Nabble - Boston Linux/UNIX General Discussion List

Re: Boston Linux and Unix Annual Summer BBQ Saturday July 19, 2008 Waltham, Ma

2008-07-18T16:33:18Z

Annual Summer BBQ XIV
When: Saturday, July 19, 2008 from 1:00 pm to 6:00 pm
Where: John and Shelley Chambers' home
33 Cedarwood Avenue, Waltham, MA.

Boston Linux & Unix is holding its fouteenth annual summer BBQ on
Saturday, July 21st, beginning at 1:00 p.m. Everyone is welcome. Guests
are encouraged to bring along something for the grill and the snack
table. We're holding the barbeque at the same location as the past few
years, John and Shelley Chambers' home at 33 Cedarwood Avenue, Waltham,
MA.

For maps and directions please check
http://www.blu.org/cgi-bin/calendar/2008-bbq14

--
Jerry Feldman <gaf@...>
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9

_______________________________________________
Announce mailing list
Announce@...
http://lists.blu.org/mailman/listinfo/announce

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Autofs questions

2008-07-18T06:14:47Z

I just set up autofs on our servers in our office. One issue is that
direct mounting does not work in Linux:
eg. in auto.master:
/- /etc/auto.direct

in auto.direct:
/foo -fstype nfs,rw,xxx server:path

But, I can achieve this using yp. While I have seen some references to
using NIS(yp) to mount home directories, I have not found a decent
online reference either in the Red Hat documentation tree or otherwise.

The main directory tree I wanted automounted works fine, but I have 1
direct, and also /home. I can do /home easily with:
* -fstype=nfs,rw,nosuid,soft server:/home/&
(actually, I would probably use sync and hard as options).

But, I think for /home, using yp would be a better way to go, but I
only have 10 users, and we would be adding or removing maybe 1 or 2 per
year. I only have 1 directory I want automounted, but there is no
problem putting that into fstab on the clients.

--
--
Jerry Feldman <gaf@...>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-18T05:51:06Z

On Fri, 2008-07-18 at 00:34 -0400, David Kramer wrote:
> Jarod Wilson wrote:
> > I'd be curious to sit down at the same machine that initiated $subject
> > though. I've installed Fedora 9 on a ton of systems, all without any
> > problems, but I'm rather entrenched... Would be curious to know more
> > details on where/why we're falling down...
>
> I can bring it to the BBQ Saturday, if you're going to be there.

Damn. Unfortunately, no, I can't make it, have to be up in Concord, NH
most of the day.

--
Jarod Wilson
jarod@...

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-17T21:34:30Z

Re: Canonical kernel contributions (was: Linux on the desktop...)

2008-07-17T17:03:40Z

On Thu, Jul 17, 2008 at 1:20 PM, John Abreau <abreauj@...> wrote:

> On Thu, Jul 17, 2008 at 11:42 AM, Jarod Wilson <jarod@...> wrote:
>
>>
>> I feel obligated to post another link:
>>
>> http://blog.phunnypharm.org/2008/07/canonical-and-linux-kernel.html
>>
>> Its a rebuttal by Ben Collins, one of Canonical's kernel guys, who
>> admits that while Canonical still hasn't contributed anywhere near as
>> much to the kernel as others, its more than 6 patches in 5 years -- more
>> like ~90.
>
>
> Interesting. While the comments on that blog don't mention it, it looks
> to me like the count doesn't necessarily include everything Canonical
> might send upstream; it only counts contributions that were accepted
> and incorporated into the kernel. If Canonical submitted 500 patches,
> and 499 were rejected, they would only be credited with a single
> contribution.

True, but that would be the case for all the other vendors as well.
Unless you are suggesting that for some reason Canonical's patches are
rejected more often then other vendors, I don't think that is relevant
when one is concerned about relative vs. absolute numbers.

Bill Bogstad

P.S. I don't think that the number of kernel contributions are that
big a deal (in isolation from all other code) in any case.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

August 2 in Cambridge, MA: Ubuntu Massachusetts Fourth : Exploration Ubuntu

2008-07-17T12:35:24Z

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"You'd be surprised at the number of folks who see Linux as the
operating system of choice now."
~ -Mel King, Director, South End Technical Center

PRESS RELEASE—FOR IMMEDIATE RELEASE

Boston, Mass., July 17, 2008—The Ubuntu Massachusetts Local Community
Team is a group of volunteers and activists organized around the
open-source Ubuntu operating system, often called “Linux for human
beings.” The team advocates digital rights and freedom, and promotes
Ubuntu use to achieve this.

