From daniel at gimpelevich.san-francisco.ca.us  Fri Dec  2 08:41:58 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 02 Dec 2005 08:41:58 -0800
Subject: [conspire] "Lupper Worm" and the patching of bad software
References: <mailman.331.1131566032.27349.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.02.16.41.39.20109@gimpelevich.san-francisco.ca.us>

On Wed, 09 Nov 2005 11:53:46 -0800, Rick Moen wrote:

[snip]
> As is traditional for McAfee alerts, you have to search hard to find the
> point of interest, which is:  What vulnerability is exploited?  It's
> this one sentence; the rest of the advisory is superfluous:
>  
> "Sends HTTP requests to the URLs it generates and attempts to spread by
> exploiting an XML-RPC for PHP remote code injection vulnerability, an
> AWStats rawlog plugin logfile parameter input validation vulnerability
> and the Darryl Burgdorf Webhints remote command execution
> vulnerability."
[snip]

Yet another example of having to search for the point of interest:
http://news.com.com/Sun+plugs+serious+holes+in+Java/2100-1002_3-5975496.html


From jla1200 at netzero.net  Sat Dec  3 20:43:11 2005
From: jla1200 at netzero.net (John Andrews)
Date: Sat, 3 Dec 2005 20:43:11 -0800
Subject: [conspire] Editing Fstab
Message-ID: <001001c5f88d$3ba874a0$83bc5545@oemcomputer>

I'm trying to get a handle on editing the fstab even though it seems rather "easy". I finally got it to read a new usb stick using dev /sda1, media as the mount point and vfat as the file type. and the rest similar to the other entrys.What would be the dev type of a digital camera? What file type? and other entries noauto and etc..
    How do I get a Netzero.deb file to install ? I transfered it from the usb stick okay but then it was a read only file or not a directory and i couldn't install it. I tried as root. dpgk install netzero.deb but it didn't work. Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20051203/0f42b736/attachment.html>

From daniel at gimpelevich.san-francisco.ca.us  Sun Dec  4 01:57:50 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Sun, 04 Dec 2005 01:57:50 -0800
Subject: [conspire] Editing Fstab
References: <mailman.0.1133685969.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.04.09.57.47.913797@gimpelevich.san-francisco.ca.us>

Not all digital cameras are mountable. The ones that are are typically
vfat. The device file used may be somewhat unpredictable. The noauto
option means "Do not try to mount on boot." You probably also want the
"user" option which allows non-root users to mount.

Before you try using "dpkg -i foo.deb" to install the .deb file, it would
be a good idea to look at what it will install with "dpkg -c foo.deb"
first. If there are no conflicts with anything currently installed, you
can try installing the package, but if something goes wrong, you'll want
to "dpkg --purge foo" to prevent an inconsistent package database.

On Sat, 03 Dec 2005 20:43:11 -0800, John Andrews wrote:

> I'm trying to get a handle on editing the fstab even though it seems rather "easy". I finally got it to read a new usb stick using dev /sda1, media as the mount point and vfat as the file type. and the rest similar to the other entrys.What would be the dev type of a digital camera? What file type? and other entries noauto and etc..
>     How do I get a Netzero.deb file to install ? I transfered it from the usb stick okay but then it was a read only file or not a directory and i couldn't install it. I tried as root. dpgk install netzero.deb but it didn't work. Thanks in advance.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META content="MSHTML 6.00.2800.1106" name=GENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=#ffffff>
> <DIV><FONT face=Arial size=2>I'm trying to get a handle on editing the fstab 
> even though it seems rather "easy". I finally got it to read a new usb stick 
> using dev /sda1, media as the mount point and vfat as the file type. and the 
> rest similar to the other entrys.What would be the dev type of a digital camera? 
> What file type? and other entries noauto and etc..</FONT></DIV>
> <DIV><FONT face=Arial size=2>&nbsp;&nbsp;&nbsp; How do I get a Netzero.deb file 
> to install ? I transfered it from the usb stick okay but then it was a read only 
> file or not a directory and i couldn't install it. I tried as root. dpgk install 
> netzero.deb but it didn't work. Thanks in advance.</FONT></DIV></BODY></HTML>



From hereon1 at fastmail.us  Sun Dec  4 10:19:19 2005
From: hereon1 at fastmail.us (Hereon)
Date: Sun, 04 Dec 2005 10:19:19 -0800
Subject: [conspire] How automatically replace control (newline) character
 with space in file & directory names
Message-ID: <1133720359.10691.248967891@webmail.messagingengine.com>

Can someone tell me a way to accomplish this with a command, commands,
shell script, or other program?

I have some files & directories with names that contain the newline
character, \n , 0A hex.

[These get created sometimes as I copy & past text from web pages into
the filename as I save a webpage, from firefox, to disk.]

I wish to replace that newline with a space character, automatically,
without doing it by hand for each file.

I have figured out one way to locate the files:

In the home directory do:
ls -QR * | grep '\\n'

Then, individually, I can do a locate on part of the file name to get a
full path.



====
$ ls -QR | grep '\\n' > FilesWithNewline.txt

$ cat FilesWithNewline.txt

. . . [Many file or directory names listed, like the following lines:]

"An elevator to space NASA gives idea a lift\n12 teams vying for
$100,000 in prizes in Mountain View article.cgi.html"
"An elevator to space NASA gives idea a lift\n12 teams vying for
$100,000 in prizes in Mountain View article.cgi_files"
"./Engineering/Space/An elevator to space NASA gives idea a lift\n12
teams vying for $100,000 in prizes in Mountain View article.cgi_files":
"./Engineering/Space/An elevator to space NASA gives idea a lift\n12
teams vying for $100,000 in prizes in Mountain View
article.cgi_files/B1654090_data":

. . . 

====

So, what's an easy way to search through the file tree & automatically
replace the '\n' with a space character?
Thanks.
-- 
  Hereon
  hereon1 at fastmail.us

-- 
http://www.fastmail.fm - I mean, what is it about a decent email service?




From bill at wards.net  Sun Dec  4 11:10:58 2005
From: bill at wards.net (Bill Ward)
Date: Sun, 4 Dec 2005 11:10:58 -0800
Subject: [conspire] How automatically replace control (newline) character
	with space in file & directory names
In-Reply-To: <1133720359.10691.248967891@webmail.messagingengine.com>
References: <1133720359.10691.248967891@webmail.messagingengine.com>
Message-ID: <3d2fe1780512041110s5dab51cdy9db964446748b262@mail.gmail.com>

#!/usr/bin/perl -w
use strict;
opendir DOT, "." or die "Can't read directory: #!\n";
foreach my $file (readdir DOT) {
    my $newfile = $file;
    $newfile =~ s/\n/ /g;
    next if $newfile eq $file;  # skip files that lack \n
    if (-e $newfile) {
         warn "Can't rename $file because $newfile already exists\n";
    }
    else {
        rename $file, $newfile or die "Error renaming $file: $!\n";
    }
}

On 12/4/05, Hereon <hereon1 at fastmail.us> wrote:
> Can someone tell me a way to accomplish this with a command, commands,
> shell script, or other program?
>
> I have some files & directories with names that contain the newline
> character, \n , 0A hex.
>
> [These get created sometimes as I copy & past text from web pages into
> the filename as I save a webpage, from firefox, to disk.]
>
> I wish to replace that newline with a space character, automatically,
> without doing it by hand for each file.
>
> I have figured out one way to locate the files:
>
> In the home directory do:
> ls -QR * | grep '\\n'
>
> Then, individually, I can do a locate on part of the file name to get a
> full path.
>
>
>
> ====
> $ ls -QR | grep '\\n' > FilesWithNewline.txt
>
> $ cat FilesWithNewline.txt
>
> . . . [Many file or directory names listed, like the following lines:]
>
> "An elevator to space NASA gives idea a lift\n12 teams vying for
> $100,000 in prizes in Mountain View article.cgi.html"
> "An elevator to space NASA gives idea a lift\n12 teams vying for
> $100,000 in prizes in Mountain View article.cgi_files"
> "./Engineering/Space/An elevator to space NASA gives idea a lift\n12
> teams vying for $100,000 in prizes in Mountain View article.cgi_files":
> "./Engineering/Space/An elevator to space NASA gives idea a lift\n12
> teams vying for $100,000 in prizes in Mountain View
> article.cgi_files/B1654090_data":
>
> . . .
>
> ====
>
> So, what's an easy way to search through the file tree & automatically
> replace the '\n' with a space character?
> Thanks.
> --
>   Hereon
>   hereon1 at fastmail.us
>
> --
> http://www.fastmail.fm - I mean, what is it about a decent email service?
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
>



--
Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/



From bill at wards.net  Sun Dec  4 11:11:38 2005
From: bill at wards.net (Bill Ward)
Date: Sun, 4 Dec 2005 11:11:38 -0800
Subject: [conspire] How automatically replace control (newline) character
	with space in file & directory names
In-Reply-To: <3d2fe1780512041110s5dab51cdy9db964446748b262@mail.gmail.com>
References: <1133720359.10691.248967891@webmail.messagingengine.com>
	<3d2fe1780512041110s5dab51cdy9db964446748b262@mail.gmail.com>
Message-ID: <3d2fe1780512041111r3de5708cs630aee7d2429cb8f@mail.gmail.com>

Oops, I noticed a typo: #! should be $! in the 3rd line.

On 12/4/05, Bill Ward <bill at wards.net> wrote:
> #!/usr/bin/perl -w
> use strict;
> opendir DOT, "." or die "Can't read directory: #!\n";
> foreach my $file (readdir DOT) {
>     my $newfile = $file;
>     $newfile =~ s/\n/ /g;
>     next if $newfile eq $file;  # skip files that lack \n
>     if (-e $newfile) {
>          warn "Can't rename $file because $newfile already exists\n";
>     }
>     else {
>         rename $file, $newfile or die "Error renaming $file: $!\n";
>     }
> }
>
> On 12/4/05, Hereon <hereon1 at fastmail.us> wrote:
> > Can someone tell me a way to accomplish this with a command, commands,
> > shell script, or other program?
> >
> > I have some files & directories with names that contain the newline
> > character, \n , 0A hex.
> >
> > [These get created sometimes as I copy & past text from web pages into
> > the filename as I save a webpage, from firefox, to disk.]
> >
> > I wish to replace that newline with a space character, automatically,
> > without doing it by hand for each file.
> >
> > I have figured out one way to locate the files:
> >
> > In the home directory do:
> > ls -QR * | grep '\\n'
> >
> > Then, individually, I can do a locate on part of the file name to get a
> > full path.
> >
> >
> >
> > ====
> > $ ls -QR | grep '\\n' > FilesWithNewline.txt
> >
> > $ cat FilesWithNewline.txt
> >
> > . . . [Many file or directory names listed, like the following lines:]
> >
> > "An elevator to space NASA gives idea a lift\n12 teams vying for
> > $100,000 in prizes in Mountain View article.cgi.html"
> > "An elevator to space NASA gives idea a lift\n12 teams vying for
> > $100,000 in prizes in Mountain View article.cgi_files"
> > "./Engineering/Space/An elevator to space NASA gives idea a lift\n12
> > teams vying for $100,000 in prizes in Mountain View article.cgi_files":
> > "./Engineering/Space/An elevator to space NASA gives idea a lift\n12
> > teams vying for $100,000 in prizes in Mountain View
> > article.cgi_files/B1654090_data":
> >
> > . . .
> >
> > ====
> >
> > So, what's an easy way to search through the file tree & automatically
> > replace the '\n' with a space character?
> > Thanks.
> > --
> >   Hereon
> >   hereon1 at fastmail.us
> >
> > --
> > http://www.fastmail.fm - I mean, what is it about a decent email service?
> >
> >
> > _______________________________________________
> > conspire mailing list
> > conspire at linuxmafia.com
> > http://linuxmafia.com/mailman/listinfo/conspire
> >
>
>
>
> --
> Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/
>


--
Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/



From hereon1 at fastmail.us  Sun Dec  4 14:45:24 2005
From: hereon1 at fastmail.us (Hereon)
Date: Sun, 04 Dec 2005 14:45:24 -0800
Subject: [conspire] How automatically replace control (newline) character
 with space in file & directory names
Message-ID: <1133736324.30565.248979690@webmail.messagingengine.com>

Can someone tell me a way to accomplish this with a command, commands,
shell script, or other program?

I have some files & directories with names that contain the newline
character, \n , 0A hex.

[These get created sometimes as I copy & past text from web pages into
the filename as I save a webpage, from firefox, to disk.]

I wish to replace that newline with a space character, automatically,
without doing it by hand for each file.

I have figured out one way to locate the files:

In the home directory do:
ls -QR * | grep '\\n'

Then, individually, I can do a locate on part of the file name to get a
full path.



====
$ ls -QR | grep '\\n' > FilesWithNewline.txt

$ cat FilesWithNewline.txt

. . . [Many file or directory names listed, like the following lines:]

"An elevator to space NASA gives idea a lift\n12 teams vying for
$100,000 in prizes in Mountain View article.cgi.html"
"An elevator to space NASA gives idea a lift\n12 teams vying for
$100,000 in prizes in Mountain View article.cgi_files"
"./Engineering/Space/An elevator to space NASA gives idea a lift\n12
teams vying for $100,000 in prizes in Mountain View article.cgi_files":
"./Engineering/Space/An elevator to space NASA gives idea a lift\n12
teams vying for $100,000 in prizes in Mountain View
article.cgi_files/B1654090_data":

. . . 

====

So, what's an easy way to search through the file tree & automatically
replace the '\n' with a space character?

Also, is there a better email list to ask this question?  Perhaps one
whose readers are very familiar with shell scripting?

Thanks.
-- 
  Hereon
  hereon1 at fastmail.us

-- 
http://www.fastmail.fm - Same, same, but different





From hereon1 at fastmail.us  Sun Dec  4 14:46:38 2005
From: hereon1 at fastmail.us (Hereon)
Date: Sun, 04 Dec 2005 14:46:38 -0800
Subject: [conspire] How automatically replace control (newline) character
 with space in file & directory names
Message-ID: <1133736398.30687.248979690@webmail.messagingengine.com>

Can someone tell me a way to accomplish this with a command, commands,
shell script, or other program?

I have some files & directories with names that contain the newline
character, \n , 0A hex.

[These get created sometimes as I copy & past text from web pages into
the filename as I save a webpage, from firefox, to disk.]

I wish to replace that newline with a space character, automatically,
without doing it by hand for each file.

I have figured out one way to locate the files:

In the home directory do:
ls -QR * | grep '\\n'

Then, individually, I can do a locate on part of the file name to get a
full path.



====
$ ls -QR | grep '\\n' > FilesWithNewline.txt

$ cat FilesWithNewline.txt

. . . [Many file or directory names listed, like the following lines:]

"An elevator to space NASA gives idea a lift\n12 teams vying for
$100,000 in prizes in Mountain View article.cgi.html"
"An elevator to space NASA gives idea a lift\n12 teams vying for
$100,000 in prizes in Mountain View article.cgi_files"
"./Engineering/Space/An elevator to space NASA gives idea a lift\n12
teams vying for $100,000 in prizes in Mountain View article.cgi_files":
"./Engineering/Space/An elevator to space NASA gives idea a lift\n12
teams vying for $100,000 in prizes in Mountain View
article.cgi_files/B1654090_data":

. . . 

====

So, what's an easy way to search through the file tree & automatically
replace the '\n' with a space character?

Also, is there a better email list to ask this question?  Perhaps one
whose readers are very familiar with shell scripting?

Thanks.
-- 
  Hereon
  hereon1 at fastmail.us

-- 
http://www.fastmail.fm - Send your email first class




From hereon1 at fastmail.us  Sun Dec  4 15:10:19 2005
From: hereon1 at fastmail.us (Hereon)
Date: Sun, 04 Dec 2005 15:10:19 -0800
Subject: [conspire] How automatically replace control (newline) character
	with space in file & directory names
In-Reply-To: <3d2fe1780512041111r3de5708cs630aee7d2429cb8f@mail.gmail.com>
References: <1133720359.10691.248967891@webmail.messagingengine.com>
	<3d2fe1780512041110s5dab51cdy9db964446748b262@mail.gmail.com>
	<3d2fe1780512041111r3de5708cs630aee7d2429cb8f@mail.gmail.com>
Message-ID: <1133737819.32439.248980982@webmail.messagingengine.com>

Bill - Thank you.  I'll be studying this later today.
To cabal list readers - sorry for the duplicate posts - reasons, no
excuses. :( :)

On Sun, 4 Dec 2005 11:11:38 -0800, "Bill Ward" <bill at wards.net> said:
> Oops, I noticed a typo: #! should be $! in the 3rd line.
> 
> On 12/4/05, Bill Ward <bill at wards.net> wrote:
> > #!/usr/bin/perl -w
> > use strict;
> > opendir DOT, "." or die "Can't read directory: #!\n";
> > foreach my $file (readdir DOT) {
> >     my $newfile = $file;
> >     $newfile =~ s/\n/ /g;
> >     next if $newfile eq $file;  # skip files that lack \n
> >     if (-e $newfile) {
> >          warn "Can't rename $file because $newfile already exists\n";
> >     }
> >     else {
> >         rename $file, $newfile or die "Error renaming $file: $!\n";
> >     }
> > }
-- 
  Hereon
  hereon1 at fastmail.us

-- 
http://www.fastmail.fm - The professional email service




From jla1200 at netzero.net  Sun Dec  4 16:11:17 2005
From: jla1200 at netzero.net (John Andrews)
Date: Sun, 4 Dec 2005 16:11:17 -0800
Subject: [conspire] Installing Netzero.deb
Message-ID: <000201c5f931$ac22c240$4fbc5545@oemcomputer>

I downloaded Linspire/Lindows Netzero setup on a Mac. Then I transfered it to Ubuntu, which is Debian based.Will Netzero.deb install on Ubuntu?
    I have the file on ///home/jla/netzero.deb. What is the procedure to install it? It opens in Ark if you click it and then you get 3 seperate  files, control.tar.gz, data.tar.gz. and debian binary.Should you right click it and move or copy it to somewhere in the root file system?Or can you just open and run it with the shell or as root from a terminal.Thanks for any advice.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20051204/b0ec6248/attachment.html>

From daniel at gimpelevich.san-francisco.ca.us  Sun Dec  4 18:59:25 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Sun, 04 Dec 2005 18:59:25 -0800
Subject: [conspire] Installing Netzero.deb
References: <mailman.8.1133742140.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.05.02.59.22.175968@gimpelevich.san-francisco.ca.us>

Like I said before, first you should "dpkg -c netzero.deb" to look at what
it will install. If what it will install doesn't conflict with anything
already installed, go ahead and "sudo dpkg -i netzero.deb" then. If
anything goes wrong, you'll want to "sudo dpkg --purge netzero" to prevent
an inconsistent package database.

