From jep200404 at columbus.rr.com Sat May 1 19:39:17 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:17 2005 Subject: FTP clients for huge files [COLUG] Message-ID: <20040501193917.43ad184a.jep200404@columbus.rr.com> Which FTP clients handle huge files with aplomb? I'm trying and failing to download a huge (>4GB) file. Many have trouble around either 2GB or 4GB. From colug at jmglov.net Sat May 1 19:47:35 2004 From: colug at jmglov.net (Josh Glover) Date: Sat Jan 8 01:35:17 2005 Subject: FTP clients for huge files [COLUG] In-Reply-To: <20040501193917.43ad184a.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> Message-ID: <20040501234735.GB29501%jmglov@jmglov.net> Quoth Jim P (Sat 2004-05-01 07:39:17PM -0400): > Which FTP clients handle huge files with aplomb? > > I'm trying and failing to download a huge (>4GB) file. > Many have trouble around either 2GB or 4GB. I would typically recommend wget, though you have probably tried it. Which clients have you found lacking, so that we don't chime in with those? -- Josh Glover GPG keyID 0xDE8A3103 (C3E4 FA9E 1E07 BBDB 6D8B 07AB 2BF1 67A1 DE8A 3103) gpg --keyserver pgp.mit.edu --recv-keys DE8A3103 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://www.colug.net/pipermail/colug/attachments/20040501/5f2d355e/attachment.bin From linux at litenverden.org Sat May 1 20:06:03 2004 From: linux at litenverden.org (George H. Yeager) Date: Sat Jan 8 01:35:17 2005 Subject: [COLUG] Mandrake 10.0 Disaster Recovery In-Reply-To: <4092DDEE.6000705@litenverden.org> References: <5789A42DD684734298BF9EC852D35111033AB018@scad1exis02.alldata.net> <4092DDEE.6000705@litenverden.org> Message-ID: <40943B6B.2000205@litenverden.org> I'm still trying to recover from my Mandrake 10.0 upgrade. Not only did I lose wireless, I also lost my network printing. Printing is more important than wireless right now. I have Gimpprint installed (I was using that before). I have CUPS installed. My print server (Hawking) is at 192.168.0.126 and the printer is an HP4P. The server queue name is lp1. The 10.0 utilities will not let me install a network printer. Can anyone help me get printing back? Thanks!! George From jep200404 at columbus.rr.com Sat May 1 20:07:12 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:17 2005 Subject: FTP clients for huge files [COLUG] In-Reply-To: <20040501234735.GB29501%jmglov@jmglov.net> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> Message-ID: <20040501200712.79124ff6.jep200404@columbus.rr.com> Which FTP clients have you actually successfully used to download huge (bigger than 2^32 bytes) files? Josh Glover wrote: > Quoth Jim P (Sat 2004-05-01 07:39:17PM -0400): > > > Which FTP clients handle huge files with aplomb? > > > > I'm trying and failing to download a huge (>4GB) file. > > Many have trouble around either 2GB or 4GB. > > I would typically recommend wget, though you have probably tried it. Yes I have tried wget. It does not get past 2^32-1 bytes. > Which > clients have you found lacking, so that we don't chime in with those? Just chime in with clients that you have already successfully used with huge files. I'm not looking for a laundry list of untested clients to test. I've already wasted much time and a huge amount of bandwidth doing that. From jep200404 at columbus.rr.com Sat May 1 20:33:34 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:17 2005 Subject: Big Honkin' File to download [COLUG] In-Reply-To: <20040501193917.43ad184a.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> Message-ID: <20040501203334.045db992.jep200404@columbus.rr.com> By the way, a file that I'm having trouble downloading is: ftp://mynovell.no-ip.org/pub/suse/SuSE9.1/DVD/SuSE-9.1-DVD-i386-RC2-DVD1.iso or ftp://mynovell.no-ip.org/ftp/pub/suse/SuSE9.1/DVD/SuSE-9.1-DVD-i386-RC2-DVD1.iso It's definitely bigger than 2^31, but I don't know if it's bigger than 2^32. Nonetheless, I'm having trouble downloading it. Get the username and password from Mark Richards' earlier email: http://www.colug.net/pipermail/colug/2004-April/011840.html (Now there are going to be a few COLUG folks testing the feces out of Mark's server.) From archanoid at columbus.rr.com Sat May 1 20:50:19 2004 From: archanoid at columbus.rr.com (Aaron Howard) Date: Sat Jan 8 01:35:17 2005 Subject: FTP clients for huge files [COLUG] In-Reply-To: <20040501200712.79124ff6.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> Message-ID: On Sat, 01 May 2004 20:07:12 -0400, Jim P wrote: > > Just chime in with clients that you have already successfully used with > huge files. I'm not looking for a laundry list of untested clients to > test. I've already wasted much time and a huge amount of bandwidth doing > that. > cURL - http://curl.haxx.se/ >From its list of features: "supports transfers of large files (>2GB and >4GB)" I haven't tested it with large files like this, but I've been using curl for a long time and I love it. -Aaron From linux at litenverden.org Sat May 1 21:00:33 2004 From: linux at litenverden.org (George H. Yeager) Date: Sat Jan 8 01:35:17 2005 Subject: [COLUG] Mandrake 10.0 Disaster Recovery In-Reply-To: <40943B6B.2000205@litenverden.org> References: <5789A42DD684734298BF9EC852D35111033AB018@scad1exis02.alldata.net> <4092DDEE.6000705@litenverden.org> <40943B6B.2000205@litenverden.org> Message-ID: <40944831.206@litenverden.org> George H. Yeager wrote: > I'm still trying to recover from my Mandrake 10.0 upgrade. Not only did > I lose wireless, I also lost my network printing. Printing is more > important than wireless right now. > > I have Gimpprint installed (I was using that before). I have CUPS > installed. > > My print server (Hawking) is at 192.168.0.126 and the printer is an > HP4P. The server queue name is lp1. > > The 10.0 utilities will not let me install a network printer. Can > anyone help me get printing back? I got it. I found a web tool with which to administrate CUPS. It worked, no sweat. Don't need the broken Mandrake 10.0 utility. George From blata at extent0006.entomology.ohio-state.edu Sat May 1 20:54:44 2004 From: blata at extent0006.entomology.ohio-state.edu (Wade Pinkston) Date: Sat Jan 8 01:35:17 2005 Subject: FTP clients for huge files [COLUG] In-Reply-To: <20040501193917.43ad184a.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> Message-ID: <409446D4.8000400@bugs.osu.edu> I had sftp run for three days transervering a 4.5gig file just last week. You wrote this to me on 05/01/2004 07:39 PM: >Which FTP clients handle huge files with aplomb? > >I'm trying and failing to download a huge (>4GB) file. >Many have trouble around either 2GB or 4GB. > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug > > -- Wade Pinkston The Ohio State University Extension Entomology 1991 Kenny Rd Columbus OH 43210 phone: (614) 292-5274 Ipsa scientia potestas est Windows,a 32 bit graphical interface for a 16 bit patch to an 8 bit operating system internally coded for a 4 bit processor written by a 2 bit company that can't stand 1 bit of competition GnuPG Key ID 0x216FDD35 gpg --keyserver pgp.mit.edu --recv-keys 216FDD35 From jep200404 at columbus.rr.com Sat May 1 21:36:18 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:17 2005 Subject: FTP clients for huge files [COLUG] In-Reply-To: <409446D4.8000400@bugs.osu.edu> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <409446D4.8000400@bugs.osu.edu> Message-ID: <20040501213618.0d35bb5f.jep200404@columbus.rr.com> Wade Pinkston wrote: > I had sftp run for three days transervering a 4.5gig file just last week. That's a good size; but the protocol is not. Ssh is not an option. jep@linux:~> sftp colug@mynovell.no-ip.org Connecting to mynovell.no-ip.org... ssh: connect to host mynovell.no-ip.org port 22: Connection refused Couldn't read packet: Connection reset by peer jep@linux:~> sftp mynovell.no-ip.org Connecting to mynovell.no-ip.org... ssh: connect to host mynovell.no-ip.org port 22: Connection refused Couldn't read packet: Connection reset by peer jep@linux:~> From pat at linuxcolumbus.com Sat May 1 22:00:41 2004 From: pat at linuxcolumbus.com (pat@linuxcolumbus.com) Date: Sat Jan 8 01:35:17 2005 Subject: [COLUG] Mandrake 10.0 Disaster Recovery In-Reply-To: <40943B6B.2000205@litenverden.org> References: <5789A42DD684734298BF9EC852D35111033AB018@scad1exis02.alldata.net> <4092DDEE.6000705@litenverden.org> <40943B6B.2000205@litenverden.org> Message-ID: <20040502020041.GW13736@linuxcolumbus.com> On Sat, May 01, 2004 at 08:06:03PM -0400, George H. Yeager wrote: > I'm still trying to recover from my Mandrake 10.0 upgrade. Not only did > I lose wireless, I also lost my network printing. Printing is more > important than wireless right now. > > I have Gimpprint installed (I was using that before). I have CUPS > installed. > > My print server (Hawking) is at 192.168.0.126 and the printer is an > HP4P. The server queue name is lp1. > > The 10.0 utilities will not let me install a network printer. Can > anyone help me get printing back? > If you have cups running what does going to http://localhost:631 give you? Pat From rfunk at funknet.net Sun May 2 01:13:34 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:17 2005 Subject: FTP clients for huge files[COLUG] In-Reply-To: <20040501193917.43ad184a.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> Message-ID: <200405020113.34726.rfunk@funknet.net> Jim P wrote: > I'm trying and failing to download a huge (>4GB) file. > Many have trouble around either 2GB or 4GB. Is it possible that the problem is your filesystem not handling files any larger than 4GB? Just a thought.... -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From gate at ilive4code.net Sun May 2 04:33:40 2004 From: gate at ilive4code.net (Greg Sidelinger) Date: Sat Jan 8 01:35:18 2005 Subject: FTP clients for huge files[COLUG] In-Reply-To: <200405020113.34726.rfunk@funknet.net> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <200405020113.34726.rfunk@funknet.net> Message-ID: <1083486819.19761.12.camel@sanitarium> Or maybe you are running out of space on the device. I had a download fail on me today because I only have 1G of space in /tmp and I was downloading two large (600M+) files with mozilla which saves there and then moves the files later. On Sun, 2004-05-02 at 01:13, Rob Funk wrote: > Jim P wrote: > > I'm trying and failing to download a huge (>4GB) file. > > Many have trouble around either 2GB or 4GB. > > Is it possible that the problem is your filesystem not handling files any > larger than 4GB? > > > Just a thought.... -- Greg Sidelinger gate'at'ilive4code.net ----------------------------------------------------------- there's no point for democracy when ignorance is celebrated From jep200404 at columbus.rr.com Sun May 2 08:10:27 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:18 2005 Subject: FTP clients for huge files [COLUG] In-Reply-To: <200405020113.34726.rfunk@funknet.net> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <200405020113.34726.rfunk@funknet.net> Message-ID: <20040502081027.4ab2b1c0.jep200404@columbus.rr.com> Rob Funk wrote: > Is it possible that the problem is your filesystem > not handling files any larger than 4GB? I have been successfully handling local files bigger than 4GB with no problem. From jep200404 at columbus.rr.com Sun May 2 08:13:30 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:18 2005 Subject: FTP clients for huge files [COLUG] In-Reply-To: <1083486819.19761.12.camel@sanitarium> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <200405020113.34726.rfunk@funknet.net> <1083486819.19761.12.camel@sanitarium> Message-ID: <20040502081330.5dd2c5d0.jep200404@columbus.rr.com> Greg Sidelinger wrote: > Or maybe you are running out of space on the device. There is plenty of room. From jep200404 at columbus.rr.com Sun May 2 09:39:42 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:18 2005 Subject: more background on downloading huge files [COLUG] In-Reply-To: <20040501200712.79124ff6.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> Message-ID: <20040502093942.68ab1919.jep200404@columbus.rr.com> I'm familiar with handling huge files locally. It has not been uncommon for me to handle 20 gigabyte files locally. Since I got a DVD burner, what is new is _downloading_ huge files. I've found that many, if not most, of the programs used for downloading and burning big images have bugs related to the size of huge files. Many programs are using a signed 32-bit integer for the length. Hence, the length of a file between 2 and 4 gigabytes is often shown as having negative length (two's complement arithmetic). The problem affects both clients and servers. Both http and ftp servers and clients are afflicted. Looking closer at the particular file that I've been trying to download, ftp://mynovell.no-ip.org/pub/suse/SuSE9.1/DVD/SuSE-9.1-DVD-i386-RC2-DVD1.iso in addition to client problems, there is a bug in the server that reports the length of the file as negative, so I'll have to wait for that server to be fixed before I further fuss with clients. Some programs are using an unsigned 32-bit integer for the length and show the length as modulo 2^32 of the actual length. Sometimes, one part of a program will work while another suffers a bug. An example is k3b, the CD/DVD burning program. It correctly burns and calculates the md5sum of huge .iso files, but for calculating the md5sum, incorrectly show the length of the file as modulo 2^32. Some clients can correctly retrieve a long file that they can not correctly show the length of in one big gulp, but can not continue a partial download either not at all, or not past 2^31. Sometimes, the bugs in a server and client will complement each other and the transfer will succeed in spite of the bug. From rfunk at funknet.net Sun May 2 14:08:36 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:18 2005 Subject: more background on downloading huge files[COLUG] In-Reply-To: <20040502093942.68ab1919.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> Message-ID: <200405021408.36169.rfunk@funknet.net> Jim P wrote: > Many programs are using a signed 32-bit integer for the length. Trouble is that the usual standard functions require that. For example: int fseek(FILE *stream, long offset, int whence); However, fseeko(3) is different: int fseeko(FILE *stream, off_t offset, int whence); The man page for fseek(3) includes this: # CONFORMING TO # The fgetpos, fsetpos, fseek, ftell, and rewind functions # conform to ANSI X3.159-1989 (``ANSI C''). fseeko(3)'s man page has this to say: # DESCRIPTION # The fseeko() and ftello() functions are identical to fseek() and # ftell() (see fseek(3)), respectively, except that the offset # argument of fseeko() and the return value of ftello() is of type # off_t instead of long. # # On many architectures both off_t and long are 32-bit types, but # compilation with # #define _FILE_OFFSET_BITS 64 # will turn off_t into a 64-bit type. # # NOTES # These functions are found on SysV-like systems. They are not # present in libc4, libc5, glibc 2.0 but available since glibc 2.1. # # CONFORMING TO # The fseeko and ftello functions conform to SUSv2. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From bruceobe at fastmail.fm Sun May 2 14:16:06 2004 From: bruceobe at fastmail.fm (Bruce Obenour) Date: Sat Jan 8 01:35:18 2005 Subject: [COLUG] error on subscribe page Message-ID: <40953AE6.90308@fastmail.fm> Guys, Can someone check out the e-mail subscription page ? I have been trying to change my address or unsubscribe and I keep getting debug errors. Thanks Bruce From sjs at khadrin.com Sun May 2 14:39:59 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:18 2005 Subject: more background on downloading huge files[COLUG] In-Reply-To: <200405021408.36169.rfunk@funknet.net> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <200405021408.36169.rfunk@funknet.net> Message-ID: <1083523198.15845.14.camel@cobra.khadrin.com> On Sun, 2004-05-02 at 14:08, Rob Funk wrote: > Jim P wrote: > > Many programs are using a signed 32-bit integer for the length. > > Trouble is that the usual standard functions require that. Maybe so. > For example: > int fseek(FILE *stream, long offset, int whence); The interface to fseek() doesn't imply a limitation on file size, since seeking multiple times (from SEEK_CUR) isn't prohibited. A particular implementation of fseek() might have a limitation on file size. I have called fseek() in a loop on a recent version of OpenVMS to locate records in some very large files. I haven't tried it on Linux. -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From rfunk at funknet.net Sun May 2 20:47:15 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:18 2005 Subject: more background on downloading huge files[COLUG] In-Reply-To: <1083523198.15845.14.camel@cobra.khadrin.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <200405021408.36169.rfunk@funknet.net> <1083523198.15845.14.camel@cobra.khadrin.com> Message-ID: <200405022047.15691.rfunk@funknet.net> Stephen J. Smith wrote: > The interface to fseek() doesn't imply a limitation on file size, since > seeking multiple times (from SEEK_CUR) isn't prohibited. fseek was just an example. Maybe ftell would be a better example, since it returns the current position in the file. long ftell(FILE *stream); -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From linux at litenverden.org Sun May 2 21:04:34 2004 From: linux at litenverden.org (George H. Yeager) Date: Sat Jan 8 01:35:18 2005 Subject: [COLUG] Wireless Problem In-Reply-To: <4092DDEE.6000705@litenverden.org> References: <5789A42DD684734298BF9EC852D35111033AB018@scad1exis02.alldata.net> <4092DDEE.6000705@litenverden.org> Message-ID: <40959AA2.4030203@litenverden.org> George H. Yeager wrote: > I've been running Mandrake 9.2 for a while now. Wireless has worked > fine. I upgraded (not a clean install) this evening. Now wireless is > dead and the new config utility is not functional. What file do I have > to edit manually to get this this working again? > > George > _______________________________________________ > colug mailing list > colug@colug.net > http://www.colug.net/mailman/listinfo/colug > > > Here's the latest. Everthing is working fine. The GUI config tool does not work for me (perhaps it's me, I don't know). In any case, if I plug the working 10baseT NIC AND the non-working wireless card in at the same time, reboot, and configure the wireless card in the boot process, it works fine from then on. I can reboot with either card and have connectivity. Version 10.0 may be a bit rough on the edges, but it seems to have a solid core. Everything is working, printing and all. Printing, by the way, had a similar issue. I had to use a browser config utility rather than the Mandrake tool to get printing going. George From lshurr at columbus.rr.com Sun May 2 22:27:33 2004 From: lshurr at columbus.rr.com (Larry A. Shurr) Date: Sat Jan 8 01:35:18 2005 Subject: [COLUG] The faster machine is the slower? Message-ID: <4095AE15.2060205@columbus.rr.com> I just finished switching my Tiger Electronics special, a machine with a VIA K7VEM motherboard and a VIA ( 650 MHz CPU from the "W" system to SuSE Linux 9.0 loaded using SuSE's network install. Interestingly, I'm not sure that it's running SuSE 9.0 substantially faster than my other SuSE 9.0 machine, an HP Vectra VL with a PII 266. Of course, I'm familiar with the old saw about the three kinds of lies: "Lies, damned lies and statistics," to which we may add a fourth kind: benchmarks. However, if "hdparm -tT" means anything, I see some surprising results. ----------------------------------------------------------- From dmesg on deimos: Initializing CPU#0 Detected 267.278 MHz processor. Console: colour dummy device 80x25 Calibrating delay loop... 526.33 BogoMIPS Memory: 254640k/262144k available (1580k kernel code, 7116k reserved, 605k data, 160k init, 0k highmem) Dentry cache hash table entries: 32768 (order: 6, 262144 bytes) Inode cache hash table entries: 16384 (order: 5, 131072 bytes) Mount cache hash table entries: 512 (order: 0, 4096 bytes) Buffer-cache hash table entries: 16384 (order: 4, 65536 bytes) Page-cache hash table entries: 65536 (order: 6, 262144 bytes) CPU: L1 I cache: 16K, L1 D cache: 16K CPU: L2 cache: 512K Intel machine check architecture supported. Intel machine check reporting enabled on CPU#0. CPU: After generic, caps: 0080f9ff 00000000 00000000 00000000 CPU: Common caps: 0080f9ff 00000000 00000000 00000000 CPU: Intel Pentium II (Klamath) stepping 04 Checking 'hlt' instruction... OK. From hdparm on Deimos: deimos:~ # hdparm -v /dev/hda /dev/hda: multcount = 16 (on) IO_support = 0 (default 16-bit) unmaskirq = 0 (off) using_dma = 1 (on) keepsettings = 0 (off) readonly = 0 (off) readahead = 8 (on) geometry = 2434/255/63, sectors = 39102336, start = 0 deimos:~ # hdparm -Tt /dev/hda /dev/hda: Timing buffer-cache reads: 332 MB in 2.00 seconds = 165.92 MB/sec Timing buffered disk reads: 78 MB in 3.05 seconds = 25.57 MB/sec deimos:~ # hdparm -Tt /dev/hda /dev/hda: Timing buffer-cache reads: 332 MB in 2.00 seconds = 165.92 MB/sec Timing buffered disk reads: 78 MB in 3.05 seconds = 25.59 MB/sec deimos:~ # hdparm -Tt /dev/hda /dev/hda: Timing buffer-cache reads: 336 MB in 2.02 seconds = 166.50 MB/sec Timing buffered disk reads: 78 MB in 3.05 seconds = 25.60 MB/sec ----------------------------------------------------------- From dmesg on triton: Initializing CPU#0 Detected 651.601 MHz processor. Console: colour dummy device 80x25 Calibrating delay loop... 1273.85 BogoMIPS Memory: 247052k/253888k available (1580k kernel code, 6448k reserved, 605k data, 160k init, 0k highmem) Checking if this processor honours the WP bit even in supervisor mode... Ok. Dentry cache hash table entries: 32768 (order: 6, 262144 bytes) Inode cache hash table entries: 16384 (order: 5, 131072 bytes) Mount cache hash table entries: 512 (order: 0, 4096 bytes) Buffer-cache hash table entries: 16384 (order: 4, 65536 bytes) Page-cache hash table entries: 65536 (order: 6, 262144 bytes) CPU: L1 I Cache: 64K (32 bytes/line), D cache 64K (32 bytes/line) CPU: After generic, caps: 008031b5 808030b5 00000000 00000000 CPU: Common caps: 008031b5 808030b5 00000000 00000000 CPU: Centaur VIA Samuel stepping 03 Checking 'hlt' instruction... OK. From hdparm on triton: triton:~ # hdparm -v /dev/hda /dev/hda: multcount = 16 (on) IO_support = 1 (32-bit) unmaskirq = 1 (on) using_dma = 1 (on) keepsettings = 0 (off) readonly = 0 (off) readahead = 8 (on) geometry = 19841/16/63, sectors = 19999728, start = 0 triton:~ # hdparm -Tt /dev/hda /dev/hda: Timing buffer-cache reads: 124 MB in 2.01 seconds = 61.66 MB/sec Timing buffered disk reads: 62 MB in 3.08 seconds = 20.16 MB/sec triton:~ # hdparm -Tt /dev/hda /dev/hda: Timing buffer-cache reads: 124 MB in 2.01 seconds = 61.78 MB/sec Timing buffered disk reads: 62 MB in 3.08 seconds = 20.13 MB/sec triton:~ # hdparm -Tt /dev/hda /dev/hda: Timing buffer-cache reads: 124 MB in 2.03 seconds = 61.08 MB/sec Timing buffered disk reads: 62 MB in 3.08 seconds = 20.14 MB/sec ----------------------------------------------------------- These results appear to show that the machine with the putatively faster CPU yields slower results. Now maybe I am (once again) making a mountain out of a molehill. Perhaps these numbers simply cannot be compared meaningfully. Perhaps there are some other damned lies... excuse me... benchmarks which which might be more meaningful. Any observations or suggestions? Larry From skippy at skippy.net Sun May 2 22:48:03 2004 From: skippy at skippy.net (Scott Merrill) Date: Sat Jan 8 01:35:18 2005 Subject: [COLUG] The faster machine is the slower? In-Reply-To: <4095AE15.2060205@columbus.rr.com> References: <4095AE15.2060205@columbus.rr.com> Message-ID: <4095B2E3.7020803@skippy.net> Larry A. Shurr wrote: > From hdparm on Deimos: hdparm measures disk and bus performance, which has little to do with CPU speed. > deimos:~ # hdparm -v /dev/hda > > /dev/hda: > multcount = 16 (on) > IO_support = 0 (default 16-bit) > unmaskirq = 0 (off) > using_dma = 1 (on) > keepsettings = 0 (off) > readonly = 0 (off) > readahead = 8 (on) > geometry = 2434/255/63, sectors = 39102336, start = 0 <... snip ...> > From hdparm on triton: > > triton:~ # hdparm -v /dev/hda > > /dev/hda: > multcount = 16 (on) > IO_support = 1 (32-bit) > unmaskirq = 1 (on) > using_dma = 1 (on) > keepsettings = 0 (off) > readonly = 0 (off) > readahead = 8 (on) > geometry = 19841/16/63, sectors = 19999728, start = 0 Try tweaking hdparm's settings. man hdparm, and see my previous post on the subject: http://www.colug.net/pipermail/colug/2004-February/010907.html skippy@debian:~$ sudo /sbin/hdparm -v /dev/hda /dev/hda: multcount = 16 (on) IO_support = 3 (32-bit w/sync) unmaskirq = 1 (on) using_dma = 1 (on) keepsettings = 0 (off) readonly = 0 (off) readahead = 256 (on) geometry = 65535/16/63, sectors = 234441648, start = 0 You'll need to know what your drive and IDE bus support in order to make the most effective changes. From rfunk at funknet.net Sun May 2 22:51:02 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:18 2005 Subject: [COLUG] The faster machine is the slower? In-Reply-To: <4095AE15.2060205@columbus.rr.com> References: <4095AE15.2060205@columbus.rr.com> Message-ID: <200405022251.02595.rfunk@funknet.net> Larry A. Shurr wrote: > deimos:~ # hdparm -v /dev/hda > > /dev/hda: > multcount = 16 (on) > IO_support = 0 (default 16-bit) > unmaskirq = 0 (off) > using_dma = 1 (on) > keepsettings = 0 (off) > readonly = 0 (off) > readahead = 8 (on) > geometry = 2434/255/63, sectors = 39102336, start = 0 > > deimos:~ # hdparm -Tt /dev/hda > > /dev/hda: > Timing buffer-cache reads: 332 MB in 2.00 seconds = 165.92 MB/sec > Timing buffered disk reads: 78 MB in 3.05 seconds = 25.57 MB/sec OK, so basically this machine's controller is going at 166 MB/s, and its disk is going at 25.6 MB/s. There might be room to improve the 166 by turning on 32-bit transfers, but that doesn't always help. DMA is on, which helps a lot. Multcount is also on, also a help. If my math is right, that's a 20GB disk; you didn't show us the dmesg information about the disk, but I'm guessing it's a few years old. > ----------------------------------------------------------- > From hdparm on triton: > > triton:~ # hdparm -v /dev/hda > > /dev/hda: > multcount = 16 (on) > IO_support = 1 (32-bit) > unmaskirq = 1 (on) > using_dma = 1 (on) > keepsettings = 0 (off) > readonly = 0 (off) > readahead = 8 (on) > geometry = 19841/16/63, sectors = 19999728, start = 0 > > triton:~ # hdparm -Tt /dev/hda > > /dev/hda: > Timing buffer-cache reads: 124 MB in 2.01 seconds = 61.66 MB/sec > Timing buffered disk reads: 62 MB in 3.08 seconds = 20.16 MB/sec Here we get about 61-62 MB/s controller interface speed, and about 20MB/s physical disk transfer speed. The only difference in the flags is unmaskirq being on here; according to the hdparm man page, this should give Linux better responsiveness, but can also be dangerous with some controllers. I'm guessing that turning it off (hdparm -u 0 /dev/hda) could possibly improve throughput a bit. That looks like a 10GB disk, which is probably even older than the 20GB disk. Older disks are likely to be slower than newer ones just because the newer ones have better technology. > These results appear to show that the machine with the putatively faster > CPU yields slower results. hdparm tests disk and disk controller speed, not CPU speed. If you want a faster result from hdparm, you can get a faster disk, a faster disk controller, or possibly tune the disk parameters with hdparm. > Now maybe I am (once again) making a > mountain out of a molehill. Perhaps these numbers simply cannot be > compared meaningfully. Perhaps there are some other damned lies... > excuse me... benchmarks which which might be more meaningful. Any > observations or suggestions? Benchmarks measure different things. If you want to benchmark the CPU, you need to use a CPU benchmark, not a disk benchmark. So the question is, what do you want to measure? -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From dollzerr at iwaynet.net Sun May 2 23:58:00 2004 From: dollzerr at iwaynet.net (Jess Balint) Date: Sat Jan 8 01:35:18 2005 Subject: FTP clients for huge files [COLUG] In-Reply-To: <20040501193917.43ad184a.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> Message-ID: <4095C348.7090507@iwaynet.net> Jim P wrote: >Which FTP clients handle huge files with aplomb? > >I'm trying and failing to download a huge (>4GB) file. >Many have trouble around either 2GB or 4GB. > > > I Believe ncftp should do it. I used to transfer very large files like that at work. It might also have to do with the ftp server if you are having issues. ~ From lshurr at columbus.rr.com Mon May 3 00:18:51 2004 From: lshurr at columbus.rr.com (Larry A. Shurr) Date: Sat Jan 8 01:35:18 2005 Subject: [COLUG] The faster machine is the slower? In-Reply-To: <200405022251.02595.rfunk@funknet.net> References: <4095AE15.2060205@columbus.rr.com> <200405022251.02595.rfunk@funknet.net> Message-ID: <4095C82B.70902@columbus.rr.com> Rob Funk wrote: > Larry A. Shurr wrote: > Benchmarks measure different things. If you want to benchmark the CPU, you > need to use a CPU benchmark, not a disk benchmark. So the question is, > what do you want to measure? Upon mature reflection, perhaps I should reply that what I was really asking was "What am I testing?" I did not originally intend to benchmark anything, so perhaps it was a mistake to start... or maybe it just wasn't time well spent, but what I was trying to do was apply what I had read about hdparm to tweak disk I/O performance. Instead, I found myself surprised by what I seem to be seeing when I tried hdparm out. Now the term "buffer cache" implies to me that this is a test of Linux' performance in transfering data to or from the buffer cache. This idea is reinforced by the hdparm man page, which describes the -T option thusly: Perform timings of cache reads for benchmark and comparison purposes. For meaningful results, this operation should be repeated 2-3 times on an otherwise inactive system (no other active pro- cesses) with at least a couple of megabytes of free memory. This displays the speed of reading directly from the Linux buffer cache without disk access. This measurement is essentially an indica- tion of the throughput of the processor, cache, and memory of the system under test. If the -t flag is also specified, then a correction factor based on the outcome of -T will be incorporated into the result reported for the -t operation. It appears from this description that my intepretation is correct, the buffer cache test is, in a sense, a test of CPU performance because it's measuring transfers from the Linux buffer cache without disk access and thus it is not a test of controller or bus performance. Apparently, the purpose of the buffer cache test is to allow hdparm to factor out buffer cache overhead when measuring disk read performance for the "-t" option. Now I see that the molehill is beginning to cast a noticeable shadow and I'm starting to wonder if any of this was worth it. Meanwhile, I have not, so far, made any changes which improve disk performance in any meaningful. Larry From rfunk at funknet.net Mon May 3 01:47:59 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:18 2005 Subject: [COLUG] The faster machine is the slower? In-Reply-To: <4095C82B.70902@columbus.rr.com> References: <4095AE15.2060205@columbus.rr.com> <200405022251.02595.rfunk@funknet.net> <4095C82B.70902@columbus.rr.com> Message-ID: <200405030147.59358.rfunk@funknet.net> Larry A. Shurr wrote: > Now the term "buffer cache" implies to me that this is a test of Linux' > performance in transfering data to or from the buffer cache. Sorry, you're right.... > access. This measurement is essentially an indica- > tion of the throughput of the processor, cache, and > memory of the system under test. > > It appears from this description that my intepretation is correct, the > buffer cache test is, in a sense, a test of CPU performance because it's > measuring transfers from the Linux buffer cache without disk access and > thus it is not a test of controller or bus performance. Yes, CPU is part of it (and I was wrong to say it was the controller/bus that was being measured), but it's not directly a test of CPU speed. You also have CPU cache and memory bandwidth to deal with. What type of memory does each machine have? That could make a big difference. Looking back at your dmesg listing, I notice this for the Pentium II: CPU: L1 I cache: 16K, L1 D cache: 16K CPU: L2 cache: 512K and this for the VIA: CPU: L1 I Cache: 64K (32 bytes/line), D cache 64K (32 bytes/line) In other words, the VIA processor has more level 1 cache, but that's dwarfed by the Intel's level 2 cache. I don't know if the P-II can use its L2 cache as fast as the VIA can use its L1 cache, but the Intel's level 2 cache will be a lot faster than the system memory on either machine. ("I cache" is instruction cache, while "D cache" is data cache. It took me a while to realize that. Level 2 cache, like system memory, doesn't distinguish between instructions and data when it stores things.) > Now I see that the molehill is beginning to cast a noticeable shadow and > I'm starting to wonder if any of this was worth it. Meanwhile, I have > not, so far, made any changes which improve disk performance in any > meaningful. This page might help with hdparm: http://www.thedumbterminal.co.uk/information/hdparm.shtml As for overall system performance, again I don't know what type of memory you have, but that's a factor. The system ("front-side") bus speed is a factor, though these processors may have parity there. Also keep in mind that the VIA processors are designed for low power dissipation, while Intel processors are designed for high performance. It's a tradeoff. Even when you look only at the processor (and even if you ignore the on-CPU cache), there's a lot more that affects the performance than just the core clock speed. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From rfunk at funknet.net Mon May 3 02:24:18 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:18 2005 Subject: [COLUG] The faster machine is the slower? In-Reply-To: <200405030147.59358.rfunk@funknet.net> References: <4095AE15.2060205@columbus.rr.com> <4095C82B.70902@columbus.rr.com> <200405030147.59358.rfunk@funknet.net> Message-ID: <200405030224.18989.rfunk@funknet.net> I just found an online review/test of the 800MHz VIA C3. Some of the comments seem relevant here. http://techreport.com/reviews/2002q1/via-c3/ In particular, note that unlike everyone else, VIA tries to get its performance from megahertz rather than various tricks trying to increase the number of instructions per clock cycle (as Intel has done at least since the Pentium). This could be a factor in a 650MHz VIA not being much faster than a 266MHz Pentium II. Also note that in their test the 800 MHz VIA processor has a memory bandwidth in the low hundreds. When scaled for processor speed, this approaches what hdparm -T says. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From dshermin at ameritech.net Mon May 3 09:09:39 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:18 2005 Subject: [COLUG] Re: Fedora DVD In-Reply-To: <200405021408.36169.rfunk@funknet.net> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <200405021408.36169.rfunk@funknet.net> Message-ID: On Saturday and Sunday, I downloaded the Fedora test3 DVD from 2 different sites. After download, I checked the md5sum file and got bad downloads each time. When I try to burn the DVD ISO with Nero 6, I get this: The entered block size does not correspond to the image length. The block size may be wrong. Do you want to correct the value or ignore the problem? So far I have resisted to fix the problem and have trashed the DVD ISO. I went here to get the link; http://www.redhat.com/archives/fedora-devel-list/2004-April/msg01006.html and then ftp://linux.nssl.noaa.gov/fedora/core/test/1.92/i386/iso/ and then http://mirror.clarkson.edu/pub/distributions/fedora/test/1.92/i386/iso Has anyone gotten a good download of the DVD ISO? From jep200404 at columbus.rr.com Mon May 3 09:55:49 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:19 2005 Subject: more background on downloading huge files: also Fedora DVD burning with Nero (Windows) [COLUG] In-Reply-To: <20040502093942.68ab1919.