They have been working with the South End Technical Center since January
2008, installing Ubuntu on center and user machines and providing weekly
training sessions for experienced and novice users alike. On August 2nd
the group will be hosting their fourth free Exploration Ubuntu event to
demonstrate what this easy-to-use Linux system has to offer.

What is Ubuntu?
For some Celtics fans, Ubuntu may just be a rallying cheer, but those in
the know recognize it as a word from several African languages that
roughly translates to "I am what I am because of who we all are." Ubuntu
is about community. The Ubuntu operating system is a community-developed
version of the Linux operating system; it exists because of, and is
supported by, a global community.

Exploration Ubuntu provides the “u” in the community with the
opportunity to see what this free operating system, and the local group
supporting it, has to offer. Come see it in action and talk with people
to find out if it's right for you. Curious but not ready to take the
plunge? The Ubuntu Massachusetts Local Community Team offers free Live
CDs that will let you try the system at home without installing it and
without removing your current operating system. Ready to switch? Bring
your desktop or laptop machine in and they'll get you up and running.

Ubuntu is great for older machines too. There are several versions
available to suit most computers and users’ needs. Plus, it comes with a
variety for free tools like Open Office (compatible with MS Office) and
the Firefox web browser already installed.

Explore Ubuntu
Exploration Ubuntu will be held Saturday August 2nd, from 10am to 5pm at
the MIT Media Lab, 20 Ames St, Cambridge, MA. Contact event coordinator
Mike Rushton (leftyfb@...), or visit http://ubuntu-ma.us for more
details.

###
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSH+e/O6Yy60Eea9+AQJKqQgAu9KEKSG7KkYnM/aN/empldrks64qu8LL
+HxEM965WR636/plEdAWN73v+bjqbjAlwmCHIniKmIFSUwoyVB2yAKB39tQYhCzL
Kqs7J6fofgkOmgjrs0xB7hrIBVN6oYvawZtCBIZXp/0ZUWL5KaDUMkKy+669l7WC
BhL1Uk8SYRlZT0WcBq8g3GQnzOHDims2Z8ZrMLM5U5mhfA6RQd9K9yD2fwDskQHe
FIonmU/+zjE+FQc8qlblGxZJX2KeKa9roBHiu/EN36rHcTEXfeSl3H4K2/xs7/QR
Iz7a1QvGex5L+dJUJCkB49tQFtvp10PJAW2mcUy9pJMa8+TVr7nlkA==
=pjyf
-----END PGP SIGNATURE-----

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: ubuntu automatic logoff

2008-07-17T11:05:31Z

>>>>> "Kent" == Kent Borg <kentborg@...> writes:

Kent> The answer, which I didn't bother to understand because I am
Kent> lazy and it just worked, was to edit /etc/ppp/options and
Kent> comment out "lcp-echo-interval 30".

Thanks, I'm trying that now. I'll let you know if it worked.

--
Laura (mailto:lconrad@... http://www.laymusic.org/ )
(617) 661-8097 233 Broadway, Cambridge, MA 02139

There is no such thing as bad publicity except your own obituary.

Brendan Behan (1923 - 1964)

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Canonical kernel contributions (was: Linux on the desktop...)

2008-07-17T10:20:44Z

On Thu, Jul 17, 2008 at 11:42 AM, Jarod Wilson <jarod@...> wrote:

>
> I feel obligated to post another link:
>
> http://blog.phunnypharm.org/2008/07/canonical-and-linux-kernel.html
>
> Its a rebuttal by Ben Collins, one of Canonical's kernel guys, who
> admits that while Canonical still hasn't contributed anywhere near as
> much to the kernel as others, its more than 6 patches in 5 years -- more
> like ~90.

Interesting. While the comments on that blog don't mention it, it looks
to me like the count doesn't necessarily include everything Canonical
might send upstream; it only counts contributions that were accepted
and incorporated into the kernel. If Canonical submitted 500 patches,
and 499 were rejected, they would only be credited with a single
contribution.

--
John Abreau / Executive Director, Boston Linux & Unix
GnuPG KeyID: 0xD5C7B5D9 / Email: abreauj@...
GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Canonical kernel contributions (was: Linux on the desktop...)

2008-07-17T10:04:27Z

On Thu, Jul 17, 2008 at 8:42 AM, Jarod Wilson <jarod@...> wrote:
> I feel obligated to post another link:
>
> http://blog.phunnypharm.org/2008/07/canonical-and-linux-kernel.html
>
> Its a rebuttal by Ben Collins, one of Canonical's kernel guys, who
> admits that while Canonical still hasn't contributed anywhere near as
> much to the kernel as others, its more than 6 patches in 5 years -- more
> like ~90.

