest patches, and probably script the
patching in to your local source tree.. but, this is a firewall right? why
would it have a compiler?
> Must print properly to the shared printer on the XP box.
> Unsuccessful so far...Print services for Unix is enabled.
samba. i'd suggest not printing from your firewall. no real reason to.
> #Lpc status all -> ..."waiting for Moe to come up."
> No gui needed, don't have the resources. Curley is a P200 w/ 64MB
> ram, 8GB & 5GB HDD.
why bother with a GUI at all? useless except on workstations. servers
don't need them. by default, OpenBSD doesn't even start a GUI. you have to
A) install XWindows, and B) set it up to use it.
> I see that Midnight Commander is listed as broken in the ports/misc
> tree, I really need a Norton Commander clone.
why?
> Demos Commander is unacceptable, it needs terminal to be vct25 or
> something like that and doesn't work then. Ytree takes forever to
> calculate the size of files in a big directory, and I just don't like it
> very much. Any suggestions?
ls, df, du.
the command line is more powerful than any file manager.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From chowse at charter.net Thu Oct 24 12:00:35 2002
From: chowse at charter.net (Charles Howse)
Date: Thu, 24 Oct 2002 14:00:35 -0500
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <20021024105112.I30424-100000@pogo.caustic.org>
Message-ID: <000101c27b8f$a2d234a0$0300a8c0@moe>
> start here:
>
> http://www.openbsd.org/faq/faq9.html
>
Been there, done that.
I don't pretend to be as knowledgeable as you folks, but maybe I can get
it done with just a little prodding.
Have also worn out the book "FreeBSD Unleashed".
> is the "dynamic address" just over DHCP? or is there PPPoE or
> something else between them?
>
> either is supported in OpenBSD.
Dhcp only.
> > One VERY important service that I MUST have on the new gateway is
> > DNS2Go.
>
> never heard of it. but, google has.
>
> they have a perl version, which should work in OpenBSD with
I'm pretty confident the beta they sent me will work.
> it does web serving?
At present, I don't object to building a DMZ and hosting my web site and
mail server on another machine.
> it does SMTP? why not use your ISPs mail gateways?
Because I haven't had consistent email service from my ISP since August
28th.
"-ERR Incorrect user name or password"
I'm on their ass about it, all the way up to Corporate HQ.
And I want to do SMTP because I can.
My Red Hat box (Curly) has firewalled, nat'd, smtp'd, httpd'd and
emailed the logs to me for a year with no problems.
Remember, I said I'm running PortSentry, LogSentry, Logwatch, etc.
Are you saying that OpenBSD can't do the same thing on the same machine
without coughing?
> > Stateful firewall w/nat
>
> easy.
Where can I look at a real good pf.conf file?
> > Intrusion detection software (really need some input here...)
>
> get a beafier machine. IDSs tend to use quite a bit of CPU
> time while doing packet analisys. if you're wanting a
> firewall, it's already doing to much.
Nothing else available. Remember, this is a home network, built from
used machines.
The DMZ setup seems to be where you're headed. Fine with me.
>
> > Automated retrieval and installation of security-related patches.
>
> this is almost always a bad idea. well, automated installation is.
>
> you can use wget to grab the latest patches, and probably
> script the patching in to your local source tree.. but, this
> is a firewall right? why would it have a compiler?
Well, (remember, I'm a BSD newbie), the firewall should have a compiler
so I can install the latest security patches and recompile from
source...Isn't that the way it's supposed to work? I refer to the
following page...
http://www.openbsd.org/stable.html
From unixjavabob at yahoo.com Thu Oct 24 12:31:44 2002
From: unixjavabob at yahoo.com (Bob Read)
Date: Thu, 24 Oct 2002 12:31:44 -0700 (PDT)
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <20021024172157.GA32181@wagner>
Message-ID: <20021024193144.59929.qmail@web13807.mail.yahoo.com>
...And in this corner....Coming at you from
UGA.edu...the "Georgia Relational Model Stormer",
undefeated in spelling competitions this year...Ladies
and Gentlemen, stand up and give a cheer for...claude
rUbinson!!!
--- Claude Rubinson wrote:
> On Thu, Oct 24, 2002 at 10:09:30AM -0500, Charles
> Howse wrote:
> >
> > OK, my little network is named after the 3
> Stooges.
> > I don't have a public domain...if all the PC's
> were Windows boxes,
> > this would be a workgroup.
> > The gateway machine is Curley, the spare machine
> is Larry, and the
> > WinXP box is Moe.
> > (I have address space available for Shemp and
> Curley_Joe) ;-)
>
> Actually, I believe that it's spelled "Curly" and
> "Curly_Joe." Also,
> you're forgetting Joe. (Poor Joe, he was only there
> for a few
> episodes and everyone always forgets about him.)
>
> Hope this helps!
>
> Claude
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
=====
-----------------------------------------
Bob Read
Senior Unix Administrator/DBA/Programmer
cell (510)-703-1634
unixjavabob at yahoo.com
-----------------------------------------
__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
From jan at caustic.org Thu Oct 24 12:37:38 2002
From: jan at caustic.org (f.johan.beisser)
Date: Thu, 24 Oct 2002 12:37:38 -0700 (PDT)
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <000101c27b8f$a2d234a0$0300a8c0@moe>
Message-ID: <20021024120449.O30424-100000@pogo.caustic.org>
On Thu, 24 Oct 2002, Charles Howse wrote:
> Been there, done that.
good.
> I don't pretend to be as knowledgeable as you folks, but maybe I can get
> it done with just a little prodding.
what you're wanting isn't difficult, it's something that a newbie should
be able to do with a little help.
> Have also worn out the book "FreeBSD Unleashed".
haven't heard of it. any good for a newbie?
> > either is supported in OpenBSD.
>
> Dhcp only.
by nature, openbsd treats each interface separately. you only need to
configure the external interface to request DHCP service on bootup.
normally, the behaviour of dhcp is to give you a lease on an IP, and
continually renew that least. you keep the same address for a while.
> > they have a perl version, which should work in OpenBSD with
>
> I'm pretty confident the beta they sent me will work.
it probably will. i'd tend to use the perl script anyway, since there's a
higher chance of me being able to read and understand what exactly is
going on.
> > it does web serving?
>
> At present, I don't object to building a DMZ and hosting my web site and
> mail server on another machine.
well, it's usually easier to simply host it on an 'external' box from the
firewall/NAT. you can statically map addresses, of course.
> Because I haven't had consistent email service from my ISP since August
> 28th.
> "-ERR Incorrect user name or password"
that's a popmail error code, as far as i can tell. if it were SMTP it
would have a number code.
> My Red Hat box (Curly) has firewalled, nat'd, smtp'd, httpd'd and
> emailed the logs to me for a year with no problems.
leaving logs local, and using syslog to forward them is easier to deal
with.
> Remember, I said I'm running PortSentry, LogSentry, Logwatch, etc.
portsentry is useless. a little worse than useless, actually. what's the
point of having a piece of software detect portscans on a machine that's
doing nat?
all it really does is add to the processing overhead of the kernel.
> Are you saying that OpenBSD can't do the same thing on the same machine
> without coughing?
it can. it's less likely to cough, actually.
> Where can I look at a real good pf.conf file?
dig up a howto off of google. i'd actually suggest reading the IPFilter
howto to get an idea of how the rules are set up. pf has a bit simpler
syntax, and seems to run somewhat faster. the man pages for pf.conf are
fairly decent in documenting basic examples.
my own pf.conf file for my IPv6 gateway has around 137 rules, once loaded.
written this is only 95 rules.
> Nothing else available. Remember, this is a home network, built from
> used machines.
> The DMZ setup seems to be where you're headed. Fine with me.
it's not so much that i'm headed torward a DMZ setup, it's that you're
wanting much more out of the server than it's function would normally
have.
> Well, (remember, I'm a BSD newbie), the firewall should have a compiler
> so I can install the latest security patches and recompile from
> source...
yes, and no.
if a firewall is compromised (there are the occasional exploits that can
nail you, after all) the compiler is just another liability. despite
things like systrace, once a root level compromise happens, the attacker
can change the rules anyway. despite things like securelevels.
> Isn't that the way it's supposed to work? I refer to the
> following page...
> http://www.openbsd.org/stable.html
sure.
but, when you're building a machine intended for one purpose, why make it
a generalist? that breaks Best Practice. if you're forced to make it a
general system, you have it stripped down to bare minimum, then start
including everything you think you may need.
from your emails, you need:
nat/firewall
WebServer
mail
everything else is just icing.
i would suggest starting with a simple idea of what you want, then
building on that framework.
what you seem to want isn't that complex, but unlike many linux distros,
OpenBSD is fairly stripped down by default. this is the real way it can
say "secure by default", it doesn't have many features untill you add
them.
minimalism is beautiful, when it comes to security.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From jan at caustic.org Thu Oct 24 12:39:39 2002
From: jan at caustic.org (f.johan.beisser)
Date: Thu, 24 Oct 2002 12:39:39 -0700 (PDT)
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <864rbbpzu0.fsf@kronstadt.homeunix.net>
Message-ID: <20021024123909.O30424-100000@pogo.caustic.org>
On 24 Oct 2002, Ian Zimmerman wrote:
> It may be possible (and even advisable, on security grounds) to run
> them from another machine over NFS, though. Never tried that - anyone
> else care to comment?
care to explain a little more?
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From itz at speakeasy.org Thu Oct 24 12:46:54 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 24 Oct 2002 12:46:54 -0700
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <20021024123909.O30424-100000@pogo.caustic.org>
References: <20021024123909.O30424-100000@pogo.caustic.org>
Message-ID: <86elafoc0h.fsf@kronstadt.homeunix.net>
itz> It may be possible (and even advisable, on security grounds) to
itz> run them from another machine over NFS, though. Never tried that
itz> - anyone else care to comment?
jan> care to explain a little more?
