From jima at beer.tclug.org Thu Apr 1 10:49:16 2010 From: jima at beer.tclug.org (Jima) Date: Thu, 01 Apr 2010 10:49:16 -0500 Subject: [tclug-list] finished with TCLUG site fixes In-Reply-To: <20100324130222.F23444@real-time.com> References: <4BA3AB86.4030104@cruiskeen.com> <20100323103535.O23444@real-time.com> <4BAA514E.1020104@beer.tclug.org> <20100324130222.F23444@real-time.com> Message-ID: <4BB4C07C.7000309@beer.tclug.org> On 03/24/2010 01:02 PM, Carl Wilhelm Soderstrom wrote: >> On 03/23/2010 10:35 AM, Carl Wilhelm Soderstrom wrote: >>> I personally have no objection to the TCLUG/mn-linux.org site being hosted elsewhere. >>> I can't speak for all of RTE tho. > > I discussed it with the rest of RTE; and we'd be quite favorably disposed to > someone else taking over hosting of www.tclug.org and www.mn-linux.org. > > Set up the new site and we'll make the DNS changes for mn-linux.org (and > presumably Jima can make the changes for tclug.org). Sooo, anyone hear anything more on this subject after it got green-lighted? Jima From chrome at real-time.com Thu Apr 1 11:03:08 2010 From: chrome at real-time.com (Carl Wilhelm Soderstrom) Date: Thu, 1 Apr 2010 11:03:08 -0500 Subject: [tclug-list] finished with TCLUG site fixes In-Reply-To: <4BB4C07C.7000309@beer.tclug.org>; from jima@beer.tclug.org on Thu, Apr 01, 2010 at 10:49:16AM -0500 References: <4BA3AB86.4030104@cruiskeen.com> <20100323103535.O23444@real-time.com> <4BAA514E.1020104@beer.tclug.org> <20100324130222.F23444@real-time.com> <4BB4C07C.7000309@beer.tclug.org> Message-ID: <20100401110308.R23809@real-time.com> On 04/01 10:49 , Jima wrote: > On 03/24/2010 01:02 PM, Carl Wilhelm Soderstrom wrote: > >> On 03/23/2010 10:35 AM, Carl Wilhelm Soderstrom wrote: > >>> I personally have no objection to the TCLUG/mn-linux.org site being hosted elsewhere. > >>> I can't speak for all of RTE tho. > > > > I discussed it with the rest of RTE; and we'd be quite favorably disposed to > > someone else taking over hosting of www.tclug.org and www.mn-linux.org. > > > > Set up the new site and we'll make the DNS changes for mn-linux.org (and > > presumably Jima can make the changes for tclug.org). > > Sooo, anyone hear anything more on this subject after it got > green-lighted? Nope. Kind of dependent on John right now, who has done the most recent work on the TCLUG site. (Unless someone wants to coordinate with him on it). -- Carl Soderstrom Systems Administrator Real-Time Enterprises www.real-time.com From jima at beer.tclug.org Thu Apr 1 11:37:40 2010 From: jima at beer.tclug.org (Jima) Date: Thu, 01 Apr 2010 11:37:40 -0500 Subject: [tclug-list] finished with TCLUG site fixes In-Reply-To: <20100401110308.R23809@real-time.com> References: <4BA3AB86.4030104@cruiskeen.com> <20100323103535.O23444@real-time.com> <4BAA514E.1020104@beer.tclug.org> <20100324130222.F23444@real-time.com> <4BB4C07C.7000309@beer.tclug.org> <20100401110308.R23809@real-time.com> Message-ID: <4BB4CBD4.1080109@beer.tclug.org> On 04/01/2010 11:03 AM, Carl Wilhelm Soderstrom wrote: > On 04/01 10:49 , Jima wrote: >> Sooo, anyone hear anything more on this subject after it got >> green-lighted? > > Nope. > Kind of dependent on John right now, who has done the most recent work on > the TCLUG site. (Unless someone wants to coordinate with him on it). I'm not sure how we're directly dependent on John, since he put his work into git: http://github.com/trammell/tclug Jima From chrome at real-time.com Thu Apr 1 11:57:47 2010 From: chrome at real-time.com (Carl Wilhelm Soderstrom) Date: Thu, 1 Apr 2010 11:57:47 -0500 Subject: [tclug-list] finished with TCLUG site fixes In-Reply-To: <4BB4CBD4.1080109@beer.tclug.org>; from jima@beer.tclug.org on Thu, Apr 01, 2010 at 11:37:40AM -0500 References: <4BA3AB86.4030104@cruiskeen.com> <20100323103535.O23444@real-time.com> <4BAA514E.1020104@beer.tclug.org> <20100324130222.F23444@real-time.com> <4BB4C07C.7000309@beer.tclug.org> <20100401110308.R23809@real-time.com> <4BB4CBD4.1080109@beer.tclug.org> Message-ID: <20100401115747.S23809@real-time.com> On 04/01 11:37 , Jima wrote: > I'm not sure how we're directly dependent on John, since he put his > work into git: http://github.com/trammell/tclug Not directly, no. Just saying he's the one who's stepped up and worked on it most recently. If there are others who are interested in doing the work as well, I'm all in favor of letting people compete it out for themselves. :) -- Carl Soderstrom Systems Administrator Real-Time Enterprises www.real-time.com From mbmiller+l at gmail.com Sun Apr 4 12:21:25 2010 From: mbmiller+l at gmail.com (Mike Miller) Date: Sun, 4 Apr 2010 12:21:25 -0500 (CDT) Subject: [tclug-list] Ubuntu samba update messes up symlinks Message-ID: A recent update to samba screwed up symlinks for Windows machines. Some web pages have incorrect information about how to fix this. This is the correct information (but note that the first contributor on that page has "wide symlinks" which is wrong): http://ubuntuforums.org/showthread.php?t=1439092 sudo gedit /etc/samba/smb.conf Then I put this under the [global] section Note: It's "wide links" and not "wide symlinks" follow symlinks = yes wide links = yes unix extensions = no Save it and then run this to restart samba. sudo /etc/init.d/samba restart Mike From admin at lctn.org Sun Apr 4 15:31:36 2010 From: admin at lctn.org (Raymond Norton) Date: Sun, 04 Apr 2010 15:31:36 -0500 Subject: [tclug-list] looking for a lirc pro Message-ID: <4BB8F728.9060301@lctn.org> I am having trouble getting lirc to work on a project. Not sure if the problems I have had are configuration issues, or a problem with the lirc instll via apt. I am starting over from scratch, installing Ubuntu 9.10 now. Has anyone had complete success with lirc on this distro and would be willing to share the steps taken to get it working? Raymond From tclug at freakzilla.com Sun Apr 4 17:26:54 2010 From: tclug at freakzilla.com (Yaron) Date: Sun, 4 Apr 2010 17:26:54 -0500 (CDT) Subject: [tclug-list] looking for a lirc pro In-Reply-To: <4BB8F728.9060301@lctn.org> References: <4BB8F728.9060301@lctn.org> Message-ID: Hi there, On Sun, 4 Apr 2010, Raymond Norton wrote: > I am starting over from scratch, installing Ubuntu 9.10 now. Has anyone > had complete success with lirc on this distro and would be willing to > share the steps taken to get it working? I've had lirc running on several recent Ubuntus. I have it running on 9.10 on a Mac Mini right now, reading multiple Apple remotes hacked into one Harmony remote. I'm pretty sure I was able to just apt-get the thing this time, but in previous iterations, when I had a home-made serial port IR receiver, I had to build it from source. What kind of remote are you using? Something standard or some weird thing? -Yaron -- From SDALAN04 at smumn.edu Sun Apr 4 18:45:11 2010 From: SDALAN04 at smumn.edu (SDALAN04 at smumn.edu) Date: Sun, 04 Apr 2010 18:45:11 -0500 Subject: [tclug-list] For Sale - SnapGear Equipment Message-ID: <2010040423451177a2ef8cfe@mail.smumn.edu> I have two SnapGear Firewall/VPN appliances I'd like to put up for sale. SG300 http://www.snapgear.com/index.cfm?skey=1556 SG565 http://www.snapgear.com/index.cfm?skey=1558 They have never been used and don't need them any longer. I am open to reasonable offers. Thanks- "Great Spirits Have Always Encountered Violent Opposition From Mediocre Minds" - Einstein "Cuanta estupidez en tan poco cerebro!" From admin at lctn.org Mon Apr 5 05:23:45 2010 From: admin at lctn.org (Raymond Norton) Date: Mon, 05 Apr 2010 05:23:45 -0500 Subject: [tclug-list] looking for a lirc pro In-Reply-To: References: <4BB8F728.9060301@lctn.org> Message-ID: <4BB9BA31.9030202@lctn.org> >What kind of remote are you using? Something standard or some weird thing? For my initial setup I am using a commandIR receiver (commandir.com), and a sanyo RB-SL22 remote. I was getting "missing /dev/lirc" errors when running irrecord, or mode2. I just did a new install of Ubuntu 9.10 last night, to get a fresh start. What steps did you take to get your setup running? From tclug at freakzilla.com Mon Apr 5 10:12:27 2010 From: tclug at freakzilla.com (Yaron) Date: Mon, 5 Apr 2010 10:12:27 -0500 (CDT) Subject: [tclug-list] looking for a lirc pro In-Reply-To: <4BB9BA31.9030202@lctn.org> References: <4BB8F728.9060301@lctn.org> <4BB9BA31.9030202@lctn.org> Message-ID: On Mon, 5 Apr 2010, Raymond Norton wrote: > For my initial setup I am using a commandIR receiver (commandir.com), > and a sanyo RB-SL22 remote. I was getting "missing /dev/lirc" errors Try telling it to use /dev/lircd instead of /dev/lirc. That was basically the biggest deal I had, other than telling it which remote file to use. -Yaron -- From admin at lctn.org Mon Apr 5 10:25:33 2010 From: admin at lctn.org (Raymond Norton) Date: Mon, 05 Apr 2010 10:25:33 -0500 Subject: [tclug-list] looking for a lirc pro In-Reply-To: References: <4BB8F728.9060301@lctn.org> <4BB9BA31.9030202@lctn.org> Message-ID: <4BBA00ED.30107@lctn.org> It chooses /dev/lirc on its own when I issue those commands. I created a symlink, but received other errors (can't recall what they were now). What specific steps got it working for you? Yaron wrote: > On Mon, 5 Apr 2010, Raymond Norton wrote: > >> For my initial setup I am using a commandIR receiver (commandir.com), >> and a sanyo RB-SL22 remote. I was getting "missing /dev/lirc" errors > > Try telling it to use /dev/lircd instead of /dev/lirc. That was basically > the biggest deal I had, other than telling it which remote file to use. > > > -Yaron > > -- > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > From tclug at freakzilla.com Mon Apr 5 11:07:15 2010 From: tclug at freakzilla.com (Yaron) Date: Mon, 5 Apr 2010 11:07:15 -0500 (CDT) Subject: [tclug-list] looking for a lirc pro In-Reply-To: <4BBA00ED.30107@lctn.org> References: <4BB8F728.9060301@lctn.org> <4BB9BA31.9030202@lctn.org> <4BBA00ED.30107@lctn.org> Message-ID: On Mon, 5 Apr 2010, Raymond Norton wrote: > It chooses /dev/lirc on its own when I issue those commands. I created a > symlink, but received other errors (can't recall what they were now). /dev/lircd is usually a symlink itself (to /var/run/lirc/lircd), which technically isn't really a device file. You might want to try mode2 --device /dev/lircd and see if that works. The only file I actually modified is /etc/lirc/lircd.conf, where I told it to load my custom remote file (which I created with irrecord). You might want to check /etc/lirc/hardware.conf and make sure that's pointing to the correct hardware driver, too, and make sure lircd is running with the correct driver. > What specific steps got it working for you? > > > > Yaron wrote: >> On Mon, 5 Apr 2010, Raymond Norton wrote: >> >>> For my initial setup I am using a commandIR receiver (commandir.com), >>> and a sanyo RB-SL22 remote. I was getting "missing /dev/lirc" errors >> >> Try telling it to use /dev/lircd instead of /dev/lirc. That was basically >> the biggest deal I had, other than telling it which remote file to use. >> >> >> -Yaron >> >> -- >> >> _______________________________________________ >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >> tclug-list at mn-linux.org >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list >> > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > -Yaron -- From admin at lctn.org Tue Apr 6 11:01:27 2010 From: admin at lctn.org (Raymond Norton) Date: Tue, 06 Apr 2010 11:01:27 -0500 Subject: [tclug-list] Graphic card errors when launching TVtime Message-ID: <4BBB5AD7.3010807@lctn.org> I have a new install of Linux Mint (Ubuntu 9.10) on a Dell Optiplex with the following graphics card: Intel Corporation 82865G Integrated Graphics Controller (rev 02) When I launch TVtime I get the following error: Running tvtime 1.0.2. Reading configuration from /etc/tvtime/tvtime.xml Reading configuration from /home/raymond/.tvtime/tvtime.xml xvoutput: No XVIDEO port found which supports YUY2 images. I found a possible solution here: http://www.linuxquestions.org/questions/linux-software-2/tvtime-no-xvideo-port-found-supports-yuy2-images-ubuntu-9-10-a-775704/ I have attempted to fix it via the following commands, but still get the error: GRUB_CMDLINE_LINUX="nomodeset" run sudo update-grub and REBOOT I have also tried: GRUB_CMDLINE_LINUX="i915.modeset=0" run sudo update-grub and REBOOT Any ideas how to fix this? From bahamutzero8825 at gmail.com Wed Apr 7 19:15:21 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Wed, 07 Apr 2010 19:15:21 -0500 Subject: [tclug-list] Trying to set up a simple firewall Message-ID: <4BBD2019.3010108@gmail.com> I've never set up a firewall on Linux before and after reading around on the internet, I'm still lost. I'm trying to make it so that only certain hosts can access the system with some being able to access certain services and not others. It seems simple enough, so I tried using hosts.allow/hosts.deny, but I can still access the the FTP server even if I have a line such as vsftpd: . I don't really understand xinetd and iptables is way over my head and definitely overkill for what I want to do. This is a headless server (running Debian squeeze) that I do not have physical access to, so no GUIs and I need to be very careful not to lock myself out. From adam.morris at redstargaming.net Wed Apr 7 19:26:53 2010 From: adam.morris at redstargaming.net (Adam Morris) Date: Wed, 07 Apr 2010 19:26:53 -0500 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <4BBD2019.3010108@gmail.com> References: <4BBD2019.3010108@gmail.com> Message-ID: <4BBD22CD.6090603@redstargaming.net> I would recommend taking a look at Shorewall . I can't stand dealing with IPTables myself but Shorewall simplifies the process. Its still not as easy as some of the GUI tools such as Firestarter, but once you read through the tutorials and the getting started guides then you should be able to perform most things pretty easily. -Adam On 4/7/2010 7:15 PM, Andrew Berg wrote: > I've never set up a firewall on Linux before and after reading around on > the internet, I'm still lost. I'm trying to make it so that only certain > hosts can access the system with some being able to access certain > services and not others. It seems simple enough, so I tried using > hosts.allow/hosts.deny, but I can still access the the FTP server even > if I have a line such as vsftpd:. I don't really > understand xinetd and iptables is way over my head and definitely > overkill for what I want to do. This is a headless server (running > Debian squeeze) that I do not have physical access to, so no GUIs and I > need to be very careful not to lock myself out. > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > From jolexa at jolexa.net Wed Apr 7 20:29:55 2010 From: jolexa at jolexa.net (Jeremy Olexa) Date: Wed, 07 Apr 2010 20:29:55 -0500 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <4BBD2019.3010108@gmail.com> References: <4BBD2019.3010108@gmail.com> Message-ID: <4BBD3193.4030002@jolexa.net> On 04/07/2010 07:15 PM, Andrew Berg wrote: > services and not others. It seems simple enough, so I tried using > hosts.allow/hosts.deny, but I can still access the the FTP server even > if I have a line such as vsftpd:. If you have that in hosts.allow, then you need "vsftpd: *" in hosts.deny. Did you try that? Though, I question why you need a ftp server running when you have ssh access (scp/sftp). :) -Jeremy From bahamutzero8825 at gmail.com Wed Apr 7 21:04:23 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Wed, 07 Apr 2010 21:04:23 -0500 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <4BBD3193.4030002@jolexa.net> References: <4BBD2019.3010108@gmail.com> <4BBD3193.4030002@jolexa.net> Message-ID: <4BBD39A7.8000908@gmail.com> On 4/7/2010 8:29 PM, Jeremy Olexa wrote: > If you have that in hosts.allow, then you need "vsftpd: *" in > hosts.deny. Did you try that? Though, I question why you need a ftp > server running when you have ssh access (scp/sftp). :) > I have that line in hosts.deny. For some reason I didn't have "in hosts.deny" at the end of that sentence. As for vsftpd, it's much easier to transfer large binary files with an FTP client than through a shell, and the other people using the server need to transfer files and I don't want them to have shell access. From florin at iucha.net Wed Apr 7 21:47:32 2010 From: florin at iucha.net (Florin Iucha) Date: Wed, 7 Apr 2010 21:47:32 -0500 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <4BBD22CD.6090603@redstargaming.net> References: <4BBD2019.3010108@gmail.com> <4BBD22CD.6090603@redstargaming.net> Message-ID: <20100408024732.GJ29396@iris.iucha.org> On Wed, Apr 07, 2010 at 07:26:53PM -0500, Adam Morris wrote: > I would recommend taking a look at Shorewall > . I can't stand dealing with IPTables myself > but Shorewall simplifies the process. Its still not as easy as some of > the GUI tools such as Firestarter, but once you read through the > tutorials and the getting started guides then you should be able to > perform most things pretty easily. Seconded. I'm using shorewall on all the hosts I administer and it's quite easy to use and powerful. Cheers, florin -- Bruce Schneier expects the Spanish Inquisition. http://geekz.co.uk/schneierfacts/fact/163 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100407/ccf8f810/attachment.pgp From bahamutzero8825 at gmail.com Thu Apr 8 04:39:35 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Thu, 08 Apr 2010 04:39:35 -0500 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <4BBD22CD.6090603@redstargaming.net> References: <4BBD2019.3010108@gmail.com> <4BBD22CD.6090603@redstargaming.net> Message-ID: <4BBDA457.5050609@gmail.com> On 4/7/2010 7:26 PM, Adam Morris wrote: > I would recommend taking a look at Shorewall > . I can't stand dealing with IPTables myself > but Shorewall simplifies the process. Its still not as easy as some of > the GUI tools such as Firestarter, but once you read through the > tutorials and the getting started guides then you should be able to > perform most things pretty easily. It took a while to figure out the roles that each config file (rules/interfaces/policy/shorewall.conf) plays, but once I had that down, it wasn't too difficult to set things up, so thanks! Three questions: Is there any reason not to use REJECT instead of DROP? Timing out could be indicative of other problems, whereas if the client acts as though the host is unreachable, I know I'm being locked out by the firewall. Is it safe to have all ports above 10000 open to the public in order to allow the server to act as a seedbox as long as transmission-daemon is the only service listening on those ports? How should I handle trusted users who have dynamic IPs without allowing everyone who uses the same ISP as they do? From adam.morris at redstargaming.net Thu Apr 8 06:59:30 2010 From: adam.morris at redstargaming.net (Adam Morris) Date: Thu, 08 Apr 2010 06:59:30 -0500 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <4BBDA457.5050609@gmail.com> References: <4BBD2019.3010108@gmail.com> <4BBD22CD.6090603@redstargaming.net> <4BBDA457.5050609@gmail.com> Message-ID: <4BBDC522.6060502@redstargaming.net> 1) Usually, its wiser and more secure to silently drop packets to avoid opening yourself to certain reflective attacks. However, it really depends on your case. If you're on your own private network, and behind a router, its perfectly safe to REJECT packets and then use the router's firewall to DROP packets coming in on those ports from the world. 2) As long as you don't have software running on one of those ports that could be exploited. I would recommend running a nmap scan on your localhost to see if there are any programs you may not realize using ports above 10000. nmap by default doesn't look at the full port range, so you'll need to specify "-p1-65535" as one of the arguments. 