Ben Collins has always been quick to fix issues I have spotted. He is
also a cool dude from my what my friends who know him say :-)
--
Kristian Erik Hermansen
--
CISSP, CEPT, CREA, CEH, Linux+, A+, QGCS, ACSA, this is getting ridiculous...
http://kristian-hermansen.com

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Canonical kernel contributions (was: Linux on the desktop...)

2008-07-17T08:42:20Z

On Wed, 2008-07-16 at 11:40 -0400, Jarod Wilson wrote:

> On Wed, 2008-07-16 at 09:46 -0400, Daniel Feenberg wrote:
> >
> > On Tue, 15 Jul 2008, Ruben Safir wrote:
> >
> > >> standpoint, I really have no clue what they do in other areas as far as
> > >> upstream contributions. However, I do have insider knowledge[*] that
> > >> they do NOT send kernel contributions upstream to Debian or anyone else.
> > >> Canonical's "fixes" and "enhancements" are more or less considered
> > >> "secret sauce" and a competitive advantage.
> > >>
> > >
> > >
> > > That is a violation of the GPL
> > >
> > >
> > The GPL only obliges Cannonical to supply source to anyone they supply
> > with binaries. The enhancements are of course available to kernel
> > developers, if they choose to use to read the Ubunto source.
>
> ...which most developers simply don't have the time to do. People are
> supposed to submit patches to the lkml for review and inclusion, not let
> them linger in some place where developers have to regularly poll and
> poke to see what's new and interesting. If everyone did that, the kernel
> would be in a sorry state, it just doesn't scale.
>
> > Anyone who has browsed the kernel mailing list can understand why a
> > developer might choose not to submit patches - most submissions are met
> > with insults from very possesive maintainers.
>
> Simply not trying because it might be hard is a cop out. But I don't
> even think that's the case here, I believe its policy. Really, getting
> stuff into the kernel isn't *that* hard. Sure, its not as simple as
> "here, take this, trust me, it works", but it *can* be done. I'm no
> uber-hacker or anything, and yet, there are more patches in Linus' tree
> attributed to my name in the past year than there are attributed to
> Canonical in 5 years.

I feel obligated to post another link:

http://blog.phunnypharm.org/2008/07/canonical-and-linux-kernel.html

Its a rebuttal by Ben Collins, one of Canonical's kernel guys, who
admits that while Canonical still hasn't contributed anywhere near as
much to the kernel as others, its more than 6 patches in 5 years -- more
like ~90.

--
Jarod Wilson
jarod@...

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Mini video camera at tonight's BLU meeting

2008-07-17T07:01:28Z

John Abreau wrote:

> A couple people asked me about the little camcorder I used at tonight's
> BLU meeting. I just copied the avi file off the camera and tried to
> play it with mplayer. The video looked sharp, but the audio was almost
> nonexistent.
>
> The file size was 3.5 GB for a little over 2 hours.
>
> I tried converting it with ffmpeg2theora, and the copy still had no
> audio.
>
> I haven't tried it on MacOS or Windows yet, but I'm definitely not
> impressed with this thing.

I recently had some "fun" figuring out how to re-encode an AVI file that my
digital camera generated. What is screwy is that no matter what video format
I used, unless I used either the raw PCM of the audio from the source AVI,
or re-encoded it as MP3, then the *video* playback would be choppy on linux
(mplayer, vlc). I finally figured out that the source audio was encoded at a
strange rate, and apparently only lame could re-sample it correctly to get
into a more standard rate (11024Hz -> 11025Hz). Then I could convert it to
ogg or whatever. But trying to go straight from the source to ogg made it
unwatchable.

Here's the two steps that I ended up with:
# re-encode the audio to mp3 and fix the sample rate:
mencoder -msglevel all=2 $1 -o tmp.avi -oac mp3lame -srate 11025 -ovc copy
# now encode it as ogg/theora
ffmpeg2theora -v 5 -V 2500 --optimize -a 5 -o $base.ogv tmp.avi

The lesson here is that the mp3 encoder is more robust (which isn't too
surprising).

HTH,
Matt

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: ubuntu automatic logoff

2008-07-17T06:55:52Z

Jerry Feldman wrote:
> [about some ppp settings]
>

The only time I have done "dialup" from Ubuntu is to do a ppp connection
over my Sprint phone to the internet. I had a disconnect problem.
Rather than getting to the bottom of it the old fashioned way I did that
modern lazy thing: I asked Google.