On Sun, 04 Dec 2005 16:11:17 -0800, John Andrews wrote:

> I downloaded Linspire/Lindows Netzero setup on a Mac. Then I transfered it to Ubuntu, which is Debian based.Will Netzero.deb install on Ubuntu?
>     I have the file on ///home/jla/netzero.deb. What is the procedure to install it? It opens in Ark if you click it and then you get 3 seperate  files, control.tar.gz, data.tar.gz. and debian binary.Should you right click it and move or copy it to somewhere in the root file system?Or can you just open and run it with the shell or as root from a terminal.Thanks for any advice.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META content="MSHTML 6.00.2800.1106" name=GENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=#ffffff>
> <DIV><FONT face=Arial size=2>I downloaded Linspire/Lindows Netzero setup on a 
> Mac. Then I transfered it to Ubuntu, which is Debian based.Will Netzero.deb 
> install on Ubuntu?</FONT></DIV>
> <DIV><FONT face=Arial size=2>&nbsp;&nbsp;&nbsp; I have the file on 
> ///home/jla/netzero.deb. What is the procedure to install it? It opens in Ark if 
> you click it and then you get 3 seperate&nbsp; files, control.tar.gz, 
> data.tar.gz. and debian binary.Should you right click it and move or copy it to 
> somewhere in the root file system?Or can you just open and run it with the shell 
> or as root from a terminal.Thanks for any advice.</FONT></DIV></BODY></HTML>



From daniel at gimpelevich.san-francisco.ca.us  Mon Dec  5 14:12:38 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Mon, 05 Dec 2005 14:12:38 -0800
Subject: [conspire] HOWTO get MIDI files to play under Ubuntu on a Mac
Message-ID: <pan.2005.12.05.22.12.38.143036@gimpelevich.san-francisco.ca.us>

Discussion

Creative Labs endowed the ancestor of all the sound cards around today,
the SoundBlaster, with abilities that could be compared to the multimedia
capabilities of the non-Intel platforms of the day. These included a "wave
table" function, which allowed a number of "voices" to be multiplexed
together, each with its own waveform played at any pitch, with minimal tax
on the CPU (except of course, compared to the Amiga). Not long before, the
MIDI standard came about, and as part of it, a standard file format for
representing sheet music in a form meant to be interpreted by machines.
Early MIDI file-playing software used whatever limited wave-table
resources were available, but as sound-card designs matured, the
wave-table functionality matured along with it, to a point, before it
began to be largely neglected by sound-card designers. Apple was ahead of
the Intel platforms in early wave-table offerings, and they were likewise
ahead in beginning to neglect them. Their wave-table APIs became quite
unusable so quickly that they were rather hastily superseded in their new
API for managing time-based data, named QuickTime to recall their
once-revolutionary graphics engine, QuickDraw. One application of
time-based data was the ability to play movies, but QuickTime held the
promise of a lot more. Soon, a set of QuickTime Musical Instruments were
added that gave MIDI files the diversity in tone color of a full band or
orchestra without having to obtain any extra software. Later, the
worldwide web came about, and Netscape Navigator version 2 introduced the
idea (and the API) of browser plugins. Among the first such plugins were
ones that would play sound files and ones that would play MIDI files. On
DOS and Windows, the MIDI files would be played using the SoundBlaster
wave-table APIs, and on Macs they would be played using QuickTime. Linux
sees the wave-table portion of a sound card as a "MIDI device" to which it
can send MIDI commands from a MIDI file. The Linux drivers for the Mac
"sound card" do not provide any such device for the above reasons. How
then, can MIDI files be played on such hardware under Linux without
QuickTime?

The answer is to do what QuickTime does: Translate the music data into
sound data using instrument data. The Ubuntu package that does this is
installed like so:
	sudo apt-get install timidity
However, that package does not provide any instrument data, called
"patches." The ALSA project maintains a set of patches that they have
collected under a non-restrictive license that is mostly GPLv2, with an
extra clause that allows creating proprietary works using said patches.
The collection is woefully incomplete, and if used in the stock
configuration, you'll be lucky to hear half the tracks in an average MIDI
file. It comes with a recommendation on how to substitute some of the
patches that are there for many of the patches that aren't. I tried that
approach as well, and the results were still less than
satisfactory. There were still many messages about instruments that would
not be heard, and half the ones that were sounded really off in their tone
color. However, if you are in a commercial setting, this may save you a
few licensing headaches down the road. If you choose to go down this path,
you can get started with:
	sudo apt-get install freepats
Then you would edit /etc/timidity/freepats.cfg to fill in the blanks,
which you would base on the contents of the following file:
/usr/share/doc/freepats/examples/crude.cfg.gz

My recommendation is to forego freepats altogether. The guy who put
freepats together originally put together a collection of patches from all
over the online world in the '90s. However, he did not keep track of which
patch he got from where, much less what licensing terms each originator
imposed. At least a couple of them were for sure not for commercial
redistribution. For this reason, he abandoned that collection and started
freepats. Non-Debian-based distros, as a rule, seem to provide that
collection anyway. Go to a Gentoo mirror and download the file
eawpats12_full.tar.gz to your desktop. Then type:
	cd /opt
	sudo tar xfz ~/Desktop/eawpats12_full.tar.gz
	sudo gedit eawpats/linuxconfig/timidity.cfg
Change the line:
	dir /home/user/eawpats/
to:
	dir /opt/eawpats/
and save changes. Next type:
	sudo gedit /etc/timidity/timidity.cfg
Comment out the last line that says "source" and after it add:
	source /opt/eawpats/linuxconfig/timidity.cfg
With this setup, I found a MIDI file that still gave three messages about
instruments that would not be heard. I found that adding the following
lines to the end gave more or less satisfactory results:
	drumset 0
	11 tamborin
	123 tamborin
	126 tamborin
You may have noticed the top part of the file instructs you to uncomment a
bunch of stuff on slower CPUs. Indeed leaving them all commented is too
much for a 600MHz G3 iBook. But uncommenting them all is overkill. I found
the following to be a nice compromise. Note that the line about
anti-aliasing has been corrected from the suggested line, which would make
timidity error out and not do anything.
	opt EFresamp=d          #disable resampling
	opt EFvlpf=d            #disable VLPF
	opt EFreverb=d          #disable reverb
	#opt EFchorus=d         #disable chorus
	opt EFdelay=d           #disable delay
	opt --no-anti-alias     #disable sample anti-aliasing
	#opt EWPVSETOZ          #disable all Midi Controls
	#opt p32a               #default to 32 voices with auto reduction
	#opt s32kHz             #default sample frequency to 32kHz
	#opt fast-decay         #fast decay notes
After you save changes, you will be ready to play MIDI files from Firefox,
or any other method you choose to obtain them. Just tell Firefox to open
them with timidity. If you're feeling adventurous, you can install and
reconfigure mozplugger to only handle MIDI files, and pass them to
timidity, allowing Firefox to play MIDI files specified with the <EMBED>
tag. There also exists an xmms plugin for timidity, but I rebuilt its
package from source, and only got it to play noise on PowerPC.

This HOWTO would not have been possible without the security hole recently
found in Java. This is because someone came on IRC to ask whether the
Penguin Liberation Front would package Update 6, and asked whether he/she
had followed correct make-jpkg procedure as he/she described at:
http://members.shaw.ca/Limulus/ubuntu.html


From rick at linuxmafia.com  Mon Dec  5 20:48:16 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 5 Dec 2005 20:48:16 -0800
Subject: [conspire] Editing Fstab
In-Reply-To: <001001c5f88d$3ba874a0$83bc5545@oemcomputer>
References: <001001c5f88d$3ba874a0$83bc5545@oemcomputer>
Message-ID: <20051206044816.GD20139@linuxmafia.com>

Quoting John Andrews (jla1200 at netzero.net):

> I'm trying to get a handle on editing the fstab even though it seems
> rather "easy". I finally got it to read a new usb stick using dev
> /sda1, media as the mount point and vfat as the file type. and the
> rest similar to the other entrys.What would be the dev type of a
> digital camera? What file type? and other entries noauto, etc.

Now, _there's_ an interesting question.  I hope you don't mind if I peel
it rather like an onion -- sort of in reverse, really, starting with the
simple core and gradually pasting some of the peel back onto it -- as
that seems both the most fruitful and the laziest way to approach it.

The first part of that is how to mount USB block-device (mass storage)
media such as USB flash drives -- which turns out to generalise nicely
to other mass storage devices reached over USB, such as various types of 
non-volatile media inside digital cameras.

_Linux Journal_ was kind enough to publish my modest little article on
using USB flash drives on Linux:
http://www.linuxjournal.com/article/6867 

You may want to read the full article for details, but, after discussing
the necessary kernel modules and how to ensure that they're loaded, the
piece mentions an /etc/fstab entry you want to add (if it's not already
there) to enable /proc's tracking of USB devices:

none  /proc/bus/usb  usbdevfs  defaults  0  0

(Do "mount -a" at the root-user prompt to activate that mount, and
simultaneously check your syntax.  ;->  )

More than likely, you won't need to make that edit -- you'll probably
already have that /etc/fstab line and the consequent /proc/bus/usb tree
within /proc.

Last, my article went on to describe the most straight-forward,
simple-minded way to -- at last -- mount the actual flash drive, which
will be addressable either as /dev/sdX (X=a,b,c, etc.) or as /dev/sdXN
(N=1,2,3, etc.), depending on whether the flash drive emulates a hard
disk or a floppy disk:  Any random flash drive might be one or the
other, without particular rhyme or reason.

Why an /dev/sd?? device, you might wonder.  Well, this is kernel
programmers practicing what Larry Wall calls one of the cardinal virtues
of programmers:  laziness.  How to address SCSI mass-storage (and other)
devices is already a very well-solved problem, so, shimming the SCSI
layer into USB-device addressing made the problem easier.  The fact that
these aren't _really_ SCSI devices is true but beside the point:  It was
the easiest, quickest, and most-reliable way to solve the problem.

I described how to solve the USB-flash-drive problem despite the fact
that you'd already solved it, because it's the gateway to solving other,
similar problems, such as addressing USB-connected digital cameras
operating in mass-storage mode, or other memory-technology devices
(MTDs).


You'll notice my qualifier in the above: "operating in mass-storage mode".
Let me add another onion layer, and also introduce you to one of my
link-farm pages, the one for Linux hardware-support Web sites.  Start at
my knowledgebase, http://linuxmafia.com/kb/ , and pick the Hardware
category, thereby going to http://linuxmafia.com/kb/Hardware/ .  Notice
the entry for "Help Resources", described as "List of info. resources
for all hardware categories...."  Picking _that_ link, you (finally)
arrive at my hardware-support link farm page:
http://linuxmafia.com/faq/Hardware/help-resources.html

You'll probably find a number of relevant entries, but the one I want to
call your attention to immediately is "Digital cameras (see also USB,
Firewire, etc.): http://www.teaser.fr/~hfiguiere/linux/digicam.html".
Go there, please.

You will notice that the page clarifies that USB-connectable digital
cameras (not including some with crazy proprietary protocols) connect
using either a mass-storage, random access "USB Mass Storage" mode or a
streaming, serial-port-like "PTP" = Picture Transfer Protocol (aka Still
Image Device) mode.  There will usually be tiny switch on the camera
chassis, to select which addressing mode to use.  

The page goes into some detail on Linux ramifications, including the use
of gPhoto2 as a nearly universal Linux software solution, since it
understands how to do PTP and in general does all the right things.

Some digital cameras (I'm talking still-photo cameras, for simplicity's 
sake) will sport Firewire aka IEEE-1394 ports instead of USB -- or in
addition to USB.  Frankly, the situation's pretty much exactly the same,
except using slightly different Linux drivers:  You load a couple of
kernel drivers that shim onto SCSI mass storage support, et voilo:  You
have storage on your camera addressable as /dev/sdX or /dev/sdXN.

My link farm has Firewire information linked as
"http://www.linux1394.org/", which please see if that applies to your
situation.

Filesystem type?  Pretty much inevitably vfat.  VFAT is not very good,
but it's a lingua franca, you see.  You can usually in theory reformat
to use something else, but probably shouldn't if only because it limits
whom you can hand your camera's flash media to (comprehensibly, anyway).


What my article did _not_ cover is Linux's Hotplug subsystem, which you
can and should read about at http://linux-hotplug.sourceforge.net/ , and
which is another outer layer of that onion.  The point of Hotplug is to
move past my article's primordial-Unixey approach of manually mounting
and umounting devices, instead taking care automaticdally of all tasks
that would ordinarily have to be handled manually, when plugging and
unplugging removable devices.

You ask about "noauto":  That mount option (in /etc/fstab) specifies
that the device described on that /etc/fstab line is _not_ to be
automatically mounted at boot time, as part of the startup process.
You might well, for example, include that option for CD-ROM/CD-R[W],
DVD, floppy, and similar devices.

Along those same lines, please note my article's suggestion about the
"noatime" option.


> How do I get a Netzero.deb file to install ? I transfered it from
> the usb stick okay but then it was a read only file or not a
> directory and i couldn't install it. I tried as root. dpgk install
> netzero.deb but it didn't work. 

Googling on the name "netzero.deb" suggests that you are probably
talking about Netzero's proprietary dialer software, done up as a binary
package for LinspireOS/LindowsOS.  Linspire uses the ".deb" package
format characteristic of Debian (and also innumerable other
Debian-derived distributions).  

You did not identify your distribution:  That may be an absolutely
crucial factor -- but I cannot address that, because you didn't specify.

Making the optimal assumption, let's assume that you're running either
LinspireOS or some other Debian-compatible Linux distribution that is 
reasonably close in version numbers to the LinspireOS release for which
your netzero.deb package is intended.  In that case, you become the root
user, "cd" to wherever the package file is sitting, and then install it
using "dpkg -i", like this:

$ su -
# cd /tmp
# dpkg -i netzero.deb 

This assumes, of course, that you've put netzero.deb into /tmp.

Presumably, you already did try something roughly like that, and
encountered some problem or other -- but your description was
unfortunately sufficiently inexact that it's difficult to understand
what problem you encountered.

Maybe, if you don't mind, you can try again and note down _exactly_ what
happened.  Ideally, you would copy-and-paste the commands you type and
precisely what the return text is from your command session, or use the
"script" utility to log your session to disk -- and post relevant
sections here so we can see exactly what you're running into.

Not intending to be critical, but where you say "dpkg install netzero.deb" 
is a case in point:  "install" is not a valid parameter for the "dpkg"
command.  "-i" or "--install" are valid options, however -- and might
very well have been what you typed on the affected systems, and meant to 
type here -- but we cannot tell from what you said.

-- 
Cheers,             
Rick Moen                 "Anger makes dull men witty, but it keeps them poor."
rick at linuxmafia.com                                   -- Elizabeth Tudor



From daniel at gimpelevich.san-francisco.ca.us  Mon Dec  5 20:55:42 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Mon, 05 Dec 2005 20:55:42 -0800
Subject: [conspire] Editing Fstab
References: <001001c5f88d$3ba874a0$83bc5545@oemcomputer>
	<mailman.10.1133844503.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.06.04.55.42.812775@gimpelevich.san-francisco.ca.us>

On Mon, 05 Dec 2005 20:48:16 -0800, Rick Moen wrote:

[snip]
> You did not identify your distribution:  That may be an absolutely
> crucial factor -- but I cannot address that, because you didn't specify.
[snip]

His previous message clearly indicated the distro as Ubuntu.


From rick at linuxmafia.com  Tue Dec  6 09:47:04 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 6 Dec 2005 09:47:04 -0800
Subject: [conspire] (forw) Re: New to Bay Area
Message-ID: <20051206174704.GJ3859@linuxmafia.com>

----- Forwarded message from Jeff Frasca <phaedrus at sasquatch-infotech.com> -----

Date: Mon, 5 Dec 2005 22:11:20 -0800
From: Jeff Frasca <phaedrus at sasquatch-infotech.com>
To: installers at linuxmafia.com
Subject: New to Bay Area

Hello, 

My Fianc?e and I just moved down here to the Bay Area, and found
your group.  We'd like to come to the meeting next Saturday.  

I love my Slackware, and Laura runs Debian.  We moved down here so
she could take a job in Emeryville--she's a librarian and was
hired by a library software firm.  I followed her and have been
playing house husband (I recently graduated with a BS in physics).  

Mostly, we were wondering what we should bring for the potluck
dinner (I saw mention of "enjoy good potluck dinner" in the FAQ)?

Speaking of the FAQ, I'd like to claim my prize for reading the
whole thing.

See you on Saturday,
Jeff 
-- 

----- End forwarded message -----
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Mon, 5 Dec 2005 22:48:42 -0800
To: Jeff Frasca <phaedrus at sasquatch-infotech.com>
Cc: installers at linuxmafia.com
Subject: Re: New to Bay Area
Reply-To: installers at linuxmafia.com
From: Rick Moen <rick at linuxmafia.com>

Quoting Jeff Frasca (phaedrus at sasquatch-infotech.com):

> Hello, 

Greetings, Jeff.

> My Fianc?e and I just moved down here to the Bay Area, and found
> your group.  We'd like to come to the meeting next Saturday.  

Good.  We'll be delighted to see you.

Saturday's event may not show off CABAL at its best:  I'll have arrived
back late the prior evening from the LISA Conference in San Diego, from
which I'm writing you at the moment.  Plus, there's a holiday dinner
from 1 pm to 3:45 in Los Altos that I'll be coming back from, that
Saturday -- and my wife will be running off to an evening event
elsewhere.  So, we might be a bit disorganised, at least as to my
personal end of things.

> Mostly, we were wondering what we should bring for the potluck
> dinner (I saw mention of "enjoy good potluck dinner" in the FAQ)?

Hmm.  I normally cook some sort of beef or pork roast, and other
people's contributions are all over the map.  Ross Bernheim often does a
nice casserole with fake crabmeat -- quite delicious -- and often brings
homemade sorbets.  If there's demand, I will generally fire up the
back-porch BBQ (cheap Weber-style, w/charcoal), so people can indulge
their variant of the suburban barbecue ritual.  And I will usually make
fresh garlic bread.  However, the most important thing to note is that
nobody is _expected_ to bring anything to eat at all, but there's always
plenty for everyone anyway.  It's a pleasant form of working anarchy,
and things just tend to work out.

If you wanted to bring something that's usually lacking, a salad or
fruit salad would definitely be among those.  Or bring your favourite
bottle of wine, or whatever you like to drink.  Or nothing.  Please
don't sweat the matter:  Just come, and be welcome.

> Speaking of the FAQ, I'd like to claim my prize for reading the
> whole thing.

Hah, you're the -first- to mention that, over about eight years.
Now, I really have to do a pot roast!