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> Message-ID: <20040503095549.257d8f7f.jep200404@columbus.rr.com> Mr. Sherman is probably suffering from filelength modulo 2^32 bugs like I wrote about earlier. He wrote: > I downloaded the Fedora test3 DVD from 2 different sites. > When I try to burn the DVD ISO with Nero 6, I get this: > The entered block size does not correspond to the image length. Filelength modulo 2^32 issues again perhaps? There's a good chance that the problems you're experiencing are bugs related to handling huge files, very similar to the ones that many Linux programs suffer from. What size does the server say the file is? Is the downloaded size the same? Before trying to burn the .iso file, check its md5sum. Was the md5sum correct? There are many places the modulo 2^32 problems can mess up huge files: 1. Uploading the huge file to the server. Maybe client or server can not handle huge files. 2. Server filesystem's filesize limit. 3. Server's http/ftp program can have bugs. 4. Your download client might have filesize limit bug. 5. Your computer's filesystem's filesize limit. 6. Nero's filesystem limit. > Has anyone gotten a good download of the DVD ISO? I haven't tried to download the DVD .iso for Fedora Core 2 Test 3 (FC2T3), but I successfully downloaded and burned the earlier Test 2 DVD .iso. It was a little (10MB) bigger than 4GB. Many servers showed the file as being only 10MB long. Some would only serve the 10MB, some would serve the whole image. I don't remember which mirror I downloaded it from. Maybe it was http://www.gtlib.cc.gatech.edu/pub/fedora.redhat/linux/core/test/1.91/i386/iso/ Curiously, the DVD .iso file does not appear on their ftp server: ftp://www.gtlib.cc.gatech.edu/pub/fedora.redhat/linux/core/test/1.91/i386/iso/ As part of exploring the issue of downloading huge files, I looked at a number of the mirrors. Most of them now say that the file is 4.0GB. This is an improvement in those servers. Previously many of the servers did not show the correct length. Workarounds If the problem is only in Nero (which is not running under Linux), then consider using k3b to burn the image with by running Knoppix. You'd have to have two CD&|DVD drives in the box, one to boot and run Knoppix from, another to burn FC2T3 with. From jep200404 at columbus.rr.com Mon May 3 10:19:09 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:19 2005 Subject: more background on downloading huge files: also Fedora DVD [COLUG] In-Reply-To: <20040503095549.257d8f7f.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> Message-ID: <20040503101909.153c0d0b.jep200404@columbus.rr.com> David Sherman wrote: > Fedora test3 DVD > ftp://linux.nssl.noaa.gov/fedora/core/test/1.92/i386/iso/ That site shows the DVD.iso to be only 2.0 GB on Konqueror browser. How big does your browser show it to be? When you downloaded it, how big was it? It should be 4379752448 bytes long, as ncftp shows: -rw-r--r-- 2 redhat redhat 4379752448 Apr 21 15:38 FC2-test3-i386-DVD.iso From dshermin at ameritech.net Mon May 3 10:35:37 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:19 2005 Subject: more background on downloading huge files: also Fedora DVD [COLUG] In-Reply-To: <20040503101909.153c0d0b.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> Message-ID: <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> IE shows 3.99 GB. Downloaded file in IE shows 3.89 Gb. On Mon, 3 May 2004 10:19:09 -0400, you wrote: >David Sherman wrote: > >> Fedora test3 DVD > >> ftp://linux.nssl.noaa.gov/fedora/core/test/1.92/i386/iso/ > >That site shows the DVD.iso to be only 2.0 GB on Konqueror browser. >How big does your browser show it to be? >When you downloaded it, how big was it? > >It should be 4379752448 bytes long, as ncftp shows: > >-rw-r--r-- 2 redhat redhat 4379752448 Apr 21 15:38 FC2-test3-i386-DVD.iso > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug From jep200404 at columbus.rr.com Mon May 3 10:56:43 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:19 2005 Subject: problems downloading huge files: also Fedora DVD [COLUG] In-Reply-To: <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> Message-ID: <20040503105643.1bbe8af7.jep200404@columbus.rr.com> David Sherman wrote: > IE shows 3.99 GB. Downloaded file in IE shows 3.89 Gb. That does not sound good. 4379752448 bytes is 4.078 gigabytes where a gigabyte == 1024*1024*1024 bytes == 1073741824 bytes Did you check the md5sum? http://firewall.colug.net/dos/unix/md5sum.exe ******************************************************************* Another option to get a better environment to download from is Colinux from http://colinux.org/ From dshermin at ameritech.net Mon May 3 11:07:09 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:19 2005 Subject: problems downloading huge files: also Fedora DVD[COLUG] In-Reply-To: <20040503105643.1bbe8af7.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> Message-ID: I did you a windows version of md5sum. I am downloading the Fedora again from a different site as the DVD iso is now missing from some of the sites I looked at over the weekend. Thanks for the info. I will let you know later what happens. On Mon, 3 May 2004 10:56:43 -0400, you wrote: >David Sherman wrote: > >> IE shows 3.99 GB. Downloaded file in IE shows 3.89 Gb. > >That does not sound good. > >4379752448 bytes is 4.078 gigabytes where >a gigabyte == 1024*1024*1024 bytes == 1073741824 bytes > >Did you check the md5sum? > >http://firewall.colug.net/dos/unix/md5sum.exe > >******************************************************************* > >Another option to get a better environment to download from >is Colinux from http://colinux.org/ > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug From dshermin at ameritech.net Mon May 3 13:10:52 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:19 2005 Subject: problems downloading huge files: also Fedora DVD[COLUG] In-Reply-To: <20040503105643.1bbe8af7.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> Message-ID: The DVD download failed again. I have started to download the 4 iso images. On Mon, 3 May 2004 10:56:43 -0400, you wrote: >David Sherman wrote: > >> IE shows 3.99 GB. Downloaded file in IE shows 3.89 Gb. > >That does not sound good. > >4379752448 bytes is 4.078 gigabytes where >a gigabyte == 1024*1024*1024 bytes == 1073741824 bytes > >Did you check the md5sum? > >http://firewall.colug.net/dos/unix/md5sum.exe > >******************************************************************* > >Another option to get a better environment to download from >is Colinux from http://colinux.org/ > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug From jep200404 at columbus.rr.com Mon May 3 13:22:06 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:19 2005 Subject: problems downloading huge files: also Fedora DVD [COLUG] In-Reply-To: References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> Message-ID: <20040503132206.023be752.jep200404@columbus.rr.com> Using IE again? David Sherman wrote: > The DVD download failed again. Try other FTP clients such as: Mozilla http://theopencd.sunsite.dk/programs-v1.4/Internet.html#moz Filezilla http://theopencd.sunsite.dk/programs-v1.4/Internet.html#fz From sjs at khadrin.com Mon May 3 14:10:02 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:19 2005 Subject: problems downloading huge files: also Fedora DVD[COLUG] In-Reply-To: References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> Message-ID: <1083607802.18683.18.camel@cobra.khadrin.com> On Mon, 2004-05-03 at 13:10, David Sherman wrote: > The DVD download failed again. > > I have started to download the 4 iso images. It sounds like downloading a DVD ISO is problematic? It isn't clear to me from the comments if the problem is in server software, client software or a combination of both. I don't have a DVD burner, and have never tried to download a DVD ISO. I gather from Jim's experience though that handling large files locally is not a problem. Therefore I propose a possible workaround: ask the iso developers to break up the iso's into <2G chunks. This would make it easier to distribute load accross multiple mirrors as well (translation: it's good for distributors too). The chances of convincing redhat to do this before FC2 final seem reasonable if it is really a common problem. I could propose this solution on the fedora list myself, but I think it would be better for someone actually experiencing difficulties to do so. Not long ago there was discussion of using jigdo (the Debian way) at some point in the future, which is an altogether better solution than ISOs anyway. But for now... This problem has come up recently on fedora-devel. See this thread: http://www.redhat.com/archives/fedora-devel-list/2004-April/msg01089.html -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From dshermin at ameritech.net Mon May 3 14:55:52 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:19 2005 Subject: problems downloading huge files: also Fedora DVD[COLUG] In-Reply-To: <1083607802.18683.18.camel@cobra.khadrin.com> References: <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> <1083607802.18683.18.camel@cobra.khadrin.com> Message-ID: I downloaded FileZilla and trying again. I like the interface. I also found some sites where I can sale for the DVD like: http://osdepot.com/osc/index.php http://www.osdisc.com/cgi-bin/view.cgi/index.html http://linuxinstall.org/fedora.php On Mon, 03 May 2004 14:10:02 -0400, you wrote: >On Mon, 2004-05-03 at 13:10, David Sherman wrote: >> The DVD download failed again. >> >> I have started to download the 4 iso images. > >It sounds like downloading a DVD ISO is problematic? It isn't clear to >me from the comments if the problem is in server software, client >software or a combination of both. > >I don't have a DVD burner, and have never tried to download a DVD ISO. >I gather from Jim's experience though that handling large files locally >is not a problem. Therefore I propose a possible workaround: ask the iso >developers to break up the iso's into <2G chunks. This would make it >easier to distribute load accross multiple mirrors as well (translation: >it's good for distributors too). The chances of convincing redhat to do >this before FC2 final seem reasonable if it is really a common problem. > >I could propose this solution on the fedora list myself, but I think it >would be better for someone actually experiencing difficulties to do so. > >Not long ago there was discussion of using jigdo (the Debian way) at >some point in the future, which is an altogether better solution than >ISOs anyway. But for now... > >This problem has come up recently on fedora-devel. See this thread: >http://www.redhat.com/archives/fedora-devel-list/2004-April/msg01089.html From jep200404 at columbus.rr.com Mon May 3 14:59:49 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:19 2005 Subject: [COLUG] Re: problems downloading huge files: split/cat/jigdo In-Reply-To: <1083607802.18683.18.camel@cobra.khadrin.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> <1083607802.18683.18.camel@cobra.khadrin.com> Message-ID: <20040503145949.5c86dd94.jep200404@columbus.rr.com> "Stephen J. Smith" wrote: > It sounds like downloading a DVD ISO is problematic? [. (not a question)] > It isn't clear to me from the comments if the problem is in > server software, client software or a combination of both. It varies. Many servers have problems dealing with huge files. Many clients have problems dealing with huge files. We are just going through some growing pains. > I don't have a DVD burner, and have never tried to download a DVD ISO. > I gather from Jim's experience though that handling large files locally > is not a problem. It's not a problem for _me_, but can still be a problem for others, especially those using old (Windows _and_ UNIXish) filesystems. A Win98 user would probably have trouble dealing with any huge file as a full DVD would use. > Therefore I propose a possible workaround: ask the iso > developers to break up the iso's into <2G chunks. This would make it > easier to distribute load accross multiple mirrors as well (translation: > it's good for distributors too). That workaround would help. > The chances of convincing redhat to do > this before FC2 final seem reasonable if it is really a common problem. Between test 2 and test 3, I've noticed a substantial drop in the number of Red Hat mirrors that incorrectly displayed the length of huge files. So it seems that folks are working on fixing the problem instead of merely working around it. With .iso images of DVDs making huge files common, I don't think this problem will persist long in the open source community. Whatever limitationss Windows users have with their default (proprietary) HTTP/FTP clients, will persist longer. > Not long ago there was discussion of using jigdo (the Debian way) at > some point in the future, which is an altogether better solution than > ISOs anyway. How would you compare jigdo with bit torrent? I think jigdo and bit torrent can be nice in addition to the legacy protocols. The legacy protocols are necessary to make it easy for newbies to try Linux. Which limitations of the legacy protocols (particularly http and ftp) are inherent in the protocols and not in particular implementations in server or client code? From sjs at khadrin.com Mon May 3 16:32:23 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:19 2005 Subject: [COLUG] Re: problems downloading huge files: split/cat/jigdo In-Reply-To: <20040503145949.5c86dd94.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> <1083607802.18683.18.camel@cobra.khadrin.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> Message-ID: <1083616343.19259.27.camel@cobra.khadrin.com> On Mon, 2004-05-03 at 14:59, Jim P wrote: > How would you compare jigdo with bit torrent? jigdo * Reduces disk space for mirrors (and potentially spreads the network load across more than one mirror). - Storing RPMs plus ISOs for CDs plus a DVD ISO uses 3x more space than necessary. * Doesn't require special server software. - You need special software (jigdo-file) to create the .jigdo file which controls download and assembly, but each mirror doesn't need this. * Does require special client software. - Not complicated and runs on a variety of platforms. BitTorrent * Reduces network bandwidth for mirrors. - Clients also act as servers. Load is actually moved from mirrors to clients, rather than just spreading the load around mirrors * Requires special server software. - The mirror needs to run the bittorrent client on the file it is serving, and maybe a tracker as well. * Requires special software on the server - Not complicated and runs on a variety of platforms. I have found Jigdo to be a joy to use. It worked perfectly every time I tried it. I have only tried BitTorrent once. I made the mistake of not forwarding ports 6881-6889 through my firewall, which made it painfully slow. So slow in fact that I gave up. Definitely make sure those ports are reachable or find some other way around the mandatory bandwidth sharing if you are going to try it. I have heard that BitTorrent works best with large files and many downloaders. That makes sense to me, but I don't know it from experience. -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From dshermin at ameritech.net Mon May 3 16:40:12 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:19 2005 Subject: problems downloading huge files: also Fedora DVD[COLUG] In-Reply-To: <1083607802.18683.18.camel@cobra.khadrin.com> References: <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> <1083607802.18683.18.camel@cobra.khadrin.com> Message-ID: FileZilla stopped with too many retires at 16% done. Since I restarted it, I wonder what will happen. On Mon, 03 May 2004 14:10:02 -0400, you wrote: >On Mon, 2004-05-03 at 13:10, David Sherman wrote: >> The DVD download failed again. >> >> I have started to download the 4 iso images. > >It sounds like downloading a DVD ISO is problematic? It isn't clear to >me from the comments if the problem is in server software, client >software or a combination of both. > >I don't have a DVD burner, and have never tried to download a DVD ISO. >I gather from Jim's experience though that handling large files locally >is not a problem. Therefore I propose a possible workaround: ask the iso >developers to break up the iso's into <2G chunks. This would make it >easier to distribute load accross multiple mirrors as well (translation: >it's good for distributors too). The chances of convincing redhat to do >this before FC2 final seem reasonable if it is really a common problem. > >I could propose this solution on the fedora list myself, but I think it >would be better for someone actually experiencing difficulties to do so. > >Not long ago there was discussion of using jigdo (the Debian way) at >some point in the future, which is an altogether better solution than >ISOs anyway. But for now... > >This problem has come up recently on fedora-devel. See this thread: >http://www.redhat.com/archives/fedora-devel-list/2004-April/msg01089.html From jep200404 at columbus.rr.com Mon May 3 17:32:40 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:19 2005 Subject: problems downloading huge files: also Fedora DVD [COLUG] In-Reply-To: References: <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> <1083607802.18683.18.camel@cobra.khadrin.com> Message-ID: <20040503173240.5f3ab011.jep200404@columbus.rr.com> David Sherman wrote: > FileZilla stopped with too many [retries] at 16% done. Such is life. > Since I restarted it, I wonder what will happen. Don't wonder: Look! Did it start over from the beginning, or did it resume downloading from where it left off? Also, some clients and servers can resume from the middle, but not from a point past 2GB. If it starts over from the beginning, it'll be very difficult to download the whole thing. If so, your best chance of downloading it would be to start a download around bed time when the internet is less congested. From rfunk at funknet.net Mon May 3 17:38:04 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:19 2005 Subject: [COLUG] bittorrent In-Reply-To: <1083616343.19259.27.camel@cobra.khadrin.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> Message-ID: <200405031738.04493.rfunk@funknet.net> Stephen J. Smith wrote: > I have only tried BitTorrent once. I made the mistake of not forwarding > ports 6881-6889 through my firewall, which made it painfully slow. So > slow in fact that I gave up. Definitely make sure those ports are > reachable or find some other way around the mandatory bandwidth sharing > if you are going to try it. The way bittorrent works, if you don't do any uploading you'll be unlikely to get anything downloaded completely, unless it's really small. The tracker keeps track of how much each client has uploaded and downloaded (for each file, not globally), and the more you've uploaded the file the more you'll be able to download it. So basically bittorrent is useless without opening and forwarding those ports. There's no way around this. > I have heard that BitTorrent works best with large files and many > downloaders. That makes sense to me, but I don't know it from > experience. I use bittorrent all the time (it's great for getting CD images, or last night's episode of your favorite TV show), and can agree with that. With small files bittorrent is probably more trouble than it's worth; good candidates for bittorrent are generally at least a hundred megabytes, though tens of megabytes are OK too. (For example, the people sharing music via bittorrent do it by album -- or by album collection -- rather than by song.) And the more downloaders there are the more uploaders there are, therefore the more the bandwidth gets spread out and the more likely you are to get higher speeds. Better than lots of downloaders are lots of uploaders ("seeders") who already have the whole file and are only uploading, not downloading. Thus it's good bittorrent etiquette to leave the client running for a while after the download finishes, preferably until you've uploaded at least as much as you've downloaded (even better if you've uploaded much more than you've downloaded). The biggest problem I've found with bittorrent is that even though the download bandwidth is shared, the control channel to the tracker is not -- there's only one tracker (for each file) that coordinates all the clients, so there are often problems if that tracker is on a narrow pipe or is otherwise unreliable. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From joe at whipple.cc Mon May 3 22:41:56 2004 From: joe at whipple.cc (Joe Whipple) Date: Sat Jan 8 01:35:19 2005 Subject: [COLUG] Re: problems downloading huge files: split/cat/jigdo In-Reply-To: <1083616343.19259.27.camel@cobra.khadrin.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> <1083607802.18683.18.camel@cobra.khadrin.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> Message-ID: <409702F4.6060708@whipple.cc> Hrm, sounds like Prozilla, except the server doesnt have to create any seed file like jigdo. I use prozilla to download large files or large amounts of files as it does the following: (from thier site:) http://prozilla.genesys.ro * Supports FTP & HTTP including redirection (ProZilla & ProzGUI). * Resume Supported (ProZilla & ProzGUI). * Complete acceleration: The file will be downloaded as fast as possible as your bandwidth allows if not otherwise specified (ProZilla & ProzGUI). * Unlike certain other download accelerators available for Linux, this really works. * The number of connections that prozilla uses can be specified (ProZilla & ProzGUI). * FTPsearch support now permits fetching Mirror locations and pinging them and selecting the fastest server is automatically done (ProZilla & ProzGUI). * Downloading the same file in parts from several servers at once to increase speed (ProzGUI). This also works with Gentoo portage to download sources, just uncomment in your make.conf file Joe Stephen J. Smith wrote: >On Mon, 2004-05-03 at 14:59, Jim P wrote: > > >>How would you compare jigdo with bit torrent? >> >> > >jigdo >* Reduces disk space for mirrors (and potentially spreads the network >load across more than one mirror). > - Storing RPMs plus ISOs for CDs plus a DVD ISO uses 3x more space > than necessary. >* Doesn't require special server software. > - You need special software (jigdo-file) to create the .jigdo file > which controls download and assembly, but each mirror doesn't > need this. >* Does require special client software. > - Not complicated and runs on a variety of platforms. > >BitTorrent >* Reduces network bandwidth for mirrors. > - Clients also act as servers. Load is actually moved from mirrors > to clients, rather than just spreading the load around mirrors >* Requires special server software. > - The mirror needs to run the bittorrent client on the file it is > serving, and maybe a tracker as well. >* Requires special software on the server > - Not complicated and runs on a variety of platforms. > >I have found Jigdo to be a joy to use. It worked perfectly every time I >tried it. > >I have only tried BitTorrent once. I made the mistake of not forwarding >ports 6881-6889 through my firewall, which made it painfully slow. So >slow in fact that I gave up. Definitely make sure those ports are >reachable or find some other way around the mandatory bandwidth sharing >if you are going to try it. > >I have heard that BitTorrent works best with large files and many >downloaders. That makes sense to me, but I don't know it from >experience. > > > From lshurr at columbus.rr.com Mon May 3 23:09:45 2004 From: lshurr at columbus.rr.com (Larry A. Shurr) Date: Sat Jan 8 01:35:19 2005 Subject: [COLUG] The faster machine is the slower? In-Reply-To: <200405030147.59358.rfunk@funknet.net> References: <4095AE15.2060205@columbus.rr.com> <200405022251.02595.rfunk@funknet.net> <4095C82B.70902@columbus.rr.com> <200405030147.59358.rfunk@funknet.net> Message-ID: <40970979.6030303@columbus.rr.com> Rob Funk wrote: > Larry A. Shurr wrote: > Looking back at your dmesg listing, I notice this for the Pentium II: > CPU: L1 I cache: 16K, L1 D cache: 16K > CPU: L2 cache: 512K > and this for the VIA: > CPU: L1 I Cache: 64K (32 bytes/line), D cache 64K (32 bytes/line) That is interesting. It doesn't report a L2 cache. Hmmm... now I have the BIOS setup showing and there are selections for enabling 'CPU Internal Cache', 'External Cache', and 'CPU L2 Cache ECC Checking'. Now I'm looking at the motherboard manual downloaded from Soyo.com. Hmmm... it doesn't show the 'CPU L2 Cache ECC Checking' option and the description for the 'External Cache' setting is quite inscrutable: 'Enables the external memory'. Now there's an explanation that explains nothing. I don't find anything which describes the L2 cache (size, speed, interleave, etc...). Maybe it doesn't have one. > In other words, the VIA processor has more level 1 cache, but that's > dwarfed by the Intel's level 2 cache. I don't know if the P-II can use > its L2 cache as fast as the VIA can use its L1 cache, but the Intel's > level 2 cache will be a lot faster than the system memory on either > machine. If there's no L2 cache, this may help explain why my Tiger Electronics $59 special was so cheap. Still... the machine actually runs well. If I just use it instead of benchmarking it, I find it very satisfactory for the uses I put it to. As I said before, I had not intended to benchmark it -- as in compare it to other machines -- I only meant to tweak it. > This page might help with hdparm: > http://www.thedumbterminal.co.uk/information/hdparm.shtml Thank you for that. > As for overall system performance, again I don't know what type of memory > you have, but that's a factor. The system ("front-side") bus speed is a > factor, though these processors may have parity there. The PII uses a 66 MHz frontside bus and the VIA a 100 MHz frontside. > Also keep in mind that the VIA processors are designed for low power > dissipation, while Intel processors are designed for high performance. > It's a tradeoff. > Even when you look only at the processor (and even if you ignore the on-CPU > cache), there's a lot more that affects the performance than just the core > clock speed. All good points. Larry From lefevre.10 at osu.edu Mon May 3 23:40:23 2004 From: lefevre.10 at osu.edu (Steve Lefevre) Date: Sat Jan 8 01:35:19 2005 Subject: [COLUG] bittorrent In-Reply-To: <200405031738.04493.rfunk@funknet.net> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> <200405031738.04493.rfunk@funknet.net> Message-ID: <409710A7.4060302@osu.edu> Rob Funk wrote: >So basically bittorrent is useless without opening and forwarding those >ports. There's no way around this. > > I have to disagree. I'm downloading about 3 torrents (linux isos, you know?) right now. I have a cheap-ass router in between my box and the cable router, so I can't open the ports to my machine. So, right now I'm getting: 23KiB up/ 12 KiB down 30KiB down / 14 KiB down 3 KiB up / 2 KiB down So it's not great, but you do get stuff. It takes about 2 days to get ~700 MB items. From lefevre.10 at osu.edu Mon May 3 23:44:58 2004 From: lefevre.10 at osu.edu (Steve Lefevre) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] bittorrent In-Reply-To: <200405031738.04493.rfunk@funknet.net> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> <200405031738.04493.rfunk@funknet.net> Message-ID: <409711BA.4010301@osu.edu> Rob Funk wrote: >So basically bittorrent is useless without opening and forwarding those >ports. There's no way around this. > > I have to disagree. I'm downloading about 3 torrents (linux isos, you know?) right now. I have a cheap-ass router in between my box and the cable router, so I can't open the ports to my machine. So, right now I'm getting: 23KiB up/ 12 KiB down 30KiB down / 14 KiB down 3 KiB up / 2 KiB down So it's not great, but you do get stuff. It takes about 2 days to get ~700 MB items. From jep200404 at columbus.rr.com Tue May 4 00:06:17 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] bittrickle/bittorrent In-Reply-To: <409710A7.4060302@osu.edu> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> <200405031738.04493.rfunk@funknet.net> <409710A7.4060302@osu.edu> Message-ID: <20040504000617.20c2a93d.jep200404@columbus.rr.com> Steve Lefevre wrote: > I have a cheap-ass router in between my box and the cable router, > so I can't open the ports to my machine. This is one of the few remaining excuses for making one's own firewall out of an old junk PC. ------------------------------------------------- Additionally, having a (bit torrent) server running on my desktop on my private LAN gives me the willies, so I'd rather isolate the bit torrent box in a DMZ. After the bit torrent box gets the files of interest, from my desktop I'd suck the files with a non-peer protocol, like http, ftp, scp or rsync. From gate at ilive4code.net Tue May 4 00:27:11 2004 From: gate at ilive4code.net (Greg Sidelinger) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] Wide Open Magazine Message-ID: <1083644831.11452.76.camel@sanitarium> I just noticed that the Redhat Magazine Wide Open is going to be free to most people. Looks to be the same thing Oracle does with their publication. I was not all that impressed with issue number 1 but I still have not sat down and dug though it too much. But if anyone is interested in getting it head on over to www.redhatmagazine.com and get on the list. -- Greg Sidelinger gate'at'ilive4code.net ----------------------------------------------------------- there's no point for democracy when ignorance is celebrated From rfunk at funknet.net Tue May 4 00:44:36 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] bittrickle/bittorrent In-Reply-To: <20040504000617.20c2a93d.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <409710A7.4060302@osu.edu> <20040504000617.20c2a93d.jep200404@columbus.rr.com> Message-ID: <200405040044.36674.rfunk@funknet.net> Jim P wrote: > Steve Lefevre wrote: > > I have a cheap-ass router in between my box and the cable router, > > so I can't open the ports to my machine. > > This is one of the few remaining excuses for > making one's own firewall out of an old junk PC. My D-Link DI-604 router can do port forwarding just fine. A year ago it was the cheapest one around at ~$50; dunno how it compares today. The Linksys WRT54G (combo 802.11b/g access point, router, and 4-port switch) I just bought for ~$75 can do it too -- and since it runs Linux I can upgrade that with custom firmware to do whatever I want. > Additionally, having a (bit torrent) server running on my desktop > on my private LAN gives me the willies, so I'd rather isolate > the bit torrent box in a DMZ. Yes, I have similar thoughts, but haven't bothered with it yet. Of course, part of it is that my desktop machine is the one with all the disk space, and after a few torrents even that gets tight. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From dshermin at ameritech.net Tue May 4 07:16:39 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] Re: problems downloading huge files: split/cat/jigdo In-Reply-To: <20040503145949.5c86dd94.jep200404@columbus.rr.com> References: <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> <1083607802.18683.18.camel@cobra.khadrin.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> Message-ID: Thanks for all the help. I now a good DVD ISO image to use. thanks again. On Mon, 3 May 2004 14:59:49 -0400, you wrote: >"Stephen J. Smith" wrote: > >> It sounds like downloading a DVD ISO is problematic? > [. (not a question)] > >> It isn't clear to me from the comments if the problem is in >> server software, client software or a combination of both. > >It varies. > >Many servers have problems dealing with huge files. >Many clients have problems dealing with huge files. >We are just going through some growing pains. > >> I don't have a DVD burner, and have never tried to download a DVD ISO. >> I gather from Jim's experience though that handling large files locally >> is not a problem. > >It's not a problem for _me_, but can still be a problem for others, >especially those using old (Windows _and_ UNIXish) filesystems. >A Win98 user would probably have trouble dealing with any >huge file as a full DVD would use. > >> Therefore I propose a possible workaround: ask the iso >> developers to break up the iso's into <2G chunks. This would make it >> easier to distribute load accross multiple mirrors as well (translation: >> it's good for distributors too). > >That workaround would help. > >> The chances of convincing redhat to do >> this before FC2 final seem reasonable if it is really a common problem. > >Between test 2 and test 3, I've noticed a substantial drop in >the number of Red Hat mirrors that incorrectly displayed the >length of huge files. So it seems that folks are working on >fixing the problem instead of merely working around it. > >With .iso images of DVDs making huge files common, >I don't think this problem will persist long in the open source >community. Whatever limitationss Windows users have with their >default (proprietary) HTTP/FTP clients, will persist longer. > >> Not long ago there was discussion of using jigdo (the Debian way) at >> some point in the future, which is an altogether better solution than >> ISOs anyway. > >How would you compare jigdo with bit torrent? > >I think jigdo and bit torrent can be nice in addition to >the legacy protocols. The legacy protocols are necessary >to make it easy for newbies to try Linux. Which limitations >of the legacy protocols (particularly http and ftp) are >inherent in the protocols and not in particular >implementations in server or client code? > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug From blitz at post891.org Tue May 4 07:18:05 2004 From: blitz at post891.org (Patrick Blitz) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] VPN System: IPsec or OpenVPN? Message-ID: <1083669485.1015.5.camel@amon> Hey list, i'm trying to set up a VPN Net at my work. Connection outside goes over a ADSL line, with the clients behind it NAT'd and Firewalled by an FreeBSD box. The Clients that should connect to this VPN gateway are all windwos 2k an windows XP clients (Roadwarriors). I've toyed around with FreeS/wan, and would prop get it to work. But now i'm wondering about how to solve the NAT problem, which seems to be hard for IPsec if i can trust those docs, and what kind of clients i could use. Originally, i thought that i could use the windows VPN Client, but as usualy, MS seems to have changed it so much that it doesn't work. So, as easy to install clients and NATing goes, what expierences with the different Systems have you made? Is OpenVPN an equally good resolution, or maybe better for my needs? Thanks a lot. PS: If there has been a discussion similar to this a while ago, please give me the links. I remeber seeing one, but can't find it anywhere. Patrick From skippy at skippy.net Tue May 4 08:40:50 2004 From: skippy at skippy.net (Scott Merrill) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] VPN System: IPsec or OpenVPN? In-Reply-To: <1083669485.1015.5.camel@amon> References: <1083669485.1015.5.camel@amon> Message-ID: <33811.216.136.35.122.1083674450.squirrel@www.skippy.net> Patrick Blitz said: > So, as easy to install clients and NATing goes, what expierences with > the different Systems have you made? Is OpenVPN an equally good > resolution, or maybe better for my needs? I've only fiddled with OpenVPN on Linux, and have never configured it for production use, but I found it to be very easy to configure and use. If my memory serves, each OpenVPN connection requires a seperate UDP port, which might get a little awkward if you have a lot of incoming connections. The last OpenVPN FAQ describes how to accomodate many incoming connections through (x)inetd: http://openvpn.sourceforge.net/faq.html From ken at alpha2.com Tue May 4 09:22:06 2004 From: ken at alpha2.com (Ken Bradford) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] Re: problems downloading huge files: split/cat/jigdo In-Reply-To: Message-ID: <01a801c431da$cbe48840$690aa8c0@alpha2.com> > -----Original Message----- > From: colug-bounces@colug.net [mailto:colug-bounces@colug.net]On Behalf > Of David Sherman > Sent: Tuesday, May 04, 2004 7:17 AM > To: Central OH Linux User Group > Subject: Re: [COLUG] Re: problems downloading huge files: > split/cat/jigdo > > > Thanks for all the help. I now a good DVD ISO image to use. > > thanks again. > > Whoa, I missed something. _How_ did you finally get a good download? Ken Bradford Alpha II Service, Inc. From gate at ilive4code.net Tue May 4 09:32:43 2004 From: gate at ilive4code.net (Greg Sidelinger) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] File Systems Message-ID: <1083677563.14709.87.camel@sanitarium> All the fun little talk of large files has had me thinking of my file server I am in the process of setting up. I have a 360g raid5 array running off of a gdth controller. It is just one big partition because the OS runs off of a software raid1 setup. And it is designed as just a big data store for me to backup all of my crap too. But I was wondering what file systems are best designed for large drives. I currently have it formatted with reiserfs. The system will hold lots of small files and some large ones but most likely not too many +4g files. I was wondering if I should be concerned about using a different file system before it is too late. The cage is also hot swappable so does that actually make any difference, I did not think so but figured I would ask. -- Greg Sidelinger gate'at'ilive4code.net ----------------------------------------------------------- there's no point for democracy when ignorance is celebrated From sun at percipia.com Tue May 4 09:40:51 2004 From: sun at percipia.com (Sundaram Ramasamy) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] SuSE 9.1 ISO file In-Reply-To: <1083644831.11452.76.camel@sanitarium> References: <1083644831.11452.76.camel@sanitarium> Message-ID: <40458.170.148.10.23.1083678051.squirrel@webmail.percipia.com> Hi all, I want to install SuSE 9.1 with C++ compiler, How many ISO Image files I have to download for this installation. Thanks Sundaram From jep200404 at columbus.rr.com Tue May 4 09:55:18 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] SuSE 9.1 ISO file In-Reply-To: <40458.170.148.10.23.1083678051.squirrel@webmail.percipia.com> References: <1083644831.11452.76.camel@sanitarium> <40458.170.148.10.23.1083678051.squirrel@webmail.percipia.com> Message-ID: <20040504095518.16c46c59.jep200404@columbus.rr.com> Sundaram wrote: > I want to install SuSE 9.1 with C++ compiler, > How many ISO Image files I have to download for this installation. You don't have to download _any_ .iso images for your installation. Zero to Five. Zero: Make boot floppies and install from server on the internet. This is painful. One: Download small (20MB) .iso for boot CD-ROM to do the same as above. This is very feasible. If you burn CD-RW media, then you won't even waste a disk on this. Download one big .iso for bootable installation DVD. Five: Download all five .iso files for installation CDs. Choose your poison. From lefevre.10 at osu.edu Tue May 4 10:40:45 2004 From: lefevre.10 at osu.edu (Steve Lefevre) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] bittrickle/bittorrent In-Reply-To: <20040504000617.20c2a93d.