From brian at planetshwoop.com Tue Oct 1 07:33:01 2002 From: brian at planetshwoop.com (Brian Sobolak) Date: Tue, 1 Oct 2002 09:33:01 -0500 (CDT) Subject: [buug] login accounting, webmail Message-ID: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com> hi everyone I got a message today that said: Doing login accounting: total 420.72 brian 420.72 as part of my monthly security run output for my FreeBSD 4.5 box. Exactly what does the figure represent? Anyone point me to a man page where I can find more? Also, I wrote about a month ago asking for how to solve the problem of having my domain not work internally on the firewall. I don't know why I didn't think of it, but of course Ian's solution of a well constructed hosts file worked fine. Also worth noting: SquirrelMail rules. The most recent version no longer requires global parameters be turned on (a security risk and why it was banned at a lot of hosting companies). This is probably one of the best mail clients I've ever used. brian From dave at mikamyla.com Tue Oct 1 08:43:13 2002 From: dave at mikamyla.com (Dave Barry) Date: Tue, 1 Oct 2002 08:43:13 -0700 Subject: [buug] login accounting, webmail In-Reply-To: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com> References: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com> Message-ID: <20021001154313.GA8486@mikamyla.com> On Tue, Oct 01, 2002 , Brian Sobolak wrote: > > hi everyone > > I got a message today that said: > > > Doing login accounting: > total 420.72 > brian 420.72 > > > as part of my monthly security run output for my FreeBSD 4.5 box. > > Exactly what does the figure represent? Anyone point me to a man page > where I can find more? 'man ac' provides: >If the file /var/log/wtmp exists, a record of >individual login and logout times are written to it by login(1) and >init(8), respectively. Ac examines these records and writes the >accumulated connect time (in hours) for all logins to the standard >output. -- Dave Barry Disgruntled Windows Monkey http://psax.org/~dave Happy Linux User! dave at mikamyla.com From unixjavabob at yahoo.com Tue Oct 1 11:03:07 2002 From: unixjavabob at yahoo.com (Bob Read) Date: Tue, 1 Oct 2002 11:03:07 -0700 (PDT) Subject: [buug] login accounting, webmail In-Reply-To: <20021001154313.GA8486@mikamyla.com> Message-ID: <20021001180307.99330.qmail@web13802.mail.yahoo.com> > > 420.72 I believe this number is the current stardate....no, wait! The current stardate is 56249.1 : http://www.echelonfleet.com/html/body_stardate_calculator.htm ===== ----------------------------------------- Bob Read Senior Unix Administrator/DBA/Programmer cell (510)-703-1634 unixjavabob at yahoo.com ----------------------------------------- __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com From rick at linuxmafia.com Tue Oct 1 11:14:27 2002 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 1 Oct 2002 11:14:27 -0700 Subject: [buug] login accounting, webmail In-Reply-To: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com> References: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com> Message-ID: <20021001181427.GP19163@linuxmafia.com> Quoting Brian Sobolak (brian at planetshwoop.com): > I got a message today that said: > > > Doing login accounting: > total 420.72 > brian 420.72 > > > as part of my monthly security run output for my FreeBSD 4.5 box. You'd better get that cheque to Marshall Kirk McKusick in the mail _today_. I hear they go after deadbeats with pitchforks. -- Cheers, "Teach a man to make fire, and he will be warm Rick Moen for a day. Set a man on fire, and he will be warm rick at linuxmafia.com for the rest of his life." -- John A. Hrastar From atporter at primate.net Tue Oct 1 11:12:41 2002 From: atporter at primate.net (Aaron T Porter) Date: Tue, 1 Oct 2002 11:12:41 -0700 Subject: [buug] login accounting, webmail In-Reply-To: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com> References: <46832.63.73.213.5.1033482781.squirrel@www.planetshwoop.com> Message-ID: <20021001181241.GG19502@primate.net> On Tue, Oct 01, 2002 at 09:33:01AM -0500, Brian Sobolak wrote: > Also worth noting: SquirrelMail rules. The most recent version no longer > requires global parameters be turned on (a security risk and why it was > banned at a lot of hosting companies). This is probably one of the best > mail clients I've ever used. Of course you're using this over SSL and your IMAP server only binds to localhost, right? Squirrel mail is indeed neat, some of the plugins are quite clever. From webmaster at hawaiidakine.com Wed Oct 2 12:51:09 2002 From: webmaster at hawaiidakine.com (al plant) Date: Wed, 02 Oct 2002 09:51:09 -1000 Subject: [buug] CD Rom Burner on FreeBSD Message-ID: <3D9B4E2D.D174FE54@hawaiidakine.com> Hi, Anyone have the name of a brand of CD Burner that works under FreeBSD? Aloha! Al Plant - Webmaster http://hawaiidakine.com Providing FAST DSL Service for $28.00 /mo. Member Small Business Hawaii. Running FreeBSD 4.5 UNIX & Caldera Linux 2.4 & RedHat 7.2 Support OPEN SOURCE in Business Computing. Phone 808-622-0043 From jzitt at josephzitt.com Wed Oct 2 12:58:03 2002 From: jzitt at josephzitt.com (Joseph Zitt) Date: Wed, 2 Oct 2002 12:58:03 -0700 Subject: [buug] NTP Time Setting Message-ID: <20021002125803.4b759955.jzitt@josephzitt.com> I'm trying to figure out how to set my system clock by a remote system, but the more that I read, the less I understand. Could someone suggest a one-liner command (or something similarly simple) by which I could set my clock from an appropriate host? Thanks for any enlightenment. -- | josephzitt at josephzitt.com http://www.josephzitt.com/ | | http://www.metatronpress.com/jzitt/ http://www.mp3.com/josephzitt/ | | == New book: Surprise Me with Beauty: the Music of Human Systems == | | Comma / Gray Code Silence: the John Cage Discussion List | From dave at mikamyla.com Wed Oct 2 13:28:53 2002 From: dave at mikamyla.com (Dave Barry) Date: Wed, 2 Oct 2002 13:28:53 -0700 Subject: [buug] NTP Time Setting In-Reply-To: <20021002125803.4b759955.jzitt@josephzitt.com> References: <20021002125803.4b759955.jzitt@josephzitt.com> Message-ID: <20021002202853.GA21333@mikamyla.com> Quothe Joseph Zitt , on Wed, Oct 02, 2002: > I'm trying to figure out how to set my system clock by a remote system, > but the more that I read, the less I understand. Could someone suggest > a one-liner command (or something similarly simple) by which I could > set my clock from an appropriate host? > > Thanks for any enlightenment. The deprecated way of doing this is: $ ntpdate I use: $ ntpdate tick.mit.edu but check out a list of public ntp servers at http://www.eecis.udel.edu/~mills/ntp/clock1.htm I believe the official way of doing things is to run ntpd locally, and have it adjust the clock gradually, rather than in one foul swoop via ntpdate. -- Dave Barry Disgruntled Windows Monkey http://psax.org/~dave Happy Linux User! dave at mikamyla.com From jzitt at metatronpress.com Wed Oct 2 13:45:25 2002 From: jzitt at metatronpress.com (Joseph Zitt) Date: Wed, 2 Oct 2002 13:45:25 -0700 Subject: [buug] NTP Time Setting In-Reply-To: <20021002202853.GA21333@mikamyla.com> References: <20021002125803.4b759955.jzitt@josephzitt.com> <20021002202853.GA21333@mikamyla.com> Message-ID: <20021002134525.63d9c911.jzitt@metatronpress.com> On Wed, 2 Oct 2002 13:28:53 -0700 Dave Barry wrote: > I believe the official way of doing things is to run ntpd locally, > and have it adjust the clock gradually, rather than in one foul swoop > via ntpdate. Yep, it appears that I do have ntpd running, but it doesn't appear to be doing anything. I've found a page with a bewildering plethora of possibilities at http://www.eecis.udel.edu/~ntp/ntp_spool/html/ntpd.htm but I haven't figured out how get it to actually set the time on my system. One concern that I have about its working automatically is that I'm on dialup (ugh), and so it probably wouldn't be able to check itself on a regular schedule. Would this be a problem? -- | josephzitt at josephzitt.com http://www.josephzitt.com/ | | http://www.metatronpress.com/jzitt/ http://www.mp3.com/josephzitt/ | | == New book: Surprise Me with Beauty: the Music of Human Systems == | | Comma / Gray Code Silence: the John Cage Discussion List | From psoltani at ultradns.com Wed Oct 2 14:26:32 2002 From: psoltani at ultradns.com (Patrick Soltani) Date: Wed, 2 Oct 2002 14:26:32 -0700 Subject: [buug] CD Rom Burner on FreeBSD Message-ID: <3DBB075EEB95944492E127F2B9A96FAF5DDBC6@ultra-exchange.ultradns.com> I have not tested all the brands, but from my experience, any run of the mill cd burner should work although scsi works much better than IDE. I have had very limited success with IDE burners, but Scsi's should be very straight forward; Plextor, sony, etc. Regards, Patrick Soltani. > -----Original Message----- > From: al plant [mailto:webmaster at hawaiidakine.com] > Sent: Wednesday, October 02, 2002 12:51 PM > To: FreeBSD > Subject: [buug] CD Rom Burner on FreeBSD > > > > Hi, > > Anyone have the name of a brand of CD Burner that works > under FreeBSD? > > Aloha! Al Plant - Webmaster http://hawaiidakine.com > Providing FAST DSL Service for $28.00 /mo. Member Small > Business Hawaii. > Running FreeBSD 4.5 UNIX & Caldera Linux 2.4 & RedHat 7.2 > Support OPEN SOURCE in Business Computing. Phone 808-622-0043 > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug > From billoomal at yahoo.com Wed Oct 2 14:37:40 2002 From: billoomal at yahoo.com (HD) Date: Wed, 2 Oct 2002 14:37:40 -0700 (PDT) Subject: [buug] Spare Peecees Message-ID: <20021002213740.47738.qmail@web13005.mail.yahoo.com> Hi, I happen to be moving from the area, and I have a three peecees to give away. I am looking for a home for them where they would probably be used and not salvaged :) 1 Pentium 90 x 24 mb RAM x 540 mb drive 1 Pentium 100 x 32 mb ram x 540 mb drive + cdrom (NIC mostly works) 1 Dell XPS P100c (I am guessing that is a Pentium 100mhz - no hard drive) - 2 old monitors, not the greatest but good enough for console - keyboards + mice for two computers Please let me know at the earliest, since I need to resolve this by today or latest by tomorrow. I live in Berkeley, and you would have to arrange to pick them up. Cheers! HD __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com From dave at mikamyla.com Wed Oct 2 14:33:47 2002 From: dave at mikamyla.com (Dave Barry) Date: Wed, 2 Oct 2002 14:33:47 -0700 Subject: [buug] NTP Time Setting In-Reply-To: <20021002134525.63d9c911.jzitt@metatronpress.com> References: <20021002125803.4b759955.jzitt@josephzitt.com> <20021002202853.GA21333@mikamyla.com> <20021002134525.63d9c911.jzitt@metatronpress.com> Message-ID: <20021002213347.GA21542@mikamyla.com> Quothe Joseph Zitt , on Wed, Oct 02, 2002: > One concern that I have about its working automatically is that I'm on > dialup (ugh), and so it probably wouldn't be able to check itself on a > regular schedule. Would this be a problem? > Probably more of a headache than its worth. I guess it depends on whether or not your dialup is connected all the time. I would suggest just running ntpdate as part of your dialup script, that way you'll sync every time you connect. Your other option is to run ntpd, and have it demand-dial when it needs to sync, but this seems like overkill, as I imagine it will be dialing quite often. -- Dave Barry Disgruntled Windows Monkey/technician http://psax.org/~dave Happy Linux User! dave at mikamyla.com From itz at speakeasy.org Wed Oct 2 15:10:06 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 02 Oct 2002 15:10:06 -0700 Subject: [buug] NTP Time Setting In-Reply-To: <20021002213347.GA21542@mikamyla.com> References: <20021002125803.4b759955.jzitt@josephzitt.com> <20021002202853.GA21333@mikamyla.com> <20021002134525.63d9c911.jzitt@metatronpress.com> <20021002213347.GA21542@mikamyla.com> Message-ID: <867kh08pc1.fsf@kronstadt.homeunix.net> Joseph> One concern that I have about its working automatically is Joseph> that I'm on dialup (ugh), and so it probably wouldn't be able Joseph> to check itself on a regular schedule. Would this be a Joseph> problem? Dave> Probably more of a headache than its worth. I guess it depends Dave> on whether or not your dialup is connected all the time. I Dave> would suggest just running ntpdate as part of your dialup Dave> script, that way you'll sync every time you connect. Your other Dave> option is to run ntpd, and have it demand-dial when it needs to Dave> sync, but this seems like overkill, as I imagine it will be Dave> dialing quite often. Have a look at chrony: http://chrony.sunsite.dk/index.php It is an alternative ntp client, more lightweight in some ways IIRC, and good behaviour on a dial-up connection is one of its selling points. I would enclose my config file, except I myself switched to ntpd after a lifetime of chrony use just a couple of months ago. -- Ian Zimmerman, Oakland, California, U.S.A. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 EngSoc adopts market economy: cheap is wasteful, efficient is expensive. From jan at caustic.org Wed Oct 2 15:27:04 2002 From: jan at caustic.org (f.johan.beisser) Date: Wed, 2 Oct 2002 15:27:04 -0700 (PDT) Subject: [buug] CD Rom Burner on FreeBSD In-Reply-To: <3D9B4E2D.D174FE54@hawaiidakine.com> Message-ID: <20021002152445.H67581-100000@pogo.caustic.org> On Wed, 2 Oct 2002, al plant wrote: > Anyone have the name of a brand of CD Burner that works under FreeBSD? any of the brands should work. if it's IDE, use burncd(8) to do the burn. FreeBSD is remarkably agnostic about such things. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche From jan at caustic.org Wed Oct 2 15:32:36 2002 From: jan at caustic.org (f.johan.beisser) Date: Wed, 2 Oct 2002 15:32:36 -0700 (PDT) Subject: [buug] NTP Time Setting In-Reply-To: <20021002125803.4b759955.jzitt@josephzitt.com> Message-ID: <20021002152714.C67581-100000@pogo.caustic.org> On Wed, 2 Oct 2002, Joseph Zitt wrote: > I'm trying to figure out how to set my system clock by a remote system, > but the more that I read, the less I understand. Could someone suggest > a one-liner command (or something similarly simple) by which I could > set my clock from an appropriate host? if the system is online 24/7, or "most of the time" you may just use ntpd. the simplest config file will define the driftfile (essentially the "lag time" between the server and the NTP client), and the server. [root at pogo jan] {35}$ cat /etc/ntp.conf # NTP conf file for POGO.caustic.org # driftfile /etc/ntp.drift server 128.118.25.3 # clock.psu.edu server 17.254.0.26 # time.apple.com server 204.34.198.41 # tock.usnogps.navy.mil > Thanks for any enlightenment. hope this gives you a starting point. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche From billoomal at yahoo.com Wed Oct 2 15:32:43 2002 From: billoomal at yahoo.com (HD) Date: Wed, 2 Oct 2002 15:32:43 -0700 (PDT) Subject: [buug] Spare Peecees In-Reply-To: <20021002213740.47738.qmail@web13005.mail.yahoo.com> Message-ID: <20021002223243.64643.qmail@web13005.mail.yahoo.com> In response to the earlier questions: - The monitors are 14 inch monitors - All the drives are IDE - I can take a guess on the memory modules; 24 mb = 3 x 8mb? 32 mb = 2 x 16 mb I am sorry, I can't be more precise (coz I would have to open the boxes up), I am in a huge rush to get a lot of other things done. Thanks once again. HD --- HD wrote: > Hi, > I happen to be moving from the area, and I have a > three peecees to give away. I am looking for a home > for them where they would probably be used and not > salvaged :) > > 1 Pentium 90 x 24 mb RAM x 540 mb drive > 1 Pentium 100 x 32 mb ram x 540 mb drive + cdrom > (NIC > mostly works) > 1 Dell XPS P100c (I am guessing that is a Pentium > 100mhz - no hard drive) > - 2 old monitors, not the greatest but good enough > for > console > - keyboards + mice for two computers > > Please let me know at the earliest, since I need to > resolve this by today or latest by tomorrow. > > I live in Berkeley, and you would have to arrange to > pick them up. > > Cheers! > HD > > __________________________________________________ > Do you Yahoo!? > New DSL Internet Access from SBC & Yahoo! > http://sbc.yahoo.com > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com From webmaster at hawaiidakine.com Wed Oct 2 20:14:21 2002 From: webmaster at hawaiidakine.com (al plant) Date: Wed, 02 Oct 2002 17:14:21 -1000 Subject: [buug] Floppy Mounting Message-ID: <3D9BB60D.4DD9AA25@hawaiidakine.com> Hi, I have a FreeBSD 4.5 box that I want to use a floppy drive on to load some files on to the BOX. For some reason when I installed the box the CDrom and all other drives were created in the /etc/fstab directory. But the floppy is not there. I have done it in Linux to create this, but FreeBSD is different. Do you know what the steps are to create the /dev/fd0 /floppy and so on in the fstab? Or can you point me to a how-to. The three references I have here on the shelf assume that the files were already created with the installation so they just describe how to mount them. Or should I look at a hardware issue with the floppy? Thanks, Aloha! Al Plant - Webmaster http://hawaiidakine.com Providing FAST DSL Service for $28.00 /mo. Member Small Business Hawaii. Running FreeBSD 4.5 UNIX & Caldera Linux 2.4 & RedHat 7.2 Support OPEN SOURCE in Business Computing. Phone 808-622-0043 From mjh at icir.org Wed Oct 2 21:12:41 2002 From: mjh at icir.org (Mark Handley) Date: Wed, 02 Oct 2002 21:12:41 -0700 Subject: [buug] Floppy Mounting In-Reply-To: Your message of "Wed, 02 Oct 2002 17:14:21 -1000." <3D9BB60D.4DD9AA25@hawaiidakine.com> Message-ID: <24083.1033618361@vulture.icir.org> >Hi, > > >I have a FreeBSD 4.5 box that I want to use a floppy drive on to load >some files on to the BOX. > >For some reason when I installed the box the CDrom and all other drives >were created in the /etc/fstab directory. > >But the floppy is not there. > >I have done it in Linux to create this, but FreeBSD is different. > >Do you know what the steps are to create the /dev/fd0 /floppy and so >on in the fstab? > >Or can you point me to a how-to. The three references I have here on the >shelf assume that the files were already created with the installation >so they just describe how to mount them. > >Or should I look at a hardware issue with the floppy? Look in /var/run/dmesg.boot You should see something like: fd0: <1440-KB 3.5" drive> on fdc0 drive 0 If this isn't there, then the OS isn't probing the floppy drive. If it is, then you should be able to mount it using the mount command. Make a directory to use as a mount point: mkdir /floppy If it's a DOS floppy: mount -t msdos /dev/fd0 /floppy If it's a UFS (Unix) floppy: mount /dev/fd0 /floppy When you're happy it works, don't forget to cd out of /floppy and do "umount /floppy" before ejecting the floppy. If you have any problem with the device, you might try: cd /dev ./MAKEDEV fd0 But this shouldn't be necessary. Assuming you can manually mount the floppy successfully, then you might add an fstab entry something like: # Device Mountpoint FStype Options Dump Pass# /dev/fd0 /floppy msdos rw 0 0 "msdos" should be replaced with "ufs" if you're going to be mounting Unix floppies. But I usually don't put /floppy in fstab, because I sometimes mount Unix floppies and sometimes DOS floppies, and so I just mount them manually, as above. Hope this helps, Mark From jan at caustic.org Wed Oct 2 21:14:41 2002 From: jan at caustic.org (f.johan.beisser) Date: Wed, 2 Oct 2002 21:14:41 -0700 (PDT) Subject: [buug] Floppy Mounting In-Reply-To: <3D9BB60D.4DD9AA25@hawaiidakine.com> Message-ID: <20021002204629.F67581-100000@pogo.caustic.org> On Wed, 2 Oct 2002, al plant wrote: > I have a FreeBSD 4.5 box that I want to use a floppy drive on to load > some files on to the BOX. > > For some reason when I installed the box the CDrom and all other drives > were created in the /etc/fstab directory. well, the obvious starting point is "man fstab" > But the floppy is not there. floppies rarely are. being that they're somewhat useless overall (i tend to tar files to them, or occasionally use them as boot floppies..) > I have done it in Linux to create this, but FreeBSD is different. > > Do you know what the steps are to create the /dev/fd0 /floppy and so > on in the fstab? you're close. generally, floppies don't need to be mounted.. if you do, you might not have the right fstype. > Or can you point me to a how-to. The three references I have here on the > shelf assume that the files were already created with the installation > so they just describe how to mount them. http://www.freebsd.org/handbook/ > Or should I look at a hardware issue with the floppy? you may also want to go through the freebsd-questions archive at: http://marc.theaimsgroup.com -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche From cmsclaud at arches.uga.edu Wed Oct 2 21:14:30 2002 From: cmsclaud at arches.uga.edu (Claude Rubinson) Date: Thu, 3 Oct 2002 00:14:30 -0400 (EDT) Subject: [buug] Cat-5 cable? Message-ID: I was wondering if anyone had some spare Cat-5 cable (with connectors) that they bring to the meeting tomorrow? I'm looking for around 20-25 feet and would be happy to pay you for your trouble. Thanks, Claude From jammer at weak.org Wed Oct 2 22:02:23 2002 From: jammer at weak.org (Jon McClintock) Date: Wed, 2 Oct 2002 22:02:23 -0700 Subject: [buug] Cat-5 cable? In-Reply-To: References: Message-ID: <20021003050222.GC18642@weak.org> On Thu, Oct 03, 2002 at 12:14:30AM -0400, Claude Rubinson wrote: > I was wondering if anyone had some spare Cat-5 cable (with connectors) > that they bring to the meeting tomorrow? I'm looking for around 20-25 > feet and would be happy to pay you for your trouble. I can bring some...How many connectors do you need? -Jon From cmsclaud at arches.uga.edu Wed Oct 2 22:13:07 2002 From: cmsclaud at arches.uga.edu (Claude Rubinson) Date: Thu, 3 Oct 2002 01:13:07 -0400 (EDT) Subject: [buug] Cat-5 cable? In-Reply-To: <20021003050222.GC18642@weak.org> Message-ID: On Wed, 2 Oct 2002, Jon McClintock wrote: > On Thu, Oct 03, 2002 at 12:14:30AM -0400, Claude Rubinson wrote: > > I was wondering if anyone had some spare Cat-5 cable (with connectors) > > that they bring to the meeting tomorrow? I'm looking for around 20-25 > > feet and would be happy to pay you for your trouble. > > I can bring some...How many connectors do you need? Just two. Thanks! Claude From itz at speakeasy.org Sat Oct 5 00:56:00 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 05 Oct 2002 00:56:00 -0700 Subject: [buug] lcc, the alternative C compiler Message-ID: <86y99duxnz.fsf@kronstadt.homeunix.net> At the meeting i mentioned lcc, the light fast ANSI C compiler. It turns out there's a recent version (4.2) out that can once again be built on Linux/gcc/glibc. Some of the tests appear to fail but bootstrapping the compiler with itself, the ultimate test, succeeds, so I think the failures are just due to obsolete inputs. It can be downloaded from http://www.cs.princeton.edu/software/lcc/ (Unfortunately the build is quite labor-intensive for those addicted to autoconf.) -- Ian Zimmerman, Oakland, California, U.S.A. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 EngSoc adopts market economy: cheap is wasteful, efficient is expensive. From billoomal at yahoo.com Fri Oct 11 10:16:18 2002 From: billoomal at yahoo.com (HD) Date: Fri, 11 Oct 2002 10:16:18 -0700 (PDT) Subject: [buug] Migrating from Exchange 5.5 to Linux Message-ID: <20021011171618.11941.qmail@web13005.mail.yahoo.com> Hi, I am considering migrating my mail server from Exchange 5.5 to a linux based email server. I have searched the web a little and haven't found any white paper or anything of the sort. Could someone recommend some sites with appropriate information and/or even suggest some mail servers to use? Thanks a lot! Cheers! HD __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com From rick at linuxmafia.com Fri Oct 11 10:38:15 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 11 Oct 2002 10:38:15 -0700 Subject: [buug] Migrating from Exchange 5.5 to Linux In-Reply-To: <20021011171618.11941.qmail@web13005.mail.yahoo.com> References: <20021011171618.11941.qmail@web13005.mail.yahoo.com> Message-ID: <20021011173814.GE32418@linuxmafia.com> Quoting HD (billoomal at yahoo.com): > Could someone recommend some sites with appropriate information and/or > even suggest some mail servers to use? Have a look at http://www.suse.com/us/business/products/suse_business/email_server/ It's actually just a bunch of standard, good open-source components (Postfix, Apache, Cyrus IMAP, OpenLDAP, OpenSSL) preconfigured to work well with one another, plus a couple of proprietary components: YaST2 for graphical administration, and SkyrixGreen for integrated scheduling and group discussions. Usually, when you're trying to convince pointy-hairs to use a Unix mail solution, they instead drag you onto Exchange Server to get its scheduling, group discussions, and perceived "integration". The SuSE bundle seems designed to overcome the management-moron syndrome. And you should point out that, unlike Exchange Server, the SuSE Linux eMail Server (which is what they call it) won't corrupt its message store a couple of times a year. -- Cheers, Long ago, there lived a creature with a Rick Moen voice like a vacuum cleaner. We know little rick at linuxmafia.com about it, but we do know that it ate cats. From wfhoney at pacbell.net Fri Oct 11 10:45:24 2002 From: wfhoney at pacbell.net (Bill Honeycutt) Date: Fri, 11 Oct 2002 10:45:24 -0700 Subject: [buug] Migrating from Exchange 5.5 to Linux References: <20021011171618.11941.qmail@web13005.mail.yahoo.com> Message-ID: <3DA70E34.8DC5F8D5@pacbell.net> Not wanting to steal Rick Moen's thunder...but he sent me the following regarding MTA's recently: http://linuxmafia.com/~rick/linux-info/mtas Hope this is useful...I thought it was! HD wrote: > > Hi, > I am considering migrating my mail server from > Exchange 5.5 to a linux based email server. I have > searched the web a little and haven't found any white > paper or anything of the sort. > > Could someone recommend some sites with appropriate > information and/or even suggest some mail servers to > use? > > Thanks a lot! > > Cheers! > HD > > __________________________________________________ > Do you Yahoo!? > Faith Hill - Exclusive Performances, Videos & More > http://faith.yahoo.com > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug From rick at linuxmafia.com Fri Oct 11 11:25:14 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 11 Oct 2002 11:25:14 -0700 Subject: [buug] Migrating from Exchange 5.5 to Linux In-Reply-To: <3DA70E34.8DC5F8D5@pacbell.net> References: <20021011171618.11941.qmail@web13005.mail.yahoo.com> <3DA70E34.8DC5F8D5@pacbell.net> Message-ID: <20021011182514.GG32418@linuxmafia.com> Quoting Bill Honeycutt (wfhoney at pacbell.net): > Not wanting to steal Rick Moen's thunder...but he sent me the following > regarding MTA's recently: > > http://linuxmafia.com/~rick/linux-info/mtas > > Hope this is useful...I thought it was! 