-- 
Cheers,             
Rick Moen                 "Anger makes dull men witty, but it keeps them poor."
rick at linuxmafia.com                                   -- Elizabeth Tudor

----- End forwarded message -----



From rick at linuxmafia.com  Tue Dec  6 10:38:11 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 6 Dec 2005 10:38:11 -0800
Subject: [conspire] Ubuntu/Digital Camera
In-Reply-To: <000d01c5f37f$392a5940$ccbc5545@oemcomputer>
References: <000d01c5f37f$392a5940$ccbc5545@oemcomputer>
Message-ID: <20051206183811.GF20139@linuxmafia.com>

Hi, John.  I'm just looking over your older post, in the wake of Daniel 
clarifying that you are running [K]Ubuntu.

Quoting John Andrews (jla1200 at netzero.net):

> I have Ubuntu/Kubuntu installed on my computer. For the first 2 months
> the digital camera stuff worked fine. Now it won't give me access to
> use it. 

Whenever someone says "[Foo] used to work, and then it stopped working",
logically, my very first question is "What changed?"  If you can figure
that out, then often the nature of the problem (and sometimes also the
solution) becomes obvious.

Daniel is almost certainly right that, by far, the easiest way to
resolve this problem is for you to bring your computer, and USB cable,
and digital camera, to the next CABAL event -- or, equivalently, to one
of SVLUG's monthly installfest/workship events in Mountain View.
Accordingly, what follows probably won't help much with your actual
problem, but is more a general mini-essay on the art of problem-solving.
(I hope you won't mind.)


It's a lot easier to figure out what's going on when we can see for
ourselves.  Not intending to be in any way critical of you personally,
but a lot of users' problem reports, especially those of desktop users,
start getting frustratingly vague, exactly at the point where we'd want
to dig in in order to help you out.  

You're doing the best you can with the information the desktop
applications are giving you, but there's very little you have on hand to
convey to us, and of necessity you've been applying your
_interpretation_ to what you're seeing, which unfortunately then becomes
a barrier between us helpers and the raw data.  For example, you say
"used the control center" (by which I assume you mean some version or
other of the KDE "Control Panel" application, kcontrol), and say "It
picked up [your camera] fine", but we really have no way of knowing
specifically what you mean when you say that -- and it's difficult with
a graphical application like that to show us.

This is one reason why, for diagnostic purposes, it's better to use
simple command-line tools with known characteristics, as those (1)
are universally available, (2) predictable in their behaviour, (3)
easy to copy-and-paste the command line the user specified to them and
their returned output, and (4) simple in the sense of not relying on
other requirements being met before they will function properly.

(As a further explanation on that "universally available" bit, you might
well be assuming that everyone else on Linux has access to the software 
you've been using.  This is not the case.  Not everyone by a long
stretch likes KDE or keeps it around, and the same for gPhoto2.  But
every modern Linux system has, say, lsusb and ps.)

I hope you won't feel picked on, but the phrase "It won't give me access
to it" doesn't really tell us a darned thing about what specific
software you were attempting to use, what specifically you did with it,
and what it did in response.  My point is not to complain (hardly!),
but rather to point out that we're prevented from helping you by lack of
useful description.  Nobody's blaming you, but it's frustrating to not
be able to assist.

> I,ve used the control center to add my camera via usb which it
> picked up fine .

As you can probably imagine, this sentence has pretty much the same
problem:  It doesn't really specify what you did (and what the software
did, and what software was involved) in detail, and it gives us only
your interpretation of what happened, instead of the raw data that we
would actually need.

> Then when I try to test the camera or upload pictures it says it can't
> find the camera in the tree.  Also the gphoto2 can't read the cameras
> files either.How do I get permissions back or what ever?The usb works
> normal for the printer.

Thank you for mentioning the bit about the printer:  That's really
useful diagnostic information, as it eliminates a large number of
otherwise possible problem causes.  

For starters, you should (1) make sure you are connecting your camera
directly to the computer's USB port, i.e., _not_ via a USB hub (for
diagnostic purposes -- you might be able to reintroduce the hub, if any,
later), and (2) make sure the camera's mode switch is set to USB mass
storage mode rather than PTP image-transfer mode.  Double-check the USB
physical connection at each end; make sure you are using a known-good
USB cable (e.g., the one that you know works with your printer).

By the way, please be careful about overspecifying the problem:
Computer nerds have a tendency to focus on whatever you claim that the
problem is, which can lead to considerable wasted time if you have
misdefined the problem.  For example, you spoke about needing to "get
the permissions back".  It probably won't happen this time, but I can
easily imagine typical Linux nerds working with you to find and fix
problems with Linux file permissions (e.g., on device files), on the
basis of your describing that as being the problem -- even though you
really had no reason to believe that that _is_ the problem, and were 
merely guessing.

So, please be really careful about accidentally misdefining the problem.
Again, this is one of the reasons why we need to start with _raw data_
rather than your interpretations.  I have a metaphorical saying about
this:  "Techies are from Missouri."  That is, their byword is "Show me."
They would want you, instead of just trying to describe what happened
from memory, to attempt to use your camera with Kubuntu again, and this
time take down detailed and accurate notes about exactly what you did
and what various pieces of hardware and software did, in proper
chronological order.  They might want you to post the exact output of
"lsmod" and "lsusb", and other things.  (I personally am not very
familiar with digital cameras, and have never used gPhoto2, and so
cannot be more specific.)

> The Kscd stopped working again. We edited the group file to add me
> to media:/hdd. Now it says I don't have permissions to use it.

1.  We have no way of knowing what you mean by "the group file".  You 
might mean "/etc/group", except that "media:/hdd" would not make sense 
as syntax for a line in that file.

2.  "KsCD" appears, from my googling, to be a KDE-oriented player for
audio CDs.  But we have no way of knowing what you mean by "stopped
working":  That could mean dozens of things.  (Thus, like the word
"crashed", it is not helpful in diagnostic situations.)  Also, you
didn't explain the bit about "again":  What happened last time?  

3.  You say "It says", but we have no idea what "it" is in this context.


I hope the above is of _general_ use to you, in communicating with the 
technical community.  However, as to the specific technical problems
you're encountering, again, you'll probably find it less frustrating to
just bring everything to a suitable in-person event, rather than further
pursue diagnosis remotely via e-mail.





From mystagor at sbcglobal.net  Tue Dec  6 20:02:31 2005
From: mystagor at sbcglobal.net (Adam Cozzette)
Date: Tue, 6 Dec 2005 20:02:31 -0800 (PST)
Subject: [conspire] Looking for a Ride to CABAL Meetings
Message-ID: <20051207040231.44278.qmail@web81705.mail.mud.yahoo.com>

 Hello,
 
 This is my first post here, so let me introduce myself briefly. My name's Adam and I first went to a CABAL meeting in September earlier this year, where I had Linux installed on my computer. I didn't really do very much with Linux for a while, but lately I've been getting back into it, so I would like to start regularly attending the meetings again. The only thing is I'm not old enough to drive, and I don't think my parents are willing to take me all the way to Menlo Park twice a month, so I was wondering if any of you from or near San Jose would be willing to give me a ride. I would be more than willing to pitch in 10 bucks or more toward paying for gas. (By the way, I realize that this is a bit short notice for the next meeting.) So, if you'd like the specifics of where I live, my house is at 4196 Haven Court, San Jose. (If you'd like to see where it is on a map, you could look on Mapquest.com which is pretty helpful.) Well, if you're interested, please send me an e-mail and tell
 me what time you intend to leave and when you want to get back.
 
 Thank you in advance,
 Adam
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20051206/9343b896/attachment.html>

From rick at linuxmafia.com  Thu Dec  8 12:36:05 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 8 Dec 2005 12:36:05 -0800
Subject: [conspire] Fedora Core 3 for a Celeron Dell desktop box
Message-ID: <20051208203605.GD3859@linuxmafia.com>

If anyone _happens_ to have a CD set of Fedora Core 3 for i386, 
please do speak up.  Thanks.

----- Forwarded message from wood eddie <ewood111 at yahoo.com> -----

Date: Thu, 8 Dec 2005 12:12:22 -0800 (PST)
From: wood eddie <ewood111 at yahoo.com>
To: installers at linuxmafia.com
Subject: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)

Is this still on this Sat Dec 10 ? Fedora Core 4
installed fine on Dell Optiplex GX-520 desktop system.
 Just found out need Fedora Core 3 instead. I have
Fedora Core 3 CD(rather its a multiple distribution
DVD with FC3, Ubuntu 4.1) dated Jan 2005.  Previous
FC1 install not recognize built in network adapter. 
Tried boot using this multi-distribution DVD see if
can select install FC3 but it says CD-ROM media not
bootable.  I am a beginner-mid Linux user, having
installed FC1 and 4 only once. Can I bring machine
this Sat to Deidre's place at 4pm to try ?  What do I
need to bring, besides machine and monitor ? The last
FC1 and 4 install was done last month at SVLUG in Mt.
View. Thx, Eddie   

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

----- End forwarded message -----
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Thu, 8 Dec 2005 12:34:14 -0800
To: wood eddie <ewood111 at yahoo.com>
Cc: installers at linuxmafia.com
Subject: Re: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)
Reply-To: installers at linuxmafia.com
From: Rick Moen <rick at linuxmafia.com>

Quoting wood eddie (ewood111 at yahoo.com):

> Is this still on this Sat Dec 10 ?

Yes.  4pm to midnight-ish.

> Fedora Core 4 installed fine on Dell Optiplex GX-520 desktop system.
> Just found out need Fedora Core 3 instead. I have Fedora Core 3
> CD(rather its a multiple distribution DVD with FC3, Ubuntu 4.1) dated
> Jan 2005.  Previous FC1 install not recognize built in network
> adapter.  Tried boot using this multi-distribution DVD see if can
> select install FC3 but it says CD-ROM media not bootable.

Hmm.  I don't currently have an FC3 media set, having discarded those
when FC4 came out.  I'll see if it's possible to download the ISOs (IA32
version, since your box is a Celeron) prior to the event, but cannot
promise.

> I am a beginner-mid Linux user, having installed FC1 and 4 only once.
> Can I bring machine this Sat to Deirdre's place at 4pm to try ?

Of course.

> What do I need to bring, besides machine and monitor ? 

It's best to bring system unit, monitor, keyboard, and pointing device.
Don't worry if you accidentally leave power cables or other incidentals
at home, since we have lots of spares.  If it's _really_ inconvenient to
bring your monitor (and I'm sympathetic), then you can use one of our
three 17" ones -- but you're really best off setting up X11 for and on
your own monitor, so as to be double-sure things will work fine when you
go home.

-- 
Cheers,             
Rick Moen                 "Anger makes dull men witty, but it keeps them poor."
rick at linuxmafia.com                                   -- Elizabeth Tudor

----- End forwarded message -----



From daniel at gimpelevich.san-francisco.ca.us  Thu Dec  8 12:54:10 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Thu, 08 Dec 2005 12:54:10 -0800
Subject: [conspire] Fedora Core 3 for a Celeron Dell desktop box
References: <mailman.39.1134074170.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.08.20.54.07.969284@gimpelevich.san-francisco.ca.us>

There's probably no point in burning yet another set of FC3. I bet it
would be possible to somehow coax the multi-distro DVD he has to install
it with a bootstrap floppy of some kind. Even more likely, whatever issue
caused him to "need Fedora Core 3 instead" is more easily solvable under
another distro -- maybe even FC4.

If after more e-mails, it is determined that he absolutely must have FC3,
I'll bug Christian Einfeldt about lending out the K12LTSP 4.2.1 disc set
in his possession, which defaults to installing not the K12LTSP distro,
but a stock FC3.

On Thu, 08 Dec 2005 12:36:05 -0800, Rick Moen wrote:

> If anyone _happens_ to have a CD set of Fedora Core 3 for i386, 
> please do speak up.  Thanks.
> 
> ----- Forwarded message from wood eddie <ewood111 at yahoo.com> -----
> 
> Date: Thu, 8 Dec 2005 12:12:22 -0800 (PST)
> From: wood eddie <ewood111 at yahoo.com>
> To: installers at linuxmafia.com
> Subject: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)
> 
> Is this still on this Sat Dec 10 ? Fedora Core 4
> installed fine on Dell Optiplex GX-520 desktop system.
>  Just found out need Fedora Core 3 instead. I have
> Fedora Core 3 CD(rather its a multiple distribution
> DVD with FC3, Ubuntu 4.1) dated Jan 2005.  Previous
> FC1 install not recognize built in network adapter. 
> Tried boot using this multi-distribution DVD see if
> can select install FC3 but it says CD-ROM media not
> bootable.  I am a beginner-mid Linux user, having
> installed FC1 and 4 only once. Can I bring machine
> this Sat to Deidre's place at 4pm to try ?  What do I
> need to bring, besides machine and monitor ? The last
> FC1 and 4 install was done last month at SVLUG in Mt.
> View. Thx, Eddie   
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 
> ----- End forwarded message -----
> ----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----
> 
> Date: Thu, 8 Dec 2005 12:34:14 -0800
> To: wood eddie <ewood111 at yahoo.com>
> Cc: installers at linuxmafia.com
> Subject: Re: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)
> Reply-To: installers at linuxmafia.com
> From: Rick Moen <rick at linuxmafia.com>
> 
> Quoting wood eddie (ewood111 at yahoo.com):
> 
>> Is this still on this Sat Dec 10 ?
> 
> Yes.  4pm to midnight-ish.
> 
>> Fedora Core 4 installed fine on Dell Optiplex GX-520 desktop system.
>> Just found out need Fedora Core 3 instead. I have Fedora Core 3
>> CD(rather its a multiple distribution DVD with FC3, Ubuntu 4.1) dated
>> Jan 2005.  Previous FC1 install not recognize built in network
>> adapter.  Tried boot using this multi-distribution DVD see if can
>> select install FC3 but it says CD-ROM media not bootable.
> 
> Hmm.  I don't currently have an FC3 media set, having discarded those
> when FC4 came out.  I'll see if it's possible to download the ISOs (IA32
> version, since your box is a Celeron) prior to the event, but cannot
> promise.
> 
>> I am a beginner-mid Linux user, having installed FC1 and 4 only once.
>> Can I bring machine this Sat to Deirdre's place at 4pm to try ?
> 
> Of course.
> 
>> What do I need to bring, besides machine and monitor ? 
> 
> It's best to bring system unit, monitor, keyboard, and pointing device.
> Don't worry if you accidentally leave power cables or other incidentals
> at home, since we have lots of spares.  If it's _really_ inconvenient to
> bring your monitor (and I'm sympathetic), then you can use one of our
> three 17" ones -- but you're really best off setting up X11 for and on
> your own monitor, so as to be double-sure things will work fine when you
> go home.



From rick at linuxmafia.com  Thu Dec  8 13:00:16 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 8 Dec 2005 13:00:16 -0800
Subject: [conspire] Fedora Core 3 for a Celeron Dell desktop box
In-Reply-To: <pan.2005.12.08.20.54.07.969284@gimpelevich.san-francisco.ca.us>
References: <mailman.39.1134074170.673.conspire@linuxmafia.com>
	<pan.2005.12.08.20.54.07.969284@gimpelevich.san-francisco.ca.us>
Message-ID: <20051208210016.GZ20139@linuxmafia.com>

Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> There's probably no point in burning yet another set of FC3. I bet it
> would be possible to somehow coax the multi-distro DVD he has to install
> it with a bootstrap floppy of some kind. Even more likely, whatever issue
> caused him to "need Fedora Core 3 instead" is more easily solvable under
> another distro -- maybe even FC4.
> 
> If after more e-mails, it is determined that he absolutely must have FC3,
> I'll bug Christian Einfeldt about lending out the K12LTSP 4.2.1 disc set
> in his possession, which defaults to installing not the K12LTSP distro,
> but a stock FC3.

I imagine and hope you're right.

Ideally, I'd have written back and gently inquired as to whether he
isn't overdefining the problem, i.e., inquire as to _why_ he feels he
cannot solve his problem with anything but FC3 (which, of course, does
not on first glance stand to reason).

I get tired of getting jumped on when I do that (you know, all that
"Moen is mean to newbies" crap, invariably floated by some _experienced_
Linux user whose errors I've dared to correct at some point in the past), 
figured that things would work themselves out, and so did the lazy thing
and just answered the question exactly as posed.





From dmarti at zgp.org  Thu Dec  8 17:27:47 2005
From: dmarti at zgp.org (Don Marti)
Date: Thu, 8 Dec 2005 17:27:47 -0800
Subject: [conspire] Fedora Core 3 for a Celeron Dell desktop box
In-Reply-To: <20051208210016.GZ20139@linuxmafia.com>
References: <mailman.39.1134074170.673.conspire@linuxmafia.com>
	<pan.2005.12.08.20.54.07.969284@gimpelevich.san-francisco.ca.us>
	<20051208210016.GZ20139@linuxmafia.com>
Message-ID: <20051209012747.GA31380@zgp.org>

begin Rick Moen quotation of Thu, Dec 08, 2005 at 01:00:16PM -0800:

> Ideally, I'd have written back and gently inquired as to whether he
> isn't overdefining the problem, i.e., inquire as to _why_ he feels he
> cannot solve his problem with anything but FC3 (which, of course, does
> not on first glance stand to reason).

Just looking at: http://fedora.redhat.com/About/FAQ.html

"Updates will be available for two to three months
after the release of the subsequent version; that is,
updates for Fedora Core 1 will be provided for two
to three months after the release of Fedora Core 2,
and so forth."

Fedora Core 4 was released in June, so that means it
would probably be a good idea not to count on getting
updates for 3 for much longer.

Yes, there is the Fedora Legacy Project, but it has
had gaps in updates.

http://lwn.net/Articles/119892/

> I get tired of getting jumped on when I do that (you know, all that
> "Moen is mean to newbies" crap, invariably floated by some _experienced_
> Linux user whose errors I've dared to correct at some point in the past), 
> figured that things would work themselves out, and so did the lazy thing
> and just answered the question exactly as posed.

On any good technical mailing list, both the "why you
shouldn't do that" answer and the "here's how to do
that anyway" answer are on topic.