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> <200405031738.04493.rfunk@funknet.net> <409710A7.4060302@osu.edu> <20040504000617.20c2a93d.jep200404@columbus.rr.com> Message-ID: <4097AB6D.3070409@osu.edu> Jim P wrote: >Steve Lefevre wrote: > > > >>I have a cheap-ass router in between my box and the cable router, >>so I can't open the ports to my machine. >> >> > >This is one of the few remaining excuses for >making one's own firewall out of an old junk PC. > > > > I like the quietness of cheapie routers, since I'm in the room I'm trying to sleep in. From joe at whipple.cc Tue May 4 10:51:43 2004 From: joe at whipple.cc (Joe Whipple) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] File Systems In-Reply-To: <1083677563.14709.87.camel@sanitarium> References: <1083677563.14709.87.camel@sanitarium> Message-ID: <4097ADFF.2000607@whipple.cc> IMHO, the BEST filesystem for large drives/files has to be XFS. XFS was designed by SGI from the beginning as a filesystem to handle large media files (movies/animations). It creates inodes on the fly, is a full journaling filesystem and very robust. I currently use it on my 1 terabyte file store. Its also nice to know that the limit on file system size in xfs is currently 512PB on linux. From a reliability standpoint, I have never lost anything from an XFS drive (except when something phyically failed). Joe Greg Sidelinger wrote: >All the fun little talk of large files has had me thinking of my file >server I am in the process of setting up. I have a 360g raid5 array >running off of a gdth controller. It is just one big partition because >the OS runs off of a software raid1 setup. And it is designed as just a >big data store for me to backup all of my crap too. But I was wondering >what file systems are best designed for large drives. I currently have >it formatted with reiserfs. The system will hold lots of small files >and some large ones but most likely not too many +4g files. I was >wondering if I should be concerned about using a different file system >before it is too late. The cage is also hot swappable so does that >actually make any difference, I did not think so but figured I would >ask. > > > > > From jep200404 at columbus.rr.com Tue May 4 12:51:47 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] success downloading SUSE DVD In-Reply-To: References: <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> <1083607802.18683.18.camel@cobra.khadrin.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> Message-ID: <20040504125147.3e936d5a.jep200404@columbus.rr.com> David Sherman wrote: > I now [have] a good DVD ISO image to use. How did you do it? Did you just get lucky with an uninterrupted overnight download? From pstjohn at hrblock.com Tue May 4 14:13:24 2004 From: pstjohn at hrblock.com (St. John, Peter) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] Re: problems downloading huge files: split/cat/jigdo Message-ID: Gentlemen, Can you switch my COLUG subscription to my Hotmail address? I just got reorganized. I wanted to use this address (while I still can) by way of authentication. Thanks, Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 2437 bytes Desc: not available Url : http://www.colug.net/pipermail/colug/attachments/20040504/d2a841f1/attachment.bin From jep200404 at columbus.rr.com Tue May 4 14:35:42 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] Mailing List In-Reply-To: References: Message-ID: <20040504143542.3adbc29e.jep200404@columbus.rr.com> Someone wrote: > Can you switch my COLUG subscription to my Hotmail address? COLUG subscription is self serve. If there is a bug, please send a letter about it to the email address at the bottom of the subscription web page. From archanoid at columbus.rr.com Tue May 4 15:59:01 2004 From: archanoid at columbus.rr.com (archanoid@columbus.rr.com) Date: Sat Jan 8 01:35:20 2005 Subject: [COLUG] VPN System: IPsec or OpenVPN? Message-ID: Patrick Blitz wrote: > > I've toyed around with FreeS/wan, and would prop > get it to work. But now i'm wondering about how > to solve the NAT problem, which seems to be hard > for IPsec if i can trust those docs, and what > kind of clients i could use. > [snip] > > So, as easy to install clients and NATing goes, > what expierences with the different Systems have > you made? I have used FreeS/WAN in a production environment. The trick to IPSEC behind NAT is the setup protocol used. (I'm going off memory here, so take this with a grain of salt.) IPSEC uses one of two alternative authentication protocols (AH or ESP) when setting up the connection. One will work behind NAT, the other won't. Don't remember which is which. Also, I used this in a tunnel between two VPN end-points, not in an opportunistic VPN where any IPSEC client could connect. My setup was like this: |--LAN--| (10.1.x.x) | (VPN BOX) ^ | v (cisco rtr) ^ | v (internet) ^ | v (cisco rtr) ^ | v (VPN BOX) | |--LAN--| (10.2.x.x) Basically, the 10.1 network saw the inside NIC of the local VPN (Linux) box as the route to 10.2 and vice versa. I thought the FreeS/WAN docs were very useful. The trick was to use the proper protocol for initial authentication (AH or ESP) and to use *name-based* authentication, not IP-based. HTH... -Aaron From jep200404 at columbus.rr.com Tue May 4 16:26:29 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:20 2005 Subject: mkisofs: Error: Mail/sent/.sylpheed_mark and Mail/0spam/.sylpheed_mark have the same Rock Ridge name [COLUG] Message-ID: <20040504162629.5f33e296.jep200404@columbus.rr.com> When I use the -graft-points option to mkisofs, sometimes I get an error like above. How do you work around that? >From man mkisofs: Each file written to the iso9660 filesystem must have a filename in the 8.3 format (8 characters, period, 3 char? acters, all upper case), even if Rock Ridge is in use. This filename is used on systems that are not able to make use of the Rock Ridge extensions (such as MS-DOS), and each filename in each directory must be different from the other filenames in the same directory. mkisofs generally tries to form correct names by forcing the unix filename to upper case and truncating as required, but often times this yields unsatisfactory results when there are cases where the truncated names are not all unique. mkisofs assigns weightings to each filename, and if two names that are otherwise the same are found the name with the lower priority is renamed to have a 3 digit number as an exten? sion (where the number is guaranteed to be unique). An example of this would be the files foo.bar and foo.bar.~1~ - the file foo.bar.~1~ would be written as FOO000.BAR;1 and the file foo.bar would be written as FOO.BAR;1 I get the impression that mkisofs would rename its way out of the situation. Nonetheless, I have the problem. From rfunk at funknet.net Tue May 4 16:34:19 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] VPN System: IPsec or OpenVPN? In-Reply-To: References: Message-ID: <200405041634.19576.rfunk@funknet.net> archanoid@columbus.rr.com wrote: > I have used FreeS/WAN in a production environment. The trick to IPSEC > behind NAT is the setup protocol used. (I'm going off memory here, so > take this with a grain of salt.) IPSEC uses one of two alternative > authentication protocols (AH or ESP) when setting up the connection. > One will work behind NAT, the other won't. Don't remember which is > which. AH won't work with NAT, ESP will. AH is Authenticated Headers, while ESP is Encapsulating Secure Payload. In other words, AH protects your headers, NAT messes with your headers, and ESP protects your data. > I thought the FreeS/WAN docs were very useful. The trick was to use the > proper protocol for initial authentication (AH or ESP) and to use > *name-based* authentication, not IP-based. Neither AH nor ESP is limited to *initial* authentication; they happen on each packet continually throughout the connection. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From rfunk at funknet.net Tue May 4 16:49:09 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:21 2005 Subject: mkisofs: same Rock Ridge name [COLUG] In-Reply-To: <20040504162629.5f33e296.jep200404@columbus.rr.com> References: <20040504162629.5f33e296.jep200404@columbus.rr.com> Message-ID: <200405041649.09142.rfunk@funknet.net> Jim P wrote: > When I use the -graft-points option to mkisofs, sometimes > I get an error like above. How do you work around that? Don't use -graft-points, of course. :-) Just because it's a real pain to look for the subject line to find the error message, here's it is again: > Mail/sent/.sylpheed_mark and Mail/0spam/.sylpheed_mark have the same Rock Ridge name What's your command line look like? > From man mkisofs: I don't see how the excerpt you gave is relevant to your error. How about this part: | If the option -graft-points has been specified, it is possible to | graft the paths at points other than the root directory, and it is | possible to graft files or directories onto the cdrom image with | names different than what they have in the source filesystem. This | is easiest to illustrate with a couple of examples. Let's start by | assuming that a local file ../old.lis exists, and you wish to | include it in the cdrom image. | | foo/bar/=../old.lis | | will include the file old.lis in the cdrom image at | /foo/bar/old.lis, while | | foo/bar/xxx=../old.lis | | will include the file old.lis in the cdrom image at /foo/bar/xxx. | The same sort of syntax can be used with directories as well. | mkisofs will create any directories required such that the graft | points exist on the cdrom image - the directories do not need to | appear in one of the paths. By default, any directories that are | created on the fly like this will have permissions 0555 and appear | to be owned by the person running mkisofs. If you wish other | permissions or owners of the intermediate directories, see -uid, | -gid, -dir-mode, -file-mode and -new-dir-mode. Looks to me like you need a renaming clause like those shown above. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From jep200404 at columbus.rr.com Tue May 4 17:11:49 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:21 2005 Subject: mkisofs: same Rock Ridge name [COLUG] In-Reply-To: <200405041649.09142.rfunk@funknet.net> References: <20040504162629.5f33e296.jep200404@columbus.rr.com> <200405041649.09142.rfunk@funknet.net> Message-ID: <20040504171149.568cc114.jep200404@columbus.rr.com> Rob Funk wrote: > Jim P wrote: > > When I use the -graft-points option to mkisofs, sometimes > > I get an error like above. How do you work around that? > What's your command line look like? mkisofs -o ~/mnt/mail2.iso -R -J -V "Mail20040504" -graft-points Mail=Mail/0spam Mail=Mail/sent From rfunk at funknet.net Tue May 4 17:44:45 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:21 2005 Subject: mkisofs: same Rock Ridge name [COLUG] In-Reply-To: <20040504171149.568cc114.jep200404@columbus.rr.com> References: <20040504162629.5f33e296.jep200404@columbus.rr.com> <200405041649.09142.rfunk@funknet.net> <20040504171149.568cc114.jep200404@columbus.rr.com> Message-ID: <200405041744.45814.rfunk@funknet.net> Jim P wrote: > mkisofs -o ~/mnt/mail2.iso -R -J -V "Mail20040504" -graft-points > Mail=Mail/0spam Mail=Mail/sent If I'm understanding -graft-points correctly, you're combining Mail/0spam and Mail/sent into a single Mail directory. That could be trouble if there are any files in those directories with the same name -- and your error message indicates at least one. I'd suggest using -m or -x to exclude conflicting files. You may be able to use the = syntax to rename them, but I'm not sure about that. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From blitz at post891.org Tue May 4 17:11:07 2004 From: blitz at post891.org (Patrick Blitz) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] VPN System: IPsec or OpenVPN? In-Reply-To: <200405041634.19576.rfunk@funknet.net> References: <200405041634.19576.rfunk@funknet.net> Message-ID: <1083705067.1227.1.camel@amon> On Tue, 2004-05-04 at 22:34, Rob Funk wrote: > AH won't work with NAT, ESP will. AH is Authenticated Headers, while ESP > is Encapsulating Secure Payload. In other words, AH protects your > headers, NAT messes with your headers, and ESP protects your data. > Neither AH nor ESP is limited to *initial* authentication; they happen on > each packet continually throughout the connection. Okay, i would have used ESP either way. So, i guess that question is solved. But how am i going to handle the clients? any Input there on which client App to use? From jep200404 at columbus.rr.com Tue May 4 18:42:41 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:21 2005 Subject: mkisofs: same Rock Ridge name [COLUG] In-Reply-To: <200405041744.45814.rfunk@funknet.net> References: <20040504162629.5f33e296.jep200404@columbus.rr.com> <200405041649.09142.rfunk@funknet.net> <20040504171149.568cc114.jep200404@columbus.rr.com> <200405041744.45814.rfunk@funknet.net> Message-ID: <20040504184241.005d3f7e.jep200404@columbus.rr.com> Rob wrote: > Jim P wrote: > > mkisofs -o ~/mnt/mail2.iso -R -J -V "Mail20040504" [\] > > -graft-points Mail=Mail/0spam Mail=Mail/sent > > If I'm understanding -graft-points correctly, you're combining Mail/0spam > and Mail/sent into a single Mail directory. Oops. I hate it when I repeat a past mistake. Now that I review history more carefully, I see that the command should have been: mkisofs -o ~/mnt/mail2.iso -R -J -V "Mail20040504" \ -graft-points Mail/0spam/=Mail/0spam Mail/sent/=Mail/sent I'm going to have to write this example down in my notebook. > I'd suggest using -m or -x to exclude conflicting files. I had already used that successfully to exclude the above directories to make the first CD. I haven't had any trouble with -m or -x, although the man pages have some spooky comments about how the man page is out of date and that they work similarly now. > You may be able to use the = syntax to rename them, Yup, and it helps to follow them with a '/'. (Maybe that's just for directories) From rfunk at funknet.net Tue May 4 19:46:19 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] VPN System: IPsec or OpenVPN? In-Reply-To: <1083705067.1227.1.camel@amon> References: <200405041634.19576.rfunk@funknet.net> <1083705067.1227.1.camel@amon> Message-ID: <200405041946.19882.rfunk@funknet.net> Patrick Blitz wrote: > But how am i going to handle the clients? any Input there on which > client App to use? I haven't worked with IPsec that much because it's so complex and painful, but when I have, the clients have used whatever IPsec facility was built into the OS, or the most common add-on. I know that doesn't help a whole lot though. (I ended up deciding that for my purposes ssh and ssl were easier than IPsec.) -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From jmayo1 at columbus.rr.com Tue May 4 22:05:55 2004 From: jmayo1 at columbus.rr.com (Jeremy Mayo) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] Bug in Mailman version 2.1.1 Message-ID: <40984C03.5020409@columbus.rr.com> Bug in Mailman version 2.1.1 We're sorry, we hit a bug! If you would like to help us identify the problem, please email a copy of this page to the webmaster for this site with a description of what happened. Thanks! Traceback: Traceback (most recent call last): File "/var/mailman/scripts/driver", line 87, in run_main main() File "/var/mailman/Mailman/Cgi/subscribe.py", line 96, in main process_form(mlist, doc, cgidata, language) File "/var/mailman/Mailman/Cgi/subscribe.py", line 178, in process_form mlist.AddMember(userdesc, remote) File "/var/mailman/Mailman/MailList.py", line 795, in AddMember cookie = Pending.new(Pending.SUBSCRIPTION, userdesc) File "/var/mailman/Mailman/Pending.py", line 64, in new db = _load() File "/var/mailman/Mailman/Pending.py", line 121, in _load return cPickle.load(fp) EOFError ------------------------------------------------------------------------ Python information: Variable Value sys.version 2.2.2 (#1, Feb 24 2003, 19:13:11) [GCC 3.2.2 20030222 (Red Hat Linux 3.2.2-4)] sys.executable /usr/bin/python sys.prefix /usr sys.exec_prefix /usr sys.path /usr sys.platform linux2 ------------------------------------------------------------------------ Environment variables: Variable Value PATH_INFO /colug-jobs CONTENT_LENGTH 96 CONTENT_TYPE application/x-www-form-urlencoded HTTP_REFERER http://www.colug.net/mailman/listinfo/colug-jobs SCRIPT_FILENAME /var/mailman/cgi-bin/subscribe PYTHONPATH /var/mailman SERVER_SOFTWARE Apache/2.0.40 (Red Hat Linux) SERVER_ADMIN webmaster@colug.net SCRIPT_NAME /mailman/subscribe SERVER_SIGNATURE Apache/2.0.40 Server at www.colug.net Port 80 REQUEST_METHOD POST HTTP_HOST www.colug.net HTTP_KEEP_ALIVE 300 SERVER_PROTOCOL HTTP/1.1 QUERY_STRING PATH_TRANSLATED /home/COLUG/pubhtml/colug-jobs REQUEST_URI /mailman/subscribe/colug-jobs HTTP_ACCEPT application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7 HTTP_USER_AGENT Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 HTTP_CONNECTION keep-alive SERVER_NAME www.colug.net REMOTE_ADDR 24.160.163.153 REMOTE_PORT 54117 HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5 UNIQUE_ID 1WMNd8bqRDYAAHhdR60AAAAE SERVER_PORT 80 GATEWAY_INTERFACE CGI/1.1 HTTP_ACCEPT_ENCODING gzip,deflate SERVER_ADDR 156.63.146.83 DOCUMENT_ROOT /home/COLUG/pubhtml -- Jeremy A Mayo Network Services Technician 3 Ohio Department of Job and Family Services WINDOWS 32 bit graphical interface for a 16 bit patch for a 8 bit opearating system internally coded for a 4 bit proccessor, by a 2 bit company that can't stand 1 bit of competition From jonadab at bright.net Tue May 4 23:24:43 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] Wireless Problem In-Reply-To: <40959AA2.4030203@litenverden.org> References: <5789A42DD684734298BF9EC852D35111033AB018@scad1exis02.alldata.net> <4092DDEE.6000705@litenverden.org> <40959AA2.4030203@litenverden.org> Message-ID: "George H. Yeager" writes: > Version 10.0 may be a bit rough on the edges, So was Mandrake 9.0. So was 8.0. I'm sticking with 9.2 until 10.1 comes out. Call me paranoid. -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From jonadab at bright.net Tue May 4 23:40:23 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:21 2005 Subject: more background on downloading huge files[COLUG] In-Reply-To: <200405021408.36169.rfunk@funknet.net> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <200405021408.36169.rfunk@funknet.net> Message-ID: Rob Funk writes: > Jim P wrote: > > Many programs are using a signed 32-bit integer for the length. > > Trouble is that the usual standard functions require that. Maybe in C, but surely there are ftp clients written in VHLLs by now that don't have such restrictions. I'm pretty sure Perl handles large files (at least on most platforms), though I've personally never had the opportunity to work with an individual file larger than 4GB, so I haven't personally tested it. One would imagine that anything based on Net::FTP would be able to handle large files, assuming the FTP server can, which strikes me as possibly not being a safe assumption. -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From jonadab at bright.net Tue May 4 23:54:35 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] Re: problems downloading huge files: split/cat/jigdo In-Reply-To: <1083616343.19259.27.camel@cobra.khadrin.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040501234735.GB29501%jmglov@jmglov.net> <20040501200712.79124ff6.jep200404@columbus.rr.com> <20040502093942.68ab1919.jep200404@columbus.rr.com> <20040503095549.257d8f7f.jep200404@columbus.rr.com> <20040503101909.153c0d0b.jep200404@columbus.rr.com> <34mc90lukqqik0tfs9koq09ql9vrf1bm2e@4ax.com> <20040503105643.1bbe8af7.jep200404@columbus.rr.com> <1083607802.18683.18.camel@cobra.khadrin.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> Message-ID: <8yg7il50.fsf@jonadab.homeip.net> "Stephen J. Smith" writes: > I have only tried BitTorrent once. I made the mistake of not > forwarding ports 6881-6889 through my firewall, which made it > painfully slow. So slow in fact that I gave up. Definitely make > sure those ports are reachable or find some other way around the > mandatory bandwidth sharing if you are going to try it. Does this mean I can get BT to work through IP Masq if I forward ports 6881 through 6889? But, it would only work on the one client that those ports are forwarded to, correct? (I was wanting to use BT to get the latest Knoppix, but all my systems that are sufficiently up-to-date (python-wise) to run BT are sitting behind IP Masq gateways, both at work and at home.) To me, this limitation seems like a significant disadvantage of BT. -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From rfunk at funknet.net Wed May 5 00:14:28 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] Re: problems downloading huge files: split/cat/jigdo In-Reply-To: <8yg7il50.fsf@jonadab.homeip.net> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> <8yg7il50.fsf@jonadab.homeip.net> Message-ID: <200405050014.28313.rfunk@funknet.net> Jonadab the Unsightly One wrote: > Does this mean I can get BT to work through IP Masq if I forward ports > 6881 through 6889? But, it would only work on the one client that > those ports are forwarded to, correct? Correct on both counts. > To me, this limitation seems like a significant disadvantage of BT. Or a significant disadvantage of NAT. :-) Understand that NAT is a hack that breaks certain assumptions of IP, and network gurus generally frown on it as evil. But it's still a useful hack. If you have just one machine behind the NATting router that needs to do BT, it's really no big deal to make BT work properly. (Other than the security considerations Jim mentioned.) Any peer-to-peer technology has the same issue with NAT, but that's no reason to get rid of P2P. Ideally the NAT system would be smart enough to handle setting up those ports on its own when necessary, the way they do with FTP, but as far as I know nobody has written a netfilter module to do that for bittorrent yet. (And that's not even possible with all protocols anyway; I don't know if it would be possible for bittorrent.) -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From rfunk at funknet.net Wed May 5 00:17:53 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:21 2005 Subject: more background on downloading huge files[COLUG] In-Reply-To: References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <200405021408.36169.rfunk@funknet.net> Message-ID: <200405050017.53416.rfunk@funknet.net> Jonadab the Unsightly One wrote: > Rob Funk writes: > > Jim P wrote: > > > Many programs are using a signed 32-bit integer for the length. > > > > Trouble is that the usual standard functions require that. > > Maybe in C, but surely there are ftp clients written in VHLLs by now > that don't have such restrictions. Keep in mind that VHLLs are generally written in portable C, so their internal code needs special cases to handle anything beyond the usual standard C stuff. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From blitz at post891.org Wed May 5 10:22:04 2004 From: blitz at post891.org (Patrick Blitz) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] VPN System: IPsec or OpenVPN? In-Reply-To: <200405041946.19882.rfunk@funknet.net> References: <200405041634.19576.rfunk@funknet.net> <1083705067.1227.1.camel@amon> <200405041946.19882.rfunk@funknet.net> Message-ID: <1083766924.1323.1.camel@amon.lordthundering.lan> On Wed, 2004-05-05 at 01:46, Rob Funk wrote: > > (I ended up deciding that for my purposes ssh and ssl were easier than > IPsec.) A whole VPN over ssl? that would be an interesting idea, but not really praticable, would it? From rfunk at funknet.net Wed May 5 13:24:30 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] VPN System: IPsec or OpenVPN? In-Reply-To: <1083766924.1323.1.camel@amon.lordthundering.lan> References: <200405041946.19882.rfunk@funknet.net> <1083766924.1323.1.camel@amon.lordthundering.lan> Message-ID: <200405051324.30141.rfunk@funknet.net> Patrick Blitz wrote: > On Wed, 2004-05-05 at 01:46, Rob Funk wrote: > > (I ended up deciding that for my purposes ssh and ssl were easier than > > IPsec.) > > A whole VPN over ssl? No. > that would be an interesting idea, but not really praticable, would it? Well, people were making makeshift VPNs with ppp over ssh a decade ago, but that's not a good solution because TCP running over TCP can get confused if there are dropped or repeated packets. I just meant that for my own purposes, a true VPN was overkill, and I could get away with using ssh along with its port forwarding, along with some ssl for some protocols. Oh yeah, and on the client side it's sometimes been helpful to do some port redirection and interface aliasing. (And all that was still easier for me than IPsec, probably because it reduced the number of new concepts to learn.) OpenVPN wan't around (or I wasn't aware of it) when I was fighting IPsec though. At a glance, OpenVPN looks like it might be easier to set up than IPsec. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From linux at litenverden.org Wed May 5 19:08:03 2004 From: linux at litenverden.org (George H. Yeager) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] Wireless Problem In-Reply-To: <200404302134.21325.tnoe@mailsnare.net> References: <5789A42DD684734298BF9EC852D35111033AB018@scad1exis02.alldata.net> <4092DDEE.6000705@litenverden.org> <200404302134.21325.tnoe@mailsnare.net> Message-ID: <409973D3.2030908@litenverden.org> I don't think I reported the resolution. The GUI network setup tool in MDK 10.0 is flakey. At least it is flakey for me. Of course, I could be what's flakey. Who knows. Anyway, I was able to configure eth0 with my wired enet card. Then, I plugged the Orinoco wireless card in the second slot and rebooted. The boot time hardware detection found the card and configured it as eth1. It asked for all the SSID, Key, mode, etc. information and worked just fine. I can use either network card and switch them when I wish. No problems. Also, O'Reilly has published a Linux wireless book. I ordered one from Amazon today. George From lshurr at columbus.rr.com Wed May 5 22:53:58 2004 From: lshurr at columbus.rr.com (Larry A. Shurr) Date: Sat Jan 8 01:35:21 2005 Subject: [COLUG] A postscript to "The faster machine is the slower?" In-Reply-To: <200405030224.18989.rfunk@funknet.net> References: <4095AE15.2060205@columbus.rr.com> <4095C82B.70902@columbus.rr.com> <200405030147.59358.rfunk@funknet.net> <200405030224.18989.rfunk@funknet.net> Message-ID: <4099A8C6.20706@columbus.rr.com> Rob Funk wrote: > I just found an online review/test of the 800MHz VIA C3. Some of the > comments seem relevant here. > http://techreport.com/reviews/2002q1/via-c3/ > > In particular, note that unlike everyone else, VIA tries to get its > performance from megahertz rather than various tricks trying to increase > the number of instructions per clock cycle (as Intel has done at least > since the Pentium). This could be a factor in a 650MHz VIA not being much > faster than a 266MHz Pentium II. Interesting article. It looks like you're right. I know it's a crap benchmark, but it was quick and easy to try. I dragged out the ancient dhrystone benchmark, dhry.c. I compiled it for 100 million iterations using "gcc -O -o dhry dhry.c" and found that deimos, the PII/266 gets 591,715 dhrystones/sec, and triton, the VIA C3/650 gets 800,000, suggesting that the VIA C3/650 is only about 35% faster than the PII/266. Both machines are now running SuSE 9.1 Pro thanks to the availabilty of the new .iso's and the compiler was gcc 3.3.3. Just for laughs, I compiled dhry.c using the Cygwin gcc (ver 3.3.1) on my "W" system, a PII/300, and got 775193 dhrystones/sec. The 3% difference may be statistically irrelevant, especially considering the quality of the benchmark. Well, what did I expect for $59? Sometime, I'll pull the motherboard and upgrade. Larry From rfunk at funknet.net Wed May 5 23:37:26 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] A postscript to "The faster machine is the slower?" In-Reply-To: <4099A8C6.20706@columbus.rr.com> References: <4095AE15.2060205@columbus.rr.com> <200405030224.18989.rfunk@funknet.net> <4099A8C6.20706@columbus.rr.com> Message-ID: <200405052337.26521.rfunk@funknet.net> Larry A. Shurr wrote: > Well, what did I expect for $59? Sometime, I'll pull the motherboard > and upgrade. Or pull the fan and use it in the living room as a media computer. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From joe at whipple.cc Wed May 5 23:41:40 2004 From: joe at whipple.cc (Joe Whipple) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] Faketoo In-Reply-To: <4099A8C6.20706@columbus.rr.com> References: <4095AE15.2060205@columbus.rr.com> <4095C82B.70902@columbus.rr.com> <200405030147.59358.rfunk@funknet.net> <200405030224.18989.rfunk@funknet.net> <4099A8C6.20706@columbus.rr.com> Message-ID: <4099B3F4.30608@whipple.cc> *For those who havent seen it yet, our very own Josh Glover is famous now (grin). * * An excerpt from gentoo's weekly newsletter at http://www.gentoo.org/news/en/gwn/20040503-newsletter.xml has the following: * /Running Faketoo.../ /If their Forum postcount had anything to do with how guruesque people are, Josh Glover wouldn't score too high. Fortunately, numbers aren't all that counts. Last week, Josh volunteered instructions for running Gentoo instances in a chroot jail - a Faketoo installation, in a manner of speaking - for development purposes, and provoked a lively discussion of his method's vices and virtues. See his Captain's log, a script to enter the jail, and the debate in the Documentation, Tips & Tricks forum: / *Congrats Josh!* From phstjohn at hotmail.com Thu May 6 13:23:34 2004 From: phstjohn at hotmail.com (Peter StJohn) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] Hi, I'm back Message-ID: So, now I"m interested in setting up my own domain. Steve "Khadrin" seems to think I should omit FTP service; I think of ftp, mail, and a telnet login to cc as the basics that a plain vanilla unix server should provide. But that's archaic? FTP is better served via https? Peter _________________________________________________________________ Getting married? Find tips, tools and the latest trends at MSN Life Events. http://lifeevents.msn.com/category.aspx?cid=married From lefevre.10 at osu.edu Thu May 6 10:49:19 2004 From: lefevre.10 at osu.edu (Steve Lefevre) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] BitTorrent *not* useless w/o open ports Message-ID: <409A506F.7020800@osu.edu> Hey folks - I've been doing some experimentation, and BT seems to work pretty well without the ports that it would prefer open (6881-6889, IIRC). Right now, I'm downloading 11 torrents behind a NAT. The fastest one coming in is currently at 71Kib/sec., observed mas 110KiB/sec. Others are anywhere from 0-40/KiB down, 0-30KiB up. For testing, I hooked up my computer directly to my port-forwarding firewall, and none of the torrents I was downloading then came in noticeably faster. So I think it has the other people on the network. I don't seem to be hindered by these ports not being open. In fact it works pretty well. Steve From sun at percipia.com Thu May 6 14:34:23 2004 From: sun at percipia.com (Sundaram Ramasamy) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] HP officejet 4100 printer printing question In-Reply-To: <4099A8C6.20706@columbus.rr.com> References: <4095AE15.2060205@columbus.rr.com><4095C82B.70902@columbus.rr.com> <200405030147.59358.rfunk@funknet.net><200405030224.18989.rfunk@funknet.net> <4099A8C6.20706@columbus.rr.com> Message-ID: <33034.170.148.10.23.1083868463.squirrel@webmail.percipia.com> Hi, I recently bought HP office jet 4100 all-in-one printer. I was not able to print color document in block & white, its always printing color. I call HP support they said, I will print color documents in color format only no option in their printer driver to select block & white format. I tried from SuSE 9.0 and Windows XP Operating system. Is there a work around to print color document in block & white format. http://h10010.www1.hp.com/wwpc/us/en/ho/WF13a/18972-238444-236260-12019-f8-90791.html -Sundaram From jonadab at bright.net Fri May 7 09:40:14 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] Re: problems downloading huge files: split/cat/jigdo In-Reply-To: <200405050014.28313.rfunk@funknet.net> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> <8yg7il50.fsf@jonadab.homeip.net> <200405050014.28313.rfunk@funknet.net> Message-ID: Rob Funk writes: > > To me, this limitation seems like a significant disadvantage of BT. > > Or a significant disadvantage of NAT. :-) Understand that NAT is a > hack that breaks certain assumptions of IP, and network gurus > generally frown on it as evil. But it's still a useful hack. I know, but it's such a helpful security chokepoint. > If you have just one machine behind the NATting router that needs to > do BT, it's really no big deal to make BT work properly. (Other > than the security considerations Jim mentioned.) Also, if I used a more cutting-edge distro on my NAT boxes, they'd have a new enough Python that I could run BT on them directly, and then pull the file into a local system across the 100BaseT LAN. But my NAT boxes are currently the least cutting-edge systems I have. I haven't decided if that's a good or a bad thing (security-wise); it's just the way I've been doing things so far. Of course, I upgraded openssl and openssh on those systems, without upgrading the whole distro, so in theory I could do the same thing for Python, but that seems... like going too far out of the way to keep an old distro in service; security updates are one thing, and functionality updates are something else. > Any peer-to-peer technology has the same issue with NAT, but that's > no reason to get rid of P2P. The thing is, BT is _in principle_, in terms of who's publishing and who's consuming what's published, not pure P2P, but more of a hybrid, sort-of like usenet; there's a definite client/server thing going on, but P2P is used to distribute bandwidth costs and keep load off the server. But they do use P2P in different places; usenet uses it on the server side pretty much exclusively, almost like a mirror system but without any authoritative rootlevel server, and BT brings P2P down to the client, on behalf of the server, or something like that. Anyway, I see where the problem is in the interaction between the two systems. > Ideally the NAT system would be smart enough to handle setting up > those ports on its own when necessary, the way they do with FTP, but > as far as I know nobody has written a netfilter module to do that > for bittorrent yet. (And that's not even possible with all > protocols anyway; I don't know if it would be possible for > bittorrent.) Interesting thought. I probably should research that. A lot of times when I think something doesn't exist, I find that in fact it does... -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From Baer at BaerSolutions.com Fri May 7 10:52:01 2004 From: Baer at BaerSolutions.com (R. Scott Baer) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] PHP& XHTML problems Message-ID: <409BA291.3060405@BaerSolutions.com> I'm trying to develop a page to meet the xhtml transitional specs.. I've ran into trouble that I hope someone could help me with. I think I know why its giving the error.. but I'm unsure on how to fix it. The system is adding the &PHPSESSID=0179df... to my link: I know this needs to be &PHPSESESSID=0179df... for it to pass the validation. I'm just not sure how to do it. Here is all the relevant info that I though someone would ask for Error from: http://validator.w3.org 1. Line 28, column 41: cannot generate system identifier for general entity "PHPSESSID" ...l>