The answer, which I didn't bother to understand because I am lazy and it
just worked, was to edit /etc/ppp/options and comment out
"lcp-echo-interval 30".

That was several Ubuntu revisions back and I have had to do it again
with each rev., and each time it has worked. Maybe this has wider
applicability?

-kb, the Kent who maintains an "adminlog.txt" file off all the system
tweaks he does so he can reproduce his customizations, and find tidbits
like this.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-17T06:49:55Z

On Thu, 2008-07-17 at 00:57 -0400, David Kramer wrote:
> Jarod Wilson wrote:
> > I'd be curious to sit down at the same machine that initiated $subject
> > though. I've installed Fedora 9 on a ton of systems, all without any
> > problems, but I'm rather entrenched... Would be curious to know more
> > details on where/why we're falling down...
>
> I've done a partial write-up at
> http://www.bostongeeks.com/wiki/index.php?n=Research.Fedora9Issues
> though this is not yet an exhaustive list of the issues I've faced.

A decent percentage of the issues seem to be with KDE4, which isn't
entirely unexpected, unfortunately...

> The big deal-breaker, though, is the fact that I can't get my TV hooked
> up to the external video jack working as a second monitor, even with the
> exact same xorg.conf that worked under Fedora 8. I posted about that
> problem a few weeks ago.

Ah yes, that. Personally, I use gnome-display-properties or simply
xrandr on the command line (g-d-p is an xrandr frontend) to activate the
external display with my own laptop under Fedora 9. Can't remember if
you'd tried that or not. I assume not on the g-d-p, since you're KDE,
but xrandr *should* still have worked... What generally lights up the
external display for me if it doesn't automagically come up:

$ xrandr --output VGA --auto

--
Jarod Wilson
jarod@...

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: ubuntu automatic logoff

2008-07-17T06:22:58Z

On Wed, 16 Jul 2008 20:28:04 -0400
Laura Conrad <lconrad@...> wrote:

>
> i kept notes after the last time i had to deal with dialup speeds on
> my laptop at my mother's.
>
> one of the problems i hadn't solved was that the desktop in Cambridge
> logs me off automatically after 5 minutes. This means that if i log
> on and check my email, and then want to websurf for a bit, I can't get
> the email that's come while i was surfing without logging in again.
>
> Does anyone know how to turn this off?
>
> As i remember it, I pretended google was my friend last time, and it
> did toell me something, but i didn't really test it, and it doesnt'
> seem to have been true.

I've not 100% sure what you are asking. What software are you using for
dialup and what ISP. Normally, the dialup software has a timeout
setting, but the ISP also may have a setting. Most of these are idle
time. I'm not 100% certain since I have not used dialup on my laptop
(Ubuntu), but there is a script, /etc/chatscripts/ppp0 that has some
modem parameters. The ppp0 script is configured by Ubuntu's built in
network configurator.
Additionally, you could use wvdial to connect. There
is a config file /etc/wvdial.conf that you can add some commands to.

--
--
Jerry Feldman <gaf@...>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-17T06:05:44Z

David Kramer wrote:
> The big deal-breaker, though, is the fact that I can't get my TV
> hooked up to the external video jack working as a second monitor, even
> with the exact same xorg.conf that worked under Fedora 8. I posted
> about that problem a few weeks ago.
>

You were wondering about switching to Ubuntu, I seem to remember...

Ubuntu has put effort into letting users configure dual monitors with a
GUI (inspired by what Apple had working 20-years ago). And it works for
some, but didn't work for me.

Ubuntu 8.04 seems a bit too rough around the edges for what they were
aiming at, though one of my biggest complaints is that support for
Panasonic-specific function keys seems to have been removed from the
mainstream kernel awhile ago and now has been dropped by Ubuntu, too.

-kb

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Mini video camera at tonight's BLU meeting

2008-07-17T00:21:22Z

On Thu, Jul 17, 2008 at 12:17 AM, John Abreau <jabr@...> wrote:

Give cinelerra or kino a try. Could be that your codecs are bad for
the audio portion. Better test it some other way to verify...
--
Kristian Erik Hermansen
--
CISSP, CEPT, CREA, CEH, Linux+, A+, QGCS, ACSA, this is getting ridiculous...
http://kristian-hermansen.com

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Mini video camera at tonight's BLU meeting

2008-07-17T00:17:18Z

A couple people asked me about the little camcorder I used at tonight's
BLU meeting. I just copied the avi file off the camera and tried to
play it with mplayer. The video looked sharp, but the audio was almost
nonexistent.