-- 
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org



From wallachd at earthlink.net  Thu Dec  8 17:40:57 2005
From: wallachd at earthlink.net (Darlene Wallach)
Date: Thu, 08 Dec 2005 17:40:57 -0800
Subject: [conspire] Fedora Core 3 for a Celeron Dell desktop box
In-Reply-To: <20051208203605.GD3859@linuxmafia.com>
References: <20051208203605.GD3859@linuxmafia.com>
Message-ID: <4398E0A9.7080306@earthlink.net>

Rick Moen wrote:
> If anyone _happens_ to have a CD set of Fedora Core 3 for i386, 
> please do speak up.  Thanks.
> 
> ----- Forwarded message from wood eddie <ewood111 at yahoo.com> -----
> 
> Date: Thu, 8 Dec 2005 12:12:22 -0800 (PST)
> From: wood eddie <ewood111 at yahoo.com>
> To: installers at linuxmafia.com
> Subject: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)
> 
> Is this still on this Sat Dec 10 ? Fedora Core 4
> installed fine on Dell Optiplex GX-520 desktop system.
>  Just found out need Fedora Core 3 instead. I have
> Fedora Core 3 CD(rather its a multiple distribution
> DVD with FC3, Ubuntu 4.1) dated Jan 2005.  Previous
> FC1 install not recognize built in network adapter. 
> Tried boot using this multi-distribution DVD see if
> can select install FC3 but it says CD-ROM media not
> bootable.  I am a beginner-mid Linux user, having
> installed FC1 and 4 only once. Can I bring machine
> this Sat to Deidre's place at 4pm to try ?  What do I
> need to bring, besides machine and monitor ? The last
> FC1 and 4 install was done last month at SVLUG in Mt.
> View. Thx, Eddie   
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 
> ----- End forwarded message -----
> ----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----
> 
> Date: Thu, 8 Dec 2005 12:34:14 -0800
> To: wood eddie <ewood111 at yahoo.com>
> Cc: installers at linuxmafia.com
> Subject: Re: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)
> Reply-To: installers at linuxmafia.com
> From: Rick Moen <rick at linuxmafia.com>
> 
> Quoting wood eddie (ewood111 at yahoo.com):
> 
> 
>>Is this still on this Sat Dec 10 ?
> 
> 
> Yes.  4pm to midnight-ish.
> 
> 
>>Fedora Core 4 installed fine on Dell Optiplex GX-520 desktop system.
>>Just found out need Fedora Core 3 instead. I have Fedora Core 3
>>CD(rather its a multiple distribution DVD with FC3, Ubuntu 4.1) dated
>>Jan 2005.  Previous FC1 install not recognize built in network
>>adapter.  Tried boot using this multi-distribution DVD see if can
>>select install FC3 but it says CD-ROM media not bootable.
> 
> 
> Hmm.  I don't currently have an FC3 media set, having discarded those
> when FC4 came out.  I'll see if it's possible to download the ISOs (IA32
> version, since your box is a Celeron) prior to the event, but cannot
> promise.
> 
> 
>>I am a beginner-mid Linux user, having installed FC1 and 4 only once.
>>Can I bring machine this Sat to Deirdre's place at 4pm to try ?
> 
> 
> Of course.
> 
> 
>>What do I need to bring, besides machine and monitor ? 
> 
> 
> It's best to bring system unit, monitor, keyboard, and pointing device.
> Don't worry if you accidentally leave power cables or other incidentals
> at home, since we have lots of spares.  If it's _really_ inconvenient to
> bring your monitor (and I'm sympathetic), then you can use one of our
> three 17" ones -- but you're really best off setting up X11 for and on
> your own monitor, so as to be double-sure things will work fine when you
> go home.
> 

I have a set of FC3 cds that Rick burned for me. Is
someone willing to pick them up from me and return
them to me? I live in San Jose close to where 280
and 17/880 meet.

Darlene
-- 
World Centric Fair Trade & Eco Store
http://www.worldcentric.org/store/
We have created and live in a world of gross social
and economic inequalities[1] and are at the same
time severely impacting[2] the natural eco-systems
and regenerating bio-capacity of the planet. Our
every action has an impact on the well-being of our
planet and our everyday decisions[3] can help create
a better world for all. In keeping with this fact
and our vision, the World Centric Fair Trade/Eco
Online Store provides everyday consumption choices,
which can help minimize social & economic
inequalities, reduce the impact of our consumption
on the environment and help create a better and
sustainable world.

[1] http://www.worldcentric.org/stateworld/socialjustice.htm
[2] http://www.worldcentric.org/stateworld/environment.htm
[3] http://www.worldcentric.org/sustain/index.htm



From rick at linuxmafia.com  Thu Dec  8 17:52:03 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 8 Dec 2005 17:52:03 -0800
Subject: [conspire] Fedora Core 3 for a Celeron Dell desktop box
In-Reply-To: <4398E0A9.7080306@earthlink.net>
References: <20051208203605.GD3859@linuxmafia.com>
	<4398E0A9.7080306@earthlink.net>
Message-ID: <20051209015202.GB20139@linuxmafia.com>

Quoting Darlene Wallach (wallachd at earthlink.net):

> I have a set of FC3 cds that Rick burned for me. Is someone willing to
> pick them up from me and return them to me? I live in San Jose close
> to where 280 and 17/880 meet.

Darlene, my thanks.  However, I'm guessing that's going to turn out to
be not needed.  I was actually just about to find time to write back to
the guy and discuss those matters with him, but I'm betting that we'll
be able to help him without a literal FC3 disc set.




From rick at linuxmafia.com  Thu Dec  8 18:15:55 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 8 Dec 2005 18:15:55 -0800
Subject: [conspire] Re: Fedora Core 3 for a Celeron Dell desktop box
Message-ID: <20051209021555.GL3859@linuxmafia.com>

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Thu, 8 Dec 2005 18:10:13 -0800
To: ewood111 at yahoo.com
Cc: installers at linuxmafia.com
Subject: Re: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)
Reply-To: installers at linuxmafia.com
From: Rick Moen <rick at linuxmafia.com>

Eddie, you wrote:

> Fedora Core 4 installed fine on Dell Optiplex GX-520 desktop system.
> Just found out need Fedora Core 3 instead.

My apologies for being a bit rushed in writing back to you earlier, but
I've been at a technical conference, and things have been a bit hectic.

It occurs to me that we might be able to assist you more easily if we 
had some clearer idea of what underlying issue you're addressing.  Is
there some special software package, or cranky hardware component, that
is said to require either (1) specifically FC3, or (2) specifically FC
but only versions prior to FC4, or (3) something else entirely?

Depending on the problem you're trying to address, it might be a great
deal better in the long term for you if we find a way to make your
existing FC4 setup do whatever job you have in mind.  For one thing, 
as a friend reminded me when he heard details of your case, FC3 has 
already become an "unsupported" release, meaning that current updates
are no longer available in any reliable fashion (and no longer available
_at all_ from the Fedora Project itself), which in turn makes it
(increasingly) dangerous to run from the standpoint of system security.

Of necessity, older distribution releases also have, in general,
thinnier and buggier support for recent hardware than newer
replacements.  You found that out for yourself, in fact:

>  Previous FC1 install not recognize built in network adapter.   

And last, you already have FC4 installed, so making it 
work for you _might_ be by far the easiest course of action.

So, anyway, checking my notes, I believe we should be able to (if
necessary) find ways to bang onto your system _any_ of the FC releases
if you need one in particular --- but I'd actually tend to wager that 
we can find a better solution for you once you've briefed us a bit 
better on the nature of the problem.

By the way, I hope you don't mind my forwarding our conversation to 
CABAL's small public mailing list, "conspire":  You wrote to our
semi-public "installers" mail alias anyway, rather than to me
personally, and a lot of the best suggestions and assistance for
attendees _always_ comes from the "conspire" regulars.  I merely sit
here looking good, and they do all the work.  ;->


----- End forwarded message -----



From rick at linuxmafia.com  Thu Dec  8 18:17:42 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 8 Dec 2005 18:17:42 -0800
Subject: [conspire] Collection of music software for Linux
Message-ID: <20051209021742.GN3859@linuxmafia.com>

----- Forwarded message from "Robert S. Johnstone" <rsjohnst at idiom.com> -----

Date: Thu, 8 Dec 2005 17:40:46 -0800 (PST)
From: "Robert S. Johnstone" <rsjohnst at idiom.com>
To: installers at linuxmafia.com
Cc: jubilada at sbcglobal.com
Subject: RSVP CABAL Sat 10 Dec

Dear Mafiosi,

I would like to come to your meeting/installfest Sat 10 Dec 4pm ...,
hopefully to meet and talk with someone experienced in Linux sound
software and hardware.  I won't bring any hardware.

I have been browsing the website of Stanford's Center for Computer
Research in Music and Acoustics (CCRMA).  This site, managed by
Fernando Lopez-Lezcano, is very well organized, but the extent of its
software offerings is far beyond overwhelming.

 From the page:

*  What is Planet CCRMA at Home?
   <http://ccrma.stanford.edu/planetccrma/software/introduction.html>

I quote:

"Planet CCRMA at Home is a collection of software packages that you can
add to a computer running RedHat 9 or Fedora Core 1, 2 or 3 to
transform it into an audio/video oriented workstation. ...
You will only be able to install Planet CCRMA on top of the supported
versions of RedHat or Fedora Core. ..."

Installing on other Linux distributions is not supported.

In the pages:

*  A roadmap for Planet CCRMA
   <http://ccrma.stanford.edu/planetccrma/software/roadmap.html>

*  Sound and Music Applications
   <http://ccrma.stanford.edu/planetccrma/software/soundapps.html#snd>

there as lists of dozens of available software packages.
The years of labor they must represent is staggering.

For purposes of discussion, I am interested in programs such as

   snd			sound editor
   Csound		software synthesizer
   Timidity		software sampler
   ZynAddSubFX		software synthesizer

but claim no particular expertise in such technology.

I will show up about 4PM Sat 10 Dec unless you tell me otherwise.

Thanks,

Bob Johnstone
650/326-0424
rsjohnst at idiom.com


PS. A long time ago, circa 1962, I took trumpet lessons with
the late Charles Bubb, who lived very close to your address on
Sharon Rd.

----- End forwarded message -----
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Thu, 8 Dec 2005 18:14:35 -0800
To: "Robert S. Johnstone" <rsjohnst at idiom.com>
Cc: installers at linuxmafia.com, jubilada at sbcglobal.com
Subject: Re: RSVP CABAL Sat 10 Dec
Reply-To: installers at linuxmafia.com
From: Rick Moen <rick at linuxmafia.com>

Quoting Robert S. Johnstone (rsjohnst at idiom.com):

> Dear Mafiosi,
> 
> I would like to come to your meeting/installfest Sat 10 Dec 4pm ...,
> hopefully to meet and talk with someone experienced in Linux sound
> software and hardware.  I won't bring any hardware.

Robert, we'll be delighted to have you.  I hope the weather cooperates;
the odds are the meeting will be partially in the (heatable, spacious) 
garage, since the back patio is starting to get a bit chilly, this time
of year.

I've certainly heard of CCRMA, having encountered that Web site while 
researching Linux AV applications.  _However_, as you'll find out if 
you corner me (personally) at the CABAL meeting, I'm probably the least
well informed person about those programs.  Fortunately, you'll probably
find some people with the same interests, willing to experiment with
you, if not people who've used those things.

-- 
Cheers,             
Rick Moen                 "Anger makes dull men witty, but it keeps them poor."
rick at linuxmafia.com                                   -- Elizabeth Tudor

----- End forwarded message -----



From ead-conspire at ixian.com  Thu Dec  8 18:44:56 2005
From: ead-conspire at ixian.com (Eric De Mund)
Date: Thu, 8 Dec 2005 18:44:56 -0800
Subject: [conspire] Fedora Core 3 i386 CDs
In-Reply-To: <20051209012747.GA31380@zgp.org>
References: <mailman.39.1134074170.673.conspire@linuxmafia.com>
	<pan.2005.12.08.20.54.07.969284@gimpelevich.san-francisco.ca.us>
	<20051208210016.GZ20139@linuxmafia.com>
	<20051209012747.GA31380@zgp.org>
Message-ID: <17304.61352.166838.98657@bear.he.net>

Rick,

Rick Moen <rick at linuxmafia.com>:
] If anyone _happens_ to have a CD set of Fedora Core 3 for i386, please
] do speak up. Thanks.

I've got CDs labelled:

    FC3-i386-disc1    FC3-i386-disc4          FC3-i386-SRPMS-disc2
    FC3-i386-disc2    FC3-i386-rescuecd       FC3-i386-SRPMS-disc3
    FC3-i386-disc3    FC3-i386-SRPMS-disc1    FC3-i386-SRPMS-disc4

that I'll either bring with me on Saturday, or, if I'm not able to at-
tend, will drop off ahead of time. Feel free to keep them for a couple
of weeks, even, if need be, before returning them.

Cheers,
Eric
--
Although written many years ago, "Lady Chatterley's Lover" has just been
reissued by the Grove Press, and this pictorial account of the day-to-
day life of an English gamekeeper is full of considerable interest to
outdoor minded readers, as it contains many passages on pheasant-rais-
ing, the apprehending of poachers, ways to control vermin, and other
chores and duties of the professional gamekeeper. Unfortunately, one is
obliged to wade through many pages of extraneous material in order to
discover and savour those sidelights on the management of a midland
shooting estate, and in this reviewer's opinion the book cannot take the
place of J.R. Miller's "Practical Gamekeeping." --Ed Zern, "Field and
Stream" (November 1959)

Eric De Mund
email: <ead at ixian.com>



From rick at linuxmafia.com  Thu Dec  8 18:51:29 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 8 Dec 2005 18:51:29 -0800
Subject: [conspire] Fedora Core 3 i386 CDs
In-Reply-To: <17304.61352.166838.98657@bear.he.net>
References: <mailman.39.1134074170.673.conspire@linuxmafia.com>
	<pan.2005.12.08.20.54.07.969284@gimpelevich.san-francisco.ca.us>
	<20051208210016.GZ20139@linuxmafia.com>
	<20051209012747.GA31380@zgp.org>
	<17304.61352.166838.98657@bear.he.net>
Message-ID: <20051209025129.GC20139@linuxmafia.com>

Quoting Eric De Mund (ead-conspire at ixian.com):

> I've got CDs labelled:
> 
>     FC3-i386-disc1    FC3-i386-disc4          FC3-i386-SRPMS-disc2
>     FC3-i386-disc2    FC3-i386-rescuecd       FC3-i386-SRPMS-disc3
>     FC3-i386-disc3    FC3-i386-SRPMS-disc1    FC3-i386-SRPMS-disc4
> 
> that I'll either bring with me on Saturday, or, if I'm not able to at-
> tend, will drop off ahead of time. Feel free to keep them for a couple
> of weeks, even, if need be, before returning them.

Thank you, sir.  It'll be good to have those, if we turn out to need
'em.




From rick at linuxmafia.com  Thu Dec  8 20:37:37 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 8 Dec 2005 20:37:37 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
Message-ID: <20051209043737.GQ3859@linuxmafia.com>

Many of you will have followed the rather eyebrow-raising story of 
Sony / Bertelsman Music Group (BMG) and the spyware / trojan-horse / 
vendor-rootkit / security-crippling software sneaked aboard some
infuriatingly large number of that firm's audio CDs.  

This evening, down here at the annual LISA conference in San Diego, we
got a pair of amazingly good, and creative, short lectures:  One was by
cryptographer Matt Blaze, who talked briefly about physical lock
security in comparison to cryptography, and then leapt from there
directly to describing an NSF-funded project he ran to study methods 
law enforcement agencies use to conduct court-approved wiretapping.
I couldn't possibly do the talk justice, but suffice it to say that 
the Justice Department has crippled the Feds' current, supposedly
state-of-the-art CALEA wiretapping methods by insisting on
backwards-compatibility measures that make them trivial to counteract.
Your tax dollars at work, folks.

The other talk was by the always-amazing Dan Kaminsky, carrying out --
yes -- even more tricks with DNS.  This time, Dan has found a way to
compile profiles on the nature, behaviour, and interaction of _all_ of
the world's DNS nameservers.  Yep, all of them.  A lot of information
has emerged from his raw data already, including the fact that a
perilously large nubmer of networks are at risk of cache poisoning on
account of _still_ relying on (and often forwarding queries to)
vulnerable BIND8 nameservers.

Relevant to that Sony BMG scandal -- in which, by the way, Sony have
released no fewer than _three_ "uninstall" kits that uniformly _do not_ 
install Sony's trojaning software -- Dan mentioned that he took the time
to test all of the world's nameservers, to find out how many had
"connected.sonymusic.com" in their DNS caches.  That hostname is
significant because Sony BMG's rootkit "phones in" to a machine using
that hostname.  Any DNS nameserver that already has that name in cache
is one that (to a close approximation) has had at least one
Sony-infected Windows machine querying it.

Anyhow, I'm proud of you folks -- you CABAL members and Cheryl, the sole
member of my household to operate an MS-Windows box.  Judging from a
quick check of my nameserver, _none_ of the Windows machines you've 
set up to query my nameserver has been Sony-crippled.  Which means none
of you was unwary enough to say "Yes" when a Sony-published audio CD, 
inserted into your Windows computer, asked to "upgrade" (or such) the
software on your computer.

Er, actually, I'm honestly not certain that Deirdre's DHCP server, the
Apple Airport Extreme in the living room, queries _my_ nameserver.  But 
that's what I checked:


---<snip>---

$ dig connected.sonymusic.com @ns1.linuxmafia.com +norecurse

; <<>> DiG 9.3.1 <<>> connected.sonymusic.com @ns1.linuxmafia.com
+norecurse
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21691
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;connected.sonymusic.com.       IN      A

;; AUTHORITY SECTION:
com.                    125260  IN      NS      E.GTLD-SERVERS.NET.
com.                    125260  IN      NS      F.GTLD-SERVERS.NET.
com.                    125260  IN      NS      G.GTLD-SERVERS.NET.
com.                    125260  IN      NS      H.GTLD-SERVERS.NET.
com.                    125260  IN      NS      I.GTLD-SERVERS.NET.
com.                    125260  IN      NS      J.GTLD-SERVERS.NET.
com.                    125260  IN      NS      K.GTLD-SERVERS.NET.
com.                    125260  IN      NS      L.GTLD-SERVERS.NET.
com.                    125260  IN      NS      M.GTLD-SERVERS.NET.
com.                    125260  IN      NS      A.GTLD-SERVERS.NET.
com.                    125260  IN      NS      B.GTLD-SERVERS.NET.
com.                    125260  IN      NS      C.GTLD-SERVERS.NET.
com.                    125260  IN      NS      D.GTLD-SERVERS.NET.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.NET.     67474   IN      A       192.5.6.30
A.GTLD-SERVERS.NET.     120462  IN      AAAA    2001:503:a83e::2:30
B.GTLD-SERVERS.NET.     67474   IN      A       192.33.14.30
B.GTLD-SERVERS.NET.     120462  IN      AAAA    2001:503:231d::2:30
C.GTLD-SERVERS.NET.     67474   IN      A       192.26.92.30
D.GTLD-SERVERS.NET.     67474   IN      A       192.31.80.30
E.GTLD-SERVERS.NET.     67474   IN      A       192.12.94.30
F.GTLD-SERVERS.NET.     67474   IN      A       192.35.51.30
G.GTLD-SERVERS.NET.     67474   IN      A       192.42.93.30
H.GTLD-SERVERS.NET.     67474   IN      A       192.54.112.30
I.GTLD-SERVERS.NET.     67474   IN      A       192.43.172.30
J.GTLD-SERVERS.NET.     67474   IN      A       192.48.79.30
K.GTLD-SERVERS.NET.     67474   IN      A       192.52.178.30

;; Query time: 48 msec
;; SERVER: 198.144.195.186#53(198.144.195.186)
;; WHEN: Thu Dec  8 19:54:38 2005
;; MSG SIZE  rcvd: 497

$ 

---<snip>---

For whatever it's worth, neither 198.144.192.2 nor 198.144.192.4, the
main nameservers at my upstream bandwidth provider, Raw Bandwith
Communications, has that hostname in cache, either.