Have aide/tripwire/integrit actually run on one of the internal
machines, and nfs-mount the checked filesytems? That way you don't
have to worry about the binaries themselves being replaced, at least
as long as the firewall can be trusted.
Puts a huge load on the ethernet though, probably. Again, I never
actually did it.
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From jan at caustic.org Thu Oct 24 12:52:50 2002
From: jan at caustic.org (f.johan.beisser)
Date: Thu, 24 Oct 2002 12:52:50 -0700 (PDT)
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <86elafoc0h.fsf@kronstadt.homeunix.net>
Message-ID: <20021024124920.X30424-100000@pogo.caustic.org>
On 24 Oct 2002, Ian Zimmerman wrote:
> jan> care to explain a little more?
>
> Have aide/tripwire/integrit actually run on one of the internal
> machines, and nfs-mount the checked filesytems? That way you don't
> have to worry about the binaries themselves being replaced, at least
> as long as the firewall can be trusted.
ah, ok. yes, that would work fine, except that you're using NFS. in this
case, why not nfs mount the tripwire binary from the trusted system, and
keep copies of the databases as needed. less likely to see changes in the
binary that way, and fewer chances of the files you're worried about being
viewed by an attacker (just as bad, in some cases, as them being
modified).
> Puts a huge load on the ethernet though, probably. Again, I never
> actually did it.
depends on the speed of the ethernet. i've found NFSing source code (i
have several different architectures at home, and nfs with lndir does
wonders for this situation) hasn't been much of an overhead at all. of
course, my network at home is more complex than i care to have it right
now.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From chowse at charter.net Thu Oct 24 13:31:29 2002
From: chowse at charter.net (Charles Howse)
Date: Thu, 24 Oct 2002 15:31:29 -0500
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <20021024120449.O30424-100000@pogo.caustic.org>
Message-ID: <000201c27b9c$55774670$0300a8c0@moe>
> > Have also worn out the book "FreeBSD Unleashed".
>
> haven't heard of it. any good for a newbie?
I liked it...
http://www.amazon.com - "FreeBSD Unleased"
> > Remember, I said I'm running PortSentry, LogSentry, Logwatch, etc.
>
> portsentry is useless. a little worse than useless, actually.
> what's the point of having a piece of software detect
> portscans on a machine that's doing nat?
Well, because my web server and mail server live at that address.
Remember, the routable address is the address of the external interface
on the Linux machine.
If they hack that address, they can root the box.
Am I missing your point?
> > Where can I look at a real good pf.conf file?
>
> dig up a howto off of google. i'd actually suggest reading
> the IPFilter howto to get an idea of how the rules are set
> up. pf has a bit simpler syntax, and seems to run somewhat
> faster. the man pages for pf.conf are fairly decent in
> documenting basic examples.
I thought man pf.conf had a good example. I may try that.
Could you please confirm that in the nat rules AND in the pf rules, I
can refer to the interface (ep1) rather than the actual dynamic IP
address of the external interface? It will ruin everything if I have to
refer to an IP address that is going to change every 4 hours or so. ;-)
> but, when you're building a machine intended for one purpose,
> why make it a generalist? that breaks Best Practice. if
Because it's the only machine I have available! ;-)
I'd rather keep Larry to experiment with.
> you're forced to make it a general system, you have it
> stripped down to bare minimum, then start including
> everything you think you may need.
>
> from your emails, you need:
>
> nat/firewall
> WebServer
> mail
>
> everything else is just icing.
Well, I would agree...so...I should upgrade to stable, apply the
patches, then remove the compiler, then put it on the network? How do I
apply future patches? (I admit I havn't done my homework here.)
From jan at caustic.org Thu Oct 24 14:50:55 2002
From: jan at caustic.org (f.johan.beisser)
Date: Thu, 24 Oct 2002 14:50:55 -0700 (PDT)
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <000201c27b9c$55774670$0300a8c0@moe>
Message-ID: <20021024142204.I30424-100000@pogo.caustic.org>
On Thu, 24 Oct 2002, Charles Howse wrote:
> Well, because my web server and mail server live at that address.
> Remember, the routable address is the address of the external interface
> on the Linux machine.
> If they hack that address, they can root the box.
> Am I missing your point?
yes.
portsentry, at least on BSDs, simply listen on ports for scans. since
scans are some of the most common traffic you'll encounter, it's simply
wasted overhead. if you default to denying all traffic, the portsentry
program sits there, doing nothing. it's not particularly intelligent about
how it blocks things either. if it detects a scan - sometimes little more
than a connection to a port that's not open - it flips out.
portsentry simply provides too many false positives, making it more
useless than simply blocking the ports and logging each connection in the
first place.
> I thought man pf.conf had a good example. I may try that.
the basic rules are easy, doing more complex things makes things more
interesting.
> Could you please confirm that in the nat rules AND in the pf rules, I
> can refer to the interface (ep1) rather than the actual dynamic IP
> address of the external interface? It will ruin everything if I have to
> refer to an IP address that is going to change every 4 hours or so. ;-)
normally, you can handle traffic based on interfaces being passed through.
untill you handle virtual hosts on the same machine (very unlikely) you
don't have to worry to much about static addressing.
http://www.openbsd.org/faq/faq6.html#NAT
an example:
nat on fxp0 from 192.168.1.0/24 to any -> fxp0
> > everything else is just icing.
>
> Well, I would agree...so...I should upgrade to stable, apply the
> patches, then remove the compiler, then put it on the network?
install the snapshots. upgrade when 3.2 (-stable) is released.
> How do I apply future patches? (I admit I havn't done my homework
> here.)
if the machine works, why fix it? the occasional upgrade isn't a bad idea,
doing one that's not nessassary to a production machine (and that is what
this is) is foolish.
[root at brimstone log] {23}$ uname -ap
OpenBSD brimstone 3.1 GENERIC#5 sparc SUNW,Sun 4/50, W8601/8701 or MB86903
@ 40 MHz, on-chip FPU
[root at brimstone log] {24}$ uptime
2:47PM up 39 days, 2 hrs, 1 user, load averages: 0.32, 0.25, 0.18
i had a bit of downtime due to moving the hardware around. after the ssh
vulnerability came out, i upgraded to a snapshot release, and once again
ignored this machine.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From chowse at charter.net Thu Oct 24 16:04:32 2002
From: chowse at charter.net (Charles Howse)
Date: Thu, 24 Oct 2002 18:04:32 -0500
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <20021024142204.I30424-100000@pogo.caustic.org>
Message-ID: <000001c27bb1$b7358100$0300a8c0@moe>
> > everything else is just icing.
>
> Well, I would agree...so...I should upgrade to stable, apply the
> patches, then remove the compiler, then put it on the network?
>install the snapshots. upgrade when 3.2 (-stable) is released.
From the web page -
Between formal releases, a series of snapshot releases are made
available. Snapshots are test releases of the -current source tree.
Because they reflect the current state of development, there is no
guarantee that snapshot releases will work correctly (or even at all).
Snapshots are quite useful when moving from a formal release (or older
version of -current) to the current tree.
I thought stable was where I wanted to be, rather than current.
> How do I apply future patches? (I admit I haven't done my homework
> here.)
>if the machine works, why fix it? the occasional upgrade isn't a bad
idea,
>doing one that's not necessary to a production machine (and that is
what
>this is) is foolish.
Agreed, I patch my Windows box when they release a patch for an
application that I use.
It makes sense to patch the BSD box when they release a patch for an
issue that affects me.
That's what I intend to do. What is the best way to do that?
Get the patches from 'errata' and install them manually?
From itz at speakeasy.org Thu Oct 24 16:29:17 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 24 Oct 2002 16:29:17 -0700
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <20021024142204.I30424-100000@pogo.caustic.org>
References: <20021024142204.I30424-100000@pogo.caustic.org>
Message-ID: <86adl3o1pu.fsf@kronstadt.homeunix.net>
jan> portsentry, at least on BSDs, simply listen on ports for
jan> scans. since scans are some of the most common traffic you'll
jan> encounter, it's simply wasted overhead. if you default to denying
jan> all traffic, the portsentry program sits there, doing
jan> nothing. it's not particularly intelligent about how it blocks
jan> things either. if it detects a scan - sometimes little more than
jan> a connection to a port that's not open - it flips out.
jan> portsentry simply provides too many false positives, making it
jan> more useless than simply blocking the ports and logging each
jan> connection in the first place.
I agree with this. I myself have stopped running snort on my box
a few days after switching to a DENY firewall policy, when I saw that
all it could tell me about was a couple of harmless ping requests a
day (the harmful ones are blocked) and it was in fact the greatest hog
among the daemons.
The real stuff is in the kernel log, where the denied packets go.
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From jan at caustic.org Thu Oct 24 16:31:42 2002
From: jan at caustic.org (f.johan.beisser)
Date: Thu, 24 Oct 2002 16:31:42 -0700 (PDT)
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <000001c27bb1$b7358100$0300a8c0@moe>
Message-ID: <20021024160659.A30424-100000@pogo.caustic.org>
On Thu, 24 Oct 2002, Charles Howse wrote:
> >install the snapshots. upgrade when 3.2 (-stable) is released.
>
> I thought stable was where I wanted to be, rather than current.
here's the question: install a 6 month old release, go through and do a
full rebuild of ssh (due to the fact it's a vulnerable version of ssh) or
install a very stable pre-release version of -current?
i've had very few problems with the snapshot releases, far fewer with
OpenBSD-current than FreeBSD-current.