The file size was 3.5 GB for a little over 2 hours.

I tried converting it with ffmpeg2theora, and the copy still had no
audio.

I haven't tried it on MacOS or Windows yet, but I'm definitely not
impressed with this thing.

--
John Abreau / Executive Director, Boston Linux & Unix
IM: jabr@... / abreauj@AIM / abreauj@Yahoo / zusa_it_mgr@Skype
Email jabr@... / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-16T21:57:16Z

Jarod Wilson wrote:
> I'd be curious to sit down at the same machine that initiated $subject
> though. I've installed Fedora 9 on a ton of systems, all without any
> problems, but I'm rather entrenched... Would be curious to know more
> details on where/why we're falling down...

I've done a partial write-up at
http://www.bostongeeks.com/wiki/index.php?n=Research.Fedora9Issues
though this is not yet an exhaustive list of the issues I've faced.

The big deal-breaker, though, is the fact that I can't get my TV hooked
up to the external video jack working as a second monitor, even with the
exact same xorg.conf that worked under Fedora 8. I posted about that
problem a few weeks ago.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

ubuntu automatic logoff

2008-07-16T17:28:04Z

i kept notes after the last time i had to deal with dialup speeds on
my laptop at my mother's.

one of the problems i hadn't solved was that the desktop in Cambridge
logs me off automatically after 5 minutes. This means that if i log
on and check my email, and then want to websurf for a bit, I can't get
the email that's come while i was surfing without logging in again.

Does anyone know how to turn this off?

As i remember it, I pretended google was my friend last time, and it
did toell me something, but i didn't really test it, and it doesnt'
seem to have been true.

--
Laura (mailto:lconrad@... http://www.laymusic.org/ )
(617) 661-8097 233 Broadway, Cambridge, MA 02139

I thought hell is bound to be a livelier place, as he joins forever
those whom he served in life, applauding their prejudices and fanning
their hatred.

Gore Vidal, when asked how he felt on hearing that William F. Buckley
had died.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-16T12:49:15Z

Matthew Gillen wrote:

> Kent Borg wrote:
>> I see periodic recommendations about passwords that say not to use
>> passwords because a nice long ssh key is much more secure. Am I silly
>> to be as worried as I am by logins via key files?
>> Currently I login with passwords that are secure*, and I don't type them
>> on keyboards I don't trust (therefore I don't type personal passwords on
>> my Windows machine at work). Keyfiles, on the other hand, need to be
>> stored in plain text on the authorized machine. That gives me the
>> willies. Should it?
>
> Only if you're also using "passphrase-less" keys. Supposing you use a
> key that is as secure as your passwords are

Sorry, I meant:
Supposing you use a key *with a passphrase* that is as secure as your
passwords are ...

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-16T12:45:31Z

Kent Borg wrote:
> I see periodic recommendations about passwords that say not to use
> passwords because a nice long ssh key is much more secure. Am I silly
> to be as worried as I am by logins via key files?
>
> Currently I login with passwords that are secure*, and I don't type them
> on keyboards I don't trust (therefore I don't type personal passwords on
> my Windows machine at work). Keyfiles, on the other hand, need to be
> stored in plain text on the authorized machine. That gives me the
> willies. Should it?

Only if you're also using "passphrase-less" keys. Supposing you use a key
that is as secure as your passwords are (and treat your key passphrase exactly
like you treat your current password), then you have two factor
authentication, and it is more secure. Now they have "have" something (your
key), and "know" something (your passphrase). That's generally thought to be
more secure than just a password (especially since it's completely infeasible
to discover the key by brute-force).

Matt

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-16T12:43:52Z

Kent Borg wrote:
> 1) Long enough to make brute force
> attacks against repeated ssh attempts infeasible

I mangled that. Try something like: "Long enough to make brute force
attacks VIA repeated ssh attempts infeasible.:

-kb

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Linux on the desktop - it's come a long way, but is it there yet?

2008-07-16T12:42:46Z

On Wed, 16 Jul 2008 11:16:21 -0400
Richard M Stallman <rms@...> wrote:

> I apreciate that there might be varying opinions on this matter, but what I
> said about the patent fears of NVIDA and ATI et al came directly from the
> horses mouth, the legal departments and corperate CEO's of those company
> who discloses this fact at seperate meetings that involved a very famous
> former editor of the "Linux Journal".
>
> It is a fact, or at least it was until at least a year ago.
>
> I am willing to believe it is part of their motivation, but the
> example of ATI shows that they can be convinced to set that motivation
> aside.