3) That's a little difficult. Do they have dynamic DNS set up for themselves? That's the only way I can think you could set that up. On 4/8/2010 4:39 AM, Andrew Berg wrote: > On 4/7/2010 7:26 PM, Adam Morris wrote: >> I would recommend taking a look at Shorewall >> . I can't stand dealing with IPTables myself >> but Shorewall simplifies the process. Its still not as easy as some of >> the GUI tools such as Firestarter, but once you read through the >> tutorials and the getting started guides then you should be able to >> perform most things pretty easily. > It took a while to figure out the roles that each config file > (rules/interfaces/policy/shorewall.conf) plays, but once I had that > down, it wasn't too difficult to set things up, so thanks! > Three questions: > Is there any reason not to use REJECT instead of DROP? Timing out could > be indicative of other problems, whereas if the client acts as though > the host is unreachable, I know I'm being locked out by the firewall. > Is it safe to have all ports above 10000 open to the public in order to > allow the server to act as a seedbox as long as transmission-daemon is > the only service listening on those ports? > How should I handle trusted users who have dynamic IPs without allowing > everyone who uses the same ISP as they do? > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list From bahamutzero8825 at gmail.com Thu Apr 8 08:01:26 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Thu, 08 Apr 2010 08:01:26 -0500 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <4BBDC522.6060502@redstargaming.net> References: <4BBD2019.3010108@gmail.com> <4BBD22CD.6090603@redstargaming.net> <4BBDA457.5050609@gmail.com> <4BBDC522.6060502@redstargaming.net> Message-ID: <4BBDD3A6.40005@gmail.com> On 4/8/2010 6:59 AM, Adam Morris wrote: > 1) Usually, its wiser and more secure to silently drop packets to avoid > opening yourself to certain reflective attacks. > Could you elaborate? It's not a big deal if I have to drop instead of reject packets, but I'd like to know more. > 2) As long as you don't have software running on one of those ports that > could be exploited. I would recommend running a nmap scan on your > localhost to see if there are any programs you may not realize using > ports above 10000. nmap by default doesn't look at the full port range, > so you'll need to specify "-p1-65535" as one of the arguments. > nmap returned some interesting results. I found some ports that should be closed that were filtered and nmap was able to determine their services. There were some other ports open, but nmap couldn't determine the service, so my guess is that these ports were opened by transmission-daemon to connect to other peers. > 3) That's a little difficult. Do they have dynamic DNS set up for > themselves? That's the only way I can think you could set that up. It's done by their ISPs. If they get disconnected from their ISP (e.g. modem reset, service outage), they get a new IP address when they reconnect. I'm mostly worried about myself. Such a situation is rare, but if I get assigned a new IP address, I'm locked out and there's no one to let me back in. I could write a script that would replace Shorewall's rules file with a similar one that would open up ssh to the public so I could log in, but I'd have open ssh to one of my users, all of whom (AFAIK) are clueless when it comes to Linux/Unix and the sole reason they would have shell access would be to execute the script. From kelly.black at penguinpackets.com Thu Apr 8 08:10:28 2010 From: kelly.black at penguinpackets.com (kelly) Date: Thu, 08 Apr 2010 08:10:28 -0500 Subject: [tclug-list] Trying to set up a simple firewall References: <4BBD2019.3010108@gmail.com> <4BBD22CD.6090603@redstargaming.net> <4BBDA457.5050609@gmail.com> <4BBDC522.6060502@redstargaming.net> <4BBDD3A6.40005@gmail.com> Message-ID: <0000107332@mail.penguinpackets.com> > Thu Apr 08 2010 08:01:26 AM CDT from "Andrew Berg" > Subject: Re: [tclug-list] Trying to set up a >simple firewall > > On 4/8/2010 6:59 AM, Adam Morris wrote: >It's done by their ISPs. If they get disconnected from their ISP (e.g. > modem reset, service outage), they get a new IP address when they > reconnect. I'm mostly worried about myself. Such a situation is rare, > but if I get assigned a new IP address, I'm locked out and there's no > one to let me back in. I could write a script that would replace > Shorewall's rules file with a similar one that would open up ssh to the > public so I could log in, but I'd have open ssh to one of my users, all > of whom (AFAIK) are clueless when it comes to Linux/Unix and the sole > reason they would have shell access would be to execute the script. > > > > > > How about port knocking to protect the ssh port instead of block / allow by IP address.? The port knocking daemon can add the rule for you in case your IP address changes (or you need to connect from a different location). Kelly -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100408/095032dd/attachment-0001.htm From SDALAN04 at smumn.edu Thu Apr 8 10:12:06 2010 From: SDALAN04 at smumn.edu (SDALAN04 at smumn.edu) Date: Thu, 08 Apr 2010 10:12:06 -0500 Subject: [tclug-list] Trying to set up a simple firewall Message-ID: <2010040815120686dd952cc4@mail.smumn.edu> On Thursday, April 08, 2010 6:59 AM, Adam Morris wrote: > >Date: Thu, 08 Apr 2010 06:59:30 -0500 >From: Adam Morris >To: TCLUG Mailing List >cc: >Subject: Re: [tclug-list] Trying to set up a simple firewall > >1) Usually, its wiser and more secure to silently drop packets to avoid >opening yourself to certain reflective attacks. However, it really >depends on your case. If you're on your own private network, and behind >a router, its perfectly safe to REJECT packets and then use the router's >firewall to DROP packets coming in on those ports from the world. > Hi Adam- I been recently on the same boat and learning IPtables more seriously for the first time. Coming from PF I always understood that when you drop packets silently with no feed back the sender will most likely resend the unacknowledged packets rather then drop the connection, until a timeout counter expires? However if you return with status codes such as connection refused this a better option? Thanks. >2) As long as you don't have software running on one of those ports that >could be exploited. I would recommend running a nmap scan on your >localhost to see if there are any programs you may not realize using >ports above 10000. nmap by default doesn't look at the full port range, >so you'll need to specify "-p1-65535" as one of the arguments. > >3) That's a little difficult. Do they have dynamic DNS set up for >themselves? That's the only way I can think you could set that up. > >On 4/8/2010 4:39 AM, Andrew Berg wrote: >> On 4/7/2010 7:26 PM, Adam Morris wrote: >>> I would recommend taking a look at Shorewall >>> . I can't stand dealing with IPTables myself >>> but Shorewall simplifies the process. Its still not as easy as some of >>> the GUI tools such as Firestarter, but once you read through the >>> tutorials and the getting started guides then you should be able to >>> perform most things pretty easily. >> It took a while to figure out the roles that each config file >> (rules/interfaces/policy/shorewall.conf) plays, but once I had that >> down, it wasn't too difficult to set things up, so thanks! >> Three questions: >> Is there any reason not to use REJECT instead of DROP? Timing out could >> be indicative of other problems, whereas if the client acts as though >> the host is unreachable, I know I'm being locked out by the firewall. >> Is it safe to have all ports above 10000 open to the public in order to >> allow the server to act as a seedbox as long as transmission-daemon is >> the only service listening on those ports? >> How should I handle trusted users who have dynamic IPs without allowing >> everyone who uses the same ISP as they do? >> >> _______________________________________________ >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >> tclug-list at mn-linux.org >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list > >_______________________________________________ >TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >tclug-list at mn-linux.org >http://mailman.mn-linux.org/mailman/listinfo/tclug-list "Great Spirits Have Always Encountered Violent Opposition From Mediocre Minds" - Einstein "Cuanta estupidez en tan poco cerebro!" From adam.morris at redstargaming.net Thu Apr 8 10:39:56 2010 From: adam.morris at redstargaming.net (adam.morris at redstargaming.net) Date: Thu, 08 Apr 2010 11:39:56 -0400 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <2010040815120686dd952cc4@mail.smumn.edu> References: <2010040815120686dd952cc4@mail.smumn.edu> Message-ID: Any public facing firewall should _always_ use DROP. Otherwise you leave your firewall to be used by hackers using IP spoofing for DDOS attacks (the reflective attacks I mentioned), and, at least in the United States, you are held liable for any DDOS attacks that are using your server's firewall. Its up to your policy whether or not you want your internal firewalls to use drop or reject. Usually, for internal stuff most people use reject since it makes diagnosing network issues easier. -Adam On Thu, 08 Apr 2010 10:12:06 -0500, SDALAN04 at smumn.edu wrote: > On Thursday, April 08, 2010 6:59 AM, Adam Morris wrote: >> >>Date: Thu, 08 Apr 2010 06:59:30 -0500 >>From: Adam Morris >>To: TCLUG Mailing List >>cc: >>Subject: Re: [tclug-list] Trying to set up a simple firewall >> >>1) Usually, its wiser and more secure to silently drop packets to avoid >>opening yourself to certain reflective attacks. However, it really >>depends on your case. If you're on your own private network, and behind >>a router, its perfectly safe to REJECT packets and then use the router's >>firewall to DROP packets coming in on those ports from the world. >> > > Hi Adam- > > I been recently on the same boat and learning IPtables more seriously for > the first time. > > Coming from PF I always understood that when you drop packets silently > with no feed back the sender will most likely resend the unacknowledged > packets rather then drop the connection, until a timeout counter expires? > > However if you return with status codes such as connection refused this a > better option? > > Thanks. > >>2) As long as you don't have software running on one of those ports that >>could be exploited. I would recommend running a nmap scan on your >>localhost to see if there are any programs you may not realize using >>ports above 10000. nmap by default doesn't look at the full port range, >>so you'll need to specify "-p1-65535" as one of the arguments. >> >>3) That's a little difficult. Do they have dynamic DNS set up for >>themselves? That's the only way I can think you could set that up. >> >>On 4/8/2010 4:39 AM, Andrew Berg wrote: >>> On 4/7/2010 7:26 PM, Adam Morris wrote: >>>> I would recommend taking a look at Shorewall >>>> . I can't stand dealing with IPTables >>>> myself >>>> but Shorewall simplifies the process. Its still not as easy as some of >>>> the GUI tools such as Firestarter, but once you read through the >>>> tutorials and the getting started guides then you should be able to >>>> perform most things pretty easily. >>> It took a while to figure out the roles that each config file >>> (rules/interfaces/policy/shorewall.conf) plays, but once I had that >>> down, it wasn't too difficult to set things up, so thanks! >>> Three questions: >>> Is there any reason not to use REJECT instead of DROP? Timing out could >>> be indicative of other problems, whereas if the client acts as though >>> the host is unreachable, I know I'm being locked out by the firewall. >>> Is it safe to have all ports above 10000 open to the public in order to >>> allow the server to act as a seedbox as long as transmission-daemon is >>> the only service listening on those ports? >>> How should I handle trusted users who have dynamic IPs without allowing >>> everyone who uses the same ISP as they do? >>> >>> _______________________________________________ >>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >>> tclug-list at mn-linux.org >>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list >> >>_______________________________________________ >>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >>tclug-list at mn-linux.org >>http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > > "Great Spirits Have Always Encountered Violent Opposition From Mediocre > Minds" - Einstein > > "Cuanta estupidez en tan poco cerebro!" > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list From adam.morris at redstargaming.net Thu Apr 8 10:46:42 2010 From: adam.morris at redstargaming.net (adam.morris at redstargaming.net) Date: Thu, 08 Apr 2010 11:46:42 -0400 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <4BBDD3A6.40005@gmail.com> References: <4BBD2019.3010108@gmail.com> <4BBD22CD.6090603@redstargaming.net> <4BBDA457.5050609@gmail.com> <4BBDC522.6060502@redstargaming.net> <4BBDD3A6.40005@gmail.com> Message-ID: I just sent another email on the list explaining why DROP is bad for public facing firewalls on another fork of the thread here. Yeah, that sounds about right. Most of the newer torrent clients don't get identified by nmap. Take the output it gives you when you do a -sV scan against your machine and send it to nmap with the details of the app. Can you get on another computer in the network? Try doing the nmap there. You may have a full whitelist for 127.0.0.1 which is actually probably a good idea. If you still see the ports open, try telnetting to them and see if you get a response. Try the port knocking that Kelly mentioned. However understand that port knocking comes with its own security risks. If someone is watching when you do your knocking sequence, they can perform the same sequence later. Realistically, unless you're a government organization, this probably won't become an issue. -Adam On Thu, 08 Apr 2010 08:01:26 -0500, Andrew Berg wrote: > On 4/8/2010 6:59 AM, Adam Morris wrote: >> 1) Usually, its wiser and more secure to silently drop packets to avoid >> opening yourself to certain reflective attacks. >> > Could you elaborate? It's not a big deal if I have to drop instead of > reject packets, but I'd like to know more. >> 2) As long as you don't have software running on one of those ports that >> could be exploited. I would recommend running a nmap scan on your >> localhost to see if there are any programs you may not realize using >> ports above 10000. nmap by default doesn't look at the full port range, >> so you'll need to specify "-p1-65535" as one of the arguments. >> > nmap returned some interesting results. I found some ports that should > be closed that were filtered and nmap was able to determine their > services. There were some other ports open, but nmap couldn't determine > the service, so my guess is that these ports were opened by > transmission-daemon to connect to other peers. >> 3) That's a little difficult. Do they have dynamic DNS set up for >> themselves? That's the only way I can think you could set that up. > It's done by their ISPs. If they get disconnected from their ISP (e.g. > modem reset, service outage), they get a new IP address when they > reconnect. I'm mostly worried about myself. Such a situation is rare, > but if I get assigned a new IP address, I'm locked out and there's no > one to let me back in. I could write a script that would replace > Shorewall's rules file with a similar one that would open up ssh to the > public so I could log in, but I'd have open ssh to one of my users, all > of whom (AFAIK) are clueless when it comes to Linux/Unix and the sole > reason they would have shell access would be to execute the script. > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list From bahamutzero8825 at gmail.com Thu Apr 8 11:06:06 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Thu, 08 Apr 2010 11:06:06 -0500 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: References: <4BBD2019.3010108@gmail.com> <4BBD22CD.6090603@redstargaming.net> <4BBDA457.5050609@gmail.com> <4BBDC522.6060502@redstargaming.net> <4BBDD3A6.40005@gmail.com> Message-ID: <4BBDFEEE.7010500@gmail.com> On 4/8/2010 10:46 AM, adam.morris at redstargaming.net wrote: > Can you get on another computer in the network? Try doing the nmap there. > You may have a full whitelist for 127.0.0.1 which is actually probably a > good idea. If you still see the ports open, try telnetting to them and see > if you get a response. > I only control one box in that network. I ran the scan from the computer I normally use to log in. > Try the port knocking that Kelly mentioned. However understand that port > knocking comes with its own security risks. If someone is watching when > you do your knocking sequence, they can perform the same sequence later. > Realistically, unless you're a government organization, this probably won't > become an issue. > I stumbled upon http://www.cipherdyne.org/fwknop while googling. Seems to be more secure than regular port knocking and I can use a PGP key exchange to authenticate. I do wish there were a CLI version of the client available for Windows, though, since the GUI doesn't have any docs and is less than intuitive. From jolexa at jolexa.net Thu Apr 8 11:21:34 2010 From: jolexa at jolexa.net (Jeremy Olexa) Date: Thu, 08 Apr 2010 16:21:34 +0000 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <4BBDFEEE.7010500@gmail.com> References: <4BBD2019.3010108@gmail.com> <4BBD22CD.6090603@redstargaming.net> <4BBDA457.5050609@gmail.com> <4BBDC522.6060502@redstargaming.net> <4BBDD3A6.40005@gmail.com> <4BBDFEEE.7010500@gmail.com> Message-ID: <4a320ccbce5fc451ecdf3c91e04dcec6@mail.jolexa.net> On Thu, 08 Apr 2010 11:06:06 -0500, Andrew Berg wrote: > On 4/8/2010 10:46 AM, adam.morris at redstargaming.net wrote: >> Can you get on another computer in the network? Try doing the nmap there. >> You may have a full whitelist for 127.0.0.1 which is actually probably a >> good idea. If you still see the ports open, try telnetting to them and see >> if you get a response. >> > I only control one box in that network. I ran the scan from the computer > I normally use to log in. Your ISP is probably filtering the ports. Comcast does at least. -Jeremy From sloncho at gmail.com Fri Apr 9 08:54:39 2010 From: sloncho at gmail.com (Sunny) Date: Fri, 9 Apr 2010 08:54:39 -0500 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: <4BBD2019.3010108@gmail.com> References: <4BBD2019.3010108@gmail.com> Message-ID: On Wed, Apr 7, 2010 at 7:15 PM, Andrew Berg wrote: > I've never set up a firewall on Linux before and after reading around on > the internet, I'm still lost. I'm trying to make it so that only certain > hosts can access the system with some being able to access certain > services and not others. It seems simple enough, so I tried using > hosts.allow/hosts.deny, but I can still access the the FTP server even > if I have a line such as vsftpd: . I don't really > understand xinetd and iptables is way over my head and definitely > overkill for what I want to do. This is a headless server (running > Debian squeeze) that I do not have physical access to, so no GUIs and I > need to be very careful not to lock myself out. > Try fwbuilder (http://www.fwbuilder.org/). This is very nice GUI tool to build firewalls. When you done, it compiles the right iptables rules to install on your machine. Very nice and intuitive to use for even very complex setups. The designer runs even on windows, and then you deploy wherever you want. -- Svetoslav Milenov (Sunny) Artificial Intelligence is no match for natural stupidity. From bahamutzero8825 at gmail.com Sun Apr 11 01:09:40 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Sun, 11 Apr 2010 01:09:40 -0500 Subject: [tclug-list] Trying to set up a simple firewall In-Reply-To: References: <4BBD2019.3010108@gmail.com> Message-ID: <4BC167A4.1000703@gmail.com> On 4/9/2010 8:54 AM, Sunny wrote: > Try fwbuilder (http://www.fwbuilder.org/). This is very nice GUI tool > to build firewalls. When you done, it compiles the right iptables > rules to install on your machine. Very nice and intuitive to use for > even very complex setups. The designer runs even on windows, and then > you deploy wherever you want. Shorewall is working nicely and it would be a hassle to configure everything on my end and then apply it remotely, especially if I'm troubleshooting and have to try many configurations that are only small variants of each other. Thanks anyway. From bahamutzero8825 at gmail.com Mon Apr 12 22:57:24 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Mon, 12 Apr 2010 22:57:24 -0500 Subject: [tclug-list] Need a simple web interface to passwd Message-ID: <4BC3EBA4.2010108@gmail.com> I need a simple web interface to let users change their passwords. I don't want them to have shell access since they wouldn't know how to use it (and it limits what an attacker can do if the account is compromised). Usermin doesn't always work right, and it seems to screw up passwords, making it impossible for users to log in via FTP (and probably other services like HTTP). I want it to be a simple interface to passwd (Usermin uses MD5 hashes for some reason and passwd uses SHA-512). I have Apache already set up (and users are authenticated using their system account credentials; no anonymous users are allowed), so it doesn't need its own webserver capabilities. From gm5729 at gmail.com Mon Apr 12 23:23:38 2010 From: gm5729 at gmail.com (gm5729) Date: Mon, 12 Apr 2010 23:23:38 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: <4BC3EBA4.2010108@gmail.com> References: <4BC3EBA4.2010108@gmail.com> Message-ID: On Mon, Apr 12, 2010 at 22:57, Andrew Berg wrote: > I need a simple web interface to let users change their passwords. I > don't want them to have shell access since they wouldn't know how to use > it (and it limits what an attacker can do if the account is > compromised). Usermin doesn't always work right, and it seems to screw > up passwords, making it impossible for users to log in via FTP (and > probably other services like HTTP). I want it to be a simple interface > to passwd (Usermin uses MD5 hashes for some reason and passwd uses > SHA-512). I have Apache already set up (and users are authenticated > using their system account credentials; no anonymous users are allowed), > so it doesn't need its own webserver capabilities. > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > I wouldn't be using any application that has a critical or mission sensitive role with MD5 hashes. My minimum would be SHA512 or BLOWFISH. For Blowfish a kernel re-compile would be required. If I'm understanding this correctly all your users are or have the ability to SSH to the box but have no shell. Is this some kind of storage mechanism for users? If it is only allow scp of all users and set /etc/passwd to /bin/false If you do this then on the other end since Apache is already in place you can use the certs for your site to generate a https html pages for each user. With that page they can tell what is in their "space" and it allows them to download the files that were scp'd originally by just right clicking on them and saving. The same thing can happen for ftp, but https is more secure. If they want to replace their files they can scp the new one up. As far as password resets the places I worked had to call the help desk and they would reset it for the user and bill the ticket to the appropriate department. We had like 10-12 different applications, main frames and email to handle for these items. VP -- -- If there is a question to the validity of this email please phone for validation. Proudly presented by Mutt, GNUPG, Vi/m and GNU/Linux via CopyLeft. GNU/Linux is about Freedom to compute as you want and need to, and share your work unencumbered and have others do the same with you. Key : 0xD53A8E1 From bahamutzero8825 at gmail.com Mon Apr 12 23:52:14 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Mon, 12 Apr 2010 23:52:14 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> Message-ID: <4BC3F87E.50105@gmail.com> On 4/12/2010 11:23 PM, gm5729 wrote: > If I'm understanding this correctly all your users are or have the > ability to SSH to the box but have no shell. No one is allowed to connect to the ssh daemon except me, but each user does have a shell (see below). The idea is to let them change their passwords without needing to access the ssh daemon. > Is this some kind of > storage mechanism for users? If it is only allow scp of all users and > set /etc/passwd to /bin/false I set the users' shells to /bin/false and the result was that they became unable to login via FTP, with the daemon returning 530 Login incorrect. With their default shell set to /bin/bash, they are able to login. > If you do this then on the other end > since Apache is already in place you can use the certs for your site > to generate a https html pages for each user. HTTPS is already set up and all pages are secure and require authentication. > As far as password resets the places I worked had to call the help > desk and they would reset it for the user and bill the ticket to the > appropriate department. We had like 10-12 different applications, main > frames