> >if the machine works, why fix it? the occasional upgrade isn't a bad
> idea,
> >doing one that's not necessary to a production machine (and that is
> what
> >this is) is foolish.
>
> Agreed, I patch my Windows box when they release a patch for an
> application that I use.
how many applications are you going to have on this machine?
unlike windows, the various unix clones tend to not have very many "life
threatening" exploits. the only things you need to worry about are feature
changes (if you even need the new feature in the first place), and remote
exploits.
the first happens rarely. if you don't require it, it's icing; excepting
those times where it makes your life much easier.
if it's a remote exploit, how you handle it is up to you. since just
about everything is turned off to begin with, i usually handle remote
exploits with "rm -f" of the vulnerable binary, and don't bother with it
from there. on the other hand, a needed daemon puts you in an unusual
position. you have to balance the need (for example, sshd) against the
vulnerability (root access for the attacker, from a remote host); my
solution to that is simply upgrade. if the machine doesn't have a compiler
(such as poor stupid brimstone) it means i install the snapshot, and move
onward.
> It makes sense to patch the BSD box when they release a patch for an
> issue that affects me.
and, looking at the errata page on OpenBSDs site, your default install of
3.1 has: 5 patches you'd have to install to ensure a system that's
"secure" from remote attacks: 001, 006, 007, 011, 013.
of those, you actually only need 001, and 006.
> That's what I intend to do. What is the best way to do that?
install a snapshot, and use that instead. the snapshots, as i said before,
are very stable.
your other option is to have another OpenBSD box of the same architecture,
and compile your own -stable releases.
i find the snapshots are easier to handle.
> Get the patches from 'errata' and install them manually?
that's how you usually do them. download the patch branch of the source
tree, and compile away.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From jan at caustic.org Thu Oct 24 16:35:33 2002
From: jan at caustic.org (f.johan.beisser)
Date: Thu, 24 Oct 2002 16:35:33 -0700 (PDT)
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <86adl3o1pu.fsf@kronstadt.homeunix.net>
Message-ID: <20021024163214.E30424-100000@pogo.caustic.org>
On 24 Oct 2002, Ian Zimmerman wrote:
> I agree with this. I myself have stopped running snort on my box
> a few days after switching to a DENY firewall policy, when I saw that
> all it could tell me about was a couple of harmless ping requests a
> day (the harmful ones are blocked) and it was in fact the greatest hog
> among the daemons.
depending on how you have snort configured can change what you see. since
most home networks don't have directly exposed IIS/apache/imap/pop
services, it's almost a waste of effort to run it. if you've got a full
scale production network that you WANT to detect attackers traffic on,
it's a good idea to have it running, since it'll record the attack and
allow you to see what, and how, it was done.
> The real stuff is in the kernel log, where the denied packets go.
yes.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From chowse at charter.net Fri Oct 25 13:17:37 2002
From: chowse at charter.net (Charles Howse)
Date: Fri, 25 Oct 2002 15:17:37 -0500
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <20021024160659.A30424-100000@pogo.caustic.org>
Message-ID: <000101c27c63$9041e7c0$0300a8c0@moe>
> i've had very few problems with the snapshot releases, far fewer with
> OpenBSD-current than FreeBSD-current.
OK, I've done some more homework, and I see the point.
What are your thoughts on the following:
My little network will have a DMZ.
Curly will be the firewall, with OpenBSD 3.1, and 3 nics
Ep1 is the external interface, dhcp
Tx0 is one internal interface with a private address
Tx1 is the other internal interface with a private address
Curly and Larry will communicate over a crossover cable, since I don't
have another hub
Larry will be the web and mail server, with OpenBSD 3.1, and 1 nic
Moe will be my workstation, with 1 nic
The first question I have for this scenario concerns the sub netting for
the network.
BTW: sub netting is my short suit.
I'm totally at a loss here...should all the machines be on the same
network - 255.255.0.0?
Or should there be some security through sub netting built in here?
Here's my attempt at ASCII art:
Internet ---- Cable Modem ---- (ep1 DHCP)-Curly-(tx0
192.168.0.1)---- Hub ---- Moe
|
(tx1 192.168.1.1)
|
|
|
(DMZ)
|
|
Larry
From jan at caustic.org Fri Oct 25 17:06:38 2002
From: jan at caustic.org (f.johan.beisser)
Date: Fri, 25 Oct 2002 17:06:38 -0700 (PDT)
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <000101c27c63$9041e7c0$0300a8c0@moe>
Message-ID: <20021025162048.W30424-100000@pogo.caustic.org>
On Fri, 25 Oct 2002, Charles Howse wrote:
> What are your thoughts on the following:
>
> My little network will have a DMZ.
ok. it's already behind nat. the DMZ will be of limited usefulness.
here's why: you have 1 public IP. if you map ports over to specific
machines you're still only exposing one or two ports. it's not going to
render you that much more secure than having everything sitting in one
local network..
this doesn't mean the design is bad, it's a good design, just requiring
more resources to implement than your original design.
> The first question I have for this scenario concerns the sub netting for
> the network.
> BTW: sub netting is my short suit.
> I'm totally at a loss here...should all the machines be on the same
> network - 255.255.0.0?
no. i would either A) assign a complete class C (heh, pre-CIDR stuff
amuses me) to each segment, or B) subnet one. what good is settin
everything to be in the same subnet when you're attempting to keep things
separate?
since you're playing with private IP space, go for the /24. it'll be
easier to handle.
so, 192.168.1.0 and the DMZ would be 192.168.2.0, for example. the netmask
for either 255.255.255.0. this just makes everything easier to deal
with, especially once it's in private IP space.
|
+---{DMZ}-
|
+---{Windoze}-
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From chowse at charter.net Fri Oct 25 17:29:00 2002
From: chowse at charter.net (Charles Howse)
Date: Fri, 25 Oct 2002 19:29:00 -0500
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <20021025162048.W30424-100000@pogo.caustic.org>
Message-ID: <000201c27c86$ae8b6cb0$0300a8c0@moe>
OK, all good so far.
Now, I have had a severe attack of the 'dumbass' today...
If you don't mind, it would help me immensely if you would walk me
through the steps to get my new machines to the point you mention when
talking about installing snapshots to stay secure.
When I look at ftp.openbsd.org/pub/OpenBSD/snapshots/i386, all I see are
*32.tgz files.
Should I start by installing those?
Then what, and how, to stay secure? Just patch manually or do a
complete reinstall of the newest snapshot?
Seems to me like all that reinstalling and reconfiguring would be a pain
in the ass.
Also, nobody every commented on my original plan to try and develop a
means to do a scripted install of the OS and config files. Is this
possible in BSD?...it is in Linux.
> -----Original Message-----
> From: buug-admin at weak.org [mailto:buug-admin at weak.org] On
> Behalf Of f.johan.beisser
> Sent: Friday, October 25, 2002 7:07 PM
> To: Charles Howse
> Cc: buug at weak.org
> Subject: RE: [buug] Convert Linux Gateway to OpenBSD
>
>
> On Fri, 25 Oct 2002, Charles Howse wrote:
>
> > What are your thoughts on the following:
> >
> > My little network will have a DMZ.
>
> ok. it's already behind nat. the DMZ will be of limited usefulness.
>
> here's why: you have 1 public IP. if you map ports over to
> specific machines you're still only exposing one or two
> ports. it's not going to render you that much more secure
> than having everything sitting in one local network..
>
> this doesn't mean the design is bad, it's a good design, just
> requiring more resources to implement than your original design.
>
> > The first question I have for this scenario concerns the
> sub netting
> > for the network.
> > BTW: sub netting is my short suit.
> > I'm totally at a loss here...should all the machines be on the same
> > network - 255.255.0.0?
>
> no. i would either A) assign a complete class C (heh,
> pre-CIDR stuff amuses me) to each segment, or B) subnet one.
> what good is settin everything to be in the same subnet when
> you're attempting to keep things separate?
>
> since you're playing with private IP space, go for the /24.
> it'll be easier to handle.
>
> so, 192.168.1.0 and the DMZ would be 192.168.2.0, for
> example. the netmask for either 255.255.255.0. this just
> makes everything easier to deal with, especially once it's in
> private IP space.
>
>
> |
> +---{DMZ}-
> |
> +---{Windoze}-
>
> -------/ f. johan beisser /--------------------------------------+
> http://caustic.org/~jan jan at caustic.org
> "Champagne for my real friends, real pain for
> my sham friends." -- Tom Waits
>
>
>
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
>
From jan at caustic.org Fri Oct 25 18:32:51 2002
From: jan at caustic.org (f.johan.beisser)
Date: Fri, 25 Oct 2002 18:32:51 -0700 (PDT)
Subject: [buug] Convert Linux Gateway to OpenBSD
In-Reply-To: <000201c27c86$ae8b6cb0$0300a8c0@moe>
Message-ID: <20021025182954.U30424-100000@pogo.caustic.org>
On Fri, 25 Oct 2002, Charles Howse wrote:
> Now, I have had a severe attack of the 'dumbass' today...
> If you don't mind, it would help me immensely if you would walk me
> through the steps to get my new machines to the point you mention when
> talking about installing snapshots to stay secure.
download the install floppy. read the various documents on them. there are
quite a few INSTALL and README files.
> When I look at ftp.openbsd.org/pub/OpenBSD/snapshots/i386, all I see are
> *32.tgz files.
> Should I start by installing those?
essentially, yes. read the FAQ on how to install.
> Then what, and how, to stay secure? Just patch manually or do a
> complete reinstall of the newest snapshot?
i think i already explained that enough.