  • Automotive
    • php to print line: printf("
  • %s",$PHPSELF, $categorys["id"], $categorys["name"]); Doc type: php version: 4.3.4-1.1 (fedora 1) apache version: 2.0.48-1.2 (fedora 1) Scott From jep200404 at columbus.rr.com Fri May 7 16:59:18 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] workhorse laser printers Message-ID: <20040507165918.192c18b4.jep200404@columbus.rr.com> Computer Success has some old HP Laserjet 4 and Laserjet 4 Plus printers for $20. These are serious workhorses. At that price, they little memory, no postscript or toner cartridge. (I see refilled cartridges on web for about $40) Pick the printer with the lowest page count on the test page. There were also some other lesser HP laserjets at same price. One was some 5* version, and seemed to come with a toner cartridge. From blitz at post891.org Thu May 6 11:08:48 2004 From: blitz at post891.org (Patrick blitz) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] VPN System: IPsec or OpenVPN? Solution References: <200405041946.19882.rfunk@funknet.net><1083766924.1323.1.camel@amon.lordthundering.lan> <200405051324.30141.rfunk@funknet.net> Message-ID: <000e01c4337c$14d6cfc0$1b0ca8c0@securetec.lan> > Well, people were making makeshift VPNs with ppp over ssh a decade ago, but > that's not a good solution because TCP running over TCP can get confused > if there are dropped or repeated packets. > > I just meant that for my own purposes, a true VPN was overkill, and I could > get away with using ssh along with its port forwarding, along with some > ssl for some protocols. Oh yeah, and on the client side it's sometimes > been helpful to do some port redirection and interface aliasing. (And all > that was still easier for me than IPsec, probably because it reduced the > number of new concepts to learn.) > > OpenVPN wan't around (or I wasn't aware of it) when I was fighting IPsec > though. At a glance, OpenVPN looks like it might be easier to set up than > IPsec. > Okay, i found the info i needed: this page http://www.jacco2.dds.nl/networking/freeswan-l2tp.html tells one how the l2tp/Ipsec client in windows can be used. I've decided to save bandwith, so i'm runngin this program to remove the l2tp support from the Windows 2000 Client. I'll report if it works out. Thanks either way. Patrick From ken at alpha2.com Thu May 6 09:49:09 2004 From: ken at alpha2.com (Ken Bradford) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] Perl & Pattern Matching Message-ID: <00a101c43370$e8542980$690aa8c0@alpha2.com> Please consider the code: #!/usr/bin/perl # test2 $line1 = "# Set user defined rules"; $line2 = "if \[ -e \/etc\/firestarter\/user-rules \]\; then"; $line3 = "source \/etc\/firestarter\/user-rules"; $firewall_sh = "/etc/firestarter/firewall.sh-test"; open(FILE, $firewall_sh); while(){ if(($_ =~ /$line1/ms) || ($_ =~ /$line2/ms) || ($_ =~ /$line3/ms)){ print "$_"; } } close(FILE); (End of Code) File "/etc/firestarter/firewall.sh-test" contains the following lines (among others): # --------( Initial Setup - External Lists )-------- # Set user defined rules if [ -e /etc/firestarter/user-rules ]; then source /etc/firestarter/user-rules fi But when run, test2 only outputs: [ken@monster ken]$ /usr/libexec/webmin/firestarter/test2 # Set user defined rules source /etc/firestarter/user-rules I _assume_ the problem is the "[" and "]" in $line2. Can they not be escaped? Or perhaps it's some other problem I'm missing? When I print the string out it _looks_ correct. I've also tried using \133 and \135 in place of [ and ]. Again, it _looked_ OK, but still did not match. Ken Bradford Alpha II Service, Inc. From mccune at math.ohio-state.edu Fri May 7 11:41:13 2004 From: mccune at math.ohio-state.edu (Jeff McCune) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] bittrickle/bittorrent In-Reply-To: <20040504000617.20c2a93d.jep200404@columbus.rr.com> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040503145949.5c86dd94.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> <200405031738.04493.rfunk@funknet.net> <409710A7.4060302@osu.edu> <20040504000617.20c2a93d.jep200404@columbus.rr.com> Message-ID: <20040507154113.GB26793@math.ohio-state.edu> On Tue, May 04, 2004 at 12:06:17AM -0400, Jim P enlightened us: > Steve Lefevre wrote: > > > I have a cheap-ass router in between my box and the cable router, > > so I can't open the ports to my machine. > > This is one of the few remaining excuses for > making one's own firewall out of an old junk PC. > Few remaining? I dunno, I have yet to see a cheapo gateway that can do anything close to what netfilter + traffic shaping can do. Regards, -- Jeff McCune System Support OSU Department of Mathematics gpg --keyserver pgp.mit.edu --recv-key BAF3211A -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://www.colug.net/pipermail/colug/attachments/20040507/10686d45/attachment.bin From WKehr at checkfree.com Thu May 6 11:08:00 2004 From: WKehr at checkfree.com (WKehr@checkfree.com) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] A postscript to "The faster machine is the slower?" In-Reply-To: <200405052337.26521.rfunk@funknet.net> Message-ID: Rob replied: >Larry A. Shurr wrote: >> Well, what did I expect for $59? Sometime, I'll pull the motherboard >> and upgrade. > >Or pull the fan and use it in the living room as a media computer. Since the Via chip is the Winchip this should be running quite hot. It's more like "add another fan" -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.colug.net/pipermail/colug/attachments/20040506/8f531f4e/attachment.htm From sjs at khadrin.com Sat May 8 08:10:03 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] BitTorrent *not* useless w/o open ports In-Reply-To: <409A506F.7020800@osu.edu> References: <409A506F.7020800@osu.edu> Message-ID: <1084018203.3916.7.camel@cobra.khadrin.com> On Thu, 2004-05-06 at 10:49, Steve Lefevre wrote: > So I think it has the other people on the network. I don't seem to be > hindered by these ports not being open. In fact it works pretty well. Thanks Steve. I'm sure you are right. I just assumed it was ports not being open when I read it in the FAQ a few days after my failed attempt. It could as easily have been something else even. Probably a dumb question: was your client uploading as well as downloading without opening those ports? -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From pat at linuxcolumbus.com Sat May 8 08:29:19 2004 From: pat at linuxcolumbus.com (pat@linuxcolumbus.com) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] PHP& XHTML problems In-Reply-To: <409BA291.3060405@BaerSolutions.com> References: <409BA291.3060405@BaerSolutions.com> Message-ID: <20040508122919.GL7924@linuxcolumbus.com> On Fri, May 07, 2004 at 10:52:01AM -0400, R. Scott Baer wrote: > I'm trying to develop a page to meet the xhtml transitional specs.. > I've ran into trouble that I hope someone could help me with. > I think I know why its giving the error.. but I'm unsure on how to fix it. > > The system is adding the &PHPSESSID=0179df... to my link: > I know this needs to be &PHPSESESSID=0179df... for it to pass the > validation. > I'm just not sure how to do it. > 1. Hack the php source 2. Do you really need a session? If you do why not use cookies. Pat From sjs at khadrin.com Sat May 8 08:37:40 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] PHP& XHTML problems In-Reply-To: <409BA291.3060405@BaerSolutions.com> References: <409BA291.3060405@BaerSolutions.com> Message-ID: <1084019859.3916.11.camel@cobra.khadrin.com> On Fri, 2004-05-07 at 10:52, R. Scott Baer wrote: > php to print line: > printf("
  • %s",$PHPSELF, > $categorys["id"], $categorys["name"]); urlencode($categorys["id"]) -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From jep200404 at columbus.rr.com Sat May 8 09:43:43 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] PHP& XHTML problems In-Reply-To: <20040508122919.GL7924@linuxcolumbus.com> References: <409BA291.3060405@BaerSolutions.com> <20040508122919.GL7924@linuxcolumbus.com> Message-ID: <20040508094343.11bb5432.jep200404@columbus.rr.com> pat@linuxcolumbus.com wrote: > 2. Do you really need a session? If you do why not use cookies[?] To the latter question: because many people block cookies. Hiding a session ID in a trick URL works even for folks who block cookies. From jep200404 at columbus.rr.com Sat May 8 10:05:03 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] Hi, I'm baaaaaaaaaaaack In-Reply-To: References: Message-ID: <20040508100503.577027e8.jep200404@columbus.rr.com> Peter StJohn wrote: > I"m interested in setting up my own domain. > Steve "Khadrin" seems to think I should omit FTP service; It's perfectly OK to serve FTP. > telnet login telnet should simply not be used because it is insecure. ssh should be used instead of telnet. > FTP is better served via https? FTP and HTTP are fine for downloads. If you are _uploading_ to your server, use scp or rsync -e ssh. There are also issues you did not raise. Be sure to use a _dedicated_ box for your firewall(s). This is something that's been hashed over and over again on this mailing list. http://www.google.com/search?q=site%3Acolug.net+firewall+dedicated Be sure to isolate your server in a DMZ. http://www.google.com/search?q=dmz+network+linux Do whatever Rob Funk recommends. From jep200404 at columbus.rr.com Sat May 8 10:12:20 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:22 2005 Subject: [COLUG] Kib/sec versus KiB/sec In-Reply-To: <409A506F.7020800@osu.edu> References: <409A506F.7020800@osu.edu> Message-ID: <20040508101220.66e10fea.jep200404@columbus.rr.com> On Thu, 06 May 2004 10:49:19 -0400 Steve Lefevre wrote: > The fastest one coming in is currently at 71Kib/sec., observed mas 110KiB/sec. Kib/sec versus KiB/sec These abbreviations, particularly the 'b'/'B' part, are best spelled out. Otherwise we don't know when you are talking about kilobits per second and when you are talking about kilobytes per second. Even if you were careful with capitalization to distinguish between bits and bytes, so many other folks are not, so that we won't know which you meant. 71 kilobits per second is pokey. 71 kilobytes per second is not pokey. From jep200404 at columbus.rr.com Sat May 8 10:22:05 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] running bit torrent server/client on firewall/NAT box: just say NO! In-Reply-To: References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <1083616343.19259.27.camel@cobra.khadrin.com> <8yg7il50.fsf@jonadab.homeip.net> <200405050014.28313.rfunk@funknet.net> Message-ID: <20040508102205.61bf4f73.jep200404@columbus.rr.com> Jonadab the Unsightly One wrote: > Also, if I used a more cutting-edge distro on my NAT boxes, they'd > have a new enough Python that I could run BT on them directly, Your firewall/NAT box should be dedicated to being only a firewall/NAT box. Use a separate box for any servers, such as Bit Torrent. This is something that's been hashed over and over again on this mailing list. http://www.google.com/search?q=site%3Acolug.net+firewall+dedicated Be sure to isolate your (Bit Torrent) server in a DMZ. http://www.google.com/search?q=dmz+network+linux > then pull the file into a local system across the 100BaseT LAN. From pat at linuxcolumbus.com Sat May 8 12:46:56 2004 From: pat at linuxcolumbus.com (pat@linuxcolumbus.com) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] PHP& XHTML problems In-Reply-To: <20040508094343.11bb5432.jep200404@columbus.rr.com> References: <409BA291.3060405@BaerSolutions.com> <20040508122919.GL7924@linuxcolumbus.com> <20040508094343.11bb5432.jep200404@columbus.rr.com> Message-ID: <20040508164656.GM7924@linuxcolumbus.com> On Sat, May 08, 2004 at 09:43:43AM -0400, Jim P wrote: > pat@linuxcolumbus.com wrote: > > > 2. Do you really need a session? If you do why not use cookies[?] > > To the latter question: because many people block cookies. > Hiding a session ID in a trick URL works even for folks who block cookies. 1. Session ID's on the address line are a security problem. 2. They are not search engine friendly. 3. In this day and age blocking all cookies is stupid. Pat From rfunk at funknet.net Sat May 8 12:50:40 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] bittrickle/bittorrent In-Reply-To: <20040507154113.GB26793@math.ohio-state.edu> References: <20040501193917.43ad184a.jep200404@columbus.rr.com> <20040504000617.20c2a93d.jep200404@columbus.rr.com> <20040507154113.GB26793@math.ohio-state.edu> Message-ID: <200405081250.40493.rfunk@funknet.net> Jeff McCune wrote: > Few remaining? I dunno, I have yet to see a cheapo gateway that can do > anything close to what netfilter + traffic shaping can do. The Linksys WRT54G runs Linux, and Linksys provides source code. Therefore it can do netfilter + traffic shaping. Amazon has it for around $75, last I checked. I don't think traffic shaping is accessible with the standrd Linksys firmware though. One organization doing new stuff with the WRT54G firmware is Sveasoft. Their firmware is especially popular with the VoIP people because they give easy access to traffic shaping. There's also an ssh server on there, so you can login and set everything up from the command line rather than being limited to the web interface. Download the latest stable version: ftp://ftp.sveasoft.com/pub/Firmware_Samadhi2_v2_2.00.8.6sv.bin And see their forums: http://www.sveasoft.com/modules/phpBB2/ There are other WRT54G firmware projects with somewhat different goals (to which I can link on request), but that is the only one with both a stable release and active development. Though this one is good for experimentation, since it doesn't replace the Linksys firmware: http://www.batbox.org/wrt54g-linux.html -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From rfunk at funknet.net Sat May 8 13:11:27 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: <20040508100503.577027e8.jep200404@columbus.rr.com> References: <20040508100503.577027e8.jep200404@columbus.rr.com> Message-ID: <200405081311.27313.rfunk@funknet.net> [For some reason I just got a pile of COLUG mail that had accumulated since Thursday.] Jim P wrote: > Peter StJohn wrote: > > I"m interested in setting up my own domain. > > Steve "Khadrin" seems to think I should omit FTP service; > > It's perfectly OK to serve FTP. Depends on what you want to do with it. If you want anonymous file serving, http is better because it's more firewall-friendly. If you want anything non-anonymous, the passwords are sniffable, which of course is bad. If you want authenticated downloads, authenticated https is more firewall-friendly. If you want to use it for uploading, scp or rsync/ssh is better. Ultimately I don't see much point to FTP these days. > > telnet login > > telnet should simply not be used because it is insecure. > ssh should be used instead of telnet. Agreed. > > FTP is better served via https? > > FTP and HTTP are fine for downloads. FTP is better served via http or https. > Do whatever Rob Funk recommends. Um... stand on your head! Now touch your toes! No, don't get back on your feet first! Now sing "O Canada"! What, you don't know it? OK, sing "Blame Canada" instead! Er... nevermind, the power went to my head... If I'm setting up a general-purpose server for a domain (assuming some other machine handles name service), I'll include the following network server programs: Shell access and uploads - openssh (with rsync available, but no rsyncd server running) Web access - Apache Incoming mail service - Postfix IMAP server - Courier IMAP or Binc IMAP (haven't tried Binc yet) SSL support for all of the above (except ssh), mandatory for IMAP. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From rfunk at funknet.net Sat May 8 13:16:41 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] PHP& XHTML problems In-Reply-To: <20040508164656.GM7924@linuxcolumbus.com> References: <409BA291.3060405@BaerSolutions.com> <20040508094343.11bb5432.jep200404@columbus.rr.com> <20040508164656.GM7924@linuxcolumbus.com> Message-ID: <200405081316.41228.rfunk@funknet.net> pat@linuxcolumbus.com wrote: > 1. Session ID's on the address line are a security problem. Depends on the type of checking you do of your sessions. > 2. They are not search engine friendly. No need to publish links that include session IDs. Search engines only care about published links. > 3. In this day and age blocking all cookies is stupid. In this day and age accepting all cookies offered to you is stupid. It makes sense to try a cookie, and if that fails add the session ID to the URL. If nothing else it's nice to support browsers that don't support cookies. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From jep200404 at columbus.rr.com Sat May 8 13:22:09 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] Session IDs in URL are security problem; blocking cookies is stupid In-Reply-To: <20040508164656.GM7924@linuxcolumbus.com> References: <409BA291.3060405@BaerSolutions.com> <20040508122919.GL7924@linuxcolumbus.com> <20040508094343.11bb5432.jep200404@columbus.rr.com> <20040508164656.GM7924@linuxcolumbus.com> Message-ID: <20040508132209.344dd655.jep200404@columbus.rr.com> pat@linuxcolumbus.com wrote: > 1. Session ID's on the address line are a security problem. Please tell us more. There was a presentation that included discussion of sessions way back in August 2002 that might address some of your security concerns. http://www.colug.net/notes/0208mtg/ Rob and Phil, what comments do you have? > 2. They are not search engine friendly. Indeed. Such is the consequence of cookie abuse. What provisions do search engines have for web pages to advise the search engines what part of the URL to pay attention to, and what part to not pay attention to? (perhaps by use of meta tags) A workaround would be to have a web page with links (without session IDs encoded in URL) to all the web pages that one cares to have the indexed by search engines. It wouldn't surprise if better search engines analyze the URL so that when they see something like "&PHPSESSID=0179df...", they know to ignore that part for indexing purposes. It seems that this problem is understood and is at least under study if not already fixed. http://forums.searchenginetrends.com/viewtopic.php?p=325 http://www.google.com/search?q=google+PHPSESSID http://www.highrankings.com/forum/index.php?showtopic=2078 > 3. In this day and age blocking all cookies is stupid. How Web Servers' Cookies Threaten Your Privacy: http://www.junkbusters.com/cookies.html Those of us in the US do not have control over the information that is collected about us like people in Europe have. Cookies have become so heavily abused that many people here in the US have prudently decided to block them. http://www.google.com/search?q=privacy+cookies From rfunk at funknet.net Sat May 8 14:01:10 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] Session IDs in URL are security problem; blocking cookies is stupid In-Reply-To: <20040508132209.344dd655.jep200404@columbus.rr.com> References: <409BA291.3060405@BaerSolutions.com> <20040508164656.GM7924@linuxcolumbus.com> <20040508132209.344dd655.jep200404@columbus.rr.com> Message-ID: <200405081401.10726.rfunk@funknet.net> Jim P wrote: > pat@linuxcolumbus.com wrote: > > 1. Session ID's on the address line are a security problem. > > Rob and Phil, what comments do you have? If the session is matched up with the IP address in the database, and a session isn't allowed to be accessed from a different IP address, that mitigates the security issue. If a session expires after either a set amount of total time or some amount of idle time (measured in minutes or hours, not days), that mitigates the security issue. If either of these measures are followed, session IDs on the address line should be no less secure that session IDs in cookies. And without either of these measures, even cookie session IDs can be somewhat insecure. > > 2. They are not search engine friendly. > > Indeed. Such is the consequence of cookie abuse. > > What provisions do search engines have for web pages > to advise the search engines what part of the URL to > pay attention to, and what part to not pay attention to? > (perhaps by use of meta tags) If you guys are talking about search engines following the web server into a session, with the search engine getting its own session, that's bad. The server should prevent robots from getting a session (e.g. with robots.txt). > How Web Servers' Cookies Threaten Your Privacy: I recently discovered something that others probably realized on their own: the reason news.com changed to news.com.com was so CNet could share cookies between news.com and their other domains, which also got an extra .com added. (Check your cookie lists for ".com.com" cookies.) Disney's go.com is similar. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From rfunk at funknet.net Sat May 8 14:06:10 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] PHP& XHTML problems In-Reply-To: <409BA291.3060405@BaerSolutions.com> References: <409BA291.3060405@BaerSolutions.com> Message-ID: <200405081406.10697.rfunk@funknet.net> R. Scott Baer wrote: > I'm trying to develop a page to meet the xhtml transitional specs.. Is there a reason you need to meet XHTML rather than HTML 4.01? > The system is adding the &PHPSESSID=0179df... to my link: I haven't messed with PHP yet, but it seems to me this is a disadvantage of using a framework that does so much work for you. Wouldn't the easiest solution be to go for strict HTML 4.01? Basically, lower your standards to what PHP can meet. :-) -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From pat at linuxcolumbus.com Sat May 8 18:23:31 2004 From: pat at linuxcolumbus.com (pat@linuxcolumbus.com) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] Session IDs in URL are security problem; blocking cookies is stupid In-Reply-To: <20040508132209.344dd655.jep200404@columbus.rr.com> References: <409BA291.3060405@BaerSolutions.com> <20040508122919.GL7924@linuxcolumbus.com> <20040508094343.11bb5432.jep200404@columbus.rr.com> <20040508164656.GM7924@linuxcolumbus.com> <20040508132209.344dd655.jep200404@columbus.rr.com> Message-ID: <20040508222331.GN7924@linuxcolumbus.com> On Sat, May 08, 2004 at 01:22:09PM -0400, Jim P wrote: > pat@linuxcolumbus.com wrote: > > > 1. Session ID's on the address line are a security problem. > > Please tell us more. > Unless you are using ssl then your sessionid is being passed on the internet in clear text every time you request a page from the web site. > There was a presentation that included discussion of > sessions way back in August 2002 that might address some > of your security concerns. > > http://www.colug.net/notes/0208mtg/ > Not much there, except a lot of bad php code. It is pretty easy to separate code and presentation in php without the use of so called template solutions. > > 3. In this day and age blocking all cookies is stupid. > > How Web Servers' Cookies Threaten Your Privacy: > > http://www.junkbusters.com/cookies.html > > Those of us in the US do not have control over the information > that is collected about us like people in Europe have. > Cookies have become so heavily abused that many > people here in the US have prudently decided to block them. > > http://www.google.com/search?q=privacy+cookies If you don't trust the web site then DON'T GO TO IT. It is that simple. Pat From pat at linuxcolumbus.com Sat May 8 18:25:08 2004 From: pat at linuxcolumbus.com (pat@linuxcolumbus.com) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] Session IDs in URL are security problem; blocking cookies is stupid In-Reply-To: <200405081401.10726.rfunk@funknet.net> References: <409BA291.3060405@BaerSolutions.com> <20040508164656.GM7924@linuxcolumbus.com> <20040508132209.344dd655.jep200404@columbus.rr.com> <200405081401.10726.rfunk@funknet.net> Message-ID: <20040508222508.GO7924@linuxcolumbus.com> On Sat, May 08, 2004 at 02:01:10PM -0400, Rob Funk wrote: > Jim P wrote: > > pat@linuxcolumbus.com wrote: > > > 1. Session ID's on the address line are a security problem. > > > > Rob and Phil, what comments do you have? > > If the session is matched up with the IP address in the database, and a > session isn't allowed to be accessed from a different IP address, that > mitigates the security issue. > So how do you do that if the users are behind a proxy? Not session will have a unique address. Pat From pat at linuxcolumbus.com Sat May 8 18:31:47 2004 From: pat at linuxcolumbus.com (pat@linuxcolumbus.com) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] PHP& XHTML problems In-Reply-To: <200405081316.41228.rfunk@funknet.net> References: <409BA291.3060405@BaerSolutions.com> <20040508094343.11bb5432.jep200404@columbus.rr.com> <20040508164656.GM7924@linuxcolumbus.com> <200405081316.41228.rfunk@funknet.net> Message-ID: <20040508223147.GP7924@linuxcolumbus.com> On Sat, May 08, 2004 at 01:16:41PM -0400, Rob Funk wrote: > pat@linuxcolumbus.com wrote: > > 3. In this day and age blocking all cookies is stupid. > > In this day and age accepting all cookies offered to you is stupid. > I didn't say anything about accepting all cookies. I said blocking all cookies is stupid. I accept cookies from sites I trust. All others are blocked. > It makes sense to try a cookie, and if that fails add the session ID to the > URL. If nothing else it's nice to support browsers that don't support > cookies. Been there, done that. eham.net has been doing it since 1999. Pat From lefevre.10 at osu.edu Sat May 8 18:32:24 2004 From: lefevre.10 at osu.edu (Steve Lefevre) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] BitTorrent *not* useless w/o open ports In-Reply-To: <1084018203.3916.7.camel@cobra.khadrin.com> References: <409A506F.7020800@osu.edu> <1084018203.3916.7.camel@cobra.khadrin.com> Message-ID: <409D5FF8.3030905@osu.edu> Stephen J. Smith wrote: >Thanks Steve. I'm sure you are right. I just assumed it was ports not >being open when I read it in the FAQ a few days after my failed >attempt. It could as easily have been something else even. > >Probably a dumb question: was your client uploading as well as >downloading without opening those ports? > > > Yes it was. There is some built-in anti-leeching in the BT architecture, so you don't get if you don't give. From lefevre.10 at osu.edu Sat May 8 18:33:15 2004 From: lefevre.10 at osu.edu (Steve Lefevre) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] Kib/sec versus KiB/sec In-Reply-To: <20040508101220.66e10fea.jep200404@columbus.rr.com> References: <409A506F.7020800@osu.edu> <20040508101220.66e10fea.jep200404@columbus.rr.com> Message-ID: <409D602B.8090005@osu.edu> Jim P wrote: >On Thu, 06 May 2004 10:49:19 -0400 Steve Lefevre wrote: > > > >>The fastest one coming in is currently at 71Kib/sec., observed mas 110KiB/sec. >> >> > >Kib/sec versus KiB/sec > >These abbreviations, particularly the 'b'/'B' part, are best spelled out. >Otherwise we don't know when you are talking about kilobits per second >and when you are talking about kilobytes per second. Even if you were >careful with capitalization to distinguish between bits and bytes, >so many other folks are not, so that we won't know which you meant. > > > OK, what if *I* don't know which one I meant? ;) From colug at jmglov.net Sat May 8 19:15:33 2004 From: colug at jmglov.net (Josh Glover) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] PHP& XHTML problems In-Reply-To: <20040508164656.GM7924@linuxcolumbus.com> References: <409BA291.3060405@BaerSolutions.com> <20040508122919.GL7924@linuxcolumbus.com> <20040508094343.11bb5432.jep200404@columbus.rr.com> <20040508164656.GM7924@linuxcolumbus.com> Message-ID: <20040508231533.GG24704%jmglov@jmglov.net> Quoth pat@linuxcolumbus.com (Sat 2004-05-08 12:46:56PM -0400): > On Sat, May 08, 2004 at 09:43:43AM -0400, Jim P wrote: > > pat@linuxcolumbus.com wrote: > > > > > 2. Do you really need a session? If you do why not use cookies[?] > > > > To the latter question: because many people block cookies. > > Hiding a session ID in a trick URL works even for folks who block cookies. > > 1. Session ID's on the address line are a security problem. Why? > 2. They are not search engine friendly. This does not seem to be much of an issue if you want to track users' activities, which is typically the prime motivation for requiring session IDs in the first place. > 3. In this day and age blocking all cookies is stupid. I certainly block most. If a site that I really trust *and* want to use absolutely requires cookies, then and only then do I allow them, and I still instruct my browser to let me know about cookie-related activity. -- Josh Glover GPG keyID 0xDE8A3103 (C3E4 FA9E 1E07 BBDB 6D8B 07AB 2BF1 67A1 DE8A 3103) gpg --keyserver pgp.mit.edu --recv-keys DE8A3103 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://www.colug.net/pipermail/colug/attachments/20040508/17963243/attachment.bin From brucehohl at yahoo.com Sat May 8 21:11:09 2004 From: brucehohl at yahoo.com (Bruce Hohl) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] HP officejet 4100 printer printing question In-Reply-To: <33034.170.148.10.23.1083868463.squirrel@webmail.percipia.com> Message-ID: <20040509011109.2839.qmail@web13121.mail.yahoo.com> > I recently bought HP office jet 4100 all-in-one > printer. I was not able to print color document in > black & white, its always printing color. > You could always print to pdf (pdf printer) using a black & white driver then print the black & which pdf file. Maybe the color documents be printed in black & white if you remove the color cartridge? __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover From blitz at post891.org Sat May 8 20:33:13 2004 From: blitz at post891.org (Patrick Blitz) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: <200405081311.27313.rfunk@funknet.net> References: <20040508100503.577027e8.jep200404@columbus.rr.com> <200405081311.27313.rfunk@funknet.net> Message-ID: <1084062793.1179.1.camel@amon> On Sat, 2004-05-08 at 19:11, Rob Funk wrote: > SSL support for all of the above (except ssh), mandatory for IMAP. *lol* The Idea of an ssh without ssl or an ssh tunneld through an ssl (when ssh is allowed an you're just connecting to one other machine) seems really funny :-) From rfunk at funknet.net Sun May 9 02:44:03 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:23 2005 Subject: [COLUG] Session IDs in URL are security problem; blocking cookies is stupid In-Reply-To: <20040508222508.GO7924@linuxcolumbus.com> References: <409BA291.3060405@BaerSolutions.com><20040508164656.GM7924@linuxcolumbus.com><20040508132209.344dd655.jep200404@columbus.rr.com><200405081401.10726.rfunk@funknet.net> <20040508222508.GO7924@linuxcolumbus.com> Message-ID: <32804.151.144.89.46.1084085043.squirrel@www.gcfn.net> pat@linuxcolumbus.com wrote: > On Sat, May 08, 2004 at 02:01:10PM -0400, Rob Funk wrote: >> If the session is matched up with the IP address in the database, and a >> session isn't allowed to be accessed from a different IP address, that >> mitigates the security issue. > > So how do you do that if the users are behind a proxy? Not session will > have a unique address. Who said anything about requiring a unique address for each session? I'd just require that a session not change its address. It doesn't matter if other sessions have the same address. In the case of a proxy, others using the same proxy and the same session ID can still get through, which is one reason I said "mitigates" rather than "eliminates", and a reason one might not want this to be the only anti-session-stealing measure. Adding session expiration helps, and if that isn't enough for you then there are other measures. Of course, after a certain point just adding SSL solves most of the problems. -- ==============================| "A microscope locked in on one point Rob Funk |Never sees what kind of room that it's in" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From rfunk at funknet.net Sun May 9 03:08:35 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] HP officejet 4100 printer printing question In-Reply-To: <33034.170.148.10.23.1083868463.squirrel@webmail.percipia.com> References: <4095AE15.2060205@columbus.rr.com><4095C82B.70902@columbus.rr.com><200405030147.59358.rfunk@funknet.net><200405030224.18989.rfunk@funknet.net><4099A8C6.20706@columbus.rr.com> <33034.170.148.10.23.1083868463.squirrel@webmail.percipia.com> Message-ID: <32872.151.144.89.46.1084086515.squirrel@www.gcfn.net> Sundaram Ramasamy wrote: > I recently bought HP office jet 4100 all-in-one printer. I was not able to > print color document in block & white, its always printing color. Does it do PostScript directly, or are you using ghostscript to convert PostScript for that printer. (In other words, what printer driver are you using on Linux?) Some PostScript code may help either way. When I used to print to double-sided PostScript printers, I had a script that would send a brief "setpagedevice" directive that turned off double-sided printing before sending the file to print, in case I wanted something single-sided. There may be a "setpagedevice" PostScript directive that will turn off color printing. Another possibility is to force everything into PostScript level 1 (which doesn't do color) before sending it to the printer. Ghostscript includes a "ps2ps" script that can do this. ps2ps -dLanguageLevel=1 input.ps output.ps or as a filter from stdin to stdout: gs -q -sDEVICE=pswrite -sOutputFile=- \ -dNOPAUSE -dBATCH -dSAFER -dLanguageLevel=1 - There also appears to be a "setcolorspace" operator that may help, but I don't have my PostScript books handy right now to look that up. -- ==============================| "A microscope locked in on one point Rob Funk |Never sees what kind of room that it's in" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From dshermin at ameritech.net Sun May 9 19:16:36 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG]Knoppix In-Reply-To: <20040508132209.344dd655.jep200404@columbus.rr.com> References: <409BA291.3060405@BaerSolutions.com> <20040508122919.GL7924@linuxcolumbus.com> <20040508094343.11bb5432.jep200404@columbus.rr.com> <20040508164656.GM7924@linuxcolumbus.com> <20040508132209.344dd655.jep200404@columbus.rr.com> Message-ID: As anyone seen a local site to download Knoppix 3.4. It came out on May 4, 2004. To download it would take me 33 hours on my DSL connection. Thanks From blata at extent0006.entomology.ohio-state.edu Sun May 9 20:38:27 2004 From: blata at extent0006.entomology.ohio-state.edu (Wade Pinkston) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG]Knoppix In-Reply-To: References: <409BA291.3060405@BaerSolutions.com> <20040508122919.GL7924@linuxcolumbus.com> <20040508094343.11bb5432.jep200404@columbus.rr.com> <20040508164656.GM7924@linuxcolumbus.com> <20040508132209.344dd655.jep200404@columbus.rr.com> Message-ID: <409ECF03.4000803@bugs.osu.