I am planning a new file server in our domain which is active directory based windows server 2003 I am also considering
thanks a lot
http://en.wikipedia.org/wiki/Algebraic_geometry
hi
make a typo want to know how to correct it please. the typo was ln -s linux-source-2.6.21 linux I missed the “i” out of linux and when i try to make the link agian it thinks it already exits how to make corect?
hi. where could i set environment variables that apply to every shell. I tried /etc/profile but somehow without effect
(and I did export the var)
/etc/environment ?
I’ll check it
as lnux-source-2.6.21 linux
rm linux
brb
thanks
!qotd0
i heard qotd161 is * asg sings the ‘My Little Pony’ song
mv; mv foo foo1
alredy done what hark suggeated
hello
for future reference, ‘ln -sf linux-source-2.6.21 linux’
I’m installing the debian testing 2nd of august release and it stops when trying to connect to a time server… anyone knows how to solve it?
That will silently overwrite the old link (or file, if there was a file and you for the syntax wrong 
hello there
symlinks to “linux”, how very pre-Kbuild.
how come the ln accepted a nonexistent file to symlink to/from?
this is y2k calling and they want their makefiles back.
always did that IME
heh heh heh
hi
!tell root -about root
xingu, thank you bro, It worked
m-a prepare still does it
oke
how made a deb package ?
why on earth I failed to find this information on the web. The info, that env vars are set in /etc/environment. and no secure linux web hosting books mention it in connection with ENV vars
at least online books
pam_env.so is what does the magic.
heya
I think it always a problem sometims working with lenny
books are frequently dated; and there’s always more than one way to skin a feline with unix.
!lenny
lenny is, like, the codename for the next Debian release, currently testing. Lenny is the binoculars. ask me about etch-lenny
! etch-lenny
xingu, well i tried one way – mentioned in books – and i failed. So there is not so many ways – it seems
in the etch timeframe, pam has suddenly become very, very feature rich.
forgot the
! etch-lenny
Edit your sources.list (# editor /etc/apt/sources.list), change all non-local mentions of ‘etch’ or ’stable’ to ‘lenny’. Save the file, then update and dist-upgrade. Also consider subscribing to debian-devel-announce (ask me about d-d-a) to be aware of what developments are happening. NOTE: you
should be running a 2.6 kernel before trying to upgrade
xingu, ok, thank you. now i go . best regards
what do i need to fluxbox is it just baisc core + xorg+kdm for example
the bare mininum
{x,g,k}dm aren’t really needed. xorg + fluxbox will go fine
You don’t need a WM, either
thanks
nope
just run the xterm with nothing else ;p
or forgo x
I do.
or even turn the thing off
Hooray for console-setup, kbd and terminus-console
that’s really truly hardcore
Well yes
turning it off
i can code on my fingers
/quote
(no, not making fun of anyone, not my intent)
installed komander and kommander dev on fluxbox as I need komander-dev to ran a script but when i invoke kommander no such file or directory
kommander
try komtabtab
or dpkg -L kommander to find the binary
dude’s been joining/quitting most of the night
i have to have a hair of the dog
she’s really nice, doesn’t shed much, and smart
yeah, the isp’s tubes are prolly blocked from all the bots probing my server
hehe :/
thanks the list is a mile long
i am thinking of dropping the entire range
all the effing zombified windows and old RH 5.x hosts out there…
| grep bin
sometimes i do that, just too much crap coming in from some unallocated/rogue IP blocks
i hate having to do it sometimes…
anyone in london from here ?
command is
yes.
london where?
ahhh
dpkg -L
SlayerXP++ thanks
anywhere 
lol
just wanted to ask who has bt broadband
not i
not me
all broadband is provided by BT
for some reason i think there is some stupid mistake on their router
i cannot dmz my machine
which router?
BT owns all the physical lines. You can choose from many ISPs for the actual service, though
schaaa
uh oh, mesof the drunk is back
where’s my money’!
ok thanks we have got /usr/bin/extrackmdr, /usr/bin/kmdr-plugins, /usr/bin/kmdr2po , /usr/bin/kmdr-executor, , /usr/bin/kmdr-editor
in your bank account
?
the bthomehyb
think about what you said and you’ll get it
hub
to shozzled
probably
Debianix, get a new router?
i have one, but my landloard owns the internet acess so he prefers to stay with what he knows
kick him in the nuts
i went reading on google, and i saw an article saying some of the routers might be locked
is that possible ?
are you a woman
^^
Debianix, just port foward 1-65535 to your machine
yep, 18yo blond, big boobs.
a) why does that matter? b) are you?
liable, cybersex?
no, i’m a wanted felon in 47 states
ahh let me try that then
you kck him in the nuts, IS NUTS REFERING TO TESTICLES?
a linux addict, what!?
yep
47 states of inebriation
have you never heard that before?