'Long as you're doing that: http://linuxmafia.com/~rick/linux-info/webmail -- Cheers, Rick Moen FORTH heart if honk then. rick at linuxmafia.com From atporter at primate.net Fri Oct 11 13:55:31 2002 From: atporter at primate.net (Aaron T Porter) Date: Fri, 11 Oct 2002 13:55:31 -0700 Subject: [buug] Migrating from Exchange 5.5 to Linux In-Reply-To: <20021011173814.GE32418@linuxmafia.com> References: <20021011171618.11941.qmail@web13005.mail.yahoo.com> <20021011173814.GE32418@linuxmafia.com> Message-ID: <20021011205531.GA26812@primate.net> On Fri, Oct 11, 2002 at 10:38:15AM -0700, Rick Moen wrote: > And you should point out that, unlike Exchange Server, the SuSE Linux > eMail Server (which is what they call it) won't corrupt its message > store a couple of times a year. Where's the job security in that?!?? From jan at caustic.org Fri Oct 11 13:58:46 2002 From: jan at caustic.org (f.johan.beisser) Date: Fri, 11 Oct 2002 13:58:46 -0700 (PDT) Subject: [buug] Migrating from Exchange 5.5 to Linux In-Reply-To: <20021011205531.GA26812@primate.net> Message-ID: <20021011135755.J30424-100000@pogo.caustic.org> On Fri, 11 Oct 2002, Aaron T Porter wrote: > Where's the job security in that?!?? be the only person on your block with the skills to fix it when it does die and kill the message store. just charge more per repair. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche From psoltani at ultradns.com Fri Oct 11 14:34:36 2002 From: psoltani at ultradns.com (Patrick Soltani) Date: Fri, 11 Oct 2002 14:34:36 -0700 Subject: [buug] Migrating from Exchange 5.5 to Linux Message-ID: <3DBB075EEB95944492E127F2B9A96FAF5DDC10@ultra-exchange.ultradns.com> you definitely want try the following link: http://www.postfix.org/ It is a very secure open source mail server which has a lot of built-in capabilities for third party modules such as virus scanners, spam filter, etc. Regards, Patrick Soltani. > -----Original Message----- > From: HD [mailto:billoomal at yahoo.com] > Sent: Friday, October 11, 2002 10:16 AM > To: buug at weak.org > Subject: [buug] Migrating from Exchange 5.5 to Linux > > > Hi, > I am considering migrating my mail server from > Exchange 5.5 to a linux based email server. I have > searched the web a little and haven't found any white > paper or anything of the sort. > > Could someone recommend some sites with appropriate > information and/or even suggest some mail servers to > use? > > Thanks a lot! > > Cheers! > HD > > __________________________________________________ > Do you Yahoo!? > Faith Hill - Exclusive Performances, Videos & More > http://faith.yahoo.com > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug > From john at jjdev.com Fri Oct 11 16:24:38 2002 From: john at jjdev.com (johnd) Date: Fri, 11 Oct 2002 16:24:38 -0700 Subject: [buug] Migrating from Exchange 5.5 to Linux In-Reply-To: <20021011171618.11941.qmail@web13005.mail.yahoo.com> References: <20021011171618.11941.qmail@web13005.mail.yahoo.com> Message-ID: <20021011232438.GB5909@master.theunixman.com> On Fri, Oct 11, 2002 at 10:16:18AM -0700, HD wrote: > Hi, > I am considering migrating my mail server from > Exchange 5.5 to a linux based email server. I have > searched the web a little and haven't found any white > paper or anything of the sort. > > Could someone recommend some sites with appropriate > information and/or even suggest some mail servers to > use? Check out http://asg.web.cmu.edu/cyrus/ From todd at LANtech-HI.com Sun Oct 13 14:17:27 2002 From: todd at LANtech-HI.com (Todd Lee) Date: Sun, 13 Oct 2002 11:17:27 -1000 Subject: [buug] RE: Buug digest, Vol 1 #388 - 8 msgs In-Reply-To: <20021012143832.2784.12096.Mailman@weak.org> Message-ID: <002a01c272fd$ef2077d0$0101000a@lantech1> I was wondering the same thing. I have used many mailers, as far as MTA's go, Exchange is easily beaten, but the main selling point of Exchange is its groupware ability i.e. the sharing of public folders. I've also looked at bynari.net and a few other suites like oracle's communicator, these all have the same licensing constraints although, they will run on many flavors of *nix. I was wondering if there was a GPL'd version out there that I never heard of? Thanks Todd Message: 1 Date: Fri, 11 Oct 2002 10:16:18 -0700 (PDT) From: HD To: buug at weak.org Subject: [buug] Migrating from Exchange 5.5 to Linux Hi, I am considering migrating my mail server from Exchange 5.5 to a linux based email server. I have searched the web a little and haven't found any white paper or anything of the sort. Could someone recommend some sites with appropriate information and/or even suggest some mail servers to use? Thanks a lot! Cheers! HD From rick at linuxmafia.com Tue Oct 15 07:42:41 2002 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 15 Oct 2002 07:42:41 -0700 Subject: [buug] RE: Buug digest, Vol 1 #388 - 8 msgs In-Reply-To: <002a01c272fd$ef2077d0$0101000a@lantech1> References: <20021012143832.2784.12096.Mailman@weak.org> <002a01c272fd$ef2077d0$0101000a@lantech1> Message-ID: <20021015144241.GT32418@linuxmafia.com> Quoting Todd Lee (todd at LANtech-HI.com): > I was wondering the same thing. I have used many mailers, as far as MTA's > go, Exchange is easily beaten, but the main selling point of Exchange is its > groupware ability i.e. the sharing of public folders. I've also looked at > bynari.net and a few other suites like oracle's communicator, these all have > the same licensing constraints although, they will run on many flavors of > *nix. I was wondering if there was a GPL'd version out there that I never > heard of? *ix guys will tell you that point'n'drool groupware isn't difficult to find. There are all sorts of Webified things like wiki software, for example. (Twiki is GPLed, for example, and there is similar stuff made using Zope.) If *ix guys want a group discussion for themselves, they'll have a mailing list -- or, better yet, a newsgroup. The executwits who get the hots for Exchange Server don't _just_ want group discussion, and they don't _just_ want GUIfied group discussion. They want "integration". They want the same client software (e.g., MS-Outlook) to do everything and anything, without their feeble little minds having to grasp the distinctions among e-mail, group discussion, and scheduling. When you include _that_ in the set of specifications to a *ix author who publishes tools for people under an open-source or viewable-source licence, he'll probably say "That level of integration is a bad idea. Not only does it lock you in to a proprietary, single-source architecture, but also it prevents you from using best-of-breed for each. And the whole hairball becomes a single point of failure liability. And for what?" If you tell him the executive staff want it anyway, he'll say "OK, since your executive staff want something really rather stupid, I'm going to have to spend a lot of time doing dumb, pointless work to put it together, so for that and to compensate me for what will probably be a significant support burden, I'm going to charge you a bunch of money and use proprietary licensing." And so here we are. -- Cheers, "That article and its poster have been cancelled." Rick Moen -- David B. O'Donnel, sysadmin for America Online rick at linuxmafia.com From brian at planetshwoop.com Tue Oct 15 11:13:54 2002 From: brian at planetshwoop.com (Brian Sobolak) Date: Tue, 15 Oct 2002 13:13:54 -0500 (CDT) Subject: [buug] RE: Buug digest, Vol 1 #388 - 8 msgs In-Reply-To: <20021015144241.GT32418@linuxmafia.com> References: <20021012143832.2784.12096.Mailman@weak.org> <002a01c272fd$ef2077d0$0101000a@lantech1> <20021015144241.GT32418@linuxmafia.com> Message-ID: <58651.63.73.213.5.1034705634.squirrel@www.planetshwoop.com> Rick Moen said: > Quoting Todd Lee (todd at LANtech-HI.com): > > The executwits who get the hots for Exchange Server don't _just_ want > group discussion, and they don't _just_ want GUIfied group discussion. > They want "integration". They want the same client software (e.g., > MS-Outlook) to do everything and anything, without their feeble little > minds having to grasp the distinctions among e-mail, group discussion, > and scheduling. > I was just having this dicussion yesterday. In my experience, people don't even use this "groupware" functions they're buying in the first place. Beyond meeting scheduling and *maybe* group address book, I can't say that I've ever really seen these features used. The times that I have were at tiny companies were people could communicate with one another directly, so putting things in a shared folder actually made sense. The Lotus Notes/Exchange Servers of the world are basically very, very crappy, extremely overpriced mail clients. Because 90% of the time, that's what they're used for. > If you tell him the executive staff want it anyway, he'll say "OK, since > your executive staff want something really rather stupid, I'm going to > have to spend a lot of time doing dumb, pointless work to put it > together, so for that and to compensate me for what will probably be a > significant support burden, I'm going to charge you a bunch of money and > use proprietary licensing." > > And so here we are. > I saw this in action recently. The guy that sits across the hall from me argues that even though THE ENTIRE COMPANY thinks pretty much that Notes stinks, we should keep it because the cost of transitioning away from it would be too high. When I told him that for the cost of what we pay for one year's worth of Notes software I could build and buy the email, calendaring, and "groupware" software for the entire firm, he finally started listening. I think a big part of the problem is that when the discussion is only "Notes vs. Exchange", the idea that you could use something else is shocking. Does Microsoft use Exchange for Hotmail? I doubt it. I'm *sure* Yahoo doesn't. brian ps I've been thinking about writing a series of "groupware" articles for DaemonNews, basically covering tools such as mailman, weblog software, calendaring, etc. Time to get crackin'. From itz at speakeasy.org Tue Oct 15 23:07:38 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 15 Oct 2002 23:07:38 -0700 Subject: [buug] ANN: pdig - a simpler, better(?) dig in perl Message-ID: <86fzv6zzkl.fsf@kronstadt.homeunix.net> I wrote this after having tried - and failed - to come up with a simple way to parse dig(1) output. Testing would be appreciated. -------------- next part -------------- A non-text attachment was scrubbed... Name: pdig.1 Type: application/octet-stream Size: 11856 bytes Desc: pdig manual page URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pdig Type: application/octet-stream Size: 4601 bytes Desc: pdig perl script URL: -------------- next part -------------- -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From evans at ncseweb.org Thu Oct 17 22:10:28 2002 From: evans at ncseweb.org (Skip Evans) Date: Thu, 17 Oct 2002 22:10:28 -0700 Subject: [buug] Samba and DHCP Message-ID: <5.1.0.14.0.20021017220409.02c37458@mail.mindspring.com> Hi all, I was having a problem with a Linksys router that kept giving an IP address to my FreeBSD box and replacing it's static one, making it in accessible from the outside (it's basically just a list server at this point). To fix the problem I put this in rc.conf # DHCP disabled 2002-09-18 to prevent linksys from sending # its IP to this box -- skip # ifconfig_sis0="DHCP" hostname="ncseweb2.org" A friend is helping me get Samba up and going and thinks this is preventing Samba from working. Anyone think this is the case? Any kind of resolution would be helpful. If a diagram of the network layout would be helpful, contact me off list and I'll attach it to a response. Thanks! Missed the last couple of buug meetings but plan on coming back soon. Skip Evans Network Project Director National Center for Science Education 420 40th St, Suite 2 Oakland, CA 94609 510-601-7203 Ext. 308 510-601-7204 (fax) 800-290-6006 evans at ncseweb.org http://www.ncseweb.org NCSE now has a one way broadcast news list. Please note that this is NOT a discussion list. You cannot post messages for members to receive. We use this list to broadcast news about the creationism/evolution issue to interested parties. To sign up send: subscribe ncse your at email.address to: majordomo at inia.cls.org From jan at caustic.org Thu Oct 17 22:16:56 2002 From: jan at caustic.org (f.johan.beisser) Date: Thu, 17 Oct 2002 22:16:56 -0700 (PDT) Subject: [buug] Samba and DHCP In-Reply-To: <5.1.0.14.0.20021017220409.02c37458@mail.mindspring.com> Message-ID: <20021017221432.M30424-100000@pogo.caustic.org> On Thu, 17 Oct 2002, Skip Evans wrote: > A friend is helping me get Samba up and going and > thinks this is preventing Samba from working. can you have him explain why he thinks that? > Anyone think this is the case? Any kind of resolution > would be helpful. If a diagram of the network layout would > be helpful, contact me off list and I'll attach it to a response. i find it very doubtful that samba would not work due to a static IP being used. highly doubtful, actually. if anything, i'd check your samba configuration first and formost. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche From itz at speakeasy.org Thu Oct 17 22:26:33 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 17 Oct 2002 22:26:33 -0700 Subject: [buug] Samba and DHCP In-Reply-To: <5.1.0.14.0.20021017220409.02c37458@mail.mindspring.com> References: <5.1.0.14.0.20021017220409.02c37458@mail.mindspring.com> Message-ID: <8665w0z59y.fsf@kronstadt.homeunix.net> Skip> hostname="ncseweb2.org" Skip> A friend is helping me get Samba up and going and thinks this is Skip> preventing Samba from working. I can't say if this has anything to do with your Samba problem, but I have always disliked this kind of alias, where a host is named the same as the entire domain. Could you give it a hostname of its own, like lists.ncseweb2.org? And why is the domain different from your other one (ncseweb.org) anyway? -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From brian at planetshwoop.com Fri Oct 18 08:42:47 2002 From: brian at planetshwoop.com (Brian Sobolak) Date: Fri, 18 Oct 2002 10:42:47 -0500 (CDT) Subject: [buug] Gentoo, Bluecurve and Linux too! Message-ID: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> hi fellow good buug people, I'm thinking about picking up a new PC soon and think I might switch from my normal FreeBSD self to Linux, since Linux on the desktop is looking more appealing than it did 18 months ago. Two Linux questions: 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people on this list are big Debian fans, but Gentoo looks appealing as well. 2. Anyone tried RH 8.0 and Bluecurve? I probably won't go with Red Hat since I am not a fan of the RPM system, but I am interested in hearing people's opinions. brian From cmsclaud at arches.uga.edu Fri Oct 18 09:26:31 2002 From: cmsclaud at arches.uga.edu (Claude Rubinson) Date: Fri, 18 Oct 2002 09:26:31 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> Message-ID: <20021018162631.GA6173@wagner> On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote: > 2. Anyone tried RH 8.0 and Bluecurve? I probably won't go with Red Hat > since I am not a fan of the RPM system, but I am interested in hearing > people's opinions. Well, I haven't used Gentoo but I'm certainly aware of Aaron's opinion on this one. :) You know the sound a cat makes when coughing up a hairball? That's the same sound that Aaron makes when anyone asks about RH's new look. Hope this helps! Claude From wfhoney at pacbell.net Fri Oct 18 09:43:19 2002 From: wfhoney at pacbell.net (Bill Honeycutt) Date: Fri, 18 Oct 2002 09:43:19 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018162631.GA6173@wagner> Message-ID: <3DB03A27.9EF16997@pacbell.net> Claude Rubinson wrote: > > On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote: > > You know the sound a cat makes when coughing up a hairball? Ack!!! Pfffft! _____/| \ . + | =( )= U From john at jjdev.com Fri Oct 18 09:42:50 2002 From: john at jjdev.com (johnd) Date: Fri, 18 Oct 2002 09:42:50 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> Message-ID: <20021018164250.GA7857@master.compound.theunixman.com> On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote: > > hi fellow good buug people, > > I'm thinking about picking up a new PC soon and think I might switch from > my normal FreeBSD self to Linux, since Linux on the desktop is looking > more appealing than it did 18 months ago. > > Two Linux questions: > > 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people on > this list are big Debian fans, but Gentoo looks appealing as well. Yes. What do you want to know about it? I really appreciate the way it builds everything from source. Before Gentoo I've always usedlackware. I would typically do a minimal install then build the rest of the system from source. I never used any kind of package management tools till Gentoo. Make sure you understand the bandwidth needs gentoo can demand. If you do a Stage 1 install, it pretty much down loads everything on the fly. Having a powerful machine is good, too. I've installed Gentoo on a x86 box and a G4. If you have the time (like half a day), Gentoo is good. If you just want to get a server up and running, you may want to pick a different distro. -johnd From atporter at primate.net Fri Oct 18 09:57:58 2002 From: atporter at primate.net (Aaron T Porter) Date: Fri, 18 Oct 2002 09:57:58 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018162631.GA6173@wagner> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018162631.GA6173@wagner> Message-ID: <20021018165758.GD13295@primate.net> On Fri, Oct 18, 2002 at 09:26:31AM -0700, Claude Rubinson wrote: > On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote: > > > 2. Anyone tried RH 8.0 and Bluecurve? I probably won't go with Red Hat > > since I am not a fan of the RPM system, but I am interested in hearing > > people's opinions. > > Well, I haven't used Gentoo but I'm certainly aware of Aaron's opinion > on this one. :) You know the sound a cat makes when coughing up a > hairball? That's the same sound that Aaron makes when anyone asks > about RH's new look. I dunno, my cat's don't sound quite *that* bad :) From atporter at primate.net Fri Oct 18 10:04:30 2002 From: atporter at primate.net (Aaron T Porter) Date: Fri, 18 Oct 2002 10:04:30 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> Message-ID: <20021018170430.GE13295@primate.net> On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote: > 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people on > this list are big Debian fans, but Gentoo looks appealing as well. Gentoo probably speaks to your FreeBSD roots then. It definately looks like a nice setup, though I guess I just don't see the point in compiling everything locally if you're not actually doing it by hand. From john at jjdev.com Fri Oct 18 10:19:17 2002 From: john at jjdev.com (johnd) Date: Fri, 18 Oct 2002 10:19:17 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018170430.GE13295@primate.net> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> Message-ID: <20021018171917.GA10126@master.compound.theunixman.com> On Fri, Oct 18, 2002 at 10:04:30AM -0700, Aaron T Porter wrote: > On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote: > > > 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people on > > this list are big Debian fans, but Gentoo looks appealing as well. > > Gentoo probably speaks to your FreeBSD roots then. It definately > looks like a nice setup, though I guess I just don't see the point in > compiling everything locally if you're not actually doing it by hand. > _______________________________________________ The point is the same...why do you compile by hand? I don't do it for fun, I do it to take advantage of optimizations for my architecture. I would say: I don't see the point in compiling by hand if you can have a package do it for you. From atporter at primate.net Fri Oct 18 10:25:59 2002 From: atporter at primate.net (Aaron T Porter) Date: Fri, 18 Oct 2002 10:25:59 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018171917.GA10126@master.compound.theunixman.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> <20021018171917.GA10126@master.compound.theunixman.com> Message-ID: <20021018172559.GF13295@primate.net> On Fri, Oct 18, 2002 at 10:19:17AM -0700, johnd wrote: > > Gentoo probably speaks to your FreeBSD roots then. It definately > > looks like a nice setup, though I guess I just don't see the point in > > compiling everything locally if you're not actually doing it by hand. > > The point is the same...why do you compile by hand? There's definately something to be said for knowing intimately every package installed on your system, there's also the distribution downside of dependancy creep installing packages you might want but certainly don't need (it's kinda scary what Debian thinks I need installed to use Mozilla). That said, I certainly don't have the time to do it by hand anymore. From jeremy at nirvani.net Fri Oct 18 10:28:01 2002 From: jeremy at nirvani.net (Jeremy Brand, B.S.) Date: Fri, 18 Oct 2002 10:28:01 -0700 (PDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018170430.GE13295@primate.net> Message-ID: > On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote: > > > 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people > > on this list are big Debian fans, but Gentoo looks appealing as well. > > Thus spake Aaron T Porter: > Gentoo probably speaks to your FreeBSD roots then. It definately > looks like a nice setup, though I guess I just don't see the point in > compiling everything locally if you're not actually doing it by hand. This was explained to me by a Gentoo user. Basically, he liked it because all binaries on the system are for the exact processor (IE, i686, etc) as opposed to the very common distro compiles of i386 or i586. This was a poor argument, because I asked him how much faster his machine ran and he could not come up with any numbers. Not that I agree it's worth the time... I'm not sure if the time saved by having a i686 copiled /bin/rm command (and friends) is worth the time it takes to build an entire system. I think Gentoo appeals to the geeky-new-to-linux crowd, because other distros have become so easy to use. Think back 10 years, and this comment makes sense. Remember how nearly every day was a new kernel day, and every day was a chance that maybe one more piece of hardward worked in your computer. Ahh... the memories. However, as most of us have come to pass, we just want to get all that repetitive crap out of the way and for the most part are willing to trust someone else's compile for the bulk of our OS and there is no way most of us have the time to re-compile a whole system! Jeremy From brian at planetshwoop.com Fri Oct 18 10:24:36 2002 From: brian at planetshwoop.com (Brian Sobolak) Date: Fri, 18 Oct 2002 12:24:36 -0500 (CDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018164250.GA7857@master.compound.theunixman.