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I will have it at ftp://bugs.osu.edu/pub/Linux/Knoppix in about 20 mins You wrote this to me on 05/09/2004 07:16 PM: |As anyone seen a local site to download Knoppix 3.4. It came out on |May 4, 2004. To download it would take me 33 hours on my DSL |connection. | |Thanks | |_______________________________________________ |colug mailing list |colug@colug.net |http://www.colug.net/mailman/listinfo/colug - -- Wade Pinkston The Ohio State University Extension Entomology 1991 Kenny Rd Columbus OH 43210 phone: (614) 292-5274 Ipsa scientia potestas est Windows,a 32 bit graphical interface for a 16 bit patch to an 8 bit operating system internally coded for a 4 bit processor written by a 2 bit company that can't stand 1 bit of competition GnuPG Key ID 0x216FDD35 gpg --keyserver pgp.mit.edu --recv-keys 216FDD35 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAns8Dv+6+qSFv3TURApHTAJoCRGy1Hf/WSuSXH8hV/G8klB7DpwCgpWqp IzNwUT3IIWe038iIcB7xqZ8= =jMPW -----END PGP SIGNATURE----- From rfunk at funknet.net Mon May 10 00:07:32 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG]Knoppix In-Reply-To: References: <409BA291.3060405@BaerSolutions.com> <20040508132209.344dd655.jep200404@columbus.rr.com> Message-ID: <200405100007.32647.rfunk@funknet.net> David Sherman wrote: > As anyone seen a local site to download Knoppix 3.4. It came out on > May 4, 2004. To download it would take me 33 hours on my DSL > connection. You can get it by Bittorrent at: http://torrent.unix-ag.uni-kl.de:6969/ It's generally pretty quick that way, often going the maximum speed of your last-mile connection. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From dshermin at ameritech.net Mon May 10 07:03:02 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG]Knoppix In-Reply-To: <200405100007.32647.rfunk@funknet.net> References: <409BA291.3060405@BaerSolutions.com> <20040508132209.344dd655.jep200404@columbus.rr.com> <200405100007.32647.rfunk@funknet.net> Message-ID: Thanks for the link. On Mon, 10 May 2004 00:07:32 -0400, you wrote: >David Sherman wrote: >> As anyone seen a local site to download Knoppix 3.4. It came out on >> May 4, 2004. To download it would take me 33 hours on my DSL >> connection. > >You can get it by Bittorrent at: > http://torrent.unix-ag.uni-kl.de:6969/ > >It's generally pretty quick that way, often going the maximum speed of your >last-mile connection. From dshermin at ameritech.net Mon May 10 07:04:54 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG]Knoppix In-Reply-To: References: <409BA291.3060405@BaerSolutions.com> <20040508122919.GL7924@linuxcolumbus.com> <20040508094343.11bb5432.jep200404@columbus.rr.com> <20040508164656.GM7924@linuxcolumbus.com> <20040508132209.344dd655.jep200404@columbus.rr.com> Message-ID: Thanks for Wade Pinkston and Rob Funk for prividing 2 good links for Knoppix 3.4 On Sun, 09 May 2004 19:16:36 -0400, you wrote: >As anyone seen a local site to download Knoppix 3.4. It came out on >May 4, 2004. To download it would take me 33 hours on my DSL >connection. > >Thanks > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug From ken at alpha2.com Mon May 10 09:15:28 2004 From: ken at alpha2.com (Ken Bradford) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] Perl & Pattern Matching In-Reply-To: <00a101c43370$e8542980$690aa8c0@alpha2.com> Message-ID: <050c01c43690$dd514d60$690aa8c0@alpha2.com> > -----Original Message----- > From: colug-bounces@colug.net [mailto:colug-bounces@colug.net]On Behalf > Of Ken Bradford > Sent: Thursday, May 06, 2004 9:49 AM > To: COLUG > Subject: [COLUG] Perl & Pattern Matching > I _assume_ the problem is the "[" and "]" in $line2. Can they not be > escaped? Or perhaps it's some other problem I'm missing? When I print the > string out it _looks_ correct. I've also tried using \133 and > \135 in place > of [ and ]. Again, it _looked_ OK, but still did not match. I finally figured out I had to double escape the "[" and "]" (and the same for "(" and ")" ) for a search, so if I do a search and replace (if I don't find it) I need 2 different strings: $original = "# --------\\( Initial Setup - External Lists \\)--------"; $search2 = "if \\[ -e \/etc\/firestarter\/user-rules \\]\; then"; and $replace1 = "# --------\( Initial Setup - External Lists \)--------\n"; $replace4 = "if \[ -e \/etc\/firestarter\/user-rules \]\; then\n"; Can anyone explain to me _why_ I need to double escape? Ken Bradford Alpha II Service, Inc. From mchenrytech at wideopenwest.com Mon May 10 10:44:23 2004 From: mchenrytech at wideopenwest.com (mchenrytech@wideopenwest.com) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] "Vote For Me" - off topic Message-ID: <20040510134740.M54260@wideopenwest.com> Off topic but fun. I was at "2Cos" last night for the Jazz Poetry Ensemble "Vote For Me" tour and immediately thought of the group here. You guys might like this. It's actually put together by my old boss at the post production company I was the Engineer for. He's the trombone player in the bunch as well as the poetry reader. Interesting political poetry and Jazz mix. Sort of a Fusion sound I suppose you could call it. Anyway, here's the link to the information. http://www.shadowboxcabaret.com/2cos/spec_events/jazzpoetry.asp I'll probably be video taping the next show on the 30th so come on down. There is a cover charge so beware. Poetry ranges from a little, to all the way on the left. Republicans and Hawks be warned. Sean McHenry From sjs at khadrin.com Mon May 10 10:11:30 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] Perl & Pattern Matching In-Reply-To: <050c01c43690$dd514d60$690aa8c0@alpha2.com> References: <050c01c43690$dd514d60$690aa8c0@alpha2.com> Message-ID: <1084198290.21998.26.camel@cobra.khadrin.com> On Mon, 2004-05-10 at 09:15, Ken Bradford wrote: > I finally figured out I had to double escape the "[" and "]" (and the same > for "(" and ")" ) for a search, so if I do a search and replace (if I don't > find it) I need 2 different strings: > > $original = "# --------\\( Initial Setup - External Lists \\)--------"; > $search2 = "if \\[ -e \/etc\/firestarter\/user-rules \\]\; then"; Hmm, I know more or less. Didn't occur to me when you first posed the question unfortunately. =( First, I had a question: does it matter if the regular expression is contained in a string literal or a variable? I does not. I included a quick debug session that proves this near the bottom of this message. Interpreting the backslashes in your expression is done twice by two different "things" (wish I had a better word). First, backslash escaping is done to determine the sequence of characters that make up the string. This converts sequences such as "\\" and "\n" into a single backslash and a newline respectively. During this stage, a backslash in front of a character with no special meaning is silently dropped. Thus "\[" becomes '['. But wait a minute, doesn't "\[" have a special meaning? It does to the regular expression engine, but not in the context of getting characters into a string. No escaping is required to get a '[' character into a string! This reminds me of the special mechanism required to get a '%' character past printf() in C. Why wouldn't "\%" work? It is easy to get a % character into a string. In fact there are two ways: "\%" and "%". printf() does processing on the contents of the string. Only in the context of a printf() is '%' a special character, so printf() needs to provide a way to indicate a literal '%'. You may remember that it is necessary to use "%%" for a literal '%' in the context of printf(). printf() _could_ have been designed to recognize "\%", in which case you would need to use "\\%" when initializing the format argument for printf(). Hard to say which is better/less confusing. Hope that helps. [sjs@cobra tmp]$ perl -d -e 1 Loading DB routines from perl5db.pl version 1.19 Editor support available. Enter h or `h h' for help, or `man perldebug' for more help. main::(-e:1): 1 DB<1> $txt = "[]" DB<2> print "match\n" if ($txt =~ "\[\]") Unmatched [ in regex; marked by <-- HERE in m/[ <-- HERE ]/ at (eval 20)[/usr/lib/perl5/5.8.0/perl5db.pl:17] line 2. eval '($@, $!, $^E, $,, $/, $\\, $^W) = @saved;package main; $^D = $^D | $DB::db_stop; print "match\\n" if ($txt =~ "\\[\\]"); ;' called at /usr/lib/perl5/5.8.0/perl5db.pl line 17 DB::eval called at /usr/lib/perl5/5.8.0/perl5db.pl line 1323 DB::DB called at -e line 1 DB<3> print "match\n" if ($txt =~ "\\[\\]") match DB<4> print "match\n" if ($txt =~ "\\[\]") match DB<5> q -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From sjs at khadrin.com Mon May 10 10:23:54 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] BitTorrent *not* useless w/o open ports In-Reply-To: <409D5FF8.3030905@osu.edu> References: <409A506F.7020800@osu.edu><409D5FF8.3030905@osu.edu> Message-ID: <1084199033.21998.30.camel@cobra.khadrin.com> On Sat, 2004-05-08 at 18:32, Steve Lefevre wrote: > >Probably a dumb question: was your client uploading as well as > >downloading without opening those ports? > > > Yes it was. There is some built-in anti-leeching in the BT architecture, > so you don't get if you don't give. Hmm...that's what I remember too. One more question: is it possible that your download speeds were similar because of good karma you built up through previous runs? -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From lefevre.10 at osu.edu Mon May 10 10:57:24 2004 From: lefevre.10 at osu.edu (Steve Lefevre) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] BitTorrent *not* useless w/o open ports In-Reply-To: <1084199033.21998.30.camel@cobra.khadrin.com> References: <409A506F.7020800@osu.edu> <409D5FF8.3030905@osu.edu> <1084199033.21998.30.camel@cobra.khadrin.com> Message-ID: <409F9854.8070201@osu.edu> Stephen J. Smith wrote: >Hmm...that's what I remember too. > >One more question: is it possible that your download speeds were similar >because of good karma you built up through previous runs? > > > Do you mean on a spiritual level, or technological? ;) The tech answer is 'no'. It's only based on your current session. From ken at alpha2.com Mon May 10 11:02:50 2004 From: ken at alpha2.com (Ken Bradford) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] Perl & Pattern Matching In-Reply-To: <1084198290.21998.26.camel@cobra.khadrin.com> Message-ID: <000b01c4369f$dca64280$690aa8c0@alpha2.com> > -----Original Message----- > From: colug-bounces@colug.net [mailto:colug-bounces@colug.net]On Behalf > Of Stephen J. Smith > Sent: Monday, May 10, 2004 10:12 AM > > > First, I had a question: does it matter if the regular expression is > contained in a string literal or a variable? I does not. I included a > quick debug session that proves this near the bottom of this message. > > Interpreting the backslashes in your expression is done twice by two > different "things" (wish I had a better word). First, backslash > escaping is done to determine the sequence of characters that make up > the string. This converts sequences such as "\\" and "\n" into a single > backslash and a newline respectively. During this stage, a backslash in > front of a character with no special meaning is silently dropped. Thus > "\[" becomes '['. But wait a minute, doesn't "\[" have a special > meaning? It does to the regular expression engine, but not in the > context of getting characters into a string. No escaping is required to > get a '[' character into a string! So I don't neet to escape the special characters for use in the replacement string? > > This reminds me of the special mechanism required to get a '%' character > past printf() in C. Why wouldn't "\%" work? It is easy to get a % > character into a string. In fact there are two ways: "\%" and "%". > printf() does processing on the contents of the string. Only in the > context of a printf() is '%' a special character, so printf() needs to > provide a way to indicate a literal '%'. You may remember that it is > necessary to use "%%" for a literal '%' in the context of printf(). > printf() _could_ have been designed to recognize "\%", in which case you > would need to use "\\%" when initializing the format argument for > printf(). Hard to say which is better/less confusing. > > Hope that helps. Yes, somewhat anyway I think, but... > > [sjs@cobra tmp]$ perl -d -e 1 > >main::(-e:1): 1 > DB<1> $txt = "[]" > > DB<4> print "match\n" if ($txt =~ "\\[\]") > match > Why does this one still match, and more to the point, in my debug (walking through your example) why does _this_ match: DB<6> print "match\n" if($txt =~ "\\[]") match Ken Bradford Alpha II Service, Inc. From sjs at khadrin.com Mon May 10 11:47:35 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] Perl & Pattern Matching In-Reply-To: <000b01c4369f$dca64280$690aa8c0@alpha2.com> References: <000b01c4369f$dca64280$690aa8c0@alpha2.com> Message-ID: <1084204055.21998.82.camel@cobra.khadrin.com> On Mon, 2004-05-10 at 11:02, Ken Bradford wrote: > > [sjs@cobra tmp]$ perl -d -e 1 > > > >main::(-e:1): 1 > > DB<1> $txt = "[]" > > > > DB<4> print "match\n" if ($txt =~ "\\[\]") > > match > > > Why does this one still match, and more to the point, in my debug (walking > through your example) why does _this_ match: > > DB<6> print "match\n" if($txt =~ "\\[]") > match True predicates in perl: ("[" eq '[') ("\[" eq '[') ("\\[" eq '\[') So the test on line DB<4> and the test on line DB<6> are testing exactly the same string! The other thing that is going on is that Perl's RE engine is being smart. It doesn't require you to escape ']' unless it has already seen an unescaped '[', but it does _allow_ you to escape it. Single quotes _may_ allow you to write your expressions with fewer backslashes. Experiment (the debugger is great for this), read the docs, and have fun. > Ken Bradford > Alpha II Service, Inc. > > > _______________________________________________ > colug mailing list > colug@colug.net > http://www.colug.net/mailman/listinfo/colug Just a tip you may or may not know: if the first part of your signature is "-- ", then most mail clients will automatically trim everything after it from replies. I find it convenient. -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From ken at alpha2.com Mon May 10 12:22:18 2004 From: ken at alpha2.com (Ken Bradford) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] Perl & Pattern Matching In-Reply-To: <1084204055.21998.82.camel@cobra.khadrin.com> Message-ID: <001601c436aa$f6732ce0$690aa8c0@alpha2.com> > -----Original Message----- > From: Stephen J. Smith [mailto:sjs@khadrin.com] > Sent: Monday, May 10, 2004 11:48 AM > > On Mon, 2004-05-10 at 11:02, Ken Bradford wrote: > > > [sjs@cobra tmp]$ perl -d -e 1 > > > > > >main::(-e:1): 1 > > > DB<1> $txt = "[]" > > > > > > DB<4> print "match\n" if ($txt =~ "\\[\]") > > > match > > > > > Why does this one still match, and more to the point, in my > debug (walking > > through your example) why does _this_ match: > > > > DB<6> print "match\n" if($txt =~ "\\[]") > > match > > True predicates in perl: > ("[" eq '[') > ("\[" eq '[') > ("\\[" eq '\[') > > So the test on line DB<4> and the test on line DB<6> are testing exactly > the same string! > > The other thing that is going on is that Perl's RE engine is being > smart. It doesn't require you to escape ']' unless it has already seen > an unescaped '[', but it does _allow_ you to escape it. Ohhh, that clears it up. > > Single quotes _may_ allow you to write your expressions with fewer > backslashes. Experiment (the debugger is great for this), read the > docs, and have fun. > Yes, thank you. Ken Bradford Alpha II Service, Inc. From sjs at khadrin.com Mon May 10 13:31:15 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] BitTorrent *not* useless w/o open ports In-Reply-To: <409F9854.8070201@osu.edu> References: <409A506F.7020800@osu.edu> <409D5FF8.3030905@osu.edu> <409F9854.8070201@osu.edu> Message-ID: <1084210275.21998.240.camel@cobra.khadrin.com> On Mon, 2004-05-10 at 10:57, Steve Lefevre wrote: > Stephen J. Smith wrote: > > >Hmm...that's what I remember too. > > > >One more question: is it possible that your download speeds were similar > >because of good karma you built up through previous runs? > > > Do you mean on a spiritual level, or technological? ;) Good one, lol. > The tech answer is 'no'. It's only based on your current session. BitTorrent is way more interesting than I would have guessed (it sounds so simple). I just read "Incentives Build Robustness in BitTorrent"[1]. I think one could do a really interesting presentation on this stuff. Maybe the Prisoner's Dilemma[2] applies to Free Software vs. proprietary software development. So I gather that by not opening the ports I am preventing other clients from finding me for trade, possibly to my detriment. However I am still able to make connections with clients that have their ports open, and trade with them. [1] http://bitconjurer.org/BitTorrent/bittorrentecon.pdf [2] http://en.wikipedia.org/wiki/Prisoner%27s_dilemma -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From jep200404 at columbus.rr.com Mon May 10 13:41:23 2004 From: jep200404 at columbus.rr.com (Jim P) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] Layered Quoting and Escaping of Strings In-Reply-To: <000b01c4369f$dca64280$690aa8c0@alpha2.com> References: <1084198290.21998.26.camel@cobra.khadrin.com> <000b01c4369f$dca64280$690aa8c0@alpha2.com> Message-ID: <20040510134123.36323e45.jep200404@columbus.rr.com> Ken struck upon an enduring issue of strings, the special meaning that characters in them can have, and how to quote and escape characters to take away their special meaning. He wrote: > Why does this one still match, and more to the point, in my debug (walking > through your example) why does _this_ match: > > DB<6> print "match\n" if($txt =~ "\\[]") > match Dunno, but I can offer more general advice about these kinds of issues. First think of the ultimate use of a string and what characters you want to feed it, and how some special characters need to escaped to be handled differently. A single program (such as a Perl script) might have more than one ultimate use and hence different ways of using strings. For example, in one place your Perl script needs a regular expression. Regular expressions have complicated baroque ways of using strings. A replacement string in the same Perl script could be a different ultimate use with different special characters that could need (or in your case, perhaps _not_ need) escaping. Next, now that you know what string you want for some ultimate use, you have to follow the quoting/escaping conventions to get the desired characters into the string. echo is a useful tool for seeing how the shell handles command line arguments: echo $PWD echo "$PWD" echo '$PWD' echo [a-z]* echo "[a-z]*" echo '[a-z]*' echo $PWD/[a-z]* echo "$PWD/[a-z]*" echo '$PWD/[a-z]*' When you have layers of programs feeding strings to one to another, it becomes very confusing. First, you have to understand each layer well separately. Second, you have to think about how to "wrap" the layer around each other. E.g. once you figure out what string you want Perl to use for a regular expression, then you figure out how to quote and escape that on a command line. If you had a shell script shown on a web page, you might have yet another layer of quoting and escaping. Each layer of quoting and escaping can use different special characters, different quoting rules and different escaping rules. Start with the simple, progress to the complex. Make many many small experiments (like the echo commands above), going back and forth between experiments and Reading Rhe F'ing Manuals. Have a reasonable understanding of each layer before trying to layer them. From rfunk at funknet.net Mon May 10 13:51:45 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:24 2005 Subject: [COLUG] Layered Quoting and Escaping of Strings In-Reply-To: <20040510134123.36323e45.jep200404@columbus.rr.com> References: <1084198290.21998.26.camel@cobra.khadrin.com> <000b01c4369f$dca64280$690aa8c0@alpha2.com> <20040510134123.36323e45.jep200404@columbus.rr.com> Message-ID: <200405101351.45134.rfunk@funknet.net> Jim P wrote: > Each layer of quoting and escaping can use different special > characters, different quoting rules and different escaping rules. One thing that often helps is to get in the habit of using the type of quoting that does the least interpretation (single quotes in perl and shell) unless you need more interpretation. That way you reduce confusion caused by the extra layer of interpretation. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From ken at alpha2.com Mon May 10 14:32:14 2004 From: ken at alpha2.com (Ken Bradford) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Layered Quoting and Escaping of Strings In-Reply-To: <200405101351.45134.rfunk@funknet.net> Message-ID: <004401c436bd$1d669f00$690aa8c0@alpha2.com> > -----Original Message----- > From: colug-bounces@colug.net [mailto:colug-bounces@colug.net]On Behalf > Of Rob Funk > Sent: Monday, May 10, 2004 1:52 PM > > Jim P wrote: > > Each layer of quoting and escaping can use different special > > characters, different quoting rules and different escaping rules. > > One thing that often helps is to get in the habit of using the type of > quoting that does the least interpretation (single quotes in perl and > shell) unless you need more interpretation. That way you reduce > confusion > caused by the extra layer of interpretation. > Very good points by both of you. Had I the foresight to consider Rob's point before he made it, I might have saved some time (but loss some understanding.) Debug based on Rob's suggestion: DB<1> $txt = "[]" DB<8> print "match\n" if($txt =~ '\[]') match DB<9> print "match\n" if($txt =~ "\[]") Unmatched [ in regex; marked by <-- HERE in m/[ <-- HERE ]/ at (eval 15) Thanks, everyone. Ken Bradford Alpha II Service, Inc. From sjs at khadrin.com Tue May 11 08:00:19 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Perl & Pattern Matching In-Reply-To: <1084204055.21998.82.camel@cobra.khadrin.com> References: <000b01c4369f$dca64280$690aa8c0@alpha2.com> <1084204055.21998.82.camel@cobra.khadrin.com> Message-ID: <1084276818.23804.2.camel@cobra.khadrin.com> On Mon, 2004-05-10 at 11:47, Stephen J. Smith wrote: > Single quotes _may_ allow you to write your expressions with fewer > backslashes. The quotemeta() function may be useful to you for the same purpose. I was reminded of it just now while looking through the docs for Template::Toolkit. -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From archanoid at columbus.rr.com Tue May 11 12:14:07 2004 From: archanoid at columbus.rr.com (archanoid@columbus.rr.com) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Firewalls Message-ID: <103d9eb10374b4.10374b4103d9eb@columbus.rr.com> Hey all. We are changing our Internet connection from a T1 to a 2MB Ethernet feed and I wish to use a Linux (or BSD) based firewall. I am soliciting your suggestions on viable projects. I use LEAF/Bering at home and am happy with it but think for the production office environment I might like a little more. www.sentryfirewall.com looks like it has potential. www.astaro.com looks nice, but is a pay option and the way money is allocated around here, well, makes paid for options greatly sub-optimal unfortunately. Anyway, I am also looking for suggestions on what kind of hardware suggestions you have for handling the load. I want a central box to be a stateful firewall with squid + squidGuard (or similar), future options for IPSec VPN, and virus filtering of SMTP and HTTP traffic. My desired layout is as follows (here's hoping this comes through without getting mangled): |------- INTERNET -------| ^ | | v (a) (b) /----------\ (c) /-->| FIREWALL |<--\ | \----------/ | | ^ (d) | v | v |--DMZ--| | |--LAN2--| | v |--LAN1--| (a) is 2MB Ethernet (10MB throttled) (b),(c), and (d) are 100MB Ethernet I imagine a lot of traffic flowing between (b), (c), and (d). The system set aside for this purpose is an HP NetServer 800 (P3 800Mhz w/ 512MB RAM, seven PCI slots, two 64-bit). I think it should be capable of keeping up with the load, but if anybody has experience as to its utility in this role I would appreciate hearing from you. Thanks, -Aaron From jep200404 at columbus.rr.com Tue May 11 14:22:13 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Firewalls In-Reply-To: <103d9eb10374b4.10374b4103d9eb@columbus.rr.com> References: <103d9eb10374b4.10374b4103d9eb@columbus.rr.com> Message-ID: <20040511142213.54df559a.jep200404@columbus.rr.com> Spiderman wrote: > I wish to use > a Linux (or BSD) based firewall. > The system ... P3 800Mhz w/512MB RAM > I think it should be capable of keeping > up with the load, but if anybody has > experience as to its utility in this role > I would appreciate hearing from you. An old Compaq 80486 DX2/66 with 16MB RAM, used as a firewall/NAT box passed 1Mbyte/s over 10Base-T. In other words, a 66MHz '486 filled up a 10Base-T pipe. That should give you a very rough feel for how much your box can huff through. Of course, for your situation, the heavy traffic will be between the 100Mbit/s networks behind the internet. My gut feeling is that your box will suffice. The only benchmark that will be definitive, is to just go ahead and try it. The web proxy, should likely run on a box other than the firewall, probably on a box in the DMZ. Jim W gave a presentation on Squid, http://www.colug.net/pipermail/colug/2002-March/001909.html but I don't see his notes: http://www.colug.net/presentations/ How much do LAN1 and LAN2 need to be separated? From archanoid at columbus.rr.com Tue May 11 15:48:45 2004 From: archanoid at columbus.rr.com (archanoid@columbus.rr.com) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Firewalls Message-ID: <104744c1043229.1043229104744c@columbus.rr.com> jep200404@columbus.rr.com wrote: > > An old Compaq 80486 DX2/66 with 16MB RAM, used as > a firewall/NAT box passed 1Mbyte/s over 10Base-T. > In other words, a 66MHz '486 filled up a 10Base-T > pipe. That should give you a very rough feel for > how much your box can huff through. Of course, > for your situation, the heavy traffic will be > between the 100Mbit/s networks behind the > internet. My gut feeling is that your box will > suffice. The only benchmark that will be > definitive, is to just go ahead and try it. > I checked it a little closer and it's actually an 866Mhz P3. > The web proxy, should likely run on a box other > than the firewall, probably on a box in the DMZ. > I don't want to do this. I understand the idea is to have as little as possible running on the actual firewall box. And I figure the only open port on its outside interface will be ssh. In the DMZ, there will be a web server (or two), an e-mail server, an FTP server, and a Citrix MetaFrame server. There will be a lot of traffic between at least one web server in the DMZ and a database server in LAN1. There is also a lot of traffic between e-mail clients in LAN1 and the server in the DMZ. Furthermore, there is a server in LAN2 that will be periodically accessed from LAN1 and clients in LAN2 that will send/receive a lot of large files via FTP and e-mail. I expect a lot of traffic between the three internal zones. > Jim W gave a presentation on Squid, > I should've come to that. I've been using Squid for a while now. Presently use 2.4.STABLE4 with plans on upgrading to 2.5.STABLE5 this weekend. We've been using it with squidGuard, ncsa_auth, and sarg (log parser) for some time. I always liked squid. > > How much do LAN1 and LAN2 need to be separated? > Ahh, well. LAN2 is a Mac network with AppleTalk running on it. And LAN1 still has a legacy NetWare 3.x box so has IPX broadcasting up a storm on it. I have to keep IPX and AppleTalk on their own broadcast domains or things get too noisy. Of course, IP being the tie that binds, the firewall/gateway-box need only speak it. Thanks for your input... -Aaron From skippy at skippy.net Tue May 11 16:37:19 2004 From: skippy at skippy.net (Scott Merrill) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Firewalls In-Reply-To: <104744c1043229.1043229104744c@columbus.rr.com> References: <104744c1043229.1043229104744c@columbus.rr.com> Message-ID: <35378.216.136.35.122.1084307839.squirrel@www.skippy.net> archanoid@columbus.rr.com said: > I checked it a little closer and it's actually an 866Mhz P3. Our firewall is a P3 800 MHz machine with 128 MB RAM. It runs a minimal install of Red Hat 7.2, the latest version of Shorewall, the Poptop PPTP server, and OpenVPN. It provides IP masq for about 40 PCs, all of who hammer on our DMZ mail server all day long. >> The web proxy, should likely run on a box other >> than the firewall, probably on a box in the DMZ. >> > > I don't want to do this. I understand the idea is to have as little as > possible running on the actual firewall box. And I figure the only open > port on its outside interface will be ssh. Squid and Shorewall get along well: http://www.shorewall.net/Shorewall_Squid_Usage.html Jim's advice to seperate proxying from firewalling is sound. Your questions about sizing the box lend even more weight to Jim's argument: if you're really concerned about performance, do what you can to ensure that the firewall never becomes your bottleneck. > There will be a lot of traffic between at least one > web server in the DMZ and a database server in LAN1. There is also a lot > of traffic between e-mail clients in LAN1 and the server in the DMZ. Will the traffic from your LAN1 to the DMZ web server be proxied? Define "a lot" of email traffic. How many users? > Furthermore, there is a server in LAN2 that will be periodically accessed > from LAN1 and clients in LAN2 that will send/receive a lot of large files > via FTP and e-mail. I expect a lot of traffic between the three internal > zones. >> How much do LAN1 and LAN2 need to be separated? >> > > Ahh, well. LAN2 is a Mac network with AppleTalk running on it. And LAN1 > still has a legacy NetWare 3.x box so has IPX broadcasting up a storm on > it. I have to keep IPX and AppleTalk on their own broadcast domains or > things get too noisy. Of course, IP being the tie that binds, the > firewall/gateway-box need only speak it. Do you need LAN1 and LAN2 firewalled from one another, or would simple routing do the trick? From archanoid at columbus.rr.com Tue May 11 17:15:27 2004 From: archanoid at columbus.rr.com (archanoid@columbus.rr.com) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Firewalls Message-ID: <104b8141047a11.1047a11104b814@columbus.rr.com> Scott Merrill wrote: > > Our firewall is a P3 800 MHz machine with 128 MB > RAM. It runs a minimalinstall of Red Hat 7.2, the > latest version of Shorewall, the Poptop PPTP > server, and OpenVPN. It provides IP masq for > about 40 PCs, all of who hammer on our DMZ mail > server all day long. Ahh, thank you. That gives me a good bit of context. We have about the same number of PCs on site. > > Jim's advice to seperate proxying from firewalling > is sound. Your questions about sizing the box > lend even more weight to Jim's argument: if > you're really concerned about performance, do what > you can to ensure that the firewall never becomes > your bottleneck. These are good points. Partly, we are re-purposing some systems and the current proxying is taking place on the mail server, which is struggling under the load of 50 users, 15GB of e-mail storage, 1000's of spam e-mails a day, and squid. Also, something in me can't stand the notion of IP traffic being routed out one port just to be routed back in. It's a useless hop and if the gateway device can handle the load, it's a natural part of a firewall's job to be more than just a packet firewall but also an application firewall, which is what a proxy largely is. > > Will the traffic from your LAN1 to the DMZ web > server be proxied? Possibly, but not necessarily. The idea is to have a layer of rules. Packets coming in may or may not need to go through the application level firewall. They may be passed out of the firewall at a lower level. > Define "a lot" of email traffic. How many users? > Sorry. 50-60 active users. 100 Mailboxes. Some people have multiple mailboxes. 