I agree that if ATI is successful others, like Nvidia might follow.

--
--
Jerry Feldman <gaf@...>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-16T12:39:00Z

John Abreau wrote:

> My preference is to set AllowUsers in sshd_config so only the specified
> users can login via ssh. I restrict root logins to specific origins, e.g.
>
> AllowUsers [...] root@...
>
> to allow root logins from the rsync backup server. I also disallow
> password authentication and instead drop an ssh public key into
> /root/.ssh/authorized_keys
>
>

That looks like a good use of keyfiles. (Though wouldn't it be better
to push to the backup server, pushing to a non-root account, and give
the backup server no access under its own power? Particularly if the
backup server is only fed encrypted data.)

I see periodic recommendations about passwords that say not to use
passwords because a nice long ssh key is much more secure. Am I silly
to be as worried as I am by logins via key files?

Currently I login with passwords that are secure*, and I don't type them
on keyboards I don't trust (therefore I don't type personal passwords on
my Windows machine at work). Keyfiles, on the other hand, need to be
stored in plain text on the authorized machine. That gives me the
willies. Should it?

As for "sudo -i" being safer than "sudo bash", yes. But if you are
worried about a crack of your non-root account being a stepping stone to
root, go the extra distance and type "/usr/bin/sudo -i". Or could that
be quietly aliased into something dangerous, too?

-kb

* Secure for a login password: 1) Long enough to make brute force
attacks against repeated ssh attempts infeasible--but not long enough to
hold up against someone motivated, funded, and with access to the shadow
file. 2) Not reused across disparate systems. 3) Not written down
anywhere in plain text. Encryption passphrases need to be better.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: disabling root login

2008-07-16T12:37:10Z

David Rosenstrauch wrote:

> Kristian Erik Hermansen wrote:
>> On Wed, Jul 16, 2008 at 11:37 AM, David Rosenstrauch
>> <darose@...> wrote:
>>> All of which begs the question: is it possible to enter single-user
>>> mode when you've got a locked root account?
>>
>> https://help.ubuntu.com/community/RootSudo#Misconceptions
>
> Good to know, but I don't use Ubuntu. So sounds like the answer for the
> general case is "no, it's not possible".

Read Jarod's post: yes, it is possible, by editing the kernel's command line
to have 'init=/bin/bash' in it. Presumably if you have the ability to edit
the kernel command line to boot to single user, you could add the 'init'
parameter too.

The only way it wouldn't be possible is if you have single-user mode as a grub
entry, and a grub password that you don't know either.

Matt

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: disabling root login

2008-07-16T12:30:42Z

Kristian Erik Hermansen wrote:

> On Wed, Jul 16, 2008 at 11:37 AM, David Rosenstrauch <darose@...> wrote:
>> Just wondering something about disabling root login, btw:
>>
>> I often drop down to single-user mode when I'm performing things like kernel
>> upgrades. Entering single-mode prompts me for the root password, and
>> presumably logs me in as root.
>>
>> All of which begs the question: is it possible to enter single-user mode
>> when you've got a locked root account?
>
> https://help.ubuntu.com/community/RootSudo#Misconceptions

Good to know, but I don't use Ubuntu. So sounds like the answer for the
general case is "no, it's not possible".

Thanks,

DR

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-16T12:29:12Z

On Wed, 16 Jul 2008 10:06:04 -0400
Kent Borg <kentborg@...> wrote:

> I frequently do "sudo bash" and go from there. The only time I miss a
> root login is when I want to scp something as root.

This logs you in as root:
sudo -s -H

sudo scp <files> root@host
Assuming the host accepts root logins.

--
--
Jerry Feldman <gaf@...>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-16T12:20:08Z

Yes, the line I put in authorized_keys includes
"from=backup-server.example.com"
and "command=/usr/bin/rsync", or settings to that effect.