How many of the world's nameservers _do_ have that name in cache,
indicating that there are Sony-infected PCs next to them?  Around
460,000 nameservers, Dan says.  No kidding.



And, by the way, the _very best_ article on the Sony BMG scandal 
was Bruce Schneier's:  He asked:  How is it possible that the anti-virus
vendors completely missed Sony BMG's compromise and rootkitting of
millions of Windows machines?

The answer, of course is:  They _didn't_ miss it.  But they made an
apparently conscious decision to "forget" to alert their customers.
(Honorable exceptions:  ClamAV and F-Secure -- everyone else's hands
were dirty, to my knowledge.)

Next time you're told you need to install anti-virus software to protect
your Windows box, remember whom those companies work for.  It simply
ain't you.

http://www.wired.com/news/privacy/0,1848,69601,00.html 
http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html

That went straight onto my "virus rants" pages, when I heard about
_that_ bit of infamy.




From daniel at gimpelevich.san-francisco.ca.us  Thu Dec  8 23:10:25 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Thu, 08 Dec 2005 23:10:25 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>

On Thu, 08 Dec 2005 20:37:37 -0800, Rick Moen wrote:

[snip]
> Anyhow, I'm proud of you folks -- you CABAL members and Cheryl, the sole
> member of my household to operate an MS-Windows box.  Judging from a
> quick check of my nameserver, _none_ of the Windows machines you've set
> up to query my nameserver has been Sony-crippled.  Which means none of
> you was unwary enough to say "Yes" when a Sony-published audio CD,
> inserted into your Windows computer, asked to "upgrade" (or such) the
> software on your computer.
[snip]

Sorry, but I couldn't resist:

XB9526JJHLA:~ danielg4$ ssh -X linuxmafia.com
Linux linuxmafia.com 2.4.27-2-686 #1 Tue Aug 16 16:31:22 JST 2005 i686 GNU/Linux

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Dec  5 22:17:27 2005 from gimpelevich.san-francisco.ca.us
danielg4 at linuxmafia:~$ exec wget -O - http://connected.sonymusic.com
--23:08:00--  http://connected.sonymusic.com/
           => `-'
Resolving connected.sonymusic.com... 64.14.39.158
Connecting to connected.sonymusic.com|64.14.39.158|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
23:08:01 ERROR 404: Not Found.

Connection to linuxmafia.com closed.
XB9526JJHLA:~ danielg4$ 

Whoops, I was going to add ">/dev/null" but forgot. Oh well.


From rick at linuxmafia.com  Fri Dec  9 00:49:04 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 9 Dec 2005 00:49:04 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
In-Reply-To: <pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
Message-ID: <20051209084904.GF20139@linuxmafia.com>

Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> Sorry, but I couldn't resist:
[...]
> danielg4 at linuxmafia:~$ exec wget -O - http://connected.sonymusic.com
[...]
> HTTP request sent, awaiting response... 404 Not Found

Well, I've not actually tried to find out what Sony BMG and
First4Internet have been doing with their ability to covertly control 
(and spy on) half a million Windows boxen during the past year-plus,
because that's actually the _least_ interesting aspect to me, but:

1.  I'm not at all certain the host ever responded on port 80.
2.  If it did, it'd be a bit reckless of them to provide anything 
    positioned right at the document root.
3.  And I'd be really surprised if that host were _still_ doing 
    much of substance, after all this publicity.

-- 
Cheers,
Rick Moen                      "vi is my shepherd; I shall not font."
rick at linuxmafia.com                               -- Psalm 0.1 beta



From daniel at gimpelevich.san-francisco.ca.us  Fri Dec  9 00:48:51 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 09 Dec 2005 00:48:51 -0800
Subject: [conspire] Collection of music software for Linux
References: <mailman.56.1134094666.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.09.08.48.51.218042@gimpelevich.san-francisco.ca.us>

On Thu, 08 Dec 2005 17:40:46 -0800, Robert S. Johnstone wrote:

[snip]
> In the pages:
> 
> *  A roadmap for Planet CCRMA
>    <http://ccrma.stanford.edu/planetccrma/software/roadmap.html>
> 
> *  Sound and Music Applications
>    <http://ccrma.stanford.edu/planetccrma/software/soundapps.html#snd>
> 
> there as lists of dozens of available software packages.
> The years of labor they must represent is staggering.
> 
> For purposes of discussion, I am interested in programs such as
> 
>    snd			sound editor
>    Csound		software synthesizer
>    Timidity		software sampler
>    ZynAddSubFX		software synthesizer
> 
> but claim no particular expertise in such technology.
[snip]

Here's a bigger list:
http://linux-sound.org/one-page.html
<http://linux-sound.org/one-page.html>

On Monday, I posted this regarding TiMidity++:
http://linuxmafia.com/pipermail/conspire/2005-December/001582.html
<http://linuxmafia.com/pipermail/conspire/2005-December/001582.html>
Since then, I have discovered that a Debian package does exist for the EAW
patches, and I edited the following page accordingly:
https://wiki.ubuntu.com/MidiSoftwareSynthesisHowTo
<https://wiki.ubuntu.com/MidiSoftwareSynthesisHowTo>
Fed up with the incompleteness of the stock config file for the EAW
patches, I went to the following page and installed the fifth soundfont
from the top:
http://timidity.s11.xrea.com/files/readme_cfgp.htm
<http://timidity.s11.xrea.com/files/readme_cfgp.htm>
I now have the EAW patches loaded and then overridden by the soundfont.
This way, the patches fill in the gaps in the soundfont. The results have
been largely excellent, with only one major mistake: In one single-track,
piano-only MIDI file, a drum kit was substituted for the piano. Note that
that page also has a different (better?) config file for the EAW patches,
but I have not tried it since this soundfont mostly sounds oh so much
better than those patches.

I will be willing to demonstrate the setup with whatever MIDI files people
choose.


From daniel at gimpelevich.san-francisco.ca.us  Fri Dec  9 00:54:03 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 09 Dec 2005 00:54:03 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
	<mailman.61.1134118148.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>

The key line was actually this one:

> Resolving connected.sonymusic.com... 64.14.39.158

I would have thought my sense of humor was accessible enough for most
people not to miss that in this context.

On Fri, 09 Dec 2005 00:49:04 -0800, Rick Moen wrote:

> Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):
> 
>> Sorry, but I couldn't resist:
> [...]
>> danielg4 at linuxmafia:~$ exec wget -O - http://connected.sonymusic.com
> [...]
>> HTTP request sent, awaiting response... 404 Not Found
> 
> Well, I've not actually tried to find out what Sony BMG and
> First4Internet have been doing with their ability to covertly control 
> (and spy on) half a million Windows boxen during the past year-plus,
> because that's actually the _least_ interesting aspect to me, but:
> 
> 1.  I'm not at all certain the host ever responded on port 80.
> 2.  If it did, it'd be a bit reckless of them to provide anything 
>     positioned right at the document root.
> 3.  And I'd be really surprised if that host were _still_ doing 
>     much of substance, after all this publicity.



From rick at linuxmafia.com  Fri Dec  9 00:56:32 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 9 Dec 2005 00:56:32 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
In-Reply-To: <pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
	<mailman.61.1134118148.673.conspire@linuxmafia.com>
	<pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
Message-ID: <20051209085632.GH20139@linuxmafia.com>

Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> The key line was actually this one:
[..]
> I would have thought my sense of humor was accessible enough for most
> people not to miss that in this context.

Oops, sorry!  I please fatigue and too much of LOPSA's excellent Zinfandel.





From togo at of.net  Fri Dec  9 01:04:29 2005
From: togo at of.net (Tony Godshall)
Date: Fri, 9 Dec 2005 01:04:29 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
In-Reply-To: <pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
	<mailman.61.1134118148.673.conspire@linuxmafia.com>
	<pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
Message-ID: <20051209090429.GA18623@of.net>

According to Daniel Gimpelevich,
> The key line was actually this one:
> 
> > Resolving connected.sonymusic.com... 64.14.39.158
> 
> I would have thought my sense of humor was accessible enough for most
> people not to miss that in this context.

dude:~# whois 64.14.39.158

OrgName:    Savvis 
OrgID:      SAVVI-2
Address:    3300 Regency Parkway
City:       Cary
StateProv:  NC
PostalCode: 27511
Country:    US

ReferralServer: rwhois://rwhois.exodus.net:4321/

NetRange:   64.14.0.0 - 64.14.255.255 
CIDR:       64.14.0.0/16 
NetName:    SAVVIS
NetHandle:  NET-64-14-0-0-1
Parent:     NET-64-0-0-0-0
NetType:    Direct Allocation
NameServer: DNS01.SAVVIS.NET
NameServer: DNS02.SAVVIS.NET
NameServer: DNS03.SAVVIS.NET
NameServer: DNS04.SAVVIS.NET
Comment:    
RegDate:    
Updated:    2004-10-07

OrgAbuseHandle: ABUSE11-ARIN
OrgAbuseName:   Abuse 
OrgAbusePhone:  +1-877-393-7878
OrgAbuseEmail:  abuse at savvis.net

OrgNOCHandle: NOC99-ARIN
OrgNOCName:   Network Operations Center 
OrgNOCPhone:  +1-800-213-5127
OrgNOCEmail:  ipnoc at savvis.net

OrgTechHandle: UIAA-ARIN
OrgTechName:   US IP Address Administration 
OrgTechPhone:  +1-888-638-6771
OrgTechEmail:  ipadmin at savvis.net



Over my head.





From jane_ikari at yahoo.com  Fri Dec  9 01:08:55 2005
From: jane_ikari at yahoo.com (bruce coston)
Date: Fri, 9 Dec 2005 01:08:55 -0800 (PST)
Subject: [conspire] the fedora from dvd i have
Message-ID: <20051209090855.37585.qmail@web60819.mail.yahoo.com>

im kicking it off the island for permission problems. but the latest MEPISlite rc looks bad too.


			
---------------------------------
Yahoo! Shopping
 Find Great Deals on Holiday Gifts at Yahoo! Shopping 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20051209/13b9bdc3/attachment.html>

From daniel at gimpelevich.san-francisco.ca.us  Fri Dec  9 01:31:26 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 09 Dec 2005 01:31:26 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
	<mailman.61.1134118148.673.conspire@linuxmafia.com>
	<pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
	<mailman.63.1134119090.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.09.09.31.24.807759@gimpelevich.san-francisco.ca.us>

OK, so maybe I should explain. Rick was bragging about how the fact that
not only had nobody in his household nor any fellow customer of the same
ISP been affected by Sony's spyware was evidenced by the IP address of
that hostname not being in either nameserver cache, so I "corrected
that oversight" by logging into his main server and resolving the
hostname, thereby caching it in both. A whois of 64.14.39.158 is a bit
over my head as well.

On Fri, 09 Dec 2005 01:04:29 -0800, Tony Godshall wrote:

> According to Daniel Gimpelevich,
>> The key line was actually this one:
>> 
>> > Resolving connected.sonymusic.com... 64.14.39.158
>> 
>> I would have thought my sense of humor was accessible enough for most
>> people not to miss that in this context.
> 
> dude:~# whois 64.14.39.158
> 
> OrgName:    Savvis 
> OrgID:      SAVVI-2
> Address:    3300 Regency Parkway
> City:       Cary
> StateProv:  NC
> PostalCode: 27511
> Country:    US
> 
> ReferralServer: rwhois://rwhois.exodus.net:4321/
> 
> NetRange:   64.14.0.0 - 64.14.255.255 
> CIDR:       64.14.0.0/16 
> NetName:    SAVVIS
> NetHandle:  NET-64-14-0-0-1
> Parent:     NET-64-0-0-0-0
> NetType:    Direct Allocation
> NameServer: DNS01.SAVVIS.NET
> NameServer: DNS02.SAVVIS.NET
> NameServer: DNS03.SAVVIS.NET
> NameServer: DNS04.SAVVIS.NET
> Comment:    
> RegDate:    
> Updated:    2004-10-07
> 
> OrgAbuseHandle: ABUSE11-ARIN
> OrgAbuseName:   Abuse 
> OrgAbusePhone:  +1-877-393-7878
> OrgAbuseEmail:  abuse at savvis.net
> 
> OrgNOCHandle: NOC99-ARIN
> OrgNOCName:   Network Operations Center 
> OrgNOCPhone:  +1-800-213-5127
> OrgNOCEmail:  ipnoc at savvis.net
> 
> OrgTechHandle: UIAA-ARIN
> OrgTechName:   US IP Address Administration 
> OrgTechPhone:  +1-888-638-6771
> OrgTechEmail:  ipadmin at savvis.net
> 
> 
> 
> Over my head.



From togo at of.net  Fri Dec  9 09:06:48 2005
From: togo at of.net (Tony Godshall)
Date: Fri, 9 Dec 2005 09:06:48 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
In-Reply-To: <pan.2005.12.09.09.31.24.807759@gimpelevich.san-francisco.ca.us>
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
	<mailman.61.1134118148.673.conspire@linuxmafia.com>
	<pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
	<mailman.63.1134119090.673.conspire@linuxmafia.com>
	<pan.2005.12.09.09.31.24.807759@gimpelevich.san-francisco.ca.us>
Message-ID: <20051209170648.GA8489@of.net>


Ah, I thought there was something humorous about sonymusic
appearing not to be Sony.

According to Daniel Gimpelevich,
> OK, so maybe I should explain. Rick was bragging about how the fact that
> not only had nobody in his household nor any fellow customer of the same
> ISP been affected by Sony's spyware was evidenced by the IP address of
> that hostname not being in either nameserver cache, so I "corrected
> that oversight" by logging into his main server and resolving the
> hostname, thereby caching it in both. A whois of 64.14.39.158 is a bit
> over my head as well.
> 
> On Fri, 09 Dec 2005 01:04:29 -0800, Tony Godshall wrote:
> 
> > According to Daniel Gimpelevich,
> >> The key line was actually this one:
> >> 
> >> > Resolving connected.sonymusic.com... 64.14.39.158
> >> 
> >> I would have thought my sense of humor was accessible enough for most
> >> people not to miss that in this context.
> > 
> > dude:~# whois 64.14.39.158
> > 
> > OrgName:    Savvis 
> > OrgID:      SAVVI-2
> > Address:    3300 Regency Parkway
> > City:       Cary
> > StateProv:  NC
> > PostalCode: 27511
> > Country:    US
> > 
> > ReferralServer: rwhois://rwhois.exodus.net:4321/
> > 
> > NetRange:   64.14.0.0 - 64.14.255.255 
> > CIDR:       64.14.0.0/16 
> > NetName:    SAVVIS
> > NetHandle:  NET-64-14-0-0-1
> > Parent:     NET-64-0-0-0-0
> > NetType:    Direct Allocation
> > NameServer: DNS01.SAVVIS.NET
> > NameServer: DNS02.SAVVIS.NET
> > NameServer: DNS03.SAVVIS.NET
> > NameServer: DNS04.SAVVIS.NET
> > Comment:    
> > RegDate:    
> > Updated:    2004-10-07
> > 
> > OrgAbuseHandle: ABUSE11-ARIN
> > OrgAbuseName:   Abuse 
> > OrgAbusePhone:  +1-877-393-7878
> > OrgAbuseEmail:  abuse at savvis.net
> > 
> > OrgNOCHandle: NOC99-ARIN
> > OrgNOCName:   Network Operations Center 
> > OrgNOCPhone:  +1-800-213-5127
> > OrgNOCEmail:  ipnoc at savvis.net
> > 
> > OrgTechHandle: UIAA-ARIN
> > OrgTechName:   US IP Address Administration 
> > OrgTechPhone:  +1-888-638-6771
> > OrgTechEmail:  ipadmin at savvis.net
> > 
> > 
> > 
> > Over my head.
> 
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire

-- 

Best Regards,

Tony




From bpm at idiom.com  Fri Dec  9 09:34:50 2005
From: bpm at idiom.com (Breen Mullins)
Date: Fri, 9 Dec 2005 09:34:50 -0800
Subject: [conspire] Fedora Core 3 for a Celeron Dell desktop box
In-Reply-To: <20051209012747.GA31380@zgp.org>
References: <mailman.39.1134074170.673.conspire@linuxmafia.com>
	<pan.2005.12.08.20.54.07.969284@gimpelevich.san-francisco.ca.us>
	<20051208210016.GZ20139@linuxmafia.com>
	<20051209012747.GA31380@zgp.org>
Message-ID: <20051209173450.GB7245@idiom.com>

On Thu, Dec 08, 2005 at 05:27:47PM -0800, Don Marti wrote:
> 
> Fedora Core 4 was released in June, so that means it
> would probably be a good idea not to count on getting
> updates for 3 for much longer.

Yep. They've announced that FC3 is moving to the Legacy
Project as of December 23. Time to upgrade if you haven't 
already.

Breen
-- 
Breen Mullins
Menlo Park, California



From rick at linuxmafia.com  Fri Dec  9 09:46:49 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 9 Dec 2005 09:46:49 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
In-Reply-To: <pan.2005.12.09.09.31.24.807759@gimpelevich.san-francisco.ca.us>
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
	<mailman.61.1134118148.673.conspire@linuxmafia.com>
	<pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
	<mailman.63.1134119090.673.conspire@linuxmafia.com>
	<pan.2005.12.09.09.31.24.807759@gimpelevich.san-francisco.ca.us>
Message-ID: <20051209174649.GI20139@linuxmafia.com>

Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> OK, so maybe I should explain. Rick was bragging about how the fact that
> not only had nobody in his household nor any fellow customer of the same
> ISP been affected by Sony's spyware was evidenced by the IP address of
> that hostname not being in either nameserver cache, so I "corrected
> that oversight" by logging into his main server and resolving the
> hostname, thereby caching it in both.