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> Message-ID: <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> johnd said: > On Fri, Oct 18, 2002 at 10:42:47AM -0500, Brian Sobolak wrote: >> 1. Has anyone taken Gentoo Linux for a spin? I know a lot of people >> on this list are big Debian fans, but Gentoo looks appealing as well. > > Yes. What do you want to know about it? If you find the package system complete for your needs, if the package system actually works. Another question: if you had a new box and had to choose between Debian and Gentoo, which would you choose? > If you have the time (like half a day), Gentoo is good. If you just > want to get a server up and running, you may want to pick a different > distro. > I'm good enough at FreeBSD now that I can get through that pretty quickly. This wouldn't be a server system, it'd be a desktop (FreeBSD will stay on the server). Since there is more desktop software avail. for Linux than FreeBSD plus FreeBSD tends to be slightly behind on the Xwindows front, that's why I thought Gentoo might be worth a shot. brian From rick at linuxmafia.com Fri Oct 18 11:32:56 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 11:32:56 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018170430.GE13295@primate.net> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> Message-ID: <20021018183256.GB23586@linuxmafia.com> Quoting Aaron T Porter (atporter at primate.net): > Gentoo probably speaks to your FreeBSD roots then. It definately > looks like a nice setup, though I guess I just don't see the point in > compiling everything locally if you're not actually doing it by hand. Additionally, for the few places where you think it might a significant difference (may, XFree86), the Debian build tools make it quite easy to rebuild the debianised source tarballs with compiler options of your choosing. But some people are indeed liking Gentoo, others Sourcemage, Rock Linux, Lunar Linux, etc. All the same basic build-everything-from-source notion, variously implemented. -- Cheers, "Learning Java has been a slow and tortuous process for me. Every Rick Moen few minutes, I start screaming 'No, you fools!' and have to go rick at linuxmafia.com read something from _Structure and Interpretation of Computer Programs_ to de-stress." -- The Cube, www.forum3000.org From rick at linuxmafia.com Fri Oct 18 11:36:04 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 11:36:04 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> Message-ID: <20021018183604.GC23586@linuxmafia.com> Quoting Brian Sobolak (brian at planetshwoop.com): > Since there is more desktop software avail. for Linux than > FreeBSD plus FreeBSD tends to be slightly behind on the Xwindows front, > that's why I thought Gentoo might be worth a shot. So, give it a shot. All you need sacrifice is a machine state, a trivial amount of bandwidth draw, and a little of your time. -- Cheers, "That article and its poster have been cancelled." Rick Moen -- David B. O'Donnel, sysadmin for America Online rick at linuxmafia.com From psoltani at ultradns.com Fri Oct 18 11:32:29 2002 From: psoltani at ultradns.com (Patrick Soltani) Date: Fri, 18 Oct 2002 11:32:29 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! Message-ID: <3DBB075EEB95944492E127F2B9A96FAF539713@ultra-exchange.ultradns.com> > > I don't see the point in compiling by hand if you can have a > package do > it for you. > _______________________________________________ > How do you know the package give to you by the vendor is clean and not tampered with? You are trusting the vendor to have given you a good binary, but simply you don't know. With source, you'd know what is being compiled and built. Although I saw a warning from SendMail folks that someone had tampered with the sendmail source, however, even this extreme event is caught very fast by folks that do diff of the old source and the new ones. Guess that's the main benefit of the compiling the source; apart from getting high on compiler/linker switches that scroll off of the screen! :-) Regards, Patrick Soltani. From atporter at primate.net Fri Oct 18 11:37:40 2002 From: atporter at primate.net (Aaron T Porter) Date: Fri, 18 Oct 2002 11:37:40 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539713@ultra-exchange.ultradns.com> References: <3DBB075EEB95944492E127F2B9A96FAF539713@ultra-exchange.ultradns.com> Message-ID: <20021018183740.GH13295@primate.net> On Fri, Oct 18, 2002 at 11:32:29AM -0700, Patrick Soltani wrote: > > I don't see the point in compiling by hand if you can have a > > package do it for you. > > How do you know the package give to you by the vendor is clean and not > tampered with? You are trusting the vendor to have given you a good > binary, but simply you don't know. With source, you'd know what is > being compiled and built. > > Although I saw a warning from SendMail folks that someone had tampered > with the sendmail source, however, even this extreme event is caught > very fast by folks that do diff of the old source and the new ones. > Guess that's the main benefit of the compiling the source; apart from > getting high on compiler/linker switches that scroll off of the screen! :-) Blindly compiling packages is no more secure than using distribution binaries. You gain no inherent security through the act of running GCC yourself. Do you read the source before you compile it? Would you catch a backdoor, buffer overflow, trojan if you did? In the past 6 months we've seen both Sendmail and OpenSSH source distributions backdoored, in the past tcp_wrappers and others. In fact, the OpenSSH trojan was a compile time exploit -- building your own SSH was the only way to get hit by that, a binary package would have been safe! From jeremy at nirvani.net Fri Oct 18 11:49:02 2002 From: jeremy at nirvani.net (Jeremy Brand, B.S.) Date: Fri, 18 Oct 2002 11:49:02 -0700 (PDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539713@ultra-exchange.ultradns.com> Message-ID: Thus spake Patrick Soltani: > > I don't see the point in compiling by hand if you can have a > > package do > > it for you. > > _______________________________________________ > > > > How do you know the package give to you by the vendor is clean and not > tampered with? You are trusting the vendor to have given you a good > binary, but simply you don't know. With source, you'd know what is being > compiled and built. Do you really know? Most linux vendors ship the source for the binaries they compile. Yes, it is true they could do it differently, but does anyone have the time to read the source for binutils every time they compile, let alone sendmail! How, or why would you trust Gentoo's source to not be trojened. I don't think any legitimate vendor would tamper with much, but if you do a build of Gentoo from a server that has been tampered with, how would you know unless you _READ_ (and I don't only mean read, but also mean KNOW) the source wasn't tampered with either. > Although I saw a warning from SendMail folks that someone had tampered > with the sendmail source, however, even this extreme event is caught > very fast by folks that do diff of the old source and the new ones. > Guess that's the main benefit of the compiling the source; apart from > getting high on compiler/linker switches that scroll off of the screen! > :-) Vendors do this diff with their binaries too. Note, in the latests sendmail issue. Sendmail's source was tampered with, however (use redhat as an example), their sendmail was fine. So, who do you trust more? Eventually you have to marginally trust someone, or write your own OS. Jeremy From psoltani at ultradns.com Fri Oct 18 11:53:40 2002 From: psoltani at ultradns.com (Patrick Soltani) Date: Fri, 18 Oct 2002 11:53:40 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! Message-ID: <3DBB075EEB95944492E127F2B9A96FAF5DDC38@ultra-exchange.ultradns.com> > Blindly compiling packages is no more secure than using > distribution binaries. You gain no inherent security through > the act of > running GCC yourself. No arguments here Do you read the source before you > compile it? Would > you catch a backdoor, buffer overflow, trojan if you did? Yes and No. Yes, I check the source code usually thru MD5 finger prints, or pgp signatures. Also depending on the time I have, I browse thru the code. Do I catch the backdoors, trojans, etc, may be not, but diffing with the older version usually tells you what's up. With binary you don't have the option! with source you do. that's all. Oh one more thing, when something does not work, or works as you don't expect it, you can fiddle with the source, but you have NO OPTIONS with binaries. > In the past 6 > months we've seen both Sendmail and OpenSSH source distributions > backdoored, in the past tcp_wrappers and others. In fact, the OpenSSH > trojan was a compile time exploit -- building your own SSH > was the only > way to get hit by that, a binary package would have been safe! I don't blindly trust the source code either. After the compile, built and TESTING, I then roll it out. Remember that catching backdoor, trojans, worms, etc, is possible with good firewall filtering, IDS, coupled with good tcpdumping. Again, I don't disagree with you on the point raised, however, I believe we have more tools in our arsenal to deal with that when you have the source code. Regards, Patrick Soltani. From jeremy at nirvani.net Fri Oct 18 12:00:21 2002 From: jeremy at nirvani.net (Jeremy Brand, B.S.) Date: Fri, 18 Oct 2002 12:00:21 -0700 (PDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF5DDC38@ultra-exchange.ultradns.com> Message-ID: Thus spake Patrick Soltani: > With binary you don't have the option! with source you do. that's all. > Oh one more thing, when something does not work, or works as you don't > expect it, you can fiddle with the source, but you have NO OPTIONS with > binaries. What binaries are you talking about? On linux systems binaries can be re-built with source anyway. Having a binary-based-packeged system does not prevent you from (re-)compiling whatever you want. > I don't blindly trust the source code either. After the compile, built > and TESTING, I then roll it out. Remember that catching backdoor, > trojans, worms, etc, is possible with good firewall filtering, IDS, > coupled with good tcpdumping. This is a good point. So, why is a source-based-packeged distro better? My point is still being that source based distros (sourcemage, gentoo) are no more secure than binary based distros (redhat, debian, suse) based on the fact that you get to re-compile! Jeremy From ms at formulae.org Fri Oct 18 12:10:26 2002 From: ms at formulae.org (Michael Salmon) Date: Fri, 18 Oct 2002 12:10:26 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF5DDC38@ultra-exchange.ultradns.com> References: <3DBB075EEB95944492E127F2B9A96FAF5DDC38@ultra-exchange.ultradns.com> Message-ID: <20021018121026.B17237@formulae.org> On Fri, Oct 18, 2002 at 11:53:40AM -0700, Patrick Soltani wrote: > Do you read the source before you > > compile it? Would > > you catch a backdoor, buffer overflow, trojan if you did? > > Yes and No. > Yes, I check the source code usually thru MD5 finger prints, or pgp signatures. > Also depending on the time I have, I browse thru the code. Do I catch the backdoors, trojans, etc, may be not, but diffing with the older version usually tells you what's up. and how are you sure the md5 hash hasn't been tampered with? Having an md5 signature is only done on compressed packages (.tar, etc), this usually stops you from doing such things as diffing with older versions. Basically I doubt you would do such a thing without keeping the application tracked with cvs. I suggest you read the classic paper "Reflections on Trusting trust" by Ken Thompson. If you happened to have read it already, read it again because you didnt understand it. > With binary you don't have the option! with source you do. that's all. > Oh one more thing, when something does not work, or works as you don't expect it, you can fiddle with the source, but you have NO OPTIONS with binaries. I disagree. I will make the observation that we are talking about open source software, which if you have a binary for that would imply you can also get the source for what made the binary. So then simply uninstall the binary if it is giving you grief, get the src for it, and bash your head against it. > > In the past 6 > > months we've seen both Sendmail and OpenSSH source distributions > > backdoored, in the past tcp_wrappers and others. In fact, the OpenSSH > > trojan was a compile time exploit -- building your own SSH > > was the only > > way to get hit by that, a binary package would have been safe! > > I don't blindly trust the source code either. After the compile, built and TESTING, I then roll it out. Remember that catching backdoor, trojans, worms, etc, is possible with good firewall filtering, IDS, coupled with good tcpdumping. > > Again, I don't disagree with you on the point raised, however, I believe we have more tools in our arsenal to deal with that when you have the source code. > > > Regards, > Patrick Soltani. > > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug From psoltani at ultradns.com Fri Oct 18 12:33:49 2002 From: psoltani at ultradns.com (Patrick Soltani) Date: Fri, 18 Oct 2002 12:33:49 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! Message-ID: <3DBB075EEB95944492E127F2B9A96FAF539715@ultra-exchange.ultradns.com> > > What binaries are you talking about? On linux systems binaries can be > re-built with source anyway. Having a binary-based-packeged > system does > not prevent you from (re-)compiling whatever you want. > I work with Solaris, Linux and FreeBSD. Depending on the platform/OS we have to take different routes. Also take into account that home network is perhaps less critical compared to production network that 10s of 1000 folks beat on them every day around the clock, 366 days a year!;-). I personally like/use FreeBSD cvsup which gives you "almost" absolute control. Linux is ok, but not as much control, since it is geared to have mass appeal. Again the main process is to verify the source code thru MD5, pgp, etc first. Isolate your systems for build, config, test and more tests. Having the source allows me to fiddle with switches, configurations, right at the "source" rather than config files the binaries use. It allows me to inject my own debugging info and helps with debugging/troubleshooting. Usually the binaries are optimized with the symbol/debug tables taken out. So, if it breaks, you have no real way of pin pointing it. Of course you can run things like truss, strace, etc, again the difference is obvious we you run a large network v.s. home network. Binary is what the vendor thinks is "optimized" and "good" for you. Source install is what "you" think is optimized and good for you; in a nut shell. Lastly, we usually want something that the developer may not have thought about, source allows us to do just that, modify it. Again depending on your point of view, home network/production network that may or may not be an issues. Apart from these, I guess, it is how much time/resources you'd willing to spend on getting a piece of software running on your machine. perhaps one of the reasons M$ has market share is that it takes all your "options" away from you. I am not a biz kid, I may be wrong. Regards, Patrick Soltani. From itz at speakeasy.org Fri Oct 18 12:48:10 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 18 Oct 2002 12:48:10 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018171917.GA10126@master.compound.theunixman.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> <20021018171917.GA10126@master.compound.theunixman.com> Message-ID: <86fzv3il51.fsf@kronstadt.homeunix.net> johnd> The point is the same...why do you compile by hand? To fix bugs, and things that packagers see as features but are really bugs (like excessive dependencies, which for me means any dependencies on either Gnome or KDE). -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From psoltani at ultradns.com Fri Oct 18 12:59:21 2002 From: psoltani at ultradns.com (Patrick Soltani) Date: Fri, 18 Oct 2002 12:59:21 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! Message-ID: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com> > > and how are you sure the md5 hash hasn't been tampered with? > Having an md5 signature is only done on compressed packages > (.tar, etc), > this usually stops you from doing such things as diffing with > older versions. > Basically I doubt you would do such a thing without keeping > the application > tracked with cvs. wow, we are getting technical here. from man pages: " These functions implement the MD5 message-digest algorith, which takes as input a message of arbitrary length and pro- duces as output a 128-bit "fingerprint" or "message digest" of the input. It is intended for digital signature applica- tions, where large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA. " The operative word is "intended". You can run MD5 on binary files and is not confined to only compressed files. In fact Solaris has the MD5 finger prints for ALL the files in the system. I am sure not all of them are ".tar, etc" > I suggest you read the classic paper "Reflections on Trusting > trust" by > Ken Thompson. If you happened to have read it already, read > it again because > you didnt understand it. No I have not read what you consider Security Bible, but will do so when I get a chance. Thanx for the pointer. > I disagree. I will make the observation that we are talking > about open source > software, which if you have a binary for that would imply you can also > get the source for what made the binary. So then simply > uninstall the binary > if it is giving you grief, get the src for it, and bash your > head against it. That's exactly the point Yoda. How do you know the binaries you are installing/installed were generated from the source that you have? So, you have to compile it from source and then compare! Regards, Patrick Soltani. From itz at speakeasy.org Fri Oct 18 13:19:51 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 18 Oct 2002 13:19:51 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com> References: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com> Message-ID: <86bs5rijo8.fsf@kronstadt.homeunix.net> Patrick> wow, we are getting technical here. from man pages: " These Patrick> functions implement the MD5 message-digest algorith, which Patrick> takes as input a message of arbitrary length and pro- duces Patrick> as output a 128-bit "fingerprint" or "message digest" of the Patrick> input. It is intended for digital signature applica- tions, Patrick> where large file must be "compressed" in a secure manner Patrick> before being encrypted with a private (secret) key under a Patrick> public-key cryptosystem such as RSA. " Patrick> The operative word is "intended". You can run MD5 on binary Patrick> files and is not confined to only compressed files. In fact Patrick> Solaris has the MD5 finger prints for ALL the files in the Patrick> system. I am sure not all of them are ".tar, etc" Debian has something similar, although not all packages support it. ls /var/lib/dpkg/info/*.md5sums -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From itz at speakeasy.org Fri Oct 18 13:21:48 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 18 Oct 2002 13:21:48 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> Message-ID: <867kgfijkz.fsf@kronstadt.homeunix.net> Brian> 1. Has anyone taken Gentoo Linux for a spin? I know a lot of Brian> people on this list are big Debian fans, but Gentoo looks Brian> appealing as well. Before this thread utterly flamifies, I'll try to give it a new direction. Is there any relation between the Gentoo linux distribution and the Gentoo gtk-based file manager program? -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From atporter at primate.net Fri Oct 18 13:22:48 2002 From: atporter at primate.net (Aaron T Porter) Date: Fri, 18 Oct 2002 13:22:48 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539715@ultra-exchange.ultradns.com> References: <3DBB075EEB95944492E127F2B9A96FAF539715@ultra-exchange.ultradns.com> Message-ID: <20021018202248.GI13295@primate.net> Is there any way you could get your MS Client to do sane line breaks? Cleanly quoting your e-mails is painful. On Fri, Oct 18, 2002 at 12:33:49PM -0700, Patrick Soltani wrote: > I personally like/use FreeBSD cvsup which gives you "almost" absolute > control. Linux is ok, but not as much control, since it is geared to > have mass appeal. Where do you lose control with linux? The sources are there, it's a matter of choice how you use them. > Again the main process is to verify the source code thru MD5, pgp, etc > first. Isolate your systems for build, config, test and more tests. > Having the source allows me to fiddle with switches, configurations, > right at the "source" rather than config files the binaries use. That sounds very short sighted... you hard-code your options when you build your programs rather than using the defined config files? So changes require a rebuild instead of a HUP? This saves you time and effort how? All of this is pulling further and further away from the original disccusion. Nobody's arguing that in some cases it's a good idea to compile your own applications, but why does it make sense to compile your own mv, make, gzip or any of the hundreds of "standard" utils that are on your system that you are incredibly unlikely to ever want or need to modify? From atporter at primate.net Fri Oct 18 13:26:46 2002 From: atporter at primate.net (Aaron T Porter) Date: Fri, 18 Oct 2002 13:26:46 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com> References: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com> Message-ID: <20021018202646.GJ13295@primate.net> On Fri, Oct 18, 2002 at 12:59:21PM -0700, Patrick Soltani wrote: > > and how are you sure the md5 hash hasn't been tampered with? > > Having an md5 signature is only done on compressed packages > > (.tar, etc), this usually stops you from doing such things as > > diffing with older versions. Basically I doubt you would do > > such a thing without keeping the application tracked with cvs. > > The operative word is "intended". You can run MD5 on binary files and > is not confined to only compressed files. In fact Solaris has the MD5 > finger prints for ALL the files in the system. I am sure not all of > them are ".tar, etc" But that assumes that you've got an MD5 from the "clean" package. What if J. Random Hacker upoads a new MD5 with their trojaned package? Where does Solaris get it's MD5 sums that you're checking? RedHat's rpm's come with md5sums of every file too, rpm --verify is a great tool for forensics on a cracked system, though it won't help you much if you build your own stuff. From jeremy at nirvani.net Fri Oct 18 13:29:10 2002 From: jeremy at nirvani.net (Jeremy Brand, B.S.) Date: Fri, 18 Oct 2002 13:29:10 -0700 (PDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539715@ultra-exchange.ultradns.com> Message-ID: Thus spake Patrick Soltani: > > What binaries are you talking about? On linux systems binaries can be > > re-built with source anyway. Having a binary-based-packeged > > system does > > not prevent you from (re-)compiling whatever you want. > > > I work with Solaris, Linux and FreeBSD. Depending on the platform/OS we > have to take different routes. Also take into account that home network > is perhaps less critical compared to production network that 10s of 1000 > folks beat on them every day around the clock, 366 days a year!;-). I don't think anyone will disagree having source is a bad thing. The point of my insertion into this thread is that it is not true that having a source-only distro is more secure than a binary-distro. I don't see relevance in all your latest comments on this point. Also, I don't see how you can assume everyone but yourself is _tinkering_ with only their home network. Quite insulting. So, if I understand you right, nobody but you has to worry about 365/24 availability. However, this doesn't have anything to do with the point you are disagreeing with that a source-based distro is more secure than a binary-based distro. Like I mentioned before, NOT using a source-based distro like (Gentoo, Sourcemage, etc) does not keep you from re-compiling anything your have source code to (even on Solaris!) You mentioned you also support a Solaris environment. You can not compare a source based Solaris distro with a binary based Solaris distro, because one does not exist. Again, I don't see the relavancy (to this thread, in case that is not clear) - as what we were talking about is binary-based opensource OS distros (freebsd, debian, redhat) and source-based opensource OS distros (gentoo, sourcemage) and which is more secure based on whether you are forced to compile everything (source-based) or it is compiled for you with the option of re-comipiling (binary-based). PS, many people might appreciate if you put a few newline characters into your paragraphs. :) Jeremy From psoltani at ultradns.com Fri Oct 18 14:02:18 2002 From: psoltani at ultradns.com (Patrick Soltani) Date: Fri, 18 Oct 2002 14:02:18 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! Message-ID: <3DBB075EEB95944492E127F2B9A96FAF539717@ultra-exchange.ultradns.com> Sorry for broken mail client; I don't have a choice. > Also, I don't see how you can assume everyone but yourself is > _tinkering_ > with only their home network. Quite insulting. So, if I > understand you > right, nobody but you has to worry about 365/24 availability. > However, > this doesn't have anything to do with the point you are > disagreeing with > that a source-based distro is more secure than a binary-based distro. I am not sure how you arrived at the conclusion that I am insulting anyone. I can assure you that is farthest from my mind. I don't assume I am the only one working 7X24, rather was giving a comparison of the scope when you do it at home or on a production network. That's all. I feel almost sorry for responding to what I thought is a friendly discussion. > > You mentioned you also support a Solaris environment. You > can not compare > a source based Solaris distro with a binary based Solaris > distro, because > one does not exist. Again, I don't see the relavancy (to > this thread, in > case that is not clear) You can get source of the suns' tools thru their developers program. It is not opensource, you are right, however, that option exists for developers. The point that I was making. We use source for installing everywhere irregard of platform/os. Also SUN has a database of all the files/tools/everything they ship with the systems in a MD5 database. You can compare your system's MD5 signatures, generated independently, against the published ones. Regards, Patrick Soltani. From rick at linuxmafia.com Fri Oct 18 17:28:55 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 17:28:55 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com> References: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com> Message-ID: <20021019002855.GD23586@linuxmafia.com> Quoting Patrick Soltani (psoltani at ultradns.com): > wow, we are getting technical here. from man pages: > " These functions implement the MD5 message-digest algorith, > which takes as input a message of arbitrary length and pro- > duces as output a 128-bit "fingerprint" or "message digest" > of the input. It is intended for digital signature applica- > tions, where large file must be "compressed" in a secure > manner before being encrypted with a private (secret) key > under a public-key cryptosystem such as RSA. > " > > The operative word is "intended". You can run MD5 on binary files and > is not confined to only compressed files. In fact Solaris has the MD5 > finger prints for ALL the files in the system. I am sure not all of > them are ".tar, etc" I think you may be missing Michael's point, that MD5 hashes are worse than useless as a check on integrity unless you have high confidence that the record of blessed MD5 sums has not been tampered with, not to mention high confidence that the md5sum utility and its operating environment have not themselves been compromised. [About Ken Thompson's classic paper, "Reflections on Trusting Trust":] > No I have not read what you consider Security Bible, but will do so > when I get a chance. Thanx for the pointer. http://www.acm.org/classics/sep95/ Thompson dropped this bombshell in 1984, when he was being given an award by the ACM. He revealed that he had caused the standard C compiler included in practically all Unix systems to perpetuate a hidden trojan-horse login on all systems in an ingenious fashion that was completely undetectable by examining source code for _either_ the login program _or_ the C compiler itself, and that persisted even if you recompiled the C compiler from clean sources. In other words, it's not an adequate remedy even to infallibly audit all the source code of all packages on your system, and recompile everything from scratch. Thompson points out that his malware gremlin could equally well have been planted in "an assembler, a loader, or even hardware microcode." From rick at linuxmafia.com Fri Oct 18 17:32:29 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 17:32:29 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <86bs5rijo8.fsf@kronstadt.homeunix.net> References: <3DBB075EEB95944492E127F2B9A96FAF539716@ultra-exchange.ultradns.com> <86bs5rijo8.fsf@kronstadt.homeunix.net> Message-ID: <20021019003229.GE23586@linuxmafia.com> Quoting Ian Zimmerman (itz at speakeasy.org): > Debian has something similar, although not all packages support it. > ls /var/lib/dpkg/info/*.md5sums It's a more-complex issue than most people would have you believe. The tools exist. The signing mostly exists. The threat model is such that _meaningful_ verification is non-trivial. http://linuxmafia.com/~rick/linux-info/debian-package-signing -- "Is it not the beauty of an asynchronous form of discussion that one can go and make cups of tea, floss the cat, fluff the geraniums, open the kitchen window and scream out it with operatic force, volume, and decorum, and then return to the vexed glowing letters calmer of mind and soul?" -- The Cube, forum3000.org From nick at zork.net Fri Oct 18 17:45:37 2002 From: nick at zork.net (Nick Moffitt) Date: Fri, 18 Oct 2002 17:45:37 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018183604.GC23586@linuxmafia.