> Seems to me like all that reinstalling and reconfiguring would be a pain
> in the ass.
who said it was a complete reinstall?
it's simply an upgrade.
> Also, nobody every commented on my original plan to try and develop a
> means to do a scripted install of the OS and config files. Is this
> possible in BSD?...it is in Linux.
it's possible. just not advised.
i have explained why in previous emails.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From lramos3 at satx.rr.com Sun Oct 27 00:44:27 2002
From: lramos3 at satx.rr.com (luis)
Date: Sun, 27 Oct 2002 07:44:27 +0000
Subject: [buug] FreeBSD install
References: <20021024143835.2959.79980.Mailman@weak.org>
Message-ID: <3DBB995B.4EBC99A0@satx.rr.com>
buug-request at weak.org wrote:
> Send Buug mailing list submissions to
> buug at weak.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.weak.org/mailman/listinfo/buug
> or, via email, send a message with subject or body 'help' to
> buug-request at weak.org
>
> You can reach the person managing the list at
> buug-admin at weak.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Buug digest..."
>
> Today's Topics:
>
> 1. Success with FreeBSD (Bob Read)
>
> --__--__--
>
> Message: 1
> Date: Wed, 23 Oct 2002 21:56:50 -0700 (PDT)
> From: Bob Read
> To: buug at weak.org
> Subject: [buug] Success with FreeBSD
>
> Hello everyone,
> I just completed 2 FreeBSD installs...it's the
> first time I've installed any BSD in 2 years.
> Installs were totally smooth, and I really like the
> /etc/rc.conf.
> Of great help was my "The Complete FreeBSD" book
> from freebsd.org...this book is my favorite unix
> reference manual. IMHO, this book plus "Essential
> Unix System Administration" by O'Reilly handle most of
> my needs.
>
> Later and see you at the next meeting...
>
> Bob
>
>
>
> =====
> -----------------------------------------
> Bob Read
> Senior Unix Administrator/DBA/Programmer
> cell (510)-703-1634
> unixjavabob at yahoo.com
> -----------------------------------------
>
> __________________________________________________
> Do you Yahoo!?
> Y! Web Hosting - Let the expert host your web site
> http://webhosting.yahoo.com/
>
> --__--__--
>
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
>
> End of Buug Digest
The new book, Absolute BSD, is even better. Good luck. Luis
From webmaster at hawaiidakine.com Sun Oct 27 16:37:39 2002
From: webmaster at hawaiidakine.com (al plant)
Date: Sun, 27 Oct 2002 14:37:39 -1000
Subject: [buug] CDRW on FreeBSD
Message-ID: <3DBC86D3.B2AC4D2A@hawaiidakine.com>
Thanks for the response to our request recently for information on
FreeBSD as a platform of CD Burning.
Johan Beisser said any of the brands should work and IDE is good.
"FreeBSD is remarkably agnostic about such things as cd burners."
Boy was he correct. We gave up on A redhat linux install after it
failed many attempts and we also received many emails about other
failures under redhat too.
The FreeBSD install with a Sony CDRW was a non-event. Other than
checking the /etc/fstab file and creating a directory for the burns and
testing all went as the how-to said it would.
Three tests, one data and two audio cd's, was painless.
Thanks for the advice and we would recommend FreeBSD with the "burncd"
from the command line as the way to go.
"Simplicity is beauty!"
Aloha! Al Plant - Webmaster http://hawaiidakine.com
Providing FAST DSL Service for $28.00 /mo. Member Small Business Hawaii.
Running FreeBSD 4.5 UNIX & Caldera Linux 2.4 & RedHat 7.2
Support OPEN SOURCE in Business Computing. Phone 808-622-0043
From brian at magenta.planetshwoop.com Sun Oct 27 18:03:31 2002
From: brian at magenta.planetshwoop.com (Brian Sobolak)
Date: Sun, 27 Oct 2002 18:03:31 -0800 (PST)
Subject: [buug] CDRW on FreeBSD
In-Reply-To: <3DBC86D3.B2AC4D2A@hawaiidakine.com>
Message-ID: <20021027180223.B688-100000@magenta.planetshwoop.com>
On Sun, 27 Oct 2002, al plant wrote:
> Running FreeBSD 4.5 UNIX & Caldera Linux 2.4 & RedHat 7.2
Al - just out of curiosity, do customers ask for Caldera? Do you actually
have customers running Caldera Linux (or whatever it's been renamed to)?
brian
--
This is how I think: http://www.planetshwoop.com/blog/
Brian Sobolak sobolak at myrealbox.com
From evans at ncseweb.org Mon Oct 28 13:33:33 2002
From: evans at ncseweb.org (Skip Evans)
Date: Mon, 28 Oct 2002 13:33:33 -0800
Subject: [buug] Sendmail weirdness?
Message-ID: <5.1.0.14.0.20021028133243.02c24d70@mail.mindspring.com>
Hi guys,
Looks like my majordomo is not working, and I found the following:
ncseweb2% ps waux | grep sendmail
skip 12470 0.0 0.1 384 160 p0 R+ 1:28PM 0:00.00 grep sendmail
root 10985 0.0 1.5 2512 1836 ?? Ss 4:14PM 0:01.98 sendmail: accepting connections (sendmail)
root 12437 0.0 1.7 2764 2176 ?? Is 1:22PM 0:00.12 sendmail: ./g9SLMEp12435 applications.udayton.
edu.: client MAIL (sendma
What is this stuff at udayton.edu ???
Skip Evans
Network Project Director
National Center for Science Education
420 40th St, Suite 2
Oakland, CA 94609
510-601-7203 Ext. 308
510-601-7204 (fax)
800-290-6006
evans at ncseweb.org
http://www.ncseweb.org
NCSE now has a one way broadcast news list. Please note that this is NOT a discussion list. You cannot post messages for members to receive. We use this list to broadcast news about the creationism/evolution issue to interested parties.
To sign up send:
subscribe ncse your at email.address
to: majordomo at inia.cls.org
From jan at caustic.org Mon Oct 28 13:37:01 2002
From: jan at caustic.org (f.johan.beisser)
Date: Mon, 28 Oct 2002 13:37:01 -0800 (PST)
Subject: [buug] Sendmail weirdness?
In-Reply-To: <5.1.0.14.0.20021028133243.02c24d70@mail.mindspring.com>
Message-ID: <20021028133518.M30424-100000@pogo.caustic.org>
On Mon, 28 Oct 2002, Skip Evans wrote:
> Looks like my majordomo is not working, and I found the following:
look in /var/log/maillog for some details as to what's failing.
> What is this stuff at udayton.edu ???
that's a forked sendmail process to udayton.edu.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From cmsclaud at arches.uga.edu Tue Oct 29 10:51:22 2002
From: cmsclaud at arches.uga.edu (Claude Rubinson)
Date: Tue, 29 Oct 2002 10:51:22 -0800
Subject: [buug] OFF-TOPIC: Sunday Night's Angel?
Message-ID: <20021029185122.GA4228@wagner>
Sorry for being completely off-topic but I was supposed to tape Sunday
night's episode of "Angel" for my girlfriend and completely fscked it
up. I've exhausted my usual sources for finding stuff like this and I
was hoping that someone here might have a copy that they could lend to
me. I'd really appreciate it. (And, of course, I'd comp you for any
time and expense.)
Thanks,
Claude
p.s. If you could direct any replies off-list, I'm sure that the list
members would appreciate it.
From ms at formulae.org Tue Oct 29 11:27:31 2002
From: ms at formulae.org (Michael Salmon)
Date: Tue, 29 Oct 2002 11:27:31 -0800
Subject: [buug] OFF-TOPIC: Sunday Night's Angel?
In-Reply-To: <20021029185122.GA4228@wagner>
References: <20021029185122.GA4228@wagner>
Message-ID: <20021029112731.B60250@formulae.org>
sorry, we only have all the buffys here ;)
On Tue, Oct 29, 2002 at 10:51:22AM -0800, Claude Rubinson wrote:
> Sorry for being completely off-topic but I was supposed to tape Sunday
> night's episode of "Angel" for my girlfriend and completely fscked it
> up. I've exhausted my usual sources for finding stuff like this and I
> was hoping that someone here might have a copy that they could lend to
> me. I'd really appreciate it. (And, of course, I'd comp you for any
> time and expense.)
>
> Thanks,
>
> Claude
>
> p.s. If you could direct any replies off-list, I'm sure that the list
> members would appreciate it.
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
From itz at speakeasy.org Tue Oct 29 15:47:14 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 29 Oct 2002 15:47:14 -0800
Subject: [buug] mozilla
Message-ID: <86pttsdczh.fsf@kronstadt.homeunix.net>
I've become somewhat fed up with the way I use mozilla, and I'd like
to customize its UI (beyond what the Edit|Preferences dialog allows).
I have read about things like RDF and XUL and I think what I want to
do is possible, but ... where are the fine documents? Not on
mozilla.org as far as I can see.
As an example, changing the default search engine in Edit|Preferences
affects the Search button next to the location box (which I want to
get rid of) but not the Tools|Search menu item - that always goes to
Netscape. And why are there both "Tools|Search the Web" _and_
"Tools|Search|Search the Web" (completely identical behavior)?
More generally, can I add my own menus and keybindings as in Emacs?
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From atporter at primate.net Tue Oct 29 15:57:48 2002
From: atporter at primate.net (Aaron T Porter)
Date: Tue, 29 Oct 2002 15:57:48 -0800
Subject: [buug] mozilla
In-Reply-To: <86pttsdczh.fsf@kronstadt.homeunix.net>
References: <86pttsdczh.fsf@kronstadt.homeunix.net>
Message-ID: <20021029235748.GJ23362@primate.net>
On Tue, Oct 29, 2002 at 03:47:14PM -0800, Ian Zimmerman wrote:
>
> I've become somewhat fed up with the way I use mozilla, and I'd like
> to customize its UI (beyond what the Edit|Preferences dialog allows).