15GB of current storage used on a ~ 30 GB partition. We have a printing & graphics division using Macs who send and receive large (> 100MB) files via e-mail and FTP (usually FTP when they're THAT big). > > Do you need LAN1 and LAN2 firewalled from one > another, or would simple routing do the trick? Routing handles it. There's no real need to firewall them. But, again, that gets at what I consider a basic in-out rule on the firewall. If it comes in eth3 and is destined for eth2, rule match, pass it. If not, it passes up the stream into other firewall processes to determine what action to take. I suppose I could set up an additional PII box to route between LAN2 and LAN1, but then, I get back to my silly hatred of unnecessary hops. Every time a LAN2 Mac user needs something off the FTP server, it's got two hops, extra lag, and an additional point of failure. It also means any time a PC in LAN1 needs to access the server in LAN2, it needs another route instead of one default route. Most of our end users run Windows 2000 now; but, there are still a few older Win98 boxes. Multiple routes is a pain in my rear on those. No, I'd rather keep it on a single "traffic cop" if possible. I think the machine is up to the task, mind you. I am looking for folks who can back up my belief or debunk it. Overall, I keep thinking the PCI bus is the likeliest bottleneck, but have no metrics to back up that gut feeling. -Aaron From drlinux at columbus.rr.com Tue May 11 17:39:39 2004 From: drlinux at columbus.rr.com (Dave Reed) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] OT: Vonage VOIP service? Message-ID: <200405111739.39089.drlinux@columbus.rr.com> Has anyone here tried Vonage's VOIP phone service? If so, does it work well? Any issues with TW RoadRunner? Is the only way to use multiple phones to get a cordless phone base that has multiple receivers? I assume the "soft phone" feature isn't available for Linux - is that true? For those interested, here's their web site. http://www.vonage.com/rate.php Note: I have no connection to Vonage, just been hearing a lot about them and saw their "phone adapter" in Circuit City the other day so I'm curious. Dave From rfunk at funknet.net Tue May 11 18:24:48 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Firewalls In-Reply-To: <103d9eb10374b4.10374b4103d9eb@columbus.rr.com> References: <103d9eb10374b4.10374b4103d9eb@columbus.rr.com> Message-ID: <200405111824.48831.rfunk@funknet.net> archanoid@columbus.rr.com wrote: > Anyway, I am also looking for suggestions on what > kind of hardware suggestions you have for handling > the load. I want a central box to be a stateful > firewall with squid + squidGuard (or similar), future > options for IPSec VPN, and virus filtering of SMTP and > HTTP traffic. Virus filtering should be on the mail server, not the firewall. It's a matter of what network layer the information is in. And quoting from a subsequent message: > I don't want to do this. I understand the idea is to have as little as > possible running on the actual firewall box. And I figure the only open > port on its outside interface will be ssh. > > In the DMZ, there will be a web server (or two), an e-mail server, an FTP > server, and a Citrix MetaFrame server. > > There will be a lot of traffic between at least one > web server in the DMZ and a database server in LAN1. There is also a lot > of traffic between e-mail clients in LAN1 and the server in the DMZ. What's serving the inside and what's serving the outside? You mention a web server and mail server; are those open to the outside in addition to ssh? Servers that are serving only the inside should not be on the same subnet as servers serving the outside. I'd suggest breaking things up a bit more. > My desired layout is as follows (here's hoping this comes through without getting mangled): Heh, Kmail didn't mangle it until I started my reply.... I think I'm able to fix it though. > |------- INTERNET -------| > ^ > | > | > v (a) > (b) /----------\ (c) > /-->| FIREWALL |<--\ > | \----------/ | > | ^ (d) | > v | v > |--DMZ--| | |--LAN2--| > | > v > |--LAN1--| > > (a) is 2MB Ethernet (10MB throttled) > (b),(c), and (d) are 100MB Ethernet > > > I imagine a lot of traffic flowing > between (b), (c), and (d). How about between (a) and the others? Have you ever written firewall rules for a four-legged firewall? Three is doable but somewhat complex, but the complexity increases exponentially as you add legs. You might consider an alternate architecture using multiple routers. That reduces firewall complexity and allows you to tune things properly for each area. I'm thinking something like this, with a traditional DMZ, three separate routers, and a balance between hop count and security: Internet | v /-------\ |router1| \-------/ ^ | +----->DMZ (external servers: mail, web, ftp) | v /-------\ |router2|<---->middle database server (needs to talk to web server) \-------/ ^ | +---->Internal Servers (Citrix, database, web proxy) | v /-------\ |router3| (must be fast, but can be simple; maybe a cheap Cisco) \-------/ ^ ^ | | | | | \---->LAN2 \------->LAN1 You mentioned the concept of "single point of failure". With your "one big box" scenario, that's exactly what you have, and it's bad. If that one big box fails, you've lost all connections between subnets. With my architecture, if any one router fails, you still have connectivity between other subnets. You also don't need to worry about weird routing configuration on Windows boxes; just set their default gateway to router3. -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From neverhome at gmx.net Tue May 11 20:22:17 2004 From: neverhome at gmx.net (Ralf) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] OT: Vonage VOIP service? In-Reply-To: <200405111739.39089.drlinux@columbus.rr.com> References: <200405111739.39089.drlinux@columbus.rr.com> Message-ID: <200405112022.17580.neverhome@gmx.net> Hi Dave, I haven't used Vonage and I am interested in hearing comments, too. However, if you are just looking for a way to make inexpensive phone calls and want to be reachable by a normal PODS phone, you should take a look at bigzoo.com. That way you don't need to use the internet and don't have to buy special hardware. I myself am currently using Nikotel with the BudgetTone SIP Phone. It works pretty well, as long as I don't power download the latest and greatest ISOs of the Linux world. But as soon as I used all my credits on Nikotel I will use Bigzoo.com for my long distance phone calls exclusively and probably use the SIP phone with Free Wold Dial-up. - Ralf On Tuesday 11 May 2004 5:39 pm, Dave Reed wrote: > Has anyone here tried Vonage's VOIP phone service? > > If so, does it work well? > > Any issues with TW RoadRunner? > > Is the only way to use multiple phones to get a cordless phone base > that has multiple receivers? > > I assume the "soft phone" feature isn't available for Linux - is that > true? > > For those interested, here's their web site. > > http://www.vonage.com/rate.php > > Note: I have no connection to Vonage, just been hearing a lot about > them and saw their "phone adapter" in Circuit City the other day so > I'm curious. > > Dave > > > > _______________________________________________ > colug mailing list > colug@colug.net > http://www.colug.net/mailman/listinfo/colug From jep200404 at columbus.rr.com Tue May 11 20:40:54 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Use a dedicated box for a firewall In-Reply-To: <104b8141047a11.1047a11104b814@columbus.rr.com> References: <104b8141047a11.1047a11104b814@columbus.rr.com> Message-ID: <20040511204054.61965ffe.jep200404@columbus.rr.com> Spiderman wrote: > Scott Merrill wrote: > > Jim's advice to seperate proxying from firewalling > > is sound. Your questions about sizing the box > > lend even more weight to Jim's argument: if > > you're really concerned about performance, do what > > you can to ensure that the firewall never becomes > > your bottleneck. > > These are good points. Partly, we are re-purposing some systems > and the current proxying is taking place on the mail server, > which is struggling under the load of 50 users, 15GB of e-mail > storage, 1000's of spam e-mails a day, and squid. > > Also, something in me can't stand the notion of IP traffic > being routed out one port just to be routed back in. Don't let that get in the way of security. > It's a useless hop and if the gateway device can handle the load, > it's a natural part of a firewall's job to be more than just a > packet firewall but also an application firewall, > which is what a proxy largely is. Your sentiments are a variation on a familiar theme that we see every month or two on the list. http://www.google.com/search?q=site%3Acolug.net+firewall+dedicated Please review previous threads. The purpose of using doing only firewall/NAT stuff in the firewall is to maintain security. Every service you add to the firewall is another opportunity for a security exploit. When the servers are isolated to the DMZ, then _when_ they are compromised, they have only compromised that server and don't have access to your private LAN. If that server had been running on your firewall, your whole network would be compromised. Think compartmentalization. Having a firewall in your car adds cost and weight. Cars run just fine without firewalls, and firewalls in cars are rarely used. Nonetheless, it's a slam dunk decision that cars must have firewalls. You need to cultivate the same attitude about network firewalls. Your chances of having a server compromised are much greater than having an engine fire. Protect your company's network by dedicating to the firewall to just being a firewall. > I think the machine is up to the task, mind you. It doesn't matter how powerful the machine is, or how much you cringe wasting unused capacity in the firewall. The recommended practice is very clear: Dedicate a separate box for the firewall. From jep200404 at columbus.rr.com Tue May 11 20:54:28 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] normal PODS phone In-Reply-To: <200405112022.17580.neverhome@gmx.net> References: <200405111739.39089.drlinux@columbus.rr.com> <200405112022.17580.neverhome@gmx.net> Message-ID: <20040511205428.09c7c91d.jep200404@columbus.rr.com> Ralf wrote: > normal PODS phone What does PODS mean? I didn't find an answer with Google. I've heard of POT for Plain Old Telephone. From rfunk at funknet.net Tue May 11 21:43:48 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Use a dedicated box for a firewall In-Reply-To: <20040511204054.61965ffe.jep200404@columbus.rr.com> References: <104b8141047a11.1047a11104b814@columbus.rr.com> <20040511204054.61965ffe.jep200404@columbus.rr.com> Message-ID: <200405112143.48228.rfunk@funknet.net> Jim wrote: > The purpose of using doing only firewall/NAT stuff in the firewall > is to maintain security. Every service you add to the firewall > is another opportunity for a security exploit. When the servers > are isolated to the DMZ, then _when_ they are compromised, > they have only compromised that server and don't have access > to your private LAN. If that server had been running on your > firewall, your whole network would be compromised. I think it's important to keep in mind the difference between services accessible from the outside and services only accessible from the inside. If everything is configured correctly (which can be a challenge in the original one-box proposal), putting an outgoing web proxy on the firewall machine may not be a bad thing... unless you want to protect against insiders cracking the firewall machine. There's not much an outsider can do against a squid daemon if squid isn't listening on the outside. Of course, an insider might be able to break into it, or a squid problem might take down the whole box, or squid might just be the straw that breaks the back of the complex configuration of the do-it-all machine. In the example network configuration I gave, an argument could be made for putting the web proxy on one of the inner routers, but I would argue against it for complexity and performance issues. > Your chances of having a server compromised are much greater > than having an engine fire. Protect your company's network > by dedicating to the firewall to just being a firewall. Yes, but keep in mind that an application proxy pointed in the proper direction can be an important component of a firewall. I'd be more flexible about this than, say, putting an external web server on the firewall. > > I think the machine is up to the task, mind you. > > It doesn't matter how powerful the machine is, > or how much you cringe wasting unused capacity in the firewall. Hey, why not use this 850MHz machine for squid, and use a lighter machine for the firewall/router(s). -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From colug at jmglov.net Tue May 11 22:17:41 2004 From: colug at jmglov.net (Josh Glover) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] normal PODS phone In-Reply-To: <20040511205428.09c7c91d.jep200404@columbus.rr.com> References: <200405111739.39089.drlinux@columbus.rr.com> <200405112022.17580.neverhome@gmx.net> <20040511205428.09c7c91d.jep200404@columbus.rr.com> Message-ID: <20040512021741.GA16857%jmglov@jmglov.net> Quoth Jim (Tue 2004-05-11 08:54:28PM -0400): > Ralf wrote: > > > normal PODS phone > > What does PODS mean? I didn't find an answer with Google. > I've heard of POT for Plain Old Telephone. Which is almost certainly what he meant. :) POTS is the telecomm industry's acronym for Plain Old Telephone Service, as opposed to something more fancy like ISDN. -- Josh Glover GPG keyID 0xDE8A3103 (C3E4 FA9E 1E07 BBDB 6D8B 07AB 2BF1 67A1 DE8A 3103) gpg --keyserver pgp.mit.edu --recv-keys DE8A3103 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://www.colug.net/pipermail/colug/attachments/20040511/ea8eb04b/attachment.bin From neverhome at gmx.net Wed May 12 01:02:32 2004 From: neverhome at gmx.net (Ralf) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] normal PODS phone In-Reply-To: <20040511205428.09c7c91d.jep200404@columbus.rr.com> References: <200405111739.39089.drlinux@columbus.rr.com> <200405112022.17580.neverhome@gmx.net> <20040511205428.09c7c91d.jep200404@columbus.rr.com> Message-ID: <200405120102.32818.neverhome@gmx.net> On Tuesday 11 May 2004 8:54 pm, Jim wrote: > Ralf wrote: > > normal PODS phone > > What does PODS mean? I didn't find an answer with Google. > I've heard of POT for Plain Old Telephone. > > _______________________________________________ > colug mailing list > colug@colug.net > http://www.colug.net/mailman/listinfo/colug My bad. I did mean POT for plain old telephone. - Ralf From dshermin at ameritech.net Wed May 12 08:19:53 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:25 2005 Subject: [COLUG] Novell Anyone going to download this? In-Reply-To: <20020918000732.I3047@linuxcolumbus.com> References: <20020918022923.GB29495@quillandmouse.com> <20020918000732.I3047@linuxcolumbus.com> Message-ID: Beginning May 14, current Evolution users will be able to download Connector for Microsoft Exchange Server for no charge at http://www.novell.com/products/connector/download.html." From jep200404 at columbus.rr.com Wed May 12 08:46:22 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Journaling Filesystem Performance Tests Message-ID: <20040512084622.36cb0849.jep200404@columbus.rr.com> Someone was asking about journaling filesystems. http://linuxgazette.net/102/piszcz.html From sjs at khadrin.com Wed May 12 08:53:12 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Novell Anyone going to download this? In-Reply-To: References: <20020918022923.GB29495@quillandmouse.com> <20020918000732.I3047@linuxcolumbus.com> Message-ID: <1084366392.28469.33.camel@cobra.khadrin.com> On Wed, 2004-05-12 at 08:19, David Sherman wrote: > Beginning May 14, current Evolution users will be able to download > Connector for Microsoft Exchange Server for no charge at > http://www.novell.com/products/connector/download.html." More importantly, it's GPL now [1]. Free as in gratis is ok, free as in freedom is awesome. I don't have a need for it at the moment, but otherwise I would be pretty excited. [1] http://cvs.gnome.org/viewcvs/evolution-exchange/ -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From kb8rln at penguinmaster.com Wed May 12 09:06:56 2004 From: kb8rln at penguinmaster.com (Richard Rager) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Journaling Filesystem Performance Tests In-Reply-To: <20040512084622.36cb0849.jep200404@columbus.rr.com> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> Message-ID: Look like jfs wins Richard Rager Microsoft New Program Infinite Perpetual Patch Program (IPPP) On Wed, 12 May 2004, Jim wrote: > Someone was asking about journaling filesystems. > > http://linuxgazette.net/102/piszcz.html > _______________________________________________ > colug mailing list > colug@colug.net > http://www.colug.net/mailman/listinfo/colug > From jeffrey at tadlocks.net Wed May 12 09:18:27 2004 From: jeffrey at tadlocks.net (Jeffrey Tadlock) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Novell Anyone going to download this? In-Reply-To: References: <20020918022923.GB29495@quillandmouse.com> <20020918000732.I3047@linuxcolumbus.com> Message-ID: <20040512131827.GB24834@tadlocks.net> On Wed, May 12, 2004 at 08:19:53AM -0400, David Sherman wrote: > Beginning May 14, current Evolution users will be able to download > Connector for Microsoft Exchange Server for no charge at > http://www.novell.com/products/connector/download.html." I will be grabbing it as soon as it comes out... I am rather anxious to try it out and see how it goes. The timing is great as I just got the boss to start dual booting SuSE on his laptop. With this piece he will have his calendar and ability to schedule meeting requests with the other managers while he is booted into Linux at work. /jft From jep200404 at columbus.rr.com Wed May 12 09:30:07 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Novell Anyone going to download this? In-Reply-To: <1084366392.28469.33.camel@cobra.khadrin.com> References: <20020918022923.GB29495@quillandmouse.com> <20020918000732.I3047@linuxcolumbus.com> <1084366392.28469.33.camel@cobra.khadrin.com> Message-ID: <20040512093007.07cd44a9.jep200404@columbus.rr.com> "Stephen J. Smith" wrote: > On Wed, 2004-05-12 at 08:19, David Sherman wrote: > > Evolution users will be able to download > > Connector for Microsoft Exchange Server > More importantly, it's GPL now [1]. > Free as in gratis is ok, free as in > freedom is awesome. As long as it does not infringe any patents; then GPL goes poof. From blata at extent0006.entomology.ohio-state.edu Wed May 12 09:39:42 2004 From: blata at extent0006.entomology.ohio-state.edu (Wade Pinkston) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Journaling Filesystem Performance Tests In-Reply-To: References: <20040512084622.36cb0849.jep200404@columbus.rr.com> Message-ID: <40A2291E.3090200@bugs.osu.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The data does look convincing but don't go jumping to conclusions. Justin makes no mention of the variance in his averages. And no mention of any statistical analysis of the data. He did perform an excellent experiment but with out proper analysis it doesn't mean much. I have asked him for the analysis or at least the raw numbers so that an analysis can be performed. Mostly cause I need to flex thous atrophy mus cells but I am jenuanly interested in weather there are significant differences in the times. Richard Rager spewed verbiage on 05/12/2004 09:06 AM: | Look like jfs wins | | | Richard Rager | | Microsoft New Program | | Infinite Perpetual Patch Program (IPPP) | | On Wed, 12 May 2004, Jim wrote: | | |>Someone was asking about journaling filesystems. |> |>http://linuxgazette.net/102/piszcz.html |>_______________________________________________ |>colug mailing list |>colug@colug.net |>http://www.colug.net/mailman/listinfo/colug |> | | _______________________________________________ | colug mailing list | colug@colug.net | http://www.colug.net/mailman/listinfo/colug - -- Wade Pinkston The Ohio State University Extension Entomology 1991 Kenny Rd Columbus OH 43210 phone: (614) 292-5274 Ipsa scientia potestas est -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAoikdv+6+qSFv3TURAjJkAJ9UV7XwPmOAr587ugWaDHIKVXwUHQCfXn8J gkO/F0z9fBWal+YTdXV+15s= =QKHu -----END PGP SIGNATURE----- From jonadab at bright.net Wed May 12 09:44:38 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: <200405081311.27313.rfunk@funknet.net> References: <20040508100503.577027e8.jep200404@columbus.rr.com> <200405081311.27313.rfunk@funknet.net> Message-ID: Rob Funk writes: > > It's perfectly OK to serve FTP. > > Depends on what you want to do with it. Agreed. FTP tends to be a script-kiddie-magnet, so there are certain things you don't want to do with it. Number one is, you don't want a directory that's both readable and writable for the anonymous user. It's okay to serve FTP if you're aware of these issues. Of course, the next question is, is it *necessary* to serve ftp? The fewer services you run, the simpler your system is to maintain and secure. If you do want ftp, I recommend proftpd. But (as with anything) don't run it if you don't actually have any need for it. > If you want anonymous file serving, http is better because it's more > firewall-friendly. This is true for downloads. It used to be that most clients didn't support resuming large downloads in progress (whereas, a lot of ftp clients did), but with things like wget and various GUI download managers being fairly common these days, that's become mostly a non-issue IMO. For uploads, ftp *may* still be worth supporting, depending on who your users are and what they're comfortable with. I have to keep an ftp server installed on at least one system at work so that I can transfer things to the VMS system, which has an ftp client but AFAIK no ssl-anything. (I don't have to leave the ftp server _running_ all the time though; I can turn it on just when I need to use it and stop it when I'm done.) > If you want anything non-anonymous, the passwords are sniffable, Definitely something to be aware of. You probably don't want your ftp users to have (via the same account) access to anything much besides ftp, and that only to designated directories. This helps limit the dammage a sniffed password can do. > which of course is bad. Less bad IMO than telnet, because you can restrict the account used for ftp so that it can't do anything much, but with telnet that would defeat the point of having the service. Thus I consider it more important to phase out telnet in favor of ssh, and less important to phase out ftp. I have seen systems where a system-administrative password is used for ftp. That's plusungood. Don't set it up that way. > it for uploading, scp or rsync/ssh is better. Better, but less well understood in the population at large still, and less well supported on some platforms. If you have the luxury of getting all your users to learn to use scp, by all means, do that. > Ultimately I don't see much point to FTP these days. I only use it to support users who aren't comfortable with more modern ways of transferring things and systems that don't have modern software. Actually, what I usually use for uploads is... downloading. That is, on the "client" system I stick the thing in a "temp" dir served out by Apache, then I ssh into the system I want to "upload" to and retrieve it with wget. But scp is probably actually a better option in most cases, certainly in many cases. Transferring a file with scp has fewer steps than my method, for one thing. One disadvantage of scp for me is that I don't know how to resume large transfers in-progress with it (is this possible?), which can be a problem if I'm transferring stuff over my dialup connection to or from home, which is one reason I use the method I do. Another reason is habbit -- I didn't know about scp when I started doing it this way. Also, some non-*nix systems I work with have an ssh client installed (because I installed it) but no obvious way to do scp. Systems with openssl/openssh don't generally have this problem, since they almost always have scp. The downloading solution that I use presumes that any system I'd want to send a file to has an ssh server, of course, but perhaps more significantly it requires any system I'd want to send a file *from* to have Apache (or an open fileshare... another can of worms) and not be behind NAT (unless a port is forwarded there); otherwise I have to do two transfers, first to a reachable system and from there to the destination. I think scp shares the former requirement, but it is certainly free of the latter. And of course scp encrypts the file in transit, which ftp and http don't (though https does, but I don't run mod_ssl in most cases since I usually don't need it). Usually the files I'm transferring don't have enough need for privacy that this matters at all, but YMMV. Oh, and my method only works if all the users who are authorized to upload anything are also authorized to have shell access. I really only use this method *myself*, when *I* am uploading. (Doesn't scp share this restriction, though? I'm not totally sure, but I think so.) For situations where untrusted persons need to be able to upload, you probably either want a web-based upload facility or ftp with a write-only directory. (PAUSE (the facility for uploading Perl modules and stuff to the CPAN) has both, and users can pick. If they use the ftp method, they then have to go to a web page and confirm that they were the one who sent the file before it is moved to its real destination. With the web-based (https) upload, the additional confirmation step is not required because the user is logged in (which I assume uses a cookie). There's also a third option, wherein the ftp user goes to the website and submits a URI that points to the file hosted elsewhere and PAUSE retrieves it. You doubtless don't need all three options for most domains; PAUSE is fairly high-traffic, as it feeds a system of dozens of mirrors.) -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From jonadab at bright.net Wed May 12 09:53:15 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG]Knoppix In-Reply-To: References: <409BA291.3060405@BaerSolutions.com> <20040508122919.GL7924@linuxcolumbus.com> <20040508094343.11bb5432.jep200404@columbus.rr.com> <20040508164656.GM7924@linuxcolumbus.com> <20040508132209.344dd655.jep200404@columbus.rr.com> Message-ID: David Sherman writes: > As anyone seen a local site to download Knoppix 3.4. It came out on > May 4, 2004. To download it would take me 33 hours on my DSL > connection. Hey, that's less than half as long as it took me over shared dialup. (I think I started on Thursday evening and it finished Sunday afternoon, but part of that time the connection as down; actually, my whole LAN was down for several hours on Friday due to a local power outage.) -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From sjs at khadrin.com Wed May 12 09:54:39 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Novell Anyone going to download this? In-Reply-To: <20040512093007.07cd44a9.jep200404@columbus.rr.com> References: <20020918022923.GB29495@quillandmouse.com> <20020918000732.I3047@linuxcolumbus.com> <1084366392.28469.33.camel@cobra.khadrin.com> <20040512093007.07cd44a9.jep200404@columbus.rr.com> Message-ID: <1084370079.28469.40.camel@cobra.khadrin.com> On Wed, 2004-05-12 at 09:30, Jim wrote: > "Stephen J. Smith" wrote: > > More importantly, it's GPL now [1]. > > Free as in gratis is ok, free as in > > freedom is awesome. > > As long as it does not infringe any patents; then GPL goes poof. True I guess. It probably does infringe some patent though. The patent situation is sad. Regardless, since it is GPL it will be coming soon to your favorite distro. It probably won't make it into FC2, but there are already packages available so it shouldn't be hard to find. -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From jonadab at bright.net Wed May 12 10:07:25 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Perl & Pattern Matching In-Reply-To: <050c01c43690$dd514d60$690aa8c0@alpha2.com> References: <050c01c43690$dd514d60$690aa8c0@alpha2.com> Message-ID: <65b1buxu.fsf@jonadab.homeip.net> "Ken Bradford" writes: > > I _assume_ the problem is the "[" and "]" in $line2. Can they not > > be escaped? Or perhaps it's some other problem I'm missing? When I > > print the string out it _looks_ correct. I've also tried using > > \133 and \135 in place of [ and ]. Again, it _looked_ OK, but > > still did not match. > > I finally figured out I had to double escape the "[" and "]" (and > the same for "(" and ")" ) for a search, so if I do a search and > replace (if I don't find it) I need 2 different strings: > > Can anyone explain to me _why_ I need to double escape? As someone else noted, it's because the first backslash gets the second one into the string, and that one (being present in the string) is functioning as part of the regular expression. In general, using double-quoted strings as regular expressions is problematic. This is also true in other languages that have both string escapes and regular expressions (e.g., elisp). There's a *reason* Perl provides /foo/ syntax for regular expressions (and qr/foo/ syntax for regular expressions specified ahead of time and used later). If at all possible, you should avoid constructions like $x =~ "foo" and $re = "foo" and instead use ones more like $x =~ /foo/ and $re = qr/foo/ Athough, in your script, you might be able to just replace =~ with eq and get what you want. You don't seem to be using any of the features of the regular expression engine at all, unless your example code is deliberately stripped of them. HTH.HAND. -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From jep200404 at columbus.rr.com Wed May 12 10:15:10 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Variance of Successful Tests In-Reply-To: <40A2291E.3090200@bugs.osu.edu> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> <40A2291E.3090200@bugs.osu.edu> Message-ID: <20040512101510.46899d15.jep200404@columbus.rr.com> Wade Pinkston wrote: > Justin makes no mention of the variance in his averages. Well, if one only does something once, there is no variance. Remember Pons and Fleischman motto: "Never repeat a successful experiment" From whooper at freeshell.org Wed May 12 10:21:25 2004 From: whooper at freeshell.org (William Hooper) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Novell Anyone going to download this? In-Reply-To: <1084370079.28469.40.camel@cobra.khadrin.com> References: <20020918022923.GB29495@quillandmouse.com> <20020918000732.I3047@linuxcolumbus.com> <1084366392.28469.33.camel@cobra.khadrin.com> <20040512093007.07cd44a9.jep200404@columbus.rr.com> <1084370079.28469.40.camel@cobra.khadrin.com> Message-ID: <3944.209.239.137.147.1084371685.squirrel@209.239.137.147> Stephen J. Smith said: > Regardless, since it is GPL it will be coming soon to your favorite > distro. It probably won't make it into FC2, The absolute Devel freeze for FC2 was almost a week ago. It will not be in FC2. > but there are already > packages available so it shouldn't be hard to find. https://bugzilla.fedora.us/show_bug.cgi?id=1590 -- William Hooper From doug at hunley.homeip.net Wed May 12 10:33:48 2004 From: doug at hunley.homeip.net (Douglas J Hunley) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Re: OT: Vonage VOIP service? In-Reply-To: <200405111739.39089.drlinux@columbus.rr.com> References: <200405111739.39089.drlinux@columbus.rr.com> Message-ID: <200405121033.50526.doug@hunley.homeip.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Reed wrote: > Has anyone here tried Vonage's VOIP phone service? I have it. I'm in Hilliard. I have WOW (same as TW). Works GREAT! Just make sure you have QoS and ToS running on your firewall so you dont kill a phone connection by downloading something ;) > Is the only way to use multiple phones to get a cordless phone base > that has multiple receivers? no. What I did was disconnect the PNI, and routed it to the Cisco ATA that Vonage sent me. That way every phone jack in the house goes through Vonage. Works like a charm > I assume the "soft phone" feature isn't available for Linux - is that > true? dont know anything about the soft phone. have no need for it... - -- Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778 http://doug.hunley.homeip.net && http://www.linux-sxs.org Transvestite: n. - A guy who likes to eat, drink, and be Mary -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAojXM2MO5UukaubkRAvANAJ962RHQHXLSxeynxpBVw22SrudA9gCfXcOM ZZxPkGobC48gBiTFoEh9lVw= =W+Yh -----END PGP SIGNATURE----- From jep200404 at columbus.rr.com Wed May 12 10:48:40 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Journaling Filesystem Performance Tests Journal In-Reply-To: <40A2291E.3090200@bugs.osu.edu> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> <40A2291E.3090200@bugs.osu.edu> Message-ID: <20040512104840.4c0aa6b0.jep200404@columbus.rr.com> Wade Pinkston wrote: > The data does look convincing but don't go jumping to conclusions. > Justin makes no mention of the variance in his averages. And no mention > of any statistical analysis of the data. He did perform an excellent > experiment but with out proper analysis it doesn't mean much. More seriously, think of this as an opportunity to do it "right". Go ahead and run your own experiments, documenting every step of the way, even publishing images of your Journaling Filesystem Performance Tests Journal. From kb8rln at penguinmaster.com Wed May 12 11:04:46 2004 From: kb8rln at penguinmaster.com (Richard Rager) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Journaling Filesystem Performance Tests In-Reply-To: <40A2291E.3090200@bugs.osu.edu> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> <40A2291E.3090200@bugs.osu.edu> Message-ID: On Wed, 12 May 2004, Wade Pinkston wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have asked him for the analysis or at least the raw numbers so that an > analysis can be performed. Mostly cause I need to flex thous atrophy > mus cells but I am jenuanly interested in weather there are significant > differences in the times. > I do agree but after Calualus I learn on thing. There are lie, damm lies and statistics. Enjoy, Richard Rager From colug at jmglov.net Wed May 12 14:05:00 2004 From: colug at jmglov.net (Josh Glover) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Journaling Filesystem Performance Tests In-Reply-To: References: <20040512084622.36cb0849.jep200404@columbus.rr.com> Message-ID: <1297.24.123.50.150.1084385100.squirrel@mail.jmglov.net> Quoth Richard Rager: > On Wed, 12 May 2004, Jim wrote: > >> Someone was asking about journaling filesystems. >> >> http://linuxgazette.net/102/piszcz.html > > Look[s] like jfs wins I read these benchmarks, and a previous set that were on Slashdot, and I stand by this partitioning scheme: /dev/hda1 on /boot type ext2 (defaults) [ *** not usually mounted *** ] [ /dev/hda2 on swap type swap (swap) ] /dev/hda3 on / type reiserfs (rw,noatime) /dev/hda5 on /opt type xfs (rw,noatime) /dev/hda6 on /scratch type ext2 (rw,noatime) /dev/hda7 on /tmp type ext2 (rw,noatime) /dev/hda8 on /usr type xfs (rw,noatime) /dev/hda9 on /var type xfs (rw,noatime) /dev/hda10 on /home type xfs (rw,noatime) /dev/hda11 on /data type xfs (rw,noatime) Reiserfs does very well with many small files, making it ideal for the / partition, which contains /etc. I use ext2 for all of my partitions that do not require a journal (which includes /boot since it is only mounted when I am ready to copy a new bzImage onto it and edit the grub.conf), and XFS for the others because of its speed when handling large files. If I had more experience running JFS, I would probably use it instead of XFS for all but my /data partition, which houses digitised multimedia of all varieties, hence the need for a filesystems that blazes on large files. The 'noatime' option on most of my filesystems turns up updating of access time, which I do not need, thus giving me a bit of a speed boost. -- Josh Glover GPG keyID 0xDE8A3103 (C3E4 FA9E 1E07 BBDB 6D8B 07AB 2BF1 67A1 DE8A 3103) gpg --keyserver pgp.mit.edu --recv-keys DE8A3103 From skippy at skippy.net Wed May 12 14:12:29 2004 From: skippy at skippy.net (Scott Merrill) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Journaling Filesystem Performance Tests In-Reply-To: <1297.24.123.50.150.1084385100.squirrel@mail.jmglov.net> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> <1297.24.123.50.150.1084385100.squirrel@mail.jmglov.net> Message-ID: <36927.216.136.35.122.1084385549.squirrel@www.skippy.net> Josh Glover said: > /dev/hda1 on /boot type ext2 (defaults) [ *** not usually mounted *** ] > [ /dev/hda2 on swap type swap (swap) ] > /dev/hda3 on / type reiserfs (rw,noatime) > /dev/hda5 on /opt type xfs (rw,noatime) > /dev/hda6 on /scratch type ext2 (rw,noatime) > /dev/hda7 on /tmp type ext2 (rw,noatime) > /dev/hda8 on /usr type xfs (rw,noatime) > /dev/hda9 on /var type xfs (rw,noatime) > /dev/hda10 on /home type xfs (rw,noatime) > /dev/hda11 on /data type xfs (rw,noatime) Do you use /opt or /data instead of /usr/local for those programs you compile from source? I know, _everything_ is compiled from source for you Gentoo users; but I'm curious where you stick things that don't come via e-build. From colug at jmglov.net Wed May 12 14:24:55 2004 From: colug at jmglov.net (Josh Glover) Date: Sat Jan 8 01:35:26 2005 Subject: [COLUG] Journaling Filesystem Performance Tests In-Reply-To: <36927.216.136.35.122.1084385549.squirrel@www.skippy.net> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> <1297.24.123.50.150.1084385100.squirrel@mail.jmglov.net> <36927.216.136.35.122.1084385549.squirrel@www.skippy.net> Message-ID: <3764.24.123.50.150.1084386295.squirrel@mail.jmglov.net> Quoth Scott Merrill: > Josh Glover said: > >> /dev/hda1 on /boot type ext2 (defaults) [ *** not usually mounted *** ] >> [ /dev/hda2 on swap type swap (swap) ] >> /dev/hda3 on / type reiserfs (rw,noatime) >> /dev/hda5 on /opt type xfs (rw,noatime) >> /dev/hda6 on /scratch type ext2 (rw,noatime) >> /dev/hda7 on /tmp type ext2 (rw,noatime) >> /dev/hda8 on /usr type xfs (rw,noatime) >> /dev/hda9 on /var type xfs (rw,noatime) >> /dev/hda10 on /home type xfs (rw,noatime) >> /dev/hda11 on /data type xfs (rw,noatime) > > Do you use /opt or /data instead of /usr/local for those programs you > compile from source? > > I know, _everything_ is compiled from source for you Gentoo users; but I'm > curious where you stick things that don't come via e-build. /usr/local, which is correct, according to the FHS[1], and is also the default for those packages which use Autotools, which is most packages these days. :) /opt is for binary packages, and /data is reserved for things like digital photos, music, movies, ISOs, etc. Large files. [1] http://www.pathname.com/fhs/ -- Josh Glover GPG keyID 0xDE8A3103 (C3E4 FA9E 1E07 BBDB 6D8B 07AB 2BF1 67A1 DE8A 3103) gpg --keyserver pgp.mit.edu --recv-keys DE8A3103 From colug at jmglov.net Wed May 12 14:27:30 2004 From: colug at jmglov.net (Josh Glover) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: References: <20040508100503.577027e8.jep200404@columbus.rr.com><200405081311.27313.rfunk@funknet.net> Message-ID: <3810.24.123.50.150.1084386450.squirrel@mail.jmglov.net> Quoth Jonadab the Unsightly One: > I have to keep an ftp server installed on at least one system at work > so that I can transfer things to the VMS system, which has an ftp > client but AFAIK no ssl-anything. (I don't have to leave the ftp > server _running_ all the time though; I can turn it on just when I > need to use it and stop it when I'm done.) Combined with some iptables rules that allow *only* the VMS box to connect to ftpd, this is perfectly sensible. > I have seen systems where a system-administrative password is used for > ftp. That's plusungood. Don't set it up that way. ^^^^^^^^^^ I vote for upgrading this to "doubleplusungood"! :) -- Josh Glover GPG keyID 0xDE8A3103 (C3E4 FA9E 1E07 BBDB 6D8B 07AB 2BF1 67A1 DE8A 3103) gpg --keyserver pgp.mit.edu --recv-keys DE8A3103 From blata at extent0006.entomology.ohio-state.edu Wed May 12 14:53:42 2004 From: blata at extent0006.entomology.ohio-state.edu (Wade Pinkston) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Variance of Successful Tests In-Reply-To: <20040512101510.46899d15.jep200404@columbus.rr.com> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> <40A2291E.3090200@bugs.osu.edu> <20040512101510.46899d15.jep200404@columbus.rr.com> Message-ID: <40A272B6.3030503@bugs.osu.