we know about cyber
okay, we’re just smart
yes but I did not understand as my first lanuage is not english it was just the NUTS part
little question, why do you capitalize nuts?
because he wants to
well t seems strange that nuts refering to testicles but I see the connection now a little slow
shouldnt you have fallen off your chair by now?
i always think of nuts as in cadberise fruit and nut chocolate
blow on him he’ll tip over
yes your linux coms have blown my mind, but really!
i wouldnt be surprised at all
any back kmdr lots of error messages because i only have fluxbox will not install kde for the sake of running kommander
english please
eugh~!
ok when I run mdr-executor lots of error mssages maybe I need to install kde which I will not do
kmdr
if kommander needed it, it should have installed it
if i log into my server via ssh and execute a process, ie. ftp some files. is there a way of leaving that process on, even after i have closed the shell ?
screen
aye ive heard of that
how can I change ownership of a symlink? with chown, i keep changing the ownershipp of what the symlink points to..
can you log back into the exact same shell with screen?
hats a good pint
thats
links dont have perms iirc
yup
screen -R -D
excellent
i think bitchx used a similar technology IIRC
check my away message /away 4eva!
it says in ls -l it’s owned by root, group root. but the target directory is owned by my username
Seems that im banned from #debian-offtopic…. how come?
bad odour, take a shower
subx, and hows that supposed to help me? lol
ah liable you don’t go in ##linux, that’s right
its mentioned in man chmod actually
ran kmdr-executor , error – no dialog given use –stdin option to read dialog from standard input
check the docs i guess
right
i just trying port forwarding 80 only
and it doesn’t work,
blehhhhhhhh
!java one-liner
….
no java oneliner?
!java
Java is Sun’s cross-platform OO language. Sun partially released java as GPL on Nov 13, 2006 (rest expected to be released in 2007). There are other implentations available in Debian such as ‘free-java-sdk’ for use with applications like
Eclipse. The Sun JRE/JDK is in non-free. Also, ask about install java, non-free.
!install java
or install the sun-java5-jdk or sun-java6-jdk package from non-free if you’re using etch/lenny/sid.
message the bot dude or we will have to lart you into next year
excuses me i’m running etch and i would like to install gnutella or limewire , i cant find both with aptitude search ?
non-free?
is there a special entry in source-list
do you have contrib and non-free in there?
yes
oh. thanks.
Hello, I have just installed spamassassin on my server hosting (which seems to be working well), however while in /etc/defaults/spamassassin CRON=1 when I take a look at the cron job (in /etc/cron.daily/spamassassin) I see that CRON=0
(which causes it to exit). Can anyone tell me what I am doing wrong?
i hate that router with passion
Hello
!qotd0
wow i didnt kno linux had an interface
!coco
added quotes 190 – 199 to the mix. Find them all, win a cookie!
chocky chip?
yes
hm, for some reason there are no qotd195 – qotd198, but 199 – 201 are there.
throw in a glass of milk and its a deal
jelly-home: make it a hash cookie and stoned will pee himself
hah
-ENOCAFE, time for refill
get me a damn eer while your at it
beer
beer? you can’t handle my beer.
maybe i have had enouf allready
milk would curb if sent overseas
you shouldn’t drink beer
Hey room
coco?
hey ttuuxxx!
lol nice nic room
so does this room have any windows?
it’s not a “real” room
do you have a Debian question?
i’m on xp but really like puppy linux
nope. like us nerd prefer, its a dank basement
!room
CHANNEL!
what do XP and Puppy have to do with debian?
rogue-: whats with the coco?
what do you mean?
anybody know if the latest iceweasal fixes some of its unstablity?
well puppy is kind of debian based, even that it was made from scratch
I run the latest iceweasel and it’s perfectly stable.
no, but it introduced some new instability
Seems that im banned from #debian-offtopic…. how come?
it can run .deb files
someone kick bell.ca
maybe you weren’t offtopic enough
what do you mean by “running” .deb files?
ask the ops there
rogue-, cool ill update so.
liable, how would i ask them if im banned? lol
query them
liable, i have no idea who the ops are
i think abrotmoo is one
my isp just send me a slammer worm on a rfc1918 ip address host via ppp0! wtf bell
check your status window (or whatever) for a list of names from #debian-offtopic
10.10.10.254!
huh?
for the last few weeks ive been tracking a packet from the net from 10.10.10.254 port 1434 udp, a slammer worm signature
is PPPoE in use anywhere?
i couldnt tell before through the switch, now with my ppp setup i know for sure its coming over pppoe
yes
we use it
check the ether headers – it might be a broadcast frame.
!ops Hey… listen up…. it seems that im banned from #debian-offtopic, could anyone explain me why? and hopefully unban me if its not a big deal…. thx in advance..