> I have read about things like RDF and XUL and I think what I want to
> do is possible, but ... where are the fine documents? Not on
> mozilla.org as far as I can see.
http://www.mozilla.org/rdf/doc/
http://www.mozilla.org/projects/ui/accessibility/accesskey.html
http://www.mozilla.org/docs/end-user/moz_shortcuts.html
From cmsclaud at arches.uga.edu Tue Oct 29 19:25:18 2002
From: cmsclaud at arches.uga.edu (Claude Rubinson)
Date: Tue, 29 Oct 2002 19:25:18 -0800
Subject: [buug] mozilla
In-Reply-To: <86pttsdczh.fsf@kronstadt.homeunix.net>
References: <86pttsdczh.fsf@kronstadt.homeunix.net>
Message-ID: <20021030032518.GA5614@wagner>
On Tue, Oct 29, 2002 at 03:47:14PM -0800, Ian Zimmerman wrote:
>
> I've become somewhat fed up with the way I use mozilla, and I'd like
> to customize its UI (beyond what the Edit|Preferences dialog allows).
> I have read about things like RDF and XUL and I think what I want to
> do is possible, but ... where are the fine documents? Not on
> mozilla.org as far as I can see.
..snip..
> More generally, can I add my own menus and keybindings as in Emacs?
A couple of thoughts, none of which answer your questions: How is that
you wish your web browser to behave? What, specifically, has got your
dander up?
Have you examined any of the other Gecko-based browsers? I've been
fairly happy with Galeon. It's basically Mozilla but with more
attention given to the user-interface (which uses GTK instead of XUL).
Regarding your question about customizing the search bar, Galeon
includes something that they call "Smart Bookmarks." Basically, a
smart bookmark is a bookmark that accepts an argument permitting e.g.,
a google search. (Another Gecko-based browser is Phoenix which is
still pretty young and, I believe, not quite ready for primetime. But
it might be worth checking out.)
I'd also recommend taking a look at w3m which is what I use as my
default browser. It's basically just a pager, so it doesn't support
images but it does support tables and frames. (Actually, that's not
quite true. By default, it doesn't support images and will, on
demand, call out to an external viewer but there's also support for
inline images. I can't decide whether I like it or not.) The more
that I've used w3m, the happier I've been with it. As far as I can
tell (the docs aren't great), w3m doesn't permit custom keybindings
but, by default, it uses Emacs-style bindings (vi- and lynx-style
bindings are also available) so I'm happy. It can also call out to
another browser which means that when I stumble across a page that
requires a graphical browser, Shift-M opens that page in Galeon.
(Also, if you're an Emacs-junkie, w3m can be embedded in Emacs. I've
only played around with this a bit and haven't ever really gotten the
hang of it but it seems nicer than W3 to me. And, as far as I know,
there's no relation between W3 and w3m.)
If I'm idlying surfing the web and clicking away, I'll generally turn
to Galeon which gives me all the color and formatting and graphics
without any fuss. But when I'm trying to get work done, w3m is my
tool of choice. Depending upon your demands, it might be worth taking
a look at.
Claude
From itz at speakeasy.org Tue Oct 29 22:36:59 2002
From: itz at speakeasy.org (Ian Zimmerman)
Date: 29 Oct 2002 22:36:59 -0800
Subject: [buug] mozilla
In-Reply-To: <20021030032518.GA5614@wagner>
References: <86pttsdczh.fsf@kronstadt.homeunix.net>
<20021030032518.GA5614@wagner>
Message-ID: <86bs5cxwj8.fsf@kronstadt.homeunix.net>
itz> I've become somewhat fed up with the way I use mozilla, and I'd
itz> like to customize its UI (beyond what the Edit|Preferences dialog
itz> allows). I have read about things like RDF and XUL and I think
itz> what I want to do is possible, but ... where are the fine
itz> documents? Not on mozilla.org as far as I can see.
itz> More generally, can I add my own menus and keybindings as in
itz> Emacs?
Claude> A couple of thoughts, none of which answer your questions: How
Claude> is that you wish your web browser to behave? What,
Claude> specifically, has got your dander up?
UI elements that I use 1% of the time but take 10% of the avaliable
screen space, and cannot be hidden because hiding will them also hide
something useful :( That is, the grouping of items in the toolbars is
wrong for me.
The issue of customizing searches arises because I want to hide the
whole location toolbar, but the Search thing in the menu doesn't do
the same thing as the Search button which I would thus lose.
Also, using bookmarks is a Satan vs. Lucifer choice for me.
Navigating the bookmark menus is awkward because the submenus get too
deep too fast and many submenus will be unexpectedly flipped or
shifted to fit on the screen; OTOH activating from the bookmark window
requires the straining behaviors of double- or right-clicking. The
closest to the interface I'd like is actually simply opening the file
bookmarks.html in the browser; but it should have a two-level TOC, to
avoid scrolling through just to find the particular item I need.
Claude> Have you examined any of the other Gecko-based browsers? I've
Claude> been fairly happy with Galeon. It's basically Mozilla but
Claude> with more attention given to the user-interface (which uses
Claude> GTK instead of XUL).
Requires Gnome ...
Claude> I'd also recommend taking a look at w3m which is what I use as
Claude> my default browser.
Never seen this one, thanks for the tip.
Two browsers I have tried are Skipstone and BrowseX. Skipstone was
yet another Gecko wrapper, simple and fast, but now seems to be dead.
BrowseX is a completely different beast, Tcl-based, and _very_
impressive (give it a try someday), but unfortunately it doesn't have
hierarchical bookmarks.
Thanks again for help,
--
Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
From jan at caustic.org Tue Oct 29 22:42:35 2002
From: jan at caustic.org (f.johan.beisser)
Date: Tue, 29 Oct 2002 22:42:35 -0800 (PST)
Subject: [buug] mozilla
In-Reply-To: <86bs5cxwj8.fsf@kronstadt.homeunix.net>
Message-ID: <20021029224133.Y30424-100000@pogo.caustic.org>
On 29 Oct 2002, Ian Zimmerman wrote:
> Claude> I'd also recommend taking a look at w3m which is what I use as
> Claude> my default browser.
>
> Never seen this one, thanks for the tip.
another gecko based one is "phoenix". kind of a mozilla-lite. i've not
tried it, as of yet, but i've heard good things so far.
give it a shot, and let me know.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From rick at linuxmafia.com Tue Oct 29 23:13:30 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 29 Oct 2002 23:13:30 -0800
Subject: [buug] mozilla
In-Reply-To: <86bs5cxwj8.fsf@kronstadt.homeunix.net>
References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> <86bs5cxwj8.fsf@kronstadt.homeunix.net>
Message-ID: <20021030071330.GR23673@linuxmafia.com>
Quoting Ian Zimmerman (itz at speakeasy.org):
> Claude> Have you examined any of the other Gecko-based browsers? I've
> Claude> been fairly happy with Galeon. It's basically Mozilla but
> Claude> with more attention given to the user-interface (which uses
> Claude> GTK instead of XUL).
>
> Requires Gnome ...
News to me.
Package: galeon
Priority: optional
Section: web
Installed-Size: 1300
Maintainer: Jared Johnson (Debian)
Architecture: i386
Version: 1.2.5-0.woody.1
Replaces: galeon-beta, galeon-nautilus
Provides: www-browser
Depends: gdk-imlib1, libart2 (>= 1.2.13-5), libaudiofile0 (>= 0.2.3-4), libc6 (>
= 2.2.4-4), libdb3 (>= 3.2.9-16), libesd0 (>= 0.2.23-1) | libesd-alsa0 (>= 0.2.2
3-1), libgconf11 (>= 1.0.7), libgdk-pixbuf2 (>= 0.17.0-2), libglade-gnome0, libg
lade0, libglib1.2 (>= 1.2.0), libgnome-vfs0 (>= 1.0.3-2), libgnome32 (>= 1.2.13-
5), libgnomesupport0 (>= 1.2.13-5), libgnomeui32 (>= 1.2.13-5), libgtk1.2 (>= 1.
2.10-4), libjpeg62, liboaf0 (>= 0.6.10), liborbit0 (>= 0.5.16), libpng2(>=1.0.12
), libpopt0 (>= 1.6.2-1), libstdc++2.10-glibc2.2 (>= 1:2.95.4-0.010810), libtiff
3g, libungif4g (>= 4.1.0b1), libwrap0, libxml1 (>= 1:1.8.14-3), oaf (>= 0.6.10),
xlibs (>> 4.1.0), zlib1g (>= 1:1.1.4), galeon-common (=1.2.5-0.woody.1), mozill
a-browser (>=2:1.0.0), procps
Recommends: mozilla-psm
Suggests: gtm (>=0.4.10)
Conflicts: mozilla-browser (>=2:1.0.1), galeon-nautilus
Filename: pool/main/g/galeon/galeon_1.2.5-0.woody.1_i386.deb
Size: 423290
MD5sum: feba532b5c612b61f4cddeb0aba2fd08
Description: Mozilla based web browser with GNOME look and feel
Galeon is a fast Web Browser for the GNOME Desktop Environment.
.
Galeon's use of Mozilla's Gecko rendering engine makes it more feature
complete and standards compliant than most other browsers available.
.
By using the GNOME and GTK libraries for the user interface, Galeon is
usually faster than mozilla and the interface integrates well with the
GNOME Desktop Environment.
A big bunch of dynamic libs, to be sure (which you can cut severely with
compile options, if you care), but I see no friggin' GNOME on this system.