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> <20021018183604.GC23586@linuxmafia.com> Message-ID: <20021019004537.GB20811@zork.net> begin Rick Moen Lives Three Hours from Nowhere quotation: > Quoting Brian Sobolak (brian at planetshwoop.com): > > Since there is more desktop software avail. for Linux than FreeBSD > > plus FreeBSD tends to be slightly behind on the Xwindows front, > > that's why I thought Gentoo might be worth a shot. > > So, give it a shot. All you need sacrifice is a machine state, a > trivial amount of bandwidth draw, and a little of your time. With respect, gentoo's demands on bandwidth and time are non-trivial compared to other distros. -- A: No. Q: Should I include quotations after my reply? From nick at zork.net Fri Oct 18 17:46:43 2002 From: nick at zork.net (Nick Moffitt) Date: Fri, 18 Oct 2002 17:46:43 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <86fzv3il51.fsf@kronstadt.homeunix.net> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> <20021018171917.GA10126@master.compound.theunixman.com> <86fzv3il51.fsf@kronstadt.homeunix.net> Message-ID: <20021019004643.GC20811@zork.net> begin Ian Zimmerman quotation: > johnd> The point is the same...why do you compile by hand? > > To fix bugs, and things that packagers see as features but are really > bugs (like excessive dependencies, which for me means any dependencies > on either Gnome or KDE). For those particular examples, Gentoo uses a "USE" variable in its configs. Any optional dependencies are listed there (things like ghostscript, gnome, kde, gtk, qt, etc etc). -- A: No. Q: Should I include quotations after my reply? From nick at zork.net Fri Oct 18 17:47:46 2002 From: nick at zork.net (Nick Moffitt) Date: Fri, 18 Oct 2002 17:47:46 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018183256.GB23586@linuxmafia.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> <20021018183256.GB23586@linuxmafia.com> Message-ID: <20021019004746.GD20811@zork.net> begin Rick Moen Lives Three Hours from Nowhere quotation: > But some people are indeed liking Gentoo, others Sourcemage, Rock > Linux, Lunar Linux, etc. All the same basic > build-everything-from-source notion, variously implemented. Don't forget gusto, which uses GAR! -- A: No. Q: Should I include quotations after my reply? From nick at zork.net Fri Oct 18 17:49:15 2002 From: nick at zork.net (Nick Moffitt) Date: Fri, 18 Oct 2002 17:49:15 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018183740.GH13295@primate.net> References: <3DBB075EEB95944492E127F2B9A96FAF539713@ultra-exchange.ultradns.com> <20021018183740.GH13295@primate.net> Message-ID: <20021019004915.GE20811@zork.net> begin Aaron T Porter quotation: > In fact, the OpenSSH trojan was a compile time exploit -- building > your own SSH was the only way to get hit by that, a binary package > would have been safe! And it was discovered because the source-based packaging system in OpenBSD detected a checksum mismatch on the upstream tarballs. -- A: No. Q: Should I include quotations after my reply? From rick at linuxmafia.com Fri Oct 18 18:14:10 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 18:14:10 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019004746.GD20811@zork.net> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018170430.GE13295@primate.net> <20021018183256.GB23586@linuxmafia.com> <20021019004746.GD20811@zork.net> Message-ID: <20021019011410.GH23586@linuxmafia.com> Quoting Nick Moffitt (nick at zork.net): > Don't forget gusto, which uses GAR! Man, that looks sweet: a smoothly building distribution that requires only a 100kB tarball to start with. I think I might give that a shot, just for the hell of it. http://www.bamsoftware.com/software/gusto/ ftp://ftp.bamsoftware.com/pub/gusto/ -- "Is it not the beauty of an asynchronous form of discussion that one can go and make cups of tea, floss the cat, fluff the geraniums, open the kitchen window and scream out it with operatic force, volume, and decorum, and then return to the vexed glowing letters calmer of mind and soul?" -- The Cube, forum3000.org From rick at linuxmafia.com Fri Oct 18 18:20:55 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 18:20:55 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019004537.GB20811@zork.net> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> <20021018183604.GC23586@linuxmafia.com> <20021019004537.GB20811@zork.net> Message-ID: <20021019012055.GI23586@linuxmafia.com> Quoting Nick Moffitt (nick at zork.net): > With respect, gentoo's demands on bandwidth and time are non-trivial > compared to other distros. So I gathered, after making that hasty remark. I had assumed that it was small relative to, say, downloading binary ISOs (since my a-priori assumption is that all you pull down is source tarballs as required and occasional updates to whatever is like the BSD ports skeleton) -- but I infer that for whatever reason it's a bandwidth hog. From jan at caustic.org Fri Oct 18 18:21:28 2002 From: jan at caustic.org (f.johan.beisser) Date: Fri, 18 Oct 2002 18:21:28 -0700 (PDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019012055.GI23586@linuxmafia.com> Message-ID: <20021018181952.M30424-100000@pogo.caustic.org> On Fri, 18 Oct 2002, Rick Moen wrote: > So I gathered, after making that hasty remark. I had assumed that it > was small relative to, say, downloading binary ISOs (since my a-priori > assumption is that all you pull down is source tarballs as required and > occasional updates to whatever is like the BSD ports skeleton) -- but I > infer that for whatever reason it's a bandwidth hog. actually, i'd say the BSDs ports collection (FreeBSDs specifically) is good for a few things, but as the dependancies pile up, having binaries to download makes everything much faster. my current area of frustration is things like xmms requiring GNOME (not just GTK) when you compile it from ports. it's almost enough to make me switch to using linux. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche From rick at linuxmafia.com Fri Oct 18 18:27:56 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 18:27:56 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018181952.M30424-100000@pogo.caustic.org> References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> Message-ID: <20021019012756.GJ23586@linuxmafia.com> Quoting f.johan.beisser (jan at caustic.org): > my current area of frustration is things like xmms requiring GNOME (not > just GTK) when you compile it from ports. it's almost enough to make me > switch to using linux. Yeah, I hear you on that. I despise gratuitous GNOME dependencies, too. -- Cheers, Remember: The day after tomorrow is the third day Rick Moen of the rest of your life. rick at linuxmafia.com From rick at linuxmafia.com Fri Oct 18 18:45:00 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 18:45:00 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <3DBB075EEB95944492E127F2B9A96FAF539717@ultra-exchange.ultradns.com> References: <3DBB075EEB95944492E127F2B9A96FAF539717@ultra-exchange.ultradns.com> Message-ID: <20021019014459.GL23586@linuxmafia.com> Quoting Patrick Soltani (psoltani at ultradns.com): > Also SUN has a database of all the files/tools/everything they ship > with the systems in a MD5 database. You can compare your system's MD5 > signatures, generated independently, against the published ones. If the system on which you do that comparison is compromised, then so might be the tools you use to perform it, or the environment in which they run. So, the assurance (of no system security compromise, albeit possibly not of other problems) is somewhat illusory. From nick at zork.net Fri Oct 18 18:44:19 2002 From: nick at zork.net (Nick Moffitt) Date: Fri, 18 Oct 2002 18:44:19 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019012055.GI23586@linuxmafia.com> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> <20021018183604.GC23586@linuxmafia.com> <20021019004537.GB20811@zork.net> <20021019012055.GI23586@linuxmafia.com> Message-ID: <20021019014419.GG20811@zork.net> begin Rick Moen Lives Three Hours from Nowhere quotation: > I had assumed that it was small relative to, say, downloading binary > ISOs (since my a-priori assumption is that all you pull down is > source tarballs as required and occasional updates to whatever is > like the BSD ports skeleton) -- but I infer that for whatever reason > it's a bandwidth hog. So it's generally true that source code is a less efficient storage format for code than compiled binaries. Source code often also contains code segments for each platform, of which only one segment will be included. -- A: No. Q: Should I include quotations after my reply? From nick at zork.net Fri Oct 18 18:45:11 2002 From: nick at zork.net (Nick Moffitt) Date: Fri, 18 Oct 2002 18:45:11 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019012756.GJ23586@linuxmafia.com> References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> Message-ID: <20021019014511.GH20811@zork.net> begin Rick Moen Lives Three Hours from Nowhere quotation: > Quoting f.johan.beisser (jan at caustic.org): > > my current area of frustration is things like xmms requiring GNOME > > (not just GTK) when you compile it from ports. it's almost enough > > to make me switch to using linux. > > Yeah, I hear you on that. I despise gratuitous GNOME dependencies, > too. And I'll just pipe up again in this thread to note that Gentoo's USE system handles this sort of thing nicely. -- A: No. Q: Should I include quotations after my reply? From rick at linuxmafia.com Fri Oct 18 18:52:19 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 18:52:19 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019014419.GG20811@zork.net> References: <59925.63.73.213.5.1034955767.squirrel@www.planetshwoop.com> <20021018164250.GA7857@master.compound.theunixman.com> <40503.63.73.213.5.1034961876.squirrel@www.planetshwoop.com> <20021018183604.GC23586@linuxmafia.com> <20021019004537.GB20811@zork.net> <20021019012055.GI23586@linuxmafia.com> <20021019014419.GG20811@zork.net> Message-ID: <20021019015219.GN23586@linuxmafia.com> Quoting Nick Moffitt (nick at zork.net): > So it's generally true that source code is a less efficient storage > format for code than compiled binaries. Source code often also > contains code segments for each platform, of which only one segment > will be included. Yes, but, on the other hand, ISOs (which were my point of comparison) include a great deal that doesn't get installed -- if you have any sense, anyway. From jan at caustic.org Fri Oct 18 18:50:11 2002 From: jan at caustic.org (f.johan.beisser) Date: Fri, 18 Oct 2002 18:50:11 -0700 (PDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019014511.GH20811@zork.net> Message-ID: <20021018184817.F30424-100000@pogo.caustic.org> On Fri, 18 Oct 2002, Nick Moffitt wrote: > And I'll just pipe up again in this thread to note that > Gentoo's USE system handles this sort of thing nicely. that's a good thing. sadly, i don't use Gentoo, let alone linux. technically, i should be able to define WANT_GNOME or USE_GNOME as NO in /etc/make.conf and not have it compiled. the problem is that the FreeBSD ports have become somewhat chaotic as of late, and don't always obey your variables. it's annoying at best, and downright frustrating at all the other times. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche From jan at caustic.org Fri Oct 18 18:50:47 2002 From: jan at caustic.org (f.johan.beisser) Date: Fri, 18 Oct 2002 18:50:47 -0700 (PDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019015219.GN23586@linuxmafia.com> Message-ID: <20021018185028.C30424-100000@pogo.caustic.org> On Fri, 18 Oct 2002, Rick Moen wrote: > Yes, but, on the other hand, ISOs (which were my point of comparison) > include a great deal that doesn't get installed -- if you have any > sense, anyway. thank goodness for network installs then, since you don't download a bunch of wasted bits. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche From rick at linuxmafia.com Fri Oct 18 19:47:16 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 19:47:16 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018185028.C30424-100000@pogo.caustic.org> References: <20021019015219.GN23586@linuxmafia.com> <20021018185028.C30424-100000@pogo.caustic.org> Message-ID: <20021019024715.GO23586@linuxmafia.com> Quoting f.johan.beisser (jan at caustic.org): > thank goodness for network installs then, since you don't download a bunch > of wasted bits. Quite right -- even if utterly irrelevant to my point, which concerned explaining what I meant by "a trivial amount of bandwidth draw", i.e., compared to what. From robert at namodn.com Fri Oct 18 20:04:10 2002 From: robert at namodn.com (Rob Helmer) Date: Fri, 18 Oct 2002 20:04:10 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019012756.GJ23586@linuxmafia.com>; from rick@linuxmafia.com on Fri, Oct 18, 2002 at 06:27:56PM -0700 References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> Message-ID: <20021018200409.A23291@namodn.com> On Fri, Oct 18, 2002 at 06:27:56PM -0700, Rick Moen wrote: > Quoting f.johan.beisser (jan at caustic.org): > > > my current area of frustration is things like xmms requiring GNOME (not > > just GTK) when you compile it from ports. it's almost enough to make me > > switch to using linux. > > Yeah, I hear you on that. I despise gratuitous GNOME dependencies, too. I've heard this alot, and I don't get it. Where is the line on what's gratuitous? Just as an aside, you can compile XMMS without GNOME if you want to. I have no idea what features you lose, but it's doable. ( http://bsdvault.net/viewtopic.php?topic=270&forum=2 ) Anyway, if you have (let's say) 5 applications which all depend on the same particular GNOME library, you've probably started to save space and compile time rather than having the applications all have redundant code. Not that you have the GNOME desktop installed, just apps that use code generated by the GNOME project. That argument is somewhat analagous to the old "static vs. dynamic binary" debate, it makes sense to dynamically link most binaries to ( at least ) libc in most cases. Using more generic libraries also increases reusability, modularity and ( given enough time and energy ) stability. So, as a general rule using the GNOME libs instead of writing your own ( from a developer's standpoint ) gives you more-or-less stable, documented, working code that you can plug into your program easily. Usually the burden of maintaining and improving that code is on someone else, making some of the work that is secondary to your application not your problem. From the user, as a general rule you have - * smaller binaries, fewer libraries overall ( less total disk space used ) * less overall compile time ( assuming you compile each gnome lib once ) * more overall stability * more consistency ( from a UI point of view ) Admittedly, this is "ideal world" stuff. For example, if you update gnome libs frequently out of CVS, the stability/compile time factors may not be there ( CVS/CVSup do a good job of preserving bandwidth at least ). Also, there's no guarantee that the libraries are stable, documented, or any good at all. However, I feel that those libraries that are part of the GNOME project have been steadily improving over time, and I think it's better to put a little effort into an already existing project than to rewrite all the code yourself. As it stands today, the core GNOME libs are pretty good. So are the core KDE libs, and GNUStep is coming along nicely as well. I don't see a point in writing everything from scratch, especially when there is no benefit to the user, whether they download source or binaries. Thanks, Rob From rick at linuxmafia.com Fri Oct 18 19:56:22 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 19:56:22 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018200409.A23291@namodn.com> References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> Message-ID: <20021019025622.GP23586@linuxmafia.com> Quoting Rob Helmer (robert at namodn.com): > I've heard this alot, and I don't get it. Where is the line on what's > gratuitous? Right where I want it to be, of course. I'm sorry; the argument clinic is down the corridor. This is ironic mockery, in here. [blah, blah, code reuse, blah, modularity, blah, blah, stability, blah.] > Thanks, > Rob Any time. From jan at caustic.org Fri Oct 18 19:55:30 2002 From: jan at caustic.org (f.johan.beisser) Date: Fri, 18 Oct 2002 19:55:30 -0700 (PDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018200409.A23291@namodn.com> Message-ID: <20021018194728.G30424-100000@pogo.caustic.org> On Fri, 18 Oct 2002, Rob Helmer wrote: > I've heard this alot, and I don't get it. Where is the line > on what's gratuitous? ok, my own setup for my desktop, normally: WM: fluxbox MP3: xmms status: gkrellm browser: mozilla but, when i build xmms from /usr/ports, it attempts to build gnome. why? if i HAVE gnome installed, that would be fine. but i don't, and i don't want it installed, but the ports system is assuming i want it, just because i typed "make" in /usr/ports/audio/xmms. dumb assumption, but that one is made anyway. > Just as an aside, you can compile XMMS without GNOME if you want to. I > have no idea what features you lose, but it's doable. ( > http://bsdvault.net/viewtopic.php?topic=270&forum=2 ) it's doable, but it's not simple. the hamhanded result is that you don't have gnome, but you do end up with broken ports, due to some of the horrid depandancies on the various installs. i'm really not talking about the use of static vs dynamic libs. trust me, i LOVE dynamic libraries (as long as they don't break, then i hate them and get grumpy). this is just about using someone elses idea of what a port should be. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche From robert at namodn.com Fri Oct 18 20:24:25 2002 From: robert at namodn.com (Rob Helmer) Date: Fri, 18 Oct 2002 20:24:25 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018194728.G30424-100000@pogo.caustic.org>; from jan@caustic.org on Fri, Oct 18, 2002 at 07:55:30PM -0700 References: <20021018200409.A23291@namodn.com> <20021018194728.G30424-100000@pogo.caustic.org> Message-ID: <20021018202425.B23291@namodn.com> On Fri, Oct 18, 2002 at 07:55:30PM -0700, f.johan.beisser wrote: > On Fri, 18 Oct 2002, Rob Helmer wrote: > > > I've heard this alot, and I don't get it. Where is the line > > on what's gratuitous? > > ok, my own setup for my desktop, normally: > > WM: fluxbox > MP3: xmms > status: gkrellm > browser: mozilla > > but, when i build xmms from /usr/ports, it attempts to build gnome. why? > > if i HAVE gnome installed, that would be fine. but i don't, and i don't > want it installed, but the ports system is assuming i want it, just > because i typed "make" in /usr/ports/audio/xmms. dumb assumption, but that > one is made anyway. I'm guessing by "gnome installed" you mean the whole desktop. It's not like you have to compile gnome-terminal and the panel and all the fluff that you probably don't want, it's usually just the core libraries. > > > Just as an aside, you can compile XMMS without GNOME if you want to. I > > have no idea what features you lose, but it's doable. ( > > http://bsdvault.net/viewtopic.php?topic=270&forum=2 ) > > it's doable, but it's not simple. the hamhanded result is that you don't > have gnome, but you do end up with broken ports, due to some of the horrid > depandancies on the various installs. Hmm.. I guess it could be made simpler. It's just adding a flag to "make" IIRC. To the "broken ports" comment : it really depends on how good of a job the developer did on making the GNOME dependency removeable without breaking core features of the app I guess. > > i'm really not talking about the use of static vs dynamic libs. trust me, > i LOVE dynamic libraries (as long as they don't break, then i hate them > and get grumpy). this is just about using someone elses idea of what a > port should be. Sure, the maintainer has to make a choice on whether it will require gnome-lib ( or whatever ) by default, that's the same choice I would make, since there's a relatively straightforward way to disallow it. Thanks, Rob From jan at caustic.org Fri Oct 18 20:14:24 2002 From: jan at caustic.org (f.johan.beisser) Date: Fri, 18 Oct 2002 20:14:24 -0700 (PDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018202425.B23291@namodn.com> Message-ID: <20021018200710.X30424-100000@pogo.caustic.org> On Fri, 18 Oct 2002, Rob Helmer wrote: > I'm guessing by "gnome installed" you mean the whole desktop. It's not > like you have to compile gnome-terminal and the panel and all the > fluff that you probably don't want, it's usually just the core libraries. well, the libs would be fine. most gnome libs are good, decent, and easy to use. the problem comes up when i don't want the damned panel, or gnome-terminal (i am old school - or stupid - i use xterms..). in this case, none of these need the gnome libs, even. they only really need freetype and gtk (they have those in common), and that's just about it. > Hmm.. I guess it could be made simpler. It's just adding a flag to > "make" IIRC. no, actually it was a bit rougher than that, sadly. i ended up having to edit the Makefiles to avoid compiling GNOME. this is even after having /etc/make.conf set to not build it (you wouldn't believe how much breakage that caused, whooo wee). > To the "broken ports" comment : it really depends on how good of a job > the developer did on making the GNOME dependency removeable without > breaking core features of the app I guess. actually, i've found that most developers will let you not use the GNOME libs. it's a bit harder to get around GTK or QT requirements. > Sure, the maintainer has to make a choice on whether it will require > gnome-lib ( or whatever ) by default, that's the same choice I would > make, since there's a relatively straightforward way to disallow it. generally, the port maintainer does what's best, and easiest for him. if he's using KDE for everything, of course his port will depend on it. the ports stuff has been driving me nuts for a while (why, oh why, would a machine that doesn't have X installed on it need the GTK front end for MTR?) but usually when i bother with it. these days, i'm getting out of using the ports system. it needs a bunch of cleanup and hopefully options to easily avoid building things you don't want/need. it's a small gripe with what's otherwise been a mostly rock solid system. the shame is that it's slowly driving me torward OpenBSD (or, if the installer becomes easier to deal with, NetBSD) for all my OS needs. From robert at namodn.com Fri Oct 18 20:38:57 2002 From: robert at namodn.com (Rob Helmer) Date: Fri, 18 Oct 2002 20:38:57 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019025622.GP23586@linuxmafia.com>; from rick@linuxmafia.com on Fri, Oct 18, 2002 at 07:56:22PM -0700 References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> <20021019025622.GP23586@linuxmafia.com> Message-ID: <20021018203857.C23291@namodn.com> On Fri, Oct 18, 2002 at 07:56:22PM -0700, Rick Moen wrote: > Quoting Rob Helmer (robert at namodn.com): > > > I've heard this alot, and I don't get it. Where is the line on what's > > gratuitous? > > Right where I want it to be, of course. > > I'm sorry; the argument clinic is down the corridor. This is ironic > mockery, in here. No problem. While I have you here, can you point the way to the constructive conversations? > > [blah, blah, code reuse, blah, modularity, blah, blah, stability, blah.] I have no idea how this is meant, so I guess I just won't be offended. Sorry if I came across as preachy; I'm saying it more to the list in general, not presuming that you don't understand the issues involved, or that you don't know that XMMS doesn't make a whole lot of use of the gnome libs compared to the core gnome applications. I've just heard alot of complaints about dependencies when compiling from source ( this isn't the first one specifically about the xmms port either ). I think dependencies on widely-used libraries are almost always a good thing, even if there are some drawbacks ( like only having 1 or 2 apps actually use the same library ). I'm curious as to who thinks this is bad and why. Thanks, Rob From jan at caustic.org Fri Oct 18 20:27:35 2002 From: jan at caustic.org (f.johan.beisser) Date: Fri, 18 Oct 2002 20:27:35 -0700 (PDT) Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018203857.C23291@namodn.com> Message-ID: <20021018202340.X30424-100000@pogo.caustic.org> On Fri, 18 Oct 2002, Rob Helmer wrote: > Sorry if I came across as preachy; I'm saying it more to the list in > general, not presuming that you don't understand the issues involved, or > that you don't know that XMMS doesn't make a whole lot of use of the > gnome libs compared to the core gnome applications. i don't think anyone here is talking about xmms' use of the gnome libs - if they're present - to bind in to gnome better. that's fine by all accounts. the issue is the automagic inclusion of gnome as a dependancy of the port, when xmms will compile fine without it. if you try to compile the straight port, you end up with gnome being built. > I've just heard alot of complaints about dependencies when compiling > from source ( this isn't the first one specifically about the xmms port > either ). i've never really had a problem compiling xmms from source. i've had problems with the FreeBSD port collection's xmms port wanting to build/install gnome. a very different situation. > I'm curious as to who thinks this is bad and why. i don't think anyone's said it's bad. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche From cmsclaud at arches.uga.edu Fri Oct 18 20:28:14 2002 From: cmsclaud at arches.uga.edu (Claude Rubinson) Date: Fri, 18 Oct 2002 20:28:14 -0700 Subject: [buug] [CalLUG-announce] Lunch w/RMS, Tues Oct 22, 373 Soda Hall] Message-ID: <20021019032814.GA9251@wagner> ----- Forwarded message from callug-announce-admin at brain.CS.Berkeley.EDU ----- You are invited to chat with GNU founder Richard Stallman at lunch hosted by EECS. When: Oct 22 - 12 noon to 1:30 pm Where: 373 Soda Hall This is a tight space so pls. RSVP to layney at eecs for food count etc (with same subject line please! :) You will not receive a confirmation reply - just attend unless you hear otherwise. Thanks! Some reading recommended by GNU folks: http://www.gnu.org/philosophy/free-sw.html http://www.gnu.org/gnu/thegnuproject.html http://www.gnu.org/philosophy/free-software-for-freedom.html http://www.gnu.org/gnu/linux-and-gnu.html http://www.gnu.org/gnu/why-gnu-linux.html http://www.gnu.org/philosophy/free-doc.html Best Regards, Erica Layne _________________________________ Erica Layne Morrison Manager, Department Development Electrical Engineering & Computer Sciences University of California, Berkeley 231 Cory Hall 1770 Berkeley, CA 94720 Phone: 510.642.3051 Fax. 510.642.2845 layney at eecs.berkeley.edu _________________________________ _______________________________________________ Callug-announce mailing list Callug-announce at callug.cs.berkeley.edu http://www-callug.cs.berkeley.edu/mailman/listinfo/callug-announce ----- End forwarded message ----- From robert at namodn.com Fri Oct 18 21:04:02 2002 From: robert at namodn.com (Rob Helmer) Date: Fri, 18 Oct 2002 21:04:02 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018200710.X30424-100000@pogo.caustic.org>; from jan@caustic.org on Fri, Oct 18, 2002 at 08:14:24PM -0700 References: <20021018202425.B23291@namodn.com> <20021018200710.X30424-100000@pogo.caustic.org> Message-ID: <20021018210402.D23291@namodn.com> On Fri, Oct 18, 2002 at 08:14:24PM -0700, f.johan.beisser wrote: > On Fri, 18 Oct 2002, Rob Helmer wrote: > > generally, the port maintainer does what's best, and easiest for him. if > he's using KDE for everything, of course his port will depend on it. > > the ports stuff has been driving me nuts for a while (why, oh why, would a > machine that doesn't have X installed on it need the GTK front end for > MTR?) but usually when i bother with it. > > these days, i'm getting out of using the ports system. it needs a bunch of > cleanup and hopefully options to easily avoid building things you don't > want/need. > > it's a small gripe with what's otherwise been a mostly rock solid system. > the shame is that it's slowly driving me torward OpenBSD (or, if the > installer becomes easier to deal with, NetBSD) for all my OS needs. That's pretty rough. I guess you're right, maintainers are really the crux of it, unless you want to duplicate their work. I do see the appeal to having your desktop be exactly to your specifications, my desktop has alot more GNOME components than yours so I'm sure that I don't even notice when something depends on the core GNOME binaries ( your particular dependency does seem gratuitous, libs I understand but not the binaries ). -- Rob From robert at namodn.com Fri Oct 18 21:15:59 2002 From: robert at namodn.com (Rob Helmer) Date: Fri, 18 Oct 2002 21:15:59 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018202340.X30424-100000@pogo.caustic.org>; from jan@caustic.org on Fri, Oct 18, 2002 at 08:27:35PM -0700 References: <20021018203857.C23291@namodn.com> <20021018202340.X30424-100000@pogo.caustic.org> Message-ID: <20021018211559.E23291@namodn.com> On Fri, Oct 18, 2002 at 08:27:35PM -0700, f.johan.beisser wrote: > On Fri, 18 Oct 2002, Rob Helmer wrote: > > > Sorry if I came across as preachy; I'm saying it more to the list in > > general, not presuming that you don't understand the issues involved, or > > that you don't know that XMMS doesn't make a whole lot of use of the > > gnome libs compared to the core gnome applications. > > i don't think anyone here is talking about xmms' use of the gnome libs - > if they're present - to bind in to gnome better. that's fine by all > accounts. Well, alot of apps take flak for using gnome libraries instead of writing their own routines directly against GTK, rather than just integrating with gnome. > > I've just heard alot of complaints about dependencies when compiling > > from source ( this isn't the first one specifically about the xmms port > > either ). > > i've never really had a problem compiling xmms from source. i've had > problems with the FreeBSD port collection's xmms port wanting to > build/install gnome. a very different situation. > > > I'm curious as to who thinks this is bad and why. > > i don't think anyone's said it's bad. Noone here has, it's just a view I've known alot of people to hold. Offhand, I'm not sure if XMMS using gnome for anything besides a panel applet, which is pretty gratuitus. Not the best segue, I apologize for that. Think I've been jumping to conclusions again.. Thanks, Rob From rick at linuxmafia.com Fri Oct 18 21:03:29 2002 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Oct 2002 21:03:29 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018203857.C23291@namodn.com> References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> <20021019025622.GP23586@linuxmafia.com> <20021018203857.C23291@namodn.com> Message-ID: <20021019040329.GQ23586@linuxmafia.com> Quoting Rob Helmer (robert at namodn.com): > No problem. While I have you here, can you point the way to the constructive > conversations? This is obviously some use of the term "constructive conversation" I've been aware of until now, encompassing attempts to drag me into pointless recaps of notorious and unenlightening flamewars. But, hey, it's a big world, neh? > Sorry if I came across as preachy;.... That's not the adjective that came most immediately to mind. If you're honestly seeking someone to discuss the topic with, you'll have to tug on someone else's sleeve, in any event. From robert at namodn.com Fri Oct 18 21:32:02 2002 From: robert at namodn.com (Rob Helmer) Date: Fri, 18 Oct 2002 21:32:02 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021019040329.GQ23586@linuxmafia.com>; from rick@linuxmafia.com on Fri, Oct 18, 2002 at 09:03:29PM -0700 References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> <20021019025622.GP23586@linuxmafia.com> <20021018203857.C23291@namodn.com> <20021019040329.GQ23586@linuxmafia.com> Message-ID: <20021018213202.F23291@namodn.com> On Fri, Oct 18, 2002 at 09:03:29PM -0700, Rick Moen wrote: > Quoting Rob Helmer (robert at namodn.com): > > > No problem. While I have you here, can you point the way to the constructive > > conversations? > > This is obviously some use of the term "constructive conversation" I've > been aware of until now, encompassing attempts to drag me into pointless > recaps of notorious and unenlightening flamewars. > > But, hey, it's a big world, neh? > > > Sorry if I came across as preachy;.... > > That's not the adjective that came most immediately to mind. > > If you're honestly seeking someone to discuss the topic with, you'll > have to tug on someone else's sleeve, in any event. Well, in any event I apologize for jumping to a conclusion that you and jan at caustic.org obviously weren't heading for as well, I can see that from re-reading the original post now that I have a better understanding of the original situation. Thanks, Rob From nick at zork.net Fri Oct 18 22:30:10 2002 From: nick at zork.net (Nick Moffitt) Date: Fri, 18 Oct 2002 22:30:10 -0700 Subject: [buug] Gentoo, Bluecurve and Linux too! In-Reply-To: <20021018184817.F30424-100000@pogo.caustic.org> References: <20021019014511.GH20811@zork.net> <20021018184817.F30424-100000@pogo.caustic.org> Message-ID: <20021019053010.GJ20811@zork.net> begin f.johan.beisser quotation: > that's a good thing. sadly, i don't use Gentoo, let alone linux. > technically, i should be able to define WANT_GNOME or USE_GNOME as > NO in /etc/make.conf and not have it compiled. the problem is that > the FreeBSD ports have become somewhat chaotic as of late, and don't > always obey your variables. Ah, that's a pity, since the ports did this sort of thing first. It's true that the USE variables in Gentoo are as optional as they are in BSD ports, but the Gentoo packages tend to be more meticulously maintained (partly because there's no real notion of "we are the developers of this core code, and all the rest is just automation of stuff people should compile manually anyway" the way there is in BSD). -- A: No. Q: Should I include quotations after my reply? From itz at speakeasy.org Fri Oct 18 23:26:15 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 18 Oct 2002 23:26:15 -0700 Subject: [buug] desktop deps [Was: Gentoo, Bluecurve and Linux too!] In-Reply-To: <20021018200409.A23291@namodn.com> References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> Message-ID: <86lm4vdjw8.fsf_-_@kronstadt.homeunix.net> >> Yeah, I hear you on that. I despise gratuitous GNOME dependencies, >> too. Rob> I've heard this alot, and I don't get it. Where is the line on Rob> what's gratuitous? It's late, I'm tired and fed up with the way the planet is going, so I'll bite. I am one of these people you hear complaining about this. The case that makes me howl is _not_ that I see a cool app utilizing Gnome functionality and I say "how dare they"? Rather, I am a happy longtime user of a gtk program X. X is really nice but, like every software project, has a couple of bugs. I hear an annyoing bug is fixed in X2.1, just released. I say "apt-get install X" and bingo! apt is asking me to download 20M of Gnome libraries - including audio, panel, CORBA, and what not. I'll never use any of that functionality (and I can't afford to have all these libraries loaded, even once). That is gratuitous. -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From robert at namodn.com Sun Oct 20 22:15:05 2002 From: robert at namodn.com (Rob Helmer) Date: Sun, 20 Oct 2002 22:15:05 -0700 Subject: [buug] desktop deps [Was: Gentoo, Bluecurve and Linux too!] In-Reply-To: <86lm4vdjw8.fsf_-_@kronstadt.homeunix.net>; from itz@speakeasy.org on Fri, Oct 18, 2002 at 11:26:15PM -0700 References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> <86lm4vdjw8.fsf_-_@kronstadt.homeunix.net> Message-ID: <20021020221505.A16246@namodn.com> On Fri, Oct 18, 2002 at 11:26:15PM -0700, Ian Zimmerman wrote: > > >> Yeah, I hear you on that. I despise gratuitous GNOME dependencies, > >> too. > > Rob> I've heard this alot, and I don't get it. Where is the line on > Rob> what's gratuitous? > functionality and I say "how dare they"? Rather, I am a happy > longtime user of a gtk program X. X is really nice but, like every > software project, has a couple of bugs. I hear an annyoing bug is > fixed in X2.1, just released. I say "apt-get install X" and bingo! > apt is asking me to download 20M of Gnome libraries - including audio, > panel, CORBA, and what not. I'll never use any of that > functionality (and I can't afford to have all these libraries loaded, > even once). That is gratuitous. I'm curious as to what gtk program X is ( I sure hope it's not X11 ). I agree that things like panel are gratuitous, although it's feasible that the app actually uses the gnome audio libraries, same for CORBA. If you can't afford to have just the libs loaded ( I do think things like the base binaries and the panel are gratuitous in most cases ) then that's kind of a difficult situation ( I assume you also don't have the time/space to staticly compile the bins you need ). I did fly off the handle a bit in my original post, there are obviously going to be cases where it's a pain in the ass for a maintainer to have one package that can flexibly decide whether the panel exists or whether it depends on gnome binaries for some reason, and it's not always possible ( or desirable ) to have seperate package-gnome package-gtk packages ( plus that confuses users who don't really care what toolkit the programmer used ). I use quite a few gtk apps that depend on the gnome libraries, since I also have a full gnome desktop installed ( mostly for guests, and for some desktop work I do.. I like the idea of a fully integrated, consistent desktop, but I'm already addicted to blackbox, and my machine at home is too slow for a full dt ). So admittedly, I'm somewhat biased in that I already have gnome-bin, gnome-lib, CORBA, gnome-audio and all that other stuff installed ( having the seperate gnome1/gnome2 installs is a little obnoxious though ). I've seen furors over apps that use alot of gnome functionality, which formerly were gtk-only ( galeon probably being the most prominent ). I think it would be a good thing for more GTK apps to move in this direction, for the reasons I outlined in my original post on this topic. Of course, the only benefit you'll ever see if you only run one app that uses any of the gnome libraries is possibly stability, you'll probably end up losing more diskspace than if the app was gtk-only ( or tk, or athena, or straight xlib, whatever ). -- Rob From itz at speakeasy.org Sun Oct 20 23:28:35 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 20 Oct 2002 23:28:35 -0700 Subject: [buug] desktop deps [Was: Gentoo, Bluecurve and Linux too!] In-Reply-To: <20021020221505.A16246@namodn.com> References: <20021019012055.GI23586@linuxmafia.com> <20021018181952.M30424-100000@pogo.caustic.org> <20021019012756.GJ23586@linuxmafia.com> <20021018200409.A23291@namodn.com> <86lm4vdjw8.fsf_-_@kronstadt.homeunix.net> <20021020221505.A16246@namodn.com> Message-ID: <86hefgl2zw.fsf@kronstadt.homeunix.net> Rob> I've heard this alot, and I don't get it. Where is the line on Rob> what's gratuitous? itz> functionality and I say "how dare they"? Rather, I am a happy itz> longtime user of a gtk program X. X is really nice but, like itz> every software project, has a couple of bugs. I hear an annyoing itz> bug is fixed in X2.1, just released. I say "apt-get install X" itz> and bingo! apt is asking me to download 20M of Gnome libraries - itz> including audio, panel, CORBA, and what not. I'll never use any itz> of that functionality (and I can't afford to have all these itz> libraries loaded, even once). That is gratuitous. Rob> I'm curious as to what gtk program X is ( I sure hope it's not Rob> X11 ). It's not one program, it's a pattern that has happened more than once. "Program foo" would have been a better phrase, perhaps :) Rob> I agree that things like panel are gratuitous, although it's Rob> feasible that the app actually uses the gnome audio libraries, Rob> same for CORBA. If you can't afford to have just the libs loaded Rob> ( I do think things like the base binaries and the panel are Rob> gratuitous in most cases ) then that's kind of a difficult Rob> situation ( I assume you also don't have the time/space to Rob> staticly compile the bins you need ). The problem is that all the gnome libraries interdepend very tightly, and so if a program uses just one bit of the functionality (say, the audio), it is forced to load all of them. At least that's how the Debian deps are set up. Rob> I've seen furors over apps that use alot of gnome functionality, Rob> which formerly were gtk-only ( galeon probably being the most Rob> prominent ). Yes, I sure wish galeon were gtk-only. But in that case I actually understand they genuinely do Gnome-ish things, so I wouldn't call it gratuitous. Rob> I think it would be a good thing for more GTK apps to move in Rob> this direction, for the reasons I outlined in my original post on Rob> this topic. I don't think it'll surprise you that I disagree :) Rob> Of course, the only benefit you'll ever see if you only run one Rob> app that uses any of the gnome libraries is possibly stability, Rob> you'll probably end up losing more diskspace than if the app was Rob> gtk-only ( or tk, or athena, or straight xlib, whatever ). Disk space is not the issue, it is main store. (96M, I can't afford an upgrade, and even if I could the upgrade will only take me to 128, then I need a new motherboard). -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From unix at theunixman.com Tue Oct 22 19:11:38 2002 From: unix at theunixman.com (Evan Cofsky) Date: Tue, 22 Oct 2002 20:11:38 -0600 Subject: [buug] Blocking sendmail In-Reply-To: <3D890769.FA29AACB@pacbell.net> References: <3D890769.FA29AACB@pacbell.net> Message-ID: <20021023021137.GQ765@uman.local.> Those look to be outgoing connection attempts which will hang around until sendmail times out since you are probably dropping outgoing connection packets. On 09/18 16:08, Bill Honeycutt wrote: > Before the catcalls start, let me say that I know that I shouldn't have > sendmail running when I should be using one of the many perfectly good > substitutes. > > But I have is running on one machine. I filter packets such that only > localhost can connect, all others packets are rejected. So imagine my > surprise to see the following in my process status output: > > > ps ax > > > >... stuff deleted... > > > > 2896 ? S 0:00 sendmain: ./g8G7DAJ26233 gateway4.worldnet.att.net: > > > > Yikes!! All packets from both the localnet and DMZ are disallowed, so > the question becomes, "has someone found an innovative way to use my > sendmail daemon?" > > Thanks in advance! > > Bill > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug -- How much does it cost to entice a dope-smoking UNIX system guru to Dayton? -- UNIX/WORLD's First Annual Salary Survey, Brian Boyle Evan Cofsky, President, CEO Pacific Development Group -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From itz at speakeasy.org Tue Oct 22 22:20:36 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 22 Oct 2002 22:20:36 -0700 Subject: [buug] rms event Message-ID: <86ptu1loij.fsf@kronstadt.homeunix.net> I attended the rms event announced last week thanks to Claude. I won't discuss it further here as it's somewhat OT, but I can talk about it privately with whoever's interested. -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From unixjavabob at yahoo.com Wed Oct 23 21:56:50 2002 From: unixjavabob at yahoo.com (Bob Read) Date: Wed, 23 Oct 2002 21:56:50 -0700 (PDT) Subject: [buug] Success with FreeBSD Message-ID: <20021024045650.38744.qmail@web13801.mail.yahoo.com> Hello everyone, I just completed 2 FreeBSD installs...it's the first time I've installed any BSD in 2 years. Installs were totally smooth, and I really like the /etc/rc.conf. Of great help was my "The Complete FreeBSD" book from freebsd.org...this book is my favorite unix reference manual. IMHO, this book plus "Essential Unix System Administration" by O'Reilly handle most of my needs. Later and see you at the next meeting... Bob ===== ----------------------------------------- Bob Read Senior Unix Administrator/DBA/Programmer cell (510)-703-1634 unixjavabob at yahoo.com ----------------------------------------- __________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ From chowse at charter.net Thu Oct 24 08:09:30 2002 From: chowse at charter.net (Charles Howse) Date: Thu, 24 Oct 2002 10:09:30 -0500 Subject: [buug] Convert Linux Gateway to OpenBSD Message-ID: <000e01c27b6f$5c6f0080$0300a8c0@moe> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List Members, I have a rather interesting task ahead...I currently have a small network here at home that I will describe shortly, and I would like to convert the gateway machine from Red Hat 7.3 to OpenBSD. I don't need someone to read the man pages to me, but I would like to discuss my plan, and refine it in the most professional way possible. I am capable of installing, and networking the box, getting patched, recompiling the kernel, installing software, it's just that I don't have too much experience and I was hoping to get a "safety net" in place (you!) Are you available for discussion and to otherwise help? The reasons I want to convert are: I want to use the "most secure free operating system out there." I enjoy learning new operating systems. I'm currently very interested in security. I couldn't get my Windows 2000 IIS server online 5 minutes before it was infected with Code Red. My basic plan for conversion is as follows: Outline the services the new gateway must provide. Test the install and setup on a spare machine, while the old gateway is still running. Try to develop a means for a scripted install of the OS, software and configuration files. Do the actual conversion (be up, running and patched) in 12 hours or less. OK, my little network is named after the 3 Stooges. I don't have a public domain...if all the PC's were Windows boxes, this would be a workgroup. The gateway machine is Curley, the spare machine is Larry, and the WinXP box is Moe. (I have address space available for Shemp and Curley_Joe) ;-) We have a Cable Modem CAT5'd to the gateway machine which runs Red Hat 7.3 and has 2 nics. The 1st nic connects to the Cable Modem, and gets a dynamic IP address from the ISP's dhcp server. The second nic connects to a 10baseT hub, and has a private IP address. Larry has 1 nic with a private address, as does Moe. I use a 4-port kvm switch for console access to each machine. Moe shares an HP1100 printer. I am currently running Apache, sendmail, Monmotha's iptables firewall, http://www.mplug.org/phpwiki/index.php?MonMothaReferenceGuide LogWatch, PortSentry, LogSentry, DNS2Go and maybe more that I can't think of. One VERY important service that I MUST have on the new gateway is DNS2Go. I get a dynamic IP from my ISP, and using DNS2Go, I send that IP to their dns servers so that you can click the link to my web server without knowing my IP address. They provide some software for this, http://www.deerfield.com/download/dns2go/linux/index.htm which is working perfectly in Linux, and one of the developers has just emailed me a beta copy for OpenBSD 3.1 that installed and started just fine. Complete list of services that the new machine must provide: Http Mail Stateful firewall w/nat Intrusion detection software (really need some input here...) Automated retrieval and installation of security-related patches. Must print properly to the shared printer on the XP box. Unsuccessful so far...Print services for Unix is enabled. #Lpc status all -> ..."waiting for Moe to come up." No gui needed, don't have the resources. Curley is a P200 w/ 64MB ram, 8GB & 5GB HDD. I see that Midnight Commander is listed as broken in the ports/misc tree, I really need a Norton Commander clone. Demos Commander is unacceptable, it needs terminal to be vct25 or something like that and doesn't work then. Ytree takes forever to calculate the size of files in a big directory, and I just don't like it very much. Any suggestions? I'm writing my own HOWTO, with the commands and ftp sites to use for reference. I'll send it if needed. OK, sorry to be so long winded. Thanks in advance for any replies! Thanks, Charles Howse, MCP http://howse.dns2go.