Hydroxide, bob2, caphuso, dondelelcaro, doogie, eeyore-, ElectricElf, ):, helix, ljlane, LoRez, RichiH, mentor, Netsnipe, TML, walters, xk, gravity, azeem, Maulkin, stew, peterS, Alife, Myon, Ganneff, Maulkin, weasel, zobel: rvgate complains about: Hey… listen up…. it seems that im banned
from #debian-offtopic, could anyone explain me why? and hopefully unban me if its not a big deal…. thx in advance..
wrong ops dude..
with a slammer worm signature?!
gotta be someone also an op in offtopic..
entirely possible
maybe they did some scanning
jelly-home: for the last month?
every 2 days on the day
maybe they banned you because you’re lame lulz
I need to hide the apache string that appears when I run “curl -I www.mysite.com”
i can’t see it. private ip’s shouldnt ever come via my ppp imho
I setup this in apache config file
things to look out for; ethernet will obviously broadcast err broadcast frames regardless of content; and also, a ethernet switch will default to flooding a frame if there’s no cam entry for its target mac
anybody know why when i try to remove evolution, aptitude wants to remove everything asscioted with gnome
ServerSignature Off and ServerTokens Prod
ok
hi, we have been trying to setup a xerox docuprint 203a which connected to a d-link DP-303 print server but no success yet, any help please
rogue-: why would they discriminate based on physical disabilities?
-gnome-desktop-enviroment works good, but the next solution wants to remove gedit,gdm..etc
jelly-home: because nobody likes people with physical disabilities
what part of that involves debian
your missing something. 1) ITS 100% SLAMMER SIGNATURE 2) its Always the same port
datalink dependant sorry; unless they use switch firmware that gives you a discrete segment per customer (some metroE does) the defacto is sloppy ethernet enginearing.
IT DOESN@T MATTER.
i have that printer, it works in debian fine enough
dont feed me some bullshit as to why my isp is sending that
where’s the control panel in kde?
it’s possible to broadcast a frame that has slammer signature payload
anybody know why when i try to remove evolution, aptitude wants to remove everything asscioted with gnome
the printer is in a network and I’m having problem to set it up
oh, well stay ignorant then, spout off here instead! that’s sure to cure it.
why are you asking here, instead of asking your isp?
you need to unmark the gnome stuff as auto
do you mind to let me know the set up?
yes.
well, im open to reading about what you claim in url’s if you got any
connection, port, driver, etc.
my monitors kinda screwed, where’s the graphics options or control panel like thing?
you installed `gnome’, which pulled in evolution and everything else. Trying to remove evolution makes the `gnome’ metapackage uninstallable, causing it and everything it pulled in to be removed.
damn phone
jelly-home: isp didnt care last time I called. seen as you say “switch” with bell they pretty well hang up
s/seen/soon/
wtf? I’m reminding you how ethernet works and you want some ludicrous cite?
man, one grumpy bum today.
if it’s just gnome gnome-dsktop-environment etc, then that’s ok
change the isp.
do any of you guys keep your irssi session open with ’screen’ ?
yes
aye good idea
thats why this channel has ~600 users that never talk
so your saying that if I were to setup a vulnerable IIS server and forwarded that packet to my machine, I wouldnt get a slammer worm from my isp?
I have x86 board and I have installed debian on it but I want that when debian shutdown than it beeps how to do that?
i thought that might be because of bncs
whats bncs?
hey is it possible for someone to make a secure login pup file for puppy linux, thats what sucks about it, your automatically an admin user full time in puppy linux?
psybnc
irc proxy
I’m saying that ethernet switches will flood broadcast frames and also frames where the destintion MAC is not learnt (in CAM)
anything else you choose, in your current ill humour, to assume I’m saying is entirely up to you.
#puppylinux
so your suggesting that I am getting a packet that is left over from some oversized frame?
hark #pupplinux has no idea how to do it, so debian is like its big brother with all the know how.
the big brother thats about to pin you down and give you the typewriter!
ok, but i doubt you’ll get an answer here
no; a packet that is /either/ a broadcast frame (all 1’s dstaddr) and hence likely to be a below-the-radar *probe* – or – a unicast frame (!broadcast, !multicast) where the dst address has recently departed the broadcast domain you, and all your other local co-subscribers, share at the
headend.
night all
does anyone have a busybox linux based hosting services running somewhere (embedded system or other) who can give me a filelist of the system (find / output) ?
how do you explain the slammer worm payload?
random fluke?
there’s a slammer worm or below-the-radar probe on your same segment.
man busybox has the binaries
well, functions as they say
thats what sucks hark , if you can’t get the answers in the home forums or the irc and you try other places , you get nothing, to me all Linux users should be brothers and not brothers at arms, shit we have microsoft for that.
pppoe designs are *usually* implemented poorly because folk who understand ethernet are few and far between.
sounds like a serious security issue then if anyone dsl subscriber is able to forge 10.x.x.x ip’s and send them on the network
!be an ethernet barbie
editing config files by hand is so HARD!
they *usually* leak whatever crap is put on to the segment by the provider /or/ other subscribers regardless
not relevant you fool!
poor quality design leads to everyday lower prices.