Yes.  You garnered the evening's "dry humour" award.
In case people missed one particular fine point of my "dig" test:

$ dig connected.sonymusic.com @ns1.linuxmafia.com +norecurse
                                                  ^^^^^^^^^^

I set the "norecurse" flag on my query specifically so that queried
nameserver ns1.linuxmafia.com would _not_ forward the request to
other nameservers, if it lacks that information.

And, Daniel, your wget fetch from linuxmafia.com's shell prompt actually
did _not_ put "connected.sonymusic.com" into ns1.linuxmafia.com's cache,
because apparently your request got routed to one of Raw Bandwidth's
nameservers, instead of to mine:

:r /etc/resolv.conf

  search linuxmafia.com deirdre.org
  nameserver 198.144.192.2
  nameserver 198.144.192.4
  nameserver 198.144.195.186

(The last of the three IPs is ns1.linuxmafia.com.  Your request went to
one of the other two.)

One easy way to _actually_ load my nameserver's cache is, well, with "dig":

  $ dig connected.sonymusic.com @ns1.linuxmafia.com +short
  64.14.39.158

_Now_, it's in cache.  ;->

  $ dig connected.sonymusic.com @ns1.linuxmafia.com +norecurse

  ; <<>> DiG 9.3.1 <<>> connected.sonymusic.com @ns1.linuxmafia.com +norecurse
  ; (1 server found)
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52040
  ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;connected.sonymusic.com.       IN      A

  ;; ANSWER SECTION:
  connected.sonymusic.com. 3280   IN      A       64.14.39.158

  ;; AUTHORITY SECTION:
  sonymusic.com.          3280    IN      NS      udns2.ultradns.net.
  sonymusic.com.          3280    IN      NS      udns1.ultradns.net.

  ;; Query time: 5 msec
  ;; SERVER: 198.144.195.186#53(198.144.195.186)
  ;; WHEN: Fri Dec  9 09:43:52 2005
  ;; MSG SIZE  rcvd: 109

  $



From rick at linuxmafia.com  Fri Dec  9 10:53:15 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 9 Dec 2005 10:53:15 -0800
Subject: [conspire] Re: Fedora Core 3 for a Celeron Dell desktop box
Message-ID: <20051209185315.GU3859@linuxmafia.com>

----- Forwarded message from wood eddie <ewood111 at yahoo.com> -----

Date: Fri, 9 Dec 2005 08:30:35 -0800 (PST)
From: wood eddie <ewood111 at yahoo.com>
To: installers at linuxmafia.com
Subject: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)

Thanks.  Perhaps some background would be of help:
Legacy code from 2-3 years ago(2002 era) runs fine on
pre-existing Dell Optiplex GX110. This runs Redhat
Linux 7.3. Now need another workstation to continue
this work. Legacy code consists of some 'C'/C++, Java,
and some 'packages', some open source some
proprietary.  Somehow when time to get a new
workstation, a Dell Optiplex GX520 was purchased. 
Initial attempt to run RHL 7.3 did not bode well due
to X.11 and USB mouse anomaly, network adapter support
seems to be missing as well.  First attempt was done
at SVLUG Mt. View last month(Nov 2005) where
recommendation was to go to a supported Rehat release
hence FC1, FC3, FC4.  Also, some testing on FC3(but
not FC4) with legacy code which seems to work OK
initially, based on limited testing. 

Bottom line: it would fit purchase if can make RHL 7.3
to run on GX520.  Barring this, might have to run say
FC3/4, then VMWare on top, so can support RHL 7.3. 
Thats all I have.  So whats the recommendated
suggestion ? BTW, believe VMWare had version that
supports RHL 7.3 and Redhat Enterprise but not FC. So
the present effort on FC may not be the way to go
afterall, unless can make VMware to run on top of
FC3/4. Hope I am making sense here. Thx, Eddie


- Rick Moen <rick at linuxmafia.com> wrote:

[snip Eddie's upside-down quoting]

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

----- End forwarded message -----
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Fri, 9 Dec 2005 10:49:09 -0800
To: wood eddie <ewood111 at yahoo.com>
Cc: installers at linuxmafia.com
Subject: Re: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)
Reply-To: installers at linuxmafia.com
From: Rick Moen <rick at linuxmafia.com>

Quoting wood eddie (ewood111 at yahoo.com):

> Thanks.  Perhaps some background would be of help: Legacy code from
> 2-3 years ago(2002 era) runs fine on pre-existing Dell Optiplex GX110.
> This runs Redhat Linux 7.3. Now need another workstation to continue
> this work. Legacy code consists of some 'C'/C++, Java, and some
> 'packages', some open source some proprietary.  Somehow when time to
> get a new workstation, a Dell Optiplex GX520 was purchased.  Initial
> attempt to run RHL 7.3 did not bode well due to X.11 and USB mouse
> anomaly, network adapter support seems to be missing as well.  First
> attempt was done at SVLUG Mt. View last month(Nov 2005) where
> recommendation was to go to a supported Rehat release hence FC1, FC3,
> FC4.  Also, some testing on FC3(but not FC4) with legacy code which
> seems to work OK initially, based on limited testing. 
> 
> Bottom line: it would fit purchase if can make RHL 7.3 to run on
> GX520.  Barring this, might have to run say FC3/4, then VMWare on top,
> so can support RHL 7.3.  Thats all I have.  So whats the recommendated
> suggestion ? BTW, believe VMWare had version that supports RHL 7.3 and
> Redhat Enterprise but not FC. So the present effort on FC may not be
> the way to go afterall, unless can make VMware to run on top of FC3/4.
> Hope I am making sense here. 

Eddie --

Thanks for giving us a more-precise understanding of your situation.

How would you feel about installing CentOS in place of FC4?  CentOS is
(in my view) the best of the community "rebuilds" of Red Hat Enterprise
Linux, providing _precisely_ the same software contents as (at present)
RHEL4 Update 2 or RHE3 Update 6 (your choice of two development
branches), with the bare minimum of changes performed to replace Red
Hat, Inc.'s trademark-encumbered images, names, and stylings.  Thus, but
for trademark-based branding, it _is_ RHEL.

I would strongly discourage installing RH 7.3 at this extremely late
date:  It is no longer a reasonable option on both security and
hardware-support grounds.  Just to make sure I didn't succumb to
temptations to install it for someone in a moment of weakness, I long
ago threw away my installation media.  ;->

You would know better than I what the system-compatiblity needs of your 
legacy C, C++, Java, and sundry-binary software is, but key version
numbers (e.g., libraries, kernels) are shown on DistroWatch's pages for 
CentOS, among other places:

http://distrowatch.com/table.php?distribution=centos

We have i386 CDs for CentOS 4.2 (equivalent of RHEL4 Update 2).  I don't
think we currently have CentOS 3.6 (equivalent of RHEL3 Update 6), but 
could fetch those if you expected to need them.

I would speculate that your code might be tripping up on FC4's v 2.6.11
kernel and possibly its v. 2.3.5 glibc.  You'll notice that CentOS 3.6 
has kernel 2.4.21 and glibc 2.3.2 (as opposed to CentOS 4.2's kernel
v. 2.6.9 and glibc v. 2.3.4).

Over the longer term, you're going to have to deal with RH 7.3
dependency being a _big_ problem:

If you see "RH Releases" on http://linuxmafia.com/kb/RedHat/ , you'll
see that the RH 7.x architecture is absolutely dead, dead, dead:  The
last release using that architecture was RHAS (now called RHEL) v. 2.1
in 2002.  Red Hat is committed in theory to supporting _commercial_ RHAS 
2.1 customers through 2007, which in practice will almost certainly mean 
just the bare minimum of security fixes required to limp those customers
along until the support contracts expirt -- and nothing _at all_ for 
RH 7.x itself.  Third-party support efforts for 7.x are thin, and
haven't been working very well.  (It's a bit of a thankless task.)

Again, referring to my "RH Releases" page, you'll see that the
severely-aging-but-not-yet-dead RHEL3 architecture is a retread of RH9.
This is corporate America's current gold standard for Linux (though the
smarter ones are migrating to SUSE Linux Enterprise Server 9).  FC1, but 
not later Fedora Core releases, recycles that architeture.  It uses RH's 
heavily patched 2.4.21 kernel and the reasonably stable v. 2.3.2 glibc.  
For now, that would be fine for a Celeron system.  (For x86-64, by
contrast, RHEL3 and kin are dysfunctional, which is one reason why that
architecture's a dead-end.)

And, of course, the newer RHEL4 (CentOS 4.2) architecture, like
Novell/SUSE's SLES9 release, radically departs from that to use very
modern 2.3.x glibc versions and 2.6 kernels.

Your legacy code, like a lot of people's is going to get clobbered in
that transition:  Your challenge for 2005-6 will be to find something
functional _and maintainable_ to run it.  I suspect that CentOS 3.6
will be your correct answer.

Apologies for length, but I expect the above will help you understand
the current RH-compatible landscape better.

-- 
Cheers,             
Rick Moen                 "Anger makes dull men witty, but it keeps them poor."
rick at linuxmafia.com                                   -- Elizabeth Tudor

----- End forwarded message -----



From rick at linuxmafia.com  Fri Dec  9 12:06:27 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 9 Dec 2005 12:06:27 -0800
Subject: [conspire] x86-64 and 2.6 kernels (was: Fedora Core 3 for a Celeron
	Dell desktop box)
In-Reply-To: <20051209185315.GU3859@linuxmafia.com>
References: <20051209185315.GU3859@linuxmafia.com>
Message-ID: <20051209200627.GA20597@linuxmafia.com>

I wrote:

[Stuff about the three recent lines of RH-compatible enterprise distros,
each of the three comprising a distinct binary "target platform":

o  RH 7.3, RHAS 2.1, CentOS2 (all defunct)
o  RH 9, RHEL3, CentOS 3.x
o  FC1, RHEL4

Note that FC2 and later are not even _in_ this map, being _way_ too
fast-moving and unsettled for "enterprise" use.]


> Again, referring to my "RH Releases" page, you'll see that the
> severely-aging-but-not-yet-dead RHEL3 architecture is a retread of RH9.
> This is corporate America's current gold standard for Linux (though the
> smarter ones are migrating to SUSE Linux Enterprise Server 9).  FC1, but 
> not later Fedora Core releases, recycles that architeture.  It uses RH's 
> heavily patched 2.4.21 kernel and the reasonably stable v. 2.3.2 glibc.  
> For now, that would be fine for a Celeron system.  (For x86-64, by
> contrast, RHEL3 and kin are dysfunctional, which is one reason why that
> architecture's a dead-end.)

OK, I'm going to bore y'all with a further state-of-the-market analysis, 
so brace yourselves for a geek rant.  Here's the elephant in the room
that the Linux-using enterprise world is dragging its feet on
acknowledging:  IA32 is dead.

Yes, my cheap-ass PIII and PII boxes still are IA32.  Eddie's Celeron
is.  Maybe your boxes.  You can even go a little out of your way and
buy, today, a P4.  _But that would be dumb._  It's gone with the dodos,
guys.  The market has moved on.

AMD started it with those wildly successful Opterons, defining a CPU
spec that had a company-specific marketing name of "AMD64" but now is
generically dubbed "x86-64".  Intel, with considerable ill-grace,
eventually followed bobbing in AMD's wake -- which was pretty painful
for them to do, but they did it -- with "Xeon64" chips that implement
that same x86-64, in a minor variant that they choose to call "EM64T"
for reasons, basically, of corporate pride.  (That is not to say they
aren't good:  I think they're poised to trounce the AMD guys.)

Intel's and AMD's designs are so close in their programming interfaces
that they're functionally the same, from the point of view of an admin
running Linux -- or even, in most situations, of programmers.  Thus, we
call those systems (generically) "x86-64", regardless of which firm made
the CPU or what marketing terms it slapped onto the box.

And x86-64 makes a huge difference.

The Linux-using enterprise world has a problem:  It's buying x86-64
hardware like candy, and RHEL3 doesn't work properly on that.  It simply
doesn't.  Red Hat's infamously overcomplicated kernel-maintenance
process keeps cranking out "2.4" kernels in its "Update" service packs,
that are really 2.4 kernels in name only:  They're crammed to the gills
with backported 2.6-kernel patches -- a slapdash effort that works well 
enough on IA32 systems (PII, PIII, Celeron, P4, plain Xeon) but _not_ 
on x86-64.  Those systems are unstable unless you _statically compile_
the kernels.  They fall over when run under heavy load.  They have bugs
all over the place.  Bugs that are minor on IA32 become major when the 
same code is run under x86-64.

So, you might ask, why doesn't Red Hat simply retrofit a 2.6 kernel to
RHEL3?  They _physically_ could, and it _would_ fix the x86-64 problems.  
The reason they don't do it -- and will never do it -- is that doing so
would contradict their product strategy:  They promised the business
world that each RHAS/RHEL release would remain a stable binary platform
for five years.  So, they're trapped, by their own corporate strategy, 
into keeping RHEL3 on a "2.4" kernel, even if it's that in name only.

The upshot is that you really cannot run stable x86-64 systems (unless 
really lightly loaded) on RHEL3.  You never will be able to -- except by 
supplying your own, non-vendor 2.6 kernel, and thereby foregoing the
very corporate support you bought RHEL for in the first place.

So, basically, modern hardware is going to _require_ enterprise Linux
distros based on 2.6 kernels -- like FC4, RHEL4, and SLES9.  And that
specifically _excludes_ 2.4-based distros like RHEL3 / RHAS 2.1, not to
mention Red Hat 7.x.   They're gone.  Forget them.  The moment you
switch to the newer CPU architectures, they're obsolete -- and _that_ 
horse is already out of the barn.

Which leaves people like Eddie, charged with making badly written legacy
proprietary code (written with unnecessary dependencies on RH 7.3-era
system software) in a real long-term quandary.  Eddie's not alone, and
there is going to be a lot of stranded code out there.  This problem is
going to keep getting worse.  (You read it here first!)





From rick at linuxmafia.com  Fri Dec  9 12:17:50 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 9 Dec 2005 12:17:50 -0800
Subject: [conspire] Re: x86-64 and 2.6 kernels (was: Fedora Core 3 for a
	Celeron Dell desktop box)
In-Reply-To: <20051209200627.GA20597@linuxmafia.com>
References: <20051209185315.GU3859@linuxmafia.com>
	<20051209200627.GA20597@linuxmafia.com>
Message-ID: <20051209201750.GA21914@linuxmafia.com>

Brief correction:`

> The upshot is that you really cannot run stable x86-64 systems (unless 
> really lightly loaded) on RHEL3.  You never will be able to -- except by 
> supplying your own, non-vendor 2.6 kernel, and thereby foregoing the
> very corporate support you bought RHEL for in the first place.
> 
> So, basically, modern hardware is going to _require_ enterprise Linux
> distros based on 2.6 kernels -- like FC4, RHEL4, and SLES9.  
                                       ^^^

Actually, the conventional corporate rules of the game _exclude_ Fedora
Core (any version), not to mention Debian, Kubuntu, MEPIS, etc. from the
"enterprise" category.  They're talking about a system with a guaranteed
binary programming interface over at least 3-5 years, plus paid support 
and updates even if they suck.  Don't ask me to justify that:  I'm 
just describing the rules as they're played.




From rick at linuxmafia.com  Fri Dec  9 12:44:34 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 9 Dec 2005 12:44:34 -0800
Subject: [conspire] Re: Fedora Core 3 for a Celeron Dell desktop box
Message-ID: <20051209204433.GX3859@linuxmafia.com>

----- Forwarded message from wood eddie <ewood111 at yahoo.com> -----

Date: Fri, 9 Dec 2005 12:19:23 -0800 (PST)
From: wood eddie <ewood111 at yahoo.com>
To: installers at linuxmafia.com
Subject: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)

Thanks. Is CentOS 3.6 supported as a 'host' OS by
vmware ?  Cannot find in the following
http://en.wikipedia.org/wiki/Comparison_of_virtual_machines

Thx, Eddie


--- Rick Moen <rick at linuxmafia.com> wrote:

[snip Eddie's upside-down, pointless quotation of the entire preceding thread]

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

----- End forwarded message -----
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Fri, 9 Dec 2005 12:41:11 -0800
To: wood eddie <ewood111 at yahoo.com>
Cc: installers at linuxmafia.com
Subject: Re: Dec 10 CABAL 4pm at Menlo Park(Linux install Fest)
Reply-To: installers at linuxmafia.com
From: Rick Moen <rick at linuxmafia.com>

Quoting wood eddie (ewood111 at yahoo.com):

> Thanks. Is CentOS 3.6 supported as a 'host' OS by
> vmware ?  Cannot find in the following
> http://en.wikipedia.org/wiki/Comparison_of_virtual_machines

Eddie --

Well, you can't find any _other_ distribution on that page, either.  ;->

VMware 5.5 OS support is shown in the chart on
http://www.vmware.com/support/guestnotes/doc/ .  Notice that
RHEL-whatever are fully represented.  Thus, by implication, matching
CentOS releases are, too -- just not officially.  As an indicator, even
Oracle 9i RDBMS installs cleanly on CentOS.

If you insist on being able to call VMware technical support and tell
them (without lying) that you're running a "supported OS", you'll
obviously need to stick to what's on that chart.

Notice that Fedora Core is _not_ on that chart -- which is hardly
surprising.

----- End forwarded message -----




From dmarti at zgp.org  Fri Dec  9 15:39:44 2005
From: dmarti at zgp.org (Don Marti)
Date: Fri, 9 Dec 2005 15:39:44 -0800
Subject: [conspire] Re: x86-64 and 2.6 kernels (was: Fedora Core 3 for a
	Celeron Dell desktop box)
In-Reply-To: <20051209201750.GA21914@linuxmafia.com>
References: <20051209185315.GU3859@linuxmafia.com>
	<20051209200627.GA20597@linuxmafia.com>
	<20051209201750.GA21914@linuxmafia.com>
Message-ID: <20051209233944.GB1771@zgp.org>

begin Rick Moen quotation of Fri, Dec 09, 2005 at 12:17:50PM -0800:

> Actually, the conventional corporate rules of the game _exclude_ Fedora
> Core (any version), not to mention Debian, Kubuntu, MEPIS, etc. from the
> "enterprise" category.  They're talking about a system with a guaranteed
> binary programming interface over at least 3-5 years, plus paid support 
> and updates even if they suck.  Don't ask me to justify that:  I'm 
> just describing the rules as they're played.

The "rules" are based on the consensus
between proprietary Unix vendors and the
proprietary application vendors.  Red Hat isn't
binary-compatible with proprietary Unix, but it is
business-relationship-compatible.