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBPbgNKsN9WXdqhOGSEQKkRQCfXCTKitrjsodxXiC0qtIrprrHuj0AnidP ME7LKV069hFvhR/Ju+iPaNUE =n4sj -----END PGP SIGNATURE----- From itz at speakeasy.org Thu Oct 24 09:27:03 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 24 Oct 2002 09:27:03 -0700 Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <000e01c27b6f$5c6f0080$0300a8c0@moe> References: <000e01c27b6f$5c6f0080$0300a8c0@moe> Message-ID: <864rbbpzu0.fsf@kronstadt.homeunix.net> Charles> OK, my little network is named after the 3 Stooges. I don't Charles> have a public domain...if all the PC's were Windows boxes, Charles> this would be a workgroup. The gateway machine is Curley, Charles> the spare machine is Larry, and the WinXP box is Moe. (I Charles> have address space available for Shemp and Curley_Joe) ;-) Careful - underscores are non-standard in domain names, better use a hyphen. Charles> Intrusion detection software (really need some input here...) Charles> No gui needed, don't have the resources. Curley is a P200 w/ Charles> 64MB ram, 8GB & 5GB HDD. The intrusion detectors I have experience with (aide and integrit) are relatively hoggish beasts. If you think the machine is not good enough for GUI, I doubt that it will be happy running one of these. It may be possible (and even advisable, on security grounds) to run them from another machine over NFS, though. Never tried that - anyone else care to comment? Charles> I see that Midnight Commander is listed as broken in the Charles> ports/misc tree, I really need a Norton Commander clone. Charles> Demos Commander is unacceptable, it needs terminal to be Charles> vct25 or something like that and doesn't work then. Ytree Charles> takes forever to calculate the size of files in a big Charles> directory, and I just don't like it very much. Any Charles> suggestions? Emacs and dired :-) -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From ms at formulae.org Thu Oct 24 09:50:50 2002 From: ms at formulae.org (Michael Salmon) Date: Thu, 24 Oct 2002 09:50:50 -0700 Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <864rbbpzu0.fsf@kronstadt.homeunix.net> References: <000e01c27b6f$5c6f0080$0300a8c0@moe> <864rbbpzu0.fsf@kronstadt.homeunix.net> Message-ID: <20021024095050.E40250@formulae.org> On Thu, Oct 24, 2002 at 09:27:03AM -0700, Ian Zimmerman wrote: > Charles> Intrusion detection software (really need some input here...) > > Charles> No gui needed, don't have the resources. Curley is a P200 w/ > Charles> 64MB ram, 8GB & 5GB HDD. > > The intrusion detectors I have experience with (aide and integrit) are > relatively hoggish beasts. If you think the machine is not good > enough for GUI, I doubt that it will be happy running one of these. > > It may be possible (and even advisable, on security grounds) to run > them from another machine over NFS, though. Never tried that - anyone > else care to comment? I used to like nfr, now I would use snort if I needed one. I'm too lazy though. ms From cmsclaud at arches.uga.edu Thu Oct 24 10:21:57 2002 From: cmsclaud at arches.uga.edu (Claude Rubinson) Date: Thu, 24 Oct 2002 10:21:57 -0700 Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <000e01c27b6f$5c6f0080$0300a8c0@moe> References: <000e01c27b6f$5c6f0080$0300a8c0@moe> Message-ID: <20021024172157.GA32181@wagner> On Thu, Oct 24, 2002 at 10:09:30AM -0500, Charles Howse wrote: > > OK, my little network is named after the 3 Stooges. > I don't have a public domain...if all the PC's were Windows boxes, > this would be a workgroup. > The gateway machine is Curley, the spare machine is Larry, and the > WinXP box is Moe. > (I have address space available for Shemp and Curley_Joe) ;-) Actually, I believe that it's spelled "Curly" and "Curly_Joe." Also, you're forgetting Joe. (Poor Joe, he was only there for a few episodes and everyone always forgets about him.) Hope this helps! Claude From jan at caustic.org Thu Oct 24 11:21:41 2002 From: jan at caustic.org (f.johan.beisser) Date: Thu, 24 Oct 2002 11:21:41 -0700 (PDT) Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <000e01c27b6f$5c6f0080$0300a8c0@moe> Message-ID: <20021024105112.I30424-100000@pogo.caustic.org> On Thu, 24 Oct 2002, Charles Howse wrote: > I have a rather interesting task ahead...I currently have a small > network here at home that I will describe shortly, and I would like > to convert the gateway machine from Red Hat 7.3 to OpenBSD. start here: http://www.openbsd.org/faq/faq9.html > Are you available for discussion and to otherwise help? as much as ever, i guess. > We have a Cable Modem CAT5'd to the gateway machine which runs Red > Hat 7.3 and has 2 nics. > The 1st nic connects to the Cable Modem, and gets a dynamic IP > address from the ISP's dhcp server. is the "dynamic address" just over DHCP? or is there PPPoE or something else between them? either is supported in OpenBSD. > One VERY important service that I MUST have on the new gateway is > DNS2Go. never heard of it. but, google has. they have a perl version, which should work in OpenBSD with no real effort. their perl version requires perl 5.6, OpenBSD will be releasing version 3.2 of the OS soon. it has perl 5.6.1. i don't remember the version of perl in 3.1, off hand. i tend to use snapshots. > Complete list of services that the new machine must provide: > Http it does web serving? > Mail it does SMTP? why not use your ISPs mail gateways? > Stateful firewall w/nat easy. > Intrusion detection software (really need some input here...) get a beafier machine. IDSs tend to use quite a bit of CPU time while doing packet analisys. if you're wanting a firewall, it's already doing to much. > Automated retrieval and installation of security-related patches. this is almost always a bad idea. well, automated installation is. you can use wget to grab the latest patches, and probably script the patching in to your local source tree.. but, this is a firewall right? why would it have a compiler? > Must print properly to the shared printer on the XP box. > Unsuccessful so far...Print services for Unix is enabled. samba. i'd suggest not printing from your firewall. no real reason to. > #Lpc status all -> ..."waiting for Moe to come up." > No gui needed, don't have the resources. Curley is a P200 w/ 64MB > ram, 8GB & 5GB HDD. why bother with a GUI at all? useless except on workstations. servers don't need them. by default, OpenBSD doesn't even start a GUI. you have to A) install XWindows, and B) set it up to use it. > I see that Midnight Commander is listed as broken in the ports/misc > tree, I really need a Norton Commander clone. why? > Demos Commander is unacceptable, it needs terminal to be vct25 or > something like that and doesn't work then. Ytree takes forever to > calculate the size of files in a big directory, and I just don't like it > very much. Any suggestions? ls, df, du. the command line is more powerful than any file manager. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From chowse at charter.net Thu Oct 24 12:00:35 2002 From: chowse at charter.net (Charles Howse) Date: Thu, 24 Oct 2002 14:00:35 -0500 Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <20021024105112.I30424-100000@pogo.caustic.org> Message-ID: <000101c27b8f$a2d234a0$0300a8c0@moe> > start here: > > http://www.openbsd.org/faq/faq9.html > Been there, done that. I don't pretend to be as knowledgeable as you folks, but maybe I can get it done with just a little prodding. Have also worn out the book "FreeBSD Unleashed". > is the "dynamic address" just over DHCP? or is there PPPoE or > something else between them? > > either is supported in OpenBSD. Dhcp only. > > One VERY important service that I MUST have on the new gateway is > > DNS2Go. > > never heard of it. but, google has. > > they have a perl version, which should work in OpenBSD with I'm pretty confident the beta they sent me will work. > it does web serving? At present, I don't object to building a DMZ and hosting my web site and mail server on another machine. > it does SMTP? why not use your ISPs mail gateways? Because I haven't had consistent email service from my ISP since August 28th. "-ERR Incorrect user name or password" I'm on their ass about it, all the way up to Corporate HQ. And I want to do SMTP because I can. My Red Hat box (Curly) has firewalled, nat'd, smtp'd, httpd'd and emailed the logs to me for a year with no problems. Remember, I said I'm running PortSentry, LogSentry, Logwatch, etc. Are you saying that OpenBSD can't do the same thing on the same machine without coughing? > > Stateful firewall w/nat > > easy. Where can I look at a real good pf.conf file? > > Intrusion detection software (really need some input here...) > > get a beafier machine. IDSs tend to use quite a bit of CPU > time while doing packet analisys. if you're wanting a > firewall, it's already doing to much. Nothing else available. Remember, this is a home network, built from used machines. The DMZ setup seems to be where you're headed. Fine with me. > > > Automated retrieval and installation of security-related patches. > > this is almost always a bad idea. well, automated installation is. > > you can use wget to grab the latest patches, and probably > script the patching in to your local source tree.. but, this > is a firewall right? why would it have a compiler? Well, (remember, I'm a BSD newbie), the firewall should have a compiler so I can install the latest security patches and recompile from source...Isn't that the way it's supposed to work? I refer to the following page... http://www.openbsd.org/stable.html From unixjavabob at yahoo.com Thu Oct 24 12:31:44 2002 From: unixjavabob at yahoo.com (Bob Read) Date: Thu, 24 Oct 2002 12:31:44 -0700 (PDT) Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <20021024172157.GA32181@wagner> Message-ID: <20021024193144.59929.qmail@web13807.mail.yahoo.com> ...And in this corner....Coming at you from UGA.edu...the "Georgia Relational Model Stormer", undefeated in spelling competitions this year...Ladies and Gentlemen, stand up and give a cheer for...claude rUbinson!!! --- Claude Rubinson wrote: > On Thu, Oct 24, 2002 at 10:09:30AM -0500, Charles > Howse wrote: > > > > OK, my little network is named after the 3 > Stooges. > > I don't have a public domain...if all the PC's > were Windows boxes, > > this would be a workgroup. > > The gateway machine is Curley, the spare machine > is Larry, and the > > WinXP box is Moe. > > (I have address space available for Shemp and > Curley_Joe) ;-) > > Actually, I believe that it's spelled "Curly" and > "Curly_Joe." Also, > you're forgetting Joe. (Poor Joe, he was only there > for a few > episodes and everyone always forgets about him.) > > Hope this helps! > > Claude > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug ===== ----------------------------------------- Bob Read Senior Unix Administrator/DBA/Programmer cell (510)-703-1634 unixjavabob at yahoo.com ----------------------------------------- __________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ From jan at caustic.org Thu Oct 24 12:37:38 2002 From: jan at caustic.org (f.johan.beisser) Date: Thu, 24 Oct 2002 12:37:38 -0700 (PDT) Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <000101c27b8f$a2d234a0$0300a8c0@moe> Message-ID: <20021024120449.O30424-100000@pogo.caustic.org> On Thu, 24 Oct 2002, Charles Howse wrote: > Been there, done that. good. > I don't pretend to be as knowledgeable as you folks, but maybe I can get > it done with just a little prodding. what you're wanting isn't difficult, it's something that a newbie should be able to do with a little help. > Have also worn out the book "FreeBSD Unleashed". haven't heard of it. any good for a newbie? > > either is supported in OpenBSD. > > Dhcp only. by nature, openbsd treats each interface separately. you only need to configure the external interface to request DHCP service on bootup. normally, the behaviour of dhcp is to give you a lease on an IP, and continually renew that least. you keep the same address for a while. > > they have a perl version, which should work in OpenBSD with > > I'm pretty confident the beta they sent me will work. it probably will. i'd tend to use the perl script anyway, since there's a higher chance of me being able to read and understand what exactly is going on. > > it does web serving? > > At present, I don't object to building a DMZ and hosting my web site and > mail server on another machine. well, it's usually easier to simply host it on an 'external' box from the firewall/NAT. you can statically map addresses, of course. > Because I haven't had consistent email service from my ISP since August > 28th. > "-ERR Incorrect user name or password" that's a popmail error code, as far as i can tell. if it were SMTP it would have a number code. > My Red Hat box (Curly) has firewalled, nat'd, smtp'd, httpd'd and > emailed the logs to me for a year with no problems. leaving logs local, and using syslog to forward them is easier to deal with. > Remember, I said I'm running PortSentry, LogSentry, Logwatch, etc. portsentry is useless. a little worse than useless, actually. what's the point of having a piece of software detect portscans on a machine that's doing nat? all it really does is add to the processing overhead of the kernel. > Are you saying that OpenBSD can't do the same thing on the same machine > without coughing? it can. it's less likely to cough, actually. > Where can I look at a real good pf.conf file? dig up a howto off of google. i'd actually suggest reading the IPFilter howto to get an idea of how the rules are set up. pf has a bit simpler syntax, and seems to run somewhat faster. the man pages for pf.conf are fairly decent in documenting basic examples. my own pf.conf file for my IPv6 gateway has around 137 rules, once loaded. written this is only 95 rules. > Nothing else available. Remember, this is a home network, built from > used machines. > The DMZ setup seems to be where you're headed. Fine with me. it's not so much that i'm headed torward a DMZ setup, it's that you're wanting much more out of the server than it's function would normally have. > Well, (remember, I'm a BSD newbie), the firewall should have a compiler > so I can install the latest security patches and recompile from > source... yes, and no. if a firewall is compromised (there are the occasional exploits that can nail you, after all) the compiler is just another liability. despite things like systrace, once a root level compromise happens, the attacker can change the rules anyway. despite things like securelevels. > Isn't that the way it's supposed to work? I refer to the > following page... > http://www.openbsd.org/stable.html sure. but, when you're building a machine intended for one purpose, why make it a generalist? that breaks Best Practice. if you're forced to make it a general system, you have it stripped down to bare minimum, then start including everything you think you may need. from your emails, you need: nat/firewall WebServer mail everything else is just icing. i would suggest starting with a simple idea of what you want, then building on that framework. what you seem to want isn't that complex, but unlike many linux distros, OpenBSD is fairly stripped down by default. this is the real way it can say "secure by default", it doesn't have many features untill you add them. minimalism is beautiful, when it comes to security. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From jan at caustic.org Thu Oct 24 12:39:39 2002 From: jan at caustic.org (f.johan.beisser) Date: Thu, 24 Oct 2002 12:39:39 -0700 (PDT) Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <864rbbpzu0.fsf@kronstadt.homeunix.net> Message-ID: <20021024123909.O30424-100000@pogo.caustic.org> On 24 Oct 2002, Ian Zimmerman wrote: > It may be possible (and even advisable, on security grounds) to run > them from another machine over NFS, though. Never tried that - anyone > else care to comment? care to explain a little more? -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From itz at speakeasy.org Thu Oct 24 12:46:54 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 24 Oct 2002 12:46:54 -0700 Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <20021024123909.O30424-100000@pogo.caustic.org> References: <20021024123909.O30424-100000@pogo.caustic.org> Message-ID: <86elafoc0h.fsf@kronstadt.homeunix.net> itz> It may be possible (and even advisable, on security grounds) to itz> run them from another machine over NFS, though. Never tried that itz> - anyone else care to comment? jan> care to explain a little more? Have aide/tripwire/integrit actually run on one of the internal machines, and nfs-mount the checked filesytems? That way you don't have to worry about the binaries themselves being replaced, at least as long as the firewall can be trusted. Puts a huge load on the ethernet though, probably. Again, I never actually did it. -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From jan at caustic.org Thu Oct 24 12:52:50 2002 From: jan at caustic.org (f.johan.beisser) Date: Thu, 24 Oct 2002 12:52:50 -0700 (PDT) Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <86elafoc0h.fsf@kronstadt.homeunix.net> Message-ID: <20021024124920.X30424-100000@pogo.caustic.org> On 24 Oct 2002, Ian Zimmerman wrote: > jan> care to explain a little more? > > Have aide/tripwire/integrit actually run on one of the internal > machines, and nfs-mount the checked filesytems? That way you don't > have to worry about the binaries themselves being replaced, at least > as long as the firewall can be trusted. ah, ok. yes, that would work fine, except that you're using NFS. in this case, why not nfs mount the tripwire binary from the trusted system, and keep copies of the databases as needed. less likely to see changes in the binary that way, and fewer chances of the files you're worried about being viewed by an attacker (just as bad, in some cases, as them being modified). > Puts a huge load on the ethernet though, probably. Again, I never > actually did it. depends on the speed of the ethernet. i've found NFSing source code (i have several different architectures at home, and nfs with lndir does wonders for this situation) hasn't been much of an overhead at all. of course, my network at home is more complex than i care to have it right now. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From chowse at charter.net Thu Oct 24 13:31:29 2002 From: chowse at charter.net (Charles Howse) Date: Thu, 24 Oct 2002 15:31:29 -0500 Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <20021024120449.O30424-100000@pogo.caustic.org> Message-ID: <000201c27b9c$55774670$0300a8c0@moe> > > Have also worn out the book "FreeBSD Unleashed". > > haven't heard of it. any good for a newbie? I liked it... http://www.amazon.com - "FreeBSD Unleased" > > Remember, I said I'm running PortSentry, LogSentry, Logwatch, etc. > > portsentry is useless. a little worse than useless, actually. > what's the point of having a piece of software detect > portscans on a machine that's doing nat? Well, because my web server and mail server live at that address. Remember, the routable address is the address of the external interface on the Linux machine. If they hack that address, they can root the box. Am I missing your point? > > Where can I look at a real good pf.conf file? > > dig up a howto off of google. i'd actually suggest reading > the IPFilter howto to get an idea of how the rules are set > up. pf has a bit simpler syntax, and seems to run somewhat > faster. the man pages for pf.conf are fairly decent in > documenting basic examples. I thought man pf.conf had a good example. I may try that. Could you please confirm that in the nat rules AND in the pf rules, I can refer to the interface (ep1) rather than the actual dynamic IP address of the external interface? It will ruin everything if I have to refer to an IP address that is going to change every 4 hours or so. ;-) > but, when you're building a machine intended for one purpose, > why make it a generalist? that breaks Best Practice. if Because it's the only machine I have available! ;-) I'd rather keep Larry to experiment with. > you're forced to make it a general system, you have it > stripped down to bare minimum, then start including > everything you think you may need. > > from your emails, you need: > > nat/firewall > WebServer > mail > > everything else is just icing. Well, I would agree...so...I should upgrade to stable, apply the patches, then remove the compiler, then put it on the network? How do I apply future patches? (I admit I havn't done my homework here.) From jan at caustic.org Thu Oct 24 14:50:55 2002 From: jan at caustic.org (f.johan.beisser) Date: Thu, 24 Oct 2002 14:50:55 -0700 (PDT) Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <000201c27b9c$55774670$0300a8c0@moe> Message-ID: <20021024142204.I30424-100000@pogo.caustic.org> On Thu, 24 Oct 2002, Charles Howse wrote: > Well, because my web server and mail server live at that address. > Remember, the routable address is the address of the external interface > on the Linux machine. > If they hack that address, they can root the box. > Am I missing your point? yes. portsentry, at least on BSDs, simply listen on ports for scans. since scans are some of the most common traffic you'll encounter, it's simply wasted overhead. if you default to denying all traffic, the portsentry program sits there, doing nothing. it's not particularly intelligent about how it blocks things either. if it detects a scan - sometimes little more than a connection to a port that's not open - it flips out. portsentry simply provides too many false positives, making it more useless than simply blocking the ports and logging each connection in the first place. > I thought man pf.conf had a good example. I may try that. the basic rules are easy, doing more complex things makes things more interesting. > Could you please confirm that in the nat rules AND in the pf rules, I > can refer to the interface (ep1) rather than the actual dynamic IP > address of the external interface? It will ruin everything if I have to > refer to an IP address that is going to change every 4 hours or so. ;-) normally, you can handle traffic based on interfaces being passed through. untill you handle virtual hosts on the same machine (very unlikely) you don't have to worry to much about static addressing. http://www.openbsd.org/faq/faq6.html#NAT an example: nat on fxp0 from 192.168.1.0/24 to any -> fxp0 > > everything else is just icing. > > Well, I would agree...so...I should upgrade to stable, apply the > patches, then remove the compiler, then put it on the network? install the snapshots. upgrade when 3.2 (-stable) is released. > How do I apply future patches? (I admit I havn't done my homework > here.) if the machine works, why fix it? the occasional upgrade isn't a bad idea, doing one that's not nessassary to a production machine (and that is what this is) is foolish. [root at brimstone log] {23}$ uname -ap OpenBSD brimstone 3.1 GENERIC#5 sparc SUNW,Sun 4/50, W8601/8701 or MB86903 @ 40 MHz, on-chip FPU [root at brimstone log] {24}$ uptime 2:47PM up 39 days, 2 hrs, 1 user, load averages: 0.32, 0.25, 0.18 i had a bit of downtime due to moving the hardware around. after the ssh vulnerability came out, i upgraded to a snapshot release, and once again ignored this machine. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From chowse at charter.net Thu Oct 24 16:04:32 2002 From: chowse at charter.net (Charles Howse) Date: Thu, 24 Oct 2002 18:04:32 -0500 Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <20021024142204.I30424-100000@pogo.caustic.org> Message-ID: <000001c27bb1$b7358100$0300a8c0@moe> > > everything else is just icing. > > Well, I would agree...so...I should upgrade to stable, apply the > patches, then remove the compiler, then put it on the network? >install the snapshots. upgrade when 3.2 (-stable) is released. From the web page - Between formal releases, a series of snapshot releases are made available. Snapshots are test releases of the -current source tree. Because they reflect the current state of development, there is no guarantee that snapshot releases will work correctly (or even at all). Snapshots are quite useful when moving from a formal release (or older version of -current) to the current tree. I thought stable was where I wanted to be, rather than current. > How do I apply future patches? (I admit I haven't done my homework > here.) >if the machine works, why fix it? the occasional upgrade isn't a bad idea, >doing one that's not necessary to a production machine (and that is what >this is) is foolish. Agreed, I patch my Windows box when they release a patch for an application that I use. It makes sense to patch the BSD box when they release a patch for an issue that affects me. That's what I intend to do. What is the best way to do that? Get the patches from 'errata' and install them manually? From itz at speakeasy.org Thu Oct 24 16:29:17 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 24 Oct 2002 16:29:17 -0700 Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <20021024142204.I30424-100000@pogo.caustic.org> References: <20021024142204.I30424-100000@pogo.caustic.org> Message-ID: <86adl3o1pu.fsf@kronstadt.homeunix.net> jan> portsentry, at least on BSDs, simply listen on ports for jan> scans. since scans are some of the most common traffic you'll jan> encounter, it's simply wasted overhead. if you default to denying jan> all traffic, the portsentry program sits there, doing jan> nothing. it's not particularly intelligent about how it blocks jan> things either. if it detects a scan - sometimes little more than jan> a connection to a port that's not open - it flips out. jan> portsentry simply provides too many false positives, making it jan> more useless than simply blocking the ports and logging each jan> connection in the first place. I agree with this. I myself have stopped running snort on my box a few days after switching to a DENY firewall policy, when I saw that all it could tell me about was a couple of harmless ping requests a day (the harmful ones are blocked) and it was in fact the greatest hog among the daemons. The real stuff is in the kernel log, where the denied packets go. -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From jan at caustic.org Thu Oct 24 16:31:42 2002 From: jan at caustic.org (f.johan.beisser) Date: Thu, 24 Oct 2002 16:31:42 -0700 (PDT) Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <000001c27bb1$b7358100$0300a8c0@moe> Message-ID: <20021024160659.A30424-100000@pogo.caustic.org> On Thu, 24 Oct 2002, Charles Howse wrote: > >install the snapshots. upgrade when 3.2 (-stable) is released. > > I thought stable was where I wanted to be, rather than current. here's the question: install a 6 month old release, go through and do a full rebuild of ssh (due to the fact it's a vulnerable version of ssh) or install a very stable pre-release version of -current? i've had very few problems with the snapshot releases, far fewer with OpenBSD-current than FreeBSD-current. > >if the machine works, why fix it? the occasional upgrade isn't a bad > idea, > >doing one that's not necessary to a production machine (and that is > what > >this is) is foolish. > > Agreed, I patch my Windows box when they release a patch for an > application that I use. how many applications are you going to have on this machine? unlike windows, the various unix clones tend to not have very many "life threatening" exploits. the only things you need to worry about are feature changes (if you even need the new feature in the first place), and remote exploits. the first happens rarely. if you don't require it, it's icing; excepting those times where it makes your life much easier. if it's a remote exploit, how you handle it is up to you. since just about everything is turned off to begin with, i usually handle remote exploits with "rm -f" of the vulnerable binary, and don't bother with it from there. on the other hand, a needed daemon puts you in an unusual position. you have to balance the need (for example, sshd) against the vulnerability (root access for the attacker, from a remote host); my solution to that is simply upgrade. if the machine doesn't have a compiler (such as poor stupid brimstone) it means i install the snapshot, and move onward. > It makes sense to patch the BSD box when they release a patch for an > issue that affects me. and, looking at the errata page on OpenBSDs site, your default install of 3.1 has: 5 patches you'd have to install to ensure a system that's "secure" from remote attacks: 001, 006, 007, 011, 013. of those, you actually only need 001, and 006. > That's what I intend to do. What is the best way to do that? install a snapshot, and use that instead. the snapshots, as i said before, are very stable. your other option is to have another OpenBSD box of the same architecture, and compile your own -stable releases. i find the snapshots are easier to handle. > Get the patches from 'errata' and install them manually? that's how you usually do them. download the patch branch of the source tree, and compile away. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From jan at caustic.org Thu Oct 24 16:35:33 2002 From: jan at caustic.org (f.johan.beisser) Date: Thu, 24 Oct 2002 16:35:33 -0700 (PDT) Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <86adl3o1pu.fsf@kronstadt.homeunix.net> Message-ID: <20021024163214.E30424-100000@pogo.caustic.org> On 24 Oct 2002, Ian Zimmerman wrote: > I agree with this. I myself have stopped running snort on my box > a few days after switching to a DENY firewall policy, when I saw that > all it could tell me about was a couple of harmless ping requests a > day (the harmful ones are blocked) and it was in fact the greatest hog > among the daemons. depending on how you have snort configured can change what you see. since most home networks don't have directly exposed IIS/apache/imap/pop services, it's almost a waste of effort to run it. if you've got a full scale production network that you WANT to detect attackers traffic on, it's a good idea to have it running, since it'll record the attack and allow you to see what, and how, it was done. > The real stuff is in the kernel log, where the denied packets go. yes. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From chowse at charter.net Fri Oct 25 13:17:37 2002 From: chowse at charter.net (Charles Howse) Date: Fri, 25 Oct 2002 15:17:37 -0500 Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <20021024160659.A30424-100000@pogo.caustic.org> Message-ID: <000101c27c63$9041e7c0$0300a8c0@moe> > i've had very few problems with the snapshot releases, far fewer with > OpenBSD-current than FreeBSD-current. OK, I've done some more homework, and I see the point. What are your thoughts on the following: My little network will have a DMZ. Curly will be the firewall, with OpenBSD 3.1, and 3 nics Ep1 is the external interface, dhcp Tx0 is one internal interface with a private address Tx1 is the other internal interface with a private address Curly and Larry will communicate over a crossover cable, since I don't have another hub Larry will be the web and mail server, with OpenBSD 3.1, and 1 nic Moe will be my workstation, with 1 nic The first question I have for this scenario concerns the sub netting for the network. BTW: sub netting is my short suit. I'm totally at a loss here...should all the machines be on the same network - 255.255.0.0? Or should there be some security through sub netting built in here? Here's my attempt at ASCII art: Internet ---- Cable Modem ---- (ep1 DHCP)-Curly-(tx0 192.168.0.1)---- Hub ---- Moe | (tx1 192.168.1.1) | | | (DMZ) | | Larry From jan at caustic.org Fri Oct 25 17:06:38 2002 From: jan at caustic.org (f.johan.beisser) Date: Fri, 25 Oct 2002 17:06:38 -0700 (PDT) Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <000101c27c63$9041e7c0$0300a8c0@moe> Message-ID: <20021025162048.W30424-100000@pogo.caustic.org> On Fri, 25 Oct 2002, Charles Howse wrote: > What are your thoughts on the following: > > My little network will have a DMZ. ok. it's already behind nat. the DMZ will be of limited usefulness. here's why: you have 1 public IP. if you map ports over to specific machines you're still only exposing one or two ports. it's not going to render you that much more secure than having everything sitting in one local network.. this doesn't mean the design is bad, it's a good design, just requiring more resources to implement than your original design. > The first question I have for this scenario concerns the sub netting for > the network. > BTW: sub netting is my short suit. > I'm totally at a loss here...should all the machines be on the same > network - 255.255.0.0? no. i would either A) assign a complete class C (heh, pre-CIDR stuff amuses me) to each segment, or B) subnet one. what good is settin everything to be in the same subnet when you're attempting to keep things separate? since you're playing with private IP space, go for the /24. it'll be easier to handle. so, 192.168.1.0 and the DMZ would be 192.168.2.0, for example. the netmask for either 255.255.255.0. this just makes everything easier to deal with, especially once it's in private IP space. | +---{DMZ}- | +---{Windoze}- -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From chowse at charter.net Fri Oct 25 17:29:00 2002 From: chowse at charter.net (Charles Howse) Date: Fri, 25 Oct 2002 19:29:00 -0500 Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <20021025162048.W30424-100000@pogo.caustic.org> Message-ID: <000201c27c86$ae8b6cb0$0300a8c0@moe> OK, all good so far. Now, I have had a severe attack of the 'dumbass' today... If you don't mind, it would help me immensely if you would walk me through the steps to get my new machines to the point you mention when talking about installing snapshots to stay secure. When I look at ftp.openbsd.org/pub/OpenBSD/snapshots/i386, all I see are *32.tgz files. Should I start by installing those? Then what, and how, to stay secure? Just patch manually or do a complete reinstall of the newest snapshot? Seems to me like all that reinstalling and reconfiguring would be a pain in the ass. Also, nobody every commented on my original plan to try and develop a means to do a scripted install of the OS and config files. Is this possible in BSD?...it is in Linux. > -----Original Message----- > From: buug-admin at weak.org [mailto:buug-admin at weak.org] On > Behalf Of f.johan.beisser > Sent: Friday, October 25, 2002 7:07 PM > To: Charles Howse > Cc: buug at weak.org > Subject: RE: [buug] Convert Linux Gateway to OpenBSD > > > On Fri, 25 Oct 2002, Charles Howse wrote: > > > What are your thoughts on the following: > > > > My little network will have a DMZ. > > ok. it's already behind nat. the DMZ will be of limited usefulness. > > here's why: you have 1 public IP. if you map ports over to > specific machines you're still only exposing one or two > ports. it's not going to render you that much more secure > than having everything sitting in one local network.. > > this doesn't mean the design is bad, it's a good design, just > requiring more resources to implement than your original design. > > > The first question I have for this scenario concerns the > sub netting > > for the network. > > BTW: sub netting is my short suit. > > I'm totally at a loss here...should all the machines be on the same > > network - 255.255.0.0? > > no. i would either A) assign a complete class C (heh, > pre-CIDR stuff amuses me) to each segment, or B) subnet one. > what good is settin everything to be in the same subnet when > you're attempting to keep things separate? > > since you're playing with private IP space, go for the /24. > it'll be easier to handle. > > so, 192.168.1.0 and the DMZ would be 192.168.2.0, for > example. the netmask for either 255.255.255.0. this just > makes everything easier to deal with, especially once it's in > private IP space. > > > | > +---{DMZ}- > | > +---{Windoze}- > > -------/ f. johan beisser /--------------------------------------+ > http://caustic.org/~jan jan at caustic.org > "Champagne for my real friends, real pain for > my sham friends." -- Tom Waits > > > > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug > From jan at caustic.org Fri Oct 25 18:32:51 2002 From: jan at caustic.org (f.johan.beisser) Date: Fri, 25 Oct 2002 18:32:51 -0700 (PDT) Subject: [buug] Convert Linux Gateway to OpenBSD In-Reply-To: <000201c27c86$ae8b6cb0$0300a8c0@moe> Message-ID: <20021025182954.U30424-100000@pogo.caustic.org> On Fri, 25 Oct 2002, Charles Howse wrote: > Now, I have had a severe attack of the 'dumbass' today... > If you don't mind, it would help me immensely if you would walk me > through the steps to get my new machines to the point you mention when > talking about installing snapshots to stay secure. download the install floppy. read the various documents on them. there are quite a few INSTALL and README files. > When I look at ftp.openbsd.org/pub/OpenBSD/snapshots/i386, all I see are > *32.tgz files. > Should I start by installing those? essentially, yes. read the FAQ on how to install. > Then what, and how, to stay secure? Just patch manually or do a > complete reinstall of the newest snapshot? i think i already explained that enough. > Seems to me like all that reinstalling and reconfiguring would be a pain > in the ass. who said it was a complete reinstall? it's simply an upgrade. > Also, nobody every commented on my original plan to try and develop a > means to do a scripted install of the OS and config files. Is this > possible in BSD?...it is in Linux. it's possible. just not advised. i have explained why in previous emails. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From lramos3 at satx.rr.com Sun Oct 27 00:44:27 2002 From: lramos3 at satx.rr.com (luis) Date: Sun, 27 Oct 2002 07:44:27 +0000 Subject: [buug] FreeBSD install References: <20021024143835.2959.79980.Mailman@weak.org> Message-ID: <3DBB995B.4EBC99A0@satx.rr.com> buug-request at weak.org wrote: > Send Buug mailing list submissions to > buug at weak.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.weak.org/mailman/listinfo/buug > or, via email, send a message with subject or body 'help' to > buug-request at weak.org > > You can reach the person managing the list at > buug-admin at weak.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Buug digest..." > > Today's Topics: > > 1. Success with FreeBSD (Bob Read) > > --__--__-- > > Message: 1 > Date: Wed, 23 Oct 2002 21:56:50 -0700 (PDT) > From: Bob Read > To: buug at weak.org > Subject: [buug] Success with FreeBSD > > Hello everyone, > I just completed 2 FreeBSD installs...it's the > first time I've installed any BSD in 2 years. > Installs were totally smooth, and I really like the > /etc/rc.conf. > Of great help was my "The Complete FreeBSD" book > from freebsd.org...this book is my favorite unix > reference manual. IMHO, this book plus "Essential > Unix System Administration" by O'Reilly handle most of > my needs. > > Later and see you at the next meeting... > > Bob > > > > ===== > ----------------------------------------- > Bob Read > Senior Unix Administrator/DBA/Programmer > cell (510)-703-1634 > unixjavabob at yahoo.com > ----------------------------------------- > > __________________________________________________ > Do you Yahoo!? > Y! Web Hosting - Let the expert host your web site > http://webhosting.yahoo.com/ > > --__--__-- > > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug > > End of Buug Digest The new book, Absolute BSD, is even better. Good luck. Luis From webmaster at hawaiidakine.com Sun Oct 27 16:37:39 2002 From: webmaster at hawaiidakine.com (al plant) Date: Sun, 27 Oct 2002 14:37:39 -1000 Subject: [buug] CDRW on FreeBSD Message-ID: <3DBC86D3.B2AC4D2A@hawaiidakine.com> Thanks for the response to our request recently for information on FreeBSD as a platform of CD Burning. Johan Beisser said any of the brands should work and IDE is good. "FreeBSD is remarkably agnostic about such things as cd burners." Boy was he correct. We gave up on A redhat linux install after it failed many attempts and we also received many emails about other failures under redhat too. The FreeBSD install with a Sony CDRW was a non-event. Other than checking the /etc/fstab file and creating a directory for the burns and testing all went as the how-to said it would. Three tests, one data and two audio cd's, was painless. Thanks for the advice and we would recommend FreeBSD with the "burncd" from the command line as the way to go. "Simplicity is beauty!" Aloha! Al Plant - Webmaster http://hawaiidakine.com Providing FAST DSL Service for $28.00 /mo. Member Small Business Hawaii. Running FreeBSD 4.5 UNIX & Caldera Linux 2.4 & RedHat 7.2 Support OPEN SOURCE in Business Computing. Phone 808-622-0043 From brian at magenta.planetshwoop.com Sun Oct 27 18:03:31 2002 From: brian at magenta.planetshwoop.com (Brian Sobolak) Date: Sun, 27 Oct 2002 18:03:31 -0800 (PST) Subject: [buug] CDRW on FreeBSD In-Reply-To: <3DBC86D3.B2AC4D2A@hawaiidakine.com> Message-ID: <20021027180223.B688-100000@magenta.planetshwoop.com> On Sun, 27 Oct 2002, al plant wrote: > Running FreeBSD 4.5 UNIX & Caldera Linux 2.4 & RedHat 7.2 Al - just out of curiosity, do customers ask for Caldera? Do you actually have customers running Caldera Linux (or whatever it's been renamed to)? brian -- This is how I think: http://www.planetshwoop.com/blog/ Brian Sobolak sobolak at myrealbox.com From evans at ncseweb.org Mon Oct 28 13:33:33 2002 From: evans at ncseweb.org (Skip Evans) Date: Mon, 28 Oct 2002 13:33:33 -0800 Subject: [buug] Sendmail weirdness? Message-ID: <5.1.0.14.0.20021028133243.02c24d70@mail.mindspring.com> Hi guys, Looks like my majordomo is not working, and I found the following: ncseweb2% ps waux | grep sendmail skip 12470 0.0 0.1 384 160 p0 R+ 1:28PM 0:00.00 grep sendmail root 10985 0.0 1.5 2512 1836 ?? Ss 4:14PM 0:01.98 sendmail: accepting connections (sendmail) root 12437 0.0 1.7 2764 2176 ?? Is 1:22PM 0:00.12 sendmail: ./g9SLMEp12435 applications.udayton. edu.: client MAIL (sendma What is this stuff at udayton.edu ??? Skip Evans Network Project Director National Center for Science Education 420 40th St, Suite 2 Oakland, CA 94609 510-601-7203 Ext. 308 510-601-7204 (fax) 800-290-6006 evans at ncseweb.org http://www.ncseweb.org NCSE now has a one way broadcast news list. Please note that this is NOT a discussion list. You cannot post messages for members to receive. We use this list to broadcast news about the creationism/evolution issue to interested parties. To sign up send: subscribe ncse your at email.address to: majordomo at inia.cls.org From jan at caustic.org Mon Oct 28 13:37:01 2002 From: jan at caustic.org (f.johan.beisser) Date: Mon, 28 Oct 2002 13:37:01 -0800 (PST) Subject: [buug] Sendmail weirdness? In-Reply-To: <5.1.0.14.0.20021028133243.02c24d70@mail.mindspring.com> Message-ID: <20021028133518.M30424-100000@pogo.caustic.org> On Mon, 28 Oct 2002, Skip Evans wrote: > Looks like my majordomo is not working, and I found the following: look in /var/log/maillog for some details as to what's failing. > What is this stuff at udayton.edu ??? that's a forked sendmail process to udayton.edu. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From cmsclaud at arches.uga.edu Tue Oct 29 10:51:22 2002 From: cmsclaud at arches.uga.edu (Claude Rubinson) Date: Tue, 29 Oct 2002 10:51:22 -0800 Subject: [buug] OFF-TOPIC: Sunday Night's Angel? Message-ID: <20021029185122.GA4228@wagner> Sorry for being completely off-topic but I was supposed to tape Sunday night's episode of "Angel" for my girlfriend and completely fscked it up. I've exhausted my usual sources for finding stuff like this and I was hoping that someone here might have a copy that they could lend to me. I'd really appreciate it. (And, of course, I'd comp you for any time and expense.) Thanks, Claude p.s. If you could direct any replies off-list, I'm sure that the list members would appreciate it. From ms at formulae.org Tue Oct 29 11:27:31 2002 From: ms at formulae.org (Michael Salmon) Date: Tue, 29 Oct 2002 11:27:31 -0800 Subject: [buug] OFF-TOPIC: Sunday Night's Angel? In-Reply-To: <20021029185122.GA4228@wagner> References: <20021029185122.GA4228@wagner> Message-ID: <20021029112731.B60250@formulae.org> sorry, we only have all the buffys here ;) On Tue, Oct 29, 2002 at 10:51:22AM -0800, Claude Rubinson wrote: > Sorry for being completely off-topic but I was supposed to tape Sunday > night's episode of "Angel" for my girlfriend and completely fscked it > up. I've exhausted my usual sources for finding stuff like this and I > was hoping that someone here might have a copy that they could lend to > me. I'd really appreciate it. (And, of course, I'd comp you for any > time and expense.) > > Thanks, > > Claude > > p.s. If you could direct any replies off-list, I'm sure that the list > members would appreciate it. > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug From itz at speakeasy.org Tue Oct 29 15:47:14 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 29 Oct 2002 15:47:14 -0800 Subject: [buug] mozilla Message-ID: <86pttsdczh.fsf@kronstadt.homeunix.net> I've become somewhat fed up with the way I use mozilla, and I'd like to customize its UI (beyond what the Edit|Preferences dialog allows). I have read about things like RDF and XUL and I think what I want to do is possible, but ... where are the fine documents? Not on mozilla.org as far as I can see. As an example, changing the default search engine in Edit|Preferences affects the Search button next to the location box (which I want to get rid of) but not the Tools|Search menu item - that always goes to Netscape. And why are there both "Tools|Search the Web" _and_ "Tools|Search|Search the Web" (completely identical behavior)? More generally, can I add my own menus and keybindings as in Emacs? -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From atporter at primate.net Tue Oct 29 15:57:48 2002 From: atporter at primate.net (Aaron T Porter) Date: Tue, 29 Oct 2002 15:57:48 -0800 Subject: [buug] mozilla In-Reply-To: <86pttsdczh.fsf@kronstadt.homeunix.net> References: <86pttsdczh.fsf@kronstadt.homeunix.net> Message-ID: <20021029235748.GJ23362@primate.net> On Tue, Oct 29, 2002 at 03:47:14PM -0800, Ian Zimmerman wrote: > > I've become somewhat fed up with the way I use mozilla, and I'd like > to customize its UI (beyond what the Edit|Preferences dialog allows). > I have read about things like RDF and XUL and I think what I want to > do is possible, but ... where are the fine documents? Not on > mozilla.org as far as I can see. http://www.mozilla.org/rdf/doc/ http://www.mozilla.org/projects/ui/accessibility/accesskey.html http://www.mozilla.org/docs/end-user/moz_shortcuts.html From cmsclaud at arches.uga.edu Tue Oct 29 19:25:18 2002 From: cmsclaud at arches.uga.edu (Claude Rubinson) Date: Tue, 29 Oct 2002 19:25:18 -0800 Subject: [buug] mozilla In-Reply-To: <86pttsdczh.fsf@kronstadt.homeunix.net> References: <86pttsdczh.fsf@kronstadt.homeunix.net> Message-ID: <20021030032518.GA5614@wagner> On Tue, Oct 29, 2002 at 03:47:14PM -0800, Ian Zimmerman wrote: > > I've become somewhat fed up with the way I use mozilla, and I'd like > to customize its UI (beyond what the Edit|Preferences dialog allows). > I have read about things like RDF and XUL and I think what I want to > do is possible, but ... where are the fine documents? Not on > mozilla.org as far as I can see. ..snip.. > More generally, can I add my own menus and keybindings as in Emacs? A couple of thoughts, none of which answer your questions: How is that you wish your web browser to behave? What, specifically, has got your dander up? Have you examined any of the other Gecko-based browsers? I've been fairly happy with Galeon. It's basically Mozilla but with more attention given to the user-interface (which uses GTK instead of XUL). Regarding your question about customizing the search bar, Galeon includes something that they call "Smart Bookmarks." Basically, a smart bookmark is a bookmark that accepts an argument permitting e.g., a google search. (Another Gecko-based browser is Phoenix which is still pretty young and, I believe, not quite ready for primetime. But it might be worth checking out.) I'd also recommend taking a look at w3m which is what I use as my default browser. It's basically just a pager, so it doesn't support images but it does support tables and frames. (Actually, that's not quite true. By default, it doesn't support images and will, on demand, call out to an external viewer but there's also support for inline images. I can't decide whether I like it or not.) The more that I've used w3m, the happier I've been with it. As far as I can tell (the docs aren't great), w3m doesn't permit custom keybindings but, by default, it uses Emacs-style bindings (vi- and lynx-style bindings are also available) so I'm happy. It can also call out to another browser which means that when I stumble across a page that requires a graphical browser, Shift-M opens that page in Galeon. (Also, if you're an Emacs-junkie, w3m can be embedded in Emacs. I've only played around with this a bit and haven't ever really gotten the hang of it but it seems nicer than W3 to me. And, as far as I know, there's no relation between W3 and w3m.) If I'm idlying surfing the web and clicking away, I'll generally turn to Galeon which gives me all the color and formatting and graphics without any fuss. But when I'm trying to get work done, w3m is my tool of choice. Depending upon your demands, it might be worth taking a look at. Claude From itz at speakeasy.org Tue Oct 29 22:36:59 2002 From: itz at speakeasy.org (Ian Zimmerman) Date: 29 Oct 2002 22:36:59 -0800 Subject: [buug] mozilla In-Reply-To: <20021030032518.GA5614@wagner> References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> Message-ID: <86bs5cxwj8.fsf@kronstadt.homeunix.net> itz> I've become somewhat fed up with the way I use mozilla, and I'd itz> like to customize its UI (beyond what the Edit|Preferences dialog itz> allows). I have read about things like RDF and XUL and I think itz> what I want to do is possible, but ... where are the fine itz> documents? Not on mozilla.org as far as I can see. itz> More generally, can I add my own menus and keybindings as in itz> Emacs? Claude> A couple of thoughts, none of which answer your questions: How Claude> is that you wish your web browser to behave? What, Claude> specifically, has got your dander up? UI elements that I use 1% of the time but take 10% of the avaliable screen space, and cannot be hidden because hiding will them also hide something useful :( That is, the grouping of items in the toolbars is wrong for me. The issue of customizing searches arises because I want to hide the whole location toolbar, but the Search thing in the menu doesn't do the same thing as the Search button which I would thus lose. Also, using bookmarks is a Satan vs. Lucifer choice for me. Navigating the bookmark menus is awkward because the submenus get too deep too fast and many submenus will be unexpectedly flipped or shifted to fit on the screen; OTOH activating from the bookmark window requires the straining behaviors of double- or right-clicking. The closest to the interface I'd like is actually simply opening the file bookmarks.html in the browser; but it should have a two-level TOC, to avoid scrolling through just to find the particular item I need. Claude> Have you examined any of the other Gecko-based browsers? I've Claude> been fairly happy with Galeon. It's basically Mozilla but Claude> with more attention given to the user-interface (which uses Claude> GTK instead of XUL). Requires Gnome ... Claude> I'd also recommend taking a look at w3m which is what I use as Claude> my default browser. Never seen this one, thanks for the tip. Two browsers I have tried are Skipstone and BrowseX. Skipstone was yet another Gecko wrapper, simple and fast, but now seems to be dead. BrowseX is a completely different beast, Tcl-based, and _very_ impressive (give it a try someday), but unfortunately it doesn't have hierarchical bookmarks. Thanks again for help, -- Ian Zimmerman, Oakland, California, U.S.A. I did not vote for Emperor Bush. GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087 From jan at caustic.org Tue Oct 29 22:42:35 2002 From: jan at caustic.org (f.johan.beisser) Date: Tue, 29 Oct 2002 22:42:35 -0800 (PST) Subject: [buug] mozilla In-Reply-To: <86bs5cxwj8.fsf@kronstadt.homeunix.net> Message-ID: <20021029224133.Y30424-100000@pogo.caustic.org> On 29 Oct 2002, Ian Zimmerman wrote: > Claude> I'd also recommend taking a look at w3m which is what I use as > Claude> my default browser. > > Never seen this one, thanks for the tip. another gecko based one is "phoenix". kind of a mozilla-lite. i've not tried it, as of yet, but i've heard good things so far. give it a shot, and let me know. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From rick at linuxmafia.com Tue Oct 29 23:13:30 2002 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 29 Oct 2002 23:13:30 -0800 Subject: [buug] mozilla In-Reply-To: <86bs5cxwj8.fsf@kronstadt.homeunix.net> References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> <86bs5cxwj8.fsf@kronstadt.homeunix.net> Message-ID: <20021030071330.GR23673@linuxmafia.com> Quoting Ian Zimmerman (itz at speakeasy.org): > Claude> Have you examined any of the other Gecko-based browsers? I've > Claude> been fairly happy with Galeon. It's basically Mozilla but > Claude> with more attention given to the user-interface (which uses > Claude> GTK instead of XUL). > > Requires Gnome ... News to me. Package: galeon Priority: optional Section: web Installed-Size: 1300 Maintainer: Jared Johnson (Debian) Architecture: i386 Version: 1.2.5-0.woody.1 Replaces: galeon-beta, galeon-nautilus Provides: www-browser Depends: gdk-imlib1, libart2 (>= 1.2.13-5), libaudiofile0 (>= 0.2.3-4), libc6 (> = 2.2.4-4), libdb3 (>= 3.2.9-16), libesd0 (>= 0.2.23-1) | libesd-alsa0 (>= 0.2.2 3-1), libgconf11 (>= 1.0.7), libgdk-pixbuf2 (>= 0.17.0-2), libglade-gnome0, libg lade0, libglib1.2 (>= 1.2.0), libgnome-vfs0 (>= 1.0.3-2), libgnome32 (>= 1.2.13- 5), libgnomesupport0 (>= 1.2.13-5), libgnomeui32 (>= 1.2.13-5), libgtk1.2 (>= 1. 