Im guessing 10.10.10.254 is my modems internal ip. and more likely believe that a bell internal server is infected or scanning using real payload
the “modem” will be acting as a ethernet-to-whatever half-bridge as will its peer.
liable I need a filelist of a busybox distro
probably ethernet-to-ethernet-over-atm.
a half bridge? how do you “half-bridge” something?
it’ll re-radiate whatever crap the provider and spec permit; the provider is probably allowing anything local to be forwarded – per-packet inspection (verses straight forwarding) at the far end is expensive and a website design
challenge.
is that like double reverse vampires?
you wrap it up in a cuddly little header for a different media type and flick it across interfaces.
with those evil flying monkeys!
and do the inverse on the far end.
sounds just like tunneling to me
yeah, it probably would he says snidely.
almost like….pppoe!
I’m done, enjoy your problem.
i always love your explanations though
that always make so much sense
if you think that ppp is a media type you’ve got a lot to learn.
well thanks for nothing guys, must be nice to have the sunshine out of your asses, out of 732 people, no one could help someone who wanted to make a good distro a secure one, bunch of pricks
!customer
Another happy customer leaves the building
….
rogue-, but still this appears Server: Apache/1.3.37
debian uses gnome right, is there a control panel or a config file so i can adjust either the monitor aspect ratio or the graphics card settings?
jusae, gnome-display-properties (??)
Should I be running `unattended-upgrades’ instead of `cron-apt’ on my servers?
*my Etch servers.
why is apt-get install gcc installin 470k when the gcc people send out a 15meg file?
meta-package?
hrm, thats prolly not even right
gcc, g++. gcj, gcc-x.y etc etc… there are many package that come from the gcc source
gcc isn’t set properly
did someone install some sms solution and would have one to advise ?
grrrr at how much setting up and organisation is necessary
!b-e jusae
Sounds like you need to aptitude install build-essential.
1)install build-essential 2) compile to you hearts content
thxs liable
sms as in text messaging?
yes
for some damn reason when i send ANYTHING from my shell to another box, my send speed gradualy drops to around 150 – 300k, no matter what i use, apache, scp, ftp, smb, etc…
for sending some alerts to oncall persons …
wireless?
i used to have a lynksys route that did that
liable, in this case yes.. but it has happend over wire before
i purchased 100,000 texts from 2sms.com , they have an xml interface for sending, i have perl scripts and a c# app to send the messages
liable, its been like this through sevral router revisions
ifconfig eth0 | grep errors
apt-cache search send sms
look for increasing error count.
xingu, on the box thtas sending or rcving ?
substitute eth0 with whatever your network interface is
on both.
k
tcp will respond to lost (ie, errored) frames by halving the window size (ie, halving bandwidth estimation)
ic
well ther eare errors on the sending box
wasn’t there a specific tcp window managing algo good for wireless?
The-Lab:/home/vyrus/torrents# ifconfig eth1 | grep errors
RX packets:4471451 errors:0 dropped:0 overruns:0 frame:0
TX packets:6495423 errors:0 dropped:0 overruns:0 carrier:0
was thinking maybe something like gnokii or somethin’ else like maybe alamin
most common source of ethernet errors is duplex (half vs full) mismatch between NIC and hub/switch port
ic… anyway to detect which is which / fix the problem?
jelly-home: yes but you’d need to hat 802.11n speeds running in the neighbourhood of theoretical max before you saw much beneft *over* tweaking the 802.11[abg] datalink timers.
depends on hardware; either ethtool (new, blessed) or mii-tool
or possibly a module parameter; is the switch/hub managed? can you set its per-port settings ?
s/hat /have /
ic… so what im aiming for is detecting which duplex mode is on bolth the sending / recving system “system and router in this case” and setting them to match?
precisely.
ok.. thanx man
big help
if you look at your hub/switch you should see the error light jabbering away like mad too.
xingu, my switch is a consumer POS dlink
i dont even know if it has an “err” light
they don’t call them de-links for nothing.
hehe
yea my old moded wrt died so.. wacha gona do _
i have no other src of internet so, it was eather hit up frys and get some shit thing or have nothing
does using rdiff to do incremental backups of a block device with a filesystem on it [with a lvm snapshot] go down well?