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Acutely in Note number 5 Justin states that he repeated the experiment 3 times and reports the mean of the three tests. I did get the data from him and I am running ANOVA and T tests on the data and should have them posted tomorrow (Justin also asked for the results). As it looks right now JFS and xfs are not significantly different while ext3 is a dog. Jim wrote this to me on 05/12/2004 10:15 AM: |Wade Pinkston wrote: | |>Justin makes no mention of the variance in his averages. | | |Well, if one only does something once, there is no variance. |Remember Pons and Fleischman motto: | | "Never repeat a successful experiment" | |_______________________________________________ |colug mailing list |colug@colug.net |http://www.colug.net/mailman/listinfo/colug - -- Wade Pinkston The Ohio State University Extension Entomology 1991 Kenny Rd Columbus OH 43210 phone: (614) 292-5274 Ipsa scientia potestas est Windows,a 32 bit graphical interface for a 16 bit patch to an 8 bit operating system internally coded for a 4 bit processor written by a 2 bit company that can't stand 1 bit of competition GnuPG Key ID 0x216FDD35 gpg --keyserver pgp.mit.edu --recv-keys 216FDD35 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAonK2v+6+qSFv3TURAmCvAKCN+fDsN5RVJMcNPBJl3nBgT1K34QCfQLB3 to9w4xEJysZX+if+g4t5LHI= =Gc90 -----END PGP SIGNATURE----- From colug at jmglov.net Wed May 12 16:01:42 2004 From: colug at jmglov.net (Josh Glover) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Variance of Successful Tests In-Reply-To: <40A272B6.3030503@bugs.osu.edu> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> <40A2291E.3090200@bugs.osu.edu><20040512101510.46899d15.jep200404@columbus.rr.com> <40A272B6.3030503@bugs.osu.edu> Message-ID: <1240.24.123.50.150.1084392102.squirrel@mail.jmglov.net> Quoth Wade Pinkston: > As it looks right now JFS and xfs are not significantly different while ext3 > is a dog. This is consistent with all of the benchmarks that I have ever seen published. JFS is slightly better than XFS until your file sizes start climbing into the 10M range, and then XFS starts to pull away. -- Josh Glover GPG keyID 0xDE8A3103 (C3E4 FA9E 1E07 BBDB 6D8B 07AB 2BF1 67A1 DE8A 3103) gpg --keyserver pgp.mit.edu --recv-keys DE8A3103 From WKehr at checkfree.com Wed May 12 16:46:10 2004 From: WKehr at checkfree.com (WKehr@checkfree.com) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: <3810.24.123.50.150.1084386450.squirrel@mail.jmglov.net> Message-ID: Quoth Jonadab the Unsightly One: > I have to keep an ftp server installed on at least one system at work > so that I can transfer things to the VMS system, which has an ftp > client but AFAIK no ssl-anything. (I don't have to leave the ftp > server _running_ all the time though; I can turn it on just when I > need to use it and stop it when I'm done.) With all the DEC software written (such as Decus software) is there any sftp? One thing about putting up an ftp server is that since the code is GPL you can modify it to process files in a different fashion. The directories and file names can all be "virtual" and you can modify the code to immediately do extra logging. If you have the same people sending data to you, then you could put together a small application that uses SSL and goes to port 443 but does not do http. The people who send files to you can have a small Java app that you write to do the file transfers. You could even issue self signed certificates to the users for the application. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.colug.net/pipermail/colug/attachments/20040512/b835509e/attachment.htm From pat at linuxcolumbus.com Wed May 12 16:56:16 2004 From: pat at linuxcolumbus.com (pat@linuxcolumbus.com) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Variance of Successful Tests In-Reply-To: <40A272B6.3030503@bugs.osu.edu> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> <40A2291E.3090200@bugs.osu.edu> <20040512101510.46899d15.jep200404@columbus.rr.com> <40A272B6.3030503@bugs.osu.edu> Message-ID: <20040512205616.GI6755@linuxcolumbus.com> On Wed, May 12, 2004 at 02:53:42PM -0400, Wade Pinkston wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > have them posted tomorrow (Justin also asked for the results). As it > looks right now JFS and xfs are not significantly different while ext3 > is a dog. > A dog? Looking at the graphs I didn't see huge differences between any of them. I'm glad we have a choice of filesystems unlike certain other os's that shall remain nameless. Pat From jkellner at securelinux.org Wed May 12 20:30:19 2004 From: jkellner at securelinux.org (John P. Kellner) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Firewalls In-Reply-To: <103d9eb10374b4.10374b4103d9eb@columbus.rr.com> References: <103d9eb10374b4.10374b4103d9eb@columbus.rr.com> Message-ID: <40A2C19B.6090503@securelinux.org> archanoid@columbus.rr.com wrote: >Hey all. We are changing our Internet connection >from a T1 to a 2MB Ethernet feed and I wish to use >a Linux (or BSD) based firewall. I am soliciting >your suggestions on viable projects. > >I use LEAF/Bering at home and am happy with it >but think for the production office environment >I might like a little more. > >www.sentryfirewall.com looks like it has potential. > >www.astaro.com looks nice, but is a pay option and >the way money is allocated around here, well, makes >paid for options greatly sub-optimal unfortunately. > >Anyway, I am also looking for suggestions on what >kind of hardware suggestions you have for handling >the load. I want a central box to be a stateful >firewall with squid + squidGuard (or similar), future >options for IPSec VPN, and virus filtering of SMTP and >HTTP traffic. > >My desired layout is as follows (here's hoping this comes through without getting mangled): > > > |------- INTERNET -------| > ^ > | > | > v (a) > (b) /----------\ (c) > /-->| FIREWALL |<--\ > | \----------/ | > | ^ (d) | > v | v >|--DMZ--| | |--LAN2--| > | > v > |--LAN1--| > > > >(a) is 2MB Ethernet (10MB throttled) >(b),(c), and (d) are 100MB Ethernet > > >I imagine a lot of traffic flowing >between (b), (c), and (d). > >The system set aside for this purpose >is an HP NetServer 800 (P3 800Mhz w/ >512MB RAM, seven PCI slots, two 64-bit). > >I think it should be capable of keeping >up with the load, but if anybody has >experience as to its utility in this role >I would appreciate hearing from you. > > >Thanks, > >-Aaron > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug > > Have you looked at Mandrake's Multi Network Firewall ? http://www.mandrakesoft.com/products/mnf Its an awesome product.. I used to like building firewalls by hand until I ran into this product, its awesome ! Hmm, awesome twice, it must be good. Also, I recommend gShield if your looking to stick with a particular distro, and don't want to change. Its pretty good, I aslo heard Shorewall mentioned, its anothe good one. http://muse.linuxmafia.org/gshield/ JP From skippy at skippy.net Wed May 12 20:55:08 2004 From: skippy at skippy.net (Scott Merrill) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Firewalls In-Reply-To: <40A2C19B.6090503@securelinux.org> References: <103d9eb10374b4.10374b4103d9eb@columbus.rr.com> <40A2C19B.6090503@securelinux.org> Message-ID: <40A2C76C.5030500@skippy.net> John P. Kellner wrote: > Have you looked at Mandrake's Multi Network Firewall ? > http://www.mandrakesoft.com/products/mnf MNF is based on Tom Eastep's Shoreline Firewall: http://www.shorewall.net/ > Its an awesome product.. I used to like building firewalls by hand until > I ran into this product, its awesome ! Hmm, awesome twice, it must be good. Indeed, it is because Shorewall itself is awesome. Shorewall is one of the most robust, extensible firewalling packages I've seen. Easily configure and use advanced networking technologies (Proxy ARP, bridging, traffic accounting), fantastic support for multiple VPN technologies (ipsec, PPTP, openvpn), rich documentation (including several thorough real-life examples), and hooks to add whatever special features you may need. Plus, Tom Eastep is indefatigable in answering questions on the mailing list. Many list members complain that they don't get a chance to help newbies because Tom is so quick to answer! While sometimes a bit brusque, he has a phenomenal understanding of internetworking technologies, and puts it to good use in the development of Shorewall. From tom at functionalmedia.com Wed May 12 21:05:09 2004 From: tom at functionalmedia.com (tom hanlon) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Firewalls In-Reply-To: <40A2C76C.5030500@skippy.net> Message-ID: <9481B9DE-A479-11D8-92E4-00039317745E@functionalmedia.com> I was about to mention Shorewall. I have heard good reports on IPcop ?? I believe sysadmin magazine just did a review of it. Tom On Wednesday, May 12, 2004, at 08:55 PM, Scott Merrill wrote: > John P. Kellner wrote: >> Have you looked at Mandrake's Multi Network Firewall ? >> http://www.mandrakesoft.com/products/mnf > > MNF is based on Tom Eastep's Shoreline Firewall: > http://www.shorewall.net/ > >> Its an awesome product.. I used to like building firewalls by hand >> until I ran into this product, its awesome ! Hmm, awesome twice, it >> must be good. > > Indeed, it is because Shorewall itself is awesome. Shorewall is one > of the most robust, extensible firewalling packages I've seen. Easily > configure and use advanced networking technologies (Proxy ARP, > bridging, traffic accounting), fantastic support for multiple VPN > technologies (ipsec, PPTP, openvpn), rich documentation (including > several thorough real-life examples), and hooks to add whatever > special features you may need. > > Plus, Tom Eastep is indefatigable in answering questions on the > mailing list. Many list members complain that they don't get a chance > to help newbies because Tom is so quick to answer! While sometimes a > bit brusque, he has a phenomenal understanding of internetworking > technologies, and puts it to good use in the development of Shorewall. > _______________________________________________ > colug mailing list > colug@colug.net > http://www.colug.net/mailman/listinfo/colug > > Tom Hanlon Functional Media 740-597-1472 tom@functionalmedia.com www.functionalmedia.com From archanoid at columbus.rr.com Wed May 12 21:42:19 2004 From: archanoid at columbus.rr.com (Aaron Howard) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Firewalls In-Reply-To: <9481B9DE-A479-11D8-92E4-00039317745E@functionalmedia.com> References: <9481B9DE-A479-11D8-92E4-00039317745E@functionalmedia.com> Message-ID: On Wed, 12 May 2004 21:05:09 -0400, tom hanlon wrote: > I was about to mention Shorewall. > > I have heard good reports on IPcop ?? I believe sysadmin magazine just > did a review of it. > > Tom > Shorewall is included as part of LEAF/Bering. I tried Mandrake *S*NF once for my home but liked LEAF/Bering better. Here's what I've tried so far: ipcop - couldn't d/l it or burn it or install it (forgot which), so I moved on smoothwall express 2.0 with manuals - kept saying no IDE drives and wouldn't install, NEXT! Mandrake MNF - started installing earlier today LEAF/Bering - presently using it at home, not tested it with more than two interfaces sentry firewall - d/l-ed still reading the howto devil linux - d/l-ed it, reading docs gShield - just read about it, maybe I'll check it out tomorrow Thanks for everybody's input... -Aaron From sjs at khadrin.com Wed May 12 22:40:04 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: References: Message-ID: <1084416004.28469.64.camel@cobra.khadrin.com> On Wed, 2004-05-12 at 16:46, WKehr@checkfree.com wrote: > Quoth Jonadab the Unsightly One: > > > I have to keep an ftp server installed on at least one system at > work > > so that I can transfer things to the VMS system, which has an ftp > > client but AFAIK no ssl-anything. (I don't have to leave the ftp > > server _running_ all the time though; I can turn it on just when I > > need to use it and stop it when I'm done.) > > With all the DEC software written (such as Decus software) is there > any sftp? SSH server and client software is part of the latest version of OpenVMS. It sucks though (only supports scp of stream-lf files for example.) The one from process software is a better solution in my experience[1]. It isn't free though. I am pretty sure it is the one they use on the deathrow cluster[2], which is the only access to VMS I have these days (and I am not at all unhappy about that...vms is for masochists). [1] http://www.process.com/tcpip/ssh.html. [2] http://deathrow.vistech.net/ -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From dmaxwell at columbus.rr.com Wed May 12 22:45:10 2004 From: dmaxwell at columbus.rr.com (Dave Maxwell) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Firewalls In-Reply-To: References: <9481B9DE-A479-11D8-92E4-00039317745E@functionalmedia.com> Message-ID: <200405122245.10603.dmaxwell@columbus.rr.com> On Wednesday 12 May 2004 09:42 pm, Aaron Howard wrote: > sentry firewall - d/l-ed still reading the howto Sentry is more of a base to build a firewall with. It does very little automagic configuration for you. I used it to build cdrom based firewalls for our district because I needed to build bridging firewalls. All of the turnkey Linux firewalls I could find use NAT. As our district is already NATed by our ISP (Treca), I felt it would be a little gross to add more NAT on top. Also, changing ips and subnets in all of the buildings wasn't an option either. Sentry comes with a bridging enabled kernel and all of the iptables and ebtables necessities. I use fwbuilder to make the actual firewall scripts. Sentry does have a nifty feature where it will replace files in /etc with chosen substitutes from a floppy or USB keychain. My firewalls have their harddrives removed. They boot from the CDs and pull their ssh keys, network, and firewall configs from a 32 MB USB keychain. That part of it is the one thing they did make simple. The USB device is unmounted once the config substitutions are complete. Once booted these things operate almost entirely out of memory. I've been happy with the end result but I had to do quite a bit myself with very little handholding. Dave From tom at functionalmedia.com Wed May 12 23:40:44 2004 From: tom at functionalmedia.com (tom hanlon) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Firewalls In-Reply-To: Message-ID: <50AFCAE0-A48F-11D8-92E4-00039317745E@functionalmedia.com> Could you give us a review of what you used/tried/ and how they are when you are done with this adventure. My present system is an old coyote install that just works, and works and works. The fan died long ago but the computer keeps on running. A DMZ arrangement might be nice though. Tom > ipcop - couldn't d/l it or burn it or install it (forgot which), so I > moved on > smoothwall express 2.0 with manuals - kept saying no IDE drives and > wouldn't install, NEXT! > Mandrake MNF - started installing earlier today > LEAF/Bering - presently using it at home, not tested it with more than > two interfaces > sentry firewall - d/l-ed still reading the howto > devil linux - d/l-ed it, reading docs > gShield - just read about it, maybe I'll check it out tomorrow > > Thanks for everybody's input... > > -Aaron > > _______________________________________________ > colug mailing list > colug@colug.net > http://www.colug.net/mailman/listinfo/colug > > From jep200404 at columbus.rr.com Thu May 13 01:13:30 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Fans: Failure and Resuscitation In-Reply-To: <50AFCAE0-A48F-11D8-92E4-00039317745E@functionalmedia.com> References: <50AFCAE0-A48F-11D8-92E4-00039317745E@functionalmedia.com> Message-ID: <20040513011330.23ddbc17.jep200404@columbus.rr.com> tom hanlon wrote: > The fan died long ago but the computer keeps on running. It's not too surprising for lightly loaded old computers, that it kept on running with the fan. Which fan died? CPU fan or power supply fan? Most fans can be resuscitated by relubricating. There is usually a round sticker that covers the end of the axle. Gently pull pack the sticker, being careful to keep it clean (by pulling back with side of clean knife blade). Put _half_ a drop of oil (Singer sewing machine oil, or engine oil. I'm leery of WD-40 or 3-in-1 for this application.) on end of shaft, hopefully past (typically plastic) ring that keeps shaft from falling out. If the oils just beads up on the end of the shaft, then it won't work. You _have_ to get it past the retainer ring. Then work the fan back and forth, until it turns freely. Once it turns freely, apply power. When it's running nicely, put the (still clean) round sticker back over the hub to seal it. Some fans that have run too long without lubrication have ruined the bearings and rattle much. They can not be fixed by mere relubrication. Of course, if your computer is working fine without the fan, and is not getting too hot, then just declare victory (of silence) and run away. When a fan makes inconsistent sound, or fails to start by itself without a nudge, failure from lack of lubrication is imminent. Take this as a warning to either replace or relubricate the fan. Some old lightly loaded computers can survive without a fan, but most machines really do need a fan. Failure of the fan leads to overheating the power supply or other components. Failure of the power supply _can_ lead the power supply to supply destructive voltages to the computer. For most computers, don't ignore the signs of a dying fan. From colug at jmglov.net Thu May 13 11:06:58 2004 From: colug at jmglov.net (Josh Glover) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Variance of Successful Tests In-Reply-To: <20040512205616.GI6755@linuxcolumbus.com> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> <40A2291E.3090200@bugs.osu.edu><20040512101510.46899d15.jep200404@columbus.rr.com><40A272B6.3030503@bugs.osu.edu> <20040512205616.GI6755@linuxcolumbus.com> Message-ID: <2909.24.123.50.150.1084460818.squirrel@mail.jmglov.net> Quoth pat@linuxcolumbus.com: > I'm glad we have a choice of filesystems unlike certain other os's > that shall remain nameless. Oh be fair, now! XP supports FAT16, FAT32, *and* NTFS! ;) -- Josh Glover GPG keyID 0xDE8A3103 (C3E4 FA9E 1E07 BBDB 6D8B 07AB 2BF1 67A1 DE8A 3103) gpg --keyserver pgp.mit.edu --recv-keys DE8A3103 From frank_rieder at bankone.com Thu May 13 11:33:37 2004 From: frank_rieder at bankone.com (frank_rieder@bankone.com) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Variance of Successful Tests Message-ID: I can tell you I have never heard any kind of comparison about the filesystems you listed below. (FAT*/NTFS) Frank Rieder Operations Specialist Banc One Leasing Corporation Mail code OH1-1085 Phone: 614-213-4591 Fax: 614-213-2083 toll-free 800-879-7184 ext. 34591 Email : Frank Rieder@Bankone.com "Josh Glover" @colug.net on 05/13/2004 11:06:58 AM Please respond to Central OH Linux User Group Sent by: colug-bounces@colug.net To: "Central OH Linux User Group" cc: Subject: Re: [COLUG] Variance of Successful Tests Quoth pat@linuxcolumbus.com: > I'm glad we have a choice of filesystems unlike certain other os's > that shall remain nameless. Oh be fair, now! XP supports FAT16, FAT32, *and* NTFS! ;) -- Josh Glover GPG keyID 0xDE8A3103 (C3E4 FA9E 1E07 BBDB 6D8B 07AB 2BF1 67A1 DE8A 3103) gpg --keyserver pgp.mit.edu --recv-keys DE8A3103 _______________________________________________ colug mailing list colug@colug.net http://www.colug.net/mailman/listinfo/colug This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. From jep200404 at columbus.rr.com Thu May 13 11:38:44 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:27 2005 Subject: [COLUG] Variance of Successful Tests In-Reply-To: References: Message-ID: <20040513113844.08100f86.jep200404@columbus.rr.com> frank_rieder@bankone.com wrote: > I can tell you I have never heard any kind of comparison about the > filesystems you listed below. (FAT*/NTFS) Well then, now's your opportunity to make such a comparison! From frank_rieder at bankone.com Thu May 13 11:45:58 2004 From: frank_rieder at bankone.com (frank_rieder@bankone.com) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] Variance of Successful Tests Message-ID: Not me... Why compare something I currently do not use. I might google on it later, but I will not be installing any version of Windows if I do not have to. Jim @colug.net on 05/13/2004 11:38:44 AM Please respond to Central OH Linux User Group Sent by: colug-bounces@colug.net To: Central OH Linux User Group cc: Subject: Re: [COLUG] Variance of Successful Tests frank_rieder@bankone.com wrote: > I can tell you I have never heard any kind of comparison about the > filesystems you listed below. (FAT*/NTFS) Well then, now's your opportunity to make such a comparison! _______________________________________________ colug mailing list colug@colug.net http://www.colug.net/mailman/listinfo/colug This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. From frank_rieder at bankone.com Thu May 13 11:47:47 2004 From: frank_rieder at bankone.com (frank_rieder@bankone.com) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] VMWARE Message-ID: Anyone out there currently using VMware? I was looking at it for my home desktop. Since my counterpart needs windows for school I cannot get rid of it altogether but if I caould run XP virtually on my linux box that should work ok. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. From kb8rln at penguinmaster.com Thu May 13 11:44:25 2004 From: kb8rln at penguinmaster.com (Richard Rager) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] Variance of Successful Tests In-Reply-To: <20040513113844.08100f86.jep200404@columbus.rr.com> References: <20040513113844.08100f86.jep200404@columbus.rr.com> Message-ID: > frank_rieder@bankone.com wrote: > > > I can tell you I have never heard any kind of comparison about the > > filesystems you listed below. (FAT*/NTFS) > > Well then, now's your opportunity to make such a comparison! > Would not be fair. NTFS there is version 1,2 and fat does not do anything for extented security bit. FAT also does not journal. Linux has 4 journaling files systems. Enjoy, Richard Rager From kb8rln at penguinmaster.com Thu May 13 11:54:29 2004 From: kb8rln at penguinmaster.com (Richard Rager) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] VMWARE In-Reply-To: References: Message-ID: On Thu, 13 May 2004 frank_rieder@bankone.com wrote: > Anyone out there currently using VMware? > I was looking at it for my home desktop. > Since my counterpart needs windows for school I cannot get rid of it > altogether but if I caould run XP virtually on my linux box that should > work ok. > I have only run when I am testing. This is what I have run under VMWARE 4.1 MS AS 2000 MS 2000 Server <-- with MSSQL MS 2000 XP Pro NT 4 Win 98se I do not know what app you are running but win 98 run better for most simple tasks. I only gave VMWare it 256 Megs. How this help. Enjoy, Richard Rager From frank_rieder at bankone.com Thu May 13 12:18:30 2004 From: frank_rieder at bankone.com (frank_rieder@bankone.com) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] VMWARE Message-ID: Well, this is my plan. VMware on my SuSE 9 box with a virtual Windows XP or 2000. This will mostly be to run Office2k and everyday uses. My fiance' is not a linux person, and her college courses require her to have windows (not really but she will not let me go the linux route. Yep, she wears the pants.). If she could run Windows from my Box then I would not have to have a box dedicated to windows. She has used Xandros and liked it, but when classes started up again she wanted her Windows back. Any thoughts? Frank Rieder Operations Specialist Banc One Leasing Corporation Mail code OH1-1085 Phone: 614-213-4591 Fax: 614-213-2083 toll-free 800-879-7184 ext. 34591 Email : Frank Rieder@Bankone.com Richard Rager @colug.net on 05/13/2004 11:54:29 AM Please respond to Central OH Linux User Group Sent by: colug-bounces@colug.net To: Central OH Linux User Group cc: Subject: Re: [COLUG] VMWARE On Thu, 13 May 2004 frank_rieder@bankone.com wrote: > Anyone out there currently using VMware? > I was looking at it for my home desktop. > Since my counterpart needs windows for school I cannot get rid of it > altogether but if I caould run XP virtually on my linux box that should > work ok. > I have only run when I am testing. This is what I have run under VMWARE 4.1 MS AS 2000 MS 2000 Server <-- with MSSQL MS 2000 XP Pro NT 4 Win 98se I do not know what app you are running but win 98 run better for most simple tasks. I only gave VMWare it 256 Megs. How this help. Enjoy, Richard Rager _______________________________________________ colug mailing list colug@colug.net http://www.colug.net/mailman/listinfo/colug This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. From rfunk at funknet.net Thu May 13 12:32:32 2004 From: rfunk at funknet.net (Rob Funk) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] VMWARE In-Reply-To: References: Message-ID: <200405131232.32539.rfunk@funknet.net> frank_rieder@bankone.com wrote: > If she could run Windows from my Box then I would not have to have a box > dedicated to windows. She has used Xandros and liked it, but when > classes started up again she wanted her Windows back. > > > Any thoughts? While VMWare may be a good option (maybe even the best), there are a few others to consider: - bochs http://bochs.sf.net/ - Run Windows on a spare machine, and use VNC to get to it from the desktop machine. - Run Windows from CD, Knoppix-style. http://www.heise.de/ct/Service/English.htm/99/11/206/ http://www.nu2.nu/bootcd/ -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" From jep200404 at columbus.rr.com Thu May 13 12:34:46 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] Journaling FAT and NTFS Filesystems In-Reply-To: References: <20040513113844.08100f86.jep200404@columbus.rr.com> Message-ID: <20040513123446.2d71c797.jep200404@columbus.rr.com> Richard Rager wrote: > > frank_rieder@bankone.com wrote: > > > > > I can tell you I have never heard any kind of comparison about the > > > filesystems you listed below. (FAT*/NTFS) > > > > Well then, now's your opportunity to make such a comparison! > Would not be fair. NTFS there is version 1,2 and fat does not do > anything for extented security bit. Let that be part of the comparison. > FAT also does not journal. Linux has 4 journaling files systems. OK, so make it fair by adding journaling to the MS filesystems, (perhaps like journaling was added to ext2 to become ext3). Of course, you would release your journaling FAT and NTFS filesystems under GPL, which would practically keep Microsoft from using it, although they could reverse engineer it. Of course, we don't want to do anything that Microsoft could draw inspiration from to improve their filesystems. We'd rather migrate away from those legacy filesystems and the operating systems that rely upon them. From alden at math.ohio-state.edu Thu May 13 12:40:35 2004 From: alden at math.ohio-state.edu (Dave Alden) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] VMWARE In-Reply-To: References: Message-ID: <20040513164035.GA2646@math.ohio-state.edu> Hi, On Thu, May 13, 2004 at 12:18:30PM -0400, frank_rieder@bankone.com wrote: > If she could run Windows from my Box then I would not have to have a box > dedicated to windows. She has used Xandros and liked it, but when classes > started up again she wanted her Windows back. If all she wants is the Office suite, check out Crossover Office (which actually runs quite a few more programs including Access, Project, Photoshop, Quicken, many of the web browser plugins, etc...): http://www.codeweavers.com/site/products/cxoffice ...dave ps We run both CrossOver Office and VMware -- depends upon the application. I'm running VMware 4.5.1 on my Fedora box to do general Windows types of things. From frank_rieder at bankone.com Thu May 13 14:03:28 2004 From: frank_rieder at bankone.com (frank_rieder@bankone.com) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] VMWARE Message-ID: We currently Dual Boot on this machine and a fileserver runs from another room. Currently if I want online I have two options: 1) I have to go back to the fileserver (Good little "ultra light load" 400mhz AMD/Fanless/Headless), connect an old monitor and fire up a browser. I do not like this option, and have only done this twice. 2)Close down Windows and Reboot. I really don't like this option either. I would like to find an alternative to the current setup. I like the sound of just clicking the tab for my Linux System or another tab for her Windows. I read some of Bochs, and Plex site and either might be good options. But I am unsure if I want to use either since I have not heard as much about them as VMWARE. I have Crossover Office (part of the purchase of Xandros) never could get Access or PowerPoint to work. The issues are all of the formats that are being used in her classes. She frequently gets .mdb, .ppt, and .avi files from teachers. Instead of using a player in linux for .avi she just wants it to work and show eveything correctly. She uses an Access Query for some of her classwork and study aids. Since these are things I either, 1. cannot do in Linux _or_ 2. Do not know how to do in Linux. I may need to grab another cheap machine to test the bochs and or plex Idea. >Hi, > >On Thu, May 13, 2004 at 12:18:30PM -0400, frank_rieder@bankone.com wrote: >> If she could run Windows from my Box then I would not have to have a box >> dedicated to windows. She has used Xandros and liked it, but when classes >> started up again she wanted her Windows back. > >If all she wants is the Office suite, check out Crossover Office (which >actually runs quite a few more programs including Access, Project, Photoshop, >Quicken, many of the web browser plugins, etc...): > >http://www.codeweavers.com/site/products/cxoffice > >...dave > >ps We run both CrossOver Office and VMware -- depends upon the application. > I'm running VMware 4.5.1 on my Fedora box to do general Windows types > of things. Frank Rieder Operations Specialist Banc One Leasing Corporation Mail code OH1-1085 Phone: 614-213-4591 Fax: 614-213-2083 toll-free 800-879-7184 ext. 34591 Email : Frank Rieder@Bankone.com Rob Funk @colug.net on 05/13/2004 12:32:32 PM Please respond to Central OH Linux User Group Sent by: colug-bounces@colug.net To: Central OH Linux User Group cc: Subject: Re: [COLUG] VMWARE frank_rieder@bankone.com wrote: > If she could run Windows from my Box then I would not have to have a box > dedicated to windows. She has used Xandros and liked it, but when > classes started up again she wanted her Windows back. > > > Any thoughts? While VMWare may be a good option (maybe even the best), there are a few others to consider: - bochs http://bochs.sf.net/ - Run Windows on a spare machine, and use VNC to get to it from the desktop machine. - Run Windows from CD, Knoppix-style. http://www.heise.de/ct/Service/English.htm/99/11/206/ http://www.nu2.nu/bootcd/ -- ==============================| "A slice of life isn't the whole cake Rob Funk | One tooth will never make a full grin" http://www.funknet.net/rfunk | -- Chris Mars, "Stuck in Rewind" _______________________________________________ colug mailing list colug@colug.net http://www.colug.net/mailman/listinfo/colug This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. From jim at rossberry.com Thu May 13 14:44:23 2004 From: jim at rossberry.com (Jim Wildman) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] VMWARE In-Reply-To: References: Message-ID: On Thu, 13 May 2004 frank_rieder@bankone.com wrote: > > We currently Dual Boot on this machine and a fileserver runs from another > room. Currently if I want online I have two options: 1) I have to go back > to the fileserver (Good little "ultra light load" 400mhz > AMD/Fanless/Headless), connect an old monitor and fire up a browser. I do > not like this option, and have only done this twice. 2)Close down Windows > and Reboot. I really don't like this option either. > I would like to find an alternative to the current setup. > I like the sound of just clicking the tab for my Linux System or another > tab for her Windows. Install Cygwin on the Windows box, configure the server to allow xdmcp and run X remotely. ------------------------------------------------------------------------ Jim Wildman, CISSP, RHCE jim@rossberry.com http://www.rossberry.com From tnoe at mailsnare.net Thu May 13 15:48:41 2004 From: tnoe at mailsnare.net (Thomas J. Noe) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] VMWARE In-Reply-To: References: Message-ID: <200405131548.44088.tnoe@mailsnare.