On Wed, Jul 16, 2008 at 3:09 PM, Dan Ritter <dsr@...> wrote:

> On Wed, Jul 16, 2008 at 03:02:02PM -0400, John Abreau wrote:
>> On Wed, Jul 16, 2008 at 2:06 PM, Bill Bogstad <bogstad@...> wrote:
>>
>> > It's trivially easy to turn root login back on. Just give root a
>> > password (and enable root login in your sshd config file) and
>> > you should be golden. I generally use sudo if I'm already on the
>> > machine in question, but if I'm accessing a *buntu machine remotely
>> > I tend to ssh directly to root.
>>
>> My preference is to set AllowUsers in sshd_config so only the specified
>> users can login via ssh. I restrict root logins to specific origins, e.g.
>>
>> AllowUsers [...] root@...
>>
>> to allow root logins from the rsync backup server. I also disallow
>> password authentication and instead drop an ssh public key into
>> /root/.ssh/authorized_keys
>
> Remember that you can (and should!) further limit what can be
> done with that public key with restrictions in authorized_keys:
>
> man sshd, section AUTHORIZED_KEYS FILE FORMAT.
>
> -dsr-
>
>
> --
> http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
>
> When freedom gets lots of exercise, it protects itself.
>

--
John Abreau / Executive Director, Boston Linux & Unix
GnuPG KeyID: 0xD5C7B5D9 / Email: abreauj@...
GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-16T12:09:12Z

On Wed, Jul 16, 2008 at 03:02:02PM -0400, John Abreau wrote:

> On Wed, Jul 16, 2008 at 2:06 PM, Bill Bogstad <bogstad@...> wrote:
>
> > It's trivially easy to turn root login back on. Just give root a
> > password (and enable root login in your sshd config file) and
> > you should be golden. I generally use sudo if I'm already on the
> > machine in question, but if I'm accessing a *buntu machine remotely
> > I tend to ssh directly to root.
>
> My preference is to set AllowUsers in sshd_config so only the specified
> users can login via ssh. I restrict root logins to specific origins, e.g.
>
> AllowUsers [...] root@...
>
> to allow root logins from the rsync backup server. I also disallow
> password authentication and instead drop an ssh public key into
> /root/.ssh/authorized_keys

Remember that you can (and should!) further limit what can be
done with that public key with restrictions in authorized_keys:

man sshd, section AUTHORIZED_KEYS FILE FORMAT.

-dsr-

--
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.

When freedom gets lots of exercise, it protects itself.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Giving up on Fedora 9

2008-07-16T12:02:02Z

On Wed, Jul 16, 2008 at 2:06 PM, Bill Bogstad <bogstad@...> wrote:

> It's trivially easy to turn root login back on. Just give root a
> password (and enable root login in your sshd config file) and
> you should be golden. I generally use sudo if I'm already on the
> machine in question, but if I'm accessing a *buntu machine remotely
> I tend to ssh directly to root.

My preference is to set AllowUsers in sshd_config so only the specified
users can login via ssh. I restrict root logins to specific origins, e.g.

AllowUsers [...] root@...

to allow root logins from the rsync backup server. I also disallow
password authentication and instead drop an ssh public key into
/root/.ssh/authorized_keys

--
John Abreau / Executive Director, Boston Linux & Unix
GnuPG KeyID: 0xD5C7B5D9 / Email: abreauj@...
GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Waffling on the iPhone

2008-07-16T11:52:48Z

On Wed, Jul 16, 2008 at 1:30 PM, Gordon Marx <gcmarx@...> wrote:

> I'm not going to lie, I read the subject and was like "there's a
> waffle iron for the iPhone?!" I must say, I'm disappointed that wasn't
> the case :--D
>
>
It would need to be a clam shell design for it to work. The way it
currently is is more like one of those rectangular griddles.

--
-matt

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Linux on the desktop, take 2

2008-07-16T11:50:20Z

On Wed, Jul 16, 2008 at 12:49 PM, <markw@...> wrote:

> I've been sort of following the thread and it occurs to me that it has
> sort of spiraled out of context with Canonical and GPL compliance, etc.
>
> Stepping back to consider "ready for the desktop," I'm not sure what that
> means in any real sense. I've seen my 70 year old mom try to use her Mac.
> It took her a bit of learning of concepts and techniques to be able to use
> it. She was reluctant to switch to Mac from Windows, but Windows was
> something I was no longer going to deal with. (I have a life too.)
>
> Now she loves her Mac and can't believe all the non-sense she had to deal
> with on Windows.
>
> It occurs to me that "ready for the desktop" has nothing to do with any
> solid and quantifiable measure. Unless it is exactly the same as what you
> are used too, but better, there will always be resistance to acceptance.
> Any differences, regardless of severity, will be trotted out by people as
> reasons why "A" is better than "B" because one is used to "A" and
> perceives it as better.
>
> The second problem is compatibility, there will always be compatibility
> issues between different systems, especially when one vendor has a great
> amount of control over a large base. Again, if upstart "A" does not play
> nice with established system "B" the perception is that "A" is not ready,
> regardless if "B" is the problem.
>
> The last issue is pre-installation. Mom and pop aren't installing Linux
> any time soon.
>
> Therefor, I think that Linux, for all rational evaluation has been "ready
> for the desktop" since the late '90s. I have been using Linux exclusively
> as my desktop system since 1995/1996.
>
> The problem is the perception of Linux and more so the perceived value in
> adjusting your ways to a new system. The Macintosh is riding high now
> because Windows generally and Vista specifically are a disaster. The Mac
> is slick, clean, and has a great marking campaign. The image is carefully
> controlled and wonderfully portrayed by Justin Long. Linux has no such
> image or marketing.
>
> So, is it ready for the desktop? Yes. Are people ready for it? Not without
> some a likable face, a solid reason to switch, and an easy way to get
> there. I'm imagining an HP ad where someone like Robert Downey jr, as Tony
> Stark, says "You could use Windows... but I prefer solid engineering and
> reliability, that's why we use HP with Linux pre-installed at Stark Labs."
>
>