--
Cheers, Live Faust, die Jung.
Rick Moen
rick at linuxmafia.com
From nick at zork.net Tue Oct 29 23:10:09 2002
From: nick at zork.net (Nick Moffitt)
Date: Tue, 29 Oct 2002 23:10:09 -0800
Subject: [buug] mozilla
In-Reply-To: <20021029224133.Y30424-100000@pogo.caustic.org>
References: <86bs5cxwj8.fsf@kronstadt.homeunix.net> <20021029224133.Y30424-100000@pogo.caustic.org>
Message-ID: <20021030071009.GE30867@zork.net>
begin f.johan.beisser quotation:
> another gecko based one is "phoenix". kind of a mozilla-lite. i've
> not tried it, as of yet, but i've heard good things so far.
I'm working on the LNX-BBC mini-distribution of GNU/Linux, and
we include browseX as our lean-and-fast browser.
I am principally involved as the author of the packaging
system, GAR, which is a way to automate building everything from
source not unlike gentoo's portage or BSD ports. The problem is that
browseX isn't easy to build, and we have *always* just used officially
blessed release binaries, which are kind of wasteful (they include
statically-linked TCL and Tk among other things).
One thing I'm looking for is a very lightweight gecko-based
browser with the Javurscript support. The problem is that of the ones
I can find, skipstone requires an existing mojira install, and galeon
includes a lot of GNOME stuff.
phoenix looks nice, but the binary release is a 9MB tarball!
Are there any genuinely small and elegant gecko browsers out there?
I'd love to be able to build a reasonably-sized yet functional browser
app from source.
--
A: No.
Q: Should I include quotations after my reply?
From nick at zork.net Tue Oct 29 23:22:58 2002
From: nick at zork.net (Nick Moffitt)
Date: Tue, 29 Oct 2002 23:22:58 -0800
Subject: [buug] mozilla
In-Reply-To: <20021030071330.GR23673@linuxmafia.com>
References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> <86bs5cxwj8.fsf@kronstadt.homeunix.net> <20021030071330.GR23673@linuxmafia.com>
Message-ID: <20021030072258.GF30867@zork.net>
begin Rick Moen Lives Three Hours from Nowhere quotation:
> > Requires Gnome ...
>
> News to me.
>
> Package: galeon
[...]
> Depends: gdk-imlib1, libart2 (>= 1.2.13-5), libaudiofile0 (>= 0.2.3-4), libc6 (>
> lade0, libglib1.2 (>= 1.2.0), libgnome-vfs0 (>= 1.0.3-2), libgnome32 (>= 1.2.13-
[..............................................................^^^^^]
> A big bunch of dynamic libs, to be sure (which you can cut severely
> with compile options, if you care), but I see no friggin' GNOME on
> this system.
The compile options cut out tests for the libs, but do not allow you
to disable much. Try downloading the tarball and have a look at
./configure --help. Tell me how I cut out those gnome libraries.
The big joke is that galeon requires an existing mozilla install. You
still end up with megs and megs of useless crap on your box.
And pedantry about GNOME libraries versus the GNOME desktop is so last
year. You're right Rick, GNOME is a project, and it doesn't require
all those people to be standing next to you sharing and caring to make
it work.
--
A: No.
Q: Should I include quotations after my reply?
From jan at caustic.org Tue Oct 29 23:26:46 2002
From: jan at caustic.org (f.johan.beisser)
Date: Tue, 29 Oct 2002 23:26:46 -0800 (PST)
Subject: [buug] mozilla
In-Reply-To: <20021030071009.GE30867@zork.net>
Message-ID: <20021029232510.R30424-100000@pogo.caustic.org>
On Tue, 29 Oct 2002, Nick Moffitt wrote:
> phoenix looks nice, but the binary release is a 9MB tarball!
> Are there any genuinely small and elegant gecko browsers out there?
> I'd love to be able to build a reasonably-sized yet functional browser
> app from source.
i suspect you're going to be SOL. gecko itself is not tiny by any means.
most of those "alternatives using gecko" need to have mozilla installed
with it, which just kills the space saving aspect of it.
anyhow, bedwards for me.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From nick at zork.net Tue Oct 29 23:32:38 2002
From: nick at zork.net (Nick Moffitt)
Date: Tue, 29 Oct 2002 23:32:38 -0800
Subject: [buug] mozilla
In-Reply-To: <20021029232510.R30424-100000@pogo.caustic.org>
References: <20021030071009.GE30867@zork.net> <20021029232510.R30424-100000@pogo.caustic.org>
Message-ID: <20021030073238.GG30867@zork.net>
begin f.johan.beisser quotation:
> i suspect you're going to be SOL. gecko itself is not tiny by any
> means. most of those "alternatives using gecko" need to have
> mozilla installed with it, which just kills the space saving aspect
> of it.
Why can't they just lift out the gecko sources and use that?
I really don't get it. I can handle gecko being a few megs of bloated
libraries, but I just don't want all the other cruft that mojira comes
with.
--
A: No.
Q: Should I include quotations after my reply?
From nick at zork.net Tue Oct 29 23:35:48 2002
From: nick at zork.net (Nick Moffitt)
Date: Tue, 29 Oct 2002 23:35:48 -0800
Subject: [buug] mozilla
In-Reply-To: <20021030073238.GG30867@zork.net>
References: <20021030071009.GE30867@zork.net> <20021029232510.R30424-100000@pogo.caustic.org> <20021030073238.GG30867@zork.net>
Message-ID: <20021030073548.GH30867@zork.net>
begin Nick Moffitt quotation:
> begin f.johan.beisser quotation:
> > i suspect you're going to be SOL. gecko itself is not tiny by any
> > means. most of those "alternatives using gecko" need to have
> > mozilla installed with it, which just kills the space saving
> > aspect of it.
>
> Why can't they just lift out the gecko sources and use that?
> I really don't get it. I can handle gecko being a few megs of
> bloated libraries, but I just don't want all the other cruft that
> mojira comes with.
that is to say, browsex is currently 6MB uncompressed, and I'm looking
for something in that size range.
--
A: No.
Q: Should I include quotations after my reply?
From rick at linuxmafia.com Wed Oct 30 09:43:55 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Wed, 30 Oct 2002 09:43:55 -0800
Subject: [buug] mozilla
In-Reply-To: <20021030072258.GF30867@zork.net>
References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> <86bs5cxwj8.fsf@kronstadt.homeunix.net> <20021030071330.GR23673@linuxmafia.com> <20021030072258.GF30867@zork.net>
Message-ID: <20021030174355.GY23673@linuxmafia.com>
Quoting Nick Moffitt (nick at zork.net):
> The compile options cut out tests for the libs, but do not allow you
> to disable much. Try downloading the tarball and have a look at
> ./configure --help. Tell me how I cut out those gnome libraries.
Not those couple of GNOME libs, but many of the others, if memory serves.
> The big joke is that galeon requires an existing mozilla install. You
> still end up with megs and megs of useless crap on your box.
That is indeed a deal-breaker for the LNX-BBC, but not for someone who
wants a decent Web browser without wanting GNOME.
> And pedantry about GNOME libraries versus the GNOME desktop is so last
> year.
Seems as if my pedantry concerns a difference a couple of hundred megs
of installed cruft wide.
From nick at zork.net Wed Oct 30 09:49:14 2002
From: nick at zork.net (Nick Moffitt)
Date: Wed, 30 Oct 2002 09:49:14 -0800
Subject: [buug] mozilla
In-Reply-To: <20021030174355.GY23673@linuxmafia.com>
References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> <86bs5cxwj8.fsf@kronstadt.homeunix.net> <20021030071330.GR23673@linuxmafia.com> <20021030072258.GF30867@zork.net> <20021030174355.GY23673@linuxmafia.com>
Message-ID: <20021030174914.GM30867@zork.net>
begin Rick Moen Lives Three Hours from Nowhere quotation:
> > And pedantry about GNOME libraries versus the GNOME desktop is so
> > last year.
>
> Seems as if my pedantry concerns a difference a couple of hundred
> megs of installed cruft wide.
Gosh, why that's nearly half the size of the libs themselves!
--
A: No.
Q: Should I include quotations after my reply?
From robert at namodn.com Wed Oct 30 10:51:40 2002
From: robert at namodn.com (Rob Helmer)
Date: Wed, 30 Oct 2002 10:51:40 -0800
Subject: [buug] mozilla
In-Reply-To: <86bs5cxwj8.fsf@kronstadt.homeunix.net>; from itz@speakeasy.org on Tue, Oct 29, 2002 at 10:36:59PM -0800
References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> <86bs5cxwj8.fsf@kronstadt.homeunix.net>
Message-ID: <20021030105140.A10716@namodn.com>
On Tue, Oct 29, 2002 at 10:36:59PM -0800, Ian Zimmerman wrote:
>
> itz> I've become somewhat fed up with the way I use mozilla, and I'd
> itz> like to customize its UI (beyond what the Edit|Preferences dialog
> itz> allows). I have read about things like RDF and XUL and I think
> itz> what I want to do is possible, but ... where are the fine
> itz> documents? Not on mozilla.org as far as I can see.
>
> itz> More generally, can I add my own menus and keybindings as in
> itz> Emacs?
>
> Claude> A couple of thoughts, none of which answer your questions: How
> Claude> is that you wish your web browser to behave? What,
> Claude> specifically, has got your dander up?
>
> UI elements that I use 1% of the time but take 10% of the avaliable
> screen space, and cannot be hidden because hiding will them also hide
> something useful :( That is, the grouping of items in the toolbars is
> wrong for me.