and email to handle for these items. I have root access, so I can reset passwords for the users. I want them to have the ability to change their own passwords without my intervention. From gm5729 at gmail.com Tue Apr 13 02:11:43 2010 From: gm5729 at gmail.com (gm5729) Date: Tue, 13 Apr 2010 02:11:43 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: <4BC3F87E.50105@gmail.com> References: <4BC3EBA4.2010108@gmail.com> <4BC3F87E.50105@gmail.com> Message-ID: On Mon, Apr 12, 2010 at 23:52, Andrew Berg wrote: > On 4/12/2010 11:23 PM, gm5729 wrote: >> If I'm understanding this correctly all your users are or have the >> ability to SSH to the box but have no shell. > No one is allowed to connect to the ssh daemon except me, but each user > does have a shell (see below). The idea is to let them change their > passwords without needing to access the ssh daemon. >> Is this some kind of >> storage mechanism for users? If it is only allow scp of all users and >> set /etc/passwd to /bin/false > I set the users' shells to /bin/false and the result was that they > became unable to login via FTP, with the daemon returning 530 Login > incorrect. With their default shell set to /bin/bash, they are able to > login. >> If you do this then on the other end >> since Apache is already in place you can use the certs for your site >> to generate a https html pages for each user. > HTTPS is already set up and all pages are secure and require authentication. >> As far as password resets the places I worked had to call the help >> desk and they would reset it for the user and bill the ticket to the >> appropriate department. We had like 10-12 different applications, main >> frames and email to handle for these items. > I have root access, so I can reset passwords for the users. I want them > to have the ability to change their own passwords without my intervention. > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > I totally hear what your saying on wanting them to be able to change their passwords. A script would have to be written to do so on a web page depending on if you can script or someone else will in the dept or outsource it. The user can already do so under normal privileges, but you don't want them to use ssh access. FreeNAS has a web setup that I'm basing this off of that I used for awhile. I had some serious instability issues with the Filesystem that wiped out data and settings, which is why I stopped using it. YMMV. It was purely hobby. Instead of Apache they used LightHttpd/Tomcat. Well if it wasn't /bin/false then it must have been /bin/sh. With the sh access you could only scp to the machine. You're going to have to make sure there are no hard or soft links to sh > bash otherwise they have shell access. Honestly your life as a sys admin would probably be easier to use your ssh/d configs properly with Allowuser lines, /etc/host.allow /etc/hosts.deny, utilize not only the /etc/groups but PAM. That's what its there for anyway. You are giving them openssl/shell access (which is closely related to ssh/d) by logging in on one end of a secure site, but wanting to deny them on the other. If you can't trust your users in what sounds like a business atmosphere IMHO they shouldn't ever be allowed access to the box. With the above files you can parse down to who can use a cdrom drive, adn who cant, lock down all usb/storage. With Hal being deprecated and distros pulling it out as a dependency and adding console-kit, devkit, polkit those are also access control tools. Monitoring you logs, and setting up a cron job on certain conditions that are met or not met is easy to grep out. It's early, late or something another. Have a good day. I hope I gave you some ideas you may not have thought of or something else. VP -- -- If there is a question to the validity of this email please phone for validation. Proudly presented by Mutt, GNUPG, Vi/m and GNU/Linux via CopyLeft. GNU/Linux is about Freedom to compute as you want and need to, and share your work unencumbered and have others do the same with you. Key : 0xD53A8E1 From bahamutzero8825 at gmail.com Tue Apr 13 03:55:24 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Tue, 13 Apr 2010 03:55:24 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> <4BC3F87E.50105@gmail.com> Message-ID: <4BC4317C.5040804@gmail.com> On 4/13/2010 2:11 AM, gm5729 wrote: > I totally hear what your saying on wanting them to be able to change > their passwords. A script would have to be written to do so on a web > page depending on if you can script or someone else will in the dept > or outsource it. > I'm the only one who could write such a script (see below), but I don't know any languages that would be helpful (the only languages I know beyond a few very simple commands are Bash and batch files). I'm sure PHP would be helpful. > You are giving them openssl/shell access (which > is closely related to ssh/d) by logging in on one end of a secure > site, but wanting to deny them on the other. If you can't trust your > users in what sounds like a business atmosphere IMHO they shouldn't > ever be allowed access to the box. This is a private server (remote access only since we're renting the box) used for file transfer among friends. I trust the others not to intentionally try to compromise or damage the system, but they're clueless when it comes to Linux and the command line. They don't need it and if an attacker compromised one of their accounts, he would have a hard time doing any real damage beyond deleting all the files the user is allowed to access (and the users are even chrooted to the common file share directory). I'm administering it because I'm the only who has a clue how to run Linux. I've never run a server before, so I still have much to learn. > With the above files you can parse > down to who can use a cdrom drive, adn who cant, lock down all > usb/storage. Who can access which directories is done by Apache and the FTP daemon. Who can access which services is done by the firewall. From gm5729 at gmail.com Tue Apr 13 07:12:26 2010 From: gm5729 at gmail.com (gm5729) Date: Tue, 13 Apr 2010 07:12:26 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: <4BC4317C.5040804@gmail.com> References: <4BC3EBA4.2010108@gmail.com> <4BC3F87E.50105@gmail.com> <4BC4317C.5040804@gmail.com> Message-ID: On Tue, Apr 13, 2010 at 03:55, Andrew Berg wrote: > On 4/13/2010 2:11 AM, gm5729 wrote: >> I totally hear what your saying on wanting them to be able to change >> their passwords. A script would have to be written to do so on a web >> page depending on if you can script or someone else will in the dept >> or outsource it. >> > I'm the only one who could write such a script (see below), but I don't > know any languages that would be helpful (the only languages I know > beyond a few very simple commands are Bash and batch files). I'm sure > PHP would be helpful. >> You are giving them openssl/shell access (which >> is closely related to ssh/d) by logging in on one end of a secure >> site, but wanting to deny them on the other. If you can't trust your >> users in what sounds like a business atmosphere IMHO they shouldn't >> ever be allowed access to the box. > This is a private server (remote access only since we're renting the > box) used for file transfer among friends. I trust the others not to > intentionally try to compromise or damage the system, but they're > clueless when it comes to Linux and the command line. They don't need it > and if an attacker compromised one of their accounts, he would have a > hard time doing any real damage beyond deleting all the files the user > is allowed to access (and the users are even chrooted to the common file > share directory). I'm administering it because I'm the only who has a > clue how to run Linux. I've never run a server before, so I still have > much to learn. >> With the above files you can parse >> down to who can use a cdrom drive, adn who cant, lock down all >> usb/storage. > Who can access which directories is done by Apache and the FTP daemon. > Who can access which services is done by the firewall. > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > If you're ascripter you 3/4's of the way there. LAMP is usually == Linux Apache MySQL PerlPHP or PHP. PHP is probably the most prevelant in web applications. But BASH, SED, AWK, GAWK and PERL are the sys admins domain for languages of choice. So use each one were you feel it would be easiet. Root can only start IPTABLEs and that is usually done at boot. I run archlinux so MOST of my initializing daemons and modules are listed in /etc/rc.conf. But regardless ALL runlevel scripts are done in /etc which is locked down to root. You can chroot jail users who have shell access you know too so no one can creep back up the tree. Permissions, Permissions, Permissions.... /var/www is Root and you can limit with chroot jails, chroot jails can be assigned in ssh/d configs, PAM, a whole load of tools. I can't stress enough watch your logs. IPTABLES can go great with port knocking which adds another layer of security. Fail2Ban or SSHGUARD is another tool that adds a temporary ban to anyone hitting a port to fast in too many secs. This is good for slowing down automated scripts because they like to hit FAST and furious in brute force. LONG LONG Passphrases. If someone wants to ssh into my box. They won't get away with at least a minimum 30 charc passphrase or more! I don't follow you must change them 30 days, but they do need to be changed quickly if a person is pink slipped or transfers. Couple more ideas. Skype is secure by it's design. Even it's creators can't snoop on a P2P or conference call. Pidgin has OTR and GPG/RSA encryption available. Files transfers can be done there. THE BEST application I have ever seen that has email, P2P, file sharing, IM, Chat and is TOTALLY encrypted end to end in a GUI! This application runs on linux only that I know about and it is called RetroShare. It is all the above plus its a SERVERLESS box. The keys generated by the program "link" together each participant. So it's easy to unlink them if necessary. If I were "renting" a box I wouldn't entrust any business secrets on it unless you are running GPG, scrypt, or bcrypt. I have issues with Truecrypt and think it too complicated of an encryption application. I've had some fuse encryption go south on me as have had kernel. LUKS/DM-CRYPT are good for a whole drive. The three above I mentioned scrypt is my encryption of choice followed by bcrypt. I usually keep GPG relagated to emails because I have lost my secret key before and have had backup failures that destroyed those keys. The other two apps have their keys hashed in them so you only have to remember your passphrases. My password for my boxen as root are ~charcs or more. My $user passwds for my boxen are ~15-20 charcs. VP -- -- If there is a question to the validity of this email please phone for validation. Proudly presented by Mutt, GNUPG, Vi/m and GNU/Linux via CopyLeft. GNU/Linux is about Freedom to compute as you want and need to, and share your work unencumbered and have others do the same with you. Key : 0xD53A8E1 From bahamutzero8825 at gmail.com Tue Apr 13 08:03:25 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Tue, 13 Apr 2010 08:03:25 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> <4BC3F87E.50105@gmail.com> <4BC4317C.5040804@gmail.com> Message-ID: <4BC46B9D.4030105@gmail.com> On 4/13/2010 7:12 AM, gm5729 wrote: > You can chroot jail users who have shell access you know too so no one > can creep back up the tree. Permissions, Permissions, Permissions.... > Perhaps I could chroot ssh users to an empty directory, though somehow I think they may still be able to shoot themselves in the foot... My main concern with these users is that they could accidentally do something bad to the shared directory, and not so much that they would even have a clue how to mess up the system overall. Also, AFAIK, it's impossible to get root access without knowing the credentials of someone who has shell access, even if you know root's password (assuming of course that root is not allowed to log into FTP or SSH, which is the case here). > IPTABLES can go great with port > knocking which adds another layer of security. Shorewall (a frontend to iptables) seems to be working nicely. The policy is a whitelist, letting only the handful of us in to access a few select ports. A script kiddie would have to hijack one of my users' machines to even have a hope of trying to compromise an account. If it's possible, I'd like to restrict logins to each specific account so that each user couldn't log in as another, even though both users are allowed to use the system. > LONG LONG > Passphrases. If someone wants to ssh into my box. They won't get away > with at least a minimum 30 charc passphrase or more! Unfortunately, there are easier ways for someone to compromise one of my users' accounts than brute force. Stupid FTP clients don't protect their site managers... > I don't follow > you must change them 30 days, but they do need to be changed quickly > if a person is pink slipped or transfers. > If someone gets kicked out, their account is gone. I don't need to recycle accounts. > Couple more ideas. Skype is secure by it's design. Even it's creators > can't snoop on a P2P or conference call. Pidgin has OTR and GPG/RSA > encryption available. Files transfers can be done there. > We're dealing with very large files shared by multiple people who are not going to schedule a meeting to transfer files. > If I were "renting" a box I wouldn't > entrust any business secrets on it unless you are running GPG, scrypt, > or bcrypt. I trust the host enough not to go snooping around. Not that we keep anything really sensitive on the box anyway. > I have issues with Truecrypt and think it too complicated > of an encryption application. I have TrueCrypt on my laptop and I don't find it terribly complicated. There's too much that can go wrong during initial set up that can cause a lot of hassle on a box I don't have physical access to, though. > My password for my boxen as root > are ~charcs or more. My $user passwds for my boxen are ~15-20 charcs. I admit I do need a longer root password, but if I can't remember a 15-character password, I can't trust my users (who are a lot less security-conscious than I am) to use a long password /and/ protect it properly from co-workers and other nosy people. A 20-character isn't any stronger than a 5-character one if it's on a post-it note stickied to the monitor. A brute-force attack is extremely impractical unless an attacker can bypass the firewall. From nesius at gmail.com Tue Apr 13 08:36:51 2010 From: nesius at gmail.com (Robert Nesius) Date: Tue, 13 Apr 2010 08:36:51 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: <4BC3EBA4.2010108@gmail.com> References: <4BC3EBA4.2010108@gmail.com> Message-ID: On Mon, Apr 12, 2010 at 10:57 PM, Andrew Berg wrote: > I need a simple web interface to let users change their passwords. I > don't want them to have shell access since they wouldn't know how to use > it (and it limits what an attacker can do if the account is > compromised). Usermin doesn't always work right, and it seems to screw > up passwords, making it impossible for users to log in via FTP (and > probably other services like HTTP). I want it to be a simple interface > to passwd (Usermin uses MD5 hashes for some reason and passwd uses > SHA-512). I have Apache already set up (and users are authenticated > using their system account credentials; no anonymous users are allowed), > so it doesn't need its own webserver capabilities. Why not just set their shell to a stub-shell that only allows them to run the passwd command, or allows them to log out? -Rob From gm5729 at gmail.com Tue Apr 13 09:04:14 2010 From: gm5729 at gmail.com (gm5729) Date: Tue, 13 Apr 2010 09:04:14 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> Message-ID: On Tue, Apr 13, 2010 at 08:36, Robert Nesius wrote: > On Mon, Apr 12, 2010 at 10:57 PM, Andrew Berg wrote: >> I need a simple web interface to let users change their passwords. I >> don't want them to have shell access since they wouldn't know how to use >> it (and it limits what an attacker can do if the account is >> compromised). Usermin doesn't always work right, and it seems to screw >> up passwords, making it impossible for users to log in via FTP (and >> probably other services like HTTP). I want it to be a simple interface >> to passwd (Usermin uses MD5 hashes for some reason and passwd uses >> SHA-512). I have Apache already set up (and users are authenticated >> using their system account credentials; no anonymous users are allowed), >> so it doesn't need its own webserver capabilities. > > Why not just set their shell to a stub-shell that only allows them to > run the passwd command, or allows them to log out? > > -Rob > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > SFTP is an option. But Retroshare can do large files FAST. and encryptd end to end. It sounds like though in a few stements you made you're saying ftp sharing. But some other statements you have made hint at you need the ability to ulaod files but version control. So SVN, GIT and CVS would work and a lock file coud be created when one person opens that file. Generic email accts are set somewhere between 10-20mb for attachment. Split and cat are good for breaking up and file and reassemling it at the other end. VP -- -- If there is a question to the validity of this email please phone for validation. Proudly presented by Mutt, GNUPG, Vi/m and GNU/Linux via CopyLeft. GNU/Linux is about Freedom to compute as you want and need to, and share your work unencumbered and have others do the same with you. Key : 0xD53A8E1 From cwgriesel at gmail.com Tue Apr 13 09:39:44 2010 From: cwgriesel at gmail.com (Curtis Griesel) Date: Tue, 13 Apr 2010 09:39:44 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: <4BC3EBA4.2010108@gmail.com> References: <4BC3EBA4.2010108@gmail.com> Message-ID: Why not authenticate via LDAP or some other directory server, then let the user manage their LDAP account via a web interface? You can also manage web user accounts with a simple database -- that is what most CMS systems do (Wordpress, Drupal, etc.). But LDAP is more robust. Using system accounts to manage web users sounds like making things more difficult than they need to be. If you want to provide a web front-end to your server, why not use a web-friendly account management tool like LDAP? Curts On Mon, Apr 12, 2010 at 10:57 PM, Andrew Berg wrote: > I need a simple web interface to let users change their passwords. I > don't want them to have shell access since they wouldn't know how to use > it (and it limits what an attacker can do if the account is > compromised). Usermin doesn't always work right, and it seems to screw > up passwords, making it impossible for users to log in via FTP (and > probably other services like HTTP). I want it to be a simple interface > to passwd (Usermin uses MD5 hashes for some reason and passwd uses > SHA-512). I have Apache already set up (and users are authenticated > using their system account credentials; no anonymous users are allowed), > so it doesn't need its own webserver capabilities. > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/5c1813f1/attachment.htm From ryanjcole at me.com Tue Apr 13 09:49:33 2010 From: ryanjcole at me.com (Ryan Coleman) Date: Tue, 13 Apr 2010 09:49:33 -0500 Subject: [tclug-list] Mounting a bad NTFS partition Message-ID: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> I have a drive given to me by a family member who needs data recovered. It was running Windows XP Professional and was his work hard drive before retirement. His employer was able to recover data from it, however conveniently was unable to recover many GBs of personal data. I'm operating under the understanding that they just didn't try and/or didn't want to spend corporate resources on recovering a 25-year employee's personal documents from his company computer. When I try to mount the device with mount_ntfs I get the following message: [root at server /]# mount /dev/da0s1 /mount/drive1 mount: /dev/da0s1 : Invalid argument fdisk report: [root at server /]# fdisk /dev/da0 ******* Working on device /dev/da0 ******* parameters extracted from in-core disklabel are: cylinders=9729 heads=255 sectors/track=63 (16065 blks/cyl) Figures below won't work with BIOS for partitions not in cyl 1 parameters to be used for BIOS calculations are: cylinders=9729 heads=255 sectors/track=63 (16065 blks/cyl) Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: sysid 7 (0x07),(NTFS, OS/2 HPFS, QNX-2 (16 bit) or Advanced UNIX) start 63, size 156295377 (76316 Meg), flag 0 beg: cyl 0/ head 1/ sector 1; end: cyl 1023/ head 239/ sector 63 The data for partition 2 is: The data for partition 3 is: The data for partition 4 is: I was given leads to using ddrescue and dd but frankly that is outside of my realm of knowledge and 9 of the 10 NTFS partitions that refused to mount in Windows have mounted so far in FreeBSD (I'm running 8.0). The drive is presently connected via USB on a SATA sled. I know that there's something to be had on there somewhere: [root at server /]# more /dev/da0s1 ^ASs;D+'M;BuC@<99><9E>N^K<96>#W^T^X-^Z:<87><8D>OIvV^Y^mK^M]"2Xj'j?r^A<99>~o<85><93>