2.10-4), libjpeg62, liboaf0 (>= 0.6.10), liborbit0 (>= 0.5.16), libpng2(>=1.0.12 ), libpopt0 (>= 1.6.2-1), libstdc++2.10-glibc2.2 (>= 1:2.95.4-0.010810), libtiff 3g, libungif4g (>= 4.1.0b1), libwrap0, libxml1 (>= 1:1.8.14-3), oaf (>= 0.6.10), xlibs (>> 4.1.0), zlib1g (>= 1:1.1.4), galeon-common (=1.2.5-0.woody.1), mozill a-browser (>=2:1.0.0), procps Recommends: mozilla-psm Suggests: gtm (>=0.4.10) Conflicts: mozilla-browser (>=2:1.0.1), galeon-nautilus Filename: pool/main/g/galeon/galeon_1.2.5-0.woody.1_i386.deb Size: 423290 MD5sum: feba532b5c612b61f4cddeb0aba2fd08 Description: Mozilla based web browser with GNOME look and feel Galeon is a fast Web Browser for the GNOME Desktop Environment. . Galeon's use of Mozilla's Gecko rendering engine makes it more feature complete and standards compliant than most other browsers available. . By using the GNOME and GTK libraries for the user interface, Galeon is usually faster than mozilla and the interface integrates well with the GNOME Desktop Environment. A big bunch of dynamic libs, to be sure (which you can cut severely with compile options, if you care), but I see no friggin' GNOME on this system. -- Cheers, Live Faust, die Jung. Rick Moen rick at linuxmafia.com From nick at zork.net Tue Oct 29 23:10:09 2002 From: nick at zork.net (Nick Moffitt) Date: Tue, 29 Oct 2002 23:10:09 -0800 Subject: [buug] mozilla In-Reply-To: <20021029224133.Y30424-100000@pogo.caustic.org> References: <86bs5cxwj8.fsf@kronstadt.homeunix.net> <20021029224133.Y30424-100000@pogo.caustic.org> Message-ID: <20021030071009.GE30867@zork.net> begin f.johan.beisser quotation: > another gecko based one is "phoenix". kind of a mozilla-lite. i've > not tried it, as of yet, but i've heard good things so far. I'm working on the LNX-BBC mini-distribution of GNU/Linux, and we include browseX as our lean-and-fast browser. I am principally involved as the author of the packaging system, GAR, which is a way to automate building everything from source not unlike gentoo's portage or BSD ports. The problem is that browseX isn't easy to build, and we have *always* just used officially blessed release binaries, which are kind of wasteful (they include statically-linked TCL and Tk among other things). One thing I'm looking for is a very lightweight gecko-based browser with the Javurscript support. The problem is that of the ones I can find, skipstone requires an existing mojira install, and galeon includes a lot of GNOME stuff. phoenix looks nice, but the binary release is a 9MB tarball! Are there any genuinely small and elegant gecko browsers out there? I'd love to be able to build a reasonably-sized yet functional browser app from source. -- A: No. Q: Should I include quotations after my reply? From nick at zork.net Tue Oct 29 23:22:58 2002 From: nick at zork.net (Nick Moffitt) Date: Tue, 29 Oct 2002 23:22:58 -0800 Subject: [buug] mozilla In-Reply-To: <20021030071330.GR23673@linuxmafia.com> References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> <86bs5cxwj8.fsf@kronstadt.homeunix.net> <20021030071330.GR23673@linuxmafia.com> Message-ID: <20021030072258.GF30867@zork.net> begin Rick Moen Lives Three Hours from Nowhere quotation: > > Requires Gnome ... > > News to me. > > Package: galeon [...] > Depends: gdk-imlib1, libart2 (>= 1.2.13-5), libaudiofile0 (>= 0.2.3-4), libc6 (> > lade0, libglib1.2 (>= 1.2.0), libgnome-vfs0 (>= 1.0.3-2), libgnome32 (>= 1.2.13- [..............................................................^^^^^] > A big bunch of dynamic libs, to be sure (which you can cut severely > with compile options, if you care), but I see no friggin' GNOME on > this system. The compile options cut out tests for the libs, but do not allow you to disable much. Try downloading the tarball and have a look at ./configure --help. Tell me how I cut out those gnome libraries. The big joke is that galeon requires an existing mozilla install. You still end up with megs and megs of useless crap on your box. And pedantry about GNOME libraries versus the GNOME desktop is so last year. You're right Rick, GNOME is a project, and it doesn't require all those people to be standing next to you sharing and caring to make it work. -- A: No. Q: Should I include quotations after my reply? From jan at caustic.org Tue Oct 29 23:26:46 2002 From: jan at caustic.org (f.johan.beisser) Date: Tue, 29 Oct 2002 23:26:46 -0800 (PST) Subject: [buug] mozilla In-Reply-To: <20021030071009.GE30867@zork.net> Message-ID: <20021029232510.R30424-100000@pogo.caustic.org> On Tue, 29 Oct 2002, Nick Moffitt wrote: > phoenix looks nice, but the binary release is a 9MB tarball! > Are there any genuinely small and elegant gecko browsers out there? > I'd love to be able to build a reasonably-sized yet functional browser > app from source. i suspect you're going to be SOL. gecko itself is not tiny by any means. most of those "alternatives using gecko" need to have mozilla installed with it, which just kills the space saving aspect of it. anyhow, bedwards for me. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From nick at zork.net Tue Oct 29 23:32:38 2002 From: nick at zork.net (Nick Moffitt) Date: Tue, 29 Oct 2002 23:32:38 -0800 Subject: [buug] mozilla In-Reply-To: <20021029232510.R30424-100000@pogo.caustic.org> References: <20021030071009.GE30867@zork.net> <20021029232510.R30424-100000@pogo.caustic.org> Message-ID: <20021030073238.GG30867@zork.net> begin f.johan.beisser quotation: > i suspect you're going to be SOL. gecko itself is not tiny by any > means. most of those "alternatives using gecko" need to have > mozilla installed with it, which just kills the space saving aspect > of it. Why can't they just lift out the gecko sources and use that? I really don't get it. I can handle gecko being a few megs of bloated libraries, but I just don't want all the other cruft that mojira comes with. -- A: No. Q: Should I include quotations after my reply? From nick at zork.net Tue Oct 29 23:35:48 2002 From: nick at zork.net (Nick Moffitt) Date: Tue, 29 Oct 2002 23:35:48 -0800 Subject: [buug] mozilla In-Reply-To: <20021030073238.GG30867@zork.net> References: <20021030071009.GE30867@zork.net> <20021029232510.R30424-100000@pogo.caustic.org> <20021030073238.GG30867@zork.net> Message-ID: <20021030073548.GH30867@zork.net> begin Nick Moffitt quotation: > begin f.johan.beisser quotation: > > i suspect you're going to be SOL. gecko itself is not tiny by any > > means. most of those "alternatives using gecko" need to have > > mozilla installed with it, which just kills the space saving > > aspect of it. > > Why can't they just lift out the gecko sources and use that? > I really don't get it. I can handle gecko being a few megs of > bloated libraries, but I just don't want all the other cruft that > mojira comes with. that is to say, browsex is currently 6MB uncompressed, and I'm looking for something in that size range. -- A: No. Q: Should I include quotations after my reply? From rick at linuxmafia.com Wed Oct 30 09:43:55 2002 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 30 Oct 2002 09:43:55 -0800 Subject: [buug] mozilla In-Reply-To: <20021030072258.GF30867@zork.net> References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> <86bs5cxwj8.fsf@kronstadt.homeunix.net> <20021030071330.GR23673@linuxmafia.com> <20021030072258.GF30867@zork.net> Message-ID: <20021030174355.GY23673@linuxmafia.com> Quoting Nick Moffitt (nick at zork.net): > The compile options cut out tests for the libs, but do not allow you > to disable much. Try downloading the tarball and have a look at > ./configure --help. Tell me how I cut out those gnome libraries. Not those couple of GNOME libs, but many of the others, if memory serves. > The big joke is that galeon requires an existing mozilla install. You > still end up with megs and megs of useless crap on your box. That is indeed a deal-breaker for the LNX-BBC, but not for someone who wants a decent Web browser without wanting GNOME. > And pedantry about GNOME libraries versus the GNOME desktop is so last > year. Seems as if my pedantry concerns a difference a couple of hundred megs of installed cruft wide. From nick at zork.net Wed Oct 30 09:49:14 2002 From: nick at zork.net (Nick Moffitt) Date: Wed, 30 Oct 2002 09:49:14 -0800 Subject: [buug] mozilla In-Reply-To: <20021030174355.GY23673@linuxmafia.com> References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> <86bs5cxwj8.fsf@kronstadt.homeunix.net> <20021030071330.GR23673@linuxmafia.com> <20021030072258.GF30867@zork.net> <20021030174355.GY23673@linuxmafia.com> Message-ID: <20021030174914.GM30867@zork.net> begin Rick Moen Lives Three Hours from Nowhere quotation: > > And pedantry about GNOME libraries versus the GNOME desktop is so > > last year. > > Seems as if my pedantry concerns a difference a couple of hundred > megs of installed cruft wide. Gosh, why that's nearly half the size of the libs themselves! -- A: No. Q: Should I include quotations after my reply? From robert at namodn.com Wed Oct 30 10:51:40 2002 From: robert at namodn.com (Rob Helmer) Date: Wed, 30 Oct 2002 10:51:40 -0800 Subject: [buug] mozilla In-Reply-To: <86bs5cxwj8.fsf@kronstadt.homeunix.net>; from itz@speakeasy.org on Tue, Oct 29, 2002 at 10:36:59PM -0800 References: <86pttsdczh.fsf@kronstadt.homeunix.net> <20021030032518.GA5614@wagner> <86bs5cxwj8.fsf@kronstadt.homeunix.net> Message-ID: <20021030105140.A10716@namodn.com> On Tue, Oct 29, 2002 at 10:36:59PM -0800, Ian Zimmerman wrote: > > itz> I've become somewhat fed up with the way I use mozilla, and I'd > itz> like to customize its UI (beyond what the Edit|Preferences dialog > itz> allows). I have read about things like RDF and XUL and I think > itz> what I want to do is possible, but ... where are the fine > itz> documents? Not on mozilla.org as far as I can see. > > itz> More generally, can I add my own menus and keybindings as in > itz> Emacs? > > Claude> A couple of thoughts, none of which answer your questions: How > Claude> is that you wish your web browser to behave? What, > Claude> specifically, has got your dander up? > > UI elements that I use 1% of the time but take 10% of the avaliable > screen space, and cannot be hidden because hiding will them also hide > something useful :( That is, the grouping of items in the toolbars is > wrong for me. Hello, Phoenix is actually pretty good, I've been using nightlies regularly for some time ( it lives on the Mozilla trunk, as part of the overall Mozilla codebase ). http://mozilla.org/projects/phoenix It's mostly a reworking of the browser UI ( it does not come with anything except the browser and the javascript console, no mail/composer/irc/etc ). It has on-the-fly customizable toolbars, you can even move items up onto the menubar now if you are really into preserving screen real estate. The preferences are also alot leaner, and they've removed alot of the useless redundancy in the menus. Also, if you want to do some XUL here are some sites : "Creating Applications with Mozilla", O'Reilly. Published under the OPL, it's available online : http://books.mozdev.org/ XUL Planet - tutorials, apps, element reference - http://xulplanet.com Someone else posted some links to Mozilla.org, the stuff there is pretty dry, and there isn't much in the way of tutorials, but great as a reference and usually the most up-to-date. -- Rob From robert at namodn.com Wed Oct 30 11:14:08 2002 From: robert at namodn.com (Rob Helmer) Date: Wed, 30 Oct 2002 11:14:08 -0800 Subject: [buug] mozilla In-Reply-To: <20021030073238.GG30867@zork.net>; from nick@zork.net on Tue, Oct 29, 2002 at 11:32:38PM -0800 References: <20021030071009.GE30867@zork.net> <20021029232510.R30424-100000@pogo.caustic.org> <20021030073238.GG30867@zork.net> Message-ID: <20021030111408.B10716@namodn.com> On Tue, Oct 29, 2002 at 11:32:38PM -0800, Nick Moffitt wrote: > begin f.johan.beisser quotation: > > i suspect you're going to be SOL. gecko itself is not tiny by any > > means. most of those "alternatives using gecko" need to have > > mozilla installed with it, which just kills the space saving aspect > > of it. > > Why can't they just lift out the gecko sources and use that? > I really don't get it. I can handle gecko being a few megs of bloated > libraries, but I just don't want all the other cruft that mojira comes > with. You can. It's redistributing it that's the trick. The Galeon people are waiting for the relicensing - http://www.mozilla.org/MPL/missing.html Google for details. There's also a project at Mozilla to split Gecko into a "runtime environment", probably just a bunch of libraries despite the fancy name : http://mozilla.org/projects/embedding/MRE.html Finally, nightly builds ( or builds from source ) of Mozilla come with TestGtkEmbed, which is a very simple browser. Simple enough to be an example or test, not something most people would use everyday. It does show the bare minimum needed to implement Gecko though. $ ls -l TestGtkEmbed -rwxr-xr-x 1 rhelmer rhelmer 18972 Oct 29 08:42 TestGtkEmbed $ ldd TestGtkEmbed libgtkembedmoz.so => ./libgtkembedmoz.so (0x40014000) libgtksuperwin.so => ./libgtksuperwin.so (0x4002e000) libdl.so.2 => /lib/libdl.so.2 (0x4003f000) libmozjs.so => ./libmozjs.so (0x40042000) libxpcom.so => ./libxpcom.so (0x400b3000) libplds4.so => ./libplds4.so (0x401a8000) libplc4.so => ./libplc4.so (0x401ab000) libnspr4.so => ./libnspr4.so (0x401b0000) libpthread.so.0 => /lib/libpthread.so.0 (0x401de000) libgtk-1.2.so.0 => /usr/lib/libgtk-1.2.so.0 (0x401f2000) libgdk-1.2.so.0 => /usr/lib/libgdk-1.2.so.0 (0x40317000) libgmodule-1.2.so.0 => /usr/lib/libgmodule-1.2.so.0 (0x4034b000) libglib-1.2.so.0 => /usr/lib/libglib-1.2.so.0 (0x4034e000) libXi.so.6 => /usr/X11R6/lib/libXi.so.6 (0x40371000) libXext.so.6 => /usr/X11R6/lib/libXext.so.6 (0x40379000) libX11.so.6 => /usr/X11R6/lib/libX11.so.6 (0x40387000) libm.so.6 => /lib/libm.so.6 (0x40461000) libstdc++-libc6.1-1.so.2 => /usr/lib/libstdc++-libc6.1-1.so.2 (0x40482000) libc.so.6 => /lib/libc.so.6 (0x404c4000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) $ ls -la `ldd TestGtkEmbed | awk '{print $1}'` ( not counting system/gtk/X11 libraries, just Mozilla ) -rwxr-xr-x 1 rhelmer rhelmer 98520 Oct 29 08:42 libgtkembedmoz.so -rwxr-xr-x 1 rhelmer rhelmer 17216 Oct 29 08:42 libgtksuperwin.so -rwxr-xr-x 1 rhelmer rhelmer 461748 Oct 29 08:42 libmozjs.so -rwxr-xr-x 1 rhelmer rhelmer 179584 Oct 29 08:42 libnspr4.so -rwxr-xr-x 1 rhelmer rhelmer 16084 Oct 29 08:42 libplc4.so -rwxr-xr-x 1 rhelmer rhelmer 9804 Oct 29 08:42 libplds4.so -rwxr-xr-x 1 rhelmer rhelmer 1011408 Oct 29 08:42 libxpcom.so ( some of these libraries link to eachother, but I didn't see anything else that linked further into the Mozilla libraries ). -- Rob From maneeshgautam at rediffmail.com Wed Oct 30 19:59:01 2002 From: maneeshgautam at rediffmail.com (Maneesh Gautam) Date: 31 Oct 2002 03:59:01 -0000 Subject: [buug] Unsubscribe me Message-ID: <20021031035901.15555.qmail@webmail6.rediffmail.com> An embedded and charset-unspecified text was scrubbed... Name: not available URL: From jammer at weak.org Wed Oct 30 20:17:31 2002 From: jammer at weak.org (Jon McClintock) Date: Wed, 30 Oct 2002 20:17:31 -0800 Subject: [buug] Unsubscribe me In-Reply-To: <20021031035901.15555.qmail@webmail6.rediffmail.com> References: <20021031035901.15555.qmail@webmail6.rediffmail.com> Message-ID: <20021031041731.GD15520@weak.org> On Thu, Oct 31, 2002 at 03:59:01AM -0000, Maneesh Gautam wrote: > Hi there, > > I want my mail id to be taken off from this mail list > > Thanking you > Gautam > > > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug Hello, Instructions on how to unsubscribe from this list were provided when you subscribed, and are included in every single message that is sent out through it. But, since you seem to have difficulty doing things for yourself, the way you unsubscribe is by going to: http://www.weak.org/mailman/listinfo/buug/ And follow the unsubscribe option. -Jon From rick at linuxmafia.com Wed Oct 30 21:01:27 2002 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 30 Oct 2002 21:01:27 -0800 Subject: [buug] Unsubscribe me In-Reply-To: <20021031035901.15555.qmail@webmail6.rediffmail.com> References: <20021031035901.15555.qmail@webmail6.rediffmail.com> Message-ID: <20021031050127.GN23673@linuxmafia.com> Quoting Maneesh Gautam (maneeshgautam at rediffmail.com): > I want my mail id to be taken off from this mail list Absolutely not. From nkj at namodn.com Thu Oct 31 11:46:15 2002 From: nkj at namodn.com (Nick Jennings) Date: Thu, 31 Oct 2002 11:46:15 -0800 Subject: [buug] Unsubscribe me In-Reply-To: <20021031050127.GN23673@linuxmafia.com>; from rick@linuxmafia.com on Wed, Oct 30, 2002 at 09:01:27PM -0800 References: <20021031035901.15555.qmail@webmail6.rediffmail.com> <20021031050127.GN23673@linuxmafia.com> Message-ID: <20021031114615.F19370@namodn.com> On Wed, Oct 30, 2002 at 09:01:27PM -0800, Rick Moen wrote: > Quoting Maneesh Gautam (maneeshgautam at rediffmail.com): > > > I want my mail id to be taken off from this mail list > > Absolutely not. You all must be hackers. It's a conspiracy. Thanks, From Johnny From sobolak at myrealbox.com Thu Oct 31 13:31:16 2002 From: sobolak at myrealbox.com (Brian Sobolak) Date: Thu, 31 Oct 2002 15:31:16 -0600 Subject: [buug] did you see today's foxtrot? Message-ID: <1036099876.be32d560sobolak@myrealbox.com> While not as good as the Unix underpants strip, this one is pretty good. http://images.ucomics.com/comics/ft/2002/ft021031.gif -- Brian Sobolak http://www.planetshwoop.com/ sobolak at myrealbox.com From john at jjdev.com Thu Oct 31 15:51:50 2002 From: john at jjdev.com (johnd) Date: Thu, 31 Oct 2002 15:51:50 -0800 Subject: [buug] Unsubscribe me In-Reply-To: <20021031035901.15555.qmail@webmail6.rediffmail.com> References: <20021031035901.15555.qmail@webmail6.rediffmail.com> Message-ID: <20021031235150.GB19439@master.theunixman.com> On Thu, Oct 31, 2002 at 03:59:01AM -0000, Maneesh Gautam wrote: > Hi there, > > I want my mail id to be taken off from this mail list > > Thanking you > Gautam Please fill out form 366554D and submit it do dept K. You will then need to file a 133T. From unixjavabob at yahoo.com Thu Oct 31 16:35:16 2002 From: unixjavabob at yahoo.com (Bob Read) Date: Thu, 31 Oct 2002 16:35:16 -0800 (PST) Subject: [buug] Unsubscribe me In-Reply-To: <20021031235150.GB19439@master.theunixman.com> Message-ID: <20021101003516.24313.qmail@web13802.mail.yahoo.com> Our Constitution is in actual operation; Everything appears to promise that it will last; But in this world nothing is certain But "death" and "buug at weak.org". --- johnd wrote: > On Thu, Oct 31, 2002 at 03:59:01AM -0000, Maneesh > Gautam wrote: > > Hi there, > > > > I want my mail id to be taken off from this mail > list > > > > Thanking you > > Gautam > > > Please fill out form 366554D and submit it do dept > K. You will then need to > file a 133T. > > > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug ===== ----------------------------------------- Bob Read Senior Unix Administrator/DBA/Programmer cell (510)-703-1634 unixjavabob at yahoo.com ----------------------------------------- __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ From nickmdf at tsoft.com Thu Oct 31 16:42:34 2002 From: nickmdf at tsoft.com (Nick Sophinos) Date: Thu, 31 Oct 2002 16:42:34 -0800 Subject: [buug] Unsubscribe me In-Reply-To: <20021031235150.GB19439@master.theunixman.com> Message-ID: Actually I thought that one has to click on the Windows XP unsubscribe wizard. Just make sure that you have your original OEM Install CD handy. - Nick -----Original Message----- From: buug-admin at weak.org [mailto:buug-admin at weak.org]On Behalf Of johnd Sent: Thursday, October 31, 2002 3:52 PM To: Maneesh Gautam Cc: Buug at weak.org Subject: Re: [buug] Unsubscribe me On Thu, Oct 31, 2002 at 03:59:01AM -0000, Maneesh Gautam wrote: > Hi there, > > I want my mail id to be taken off from this mail list > > Thanking you > Gautam Please fill out form 366554D and submit it do dept K. You will then need to file a 133T. _______________________________________________ Buug mailing list Buug at weak.org http://www.weak.org/mailman/listinfo/buug From nthomas at cise.ufl.edu Thu Oct 31 17:24:56 2002 From: nthomas at cise.ufl.edu (N. Thomas) Date: Thu, 31 Oct 2002 20:24:56 -0500 Subject: [buug] DNS on OpenBSD Message-ID: <20021101012456.GA27773@cise.ufl.edu> So I'm shopping around for a DNS solution for our network here: an OpenBSD firewalling/nat box that feeds some other (mostly Unix) machines. I looked into it a bit, and whittled it down to these: bind4 - comes with OpenBSD bind9 - latest version from ISC djbdns - I've heard good things about it, and I don't care about the licensing (my morals are lax) Normally I would just use the vendor supplied program, but I was looking through a DNS book the other day (Langfeldt, Que) and it put the fear of God into me about using bind4. Bind9 is what the book recommended, and everywhere I turn I hear about djbdns. I'm not looking to do anything difficult, just provide name resolution and possibly some caching. Would anyone like to share some information on the topic? thanks, thomas -- N. Thomas nthomas at cise.ufl.edu Etiamsi occiderit me, in ipso sperabo From jan at caustic.org Thu Oct 31 17:37:25 2002 From: jan at caustic.org (f.johan.beisser) Date: Thu, 31 Oct 2002 17:37:25 -0800 (PST) Subject: [buug] DNS on OpenBSD In-Reply-To: <20021101012456.GA27773@cise.ufl.edu> Message-ID: <20021031172624.G30424-100000@pogo.caustic.org> On Thu, 31 Oct 2002, N. Thomas wrote: > I looked into it a bit, and whittled it down to these: > > bind4 - comes with OpenBSD native, well toured code. comes preconfigured for a chrooted environment. > bind9 - latest version from ISC supports v6 natively (if you need it) good for some applications (views being one of my fave concepts, even if implementing them is less than easy) > djbdns - I've heard good things about it, and I don't care about the > licensing (my morals are lax) it's broken. it doesn't follow most standards, and djb doesn't care to make it conform. licensing aside, djb will gladly stake you to the ground, and not commit any bugfixes (you didn't make any changes to his code, did you?) you provide. "they're features, you shmuck" -- djb > Normally I would just use the vendor supplied program, but I was looking > through a DNS book the other day (Langfeldt, Que) and it put the fear of God > into me about using bind4. Bind9 is what the book recommended, and > everywhere I turn I hear about djbdns. i would go with bind9, since i'm more familiar with bind8/9 syntax. chroot it, and ignore it. > I'm not looking to do anything difficult, just provide name resolution and > possibly some caching. cacheing is the best thing about having your own DNS. > Would anyone like to share some information on the topic? i think i summed it all up there. the only real reason for not using bind4 is the old config files. the OpenBSD team has toured it fairly well, and uses it in production themselves. to the best of my knowledge, there's not been recent bind4 exploit that worked against OpenBSDs version. i can't say the same for bind8 or bind9. since you're not looking for anything heavy duty, or featureful, there's more than just those 3 versions out there. there's also maradns , amongst others. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan at caustic.org "Champagne for my real friends, real pain for my sham friends." -- Tom Waits From rick at linuxmafia.com Thu Oct 31 18:45:09 2002 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 31 Oct 2002 18:45:09 -0800 Subject: [buug] DNS on OpenBSD In-Reply-To: <20021101012456.GA27773@cise.ufl.edu> References: <20021101012456.GA27773@cise.ufl.edu> Message-ID: <20021101024509.GC23673@linuxmafia.com> Quoting N. Thomas (nthomas at cise.ufl.edu): > So I'm shopping around for a DNS solution for our network here: an OpenBSD > firewalling/nat box that feeds some other (mostly Unix) machines. I'll just cross-post my list from a comment I made at http://lwn.net/Articles/12928/ : Free/open-source alternatives to BIND: * http://www.dents.org/: DENTS * http://www.maradns.org/ MaraDNS * http://mydns.bboy.net/: MyDNS * http://home.t-online.de/home/Moestl/: pdnsd * http://dnrd.nevalabs.org/: Domain Name Relay Daemon * http://posadis.sourceforge.net/: Posadis * http://pliant.cx/pliant/protocol/dns/: Pliant * http://www.linuks.mine.nu/helpers/yaku-ns/: Yaku-NS (official site * at www.kyuzz.org/antirez/ens.html seems to be down) * http://customdns.sourceforge.net/: CustomDNS * http://www.thekelleys.org.uk/dnsmasq/: Dnsmasq * http://gnudip2.sourceforge.net/gnudip-www/: GnuDIP * http://www.stanford.edu/~riepel/lbnamed/: lbnamed * http://eddie.sourceforge.net/lbdns.html: lbdns Taken from my list of such software in http://linuxmafia.com/~rick/faq/#djb, which also includes all known open-source Web and ftp daemons for *ix. (Some of the DNS daemons listed are for specialised applications, but many are not.) > Normally I would just use the vendor supplied program, but I was > looking through a DNS book the other day (Langfeldt, Que) and it put > the fear of God into me about using bind4. I'm wary of BIND4, too -- but, in fairness, it seems a dead certainty that the version OpenBSD ships is very heavily patched. Very often, the best bets for reasonable security over the long run are older versions that have had fixes backported to them, rather than jumping at the latest of everything. > Bind9 is what the book recommended, and everywhere I turn I hear about > djbdns. Heh. _That_ kettle of fish. Quoting from http://linuxmafia.com/~rick/faq/#djb : [Coverage of proprietary licensing and extremely odd design of DJBware snipped. Listings of open-source alternatives in each category of DJBware snipped.] djbdns should not be assumed automatically to be an all-around-usage DNS server, either. Some of the areas in which Bernstein has elected not to follow IETF draft standards in djbdns's functioning are outlined in Scott Morizot's letter to Linux Weekly News [http://lwn.net/2001/0222/letters.php3] (seventh letter down). (Note that there are third-party ways to fix djbdns to add support for the IETF NOTIFY protocol, for sending [http://tinydns.org/dnsnotify] and receiving [http://marc.theaimsgroup.com/?l=djbdns&m=97563649813152&w=2] NOTIFYs, but the point is Bernstein decided not to implement that and many other core DNS protocols: He recommends [http://cr.yp.to/djbdns/run-server.html], for example, that you eschew the standards-track NOTIFY and IXFR protocols, and use rsync instead.) A comprehensive list of IETF DNS protocols omitted from djbdns can be found in Paul Vixie's linuxsecurity.com interview [http://www.linuxsecurity.com/feature_stories/conrad_vixie-4.html]. It can be argued that the omitted DNS protocols are merely standards-track (proposed) IETF protocols as of Nov. 2001 -- whose adoption Bernstein opposes on various grounds. (Relevant RFCs are 1995, 1996, 2136, 2535, 2536, 2537, 2538, 2539, 2845, 2930, 2931, 3007, 3008, 3090, and 3110.) But shunning common zone-transfer mechanisms (NOTIFY, IXFR, outgoing AXFR) is just unreasonable if you want to want to interoperate with the rest of the world. > Would anyone like to share some information on the topic? Try MaraDNS. Me, I tend to use BIND9, but more because I'm used to the thing than for any better reason. -- Cheers, "On the face of it, Microsoft complaining about the source license Rick Moen used by Linux is like the event horizon calling the kettle black." rick at linuxmafia.com -- Adam Barr, former Microsoft Corp. programmer