Hello,
Phoenix is actually pretty good, I've been using nightlies
regularly for some time ( it lives on the Mozilla trunk, as
part of the overall Mozilla codebase ).
http://mozilla.org/projects/phoenix
It's mostly a reworking of the browser UI ( it does not come
with anything except the browser and the javascript console, no
mail/composer/irc/etc ).
It has on-the-fly customizable toolbars, you can even move items
up onto the menubar now if you are really into preserving screen
real estate. The preferences are also alot leaner, and they've removed
alot of the useless redundancy in the menus.
Also, if you want to do some XUL here are some sites :
"Creating Applications with Mozilla", O'Reilly. Published
under the OPL, it's available online : http://books.mozdev.org/
XUL Planet - tutorials, apps, element reference - http://xulplanet.com
Someone else posted some links to Mozilla.org, the stuff there
is pretty dry, and there isn't much in the way of tutorials, but
great as a reference and usually the most up-to-date.
--
Rob
From robert at namodn.com Wed Oct 30 11:14:08 2002
From: robert at namodn.com (Rob Helmer)
Date: Wed, 30 Oct 2002 11:14:08 -0800
Subject: [buug] mozilla
In-Reply-To: <20021030073238.GG30867@zork.net>; from nick@zork.net on Tue, Oct 29, 2002 at 11:32:38PM -0800
References: <20021030071009.GE30867@zork.net> <20021029232510.R30424-100000@pogo.caustic.org> <20021030073238.GG30867@zork.net>
Message-ID: <20021030111408.B10716@namodn.com>
On Tue, Oct 29, 2002 at 11:32:38PM -0800, Nick Moffitt wrote:
> begin f.johan.beisser quotation:
> > i suspect you're going to be SOL. gecko itself is not tiny by any
> > means. most of those "alternatives using gecko" need to have
> > mozilla installed with it, which just kills the space saving aspect
> > of it.
>
> Why can't they just lift out the gecko sources and use that?
> I really don't get it. I can handle gecko being a few megs of bloated
> libraries, but I just don't want all the other cruft that mojira comes
> with.
You can. It's redistributing it that's the trick.
The Galeon people are waiting for the relicensing -
http://www.mozilla.org/MPL/missing.html
Google for details.
There's also a project at Mozilla to split Gecko into a
"runtime environment", probably just a bunch of libraries despite the
fancy name :
http://mozilla.org/projects/embedding/MRE.html
Finally, nightly builds ( or builds from source ) of Mozilla come
with TestGtkEmbed, which is a very simple browser. Simple enough
to be an example or test, not something most people would use
everyday. It does show the bare minimum needed to implement Gecko
though.
$ ls -l TestGtkEmbed
-rwxr-xr-x 1 rhelmer rhelmer 18972 Oct 29 08:42 TestGtkEmbed
$ ldd TestGtkEmbed
libgtkembedmoz.so => ./libgtkembedmoz.so (0x40014000)
libgtksuperwin.so => ./libgtksuperwin.so (0x4002e000)
libdl.so.2 => /lib/libdl.so.2 (0x4003f000)
libmozjs.so => ./libmozjs.so (0x40042000)
libxpcom.so => ./libxpcom.so (0x400b3000)
libplds4.so => ./libplds4.so (0x401a8000)
libplc4.so => ./libplc4.so (0x401ab000)
libnspr4.so => ./libnspr4.so (0x401b0000)
libpthread.so.0 => /lib/libpthread.so.0 (0x401de000)
libgtk-1.2.so.0 => /usr/lib/libgtk-1.2.so.0 (0x401f2000)
libgdk-1.2.so.0 => /usr/lib/libgdk-1.2.so.0 (0x40317000)
libgmodule-1.2.so.0 => /usr/lib/libgmodule-1.2.so.0 (0x4034b000)
libglib-1.2.so.0 => /usr/lib/libglib-1.2.so.0 (0x4034e000)
libXi.so.6 => /usr/X11R6/lib/libXi.so.6 (0x40371000)
libXext.so.6 => /usr/X11R6/lib/libXext.so.6 (0x40379000)
libX11.so.6 => /usr/X11R6/lib/libX11.so.6 (0x40387000)
libm.so.6 => /lib/libm.so.6 (0x40461000)
libstdc++-libc6.1-1.so.2 => /usr/lib/libstdc++-libc6.1-1.so.2 (0x40482000)
libc.so.6 => /lib/libc.so.6 (0x404c4000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
$ ls -la `ldd TestGtkEmbed | awk '{print $1}'`
( not counting system/gtk/X11 libraries, just Mozilla )
-rwxr-xr-x 1 rhelmer rhelmer 98520 Oct 29 08:42 libgtkembedmoz.so
-rwxr-xr-x 1 rhelmer rhelmer 17216 Oct 29 08:42 libgtksuperwin.so
-rwxr-xr-x 1 rhelmer rhelmer 461748 Oct 29 08:42 libmozjs.so
-rwxr-xr-x 1 rhelmer rhelmer 179584 Oct 29 08:42 libnspr4.so
-rwxr-xr-x 1 rhelmer rhelmer 16084 Oct 29 08:42 libplc4.so
-rwxr-xr-x 1 rhelmer rhelmer 9804 Oct 29 08:42 libplds4.so
-rwxr-xr-x 1 rhelmer rhelmer 1011408 Oct 29 08:42 libxpcom.so
( some of these libraries link to eachother, but I didn't see anything
else that linked further into the Mozilla libraries ).
--
Rob
From maneeshgautam at rediffmail.com Wed Oct 30 19:59:01 2002
From: maneeshgautam at rediffmail.com (Maneesh Gautam)
Date: 31 Oct 2002 03:59:01 -0000
Subject: [buug] Unsubscribe me
Message-ID: <20021031035901.15555.qmail@webmail6.rediffmail.com>
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL:
From jammer at weak.org Wed Oct 30 20:17:31 2002
From: jammer at weak.org (Jon McClintock)
Date: Wed, 30 Oct 2002 20:17:31 -0800
Subject: [buug] Unsubscribe me
In-Reply-To: <20021031035901.15555.qmail@webmail6.rediffmail.com>
References: <20021031035901.15555.qmail@webmail6.rediffmail.com>
Message-ID: <20021031041731.GD15520@weak.org>
On Thu, Oct 31, 2002 at 03:59:01AM -0000, Maneesh Gautam wrote:
> Hi there,
>
> I want my mail id to be taken off from this mail list
>
> Thanking you
> Gautam
>
>
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
Hello,
Instructions on how to unsubscribe from this list were provided when you
subscribed, and are included in every single message that is sent out
through it. But, since you seem to have difficulty doing things for
yourself, the way you unsubscribe is by going to:
http://www.weak.org/mailman/listinfo/buug/
And follow the unsubscribe option.
-Jon
From rick at linuxmafia.com Wed Oct 30 21:01:27 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Wed, 30 Oct 2002 21:01:27 -0800
Subject: [buug] Unsubscribe me
In-Reply-To: <20021031035901.15555.qmail@webmail6.rediffmail.com>
References: <20021031035901.15555.qmail@webmail6.rediffmail.com>
Message-ID: <20021031050127.GN23673@linuxmafia.com>
Quoting Maneesh Gautam (maneeshgautam at rediffmail.com):
> I want my mail id to be taken off from this mail list
Absolutely not.
From nkj at namodn.com Thu Oct 31 11:46:15 2002
From: nkj at namodn.com (Nick Jennings)
Date: Thu, 31 Oct 2002 11:46:15 -0800
Subject: [buug] Unsubscribe me
In-Reply-To: <20021031050127.GN23673@linuxmafia.com>; from rick@linuxmafia.com on Wed, Oct 30, 2002 at 09:01:27PM -0800
References: <20021031035901.15555.qmail@webmail6.rediffmail.com> <20021031050127.GN23673@linuxmafia.com>
Message-ID: <20021031114615.F19370@namodn.com>
On Wed, Oct 30, 2002 at 09:01:27PM -0800, Rick Moen wrote:
> Quoting Maneesh Gautam (maneeshgautam at rediffmail.com):
>
> > I want my mail id to be taken off from this mail list
>
> Absolutely not.
You all must be hackers. It's a conspiracy.
Thanks,
From Johnny
From sobolak at myrealbox.com Thu Oct 31 13:31:16 2002
From: sobolak at myrealbox.com (Brian Sobolak)
Date: Thu, 31 Oct 2002 15:31:16 -0600
Subject: [buug] did you see today's foxtrot?
Message-ID: <1036099876.be32d560sobolak@myrealbox.com>
While not as good as the Unix underpants strip, this one is pretty good.
http://images.ucomics.com/comics/ft/2002/ft021031.gif
--
Brian Sobolak
http://www.planetshwoop.com/
sobolak at myrealbox.com
From john at jjdev.com Thu Oct 31 15:51:50 2002
From: john at jjdev.com (johnd)
Date: Thu, 31 Oct 2002 15:51:50 -0800
Subject: [buug] Unsubscribe me
In-Reply-To: <20021031035901.15555.qmail@webmail6.rediffmail.com>
References: <20021031035901.15555.qmail@webmail6.rediffmail.com>
Message-ID: <20021031235150.GB19439@master.theunixman.com>
On Thu, Oct 31, 2002 at 03:59:01AM -0000, Maneesh Gautam wrote:
> Hi there,
>
> I want my mail id to be taken off from this mail list
>
> Thanking you
> Gautam
Please fill out form 366554D and submit it do dept K. You will then need to
file a 133T.