*nod* you do what you gotta do; in this instance you ideally want to end up with everything source, sink, and both hub/switch ports agreeing that 100baseTX/ full-duplex is a good idea
providing it is in fact a switch; a hub will only ever run at half-duplex (it’s just an antenna).
xingu, its a router so.. a switch it is
never assume.
heh
xingu, well weather or not its a switch or a hub ( and due to sniffing and other forensics on my network as of late i think its a switch) its a consumer pice of crap, thats for sure _
if it claims to be 802.3u and isn’t, you can sue their arse is what I’m saying here.
excuse the stupid question, running a.out in bash?
jusae, what about it
command not found
chmod +x a.out
./a.out probably.
thxs xingu
hello world!
woah, oldschool
thats original…
sorry, takes fsckin forever to dump that 1 packet from the massive capture file ;(
where does apt-mirror place the cvs tree?
xingu, btw awsome info on ethtool, this thing wins
if someone is running an a.out, you can almost gaurentee its a hello world program
cvs tree?
yeah, the source stuff
root/dev?
whatever directory you ran apt-get source in
apt-mirror not apt-get source
Hi, I have question, how can I convert the VCD to any other format ? mpg or avi or anything else
a.out as in their first manual gcc compile you mean? yea heh
ya
mencoder
i would imagint the apt-mirror docs would mention it
6 -T
the packages are downloaded to /var/spool/apt-mirror
it’s text mode?
see if you can generate a icmp unreachable response out of the fucker.
how are you? are you off today?
that mac is my router, thats an old capture though.
yes… and it has too many options for its own good ;(
yes, but i have a hangover
i’m installing it, i’ll try it
i only noticed the packet when i setup the dmz and it got forwarded with the rfc1918. i had to setup pppoe in linux just to verify it wasnt internal via spoofed arp
what does hangover mean?
err mac
hmm; in that case you’re a bit stuffed (yes, your router is acting as a ethernet-to-ppp-over-x half bridge)
drunk last night
good, enjoy your time, you deserve
but with linux as the router now, i caught the packet in the syslog, just didnt pcap it this time. it is coming via ppp0 not eth0 though
*nod* what happens if you configure an interface alias as 10.10.10.252 and ping .254 ?
yesterday before you sleep I wanted to say hi to you, But you didn’t answer
ie, not a ppp0 alias, an eth0 or whatever alias.
54 gig, its gonna take some time
goal is to generate an ether frame with that target IP address and see if it will resolve to arp who-has.
you mean alias eth0 as 10.10.10.252 and try send to eth0? or pp0?
eth0, then check your arp table afterward.
well, would have to be eth0 out then for arp
i may have been away from the computer, likely getting a beer from the fridge
i really wanna get codin, i can’t stop pacin, i’m gonna go for a walk
I install it, But it seems very diffecult to convert
hard to write stuff when your walking
if you get lucky, it’ll reply at layer3 and with the peer’s mac address; if you get unlucky, it’ll be dead at layer3 and your bridge will spoof arp.
nod
thxs guys, i’ll be back later, appricate the help
what are you doing?
But with liable, it might happen to write when you walking
nothing
graphics stuff
arp is still (unknown) ?
incomplete, but ya
are you downloading the entire debian mirror so you can do some development?
that’s about as far as you can take it from your end 
the manual is very long, can you help me to conver my vcd to mpg for example
sorry… not off the top of my head. If you google for examples you’ll find some though.
get on abuse@provider’s case and tell them that you’re recieving unwanted traffic from their network – they probably won’t be able to sort it out but abuse@ will be resourced while helpdesk@ won’t.
yea yea, sorry for toruble
I only use it very occasionally so I have to rtfm every time I use it.
tell me about it. and bell doesnt care. They way i look at it, either a customer found a way to send “virii” over the bell network using impossible to believe private ip’s or one of bells windows servers is infacted or sending intentionall (and the later two would never get past phone support.
already tried)
abuse@ will have a line into 2nd-line-support@ too if they get enough complaints to warrant investigation (ie, ethernet tap at the headend)
yes
that sounds…. ummm… excessive….
i tried. first i tried via IE and their activex to talk with a tech. soon as I said i had a switch, the connection dropped with a RST! I tried like 4 times total and they just kept hanging on the web interface
yeah
if you were really keen you could buy a dsl modem that groks linux (speedtouch?) and join in the fun; subinterface on ppp0-over-atm, ping away
but a function here or there could be used else where
email abuse@
really.
hi! Is it possible to create in dovecot folders with national symbols?
next day I phoned and got a tech that understood what I was saying and did his best to get me to a tech. but eventually i just got some french guy in quebec or something that was for commercial tech support and he basically give me the, “check your settings, reset your modem” speel
if you can find them amongst all that. And if it’s in the right language. with the right licence.
bif you can find them amongst all that. And if it’s in the right language. with the right licence./b
google code search or koders are probably more useful….
what license
chuckin
as soon as it’s clear that it’s a residential complaint the chart says “divert to helpdesk @least-cost-option”
the only route which will work is the abuse@ email (potential) blackhole
you are downloading the source packages not the binaries too, aren’t you?
btw, sorry about earlier I know what you mean about broadcast to all ports without mac on a switch. but regardless, 10.X/192.168.X/172.16.x should never make it past their firewall on the router. whats worse, I even get 137’s off eth0 when I start up dhcp.