<85>^E|<8C>w}kZv8^Wp8<9D>^U"<9B> <97>`Iz@^F^C^K^U~JPs^^+#<92>}<81>%oS7^Y<93> QJ^]^Lt=K+<88>dN1<9A>qY^^Xm Any help would be GREATLY appreciated. I'd like to recover all the family history files and photos that [corporate conglomerate redacted] could not do. Thanks a million! -- Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/c9efa6c1/attachment.htm From ian.greenleaf at gmail.com Tue Apr 13 10:01:28 2010 From: ian.greenleaf at gmail.com (Ian Young) Date: Tue, 13 Apr 2010 10:01:28 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> Message-ID: <4BC48748.8010002@gmail.com> Check out testdisk: http://www.cgsecurity.org/wiki/TestDisk. The fact that you can see the device at all is a pretty good sign. There's a decent chance that testdisk will be able to recreate the partition table and everything will come back. If that doesn't work, PhotoRec (http://www.cgsecurity.org/wiki/PhotoRec) might be able to pull of a good number of files (especially common ones like Word docs and image files), although you will lose the file names and directory structures at that point. As for ddrescue, you probably don't have to worry about it. Using ddrescue allows you to make a complete copy of the drive on another drive. This is most important if a drive is physically failing and reading from it is unreliable. It also gives you a nice safety net in case your recovery efforts accidentally make the situation worse, but if you're careful I don't think that's too likely. Ian On 04/13/2010 09:49 AM, Ryan Coleman wrote: > I have a drive given to me by a family member who needs data recovered. > It was running Windows XP Professional and was his work hard drive > before retirement. > > His employer was able to recover data from it, however conveniently was > unable to recover many GBs of personal data. I'm operating under the > understanding that they just didn't try and/or didn't want to spend > corporate resources on recovering a 25-year employee's personal > documents from his company computer. > > When I try to mount the device with /mount_ntfs /I get the following > message: > [root at server /]# mount /dev/da0s1 /mount/drive1 > /mount: /dev/da0s1 : Invalid argument/ > > fdisk report: > [root at server /]# fdisk /dev/da0 > /******* Working on device /dev/da0 *******/ > /parameters extracted from in-core disklabel are:/ > /cylinders=9729 heads=255 sectors/track=63 (16065 blks/cyl)/ > / > / > /Figures below won't work with BIOS for partitions not in cyl 1/ > /parameters to be used for BIOS calculations are:/ > /cylinders=9729 heads=255 sectors/track=63 (16065 blks/cyl)/ > / > / > /Media sector size is 512/ > /Warning: BIOS sector numbering starts with sector 1/ > /Information from DOS bootblock is:/ > /The data for partition 1 is:/ > /sysid 7 (0x07),(NTFS, OS/2 HPFS, QNX-2 (16 bit) or Advanced UNIX)/ > / start 63, size 156295377 (76316 Meg), flag 0/ > / beg: cyl 0/ head 1/ sector 1;/ > / end: cyl 1023/ head 239/ sector 63/ > /The data for partition 2 is:/ > // > /The data for partition 3 is:/ > // > /The data for partition 4 is:/ > // > > I was given leads to using ddrescue and dd but frankly that is outside > of my realm of knowledge and 9 of the 10 NTFS partitions that refused > to mount in Windows have mounted so far in FreeBSD (I'm running 8.0). > > The drive is presently connected via USB on a SATA sled. > > I know that there's something to be had on there somewhere: > > [root at server /]# more /dev/da0s1 > /^ASs;D+'M;BuC@<99><9E>N^K<96>#W^T^X-^Z:<87><8D>OIvV^Y^mK^M]"2Xj'j?r^A<99>~o<85><93>
<85>^E|<8C>w}kZv8^Wp8<9D>^U"<9B> > <97>`Iz@^F^C^K^U~JPs^^+#<92>}<81>%oS7^Y<93>/ > /QJ^]^Lt=K+<88>dN1<9A>qY^^Xm/ > / > / > Any help would be GREATLY appreciated. I'd like to recover all the > family history files and photos that [corporate conglomerate redacted] > could not do. > > Thanks a million! > > -- > Ryan > > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 302 bytes Desc: OpenPGP digital signature Url : http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/01353d71/attachment.pgp From sloncho at gmail.com Tue Apr 13 10:03:35 2010 From: sloncho at gmail.com (Sunny) Date: Tue, 13 Apr 2010 10:03:35 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> Message-ID: On Tue, Apr 13, 2010 at 9:49 AM, Ryan Coleman wrote: > I have a drive given to me by a family member who needs data recovered. It > was running Windows XP Professional and was his work hard drive before > retirement. > I was given leads to using ddrescue and dd but frankly that is outside of my > realm of knowledge and 9 of the 10 ?NTFS partitions that refused to mount in > Windows have mounted so far in FreeBSD (I'm running 8.0). > The drive is presently connected via USB on a SATA sled. > I know that there's something to be had on there somewhere: I would strongly advise to first make an image (dd or ddrescue), and work on the image, that way you are protected if some tool you try to use overwrites important data, and make things worse. -- Svetoslav Milenov (Sunny) Artificial Intelligence is no match for natural stupidity. From justin.kremer at gmail.com Tue Apr 13 10:20:08 2010 From: justin.kremer at gmail.com (Justin Kremer) Date: Tue, 13 Apr 2010 10:20:08 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> Message-ID: Just a couple comments from a couple similar experiences I had... The first is to figure out the mode of failure of the drive. Is it from a laptop that was dropped during use? Is it a drive that is having sectors go bad? Did someone do something silly and start writing zeros to the wrong device? (not that I've ever done that...) Different modes of failure may require different tactics, and can also have very different results. On Tue, Apr 13, 2010 at 9:49 AM, Ryan Coleman wrote: > I was given leads to using ddrescue and dd but frankly that is outside of my > realm of knowledge and 9 of the 10 ?NTFS partitions that refused to mount in > Windows have mounted so far in FreeBSD (I'm running 8.0). ddrescue might be VERY useful in this situation. If you're not familiar, it is basically dd, but it is forced to keep reading (and writing) on when it encounters bad blocks. Some of the files will end up corrupt in the disk image you create, but if you are fortunate, the lion's share will be there. You just want to start with the failed drive readable to you, and with a location you can write the output file to with more space available than the size of the partition you are trying to recover. Both dd and ddrescue use similar syntax. As I recall there is a slight difference, but starting with the basics, you should be able to figure out the rest... I think the command I used was: dd if=(path of the device name for the partition to be recovered) of=(path of the file name to create from the partition) Certain other flags may be necessary, and ddrescue may be the preferable command. The less times you have to try the better. If the drive's condition is getting worse with use, you want to use it less if possible! I would expect it to take a LONG time. Once the process is complete, you can try to mount the output file as a loopback filesystem. (under Linux, I believe the flag is "-o loop") If you're able to mount it, you should be able to copy any important files off of it and then weed out what is intact and what is corrupt without dealing with i/o errors in the middle of trying to copy a batch of files. > The drive is presently connected via USB on a SATA sled. > I know that there's something to be had on there somewhere: Personally, I would try to use the most direct connection possible. SATA direct to the motherboard first. Maybe it's just my dislike for middlemen... - Justin From jima at beer.tclug.org Tue Apr 13 10:32:15 2010 From: jima at beer.tclug.org (Jima) Date: Tue, 13 Apr 2010 10:32:15 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> Message-ID: <4BC48E7F.2050107@beer.tclug.org> On 04/13/2010 09:39 AM, Curtis Griesel wrote: > Why not authenticate via LDAP or some other directory server, then let > the user manage their LDAP account via a web interface? > > You can also manage web user accounts with a simple database -- that is > what most CMS systems do (Wordpress, Drupal, etc.). But LDAP is more > robust. > > Using system accounts to manage web users sounds like making things more > difficult than they need to be. If you want to provide a web front-end > to your server, why not use a web-friendly account management tool like > LDAP? Reading this thread, my mind kept drifting to the same idea. If you only want the users accessing web/FTP services, there's probably a better authentication backend to use than the system-wide one. There are plenty of implementations: LDAP (as mentioned), various SQL-backed options (pam_mysql/nss_mysql come to mind), RADIUS (seems like overkill, but hey), SMB (eww?), Kerberos (overkill?). Creating system users you don't otherwise need seems like the wrong way to go about this, particularly if you're concerned about security. I myself have a rather advanced authentication framework based on MySQL. Couldn't be happier with it. Jima From erikerik at gmail.com Tue Apr 13 10:34:49 2010 From: erikerik at gmail.com (Erik Anderson) Date: Tue, 13 Apr 2010 10:34:49 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> Message-ID: On Tue, Apr 13, 2010 at 8:36 AM, Robert Nesius wrote: > > Why not just set their shell to a stub-shell that only allows them to > run the passwd command, or allows them to log out? I was just going to recommend this as well. Look into Restricted shell (rsh). I've used it in the past for this sort of thing, and it worked well. -Erik From ryanjcole at me.com Tue Apr 13 10:34:57 2010 From: ryanjcole at me.com (Ryan Coleman) Date: Tue, 13 Apr 2010 10:34:57 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> Message-ID: I trust that it was not dropped - the device does not make any abnormal noises that would lead me to believe that is the case. It spins up normally... I have the image made ... [root at server /mount/archive/da-harddrive]# ls -la total 78188872 -rw-r--r-- 1 ryan wheel 80026361856 Apr 13 03:46 80gb.drive -rw-r--r-- 1 ryan wheel 425 Apr 13 03:46 80gb.log When I try to mount that with mount_ntfs I get the following (expected) error: mount_ntfs: /mount/archive/da-harddrive/80gb.drive: Block device required Is there a way to fake the Block device? I also tried just now to mount the physical partition with the fusefs NTFS port and got the following response: [root at server /mount/archive/da-harddrive]# ntfs-3g /dev/da0 /mount/drive1 NTFS signature is missing. Failed to mount '/dev/da0': Invalid argument The device '/dev/da0' doesn't seem to have a valid NTFS. Maybe the wrong device is used? Or the whole disk instead of a partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around? I'm still planning on testing out TestDisk. On Apr 13, 2010, at 10:20 AM, Justin Kremer wrote: > Just a couple comments from a couple similar experiences I had... > The first is to figure out the mode of failure of the drive. > Is it from a laptop that was dropped during use? Is it a drive that > is having sectors go bad? Did someone do something silly and start > writing zeros to the wrong device? (not that I've ever done that...) > Different modes of failure may require different tactics, and can also > have very different results. > > On Tue, Apr 13, 2010 at 9:49 AM, Ryan Coleman wrote: >> I was given leads to using ddrescue and dd but frankly that is outside of my >> realm of knowledge and 9 of the 10 NTFS partitions that refused to mount in >> Windows have mounted so far in FreeBSD (I'm running 8.0). > > ddrescue might be VERY useful in this situation. If you're not > familiar, it is basically dd, but it is forced to keep reading (and > writing) on when it encounters bad blocks. Some of the files will end > up corrupt in the disk image you create, but if you are fortunate, the > lion's share will be there. > You just want to start with the failed drive readable to you, and with > a location you can write the output file to with more space available > than the size of the partition you are trying to recover. > Both dd and ddrescue use similar syntax. As I recall there is a > slight difference, but starting with the basics, you should be able to > figure out the rest... > I think the command I used was: dd if=(path of the device name for the > partition to be recovered) of=(path of the file name to create from > the partition) > Certain other flags may be necessary, and ddrescue may be the > preferable command. The less times you have to try the better. If > the drive's condition is getting worse with use, you want to use it > less if possible! > I would expect it to take a LONG time. > Once the process is complete, you can try to mount the output file as > a loopback filesystem. (under Linux, I believe the flag is "-o loop") > If you're able to mount it, you should be able to copy any important > files off of it and then weed out what is intact and what is corrupt > without dealing with i/o errors in the middle of trying to copy a > batch of files. > >> The drive is presently connected via USB on a SATA sled. >> I know that there's something to be had on there somewhere: > > Personally, I would try to use the most direct connection possible. > SATA direct to the motherboard first. Maybe it's just my dislike for > middlemen... > - Justin > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/391642c4/attachment.htm From andyzib at gmail.com Tue Apr 13 10:18:57 2010 From: andyzib at gmail.com (Andrew S. Zbikowski) Date: Tue, 13 Apr 2010 10:18:57 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> Message-ID: You didn't mention what happens when you try to access the drive from Windows. Is Windows unable to see the drive? If the drive is showing signs of bad sectors a tool such as SpinRite ( www.grc.com) may be able to recover the data on those sectors and move it to a good sector. Costs you some money, but you don't have to learn how to use the tool, just run it and let it do it's work. ddrescue appears to attempt a similar operation, but instead of trying to recover data and remap bad sectors is just copies the data from one drive to another. Not a bad idea in case your attempts at data recovery make the situation worse. -- Andrew S. Zbikowski | http://andy.zibnet.us IT Outhouse Blog Thing | http://www.itouthouse.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/9aef90d9/attachment.htm From justin.kremer at gmail.com Tue Apr 13 10:48:38 2010 From: justin.kremer at gmail.com (Justin Kremer) Date: Tue, 13 Apr 2010 10:48:38 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> Message-ID: On Tue, Apr 13, 2010 at 10:34 AM, Ryan Coleman wrote: > When I try to mount that with mount_ntfs I get the following (expected) > error: > mount_ntfs: /mount/archive/da-harddrive/80gb.drive: Block device required > Is there a way to fake the Block device? That's the purpose of the loopback flag I mentioned. - Justin From sloncho at gmail.com Tue Apr 13 10:48:26 2010 From: sloncho at gmail.com (Sunny) Date: Tue, 13 Apr 2010 10:48:26 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> Message-ID: On Tue, Apr 13, 2010 at 10:34 AM, Ryan Coleman wrote: > I trust that it was not dropped ?- the device does not make any abnormal > noises that would lead me to believe that is the case. It spins up > normally... > I have the image made ... Did you make an image of the partition, or the disk itself? > [root at server /mount/archive/da-harddrive]# ls -la > total 78188872 > -rw-r--r-- ? 1 ryan ?wheel ?80026361856 Apr 13 03:46 80gb.drive > -rw-r--r-- ? 1 ryan ?wheel ? ? ? ? ?425 Apr 13 03:46 80gb.log > When I try to mount that with mount_ntfs I get the following (expected) > error: > mount_ntfs: /mount/archive/da-harddrive/80gb.drive: Block device required > Is there a way to fake the Block device? I also tried just now to mount the If your image is of the partition, did you used -o loop as mounting option? > physical partition with the fusefs NTFS port and got the following response: > [root at server /mount/archive/da-harddrive]# ntfs-3g ?/dev/da0 /mount/drive1 > NTFS signature is missing. > Failed to mount '/dev/da0': Invalid argument > The device '/dev/da0' doesn't seem to have a valid NTFS. > Maybe the wrong device is used? Or the whole disk instead of a > partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around? > I'm still planning on testing out TestDisk. > On Apr 13, 2010, at 10:20 AM, Justin Kremer wrote: > > Just a couple comments from a couple similar experiences I had... > The first is to figure out the mode of failure of the drive. > Is it from a laptop that was dropped during use? ?Is it a drive that > is having sectors go bad? ?Did someone do something silly and start > writing zeros to the wrong device? ?(not that I've ever done that...) > Different modes of failure may require different tactics, and can also > have very different results. > > On Tue, Apr 13, 2010 at 9:49 AM, Ryan Coleman wrote: > > I was given leads to using ddrescue and dd but frankly that is outside of my > > realm of knowledge and 9 of the 10 ?NTFS partitions that refused to mount in > > Windows have mounted so far in FreeBSD (I'm running 8.0). > > ddrescue might be VERY useful in this situation. ?If you're not > familiar, it is basically dd, but it is forced to keep reading (and > writing) on when it encounters bad blocks. ?Some of the files will end > up corrupt in the disk image you create, but if you are fortunate, the > lion's share will be there. > You just want to start with the failed drive readable to you, and with > a location you can write the output file to with more space available > than the size of the partition you are trying to recover. > Both dd and ddrescue use similar syntax. ?As I recall there is a > slight difference, but starting with the basics, you should be able to > figure out the rest... > I think the command I used was: dd if=(path of the device name for the > partition to be recovered) of=(path of the file name to create from > the partition) > Certain other flags may be necessary, and ddrescue may be the > preferable command. ?The less times you have to try the better. ?If > the drive's condition is getting worse with use, you want to use it > less if possible! > I would expect it to take a LONG time. > Once the process is complete, you can try to mount the output file as > a loopback filesystem. ?(under Linux, I believe the flag is "-o loop") > If you're able to mount it, you should be able to copy any important > files off of it and then weed out what is intact and what is corrupt > without dealing with i/o errors in the middle of trying to copy a > batch of files. > > The drive is presently connected via USB on a SATA sled. > > I know that there's something to be had on there somewhere: > > Personally, I would try to use the most direct connection possible. > SATA direct to the motherboard first. ?Maybe it's just my dislike for > middlemen... > - Justin > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > -- Svetoslav Milenov (Sunny) Artificial Intelligence is no match for natural stupidity. From ryanjcole at me.com Tue Apr 13 10:58:25 2010 From: ryanjcole at me.com (Ryan Coleman) Date: Tue, 13 Apr 2010 10:58:25 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> Message-ID: <9972AC17-26C2-45A1-AEC5-E90BC1EEDFF8@me.com> Justin, I tried it and this is what I get: [root at server /]# mount_ntfs -o loop /mount/archive/da-harddrive/80gb.drive /mount/drive1 mount_ntfs: -o loop: option not supported On Apr 13, 2010, at 10:48 AM, Justin Kremer wrote: > On Tue, Apr 13, 2010 at 10:34 AM, Ryan Coleman wrote: >> When I try to mount that with mount_ntfs I get the following (expected) >> error: >> mount_ntfs: /mount/archive/da-harddrive/80gb.drive: Block device required >> Is there a way to fake the Block device? > > That's the purpose of the loopback flag I mentioned. > - Justin > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/de525dfa/attachment.htm From ryanjcole at me.com Tue Apr 13 11:00:09 2010 From: ryanjcole at me.com (Ryan Coleman) Date: Tue, 13 Apr 2010 11:00:09 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> Message-ID: <6A4D2336-CF94-43D4-9C84-5545846B0105@me.com> The entire disk; Should I re-try the ddrescue with the slice only? As I just sent to the list: [root at server /]# mount_ntfs -o loop /mount/archive/da-harddrive/80gb.drive /mount/drive1 mount_ntfs: -o loop: option not supported On Apr 13, 2010, at 10:48 AM, Sunny wrote: > On Tue, Apr 13, 2010 at 10:34 AM, Ryan Coleman wrote: >> I trust that it was not dropped - the device does not make any abnormal >> noises that would lead me to believe that is the case. It spins up >> normally... >> I have the image made ... > > Did you make an image of the partition, or the disk itself? > >> [root at server /mount/archive/da-harddrive]# ls -la >> total 78188872 >> -rw-r--r-- 1 ryan wheel 80026361856 Apr 13 03:46 80gb.drive >> -rw-r--r-- 1 ryan wheel 425 Apr 13 03:46 80gb.log >> When I try to mount that with mount_ntfs I get the following (expected) >> error: >> mount_ntfs: /mount/archive/da-harddrive/80gb.drive: Block device required >> Is there a way to fake the Block device? I also tried just now to mount the > > If your image is of the partition, did you used -o loop as mounting option? > >> physical partition with the fusefs NTFS port and got the following response: >> [root at server /mount/archive/da-harddrive]# ntfs-3g /dev/da0 /mount/drive1 >> NTFS signature is missing. >> Failed to mount '/dev/da0': Invalid argument >> The device '/dev/da0' doesn't seem to have a valid NTFS. >> Maybe the wrong device is used? Or the whole disk instead of a >> partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around? >> I'm still planning on testing out TestDisk. >> On Apr 13, 2010, at 10:20 AM, Justin Kremer wrote: >> >> Just a couple comments from a couple similar experiences I had... >> The first is to figure out the mode of failure of the drive. >> Is it from a laptop that was dropped during use? Is it a drive that >> is having sectors go bad? Did someone do something silly and start >> writing zeros to the wrong device? (not that I've ever done that...) >> Different modes of failure may require different tactics, and can also >> have very different results. >> >> On Tue, Apr 13, 2010 at 9:49 AM, Ryan Coleman wrote: >> >> I was given leads to using ddrescue and dd but frankly that is outside of my >> >> realm of knowledge and 9 of the 10 NTFS partitions that refused to mount in >> >> Windows have mounted so far in FreeBSD (I'm running 8.0). >> >> ddrescue might be VERY useful in this situation. If you're not >> familiar, it is basically dd, but it is forced to keep reading (and >> writing) on when it encounters bad blocks. Some of the files will end >> up corrupt in the disk image you create, but if you are fortunate, the >> lion's share will be there. >> You just want to start with the failed drive readable to you, and with >> a location you can write the output file to with more space available >> than the size of the partition you are trying to recover. >> Both dd and ddrescue use similar syntax. As I recall there is a >> slight difference, but starting with the basics, you should be able to >> figure out the rest... >> I think the command I used was: dd if=(path of the device name for the >> partition to be recovered) of=(path of the file name to create from >> the partition) >> Certain other flags may be necessary, and ddrescue may be the >> preferable command. The less times you have to try the better. If >> the drive's condition is getting worse with use, you want to use it >> less if possible! >> I would expect it to take a LONG time. >> Once the process is complete, you can try to mount the output file as >> a