-- 
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org



From peter.knaggs at gmail.com  Sat Dec 10 19:38:04 2005
From: peter.knaggs at gmail.com (Peter Knaggs)
Date: Sat, 10 Dec 2005 19:38:04 -0800
Subject: [conspire] penlug DNS seems to be down...
Message-ID: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>

Hi Bill,

   Being a mere DNS newbie, I followed Rick's
   suggestion of using dnsreport to check the
   penlug.org domain's nameservers
http://www.dnsreport.com/tools/dnsreport.ch?domain=penlug.org

   At the moment it gives:
   Category: NS
   Status: Fail
   Test name: NS
   Information: A timeout occurred getting the NS
     records from your nameservers! None of your
     nameservers responded fast enough. They are
     probably down or unreachable.

Peter.



From deirdre at deirdre.net  Sun Dec 11 00:03:01 2005
From: deirdre at deirdre.net (Deirdre Saoirse Moen)
Date: Sun, 11 Dec 2005 00:03:01 -0800
Subject: [conspire] An interesting way of marketing Linux
Message-ID: <E974BD43-B1DF-4DCD-A174-D0449DDF602F@deirdre.net>

http://lobby4linux.com/WordPress/?p=63

-- 
_Deirdre                                             http://deirdre.net





From bill at wards.net  Sun Dec 11 01:42:55 2005
From: bill at wards.net (Bill Ward)
Date: Sun, 11 Dec 2005 01:42:55 -0800
Subject: [conspire] Re: penlug DNS seems to be down...
In-Reply-To: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
Message-ID: <3d2fe1780512110142k8caa811i6e00388cf563f773@mail.gmail.com>

The registrar, joker.com, was down.  That means the nameservers were
down too.  My personal and business sites were also affected.  It
seems to be OK now.  Needless to say I'm thinking about finding a more
reliable solution...

On 12/10/05, Peter Knaggs <peter.knaggs at gmail.com> wrote:
> Hi Bill,
>
>    Being a mere DNS newbie, I followed Rick's
>    suggestion of using dnsreport to check the
>    penlug.org domain's nameservers
> http://www.dnsreport.com/tools/dnsreport.ch?domain=penlug.org
>
>    At the moment it gives:
>    Category: NS
>    Status: Fail
>    Test name: NS
>    Information: A timeout occurred getting the NS
>      records from your nameservers! None of your
>      nameservers responded fast enough. They are
>      probably down or unreachable.
>
> Peter.
>


--
Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/



From peter.knaggs at gmail.com  Sun Dec 11 11:17:22 2005
From: peter.knaggs at gmail.com (Peter Knaggs)
Date: Sun, 11 Dec 2005 11:17:22 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
In-Reply-To: <20051209174649.GI20139@linuxmafia.com>
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
	<mailman.61.1134118148.673.conspire@linuxmafia.com>
	<pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
	<mailman.63.1134119090.673.conspire@linuxmafia.com>
	<pan.2005.12.09.09.31.24.807759@gimpelevich.san-francisco.ca.us>
	<20051209174649.GI20139@linuxmafia.com>
Message-ID: <1851b6c80512111117u34ecbeb7y11e67c20ff5bd5d0@mail.gmail.com>

Ahh, so that might explain the recent update
from Microsoft, which asks the user to reply
yes or no to the following curious question:

  Do you want to install the
  Microsoft Malicious Program Removal Tool

Hard to know what context "Malicious" is being
used in, these days...

Still, as long as you remember that Microsoft's
real customers are the big Media companies, and
not us "consumers" it's fairly clear: It's simply
a Program Removal Tool from the newly-created
branch of Microsoft, "Microsoft Malicious" :)



From togo at of.net  Sun Dec 11 14:21:04 2005
From: togo at of.net (Tony Godshall)
Date: Sun, 11 Dec 2005 14:21:04 -0800
Subject: [conspire] MIMO wireless cards cheap at Fry's
Message-ID: <20051211222104.GB1315@of.net>


Hi, folks.  

Anyone tried the Airlink MIMO routers and cards available 
at Fry's for $30 and $20 yet?  (today's adverts).

Obviously the router/AP would work, but I'm wondering what the 
chipsets are and what the chipsets in the cards are and what 
the Linux support is.  

Did a quick google search but didn't find anything by brand.
But that's not surprising- it's the chipset that counts and
the Fry's ads don't mention that (surprise, surprise).

Airlinks have been a good bargain for me in the past (worked 
well enough and cheap).  Looks like the sale's good till
Tues, so I may check them out.  Price looks worth the drive.

Anyone know if the higher-speed cards (802.11g and MIMO) do 
better in the latency department than the old ones did (ssh 
over early 802.11b chipsets was painful).

Tempted by the 60GB mp3/mpeg4 player too- I shouldn't. ;-)

Best Regards,

Tony




From rick at linuxmafia.com  Sun Dec 11 21:31:26 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Sun, 11 Dec 2005 21:31:26 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
In-Reply-To: <1851b6c80512111117u34ecbeb7y11e67c20ff5bd5d0@mail.gmail.com>
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
	<mailman.61.1134118148.673.conspire@linuxmafia.com>
	<pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
	<mailman.63.1134119090.673.conspire@linuxmafia.com>
	<pan.2005.12.09.09.31.24.807759@gimpelevich.san-francisco.ca.us>
	<20051209174649.GI20139@linuxmafia.com>
	<1851b6c80512111117u34ecbeb7y11e67c20ff5bd5d0@mail.gmail.com>
Message-ID: <20051212053126.GL20139@linuxmafia.com>

Quoting Peter Knaggs (peter.knaggs at gmail.com):

> Ahh, so that might explain the recent update
> from Microsoft, which asks the user to reply
> yes or no to the following curious question:
> 
>   Do you want to install the
>   Microsoft Malicious Program Removal Tool
> 
> Hard to know what context "Malicious" is being
> used in, these days...
> 
> Still, as long as you remember that Microsoft's
> real customers are the big Media companies, and
> not us "consumers" it's fairly clear: It's simply
> a Program Removal Tool from the newly-created
> branch of Microsoft, "Microsoft Malicious" :)

(Apparently, "Malicious Program Removal Tool" is from MSFT's 2003-06
acquisition of GeCAD Software:
http://www.microsoft.com/presspass/press/2003/jun03/06-10GeCadPR.mspx )

Yes, one does wonder whether some of what these firms consider
"malicious" isn't subject to redefinition as corporate needs dictate.
They might, with their next update, decide that Kazaa and eMule are
brimming with malice, for example.  ;->

It occurs to me that, for those running proprietary (and especially
binary-only proprietary) software, including on Linux, one possible
"canary" for Sony-type misbehaviour is to perform the ritual that we
free-software people typically do, and that the "desktop" crowd does
not:

Read those goddamned licences.  No, really:  _Read_ them.

When companies like Sony BMG set out to screw their customers through
technological measures, their lawyers will generally insist that they
finagle some liability shield for misdeeds they would be most likely to
be sued over -- which will, of course, be typically right there in the
licence agreement.

Companies count on you _not_ reading licences ("EULAs" and such), and do
nothing to make it natural or easy, e.g., tiny viewing windows, no
easy provision to save a copy for later, etc.  You're hustled towards
the "I agree" button -- at your peril.  

People who bothered to read the Sony BMG EULA would have seen very clear
advance warning of the worst of their misbehaviour -- though one must
make sure one's paranoia filter is enabled:

   ...this CD will automatically install a small proprietary software
   program...

The language goes on to give you ersatz reassurances about what the
program will _not_ do:

   the software will not be used at any time to collect any personal 
   information from you, whether stored on your computer or otherwise

That's like saying "You authorise the application of this nightstick to 
parts of your body.  At no time will the nightstick pick your pocket."

   You expressly acknowledge and agree that you are installing and using
   the licensed materials at your own sole risk. 

Ah, so it doesn't matter what their stuff does; they're claiming to duck
all responsibility.  The phrase "at your own sole risk" should always
set off alarm bells, whether you hear it from a strange yet high-privilege
software package's licence or from a used-car dealer.

   The software is intended to protect the audio files embodied on the
   CD, and it may also facilitate your use of the digital content.

This should, again, trigger suspicion:  "Protect" against what?  And 
why should your listening to an ordinary CD digital audio file be
"facilitated" by a "small proprietary software program"?  That doesn't 
make sense at all.

Of course, they mean "protecting" the music against _you_, by screwing
around with your computer and wrestling control over it from you.

There are lots of other crazy provisions, e.g.

  the term of this EULA shall terminate immediately, without notice
  [...] in the event that you [file bankruptcy or similar]

The EULA never details precisely what they're going to do to you, but
the liability disclaimer should be sufficient warning that they want the
litigation decks clear for it possibly meaning "Any damned thing we want."


Anyhow, much fun like that can expect to be found in licences in
software _not just_ issued by the music and motion picture industries,
but _also_ in software firms suborned by them.  As Schneier pointed out, 
nearly all of the major security-alert and antivirus firms' hands were
provably dirty in this case.  It is known, in fact, that for three weeks 
immediately following the Sony BMG story's becoming public, many of
those firms were in long meetings with Sony executives, presumably
working out their game plan.

ClamAV was an honourable exception.  So was Finnish AV firm F-Secure:
http://www.businessweek.com/technology/content/nov2005/tc20051129_938966.htm


Mind you, I don't think Sony BMG planned in detail to screw up people's
computers.  More likely, they just outsourced the "piracy problem" to UK
firm First4Internet, and then had little idea what exactly they did in
Sony's name.


Another interesting question is:  What _other_ business interests have
suborned most of the major security and antivirus firms?  For starters,
there are all the _other_ copyright barons behind the RIAA and MPAA.
What sort of PC security disasters are _they_ already carrying out on
millions of unsuspecting citizens?

Also, I'd be incredibly wary of the major _gaming_ firms:  Considering
the intolerable actions carried out by, for example, Blizard
Entertainment (makers of World of Warcraft, StarCraft, etc.) to sue out
of existence volunteers at the former "battle.net" domain who wrote an
_independent, from-scratch_ daemon compatible with their Warcraft game
software -- using, naturally, DMCA thuggery.

Given that level of scruple, and their famous liking for copy prevention
(er, "protection") software sabotage, what _other_ sorts of system
trojaning are they likely to hide in their binaries?  At minimum, keep
reading those EULAs:  If there are odd rights they're asserting, you
should wonder why.

Me, I would not let a Blizzard Entertainment product -- or any of its
untrustworthy competitors, near any of my machines.  (Blizzard products
are not welcome in my house at all.)


Along the same lines, if someone asks you to run an unknown binary with
system privilege, with no ability to inspect, you should wonder why.

   http://www.packetstormsecurity.org/distributed/index2.html

   File Name:	find_ddos_v42_linux.tar.Z

   Description: Find_ddos v4.2 (linux) - The NIPC has developed a 
   tool to assist in combating ddos agents. The tool scans a local 
   system that is either known or suspected to contain a DDOS program. 
   The tool will detect several known denial-of-service attack tools 
   including tfn2k client, tfn2k daemon, trinoo daemon, trinoo master, 
   tfn daemon, tfn client, stacheldraht master, stacheldraht client, 
   stachelddraht demon and tfn-rush client. Solaris version also available.

Who's NIPC, you might ask?  Oh, that is or was the National
Infrastructure Protection Center, founded as an FBI agency under Carter
and apparently now gradually being engulfed by other parts of Department
of Homeland Security.  (The www.nipc.gov Web site is gone, for example.)

When NIPC published that "find_ddos_v42_linux.tar.Z" tool in 2001, and
made it available only as a statically-linked, stripped, i386 Linux ELF
binary, I sent them a polite "Are you kidding?" mail -- pointing out
that they were asking Linux users to engage in one of the bad habit
that would tend to get their sites compromised in the first place, and
that nobody was going to take them serious until, at minimum, they
released the matching C code and build instructions.  They never
replied.

Quoting the README (on a copy found at
http://remoteassessment.com/darchive/190989699.html):

   The tool will detect several known denial-of-service attack tools by
   looking at all 32-bit ELF format files in a given directory tree, 
   and comparing the files' strings and symbol table against a set 
   of known "fingerprints" for TFN and trinoo tools.  [...]  
   The tool must be run as root.

In other words, it professed to be a pattern-matching thing like most
mailware checkers.  But what amuses me in retrospect is up at the top:

   This material and tool is furnished on an "as is" basis. 

Sound familiar?  This is pretty much the same as "at your sole risk".

Mind you, I'm not saying _all_ such warranty disclaimers are evil.  I'm
saying that a blanket disclaimer _combined_ with unauditable binary code
that you're asked to run _privileged_ should make you raise your
eyebrows -- and say no.

(Rob Rosenberger at http://vmyths.com/resource.cfm?id=26&page=1 has more
unflattering things to say about NIPC, including their tendency towards
empty publicity-seeking and reprinting other security researchers work
without credit.)





From rick at linuxmafia.com  Sun Dec 11 22:22:31 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Sun, 11 Dec 2005 22:22:31 -0800
Subject: [conspire] Re: penlug DNS seems to be down...
In-Reply-To: <3d2fe1780512110142k8caa811i6e00388cf563f773@mail.gmail.com>
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
	<3d2fe1780512110142k8caa811i6e00388cf563f773@mail.gmail.com>
Message-ID: <20051212062231.GM20139@linuxmafia.com>

Quoting Bill Ward (bill at wards.net):

> The registrar, joker.com, was down.  That means the nameservers were
> down too.  My personal and business sites were also affected.  It
> seems to be OK now.  Needless to say I'm thinking about finding a more
> reliable solution...

Man, that _was_ unfortunate.  And a little difficult to foresee, actually. 
They had your DNS on three reassuringly diverse IPs (all apparently in
Germany, on three netblocks registered to "Computer Service
Langenbach"):

194.245.50.1
194.245.101.19
194.176.0.2

At a guess, one would have imagined that it would be difficult for a single
failure mode to take down all three at the same time.  I'll be curious
to find out how they managed it.  ;->

Here's a third-party discussion but no explanation:  
http://groups.google.com/group/alt.domain-names.registries/browse_thread/thread/59a5a846c1d79fed/7f39d97eef742904?lnk=st&q=%22joker.com%22&rnum=5#7f39d97eef742904

Bill, I'm guessing that you just want a provider who does your DNS, gets
it right, and doesn't make you worry about details.  If so, you're
right; you just need to find someone else to do the whole package.

If you ever decide to take more direct charge of what your DNS consists
of and what nameservers it runs on, I'd be glad to write your zonefile
for you, give you some pointers, and offer secondary nameservice.  (The
latter would have kept your domains running during joker.com's downtime.)




From daniel at gimpelevich.san-francisco.ca.us  Sun Dec 11 22:24:49 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Sun, 11 Dec 2005 22:24:49 -0800
Subject: [conspire] MIMO wireless cards cheap at Fry's
References: <mailman.90.1134339678.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.12.06.24.46.677101@gimpelevich.san-francisco.ca.us>

I did my own search, and this turned up, worth a read for anybody
considering getting MIMO at this point in time:

http://seclists.org/lists/security-basics/2005/Nov/0333.html

The canonical centralized database of wireless chipsets now appears to be:

http://linux-wless.passys.nl/

That led me to this page:

http://rt2x00.serialmonkey.com/wiki/index.php/Vendors

Mission accomplished: Airlink MIMO chipset identified.

On Sun, 11 Dec 2005 14:21:04 -0800, Tony Godshall wrote:

> 
> Hi, folks.  
> 
> Anyone tried the Airlink MIMO routers and cards available 
> at Fry's for $30 and $20 yet?  (today's adverts).
> 
> Obviously the router/AP would work, but I'm wondering what the 
> chipsets are and what the chipsets in the cards are and what 
> the Linux support is.  
> 
> Did a quick google search but didn't find anything by brand.
> But that's not surprising- it's the chipset that counts and
> the Fry's ads don't mention that (surprise, surprise).
> 
> Airlinks have been a good bargain for me in the past (worked 
> well enough and cheap).  Looks like the sale's good till
> Tues, so I may check them out.  Price looks worth the drive.
> 
> Anyone know if the higher-speed cards (802.11g and MIMO) do 
> better in the latency department than the old ones did (ssh 
> over early 802.11b chipsets was painful).
> 
> Tempted by the 60GB mp3/mpeg4 player too- I shouldn't. ;-)
> 
> Best Regards,
> 
> Tony



From rick at linuxmafia.com  Mon Dec 12 01:29:02 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 12 Dec 2005 01:29:02 -0800
Subject: [conspire] penlug DNS seems to be down...
In-Reply-To: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
Message-ID: <20051212092902.GB7646@linuxmafia.com>

Quoting Peter Knaggs (peter.knaggs at gmail.com):

>    Being a mere DNS newbie, I followed Rick's
>    suggestion of using dnsreport to check the
>    penlug.org domain's nameservers
> http://www.dnsreport.com/tools/dnsreport.ch?domain=penlug.org

Now that joker.com's nameservice is back up, we can see how they do
normally.

The only significant problem is an error that's extremely common among
one-stop Internet providers: no glue records, because they're lazy with
choice of nameserver hostnames.  Result:  unnecessarily slow DNS
service.

To explain that, I have to explain glue records.

When someone out on the Internet tries to connect to host
linuxmafia.com, he generates a burst of DNS queries:  The user's
nameserver needs to find out (1) what nameserver(s) to ask for all
"linuxmafia.com" name information, and then (2) asks one of those
nameservers the actual IP address for host linuxmafia.com.

To do the first step, the user's nameserver asks .COM's nameservers 
about the "linuxmafia.com" domain's "NS" (nameserver) records, like this
(snipping irrelevant stuff):

  ~ $ dig -t ns linuxmafia.com @k.gtld-servers.net

  ;; ANSWER SECTION:
  linuxmafia.com.         172800  IN      NS      ns.on.primate.net.
  linuxmafia.com.         172800  IN      NS      ns.primate.net.
  linuxmafia.com.         172800  IN      NS      ns1.linuxmafia.com.
  linuxmafia.com.         172800  IN      NS      ns1.thecoop.net.
  linuxmafia.com.         172800  IN      NS      ns2.linuxmafia.com.

  ;; ADDITIONAL SECTION:
  ns.on.primate.net.      172800  IN      A       207.44.185.143
  ns.primate.net.         172800  IN      A       198.144.194.12
  ns1.linuxmafia.com.     172800  IN      A       198.144.195.186
  ns1.thecoop.net.        172800  IN      A       216.218.255.165
  ns2.linuxmafia.com.     172800  IN      A       63.193.123.122

(Please just take my word for it that "k.gtld-servers.net" is one of the
.COM top-level domian's nameservers.  I can explain, but would rather
skip that, here.)

The "ANSWER SECTION" lines give the literal answers to the posed question 
"What are the NS records for domain linuxmafia.com?" -- but please
notice _also_ the matching "ADDITIONAL SECTION" lines sent _along with_
that requested information.  That's the "glue" -- sent in anticipation of,
and in answer to, the user's nameserver's obvious _next_ question.