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have been running VMWare 4.1 under a 2.4 series kernel since December 2003 with lots of success. While personally, I support GNU/Linux/OSS and all that it entails, unfortunately for work, I need the capability to do Visual Studio 6/.NET development. I did dual-boot at first, but then just decided to run Windows 2000/SQL Server 2000/Visual Studio 6 & .NET under VMWare. While a bit more expensive option than some of the other projects listed here (such as CrossOver and Bochs), I have to say that the stability has been quite impressive. Two problems that I ran into. First, my distro of choice is Slackware. In order to run the initial configuration Perl scripts for VMWare, I had to create seven folders, rcX.d (where X = 0..6) under /etc/rc.d and then run the configuration script. The second problem had to do with a PCMCIA card that had to be activated on a Windows machine (Sierra AirCard 555). Unfortunately, VMWare abstracts PCMCIA information, so the Windows software couldn't detect the card through Linux/VMWare/Win2k. - -- Best wishes, Tom E: tnoe AT mailsnare DOT net P: tnoe AT vtext DOT com GPG keyID 0x9ACE08E1 gpg --keyserver pgp.mit.edu --recv-keys 9ACE08E1 On Thursday 13 May 2004 11:47, frank_rieder@bankone.com wrote: > Anyone out there currently using VMware? > I was looking at it for my home desktop. > Since my counterpart needs windows for school I cannot get rid of it > altogether but if I caould run XP virtually on my linux box that should > work ok. > > _______________________________________________ > colug mailing list > colug@colug.net > http://www.colug.net/mailman/listinfo/colug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAo9EcNFfoH5OP+5oRAh2uAKCg9EJkwVAkv3vHXd8jIEnbEp1iRwCfX+oc z4QQCUtHH67u70fcCEz3oV8= =Dqki -----END PGP SIGNATURE----- From 6f at earthlink.net Thu May 13 19:06:17 2004 From: 6f at earthlink.net (Steve) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] Linux Firewall Message-ID: <20040513230617.GA7139@earthlink.net> Lads (and Lasses)- I currently am running a firewall on an old 486 DX2/66. It's running pf/nat on OpenBSD 3.3. I'm attempting to convert it to LEAF/Bering. I've tweaked network & modules config. I can't get it to recognize any of the three network cards I put in the PCI slots. It does recognize the ISA NIC I have in. OpenBSD recognizes both cards fine. The ISA is a Linksys Ether16. The PCI that BSD recognized is a Netgear FA311. I can't get Linux to recognize this card. I've tried several modules. I even swapped it out with a FA310 and a 3C905. I don't have any other ISA cards or I'd just go with 2 of those. I'm trying to avoid having to purchase another NIC (even though they are cheap). Any ideas? I've tried the Tulip module and got this error: unresolved symbol pci_drv_unregistered (and registered). I could leave the OpenBSD box as is since it works fine (most of the time). I do prefer to migrate to LEAF/Bering though. Any thoughts on what I can try? I may have missed something obvious along the way. Any and all assistance is much appreciated. Thanks, Steve From skippy at skippy.net Thu May 13 19:25:09 2004 From: skippy at skippy.net (Scott Merrill) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] Linux Firewall In-Reply-To: <20040513230617.GA7139@earthlink.net> References: <20040513230617.GA7139@earthlink.net> Message-ID: <40A403D5.7050501@skippy.net> Steve wrote: > OpenBSD recognizes both cards fine. The ISA is a Linksys > Ether16. The PCI that BSD recognized is a Netgear FA311. I can't get > Linux to recognize this card. I've tried several modules. I even > swapped it out with a FA310 and a 3C905. I don't have any other ISA > cards or I'd just go with 2 of those. I'm trying to avoid having to > purchase another NIC (even though they are cheap). Any ideas? I've > tried the Tulip module and got this error: unresolved symbol > pci_drv_unregistered (and registered). A quick search on the LEAF mailing lists suggests that FA311 NICs need the natsemi.o module, and the pci-scan.o module: http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg12006.html Another message suggests that the FA310 uses tulip.o: http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg13336.html That _might_ solve your problem. I've successfully used 3c509 NICs in LEAF/Bering systems. You need to configure these with 3c5x9cfg.exe: http://www.colug.net/pipermail/colug/2002-July/002914.html From jep200404 at columbus.rr.com Thu May 13 19:29:09 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] NIC driver modules determination: Use Knoppix In-Reply-To: <20040513230617.GA7139@earthlink.net> References: <20040513230617.GA7139@earthlink.net> Message-ID: <20040513192909.09ef2153.jep200404@columbus.rr.com> Steve <6f@earthlink.net> wrote: > old 486 DX2/66. > I can't get it to > recognize any of the three network cards I put in the PCI slots. To find out what modules Linux likes to use for various PCI cards, use Knoppix. Remove all NICS (PCI and ISA) from the box except the PCI NIC that you are trying to figure out the driver module for. After Knoppix boots, run lsmod as root to see what module Knoppix used. Also ping sites that you know are pingable, and maybe download the beginning of some big file from a fast server to confirm that the card works. When you figure out which driver a NIC uses, put a label on the NIC recording what driver module to use. Knoppix is piggy, you'll likely want to stick the PCI NICs in a fast box with 256MB of RAM for testing with Knoppix. From jacob at teched.net Thu May 13 19:44:50 2004 From: jacob at teched.net (J. Jacob Hopkins) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] Linux Firewall In-Reply-To: <20040513230617.GA7139@earthlink.net> References: <20040513230617.GA7139@earthlink.net> Message-ID: <20040513234450.GA20765@noroute.teched.net> On Thu, May 13, 2004 at 07:06:17PM -0400, Steve wrote: > I currently am running a firewall on an old 486 DX2/66. It's > running pf/nat on OpenBSD 3.3. I'm attempting to convert it to > LEAF/Bering. > I could leave the OpenBSD box as is since it works fine (most of > the time). I do prefer to migrate to LEAF/Bering though. Most of the time? What is drawing you toward LEAF/Bearing, or driving you from OpenBSD/pf? Jacob jacob@teched.net From jonadab at bright.net Thu May 13 22:33:15 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: References: Message-ID: WKehr@checkfree.com writes: > Quoth Jonadab the Unsightly One: > > > I have to keep an ftp server installed on at least one system at work > > so that I can transfer things to the VMS system, which has an ftp > > client but AFAIK no ssl-anything. (I don't have to leave the ftp > > server _running_ all the time though; I can turn it on just when I > > need to use it and stop it when I'm done.) > > With all the DEC software written (such as Decus software) is there any > sftp? I don't know what there is *available*, only what's on this particular VMS system. I'm comfortable enough with VMS to transfer files onto there and do stuff with them (e.g. to customize the webpac it serves out with custom HTML and images and CSS) but not comfortable enough to go installing arbitrary software. VMS is sufficiently different from the other systems I know that I'm fairly out of my depth there. It doesn't help that we don't seem to have any VMS manuals, only manuals for the application software we're using. The help system is very helpful with syntax, but there are a lot of foreign (to me) concepts, much moreso than when I branched out from DOS to Linux. The VMS help system is in some ways better than the *nix one, especially in terms of being more interactive and context-sensitive (though not as much so as the Twenex help system apparently was, from what I've read), but in other ways it's worse, especially in terms of assuming an aweful lot of background knowledge about the VMS way of thinking about things. >From what I do know of VMS, I rather like it (mostly), but I'm definitely a newbie on that platform. If my Vax at home had the ability to connect to the internet, I might try downloading and installing some things there, for the learning experience value, but it doesn't have TCP/IP, so that's out, unless someone knows of a way to get Linux to speak the DEC networking protocols. (The Vax does have ethernet. It's thinnet/BNC, so I'd have to get a hub that supports that, but if I could be reasonably confident of the ability to get things transferred onto there I'd be quite willing to make that investment...) The VMS system at work is too mission-critical to risk that way with my level of knowledge. So I keep proftpd installed on a Linux box, and when I need to transfer something over to the VMS system I put the file there, turn it on, use the ftp client on the VMS system to download it, and then shut proftpd back off. > One thing about putting up an ftp server is that since the code is > GPL you can modify it to process files in a different fashion. The > directories and file names can all be "virtual" and you can modify > the code to immediately do extra logging. I've thought about using a Perl FTP server module and writing a custom ftp server... but so far my activity in this regard has been limited to thinking about it. -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From archanoid at columbus.rr.com Thu May 13 23:26:53 2004 From: archanoid at columbus.rr.com (archanoid@columbus.rr.com) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] Linux Firewall Message-ID: <10b84ea10b0c30.10b0c3010b84ea@columbus.rr.com> Scott Merrill wrote: > > I've successfully used 3c509 NICs in LEAF/Bering systems. You > need to configure these with 3c5x9cfg.exe: > http://www.colug.net/pipermail/colug/2002-July/002914.html My home firewall is a 75Mhz Pentium w/o hdd running LEAF/Bering and two 3c509 NICs. After configuring with 3c5x9cfg, they sure do the trick. -Aaron From WKehr at checkfree.com Thu May 13 23:34:28 2004 From: WKehr at checkfree.com (WKehr@checkfree.com) Date: Sat Jan 8 01:35:28 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: Message-ID: Quoth Jonadab the Unsightly One stated > unless someone knows of a way to get Linux to speak the DEC networking protocols. On Google, the Linux search for Decnet returns a bunch of hits. As far as putting an IP stack on VMS goes, there were several companies that supplied that type of software years ago. Some of it might be available for free but you might spend quite a lot of time on the internet searching for it. > It's thinnet/BNC, so I'd have to get a hub that supports that, You might look at the surplus stores. There are also BNC/twisted pair adapters that can be used instead of a hub. Someone might have some of this lying around. Be glad it not the thick coax. > It doesn't help that we don't seem to have any VMS manuals, You might try looking online for some manuals. If not for your particular system the possibly a search for microvax manual -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.colug.net/pipermail/colug/attachments/20040513/f4fd2a4e/attachment.htm From jep200404 at columbus.rr.com Fri May 14 08:05:05 2004 From: jep200404 at columbus.rr.com (Jim) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] thinnet/BNC/10base-2 In-Reply-To: References: Message-ID: <20040514080505.25cea9a8.jep200404@columbus.rr.com> WKehr@checkfree.com wrote: > Quoth Jonadab the Unsightly One stated > > It's thinnet/BNC, so I'd have to get a hub that supports that, > You might look at the surplus stores. There are also BNC/twisted pair > adapters that can be used instead of a hub. Someone might have some of > this lying around. > Be glad it not the thick coax. There is/was a tub of 8 port 10base-T hubs with one 10base-2 port at Computer Success for $5. From sjs at khadrin.com Fri May 14 09:35:52 2004 From: sjs at khadrin.com (Stephen J. Smith) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: References: Message-ID: <1084541752.4964.32.camel@cobra.khadrin.com> On Thu, 2004-05-13 at 22:33, Jonadab the Unsightly One wrote: > WKehr@checkfree.com writes: > > > Quoth Jonadab the Unsightly One: > > > > > I have to keep an ftp server installed on at least one system at work > > > so that I can transfer things to the VMS system, which has an ftp > > > client but AFAIK no ssl-anything. (I don't have to leave the ftp > > > server _running_ all the time though; I can turn it on just when I > > > need to use it and stop it when I'm done.) > > > > With all the DEC software written (such as Decus software) is there any > > sftp? > > I don't know what there is *available*, only what's on this particular > VMS system. I'm comfortable enough with VMS to transfer files onto > there and do stuff with them (e.g. to customize the webpac it serves > out with custom HTML and images and CSS) but not comfortable enough to > go installing arbitrary software. VMS is sufficiently different from > the other systems I know that I'm fairly out of my depth there. > It > doesn't help that we don't seem to have any VMS manuals, only manuals > for the application software we're using. All (or at least nearly all) the VMS manuals for recent versions are available online: http://h71000.www7.hp.com/doc/ http://h71000.www7.hp.com/doc/os732_index.html > The help system is very > helpful with syntax, but there are a lot of foreign (to me) concepts, > much moreso than when I branched out from DOS to Linux. It usually has examples. I can say that for it. > The VMS help system is in some ways better than the *nix one, > especially in terms of being more interactive and context-sensitive > (though not as much so as the Twenex help system apparently was, from > what I've read), but in other ways it's worse, especially in terms of > assuming an aweful lot of background knowledge about the VMS way of > thinking about things. And not being searchable! > If my Vax at home had the ability to connect to the internet, I might > try downloading and installing some things there, for the learning > experience value, but it doesn't have TCP/IP, so that's out, unless > someone knows of a way to get Linux to speak the DEC networking > protocols. What version of VMS? They have a hobbyist program now, if you didn't know. You might be able to get newer software: http://www.montagar.com/hobbyist/ You could look into this sourceforge hosted project: http://linux-decnet.sourceforge.net/ I have no experience with it. I just keep it in my bookmark list in case I ever need something like it some day. One thing you might want to try if you get networking going is GNV: http://h71000.www7.hp.com/opensource/gnvreadme_first.html http://gnv.sourceforge.net/ > I've thought about using a Perl FTP server module and writing a custom > ftp server... but so far my activity in this regard has been limited > to thinking about it. What version of Perl is installed? -- Stephen J. Smith | sjs@khadrin.com | http://khadrin.com/ From bnmille at myrealbox.com Fri May 14 10:21:03 2004 From: bnmille at myrealbox.com (Brian Miller) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] ISC DHCP server Message-ID: <1084544463.a969689cbnmille@myrealbox.com> My organization is looking at replacing its current DHCP server (CISCO Registrar) with the ISC DHCP server (running on SUSE Linux). Does anyone have any experience using ISC in a large (>25,000 leases) environment, or know where there might be some information available? We currently use a reserved DHCP address for all printers, statically assign addresses to servers, but all workstations receive DHCP addresses, generally with a 30-day lease. We must have 100's of subnets. Although our CISCO system is not heavily taxed (CPU utilization under 1%), we would like to find some information about how well the ISC DHCP server might work under similar circumstances. Thanks for any help you can give us. From Matthew.Bond at gahanna.gov Fri May 14 12:53:39 2004 From: Matthew.Bond at gahanna.gov (Matthew Bond) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Exchange connector Message-ID: <09FD61D8173F8A449503AC8D56F0E2430CFEFB@be-02.gahanna.gov> Has anyone been able to download the Exchange connector for Evolution? Matthew Bond Network Technician (614) 342-4072 matthew.bond@gahanna.gov From jim at rossberry.com Fri May 14 13:35:08 2004 From: jim at rossberry.com (Jim Wildman) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] OSS Business Plans In-Reply-To: <09FD61D8173F8A449503AC8D56F0E2430CFEFB@be-02.gahanna.gov> References: <09FD61D8173F8A449503AC8D56F0E2430CFEFB@be-02.gahanna.gov> Message-ID: This article is an excellent discussion of the various ways companies can leverage open source in their business plans. http://www.itmanagersjournal.com/management/04/05/10/2052216.shtml ------------------------------------------------------------------------ Jim Wildman, CISSP, RHCE jim@rossberry.com http://www.rossberry.com From dshermin at ameritech.net Fri May 14 14:02:20 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Exchange connector In-Reply-To: <09FD61D8173F8A449503AC8D56F0E2430CFEFB@be-02.gahanna.gov> References: <09FD61D8173F8A449503AC8D56F0E2430CFEFB@be-02.gahanna.gov> Message-ID: Try http://cvs.gnome.org/viewcvs/evolution-exchange/ also http://fedora.us I can't find it there yet. On Fri, 14 May 2004 12:53:39 -0400, you wrote: >Has anyone been able to download the Exchange connector for Evolution? > >Matthew Bond >Network Technician >(614) 342-4072 >matthew.bond@gahanna.gov > > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug From dshermin at ameritech.net Fri May 14 14:05:27 2004 From: dshermin at ameritech.net (David Sherman) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Exchange connector In-Reply-To: <09FD61D8173F8A449503AC8D56F0E2430CFEFB@be-02.gahanna.gov> References: <09FD61D8173F8A449503AC8D56F0E2430CFEFB@be-02.gahanna.gov> Message-ID: Here is a good site: http://fedora.laiskiainen.org/SRPMS.fdr/ximian-connector-1.4.7-0.fdr.1.src.rpm On Fri, 14 May 2004 12:53:39 -0400, you wrote: >Has anyone been able to download the Exchange connector for Evolution? > >Matthew Bond >Network Technician >(614) 342-4072 >matthew.bond@gahanna.gov > > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug From Matthew.Bond at gahanna.gov Fri May 14 14:46:43 2004 From: Matthew.Bond at gahanna.gov (Matthew Bond) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Exchange connector Message-ID: <09FD61D8173F8A449503AC8D56F0E2430CFF08@be-02.gahanna.gov> Is that packaged for Fedora? I am running Suse 9.1 -----Original Message----- From: colug-bounces@colug.net [mailto:colug-bounces@colug.net] On Behalf Of David Sherman Sent: Friday, May 14, 2004 2:05 PM To: Central OH Linux User Group Subject: Re: [COLUG] Exchange connector Here is a good site: http://fedora.laiskiainen.org/SRPMS.fdr/ximian-connector-1.4.7-0.fdr.1.s rc.rpm On Fri, 14 May 2004 12:53:39 -0400, you wrote: >Has anyone been able to download the Exchange connector for Evolution? > >Matthew Bond >Network Technician >(614) 342-4072 >matthew.bond@gahanna.gov > > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug _______________________________________________ colug mailing list colug@colug.net http://www.colug.net/mailman/listinfo/colug From darnold at crouchingcrab.net Fri May 14 15:03:00 2004 From: darnold at crouchingcrab.net (derek arnold) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Exchange connector In-Reply-To: <09FD61D8173F8A449503AC8D56F0E2430CFF08@be-02.gahanna.gov> References: <09FD61D8173F8A449503AC8D56F0E2430CFF08@be-02.gahanna.gov> Message-ID: <40A517E4.8040902@crouchingcrab.net> From the extension, it looks like a source RPM which you can compile to your liking. now if I could remember the flags to pass to rpmbuild (been a while, been a Debian guy lately) -Derek Matthew Bond wrote: >Is that packaged for Fedora? I am running Suse 9.1 > >-----Original Message----- >From: colug-bounces@colug.net [mailto:colug-bounces@colug.net] On Behalf >Of David Sherman >Sent: Friday, May 14, 2004 2:05 PM >To: Central OH Linux User Group >Subject: Re: [COLUG] Exchange connector > >Here is a good site: > >http://fedora.laiskiainen.org/SRPMS.fdr/ximian-connector-1.4.7-0.fdr.1.s >rc.rpm > > >On Fri, 14 May 2004 12:53:39 -0400, you wrote: > > > >>Has anyone been able to download the Exchange connector for Evolution? >> >>Matthew Bond >>Network Technician >>(614) 342-4072 >>matthew.bond@gahanna.gov >> >> >>_______________________________________________ >>colug mailing list >>colug@colug.net >>http://www.colug.net/mailman/listinfo/colug >> >> > > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug > >_______________________________________________ >colug mailing list >colug@colug.net >http://www.colug.net/mailman/listinfo/colug > > From jeffrey at tadlocks.net Fri May 14 17:00:50 2004 From: jeffrey at tadlocks.net (Jeffrey Tadlock) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Exchange connector In-Reply-To: <09FD61D8173F8A449503AC8D56F0E2430CFEFB@be-02.gahanna.gov> References: <09FD61D8173F8A449503AC8D56F0E2430CFEFB@be-02.gahanna.gov> Message-ID: <20040514210049.GB29706@tadlocks.net> On Fri, May 14, 2004 at 12:53:39PM -0400, Matthew Bond wrote: > Has anyone been able to download the Exchange connector for Evolution? It's available via Red Carpet now and works great! /jft From jonadab at bright.net Fri May 14 18:59:19 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Firewalls In-Reply-To: <104744c1043229.1043229104744c@columbus.rr.com> References: <104744c1043229.1043229104744c@columbus.rr.com> Message-ID: archanoid@columbus.rr.com writes: > > How much do LAN1 and LAN2 need to be separated? > > Ahh, well. LAN2 is a Mac network with AppleTalk running on it. And > LAN1 still has a legacy NetWare 3.x box so has IPX broadcasting up a > storm on it. Okay, so the IPX/SPX and AppleTalk traffic won't be routed, but I think what he meant was, how much do LAN1 and LAN2 need to be separated from one another in terms of TCP/IP traffic? That is to say, can (and should) the firewall just blindly route all TCP/IP traffic between them, or would it be better to be more selective? -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From jmayo1 at columbus.rr.com Fri May 14 22:37:09 2004 From: jmayo1 at columbus.rr.com (Jeremy Mayo) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] arrayGuide Message-ID: <40A58255.9040401@columbus.rr.com> I am looking for ArrayGuide software to be used with a Clariion RAID cabinet, Can anyone help out? Thanks. -- Jeremy A Mayo Network Services Technician 3 Ohio Department of Job and Family Services WINDOWS 32 bit graphical interface for a 16 bit patch for a 8 bit opearating system internally coded for a 4 bit proccessor, by a 2 bit company that can't stand 1 bit of competition From 6f at earthlink.net Fri May 14 23:48:41 2004 From: 6f at earthlink.net (Steve) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Linux Firewall In-Reply-To: <10b84ea10b0c30.10b0c3010b84ea@columbus.rr.com> References: <10b84ea10b0c30.10b0c3010b84ea@columbus.rr.com> Message-ID: <20040515034841.GA14123@earthlink.net> I'm making progress. Thanks for all the help thus far gents. I can finally get the FA311 module to load (natsemi and pci-scan). I then get a very odd error. And I quote "something wicked happened" to the natsemi w/ some funky error 85c63c75. I'm looking in to that now. I've been having odd buffer issues with OpenBSD. I work from home most of the time and use a Cisco VPN package on my Win2k work laptop. If I gen a lot of traffic (db app or several java apps) in a short amount of time, it just locks up. No ping, no nothing. So I'm just looking for a more stable alternative. I haven't tried Knoppix yet on that box, can't boot from the CD (bought brand spanking new in '94). The hottest box at the time was a Pentium 66 (didn't have the cash for that racehorse back then). I'm still trying to figure out how to wedge a NIC in my Commodore 64 and Atari 400. Think they'll run NetBSD? I hear it runs on anything. Woohoo! One other quick q about LEAF/Bering. Which intfc comes up as e0 and e1. PCI first then ISA? Thanks again! Steve On Thu, May 13, 2004 at 11:26:53PM -0400, archanoid@columbus.rr.com wrote: > Scott Merrill wrote: > > > > I've successfully used 3c509 NICs in LEAF/Bering systems. You > > need to configure these with 3c5x9cfg.exe: > > http://www.colug.net/pipermail/colug/2002-July/002914.html > > My home firewall is a 75Mhz Pentium w/o hdd running LEAF/Bering > and two 3c509 NICs. After configuring with 3c5x9cfg, they > sure do the trick. > > -Aaron > > _______________________________________________ > colug mailing list > colug@colug.net > http://www.colug.net/mailman/listinfo/colug From jonadab at bright.net Sat May 15 01:33:48 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: References: Message-ID: WKehr@checkfree.com writes: > On Google, the Linux search for Decnet returns a bunch of hits. > > As far as putting an IP stack on VMS goes, If I can get Linux to speak the DEC stuff, then I don't really need that -- and if not, then I'd have trouble getting anything I downloaded onto the Vax. Maybe I'll look into this... it would be nifty to have a way to get arbitrary software installed on my Vax, and I might learn something in the process. > > It's thinnet/BNC, so I'd have to get a hub that supports that, You > might look at the surplus stores. There are also BNC/twisted pair > adapters that can be used instead of a hub. Someone might have some > of this lying around. Be glad it not the thick coax. I didn't mean thinnet is hard to find, just that the hub I'm currently using at home doesn't happen to have it. But that's a minor issue; the networking protocol issue is the main issue. The ethernet layer is not going to be the hard part about getting Linux and VMS to usefully talk to eachother, especially with my level of knowledge of Decnet. (Hey, it'll be a learning experience.) > > It doesn't help that we don't seem to have any VMS manuals, > > You might try looking online for some manuals. If not for your > particular system the possibly a search for microvax manual I actually have a MicroVAX manual, but it's a manual for the hardware and contains very little information about the OS. There's quite a bit about what to do at the firmware prompt, but that's different. Searches for "VMS manual" turn up links to intranet servers at certain sites that run VMS, plus things like the manual for the VMS version of Python, the manual for the VMS version of GAWK, and so on. Wait, no, I found one. It's a ways down the list of search results, but it's there. Straight from HP, even. Cool :-) And here I was thinking Google was getting pretty good at putting the best results at the top of the list... -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From jonadab at bright.net Sat May 15 02:08:02 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Server setup and FTP In-Reply-To: <1084541752.4964.32.camel@cobra.khadrin.com> References: <1084541752.4964.32.camel@cobra.khadrin.com> Message-ID: "Stephen J. Smith" writes: [VMS] > > The help system is very helpful with syntax, but there are a lot > > of foreign (to me) concepts, much moreso than when I branched out > > from DOS to Linux. > > It usually has examples. I can say that for it. That, and I also like the way subtopics are handled. But it's not always as clear on what other topics are related; *nix man pages have a better See Also section, typically. > > but in other ways it's worse, especially in terms of assuming an > > aweful lot of background knowledge about the VMS way of thinking > > about things. > > And not being searchable! Oh, it isn't? I just figured I didn't know how yet. (I didn't know how to search *nix man pages at first either... for someone coming from a DOS background, forward slash isn't the most intuitive way to introduce a search.) > > If my Vax at home had the ability to connect to the internet, I might > > try downloading and installing some things there, for the learning > > experience value, but it doesn't have TCP/IP, so that's out, unless > > someone knows of a way to get Linux to speak the DEC networking > > protocols. > > What version of VMS? 6.2 IIRC. Or it might've been 6.1. Whatever was current in Spring of 1995. The VMS system at work is 7.2-1, but it's significantly newer. > They have a hobbyist program now, if you didn't know. > You might be able to get newer software: > http://www.montagar.com/hobbyist/ Yeah, I actually joined Encompass at one point. Then I didn't do anything meaningful with it. ISTR that the hobbyist kits came on CD-ROM, a kind of drive my Vax doesn't have. But if I could figure out how to use the ethernet to transfer files over from a Linux system... that would open up possibilities. > You could look into this sourceforge hosted project: > http://linux-decnet.sourceforge.net/ Well, that claims the ability to copy files back and forth, which is the key thing I would need. I'll have to look into that. > > I've thought about using a Perl FTP server module and writing a custom > > ftp server... but so far my activity in this regard has been limited > > to thinking about it. > > What version of Perl is installed? I meant on a Linux system. The VMS system does not have Perl. (The Linux systems have 5.6 or 5.8 (depending on which system), but I typically write code based on the information in my 2nd-edition Camel (which I think predates 5.6) and the module docs on search.cpan.org (which is somewhat more current but only covers CPAN modules).) -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From colug at jmglov.net Sat May 15 07:23:00 2004 From: colug at jmglov.net (Josh Glover) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] arrayGuide In-Reply-To: <40A58255.9040401@columbus.rr.com> References: <40A58255.9040401@columbus.rr.com> Message-ID: <20040515112300.GA660%jmglov@jmglov.net> Quoth Jeremy Mayo (Fri 2004-05-14 10:37:09PM -0400): > -- > Jeremy A Mayo > Network Services Technician 3 > Ohio Department of Job and Family Services > > > WINDOWS > 32 bit graphical interface for a > 16 bit patch for a > 8 bit opearating system internally coded for a > 4 bit proccessor, by a > 2 bit company that can't stand > 1 bit of competition Hmm... I have seen this sig somewhere before... ;) -- Josh Glover Gentoo Developer (http://dev.gentoo.org/~jmglov/) Tokyo Linux Users Group Listmaster (http://www.tlug.jp/) GPG keyID 0xDE8A3103 (C3E4 FA9E 1E07 BBDB 6D8B 07AB 2BF1 67A1 DE8A 3103) gpg --keyserver pgp.mit.edu --recv-keys DE8A3103 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://www.colug.net/pipermail/colug/attachments/20040515/f4cba99f/attachment.bin From 6f at earthlink.net Sat May 15 12:23:18 2004 From: 6f at earthlink.net (Steve) Date: Sat Jan 8 01:35:29 2005 Subject: [COLUG] Linux Firewall Message-ID: <20040515162318.GA15652@earthlink.net> I didn't see this hit the list since I sent it last night. Not sure what happened. Here it is again.... ----- Forwarded message from Steve <6f@earthlink.net> ----- From: Steve <6f@earthlink.net> To: colug@colug.net Subject: Re: [COLUG] Linux Firewall I'm making progress. Thanks for all the help thus far gents. I can finally get the FA311 module to load (natsemi and pci-scan). I then get a very odd error. And I quote "something wicked happened" to the natsemi w/ some funky error 85c63c75. I'm looking in to that now. I've been having odd buffer issues with OpenBSD. I work from home most of the time and use a Cisco VPN package on my Win2k work laptop. If I gen a lot of traffic (db app or several java apps) in a short amount of time, it just locks up. No ping, no nothing. So I'm just looking for a more stable alternative. I haven't tried Knoppix yet on that box, can't boot from the CD (bought brand spanking new in '94). The hottest box at the time was a Pentium 66 (didn't have the cash for that racehorse back then). I'm still trying to figure out how to wedge a NIC in my Commodore 64 and Atari 400. Think they'll run NetBSD? I hear it runs on anything. Woohoo! One other quick q about LEAF/Bering. Which intfc comes up as e0 and e1. PCI first then ISA? Thanks again! Steve On Thu, May 13, 2004 at 11:26:53PM -0400, archanoid@columbus.rr.com wrote: > Scott Merrill wrote: > > > > I've successfully used 3c509 NICs in LEAF/Bering systems. You > > need to configure these with 3c5x9cfg.exe: > > http://www.colug.net/pipermail/colug/2002-July/002914.html > > My home firewall is a 75Mhz Pentium w/o hdd running LEAF/Bering > and two 3c509 NICs. After configuring with 3c5x9cfg, they > sure do the trick. > > -Aaron > > _______________________________________________ > colug mailing list > colug@colug.net > http://www.colug.net/mailman/listinfo/colug ----- End forwarded message ----- From jeffrey at tadlocks.net Sat May 15 20:30:42 2004 From: jeffrey at tadlocks.net (Jeffrey Tadlock) Date: Sat Jan 8 01:35:30 2005 Subject: [COLUG] SuSE Wireless LAN vs. DHCP Message-ID: <20040516003042.GA30909@tadlocks.net> I recently started running SuSE 9.0 on my laptop, previously I had been running Debian on it. I have an odd issue I can't quite track down and I thought someone might have a solution. The laptop has an onboard NIC (3Com 3c905C-TX/TX-M [Tornado]) and a PCMCIA wireless card (Orinoco Gold). When booting at home I have the Orinoco plugged in, no hard LAN connection. During the boot process it tries to get a DHCP address for eth0 (3Com card), there is no cable attached so it moves past to wlan0 (Orinoco) which stated 'hotplug' during the start up messages. Once the laptop is booted I am connected to my WAP (verified with iwconfig) and I have an IP address for my local LAN. However, I do not get my default gateway or any nameservers. So I run 'ifdown eth0' then 'ifdown wlan0' then 'ifup wlan0'. That sequence puts me on my network, IP assigned, complete with the default gateway and nameservers. Not a big deal to run the commands manually but I would really like not to have to do that. I have also tried (after reading a newsgroup thread started by our own Sean McHenry) setting the boot mode to 'manual' for the onboard NIC. On reboots this works, my wlan0 gets all the info it needs from DHCP. If I need to use the onboard NIC I can then use 'ifup eth0' and be fine when I don't have my wireless connection. So I have two manual ways to get it to work. While neither way is that big of a deal what is the trick to get this to work without manual intervention (as it did in Debian)? I want to be able to boot up and whether I happen to be hard wired in or using the wireless card be assigned my IP information and be working. I'm new to SuSE so maybe I am missing something obvious. I'm copying my ifcfg files below in case they might help someone (WEP disabled for testing, don't worry I am surrounded by acre after acre of farm land...). Thanks! Jeffrey ifcfg-wlan-pcmcia BOOTPROTO='dhcp' DHCLIENT_SET_DOWN_LINK='yes' MTU='' REMOTE_IPADDR='' STARTMODE='hotplug' UNIQUE='K1pk.jrBDbmL7DWA' WIRELESS='yes' WIRELESS_ESSID='' WIRELESS_KEY='' WIRELESS_MODE='Managed' ifcfg-eth0 BOOTPROTO='dhcp' MTU='' REMOTE_IPADDR='' STARTMODE='onboot' UNIQUE='B35A.YWFn_LkyZn1' From jonadab at bright.net Sat May 15 21:06:55 2004 From: jonadab at bright.net (Jonadab the Unsightly One) Date: Sat Jan 8 01:35:30 2005 Subject: [COLUG] Variance of Successful Tests In-Reply-To: <2909.24.123.50.150.1084460818.squirrel@mail.jmglov.net> References: <20040512084622.36cb0849.jep200404@columbus.rr.com> <40A2291E.3090200@bugs.osu.edu> <20040512101510.46899d15.jep200404@columbus.rr.com> <40A272B6.3030503@bugs.osu.edu> <20040512205616.GI6755@linuxcolumbus.com> <2909.24.123.50.150.1084460818.squirrel@mail.jmglov.net> Message-ID: "Josh Glover" writes: > Oh be fair, now! XP supports FAT16, FAT32, *and* NTFS! ;) Also FAT12 and ISO9660, and possibly others. -- $;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,"ten.thgirb\@badanoj$/ --";$\=$ ;-> ();print$/ From mwmiller at columbus.rr.com Sun May 16 15:20:06 2004 From: mwmiller at columbus.rr.com (Matthew W. Miller) Date: Sat Jan 8 01:35:30 2005 Subject: [COLUG] Exchange connector In-Reply-To: <40A517E4.8040902@crouchingcrab.net> References: <09FD61D8173F8A449503AC8D56F0E2430CFF08@be-02.gahanna.gov> <40A517E4.8040902@crouchingcrab.net> Message-ID: <20040516192006.GA18365@columbus.rr.com> On Fri, May 14, 2004 at 03:03:00PM -0400, derek arnold wrote: >Matthew Bond wrote: >>From: colug-bounces@colug.net [mailto:colug-bounces@colug.net] On Behalf >>>On Fri, 14 May 2004 12:53:39 -0400, you wrote: >>>>Has anyone been able to download the Exchange connector for >>>>Evolution? >>>Here is a good site: >>>http://fedora.laiskiainen.org/SRPMS.fdr/ximian-connector-1.4.7-0.fdr.1.src.rpm >>Is that packaged for Fedora? I am running Suse 9.1 >From the extension, it looks like a source RPM which you can compile to >your liking. >now if I could remember the flags to pass to rpmbuild (been a while, >been a Debian guy lately) 1. Make directories for installation: # rpmbuild --install-build-tree 2. Find out where the spec file will be hiding; it'll likely be a directory ending in SPECS: # rpm --eval "%{_specdir}" 3. Install the source RPM: # rpm -vhi ximian-connector-1.4.6-0.fdr.1.src.rpm 4. Check out /path/to/SPECS/ximian-connector.spec for possible '--with'/'--without' options; note that the syntax listed in 'rpmbuild --help' is wrong: Correct syntax is '--with