whatever apt-mirror comes with, plus i wanted to look at the cvs app stuff
to debug this the provider needs to configure an ethernet sniffer on the remote end where the pppoe concentrators are
that’s the thing; there is no “router” in the classic sense which is why this leaks like buggery
you have an underlying switched atm-over-whatever cloud; over the top of that is *bridged* ethernet-over-ppp
ya, i figure since I caught the ppp0 log this time I am sure (and grateful) it wasnt internal. but ppp0 suggests to me its coming from their servers (albeit nobody noticed too since its a slammer variant, and google only had _1_ single hit for it)
and over that is pppoe (which is why I asked if you were using it – it’s how I know)
if you just want cvs then just aptitude install cvs ? And if you’re starting a new project, then investigate something like svn or git instead.
(rather than using cvs)
the deal is you’re ~probably recieving the packet from the bridged-ethernet layer not the point-to-point encapsed pppoe layer.
why would it be getting recieved via ppp0 in that case then?
if they don’t packet filter the ethernet layer shit will happen; it is *hard* (complex, expensive) to filter (at line rate) at that layer
i could understand it coming through eth0, but my ppp ?
depends how dumb the headend is; it may turn any ethernet broadcast frame into a unicast ppp-o-e frame.
and btw… if you’re itching to get coding, then why don’t you just do so… you don’t need to download the entire debian archive before you can start coding….
this is guesswork right up to the point that abuse@ turns on an ethernet tap within the headend and debugs it.
well, as long as its local to bell im more at ease. originally i was concerned my box was accepting tunnels or something
well, should be fairly easy to debug with a packet log and a timeframe (every 2day’s ish)
it’ll be local to bell, possibly originated within that bell POP, possibly (through the mysteries of inter-concentrator-transit-ethernet port flooding behaviour) from another subscriber to that POP
yep; the missing link is – provider interest; if you were one of my customers the offending party would already be dark.
mind you, i honestly dont know what format to send the packet in. last thing i want is the packet triggering virus scanner in email, and if I used uu, im sure nobody but the high end tech’s would have a clue
tcpdump -nvvi with a http link to the actual capture
i guess i could go that way. was more wondering what packet proggy they use. either pcap of the MS format
guess i could use both though and send file beam
usually wireshark
i would hope so
I would take a 99% guess that abuse@ uses wireshark for analysis and netvcr for flow capture.
*sigh* now i gotta wait 2 more days to capture the new packet off the ppp0
is 2days your (own) pppoe session limit/lifetime?
no, about every 2 days the packet hits me
understand that, I’m playing probabilities for origin here
generally diff src port, and not exectly 48 hours. must be mass sending, thats why i assume every time it hits 10.10.10.254 (my internal bell ip??) i get it
if every 2days your own pppoe session goes lcp down it tells me something I don’t know about the bell subscriber profile in that POP
if the packet is turning up ${interval} ~= session lifetime, we go from there to a possible failure mode
and the funny thing? this isnt the only IP i was getting hit by. it started when I caught random 192.168 ip’s that I dont even have in use showing up in my logs. the 10.10 ip was what got me more curious
although i havent noticed and other ips other than 10.x yet. ill have to dig into the logs real quick
mencoder not help for the VCD
no, just the one 10.x so far since i switch to linux as router
hi
ie, if ppp concentrator session to the “real” endpoint of that flow goes dark periodically (predictable period), then the switch just north (to-core) of it will go from forwarding to flooding for that flow after the associated cam entry (for the destination ethernet bridging mac)
expires
whats odd, the 192.168 ip’s were to 5900 (vnc). and the 10’s are to slammer
err msql
wth is a cam entry?
i assume this all dslam lingo?
inverse of arp cache; mac to port cache.
no, ethernet lingo.
ahh
didnt know that had a name
for such a “simple” technology, it’s very, very poorly understood
well, i have a decent understanding, but clearly its not bulletproof far as acronyms go
hmmm…. perhaps transcode then….
ok i did as suggested installed etch basic core +xorg+fluxbox when i enter fluxbox on command line i get warning failed to open file /usr/share/fluxbox/nus/en.gb/fluxbox.cat error count’t connect to XServer
nb, don’t feel too special; my own (home) /dlsam/ sends me (I assume, everybody) all the crap it doesn’t have a specific atm pvc route for
csmacd/ca,arp and how switches can be failed open/closed are about my limits
thank you verymuch, I’ll check it out now
atm, theres where im clueless
know as andyp before
again it comes back to least cost engineering; per-packet inspection on the transit lan interconnecting the POP or, at the datalink layer leaving edge routers at the POP is expensive; so usually that layer leaks.
bliss, you start x using what method? startx?
some technologies are more or less prone; the /real/ metroE switches (ie, longreach ethernet) don’t leak; neither do docsis cable plant.