loopback filesystem. (under Linux, I believe the flag is "-o loop") >> If you're able to mount it, you should be able to copy any important >> files off of it and then weed out what is intact and what is corrupt >> without dealing with i/o errors in the middle of trying to copy a >> batch of files. >> >> The drive is presently connected via USB on a SATA sled. >> >> I know that there's something to be had on there somewhere: >> >> Personally, I would try to use the most direct connection possible. >> SATA direct to the motherboard first. Maybe it's just my dislike for >> middlemen... >> - Justin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/bbe73526/attachment.htm From popps at primeventures.us Tue Apr 13 10:47:51 2010 From: popps at primeventures.us (don) Date: Tue, 13 Apr 2010 10:47:51 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: Message-ID: Sounds crazy but I had luck with sticking the drive in the freezer for 24 hours and then mounting it. -----Original Message----- From: tclug-list-bounces at mn-linux.org [mailto:tclug-list-bounces at mn-linux.org]On Behalf Of Ryan Coleman Sent: Tuesday, April 13, 2010 10:35 AM To: TCLUG Mailing List Subject: Re: [tclug-list] Mounting a bad NTFS partition I trust that it was not dropped - the device does not make any abnormal noises that would lead me to believe that is the case. It spins up normally... I have the image made ... [root at server /mount/archive/da-harddrive]# ls -la total 78188872 -rw-r--r-- 1 ryan wheel 80026361856 Apr 13 03:46 80gb.drive -rw-r--r-- 1 ryan wheel 425 Apr 13 03:46 80gb.log When I try to mount that with mount_ntfs I get the following (expected) error: mount_ntfs: /mount/archive/da-harddrive/80gb.drive: Block device required Is there a way to fake the Block device? I also tried just now to mount the physical partition with the fusefs NTFS port and got the following response: [root at server /mount/archive/da-harddrive]# ntfs-3g /dev/da0 /mount/drive1 NTFS signature is missing. Failed to mount '/dev/da0': Invalid argument The device '/dev/da0' doesn't seem to have a valid NTFS. Maybe the wrong device is used? Or the whole disk instead of a partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around? I'm still planning on testing out TestDisk. On Apr 13, 2010, at 10:20 AM, Justin Kremer wrote: Just a couple comments from a couple similar experiences I had... The first is to figure out the mode of failure of the drive. Is it from a laptop that was dropped during use? Is it a drive that is having sectors go bad? Did someone do something silly and start writing zeros to the wrong device? (not that I've ever done that...) Different modes of failure may require different tactics, and can also have very different results. On Tue, Apr 13, 2010 at 9:49 AM, Ryan Coleman wrote: I was given leads to using ddrescue and dd but frankly that is outside of my realm of knowledge and 9 of the 10 NTFS partitions that refused to mount in Windows have mounted so far in FreeBSD (I'm running 8.0). ddrescue might be VERY useful in this situation. If you're not familiar, it is basically dd, but it is forced to keep reading (and writing) on when it encounters bad blocks. Some of the files will end up corrupt in the disk image you create, but if you are fortunate, the lion's share will be there. You just want to start with the failed drive readable to you, and with a location you can write the output file to with more space available than the size of the partition you are trying to recover. Both dd and ddrescue use similar syntax. As I recall there is a slight difference, but starting with the basics, you should be able to figure out the rest... I think the command I used was: dd if=(path of the device name for the partition to be recovered) of=(path of the file name to create from the partition) Certain other flags may be necessary, and ddrescue may be the preferable command. The less times you have to try the better. If the drive's condition is getting worse with use, you want to use it less if possible! I would expect it to take a LONG time. Once the process is complete, you can try to mount the output file as a loopback filesystem. (under Linux, I believe the flag is "-o loop") If you're able to mount it, you should be able to copy any important files off of it and then weed out what is intact and what is corrupt without dealing with i/o errors in the middle of trying to copy a batch of files. The drive is presently connected via USB on a SATA sled. I know that there's something to be had on there somewhere: Personally, I would try to use the most direct connection possible. SATA direct to the motherboard first. Maybe it's just my dislike for middlemen... - Justin _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota tclug-list at mn-linux.org http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/51f8f949/attachment-0001.htm From ryanjcole at me.com Tue Apr 13 11:01:17 2010 From: ryanjcole at me.com (Ryan Coleman) Date: Tue, 13 Apr 2010 11:01:17 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> Message-ID: <05D40388-D81C-4FD5-BC05-872851FCE102@me.com> Windows bombs it saying the disk is unreadable (I believe that was the error); I tried it on my girlfriends Vaio (vista) and her custom desktop (XP Pro) -- I no longer have a Windows desktop as I've had to repurpose it for my FreeBSD 8 server. On Apr 13, 2010, at 10:18 AM, Andrew S. Zbikowski wrote: > You didn't mention what happens when you try to access the drive from Windows. Is Windows unable to see the drive? > > If the drive is showing signs of bad sectors a tool such as SpinRite (www.grc.com) may be able to recover the data on those sectors and move it to a good sector. Costs you some money, but you don't have to learn how to use the tool, just run it and let it do it's work. > > ddrescue appears to attempt a similar operation, but instead of trying to recover data and remap bad sectors is just copies the data from one drive to another. Not a bad idea in case your attempts at data recovery make the situation worse. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/b96b9461/attachment.htm From ryanjcole at me.com Tue Apr 13 11:05:14 2010 From: ryanjcole at me.com (Ryan Coleman) Date: Tue, 13 Apr 2010 11:05:14 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: References: Message-ID: <5DE97FEE-C0F4-4FBD-A33D-AC7F13CBE55F@me.com> As have I when there's a clicking... but this doesn't apply in this case. And that's only worked twice in about 50 tries :-( On Apr 13, 2010, at 10:47 AM, don wrote: > Sounds crazy but I had luck with sticking the drive in the freezer for 24 hours and then mounting it. > -----Original Message----- > From: tclug-list-bounces at mn-linux.org [mailto:tclug-list-bounces at mn-linux.org]On Behalf Of Ryan Coleman > Sent: Tuesday, April 13, 2010 10:35 AM > To: TCLUG Mailing List > Subject: Re: [tclug-list] Mounting a bad NTFS partition > > I trust that it was not dropped - the device does not make any abnormal noises that would lead me to believe that is the case. It spins up normally... > > I have the image made ... > [root at server /mount/archive/da-harddrive]# ls -la > total 78188872 > -rw-r--r-- 1 ryan wheel 80026361856 Apr 13 03:46 80gb.drive > -rw-r--r-- 1 ryan wheel 425 Apr 13 03:46 80gb.log > > When I try to mount that with mount_ntfs I get the following (expected) error: > mount_ntfs: /mount/archive/da-harddrive/80gb.drive: Block device required > > Is there a way to fake the Block device? I also tried just now to mount the physical partition with the fusefs NTFS port and got the following response: > [root at server /mount/archive/da-harddrive]# ntfs-3g /dev/da0 /mount/drive1 > NTFS signature is missing. > Failed to mount '/dev/da0': Invalid argument > The device '/dev/da0' doesn't seem to have a valid NTFS. > Maybe the wrong device is used? Or the whole disk instead of a > partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around? > > I'm still planning on testing out TestDisk. > > On Apr 13, 2010, at 10:20 AM, Justin Kremer wrote: > >> Just a couple comments from a couple similar experiences I had... >> The first is to figure out the mode of failure of the drive. >> Is it from a laptop that was dropped during use? Is it a drive that >> is having sectors go bad? Did someone do something silly and start >> writing zeros to the wrong device? (not that I've ever done that...) >> Different modes of failure may require different tactics, and can also >> have very different results. >> >> On Tue, Apr 13, 2010 at 9:49 AM, Ryan Coleman wrote: >>> I was given leads to using ddrescue and dd but frankly that is outside of my >>> realm of knowledge and 9 of the 10 NTFS partitions that refused to mount in >>> Windows have mounted so far in FreeBSD (I'm running 8.0). >> >> ddrescue might be VERY useful in this situation. If you're not >> familiar, it is basically dd, but it is forced to keep reading (and >> writing) on when it encounters bad blocks. Some of the files will end >> up corrupt in the disk image you create, but if you are fortunate, the >> lion's share will be there. >> You just want to start with the failed drive readable to you, and with >> a location you can write the output file to with more space available >> than the size of the partition you are trying to recover. >> Both dd and ddrescue use similar syntax. As I recall there is a >> slight difference, but starting with the basics, you should be able to >> figure out the rest... >> I think the command I used was: dd if=(path of the device name for the >> partition to be recovered) of=(path of the file name to create from >> the partition) >> Certain other flags may be necessary, and ddrescue may be the >> preferable command. The less times you have to try the better. If >> the drive's condition is getting worse with use, you want to use it >> less if possible! >> I would expect it to take a LONG time. >> Once the process is complete, you can try to mount the output file as >> a loopback filesystem. (under Linux, I believe the flag is "-o loop") >> If you're able to mount it, you should be able to copy any important >> files off of it and then weed out what is intact and what is corrupt >> without dealing with i/o errors in the middle of trying to copy a >> batch of files. >> >>> The drive is presently connected via USB on a SATA sled. >>> I know that there's something to be had on there somewhere: >> >> Personally, I would try to use the most direct connection possible. >> SATA direct to the motherboard first. Maybe it's just my dislike for >> middlemen... >> - Justin >> >> _______________________________________________ >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >> tclug-list at mn-linux.org >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/278b9282/attachment.htm From sloncho at gmail.com Tue Apr 13 11:08:36 2010 From: sloncho at gmail.com (Sunny) Date: Tue, 13 Apr 2010 11:08:36 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: <6A4D2336-CF94-43D4-9C84-5545846B0105@me.com> References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> <6A4D2336-CF94-43D4-9C84-5545846B0105@me.com> Message-ID: On Tue, Apr 13, 2010 at 11:00 AM, Ryan Coleman wrote: > The entire disk; Should I re-try the ddrescue with the slice only? Does it has valid partition table? What's the output of fdisk -l /dev/xxx, where xxx is sdx/hdx? If t has valid partition table, yes, dd only the partition, not the entire drive. If there's no valid partition table, then you need to run testdisk on the image to try to recover the partition first. Sunny From ryanjcole at me.com Tue Apr 13 11:13:48 2010 From: ryanjcole at me.com (Ryan Coleman) Date: Tue, 13 Apr 2010 11:13:48 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> <6A4D2336-CF94-43D4-9C84-5545846B0105@me.com> Message-ID: <7BAD1D23-ABEA-465A-BE15-F025E5CCC6EE@me.com> [root at server /]# fdisk -l /dev/da0 fdisk: illegal option -- l usage: fdisk [-BIaipqstu] [-b bootcode] [-1234] [disk] fdisk -f configfile [-itv] [disk] I posted this earlier: [root at server /]# fdisk /dev/da0 ******* Working on device /dev/da0 ******* parameters extracted from in-core disklabel are: cylinders=9729 heads=255 sectors/track=63 (16065 blks/cyl) Figures below won't work with BIOS for partitions not in cyl 1 parameters to be used for BIOS calculations are: cylinders=9729 heads=255 sectors/track=63 (16065 blks/cyl) Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: sysid 7 (0x07),(NTFS, OS/2 HPFS, QNX-2 (16 bit) or Advanced UNIX) start 63, size 156295377 (76316 Meg), flag 0 beg: cyl 0/ head 1/ sector 1; end: cyl 1023/ head 239/ sector 63 The data for partition 2 is: The data for partition 3 is: The data for partition 4 is: -- Ryan On Apr 13, 2010, at 11:08 AM, Sunny wrote: > On Tue, Apr 13, 2010 at 11:00 AM, Ryan Coleman wrote: >> The entire disk; Should I re-try the ddrescue with the slice only? > > Does it has valid partition table? What's the output of fdisk -l > /dev/xxx, where xxx is sdx/hdx? > > If t has valid partition table, yes, dd only the partition, not the > entire drive. If there's no valid partition table, then you need to > run testdisk on the image to try to recover the partition first. > > Sunny > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/f04785ba/attachment.htm From florin at iucha.net Tue Apr 13 11:50:14 2010 From: florin at iucha.net (Florin Iucha) Date: Tue, 13 Apr 2010 11:50:14 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: <6A4D2336-CF94-43D4-9C84-5545846B0105@me.com> References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> <6A4D2336-CF94-43D4-9C84-5545846B0105@me.com> Message-ID: <20100413165014.GE5455@iris.iucha.org> On Tue, Apr 13, 2010 at 11:00:09AM -0500, Ryan Coleman wrote: > The entire disk; Should I re-try the ddrescue with the slice only? > > As I just sent to the list: > [root at server /]# mount_ntfs -o loop /mount/archive/da-harddrive/80gb.drive /mount/drive1 > mount_ntfs: -o loop: option not supported Apologies for stating the obvious, but this is the TCLUG: the options and flags you were provided are appropriate for Linux - you did not state explicitly, but I suspect you are running them on a FreeBSD host, which would explain the results being less than satisfactory. Cheers, florin -- Bruce Schneier expects the Spanish Inquisition. http://geekz.co.uk/schneierfacts/fact/163 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100413/000cfa49/attachment-0001.pgp From ryanjcole at me.com Tue Apr 13 11:58:28 2010 From: ryanjcole at me.com (Ryan Coleman) Date: Tue, 13 Apr 2010 11:58:28 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: <20100413165014.GE5455@iris.iucha.org> References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> <6A4D2336-CF94-43D4-9C84-5545846B0105@me.com> <20100413165014.GE5455@iris.iucha.org> Message-ID: <2E1F59A3-5FA2-4881-954B-9B82EA38CE6F@me.com> I did stated I was using FreeBSD on at least two occasions. On Apr 13, 2010, at 11:50 AM, Florin Iucha wrote: > On Tue, Apr 13, 2010 at 11:00:09AM -0500, Ryan Coleman wrote: >> The entire disk; Should I re-try the ddrescue with the slice only? >> >> As I just sent to the list: >> [root at server /]# mount_ntfs -o loop /mount/archive/da-harddrive/80gb.drive /mount/drive1 >> mount_ntfs: -o loop: option not supported > > Apologies for stating the obvious, but this is the TCLUG: the > options and flags you were provided are appropriate for Linux - you > did not state explicitly, but I suspect you are running them on a > FreeBSD host, which would explain the results being less than > satisfactory. > > Cheers, > florin > > -- > Bruce Schneier expects the Spanish Inquisition. > http://geekz.co.uk/schneierfacts/fact/163 > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list From justin.kremer at gmail.com Tue Apr 13 11:58:06 2010 From: justin.kremer at gmail.com (Justin Kremer) Date: Tue, 13 Apr 2010 11:58:06 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: <20100413165014.GE5455@iris.iucha.org> References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> <6A4D2336-CF94-43D4-9C84-5545846B0105@me.com> <20100413165014.GE5455@iris.iucha.org> Message-ID: On Tue, Apr 13, 2010 at 11:50 AM, Florin Iucha wrote: > On Tue, Apr 13, 2010 at 11:00:09AM -0500, Ryan Coleman wrote: >> The entire disk; Should I re-try the ddrescue with the slice only? >> >> As I just sent to the list: >> [root at server /]# mount_ntfs -o loop /mount/archive/da-harddrive/80gb.drive /mount/drive1 >> mount_ntfs: -o loop: option not supported > > Apologies for stating the obvious, but this is the TCLUG: ?the > options and flags you were provided are appropriate for Linux - you > did not state explicitly, but I suspect you are running them on a > FreeBSD host, which would explain the results being less than > satisfactory. I was coming to the same conclusion. Might I suggest downloading the latest Backtrack Linux iso and booting from that? It comes with most of the tools you could possibly want preinstalled. http://www.backtrack-linux.org/ - Justin From ryanjcole at me.com Tue Apr 13 12:03:35 2010 From: ryanjcole at me.com (Ryan Coleman) Date: Tue, 13 Apr 2010 12:03:35 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> <6A4D2336-CF94-43D4-9C84-5545846B0105@me.com> <20100413165014.GE5455@iris.iucha.org> Message-ID: <3A5C19E2-36C9-4929-A4B3-67636D6FA509@me.com> Ok, thanks. I will consider it - I just don't have the hardware necc. to do this at the moment without stopping all my work in its tracks... Thank you, everyone! On Apr 13, 2010, at 11:58 AM, Justin Kremer wrote: > On Tue, Apr 13, 2010 at 11:50 AM, Florin Iucha wrote: >> On Tue, Apr 13, 2010 at 11:00:09AM -0500, Ryan Coleman wrote: >>> The entire disk; Should I re-try the ddrescue with the slice only? >>> >>> As I just sent to the list: >>> [root at server /]# mount_ntfs -o loop /mount/archive/da-harddrive/80gb.drive /mount/drive1 >>> mount_ntfs: -o loop: option not supported >> >> Apologies for stating the obvious, but this is the TCLUG: the >> options and flags you were provided are appropriate for Linux - you >> did not state explicitly, but I suspect you are running them on a >> FreeBSD host, which would explain the results being less than >> satisfactory. > > I was coming to the same conclusion. > Might I suggest downloading the latest Backtrack Linux iso and booting > from that? It comes with most of the tools you could possibly want > preinstalled. > http://www.backtrack-linux.org/ > - Justin > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list From justin.kremer at gmail.com Tue Apr 13 12:08:01 2010 From: justin.kremer at gmail.com (Justin Kremer) Date: Tue, 13 Apr 2010 12:08:01 -0500 Subject: [tclug-list] Mounting a bad NTFS partition In-Reply-To: <2E1F59A3-5FA2-4881-954B-9B82EA38CE6F@me.com> References: <55C78FA0-5337-42FC-A12A-683DD3260E29@me.com> <6A4D2336-CF94-43D4-9C84-5545846B0105@me.com> <20100413165014.GE5455@iris.iucha.org> <2E1F59A3-5FA2-4881-954B-9B82EA38CE6F@me.com> Message-ID: On Tue, Apr 13, 2010 at 11:58 AM, Ryan Coleman wrote: > I did stated I was using FreeBSD on at least two occasions. And sometimes the utilities that come with Linux and BSD have the same flags...it would appear that this is not that case. So, you can read the manual to see if you can find the proper option to mount a file as a loopback device using FBSD's mount command, or ask someone who is knowledgeable about that command, or make the attempt with whichever Linux distro you feel like trying today. I have a feeling that it is quite possible to do with BSD, but I can't point you in the right direction for the flags that might work, as that is outside the scope of my knowledge. (along with a whole lot of other things!) - Justin From bgilbertson at rrt.net Tue Apr 13 13:00:55 2010 From: bgilbertson at rrt.net (bgilbertson at rrt.net) Date: Tue, 13 Apr 2010 12:00:55 -0600 Subject: [tclug-list] Need a simple web interface to passwd Message-ID: <4bc4b157.32b.2b87.352328956@rrt.net> I don't quite follow all you are trying to do so perhaps this doesn't apply. For basic file sharing I use the first part of Vincent Danens article here http://blogs.techrepublic.com.com/opensource/?p=229 and set up a separate user for each group that needs to share files. Access with Filezilla on Win, OSX and LInux or use sftp://user at host in konqueror. Each group has a common username and password and can read/write/blow-away files in their shared directory without affecting other groups. They have no shell access, I turn off ssh root login and use a separate account to ssh in for admin. Regards, Bob ----- Original Message Follows ----- From: Andrew Berg To: TCLUG Mailing List Subject: Re: [tclug-list] Need a simple web interface to passwd Date: Tue, 13 Apr 2010 08:03:25 -0500 > On 4/13/2010 7:12 AM, gm5729 wrote: > > You can chroot jail users who have shell access you know > > too so no one can creep back up the tree. Permissions, > > Permissions, Permissions.... > Perhaps I could chroot ssh users to an empty directory, > though somehow I think they may still be able to shoot > themselves in the foot... My main concern with these users > is that they could accidentally do something bad to the > shared directory, and not so much that they would even > have a clue how to mess up the system overall. Also, AFAIK > , it's impossible to get root access without knowing the > credentials of someone who has shell access, even if you > know root's password (assuming of course that root is not > allowed to log into FTP or SSH, which is the case here). > > IPTABLES can go great with port > > knocking which adds another layer of security. > Shorewall (a frontend to iptables) seems to be working > nicely. The policy is a whitelist, letting only the > handful of us in to access a few select ports. A script > kiddie would have to hijack one of my users' machines to > even have a hope of trying to compromise an account. If > it's possible, I'd like to restrict logins to each > specific account so that each user couldn't log in as > another, even though both users are allowed to use the > > system. LONG LONG > > Passphrases. If someone wants to ssh into my box. They > > won't get away with at least a minimum 30 charc > passphrase or more! Unfortunately, there are easier ways > for someone to compromise one of my users' accounts than > brute force. Stupid FTP clients don't protect their site > > managers... I don't follow > > you must change them 30 days, but they do need to be > > changed quickly if a person is pink slipped or > > transfers. > If someone gets kicked out, their account is gone. I don't > need to recycle accounts. > > Couple