From unixjavabob at yahoo.com Thu Oct 31 16:35:16 2002
From: unixjavabob at yahoo.com (Bob Read)
Date: Thu, 31 Oct 2002 16:35:16 -0800 (PST)
Subject: [buug] Unsubscribe me
In-Reply-To: <20021031235150.GB19439@master.theunixman.com>
Message-ID: <20021101003516.24313.qmail@web13802.mail.yahoo.com>
Our Constitution is in actual operation;
Everything appears to promise that it will last;
But in this world nothing is certain
But "death" and "buug at weak.org".
--- johnd wrote:
> On Thu, Oct 31, 2002 at 03:59:01AM -0000, Maneesh
> Gautam wrote:
> > Hi there,
> >
> > I want my mail id to be taken off from this mail
> list
> >
> > Thanking you
> > Gautam
>
>
> Please fill out form 366554D and submit it do dept
> K. You will then need to
> file a 133T.
>
>
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
=====
-----------------------------------------
Bob Read
Senior Unix Administrator/DBA/Programmer
cell (510)-703-1634
unixjavabob at yahoo.com
-----------------------------------------
__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
From nickmdf at tsoft.com Thu Oct 31 16:42:34 2002
From: nickmdf at tsoft.com (Nick Sophinos)
Date: Thu, 31 Oct 2002 16:42:34 -0800
Subject: [buug] Unsubscribe me
In-Reply-To: <20021031235150.GB19439@master.theunixman.com>
Message-ID:
Actually I thought that one has to click on the Windows XP unsubscribe
wizard.
Just make sure that you have your original OEM Install CD handy.
- Nick
-----Original Message-----
From: buug-admin at weak.org [mailto:buug-admin at weak.org]On Behalf Of johnd
Sent: Thursday, October 31, 2002 3:52 PM
To: Maneesh Gautam
Cc: Buug at weak.org
Subject: Re: [buug] Unsubscribe me
On Thu, Oct 31, 2002 at 03:59:01AM -0000, Maneesh Gautam wrote:
> Hi there,
>
> I want my mail id to be taken off from this mail list
>
> Thanking you
> Gautam
Please fill out form 366554D and submit it do dept K. You will then need to
file a 133T.
_______________________________________________
Buug mailing list
Buug at weak.org
http://www.weak.org/mailman/listinfo/buug
From nthomas at cise.ufl.edu Thu Oct 31 17:24:56 2002
From: nthomas at cise.ufl.edu (N. Thomas)
Date: Thu, 31 Oct 2002 20:24:56 -0500
Subject: [buug] DNS on OpenBSD
Message-ID: <20021101012456.GA27773@cise.ufl.edu>
So I'm shopping around for a DNS solution for our network here: an OpenBSD
firewalling/nat box that feeds some other (mostly Unix) machines.
I looked into it a bit, and whittled it down to these:
bind4 - comes with OpenBSD
bind9 - latest version from ISC
djbdns - I've heard good things about it, and I don't care about the
licensing (my morals are lax)
Normally I would just use the vendor supplied program, but I was looking
through a DNS book the other day (Langfeldt, Que) and it put the fear of God
into me about using bind4. Bind9 is what the book recommended, and
everywhere I turn I hear about djbdns.
I'm not looking to do anything difficult, just provide name resolution and
possibly some caching.
Would anyone like to share some information on the topic?
thanks,
thomas
--
N. Thomas
nthomas at cise.ufl.edu
Etiamsi occiderit me, in ipso sperabo
From jan at caustic.org Thu Oct 31 17:37:25 2002
From: jan at caustic.org (f.johan.beisser)
Date: Thu, 31 Oct 2002 17:37:25 -0800 (PST)
Subject: [buug] DNS on OpenBSD
In-Reply-To: <20021101012456.GA27773@cise.ufl.edu>
Message-ID: <20021031172624.G30424-100000@pogo.caustic.org>
On Thu, 31 Oct 2002, N. Thomas wrote:
> I looked into it a bit, and whittled it down to these:
>
> bind4 - comes with OpenBSD
native, well toured code. comes preconfigured for a chrooted environment.
> bind9 - latest version from ISC
supports v6 natively (if you need it) good for some applications (views
being one of my fave concepts, even if implementing them is less than
easy)
> djbdns - I've heard good things about it, and I don't care about the
> licensing (my morals are lax)
it's broken. it doesn't follow most standards, and djb doesn't care to
make it conform. licensing aside, djb will gladly stake you to the ground,
and not commit any bugfixes (you didn't make any changes to his code, did
you?) you provide. "they're features, you shmuck" -- djb
> Normally I would just use the vendor supplied program, but I was looking
> through a DNS book the other day (Langfeldt, Que) and it put the fear of God
> into me about using bind4. Bind9 is what the book recommended, and
> everywhere I turn I hear about djbdns.
i would go with bind9, since i'm more familiar with bind8/9 syntax. chroot
it, and ignore it.
> I'm not looking to do anything difficult, just provide name resolution and
> possibly some caching.
cacheing is the best thing about having your own DNS.
> Would anyone like to share some information on the topic?
i think i summed it all up there.
the only real reason for not using bind4 is the old config files. the
OpenBSD team has toured it fairly well, and uses it in production
themselves. to the best of my knowledge, there's not been recent bind4
exploit that worked against OpenBSDs version.
i can't say the same for bind8 or bind9. since you're not looking for
anything heavy duty, or featureful, there's more than just those 3
versions out there.
there's also maradns , amongst others.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
From rick at linuxmafia.com Thu Oct 31 18:45:09 2002
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 31 Oct 2002 18:45:09 -0800
Subject: [buug] DNS on OpenBSD
In-Reply-To: <20021101012456.GA27773@cise.ufl.edu>
References: <20021101012456.GA27773@cise.ufl.edu>
Message-ID: <20021101024509.GC23673@linuxmafia.com>
Quoting N. Thomas (nthomas at cise.ufl.edu):
> So I'm shopping around for a DNS solution for our network here: an OpenBSD
> firewalling/nat box that feeds some other (mostly Unix) machines.
I'll just cross-post my list from a comment I made at
http://lwn.net/Articles/12928/ :
Free/open-source alternatives to BIND:
* http://www.dents.org/: DENTS
* http://www.maradns.org/ MaraDNS
* http://mydns.bboy.net/: MyDNS
* http://home.t-online.de/home/Moestl/: pdnsd
* http://dnrd.nevalabs.org/: Domain Name Relay Daemon
* http://posadis.sourceforge.net/: Posadis
* http://pliant.cx/pliant/protocol/dns/: Pliant
* http://www.linuks.mine.nu/helpers/yaku-ns/: Yaku-NS (official site
* at www.kyuzz.org/antirez/ens.html seems to be down)
* http://customdns.sourceforge.net/: CustomDNS
* http://www.thekelleys.org.uk/dnsmasq/: Dnsmasq
* http://gnudip2.sourceforge.net/gnudip-www/: GnuDIP
* http://www.stanford.edu/~riepel/lbnamed/: lbnamed
* http://eddie.sourceforge.net/lbdns.html: lbdns
Taken from my list of such software in
http://linuxmafia.com/~rick/faq/#djb, which also includes all known
open-source Web and ftp daemons for *ix. (Some of the DNS daemons listed
are for specialised applications, but many are not.)
> Normally I would just use the vendor supplied program, but I was
> looking through a DNS book the other day (Langfeldt, Que) and it put
> the fear of God into me about using bind4.
I'm wary of BIND4, too -- but, in fairness, it seems a dead certainty
that the version OpenBSD ships is very heavily patched. Very often, the
best bets for reasonable security over the long run are older versions
that have had fixes backported to them, rather than jumping at the
latest of everything.
> Bind9 is what the book recommended, and everywhere I turn I hear about
> djbdns.
Heh. _That_ kettle of fish. Quoting from
http://linuxmafia.com/~rick/faq/#djb :
[Coverage of proprietary licensing and extremely odd design of DJBware
snipped. Listings of open-source alternatives in each category of
DJBware snipped.]
djbdns should not be assumed automatically to be an all-around-usage DNS
server, either. Some of the areas in which Bernstein has elected not to
follow IETF draft standards in djbdns's functioning are outlined in
Scott Morizot's letter to Linux Weekly News
[http://lwn.net/2001/0222/letters.php3] (seventh letter down). (Note
that there are third-party ways to fix djbdns to add support for the
IETF NOTIFY protocol, for sending [http://tinydns.org/dnsnotify] and
receiving [http://marc.theaimsgroup.com/?l=djbdns&m=97563649813152&w=2]
NOTIFYs, but the point is Bernstein decided not to implement that and
many other core DNS protocols: He recommends
[http://cr.yp.to/djbdns/run-server.html], for example, that you
eschew the standards-track NOTIFY and IXFR protocols, and use rsync
instead.) A comprehensive list of IETF DNS protocols omitted from djbdns
can be found in Paul Vixie's linuxsecurity.com interview
[http://www.linuxsecurity.com/feature_stories/conrad_vixie-4.html].
It can be argued that the omitted DNS protocols are merely
standards-track (proposed) IETF protocols as of Nov. 2001 -- whose
adoption Bernstein opposes on various grounds. (Relevant RFCs are 1995,
1996, 2136, 2535, 2536, 2537, 2538, 2539, 2845, 2930, 2931, 3007, 3008,
3090, and 3110.) But shunning common zone-transfer mechanisms (NOTIFY,
IXFR, outgoing AXFR) is just unreasonable if you want to want to
interoperate with the rest of the world.
> Would anyone like to share some information on the topic?
Try MaraDNS.
Me, I tend to use BIND9, but more because I'm used to the thing than
for any better reason.
--
Cheers, "On the face of it, Microsoft complaining about the source license
Rick Moen used by Linux is like the event horizon calling the kettle black."
rick at linuxmafia.com -- Adam Barr, former Microsoft Corp. programmer