oops no I did not just ran fluxbox
http://www.transcoding.org/cgi-bin/transcode
i was gonna say, ive never had this on cable before
that’s because docsis has no segment; just point-to-point reserved bandwidth between you and the headend.
problem starts where the topology between subscriber and headend is point to multipoint.
i am in a live cd at the moment
if you ask me, it just seems like someone let slip a firewall rule or two
nothing to do with firewall, everything to do with layer2 (ptp vs ptmp)
almost seems like pppoe behind the scenes isnt much diff than ipsec tunnel mode
pppoe is just a neat way to introduce the concept of a “session” across a bridged datalink.
it’s required because few endpoints support 802.1x.
bliss, If you don’t use gdm – try startx from commandline once booted
ok i will as orinary user?
i suppose they need the session for authentication?
ordinary
yes
more particularly, accounting
ok se you later cannot do it from live cd
heh, ya ive noticed they seem very good at billing you down to the bit
this also not work, they talk nothing about VCD
hi, why does the ALT+some number combination used in MS Windows doesnt work in Linux to get the ascii codes of characters?
what about the bits that aren’t even addressed to you? (hint, here’s your in with abuse@)
heh, no doubt. of course you cant do much to prove anything. even if you packet log your entire time at an isp, your logs cant be used as anything beyond a rough estimate
and believe me, ive considered full logs of at least the headers to make use of all this space i got kickin around. my only concern is the overflows in tcpdump. but my understanding is the disectors don’t apply until you display to stdout
choir, preaching to; the only way to analyse flow data is treat it as an input to statistical sampling; if you want robust octet counts, you better be willing to reimplement x.25
x.25 that sounds familiar. that was switched network?
yep; store and forward hop by hop though
needless to say, implementing that at 2Gbps is expensive too.
i think anything on this scale is expensive no?
hi, what is exactly a” terminal” and what is exactly a “console” ?
not really; store and forward and high clockrates means deep and massively fast buffers; if you look at “modern” core fabric design it’s all about nonblocking fabric
google has a nice feature google for “define: console”
hmm, need a bit of punctuation there..
core fabric? as in switching fabric?
the bandwidth delay product of a 2Gbps core means you get to store a lot of data for a whole bunch of time to allow for retrans in the event of failure on a given segment along the path
it’s cheaper to do that once, at the endpoint, than everywhere (ie, line card level on each segment)
yep; the cloud in that IP-over-magic diagramme.
so the restrans is done by the switches in that case to avoid doing it at the ip level?
in x.25, yes; store-and-forward, hop by hop.
however you *do* get precise octet counts…
petemc, My doubt is based in that sometimes when people helps me tells me “open a terminal” or “open a console” and I dont know what they are meaning, i.e. when I press ctrl+alt+f1 what do I got? a terminal o console?
surprised they just dont trust the dsl modems to do the byte counts
not that an electrical engy couldnt fix that though
they’re kind of interchangeable, tho you would generally have people refering to opening a xterm or gnome terminal in X as a terminal window, and ctl alt f1 as console
they’re imprecise too; they can’t discriminate data plane from control plane at the network layer; so if unwanted datalink traffic recieved, or, vanishes in the to-provider direction at some hop along the path, you get error.
petemc, thanks
true, i suppose it really depends what you consider billable though. packet should at least make it to the isp permiter (right term?)
but where’s that? a wholesale leasee’s perimeter is wherever their DSLAM is – and the atm core might be discarding cells bound for it
on a per-pvc basis, you can’t really discriminate who’s they are
bah, glad im not in the isp business heh. almost as bad as trying to calculate bandwidth for http vhosts
“edge” is what the cisco coolaid drinkers use
MangosDebian:
statistical sampling is useful science but it’s never accurate; so bound the error and move on.
aye
and lets pretend that things like STP don’t exist and that you’re not getting billed for them
i better not be getting anything beyond standard tcp/ip to my ppp
nb even at the per device level this is an issue; octets recieved by the line card may not get a slot on the crossbar in time and may get discarded as a result.
hi, how do I disable the root connection via ssh?
theres a permitrootlogin option
crossbar?
so you wind up with input counts not agreeing with fabric flow counts not agreeing with output counts
a switch is not an antenna; the packet coming in is transformed into a cell, the dest datalink address is looked up in the forwarding engine, it asks the fabric controller for a slot on the fabric, then it punts the frame.
all of those operations are time constrained; some parts of the fabric buffer/retry, some don’t.
petemc, what file do I have to edit?
/etc/ssh/sshd_config
it’s like trying to pick up a fistful of mercury; it looks easy enough at first…
sec, gonna try abuse@ and security@. $5 says neither one work though
when you finally get hold of someone, you can point them at the rfc’s that say they are supposed to work…
that’s a bet I won’t take; your best hope is that there’s enough complaints to warrant escalation
lol, i doubt that will help. generally with bell you get a tech that can only go by whats on the screen
that’s why your complaint to abuse@ is so important; if you don’t add your weight, nothing changes.
they won’t investigate /your/ complaint though; they’ll eventually open up a master ticket for /all/ complaints.