Part of that LJ article he mentioned that the students accepted Linux with
open arms and adjusted very well. It was the people who had been using
Windows for years who learned how to do things a certain way didn't want to
learn how to do something differently (creatures of habit). The people with
the biggest complaints to change were of course the adults. He did go on to
say that people did adjust, mainly because they had to and now they're fine.

--
-matt

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: Linux on the desktop, take 2

2008-07-16T11:47:15Z

On Wed, 16 Jul 2008 12:49:12 -0400 (EDT)
markw@... wrote:

> So, is it ready for the desktop? Yes. Are people ready for it? Not without
> some a likable face, a solid reason to switch, and an easy way to get
> there. I'm imagining an HP ad where someone like Robert Downey jr, as Tony
> Stark, says "You could use Windows... but I prefer solid engineering and
> reliability, that's why we use HP with Linux pre-installed at Stark Labs."

I am wondering if you are making an oblique comment on the postings
concerning the anti-open-sourse stance of Marvel Comics' "Invincible Iron Man"?

URLs:

http://entertainment.slashdot.org/article.pl?sid=08/04/15/0037211

http://www.comicbookresources.com/?page=article&id=15905

--
R. Luoma

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: disabling root login (was: Giving up on Fedora 9)

2008-07-16T11:46:52Z

On Wed, 2008-07-16 at 14:37 -0400, David Rosenstrauch wrote:

> Bill Bogstad wrote:
> > On Wed, Jul 16, 2008 at 10:06 AM, Kent Borg <kentborg@...> wrote:
> >> David Kramer wrote:
> >>> and you can't log in as root, you use sudo instead (by default).
> >> I frequently do "sudo bash" and go from there. The only time I miss a
> >> root login is when I want to scp something as root.
> >
> > It's trivially easy to turn root login back on. Just give root a
> > password (and enable root login in your sshd config file) and
> > you should be golden. I generally use sudo if I'm already on the
> > machine in question, but if I'm accessing a *buntu machine remotely
> > I tend to ssh directly to root.
> >
> > Bill Bogstad
>
> Just wondering something about disabling root login, btw:
>
> I often drop down to single-user mode when I'm performing things like
> kernel upgrades. Entering single-mode prompts me for the root password,
> and presumably logs me in as root.
>
> All of which begs the question: is it possible to enter single-user
> mode when you've got a locked root account?

Yes. At least on some distros, such as fedora, which don't bother with
prompting for a password to get into single-user mode. Having a password
to boot into single-user mode is kinda dumb anyway, because if one can
edit the boot options to sneak an 's' or '1' in there, one can just as
easily pass in 'init=/bin/bash' and get a root shell without entering a
password. (Of course, one has to know they can do so...)

--
Jarod Wilson
jarod@...

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss

Re: disabling root login (was: Giving up on Fedora 9)

2008-07-16T11:45:18Z

On Wed, Jul 16, 2008 at 11:37 AM, David Rosenstrauch <darose@...> wrote:
> Just wondering something about disabling root login, btw:
>
> I often drop down to single-user mode when I'm performing things like kernel
> upgrades. Entering single-mode prompts me for the root password, and
> presumably logs me in as root.
>
> All of which begs the question: is it possible to enter single-user mode
> when you've got a locked root account?

https://help.ubuntu.com/community/RootSudo#Misconceptions
--
Kristian Erik Hermansen
--
CISSP, CEPT, CREA, CEH, Linux+, A+, QGCS, ACSA, this is getting ridiculous...
http://kristian-hermansen.com

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Discuss mailing list
Discuss@...
http://lists.blu.org/mailman/listinfo/discuss