more ideas. Skype is secure by it's design. Even > > it's creators can't snoop on a P2P or conference call. > > Pidgin has OTR and GPG/RSA encryption available. Files > > transfers can be done there. > We're dealing with very large files shared by multiple > people who are not going to schedule a meeting to transfer > > files. If I were "renting" a box I wouldn't > > entrust any business secrets on it unless you are > > running GPG, scrypt, or bcrypt. > I trust the host enough not to go snooping around. Not > that we keep anything really sensitive on the box anyway. > > I have issues with Truecrypt and think it too > > complicated of an encryption application. > I have TrueCrypt on my laptop and I don't find it terribly > complicated. There's too much that can go wrong during > initial set up that can cause a lot of hassle on a box I > > don't have physical access to, though. My password for > > my boxen as root are ~charcs or more. My $user passwds > for my boxen are ~15-20 charcs. I admit I do need a longer > root password, but if I can't remember a 15-character > password, I can't trust my users (who are a lot less > security-conscious than I am) to use a long password /and/ > protect it properly from co-workers and other nosy people. > A 20-character isn't any stronger than a 5-character one > if it's on a post-it note stickied to the monitor. A > brute-force attack is extremely impractical unless an > attacker can bypass the firewall. > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > From mbmiller+l at gmail.com Tue Apr 13 14:03:41 2010 From: mbmiller+l at gmail.com (Mike Miller) Date: Tue, 13 Apr 2010 14:03:41 -0500 (CDT) Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> Message-ID: On Tue, 13 Apr 2010, Erik Anderson wrote: > On Tue, Apr 13, 2010 at 8:36 AM, Robert Nesius wrote: > >> Why not just set their shell to a stub-shell that only allows them to >> run the passwd command, or allows them to log out? > > I was just going to recommend this as well. > > Look into Restricted shell (rsh). I've used it in the past for this > sort of thing, and it worked well. You could have it run the passwd program immediately after the user logs in. Then it exits. That's all it does. I don't know how you'd make a web interface do this. Mike From bahamutzero8825 at gmail.com Tue Apr 13 14:18:47 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Tue, 13 Apr 2010 14:18:47 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> Message-ID: <4BC4C397.9060209@gmail.com> On 4/13/2010 2:03 PM, Mike Miller wrote: > You could have it run the passwd program immediately after the user logs > in. Then it exits. That's all it does. I don't know how you'd make a > web interface do this. Someone suggested allowing ssh access and using /usr/bin/passwd as the default shell off-list and it turns out not having /bin/false in /etc/shells (I thought it was) was the reason users couldn't log in before. I tried setting a test user's shell to /usr/bin/passwd and it does exactly what you describe. The most damage an attacker could do here is change the password of the compromised account. From mbmiller+l at gmail.com Tue Apr 13 15:39:07 2010 From: mbmiller+l at gmail.com (Mike Miller) Date: Tue, 13 Apr 2010 15:39:07 -0500 (CDT) Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: <4BC4C397.9060209@gmail.com> References: <4BC3EBA4.2010108@gmail.com> <4BC4C397.9060209@gmail.com> Message-ID: On Tue, 13 Apr 2010, Andrew Berg wrote: > On 4/13/2010 2:03 PM, Mike Miller wrote: >> You could have it run the passwd program immediately after the user logs >> in. Then it exits. That's all it does. I don't know how you'd make a >> web interface do this. > > Someone suggested allowing ssh access and using /usr/bin/passwd as the > default shell off-list and it turns out not having /bin/false in > /etc/shells (I thought it was) was the reason users couldn't log in > before. I tried setting a test user's shell to /usr/bin/passwd and it > does exactly what you describe. The most damage an attacker could do > here is change the password of the compromised account. That's very cool. Good to know. I remember that there used to be a java applet that would do ssh -- called MindTerm -- but I guess it is proprietary. Is there any free software that could be used for this kind of thing and embedded in a web page? Mike From bahamutzero8825 at gmail.com Tue Apr 13 19:00:19 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Tue, 13 Apr 2010 19:00:19 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> <4BC4C397.9060209@gmail.com> Message-ID: <4BC50593.2020204@gmail.com> On 4/13/2010 3:39 PM, Mike Miller wrote: > That's very cool. Good to know. One caveat is that if the current password is entered wrong (fat fingers or whatever) it exits (closing the client window). I might use a wrapper script to re-execute passwd unless it exits with a status code of 0. Maybe. If I feel like it. From jima at beer.tclug.org Tue Apr 13 20:49:47 2010 From: jima at beer.tclug.org (Jima) Date: Tue, 13 Apr 2010 20:49:47 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> <4BC4C397.9060209@gmail.com> Message-ID: <4BC51F3B.8080204@beer.tclug.org> On 4/13/2010 3:39 PM, Mike Miller wrote: > I remember that there used to be a java applet that would do ssh -- called > MindTerm -- but I guess it is proprietary. Is there any free software > that could be used for this kind of thing and embedded in a web page? There's a web app called Anyterm that initiates the SSH connection from the server side (which neatly circumvents local firewalling). Obviously it's a different beast, but I think it's worth mentioning. (Also: requires SSL to be secure.) Jima From hansone at gmail.com Sat Apr 17 23:04:02 2010 From: hansone at gmail.com (Erik Hanson) Date: Sat, 17 Apr 2010 23:04:02 -0500 Subject: [tclug-list] Bodo Newe Message-ID: http://templosdelrock.es/home.php From ronsmailbox5 at gmail.com Sun Apr 18 13:46:31 2010 From: ronsmailbox5 at gmail.com (r j) Date: Sun, 18 Apr 2010 13:46:31 -0500 Subject: [tclug-list] tclug-list Digest, Vol 64, Issue 15 In-Reply-To: References: Message-ID: Kill the spammer ! Kill the spammer ! Kill the spammer ! Kill the spammer ! Kill the spammer ! On Sun, Apr 18, 2010 at 12:00 PM, wrote: > Send tclug-list mailing list submissions to > tclug-list at mn-linux.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > or, via email, send a message with subject or body 'help' to > tclug-list-request at mn-linux.org > > You can reach the person managing the list at > tclug-list-owner at mn-linux.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tclug-list digest..." > > > Today's Topics: > > 1. Bodo Newe (Erik Hanson) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 17 Apr 2010 23:04:02 -0500 > From: Erik Hanson > Subject: [tclug-list] Bodo Newe > To: tala at cascadevacationrentals.com, > talfred at klinenissan.dealerspace.com, talk at tcphp.org, > webmaster at mn-linux.org, tclug-list at mn-linux.org, > tclug-list-request at mn-linux.org, tcphp at andersonanimation.com > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1 > > http://templosdelrock.es/home.php > > > > ------------------------------ > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > End of tclug-list Digest, Vol 64, Issue 15 > ****************************************** > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100418/fab42187/attachment.htm From erikerik at gmail.com Sun Apr 18 22:37:09 2010 From: erikerik at gmail.com (Erik Anderson) Date: Sun, 18 Apr 2010 22:37:09 -0500 Subject: [tclug-list] tclug-list Digest, Vol 64, Issue 15 In-Reply-To: References: Message-ID: >> Date: Sat, 17 Apr 2010 23:04:02 -0500 >> From: Erik Hanson >> >> http://templosdelrock.es/home.php >> This is interesting - in the last 24 hours, around 5 or 6 of my acquaintences' email accounts have been presumably hacked by what appears to be the same outfit. In each case, the messages sent out had a two-word subject and included a link like the one above. Differing domain names, but always ending in /home.php Does anyone know anything about this? Has anyone else seen a similar up-tick in the last couple of days? I'm guessing that this is just the result of a well-executed phishing campaign, but am not positive. -Erik From johntrammell at gmail.com Mon Apr 19 05:49:15 2010 From: johntrammell at gmail.com (John Trammell) Date: Mon, 19 Apr 2010 05:49:15 -0500 Subject: [tclug-list] tclug-list Digest, Vol 64, Issue 15 In-Reply-To: References: Message-ID: On Sun, Apr 18, 2010 at 10:37 PM, Erik Anderson wrote: > This is interesting - in the last 24 hours, around 5 or 6 of my > acquaintences' email accounts have been presumably hacked by what > appears to be the same outfit. In each case, the messages sent out had > a two-word subject and included a link like the one above. Differing > domain names, but always ending in /home.php > > Does anyone know anything about this? Has anyone else seen a similar > up-tick in the last couple of days? > > I've seen similar messages three friends' accounts (all gmail) in the last week. J -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100419/b5b3e238/attachment.htm From dniesen at gmail.com Mon Apr 19 07:20:51 2010 From: dniesen at gmail.com (Donovan) Date: Mon, 19 Apr 2010 07:20:51 -0500 Subject: [tclug-list] tclug-list Digest, Vol 64, Issue 15 In-Reply-To: References: Message-ID: I saw a rash of customers with Hotmail (MSN.com, live.com and hotmail.com) accounts that were spewing this same crud. On Apr 19, 2010 5:54 AM, "John Trammell" wrote: On Sun, Apr 18, 2010 at 10:37 PM, Erik Anderson wrote: > > This is interesting ... I've seen similar messages three friends' accounts (all gmail) in the last week. J _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota tclug-list at mn-linux.org http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100419/c9697534/attachment.htm From dniesen at gmail.com Mon Apr 19 07:22:19 2010 From: dniesen at gmail.com (Donovan) Date: Mon, 19 Apr 2010 07:22:19 -0500 Subject: [tclug-list] tclug-list Digest, Vol 64, Issue 15 In-Reply-To: References: Message-ID: Sent too fast... that was a few weeks ago. On Apr 19, 2010 7:20 AM, "Donovan" wrote: I saw a rash of customers with Hotmail (MSN.com, live.com and hotmail.com) accounts that were spewing this same crud. > > On Apr 19, 2010 5:54 AM, "John Trammell" wrote: > > On Sun, Apr 18, 2010 at 10:37 PM, Erik Anderson wrote: > > > This is interesting ... > > I've seen similar messages three friends' accounts (all gmail) in the last week. > > J > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minne... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100419/ca37fa0b/attachment.htm From andyzib at gmail.com Mon Apr 19 12:17:01 2010 From: andyzib at gmail.com (Andrew S. Zbikowski) Date: Mon, 19 Apr 2010 12:17:01 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: <4BC51F3B.8080204@beer.tclug.org> References: <4BC3EBA4.2010108@gmail.com> <4BC4C397.9060209@gmail.com> <4BC51F3B.8080204@beer.tclug.org> Message-ID: PHP can establish an SSH2 connection and execute a command, should be fairly trivial to whip up a PHP script with a form to do what you asked in the original email. As PHP would be executing on the server, the SSH connection would be coming from the server. As you would be using SSH directly you wouldn't need to setup anything that would run with root level permissions to change a password. You would still want to setup an SSL connection so the username, current password, and new password don't go over the wire in the clear. You can obtain free SSL certs that your browser won't throw warnings about from StartSSL (http://www.startssl.com). On Tue, Apr 13, 2010 at 8:49 PM, Jima wrote: > > There's a web app called Anyterm that initiates the SSH connection > from the server side (which neatly circumvents local firewalling). > Obviously it's a different beast, but I think it's worth mentioning. > (Also: requires SSL to be secure.) > > Jima > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > -- Andrew S. Zbikowski | http://andy.zibnet.us IT Outhouse Blog Thing | http://www.itouthouse.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100419/d9587076/attachment.htm From bahamutzero8825 at gmail.com Tue Apr 20 04:28:23 2010 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Tue, 20 Apr 2010 04:28:23 -0500 Subject: [tclug-list] Need a simple web interface to passwd In-Reply-To: References: <4BC3EBA4.2010108@gmail.com> <4BC4C397.9060209@gmail.com> <4BC51F3B.8080204@beer.tclug.org> Message-ID: <4BCD73B7.6070401@gmail.com> On 4/19/2010 12:17 PM, Andrew S. Zbikowski wrote: > PHP can establish an SSH2 connection and execute a command, should be > fairly trivial to whip up a PHP script with a form to do what you > asked in the original email. Probably, but I don't know any PHP. Letting them login via SSH and setting their shells to /usr/bin/passwd works. It's not as user-friendly as a webpage form, but since this problem isn't big enough to warrant spending the time to learn PHP, it will do. From SDALAN04 at smumn.edu Tue Apr 20 18:10:41 2010 From: SDALAN04 at smumn.edu (SDALAN04 at smumn.edu) Date: Tue, 20 Apr 2010 18:10:41 -0500 Subject: [tclug-list] Sun Machines Message-ID: <201004202310411549f79d0c@mail.smumn.edu> Hey Jima- If I recall at one point you were a big fan of Sun machines not sure if you ever got into Solaris? Anyhow, do you know where I can get a decent Sun machine using the sparc Arch? Thanks. "Great Spirits Have Always Encountered Violent Opposition From Mediocre Minds" - Einstein "Cuanta estupidez en tan poco cerebro!" From kjh at flyballdogs.com Tue Apr 20 18:31:02 2010 From: kjh at flyballdogs.com (Kathryn Hogg) Date: Tue, 20 Apr 2010 18:31:02 -0500 Subject: [tclug-list] Sun Machines In-Reply-To: <201004202310411549f79d0c@mail.smumn.edu> References: <201004202310411549f79d0c@mail.smumn.edu> Message-ID: <653725bdb892b7a38ed1ad480051e574.squirrel@flyballdogs.com> SDALAN04 at smumn.edu wrote: > If I recall at one point you were a big fan of Sun machines not sure if > you ever got into Solaris? > > Anyhow, do you know where I can get a decent Sun machine using the sparc > Arch? From wendigo at clancf.net Tue Apr 20 20:40:35 2010 From: wendigo at clancf.net (wendigo at clancf.net) Date: Tue, 20 Apr 2010 20:40:35 -0500 Subject: [tclug-list] Sun Machines References: <201004202310411549f79d0c@mail.smumn.edu> <653725bdb892b7a38ed1ad480051e574.squirrel@flyballdogs.com> Message-ID: <001801cae0f3$ac7b0aa0$6501a8c0@COMPUTER2010> I got a SunFire V100 off ebay a few weeks back for $80 with shipping. Works pretty well. Jim ----- Original Message ----- From: "Kathryn Hogg" To: Sent: Tuesday, April 20, 2010 6:31 PM Subject: Re: [tclug-list] Sun Machines > > SDALAN04 at smumn.edu wrote: >> If I recall at one point you were a big fan of Sun machines not sure if >> you ever got into Solaris? >> >> Anyhow, do you know where I can get a decent Sun machine using the sparc >> Arch? > > From Oracle. > > -- > Kathryn > http://womensfooty.com > National Team Donation - http://womensfooty.com/freedom/donate > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list From iipreca at hotmail.com Tue Apr 20 23:39:46 2010 From: iipreca at hotmail.com (G J) Date: Tue, 20 Apr 2010 23:39:46 -0500 Subject: [tclug-list] Sun Machines In-Reply-To: <201004202310411549f79d0c@mail.smumn.edu> References: <201004202310411549f79d0c@mail.smumn.edu> Message-ID: I think I deleted a thread or something so I don't know whos doing the asking, but I have 3 Sun Netra X1's if you want them. With or w/o HD's Let me know if you are interested. I want them gone. They are @ 500Mhz with various RAM just for a quick reference. Jesse > Date: Tue, 20 Apr 2010 18:10:41 -0500 > From: SDALAN04 at smumn.edu > To: tclug-list at mn-linux.org > Subject: [tclug-list] Sun Machines > > Hey Jima- > > If I recall at one point you were a big fan of Sun machines not sure if you ever got into Solaris? > > Anyhow, do you know where I can get a decent Sun machine using the sparc Arch? > > Thanks. > > "Great Spirits Have Always Encountered Violent Opposition From Mediocre Minds" - Einstein > > "Cuanta estupidez en tan poco cerebro!" > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list _________________________________________________________________ Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100420/e6edbd70/attachment.htm From tclug at freakzilla.com Tue Apr 20 23:49:17 2010 From: tclug at freakzilla.com (Yaron) Date: Tue, 20 Apr 2010 23:49:17 -0500 (CDT) Subject: [tclug-list] Sun Machines In-Reply-To: References: <201004202310411549f79d0c@mail.smumn.edu> Message-ID: On Tue, 20 Apr 2010, G J wrote: > I think I deleted a thread or something so I don't know whos doing the > asking, but I have 3 Sun Netra X1's if you want them. With or w/o HD's Let > me know if you are interested. I want them gone. They are @ 500Mhz with > various RAM just for a quick reference. Oh man, five years ago I'd have been all over that. And I missed the original question too... -Yaron -- From iipreca at hotmail.com Tue Apr 20 23:56:19 2010 From: iipreca at hotmail.com (G J) Date: Tue, 20 Apr 2010 23:56:19 -0500 Subject: [tclug-list] Sun Machines In-Reply-To: References: <201004202310411549f79d0c@mail.smumn.edu>, , Message-ID: My apologies. Now that I think about it, it sounds a lot worse than I thought it would. I just want someone to get some use out of something I'm not. Their not worth much so its not like I'm getting rich or anything. Jesse > Date: Tue, 20 Apr 2010 23:49:17 -0500 > From: tclug at freakzilla.com > To: tclug-list at mn-linux.org > Subject: Re: [tclug-list] Sun Machines > > > > On Tue, 20 Apr 2010, G J wrote: > > > I think I deleted a thread or something so I don't know whos doing the > > asking, but I have 3 Sun Netra X1's if you want them. With or w/o HD's Let > > me know if you are interested. I want them gone. They are @ 500Mhz with > > various RAM just for a quick reference. > > Oh man, five years ago I'd have been all over that. > > And I missed the original question too... > > > -Yaron > > -- > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list _________________________________________________________________ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100420/cbe31b54/attachment.htm From adam.morris at redstargaming.net Wed Apr 21 06:47:43 2010 From: adam.morris at redstargaming.net (Adam Morris) Date: Wed, 21 Apr 2010 06:47:43 -0500 Subject: [tclug-list] Sun Machines Message-ID: <80yr1mv2y60q9i63rhyurm41.1271850463342@email.android.com> +1 for EBay. You can usually find a pretty good selection of Sun machines there. -Adam wendigo at clancf.net wrote: >I got a SunFire V100 off ebay a few weeks back for $80 with shipping. Works >pretty well. > >Jim > >----- Original Message ----- >From: "Kathryn Hogg" >To: >Sent: Tuesday, April 20, 2010 6:31 PM >Subject: Re: [tclug-list] Sun Machines > > >> >> SDALAN04 at smumn.edu wrote: >>> If I recall at one point you were a big fan of Sun machines not sure if >>> you ever got into Solaris? >>> >>> Anyhow, do you know where I can get a decent Sun machine using the sparc >>> Arch? >> >> From Oracle. >> >> -- >> Kathryn >> http://womensfooty.com >> National Team Donation - http://womensfooty.com/freedom/donate >> >> _______________________________________________ >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >> tclug-list at mn-linux.org >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > >_______________________________________________ >TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >tclug-list at mn-linux.org >http://mailman.mn-linux.org/mailman/listinfo/tclug-list From debertin at gmail.com Wed Apr 21 09:20:58 2010 From: debertin at gmail.com (Dan Debertin) Date: Wed, 21 Apr 2010 09:20:58 -0500 Subject: [tclug-list] Sun Machines In-Reply-To: <201004202310411549f79d0c@mail.smumn.edu> References: <201004202310411549f79d0c@mail.smumn.edu> Message-ID: Hi, I have some Sun machines I'd be willing to give away if anyone wants them. They are sun4m, though, so they won't run Solaris 10. Should be fine under NetBSD, though SMP is broken currently in NetBSD-5/sparc. Solaris < 10, Linux/SPARC or NetBSD-4 will probably run fine. I also have a variety of SBUS and MBUS cards for the sun4m arch, also free. Contact me privately if interested. -Dan Debertin -- UNIX sysadmin/programmer debertin at gmail.com From mark.russel.mitchell at gmail.com Wed Apr 21 10:06:02 2010 From: mark.russel.mitchell at gmail.com (Mark Mitchell) Date: Wed, 21 Apr 2010 10:06:02 -0500 Subject: [tclug-list] Scanning with CUPS/hplip? Message-ID: I have an HP Laserjet 3330 MFP, connected via USB to an up to date Ubuntu system. I can print from the linux system, I can print from windows machines on the network, but I can't scan. If I press the 'scan' key on the printer, it gives a 'waiting for PC' message for a couple seconds, then returns to the status screen. An attempt to 'scan to', results in a beep and 'not set up' error message. Any clues out there? Thanks, Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100421/f1c44769/attachment.htm From mark.russel.mitchell at gmail.com Wed Apr 21 10:19:25 2010 From: mark.russel.mitchell at gmail.com (Mark Mitchell) Date: Wed, 21 Apr 2010 10:19:25 -0500 Subject: [tclug-list] Scanning with CUPS/hplip? In-Reply-To: References: Message-ID: On Wed, Apr 21, 2010 at 10:06 AM, Mark Mitchell < mark.russel.mitchell at gmail.com> wrote: > I have an HP Laserjet 3330 MFP, connected via USB to an up to date Ubuntu > system. I can print from the linux system, I can print from windows > machines on the network, but I can't scan. > > If I press the 'scan' key on the printer, it gives a 'waiting for PC' > message for a couple seconds, then returns to the status screen. An attempt > to 'scan to', results in a beep and 'not set up' error message. > > Any clues out there? > > Thanks, > Mark > Asked for help too soon. From my next search, I learned that the driver does not support scans initiated from the printer, only from sane-compatible apps on the PC. So, aptitude install xsane, and the printer responds. It still doesn't quite work, I get an 'Error during read: Error during device I/O' after the scan bulb has traversed and returned. Not there yet, but closer. Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100421/8b60ee31/attachment-0001.htm From goeko at Goecke-Dolan.com Thu Apr 22 11:07:49 2010 From: goeko at Goecke-Dolan.com (Brian Dolan-Goecke) Date: Thu, 22 Apr 2010 11:07:49 -0500 Subject: [tclug-list] Install Fest & Release Party @PenguinsUnbound Meeting May 1st Message-ID: <4BD07455.1000505@Goecke-Dolan.com> This months PenguinsUnbound.com meeting will be Saturday May 1st at TIES, 1667 Snelling Ave. N., St. Paul, MN 55108 from 9:00am to 5:00pm (See the web site http://www.penguinsunbound.com for directions and more info.) With the release of Ubuntu 10.04 (Lucid Lynx) we are having an Install Fest / Release Party ! So come, bring your computer(s) and install Ubuntu 9.10 (or any Linux Distribution!) from 9:00am to 5:00pm May 1st! You can learn more about the Ubuntu 10.04 (Lucid Lynx) here http://www.ubuntu.com/getubuntu/releasenotes/1004overview You can download the Release Candidate from ( North America Sites) * http://archaea.its.sfu.ca/mirror/ubuntu-releases/10.04 (Canada) * http://mirror.csclub.uwaterloo.ca/ubuntu-releases/10.04 (Canada) * http://mirror.anl.gov/pub/ubuntu-iso/CDs/10.04 (United States) * http://ubuntu.cs.utah.edu/releases/10.04 (United States) * http://ubuntu-releases.cs.umn.edu/10.04 (United States) * http://www.gtlib.gatech.edu/pub/ubuntu-releases/10.04 (United States) Hope to see you there! ==>brian. *Yea, the April meeting is going to be May 1st. That worked best for release party. From mbmiller+l at gmail.com Fri Apr 23 11:10:25 2010 From: mbmiller+l at gmail.com (Mike Miller) Date: Fri, 23 Apr 2010 11:10:25 -0500 (CDT) Subject: [tclug-list] Apache charset issue Message-ID: If you look at this... http://genetsim.org/class/gaw15_problem_3_papers.html ...you'll see that it is messing up the UTF-8 characters, at least in Firefox on Linux and Chrome on Windows: Bickeb??ller Jos??e But the identical page here is fine: http://mlug.missouri.edu/~mbmiller/temp/gaw15_paper_page.html Bickeb?ller Jos?e I was having the same problem on both machines until I added this line in the header: That only fixed it on one Apache web server, not the other. So why doesn't that fix it for both servers? I assume it has something to do with the Apache configuration. Any ideas? A friend looked into it and told me "Your broken apache server is sending: Content-Type: text/html; charset=ISO-8859-1 missouri.edu is sending: Content-Type: text/html Look and see if AddDefaultCharset is set somewhere in your config. If not it may be set under an AddType directive." So I checked and found that AddDefaultCharset is there on the genetsim.org machine in /etc/httpd/conf/httpd.conf: # Specify a default charset for all pages sent out. This is # always a good idea and opens the door for future internationalisation # of your web site, should you ever want it. Specifying it as # a default does little harm; as the standard dictates that a page # is in iso-8859-1 (latin1) unless specified otherwise i.e. you # are merely stating the obvious. There are also some security # reasons in browsers, related to javascript and URL parsing # which encourage you to always set a default char set. # AddDefaultCharset ISO-8859-1 But it is commented out on mlug in /etc/apache2/apache2.conf: #AddDefaultCharset ISO-8859-1 It seems strange that Apache's comment text tells us that this is "always a good idea" that "does little harm" and it improves security. It says that a page is "in iso-8859-1 (latin1) unless specified otherwise," but that seems to imply that I can specify otherwise. Of course, that is exactly what I thought I was doing with this line in the header: Do you know why I'm not able to override the default here? The machines do differ in version number: genetsim.org: $ /usr/sbin/httpd -v Server version: Apache/2.0.46 Server built: Oct 28 2008 07:02:48 mlug.missouri.edu: $ /usr/sbin/apache2 -v Server version: Apache/2.2.3 Server built: Nov 13 2009 15:16:06 Best, Mike From florin at iucha.net Fri Apr 23 11:26:12 2010 From: florin at iucha.net (Florin Iucha) Date: Fri, 23 Apr 2010 11:26:12 -0500 Subject: [tclug-list] Apache charset issue In-Reply-To: References: Message-ID: <20100423162612.GV5455@iris.iucha.org> On Fri, Apr 23, 2010 at 11:10:25AM -0500, Mike Miller wrote: > I was having the same problem on both machines until I added this line in > the header: > > > > That only fixed it on one Apache web server, not the other. So why doesn't > that fix it for both servers? I assume it has something to do with the > Apache configuration. Any ideas? That line is interpreted by the browser, the server doesn't care. > A friend looked into it and told me "Your broken apache server is sending: > > Content-Type: text/html; charset=ISO-8859-1 > > missouri.edu is sending: > > Content-Type: text/html > > > Look and see if AddDefaultCharset is set somewhere in your config. If not > it may be set under an AddType directive." > > So I checked and found that AddDefaultCharset is there on the genetsim.org > machine in /etc/httpd/conf/httpd.conf: > > > # Specify a default charset for all pages sent out. This is > # always a good idea and opens the door for future internationalisation > # of your web site, should you ever want it. Specifying it as > # a default does little harm; as the standard dictates that a page > # is in iso-8859-1 (latin1) unless specified otherwise i.e. you > # are merely stating the obvious. There are also some security > # reasons in browsers, related to javascript and URL parsing > # which encourage you to always set a default char set. > # > AddDefaultCharset ISO-8859-1 > > > But it is commented out on mlug in /etc/apache2/apache2.conf: > > #AddDefaultCharset ISO-8859-1 > > > It seems strange that Apache's comment text tells us that this is "always a > good idea" that "does little harm" and it improves security. It says that > a page is "in iso-8859-1 (latin1) unless specified otherwise," but that > seems to imply that I can specify otherwise. Of course, that is exactly > what I thought I was doing with this line in the header: > > > > Do you know why I'm not able to override the default here? You need to override in in a .htaccess file, not in the file that you actually send out. Cheers, florin -- Bruce Schneier expects the Spanish Inquisition. http://geekz.co.uk/schneierfacts/fact/163 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100423/bb090651/attachment.pgp From mbmiller+l at gmail.com Fri Apr 23 13:16:37 2010 From: mbmiller+l at gmail.com (Mike Miller) Date: Fri, 23 Apr 2010 13:16:37 -0500 (CDT) Subject: [tclug-list] Apache charset issue In-Reply-To: <20100423162612.GV5455@iris.iucha.org> References: <20100423162612.GV5455@iris.iucha.org> Message-ID: On Fri, 23 Apr 2010, Florin Iucha wrote: > On Fri, Apr 23, 2010 at 11:10:25AM -0500, Mike Miller wrote: > >> I was having the same problem on both machines until I added this line >> in the header: >> >> >> >> That only fixed it on one Apache web server, not the other. So why >> doesn't that fix it for both servers? I assume it has something to do >> with the Apache configuration. Any ideas? > > That line is interpreted by the browser, the server doesn't care. That's what I thought, but then I thought the browser would use the information to decide how to display the file. Are you saying that the server is actually altering the file as it sends it out? >> >> >> Do you know why I'm not able to override the default here? > > You need to override in in a .htaccess file, not in the file that you > actually send out. Do you know what I need to do? I went here... http://www.w3.org/International/questions/qa-htaccess-charset ...and tried this,... $ cat > .htaccess AddCharset UTF-8 .html ^D ...which made a .htaccess file, but it didn't change the appearance of the document. Thanks! Mike From florin at iucha.net Fri Apr 23 13:38:13 2010 From: florin at iucha.net (Florin Iucha) Date: Fri, 23 Apr 2010 13:38:13 -0500 Subject: [tclug-list] Apache charset issue In-Reply-To: References: <20100423162612.GV5455@iris.iucha.org> Message-ID: <20100423183813.GY5455@iris.iucha.org> On Fri, Apr 23, 2010 at 01:16:37PM -0500, Mike Miller wrote: > >> I was having the same problem on both machines until I added this line > >> in the header: > >> > >> > >> > >> That only fixed it on one Apache web server, not the other. So why > >> doesn't that fix it for both servers? I assume it has something to do > >> with the Apache configuration. Any ideas? > > > > That line is interpreted by the browser, the server doesn't care. > > That's what I thought, but then I thought the browser would use the > information to decide how to display the file. Correct. > Are you saying that the > server is actually altering the file as it sends it out? It might, based on the directives in its configuration files (httpd.conf, .htaccess). To test that hypothesis, fetch the file with wget from both servers and do a diff. > >> > >> > >> Do you know why I'm not able to override the default here? > > > > You need to override in in a .htaccess file, not in the file that you > > actually send out. > > Do you know what I need to do? I went here... > > http://www.w3.org/International/questions/qa-htaccess-charset > > ...and tried this,... > > $ cat > .htaccess > AddCharset UTF-8 .html > ^D > > ...which made a .htaccess file, but it didn't change the appearance of the > document. You probably need to enable .htaccess processing in the main httpd.conf file and also specify that for the given directory, what directives can be specified in the .htaccess file. http://httpd.apache.org/docs/2.2/howto/htaccess.html Cheers, florin -- Bruce Schneier expects the Spanish Inquisition. http://geekz.co.uk/schneierfacts/fact/163 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100423/367fd7fe/attachment.pgp From mbmiller+l at gmail.com Fri Apr 23 15:18:21 2010 From: mbmiller+l at gmail.com (Mike Miller) Date: Fri, 23 Apr 2010 15:18:21 -0500 (CDT) Subject: [tclug-list] Apache charset issue In-Reply-To: <20100423183813.GY5455@iris.iucha.org> References: <20100423162612.GV5455@iris.iucha.org> <20100423183813.GY5455@iris.iucha.org> Message-ID: On Fri, 23 Apr 2010, Florin Iucha wrote: > On Fri, Apr 23, 2010 at 01:16:37PM -0500, Mike Miller wrote: > >>>> I was having the same problem on both machines until I added this >>>> line in the header: >>>> >>>> >>>> >>>> That only fixed it on one Apache web server, not the other. So why >>>> doesn't that fix it for both servers? I assume it has something to >>>> do with the Apache configuration. Any ideas? >>> >>> That line is interpreted by the browser, the server doesn't care. >> >> That's what I thought, but then I thought the browser would use the >> information to decide how to display the file. > > Correct. I wonder why the meta line isn't working then, because... >> Are you saying that the server is actually altering the file as it >> sends it out? > > It might, based on the directives in its configuration files > (httpd.conf, .htaccess). > > To test that hypothesis, fetch the file with wget from both servers and > do a diff. OK. I did it and the wget-retrieved files are identical. >>>> >>>> >>>> Do you know why I'm not able to override the default here? >>> >>> You need to override in in a .htaccess file, not in the file that you >>> actually send out. >> >> Do you know what I need to do? I went here... >> >> http://www.w3.org/International/questions/qa-htaccess-charset >> >> ...and tried this,... >> >> $ cat > .htaccess >> AddCharset UTF-8 .html >> ^D >> >> ...which made a .htaccess file, but it didn't change the appearance of the >> document. > > You probably need to enable .htaccess processing in the main httpd.conf > file and also specify that for the given directory, what directives can > be specified in the .htaccess file. > > http://httpd.apache.org/docs/2.2/howto/htaccess.html OK. This means I have to get the sysadmin in on it. I don't want to do that, so I'm going to try iconv: iconv --from-code=UTF-8 --to-code=ISO-8859-1 gaw15_problem_3_papers.html | grep -v " gaw15_test.html It works! before: http://genetsim.org/class/gaw15_problem_3_papers.html after: http://genetsim.org/class/gaw15_test.html There's a solution. Not the one I wanted, but good enough for now. I'm still in a quandry over why Firefox doesn't see the meta tag and display the utf-8 correctly. It worked on one system and not the other. Thanks again, Florin! Mike From mbmiller+l at gmail.com Fri Apr 23 16:30:59 2010 From: mbmiller+l at gmail.com (Mike Miller) Date: Fri, 23 Apr 2010 16:30:59 -0500 (CDT) Subject: [tclug-list] Apache charset issue In-Reply-To: References: <20100423162612.GV5455@iris.iucha.org> <20100423183813.GY5455@iris.iucha.org> Message-ID: On Fri, 23 Apr 2010, a friend wrote: > what happens if you rename your file to foo.html.utf8 or foo.utf8.html > > Do either of those appear correctly? Nice. I did this: $ cp gaw15_problem_3_papers.html gaw15_problem_3_papers.utf8.html $ cp gaw15_problem_3_papers.html gaw15_problem_3_papers.html.utf8 So all three files are identical. You can see them here: http://genetsim.org/class/ Both .utf8.html and .html.utf8 filenames look great in firefox, but the original does not. Mike From strayf at freeshell.org Fri Apr 23 16:33:32 2010 From: strayf at freeshell.org (Steve Cayford) Date: Fri, 23 Apr 2010 16:33:32 -0500 Subject: [tclug-list] Apache charset issue In-Reply-To: References: <20100423162612.GV5455@iris.iucha.org> <20100423183813.GY5455@iris.iucha.org> Message-ID: <4BD2122C.40702@freeshell.org> Mike Miller wrote: > OK. This means I have to get the sysadmin in on it. I don't want to do > that, so I'm going to try iconv: > > iconv --from-code=UTF-8 --to-code=ISO-8859-1 gaw15_problem_3_papers.html | grep -v " gaw15_test.html > > It works! > > before: > http://genetsim.org/class/gaw15_problem_3_papers.html > > after: > http://genetsim.org/class/gaw15_test.html > > There's a solution. Not the one I wanted, but good enough for now. I'm > still in a quandry over why Firefox doesn't see the meta tag and display > the utf-8 correctly. It worked on one system and not the other. > FYI, here's the http header exchange when I go to http://genetsim.org/class/gaw15_problem_3_papers.html with Iceweasel. --- GET /class/gaw15_problem_3_papers.html HTTP/1.1 Host: genetsim.org User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100308 Iceweasel/3.5.8 (like Firefox/3.5.8) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 200 OK Date: Fri, 23 Apr 2010 21:14:17 GMT Server: Apache/2.0.46 (Red Hat) Last-Modified: Fri, 23 Apr 2010 03:39:50 GMT Etag: "39c065-52b4-2dee2d80" Accept-Ranges: bytes Content-Length: 21172 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=ISO-8859-1 --- You added the UTF-8 meta tag to the page, but your http headers say ISO-8859-1. I don't know which takes precedence. Here's what I get at http://mlug.missouri.edu/~mbmiller/temp/gaw15_paper_page.html --- GET /~mbmiller/temp/gaw15_paper_page.html HTTP/1.1 Host: mlug.missouri.edu User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100308 Iceweasel/3.5.8 (like Firefox/3.5.8) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 200 OK Date: Fri, 23 Apr 2010 21:20:22 GMT Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6 mod_ssl/2.2.3 OpenSSL/0.9.8c Last-Modified: Fri, 23 Apr 2010 03:39:50 GMT Etag: "d-52b4-2dee2d80" Accept-Ranges: bytes Content-Length: 21172 Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Content-Type: text/html --- From mbmiller+l at gmail.com Fri Apr 23 19:23:28 2010 From: mbmiller+l at gmail.com (Mike Miller) Date: Fri, 23 Apr 2010 19:23:28 -0500 (CDT) Subject: [tclug-list] Apache charset issue In-Reply-To: <4BD2122C.40702@freeshell.org> References: <20100423162612.GV5455@iris.iucha.org> <20100423183813.GY5455@iris.iucha.org> <4BD2122C.40702@freeshell.org> Message-ID: On Fri, 23 Apr 2010, Steve Cayford wrote: > Mike Miller wrote: > > You added the UTF-8 meta tag to the page, but your http headers say > ISO-8859-1. I don't know which takes precedence. Well, I guess we know now. But why doesn't the content of the file itself override the default setting in the web server? I don't know. It seems like a bad design to me. Did you see that renaming the .html file with a .utf8.html extension solves the problem? It does. More weirdness. Mike From admin at lctn.org Wed Apr 28 10:14:16 2010 From: admin at lctn.org (Raymond Norton) Date: Wed, 28 Apr 2010 10:14:16 -0500 Subject: [tclug-list] sftp / chroot question Message-ID: <4BD850C8.3000503@lctn.org> I have a customer that asked to have their server set up to chroot users to their home directories. After completing the job using sftp and ssh, they now want an http upload alternative for customers that are not allowed to install executables on their desktop. It seems they are not real concerned about http uploads. They just want to keep user files private from others on the same server. Any ideas of the best solution here? From ecrist at secure-computing.net Wed Apr 28 10:26:32 2010 From: ecrist at secure-computing.net (Eric F Crist) Date: Wed, 28 Apr 2010 10:26:32 -0500 Subject: [tclug-list] sftp / chroot question In-Reply-To: <4BD850C8.3000503@lctn.org> References: <4BD850C8.3000503@lctn.org> Message-ID: <951AFD60-3165-4A76-8591-98E03D20D731@secure-computing.net> On Apr 28, 2010, at 10:14:16, Raymond Norton wrote: > I have a customer that asked to have their server set up to chroot users > to their home directories. After completing the job using sftp and ssh, > they now want an http upload alternative for customers that are not > allowed to install executables on their desktop. > > It seems they are not real concerned about http uploads. They just want > to keep user files private from others on the same server. > > Any ideas of the best solution here? We wrote a simple FTP upload script in php and use that. We use SSL, of course, for the web connection. --- Eric Crist From tompoe at fngi.net Wed Apr 28 14:09:01 2010 From: tompoe at fngi.net (Tom Poe) Date: Wed, 28 Apr 2010 14:09:01 -0500 Subject: [tclug-list] android phone question Message-ID: <4BD887CD.40807@fngi.net> I'm moving to Eden Valley, MN. Time to check up on latest telecommunications options. I'm wondering what it might cost to get an android/open source cell phone that is usb capable? I'm thinking the cell phone could serve as a 911 phone on the road, and the usb connection with my desktop could double as computer Internet access. Anyone have a recommendation on lowest cost option for these needs? Thanks, Tom From adam.morris at redstargaming.net Wed Apr 28 15:19:21 2010 From: adam.morris at redstargaming.net (Adam Morris) Date: Wed, 28 Apr 2010 15:19:21 -0500 Subject: [tclug-list] android phone question Message-ID: I'm a helpless fanboi of the Motorolla Droid, so I'm inclined to say "get it", but I realize that it is nowhere near the cheapest. The Droid Eris is underpowered but I've heard good things about it. Its only $79 with a Verizon contract, and it can be tethered, so it might be your best bet. -Adam Tom Poe wrote: >I'm moving to Eden Valley, MN. Time to check up on latest >telecommunications options. I'm wondering what it might cost to get an >android/open source cell phone that is usb capable? > >I'm thinking the cell phone could serve as a 911 phone on the road, and >the usb connection with my desktop could double as computer Internet >access. Anyone have a recommendation on lowest cost option for these needs? >Thanks, Tom > >_______________________________________________ >TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >tclug-list at mn-linux.org >http://mailman.mn-linux.org/mailman/listinfo/tclug-list From ryanjcole at me.com Wed Apr 28 15:58:32 2010 From: ryanjcole at me.com (Ryan Coleman) Date: Wed, 28 Apr 2010 15:58:32 -0500 Subject: [tclug-list] android phone question In-Reply-To: References: Message-ID: <59EA3983-E6AB-437C-9170-A670A6D62749@me.com> Tethered at what cost? Sent from my iPhone On Apr 28, 2010, at 15:19, Adam Morris wrote: > I'm a helpless fanboi of the Motorolla Droid, so I'm inclined to say > "get it", but I realize that it is nowhere near the cheapest. The > Droid Eris is underpowered but I've heard good things about it. Its > only $79 with a Verizon contract, and it can be tethered, so it > might be your best bet. > > -Adam > > Tom Poe wrote: > >> I'm moving to Eden Valley, MN. Time to check up on latest >> telecommunications options. I'm wondering what it might cost to >> get an >> android/open source cell phone that is usb capable? >> >> I'm thinking the cell phone could serve as a 911 phone on the road, >> and >> the usb connection with my desktop could double as computer Internet >> access. Anyone have a recommendation on lowest cost option for >> these needs? >> Thanks, Tom >> >> _______________________________________________ >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >> tclug-list at mn-linux.org >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list From blutgens at gmail.com Wed Apr 28 16:39:25 2010 From: blutgens at gmail.com (Ben) Date: Wed, 28 Apr 2010 16:39:25 -0500 Subject: [tclug-list] android phone question In-Reply-To: <59EA3983-E6AB-437C-9170-A670A6D62749@me.com> References: <59EA3983-E6AB-437C-9170-A670A6D62749@me.com> Message-ID: Any android phone could do this, once you root it which is pretty trivial you can enable wireless tethering as well. The droid is awesome, if you buy it right they're pretty cheap! On Wed, Apr 28, 2010 at 3:58 PM, Ryan Coleman wrote: > Tethered at what cost? > > Sent from my iPhone > > On Apr 28, 2010, at 15:19, Adam Morris > wrote: > > > I'm a helpless fanboi of the Motorolla Droid, so I'm inclined to say > > "get it", but I realize that it is nowhere near the cheapest. The > > Droid Eris is underpowered but I've heard good things about it. Its > > only $79 with a Verizon contract, and it can be tethered, so it > > might be your best bet. > > > > -Adam > > > > Tom Poe wrote: > > > >> I'm moving to Eden Valley, MN. Time to check up on latest > >> telecommunications options. I'm wondering what it might cost to > >> get an > >> android/open source cell phone that is usb capable? > >> > >> I'm thinking the cell phone could serve as a 911 phone on the road, > >> and > >> the usb connection with my desktop could double as computer Internet > >> access. Anyone have a recommendation on lowest cost option for > >> these needs? > >> Thanks, Tom > >> > >> _______________________________________________ > >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > >> tclug-list at mn-linux.org > >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > _______________________________________________ > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > tclug-list at mn-linux.org > > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > -- Ben Lutgens Linux / Unix System Administror Three of your friends throw up after eating chicken salad. Do you think: "I should find more robust friends" or "we should check that refrigerator"? -- Donald Becker, on vortex-bug, suspecting a network-wide problem -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100428/139d930d/attachment.htm From tlunde at gmail.com Wed Apr 28 19:21:54 2010 From: tlunde at gmail.com (Thomas Lunde) Date: Wed, 28 Apr 2010 19:21:54 -0500 Subject: [tclug-list] android phone question In-Reply-To: References: <59EA3983-E6AB-437C-9170-A670A6D62749@me.com> Message-ID: <24D7EF7E-7528-4845-B7EE-B4755367F064@gmail.com> Ben (or anyone else) - Got a pointer to a good source for turning a Droid Eris running on Verizon into a wireless access point? I'd prefer a recipe which does not require flipping the "I've been rooted" bit. Thanks Thomas On Apr 28, 2010, at 4:39 PM, Ben wrote: > Any android phone could do this, once you root it which is pretty trivial you can enable wireless tethering as well. The droid is awesome, if you buy it right they're pretty cheap! > > On Wed, Apr 28, 2010 at 3:58 PM, Ryan Coleman wrote: > Tethered at what cost? > > Sent from my iPhone > > On Apr 28, 2010, at 15:19, Adam Morris > wrote: > > > I'm a helpless fanboi of the Motorolla Droid, so I'm inclined to say > > "get it", but I realize that it is nowhere near the cheapest. The > > Droid Eris is underpowered but I've heard good things about it. Its > > only $79 with a Verizon contract, and it can be tethered, so it > > might be your best bet. > > > > -Adam > > > > Tom Poe wrote: > > > >> I'm moving to Eden Valley, MN. Time to check up on latest > >> telecommunications options. I'm wondering what it might cost to > >> get an > >> android/open source cell phone that is usb capable? > >> > >> I'm thinking the cell phone could serve as a 911 phone on the road, > >> and > >> the usb connection with my desktop could double as computer Internet > >> access. Anyone have a recommendation on lowest cost option for > >> these needs? > >> Thanks, Tom > >> > >> _______________________________________________ > >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > >> tclug-list at mn-linux.org > >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > _______________________________________________ > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > tclug-list at mn-linux.org > > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > > -- > Ben Lutgens > Linux / Unix System Administror > > Three of your friends throw up after eating chicken salad. Do you think: > "I should find more robust friends" or "we should check that refrigerator"? > -- Donald Becker, on vortex-bug, suspecting a network-wide problem > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100428/b07480b4/attachment.htm From daniel.armbrust.list at gmail.com Thu Apr 29 11:15:49 2010 From: daniel.armbrust.list at gmail.com (Dan Armbrust) Date: Thu, 29 Apr 2010 11:15:49 -0500 Subject: [tclug-list] Apache charset issue In-Reply-To: References: <20100423162612.GV5455@iris.iucha.org> <20100423183813.GY5455@iris.iucha.org> <4BD2122C.40702@freeshell.org> Message-ID: On Fri, Apr 23, 2010 at 7:23 PM, Mike Miller wrote: > On Fri, 23 Apr 2010, Steve Cayford wrote: > >> Mike Miller wrote: >> >> You added the UTF-8 meta tag to the page, but your http headers say >> ISO-8859-1. I don't know which takes precedence. > > Well, I guess we know now. ?But why doesn't the content of the file itself > override the default setting in the web server? ?I don't know. ?It seems > like a bad design to me. > > Did you see that renaming the .html file with a .utf8.html extension > solves the problem? ?It does. ?More weirdness. > I don't know why Firefox does that... it can be annoying at times (like this). You can see similar issues if a server has the mime type set wrong for jpegs, or something like that. If you point the browser directly at the file, IE will look at the file, and see that it is a jpeg, and display it as such. Firefox will simply look at the headers, and present you an option to download the file as a binary object. Seems like they could at least read the first bits of the file, and figure out the common file types automatically - or in this case, use the charset information from the file. Dan From ronsmailbox5 at gmail.com Thu Apr 29 12:16:24 2010 From: ronsmailbox5 at gmail.com (r j) Date: Thu, 29 Apr 2010 12:16:24 -0500 Subject: [tclug-list] tclug-list Digest, Vol 64, Issue 23 DROID as a modem Message-ID: You do not need to root a Droid to use it as a web server. You can use proxy droid, an app from the market, very easy, set your port in proxy droid to 8080 and mount the usb device with the proxy droid app running. easy as pie :D Ron -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100429/bff3d1bb/attachment.htm From blutgens at gmail.com Thu Apr 29 13:20:40 2010 From: blutgens at gmail.com (Ben) Date: Thu, 29 Apr 2010 13:20:40 -0500 Subject: [tclug-list] android phone question In-Reply-To: <24D7EF7E-7528-4845-B7EE-B4755367F064@gmail.com> References: <59EA3983-E6AB-437C-9170-A670A6D62749@me.com> <24D7EF7E-7528-4845-B7EE-B4755367F064@gmail.com> Message-ID: Wireless tethering can be done on non-rooted phones (i think) using pda net: http://www.junefabrics.com/android/index.php Rooting is trivial, easy to back out of, and is essentially risk free. Any rooting guides will have you backup first. Also, there's a one-click "rooting" app on the Android Market for droids. In fact, there's tools to let you flash custom roms right on your phone, no need for the android SDK (which is friggin trivially easy to dl and use) http://www.xda-developers.com/ best place for android hacking, the forums are awesome, the wiki is awesome, and there's a great app for browsing / posting to the forums on the Market too =P Wonder if we should ponder a separate list for android stuff, since its not relevant to all LUGers. On Wed, Apr 28, 2010 at 7:21 PM, Thomas Lunde wrote: > Ben (or anyone else) - > > Got a pointer to a good source for turning a Droid Eris running on Verizon > into a wireless access point? I'd prefer a recipe which does not require > flipping the "I've been rooted" bit. > > Thanks > Thomas > > > On Apr 28, 2010, at 4:39 PM, Ben wrote: > > Any android phone could do this, once you root it which is pretty trivial > you can enable wireless tethering as well. The droid is awesome, if you buy > it right they're pretty cheap! > > On Wed, Apr 28, 2010 at 3:58 PM, Ryan Coleman wrote: > >> Tethered at what cost? >> >> Sent from my iPhone >> >> On Apr 28, 2010, at 15:19, Adam Morris >> wrote: >> >> > I'm a helpless fanboi of the Motorolla Droid, so I'm inclined to say >> > "get it", but I realize that it is nowhere near the cheapest. The >> > Droid Eris is underpowered but I've heard good things about it. Its >> > only $79 with a Verizon contract, and it can be tethered, so it >> > might be your best bet. >> > >> > -Adam >> > >> > Tom Poe wrote: >> > >> >> I'm moving to Eden Valley, MN. Time to check up on latest >> >> telecommunications options. I'm wondering what it might cost to >> >> get an >> >> android/open source cell phone that is usb capable? >> >> >> >> I'm thinking the cell phone could serve as a 911 phone on the road, >> >> and >> >> the usb connection with my desktop could double as computer Internet >> >> access. Anyone have a recommendation on lowest cost option for >> >> these needs? >> >> Thanks, Tom >> >> >> >> _______________________________________________ >> >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >> >> tclug-list at mn-linux.org >> >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list >> > _______________________________________________ >> > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >> > tclug-list at mn-linux.org >> > http://mailman.mn-linux.org/mailman/listinfo/tclug-list >> >> _______________________________________________ >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >> tclug-list at mn-linux.org >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list >> > > > > -- > Ben Lutgens > Linux / Unix System Administror > > Three of your friends throw up after eating chicken salad. Do you think: > "I should find more robust friends" or "we should check that refrigerator"? > -- Donald Becker, on vortex-bug, suspecting a network-wide problem > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > -- Ben Lutgens Linux / Unix System Administror Three of your friends throw up after eating chicken salad. Do you think: "I should find more robust friends" or "we should check that refrigerator"? -- Donald Becker, on vortex-bug, suspecting a network-wide problem -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100429/ca70b44f/attachment.htm From johntrammell at gmail.com Thu Apr 29 14:15:38 2010 From: johntrammell at gmail.com (John Trammell) Date: Thu, 29 Apr 2010 14:15:38 -0500 Subject: [tclug-list] Spring cleaning Message-ID: This all goes to the recycler unless anyone is interested: * HP optical mouse w/ PS/2 connector * 1 PS/2 - USB adapter * Chaintech Nvidia GeForce3 Titanium 200 video card * Seagate 120GB PATA HDD * long parallel port cable (9'? 10'?) * HP Scanjet 5p w/ SCSI cable (still looking for the SCSI adapter...) * 2 ugly beige power strips * 1 3Com 3c905 PCI ethernet adapter * 1 ATA CD drive * misc. IDE & floppy cables * 1 really long audio cable (20'?) Plus more when I get to the basement... Thanks, J -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100429/7fa16d9d/attachment.htm From strayf at freeshell.org Thu Apr 29 14:33:09 2010 From: strayf at freeshell.org (Steve Cayford) Date: Thu, 29 Apr 2010 14:33:09 -0500 Subject: [tclug-list] Spring cleaning In-Reply-To: References: Message-ID: <4BD9DEF5.4010108@freeshell.org> If I may suggest, take it to Free Geek Twin Cities. Open Saturday afternoons at 821 E 35th St, Minneapolis. http://freegeektwincities.org/ -Steve On 04/29/2010 02:15 PM, John Trammell wrote: > This all goes to the recycler unless anyone is interested: > > * HP optical mouse w/ PS/2 connector > * 1 PS/2 - USB adapter > * Chaintech Nvidia GeForce3 Titanium 200 video card > * Seagate 120GB PATA HDD > * long parallel port cable (9'? 10'?) > * HP Scanjet 5p w/ SCSI cable (still looking for the SCSI adapter...) > * 2 ugly beige power strips > * 1 3Com 3c905 PCI ethernet adapter > * 1 ATA CD drive > * misc. IDE & floppy cables > * 1 really long audio cable (20'?) > > Plus more when I get to the basement... > > Thanks, > J > From shanson at cruiskeen.com Thu Apr 29 18:48:34 2010 From: shanson at cruiskeen.com (Steve Hanson) Date: Thu, 29 Apr 2010 18:48:34 -0500 Subject: [tclug-list] android phone question In-Reply-To: References: <59EA3983-E6AB-437C-9170-A670A6D62749@me.com> <24D7EF7E-7528-4845-B7EE-B4755367F064@gmail.com> Message-ID: <4BDA1AD2.4060808@cruiskeen.com> On 04/29/2010 01:20 PM, Ben wrote: > Wireless tethering can be done on non-rooted phones (i think) using > pda net: http://www.junefabrics.com/android/index.php On 04/28/2010 07:21 PM, Thomas Lunde wrote: > > Ben (or anyone else) - > > > > Got a pointer to a good source for turning a Droid Eris running on > > Verizon into a wireless access point? I'd prefer a recipe which does > > not require flipping the "I've been rooted" bit. > No need to root anything -- Verizon has just released a bunch of new options for tethering with Android, and there's an introductory special going on. I'm at the moment mail-ordering a Droid Incredible ---- http://www.verizonwireless.com/b2c/mobilebroadband/?page=products_connect From jpschewe at mtu.net Thu Apr 29 19:03:40 2010 From: jpschewe at mtu.net (Jon Schewe) Date: Thu, 29 Apr 2010 19:03:40 -0500 Subject: [tclug-list] android phone question In-Reply-To: <4BDA1AD2.4060808@cruiskeen.com> References: <59EA3983-E6AB-437C-9170-A670A6D62749@me.com> <24D7EF7E-7528-4845-B7EE-B4755367F064@gmail.com> <4BDA1AD2.4060808@cruiskeen.com> Message-ID: <4BDA1E5C.1080205@mtu.net> On 04/29/2010 06:48 PM, Steve Hanson wrote: > No need to root anything -- > > Verizon has just released a bunch of new options for tethering with > Android, and there's an introductory special going on. I'm at the > moment mail-ordering a Droid Incredible ---- > > http://www.verizonwireless.com/b2c/mobilebroadband/?page=products_connect > > > Don't suppose anyone knows how to get a Droid on Verizon without a data plan, for those few of us that just want to use the wifi and not pay $30/month for something I'm not likely to use much. From tompoe at fngi.net Thu Apr 29 19:11:03 2010 From: tompoe at fngi.net (Tom Poe) Date: Thu, 29 Apr 2010 19:11:03 -0500 Subject: [tclug-list] android phone question In-Reply-To: <4BDA1AD2.4060808@cruiskeen.com> References: <59EA3983-E6AB-437C-9170-A670A6D62749@me.com> <24D7EF7E-7528-4845-B7EE-B4755367F064@gmail.com> <4BDA1AD2.4060808@cruiskeen.com> Message-ID: <4BDA2017.3080906@fngi.net> Steve Hanson wrote: > On 04/29/2010 01:20 PM, Ben wrote: > >> Wireless tethering can be done on non-rooted phones (i think) using >> pda net: http://www.junefabrics.com/android/index.php >> > > On 04/28/2010 07:21 PM, Thomas Lunde wrote: > > >>> Ben (or anyone else) - >>> >>> Got a pointer to a good source for turning a Droid Eris running on >>> Verizon into a wireless access point? I'd prefer a recipe which does >>> not require flipping the "I've been rooted" bit. >>> >> >> > > No need to root anything -- > > Verizon has just released a bunch of new options for tethering with > Android, and there's an introductory special going on. I'm at the > moment mail-ordering a Droid Incredible ---- > > http://www.verizonwireless.com/b2c/mobilebroadband/?page=products_connect > > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > Are they claiming the modem aspect, i.e., when plugged into computer, sends downloads straight through, and does not contribute to monthly cap? Or, does the counter click regardless of whether download is to mobile phone or computer? Tom From tlunde at gmail.com Thu Apr 29 19:43:07 2010 From: tlunde at gmail.com (Thomas Lunde) Date: Thu, 29 Apr 2010 19:43:07 -0500 Subject: [tclug-list] android phone question In-Reply-To: <4BDA1AD2.4060808@cruiskeen.com> References: <59EA3983-E6AB-437C-9170-A670A6D62749@me.com> <24D7EF7E-7528-4845-B7EE-B4755367F064@gmail.com> <4BDA1AD2.4060808@cruiskeen.com> Message-ID: On Apr 29, 2010, at 6:48 PM, Steve Hanson wrote: > On 04/29/2010 01:20 PM, Ben wrote: >> Wireless tethering can be done on non-rooted phones (i think) using >> pda net: http://www.junefabrics.com/android/index.php > > On 04/28/2010 07:21 PM, Thomas Lunde wrote: > >>> Ben (or anyone else) - >>> >>> Got a pointer to a good source for turning a Droid Eris running on >>> Verizon into a wireless access point? I'd prefer a recipe which does >>> not require flipping the "I've been rooted" bit. >> > > No need to root anything -- > > Verizon has just released a bunch of new options for tethering with > Android, and there's an introductory special going on. I'm at the > moment mail-ordering a Droid Incredible ---- > > http://www.verizonwireless.com/b2c/mobilebroadband/?page=products_connect > Sorry - I wasn't clear enough. I'm familiar with tethering via USB and/or Bluetooth on various phones, but that's not what I'm talking about. (BTW, you can't tether via Bluetooth with a Droid Eris until/unless Verizon releases the upgrade to Android 2.1 because 1.5 doesn't have a sufficient BT stack.) I'd like to have the phone turn itself into a WiFi Access Point so that, e.g., I could get an iPad talking to it. Other uses would include allowing everyone in a hotel room to get from their laptops to the phone via WiFi and then having the phone handle NAT, etc. so that the phone's 3G network connection could be shared. This is certainly possible: Verizon's own MiFi does it. http://www.verizonwireless.com/b2c/mobilebroadband/?page=products_mifi But, so far as I know, it's not a supported use of any of their phones. There is zero technical reason for that, as the MiFi demonstrates. PdaNet, while nifty, doesn't address this. Linux (which is why I brought this up on the TCLUG list) handles it with aplomb, but I don't know of a way to do this on phones without rooting them. I realize that rooting is relatively low risk in terms of harm to the phone, but it does void the warranty. And, apparently, there's a bit way down deep in the firmware/flash memory that gets flipped if the phone is rooted so that, even if it's flashed back to the original software, Verizon can see that it has been rooted in the past and therefore disclaim warranty coverage. But maybe I'm out of date, which is why I'm hoping that someone on the list knows of a way to turn the phone into a WiFi AP... Thanks for any pointers (so long as they're not dangling... *grin*) Thomas From tlunde at gmail.com Thu Apr 29 19:48:05 2010 From: tlunde at gmail.com (Thomas Lunde) Date: Thu, 29 Apr 2010 19:48:05 -0500 Subject: [tclug-list] android phone question In-Reply-To: References: <59EA3983-E6AB-437C-9170-A670A6D62749@me.com> <24D7EF7E-7528-4845-B7EE-B4755367F064@gmail.com> <4BDA1AD2.4060808@cruiskeen.com> Message-ID: <021C5571-78D0-4FD7-BC82-F1AA48B70E83@gmail.com> On Apr 29, 2010, at 7:43 PM, Thomas Lunde wrote: > But, so far as I know, it's not a supported use of any of their phones. There is zero technical reason for that, as the MiFi demonstrates. (sorry for the self-reply, but before someone corrects me) It's not a supported use of any of their Android phones. It _is_ supported and officially-blessed on their Palm WebOS phones: http://blog.palm.com/palm/2010/04/no-fooling-with-these-april-savings-tips-1.html Thomas From kris.browne at gmail.com Thu Apr 29 20:58:37 2010 From: kris.browne at gmail.com (Kristopher Browne) Date: Thu, 29 Apr 2010 20:58:37 -0500 Subject: [tclug-list] android phone question In-Reply-To: <021C5571-78D0-4FD7-BC82-F1AA48B70E83@gmail.com> Message-ID: <4bda3958.5744f10a.6491.5e02@mx.google.com> Palm^h^h^h^hHP WebOS devices. -- Sent from my Palm Pre On Apr 29, 2010 19:51, Thomas Lunde <tlunde at gmail.com> wrote: On Apr 29, 2010, at 7:43 PM, Thomas Lunde wrote: > But, so far as I know, it's not a supported use of any of their phones. There is zero technical reason for that, as the MiFi demonstrates. (sorry for the self-reply, but before someone corrects me) It's not a supported use of any of their Android phones. It _is_ supported and officially-blessed on their Palm WebOS phones: http://blog.palm.com/palm/2010/04/no-fooling-with-these-april-savings-tips-1.html Thomas _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota tclug-list at mn-linux.org http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100429/5804948a/attachment.htm From stutterstutt at comcast.net Thu Apr 29 21:02:49 2010 From: stutterstutt at comcast.net (Jeff Nelson) Date: Thu, 29 Apr 2010 21:02:49 -0500 Subject: [tclug-list] [ubuntu-us-mn] Fwd: Ubuntu 10.04 LTS released In-Reply-To: References: <20100429172424.GA22207@dario.dodds.net> Message-ID: <4BDA3A49.2010000@comcast.net> Tony Yarusso wrote: > Wooo! > > > ---------- Forwarded message ---------- > From: Ubuntu Announcements > ... > The Ubuntu team is pleased to announce Ubuntu 10.04 LTS (Long-Term Support). > Problem: .iso downloads fast using BitTorrent. Upgrades go very slow, especially now. I'd like to figure out a way to make upgrades go faster. For example, is there a local mirror I could point the upgrade at? Or is there a way to upgrade from a live distribution .iso? It would go faster if I could point at my own local .deb packages in the .iso, if I knew how. Thanks. -Jeff From admin at lctn.org Thu Apr 29 21:34:44 2010 From: admin at lctn.org (Raymond Norton) Date: Thu, 29 Apr 2010 21:34:44 -0500 Subject: [tclug-list] sftp / chroot question In-Reply-To: <951AFD60-3165-4A76-8591-98E03D20D731@secure-computing.net> References: <4BD850C8.3000503@lctn.org> <951AFD60-3165-4A76-8591-98E03D20D731@secure-computing.net> Message-ID: <4BDA41C4.1070103@lctn.org> > We wrote a simple FTP upload script in php and use that. We use SSL, of course, for the web connection. > > --- > Eric Crist > > I found this solution, which looks to be all I need for a solution: http://www.net2ftp.com/ From goeko at Goecke-Dolan.com Thu Apr 29 22:22:49 2010 From: goeko at Goecke-Dolan.com (Brian Dolan-Goecke) Date: Thu, 29 Apr 2010 22:22:49 -0500 Subject: [tclug-list] ***Saturday May 1st*** Install Fest & Release Party @PenguinsUnbound Meeting Message-ID: <4BDA4D09.1080902@Goecke-Dolan.com> This months PenguinsUnbound.com meeting will be Saturday May 1st at TIES, 1667 Snelling Ave. N., St. Paul, MN 55108 from 9:00am to 5:00pm (See the web site http://www.penguinsunbound.com for directions and more info.) With the release of Ubuntu 10.04 (Lucid Lynx) we are having an Install Fest / Release Party ! So come, bring your computer(s) and install Ubuntu 10.04 (or any Linux Distribution!) from 9:00am to 5:00pm May 1st! You can learn more about the Ubuntu 10.04 (Lucid Lynx) here http://www.ubuntu.com/getubuntu/releasenotes/1004overview You can download from (hopefully it will sync tonight) http://fish.penguinsunbound.net/ubuntu-releases/10.04/ (** Note, this machine will go down Friday April 30 after 10:00pm to prepare for the install fest. **) Hope to see you there! ==>brian. *Yea, the April meeting is going to be May 1st. That worked best for release party. From cwgriesel at gmail.com Fri Apr 30 09:18:15 2010 From: cwgriesel at gmail.com (Curtis Griesel) Date: Fri, 30 Apr 2010 09:18:15 -0500 Subject: [tclug-list] Spring cleaning In-Reply-To: <4BD9DEF5.4010108@freeshell.org> References: <4BD9DEF5.4010108@freeshell.org> Message-ID: I second the Free Geek idea. If no one else wants this stuff, let me know, and I'll pick it up and deliver it to Free Geek if needed. Curtis On Thu, Apr 29, 2010 at 2:33 PM, Steve Cayford wrote: > If I may suggest, take it to Free Geek Twin Cities. Open Saturday > afternoons at 821 E 35th St, Minneapolis. http://freegeektwincities.org/ > > -Steve > > On 04/29/2010 02:15 PM, John Trammell wrote: > > This all goes to the recycler unless anyone is interested: > > > > * HP optical mouse w/ PS/2 connector > > * 1 PS/2 - USB adapter > > * Chaintech Nvidia GeForce3 Titanium 200 video card > > * Seagate 120GB PATA HDD > > * long parallel port cable (9'? 10'?) > > * HP Scanjet 5p w/ SCSI cable (still looking for the SCSI adapter...) > > * 2 ugly beige power strips > > * 1 3Com 3c905 PCI ethernet adapter > > * 1 ATA CD drive > > * misc. IDE & floppy cables > > * 1 really long audio cable (20'?) > > > > Plus more when I get to the basement... > > > > Thanks, > > J > > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100430/f60cbb5a/attachment.htm