Hello, I want to migrate a physycal machine to a vmware virtual machine, what is the best/ or what is the way to copy all files from physycal machine to a virtual machine?
interesting question; is it possible to mount the virtual machine’s disk image using a loopback mount?
not sure ;P, but is a good idea
qemu has utilities for converting between different disk formats for virtual machines which might help you in this
so it’s possibe to use dd image to convert to a vmware images?
ummm…. that I’m not sure about. I was thinking more that you could mount an image on loop and then convert to vmware format if needed.
Do you know the name please?
the command is qemu-img in the package qemu
qemu-img -f rawformat is dd I think
nice… another one to file away for a rainy day
Hello , how can I make the linux screen don’t go to blank screen (don’t do energy saving) , I want to plug the monitor and have the screen output without pressing a key
!screen blanking
rumour has it, screen blanking is you can control screen blanking in console via setterm -blank (and/or your BIOS powersave settings), and in X via “xset -dpms”, xscreensaver, or your desktop environment’s screensaver controls.
thanks for the suggestion to run staartx that worked please forgive thenick
thanks
startx
have been know as andyp
how can i get apt-get to reinstall the /etc/ files for the package when i install it?
did you join the wrong channel?
no
i did the upgrade
now my imapd is broken
just that i am on a live cd and he default nick was ubuntu
intersting nick then to be running debian
ahh
hmm
imapd is working, but horde/imp isnt
wondering what the diffrence is between xorg and x-window-system-core, x-window-system?
hmm, so far no bounces to both addresses
abuse@ should never boune
+c
and whats worse, I attached the slammer and hotmail accepted it
it shouldn’t….but who knows
thanks for your help with LUKS and lvm last friday
does anyone have any clue? i really need the original /etc/ files for this package, –reinstall and dpkh-reconfigure don’t replace them
hotmail accepts mail but doesn’t deliver it…
i helped you? don’t recall the nick. oh well, np
think it was andyp
http://hubpages.com/hub/Hotmail_Fails_To_Deliver_Up_To_81_Of_All_Attachment_Emails
it’s just a transitional package (for sarge upgrades)
heh, well they better deliver this. sympatico uses MSN premium.
hmm
it seems as though nothing on my system is getting logged
if i start bind
it wont log to anything in /var/log
ahh, i know that nick. i assume that you were just using the wrong lvm dev or something?
what is the transitional package
i think i read that off dig other week actually
did a re-install its ok now
the x-window-* packages
yeah, it’s been around the block a few times recently
so xorg and x-windows are more or less the same
thats usually the easiest. but from i can recall, you already had everything mounted. was just a matter of finding which lv had your data. thus the vgdisplay -v
heh ya, ive noticed that with digg
apt-cache depends packagename ; apt-cache show packagename
yes but also I was runing lenny which was not a good idea , not just now anyway
well, can’t say anything about lenny since I dont use it, but I dont know if that had anything to do with it. oh well, least your up and running now
yep
just a simple version but I think i know what you mean
ok i see what you mean
what if its a tar ball like vmware?
vmware needs these apt-get install linux-headers-`uname -r` libx11-6 libx11-dev x-window-system-core x-window-system xspecs libxtst6 psmisc build-essential so would xorg cover the windows packages?
I am planning a new file server in our domain, which is active directory based (windows server 2003). I am also considering linux implementation, the question is, will a linux distribution with ACL be able to seemlessly integrate into windows server domain (verify access against the domain
controller)?
yes
however ACLs and samba may not be 100% working
samba can be a pdc or bdc
pdc/bdc aren’t relevant to AD, but samba can be a domain member
aptitude install build-essential xorg linux-heades-`uname -r`
thanks
what do you mean by ACLs and samba may not be 100% working?
ahh yes….. misread that bit.
we have samba servers here, and the acls don’t work properly… you can view them but not modify via samba/windows
mmm that is not particulary good, anyway thanks for the info…
it may be better in latest samba, ask #samba
also we’re using ufs on solaris, not ext3 on linux
stupid question, let’s say in inittab i have ’sysinit’ to ‘/etc/rcS’ and ‘initdefault’ to runlevel 2, what does init do at boot? /etc/rcS than goes directly to runlevel 2, or /etc/rcS than runlevel 1 than runlevel 2, or … ?
bstupid question, let’s say in inittab i have ’sysinit’ to ‘/etc/rcS’ and ‘initdefault’ to runlevel 2, what does init do at boot? /etc/rcS than goes directly to runlevel 2, or /etc/rcS than runlevel 1 than runlevel 2, or … ?/b