That is, notice that each "NS" line says, in effect, "Here's a
_hostname_ of an 'authoritative' nameserver machine you can ask about
name information within the 'linuxmafia.com' domain."  But the querying
nameserver uses IP addresses to open remote connections, so it thus has
to look up the _IP_ of one of those nameservers, before it can ask
questions.  That would be a second DNS lookup.

Sending the "glue" information -- the IP addresses corresponding to each
of those NS records -- avoids the querying nameserver's need to ask the
"What's the IP for that nameserver hostname" question immediately after
its "What's the nameserver hostname?" question, by anticipating the
second question and sending both answers at the same time.


And, in penlug.org's case, the parent .ORG zone's nameservers aren't
sending glue information.  Imagine, again, that a user's nameserver (a "querying
nameserver") wants to look up penlug.org names, and therefore asks .ORG
where to find the domains nameservers.   Again, please just take my word
that nameserver "tld6.ultradns.co.uk" is authoritative for .ORG
information:

  ~ $ dig -t ns penlug.org @tld6.ultradns.co.uk

  ;; AUTHORITY SECTION:
  penlug.org.             86400   IN      NS      c.ns.joker.com.
  penlug.org.             86400   IN      NS      b.ns.joker.com.
  penlug.org.             86400   IN      NS      a.ns.joker.com.

The .ORG namservers didn't send any "A" (glue) records for nameservers
{c,b,a}.ns.joker.com -- just the hostnames.  Therefore, the querying
nameserver has to turn around and ask the .COM hierarchy what the IP 
addresses of _those_ names are, before it can go further:

  ~ $ dig -t a c.ns.joker.com @k.gtld-servers.net

  ;; ANSWER SECTION:
  c.ns.joker.com.         172800  IN      A       194.245.50.1

Thus, two queries required instead of one, just to find the nameservers 
-- ergo, unnecessarily slow nameservice.


And, if you're still with me, you might wonder _why_ .ORG's nameservers
aren't sending glue information for c.ns.joker.com and its two brothers.
Simple:  They're in a name hierarchy that .ORG's nameservers don't know
anything about, namely .COM .  That's really all there is to it.

.ORG's nameservers have no _authority_ in that namespace -- and it's
really important, in order to prevent "cache poisoning" (injection of
fraudulent name information into nameservers), that DNS software reject
that sort of "out-of-bailiwick" responses, including glue records.
Thus, joker.com's .COM-based nameserver names simply _can't_ be used in
an .ORG domain's glue records:  They wouldn't be valid.

So, you might ask, why is joker.com, a supposedly professional service
provider, specifying .COM nameserver names inside an .ORG domain --
given that it's an obvious and avoidable error?  Because they're being
lazy and, well, unprofessional.


What they _should_ have done -- and this would have taken them maybe
twenty lines of Perl -- is noticed the problem, and created "A"
(IP-lookup) records pointing to their same nameserver IP addresses,
except using new hostnames ns1.penlug.org, ns2.penlug.org, and
ns3.penlug.org.  And then use _those_ in the parent .ORG records for
penlug.org, in place of that "c.ns.joker.com" name and the other two.  

Doing that would have allowed proper glue information to flow out of
.ORG, and everything would have been just a wee bit faster and more
reliable.  joker.com's doing that would honestly have been _no harder_
for them -- but they didn't bother.

Judging by joker.com's recent downtime, they probably have a lot bigger
problems, but I just thought I'd mention that glue records are one of
those things that you can use to distinguish those who bother to do
things properly from those who don't, and why.

-- 
Cheers,             
Rick Moen                 "Anger makes dull men witty, but it keeps them poor."
rick at linuxmafia.com                                   -- Elizabeth Tudor



From rick at linuxmafia.com  Mon Dec 12 09:40:01 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 12 Dec 2005 09:40:01 -0800
Subject: [conspire] Re: x86-64 and 2.6 kernels (was: Fedora Core 3 for a
	Celeron Dell desktop box)
In-Reply-To: <20051209201750.GA21914@linuxmafia.com>
References: <20051209185315.GU3859@linuxmafia.com>
	<20051209200627.GA20597@linuxmafia.com>
	<20051209201750.GA21914@linuxmafia.com>
Message-ID: <20051212174000.GA21403@linuxmafia.com>

Correcting myself:

> Actually, the conventional corporate rules of the game _exclude_
> Fedora Core (any version), not to mention Debian, Kubuntu, MEPIS, etc.
> from the "enterprise" category.  They're talking about a system with a
> guaranteed binary programming interface over at least 3-5 years, plus
> paid support and updates even if they suck. 

Actually, I've just checked RH's documentation, and they promise a
_seven_-year support life (product life) for each release.  Novell
promises a minimum product life of five years for Novell Linux Desktop 9,
and seven years for SLES9.

The reason RHEL4 (as opposed to RHEL3) isn't working too well for
x86-64, so far, is a lot of little bugs on that CPU platform, notably 
spottily missing 32-bit libs.  Thus the momentum behind SLES9.

Which is really kind of annoying, in part because RH has been, for all 
of people's grousing about some of its doings, a much better friend of the
open source / free-software community -- which can be seen, among many
other things, in the fact that I can lawfully give anyone a copy of
RHEL3 or RHEL4 (whose software contents are 100% open source), but the
same is not true of SLES or Novell Linux Desktop, on account of
restricted proprietary components.




From peter.knaggs at gmail.com  Mon Dec 12 13:37:03 2005
From: peter.knaggs at gmail.com (Peter Knaggs)
Date: Mon, 12 Dec 2005 13:37:03 -0800
Subject: [conspire] penlug DNS seems to be down...
In-Reply-To: <20051212092902.GB7646@linuxmafia.com>
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
	<20051212092902.GB7646@linuxmafia.com>
Message-ID: <1851b6c80512121337x7eb730b8jf4bd65fecf12f721@mail.gmail.com>

Hi Rick,

   Wow, thanks for your explanation.

   I had seen you explain glue records before
   in a slightly different context, but seeing
   it explained for our own penlug.org really
   makes it a whole lot more memorable :)

   So when you hinted about offering to do
   secondary DNS, would that mean we'd need
   to get the .org nameserver to add an NS entry
   for ns1.linuxmafia.org (and a glue record for
   ns1.linuxmafia.org pointing it to the real
   ns1.linuxmafia.com)? Sounds complicated :)

Cheers,
Peter.



From bill at wards.net  Mon Dec 12 13:52:19 2005
From: bill at wards.net (Bill Ward)
Date: Mon, 12 Dec 2005 13:52:19 -0800
Subject: [conspire] Re: penlug DNS seems to be down...
In-Reply-To: <20051212062231.GM20139@linuxmafia.com>
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
	<3d2fe1780512110142k8caa811i6e00388cf563f773@mail.gmail.com>
	<20051212062231.GM20139@linuxmafia.com>
Message-ID: <3d2fe1780512121352i23c443d6of51c375d6e91863@mail.gmail.com>

On 12/11/05, Rick Moen <rick at linuxmafia.com> wrote:
> Bill, I'm guessing that you just want a provider who does your DNS, gets
> it right, and doesn't make you worry about details.  If so, you're
> right; you just need to find someone else to do the whole package.

That's right.  And the domain registration too.  Joker has a pretty
good system whcih works quite well, except for this recent outage.  I
trust they will find a fix that will prevent the same in the future,
so I'll give them another chance.  The main problem was that the
joker.com nameservice was dead, so the joker.com nameservers didn't
resolve.  Glue records would have fixed that.  If you don't mind, I'd
like to forward your detailed analysis to them...?

One other important feature that Joker offers is web and email
forwarding.  I use this to get all my email routed to my gmail
account, and gmail's "Accounts" feature to have my outgoing mail
appear to come from my own domains.  I also use the Web forwarding so
that certain domain/host names redirect the user to the canonical Web
address for the site.  Both features require using Joker-hosted DNS,
which alas means that providing my own secondary DNS is not possible.

--Bill.

--
Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/



From rick at linuxmafia.com  Mon Dec 12 14:55:10 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 12 Dec 2005 14:55:10 -0800
Subject: [conspire] Re: penlug DNS seems to be down...
In-Reply-To: <3d2fe1780512121352i23c443d6of51c375d6e91863@mail.gmail.com>
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
	<3d2fe1780512110142k8caa811i6e00388cf563f773@mail.gmail.com>
	<20051212062231.GM20139@linuxmafia.com>
	<3d2fe1780512121352i23c443d6of51c375d6e91863@mail.gmail.com>
Message-ID: <20051212225510.GM3859@linuxmafia.com>

Quoting Bill Ward (bill at wards.net):

> That's right.  And the domain registration too.  Joker has a pretty
> good system whcih works quite well, except for this recent outage.  I
> trust they will find a fix that will prevent the same in the future,
> so I'll give them another chance.  The main problem was that the
> joker.com nameservice was dead, so the joker.com nameservers didn't
> resolve.  Glue records would have fixed that.  If you don't mind, I'd
> like to forward your detailed analysis to them...?

Of course, you're very welcome to.  It'd probably be best if you elide
my editorial comments about laziness and lack of professionalism,
though.  ;->

Honestly, there shouldn't have been any way for all three of their
nameservers to cease functioning -- unless perhaps they somehow allowed
their _own_ domain registration, i.e., their registration of joker.com,
to enter the expiration 75-day period, or get hijacked, or be the
subject of serious administrative errors?  That would be a supremely
embarrassing thing for a domain registrar to allow to happen to itself.

It's a little difficult to tell, but looking at the whois record for
"joker.com" _is_ consistent with that theory.  It has:

$ whois joker.com | more
[Querying whois.internic.net]
[Redirected to whois.joker.com]
[Querying whois.joker.com]
[whois.joker.com]
domain:       joker.com
organization: CSL Computer Service Langenbach GmbH
email:        admin at joker.com
address:      Hansaallee 191-193
city:         Duesseldorf
postal-code:  40549
country:      DE
phone:        +49 211 867670
admin-c:      admin at joker.com#1
tech-c:       admin at joker.com#1
billing-c:    hostmaster at joker.com#0
reseller:     CSL Computer Service Langenbach GmbH              
reseller:     Duesseldorf, Germany                              
reseller:     Visit www.joker.com to get Domains                
nserver:      a.ns.joker.com 194.176.0.2
nserver:      b.ns.joker.com 194.245.101.19
nserver:      c.ns.joker.com 194.245.50.1
status:       lock
created:      1994-11-27 00:00:00 UTC
modified:     2005-12-08 16:07:48 UTC
expires:      2007-08-03 11:02:10 UTC
[...]

Something happened to joker.com's own domain records on 2005-12-08.  
I can't tell what that was, at this date.  You might ask them, and see
what they have to say.

> One other important feature that Joker offers is web and email
> forwarding.  I use this to get all my email routed to my gmail
> account, and gmail's "Accounts" feature to have my outgoing mail
> appear to come from my own domains.  I also use the Web forwarding so
> that certain domain/host names redirect the user to the canonical Web
> address for the site.  Both features require using Joker-hosted DNS,
> which alas means that providing my own secondary DNS is not possible.

I'm not sure that follows:  In the regular model, the one "primary"
server is where the hostnames are maintained, and all of the "secondary"
servers automatically reflect the exact contents of what is at the
primary site (using an update mechanism called "zone transfers").

Thus, using Joker-hosted DNS should not preclude also having additional
non-Joker nameservers reflecting the Joker-defined zone contents.





From bill at wards.net  Mon Dec 12 15:01:30 2005
From: bill at wards.net (Bill Ward)
Date: Mon, 12 Dec 2005 15:01:30 -0800
Subject: [conspire] Re: penlug DNS seems to be down...
In-Reply-To: <20051212225510.GM3859@linuxmafia.com>
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
	<3d2fe1780512110142k8caa811i6e00388cf563f773@mail.gmail.com>
	<20051212062231.GM20139@linuxmafia.com>
	<3d2fe1780512121352i23c443d6of51c375d6e91863@mail.gmail.com>
	<20051212225510.GM3859@linuxmafia.com>
Message-ID: <3d2fe1780512121501t3631d3c6qd050b1ec924fae68@mail.gmail.com>

On 12/12/05, Rick Moen <rick at linuxmafia.com> wrote:
> Quoting Bill Ward (bill at wards.net):
[...]
> Something happened to joker.com's own domain records on 2005-12-08.
> I can't tell what that was, at this date.  You might ask them, and see
> what they have to say.

Well, I assume you've heard about the whole Ebay Christmas issue?  It
seems someone phished ebay and did some domain registration hijinks on
Ebay's behalf using joker.com, and joker.com was unresponsive when
Ebay tried to breathe down their necks about it.  They ended up
getting Network Solutions to pull the plug on that domain, and my
guess is somehow that ended up affecting joker itself.  I don't know
how though, and maybe it's just a coincidence.

But yes, clearly some aspect of joker.com's registration was certainly
altered on 12-08.

> > One other important feature that Joker offers is web and email
> > forwarding.  I use this to get all my email routed to my gmail
> > account, and gmail's "Accounts" feature to have my outgoing mail
> > appear to come from my own domains.  I also use the Web forwarding so
> > that certain domain/host names redirect the user to the canonical Web
> > address for the site.  Both features require using Joker-hosted DNS,
> > which alas means that providing my own secondary DNS is not possible.
>
> I'm not sure that follows:  In the regular model, the one "primary"
> server is where the hostnames are maintained, and all of the "secondary"
> servers automatically reflect the exact contents of what is at the
> primary site (using an update mechanism called "zone transfers").
>
> Thus, using Joker-hosted DNS should not preclude also having additional
> non-Joker nameservers reflecting the Joker-defined zone contents.

Their software precludes it, not DNS itself.  The Web-base DNS
administration tool is required in order to get the forwarding
features, and that tool does not allow one to set up nameservers other
than the ones they provide.

--
Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/



From rick at linuxmafia.com  Mon Dec 12 15:10:37 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 12 Dec 2005 15:10:37 -0800
Subject: [conspire] penlug DNS seems to be down...
In-Reply-To: <1851b6c80512121337x7eb730b8jf4bd65fecf12f721@mail.gmail.com>
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
	<20051212092902.GB7646@linuxmafia.com>
	<1851b6c80512121337x7eb730b8jf4bd65fecf12f721@mail.gmail.com>
Message-ID: <20051212231036.GE7646@linuxmafia.com>

Quoting Peter Knaggs (peter.knaggs at gmail.com):

>    Wow, thanks for your explanation.

No problem.  Since I'm on an "explain DNS" kick, I may do at least one 
follow-up to my December 2005 "The Basics of DNS" article in _Linux Gazette_, 
attempting to cover such matters.  In that article, you may have
noticed, I explained about the four flavours of DNS service, explained
the first three & showed that they were dead simple, and mostly punted
on the fourth one, primary authoritative service.  Which is of course
what we're talking about, now.

>    So when you hinted about offering to do
>    secondary DNS, would that mean we'd need
>    to get the .org nameserver to add an NS entry
>    for ns1.linuxmafia.org (and a glue record for
>    ns1.linuxmafia.org pointing it to the real
>    ns1.linuxmafia.com)? Sounds complicated :)

There's a simple way, and there's a slightly more complex but better
way.

The simple way is just add an "NS" record for ns1.linuxmafia.com.  Boom,
done.  You would have to add that to both the penlug.org zonefile and
in the domain records at the registrar.  (The one aspect of primary
authoritative DNS that people most often get wrong is failing to update
records at the registrar when they change nameservers' NS or A records
in their zonefiles.)

The more-complex way is to first add NS and A records in penlug.org's
zonefile for new hostname "ns4.penlug.org", with the A record pointing
to ns1.linuxmafia.com's IP.  Then -- per usual -- do the same in records
at the registrar.  Again, boom, done.

In either case, someone would also have to adjust the master
nameserver's security controls (ACLs) to let my IP pull down the zonefile
from it.

But that's really all that's required.  Everything else is automatic, 
and I would neither have nor want any involvement in the actual contents
of penlug.org's DNS, that being controlled 100% at the master
nameserver, which according to the zonefile is "a.ns.joker.com".  The
only difference is, PenLUG would have greater redundancy.




From rick at linuxmafia.com  Mon Dec 12 15:12:23 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 12 Dec 2005 15:12:23 -0800
Subject: [conspire] Re: penlug DNS seems to be down...
In-Reply-To: <3d2fe1780512121501t3631d3c6qd050b1ec924fae68@mail.gmail.com>
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
	<3d2fe1780512110142k8caa811i6e00388cf563f773@mail.gmail.com>
	<20051212062231.GM20139@linuxmafia.com>
	<3d2fe1780512121352i23c443d6of51c375d6e91863@mail.gmail.com>
	<20051212225510.GM3859@linuxmafia.com>
	<3d2fe1780512121501t3631d3c6qd050b1ec924fae68@mail.gmail.com>
Message-ID: <20051212231223.GF7646@linuxmafia.com>

Quoting Bill Ward (bill at wards.net):

> Well, I assume you've heard about the whole Ebay Christmas issue?  It
> seems someone phished ebay and did some domain registration hijinks on
> Ebay's behalf using joker.com, and joker.com was unresponsive when
> Ebay tried to breathe down their necks about it.  They ended up
> getting Network Solutions to pull the plug on that domain, and my
> guess is somehow that ended up affecting joker itself.  I don't know
> how though, and maybe it's just a coincidence.

Sounds plausible.  

I'd heard rumblings about the Ebay thing, but not the actual story --
which I'll now have to look up.

> Their software precludes it, not DNS itself.  The Web-base DNS
> administration tool is required in order to get the forwarding
> features, and that tool does not allow one to set up nameservers other
> than the ones they provide.

Ah, OK.




From togo at of.net  Mon Dec 12 18:24:16 2005
From: togo at of.net (Tony Godshall)
Date: Mon, 12 Dec 2005 18:24:16 -0800
Subject: [conspire] MIMO wireless cards cheap at Fry's
In-Reply-To: <pan.2005.12.12.06.24.46.677101@gimpelevich.san-francisco.ca.us>
References: <mailman.90.1134339678.673.conspire@linuxmafia.com>
	<pan.2005.12.12.06.24.46.677101@gimpelevich.san-francisco.ca.us>
Message-ID: <20051213022416.GA3018@of.net>

 
> On Sun, 11 Dec 2005 14:21:04 -0800, Tony Godshall wrote:
> 
> > 
> > Hi, folks.  
> > 
> > Anyone tried the Airlink MIMO routers and cards available 
> > at Fry's for $30 and $20 yet?  (today's adverts).
...

According to Daniel Gimpelevich,
> I did my own search, and this turned up, worth a read for anybody
> considering getting MIMO at this point in time:
> 
> http://seclists.org/lists/security-basics/2005/Nov/0333.html

I always assume Wifi is insecure.  Iptables shields up and
all transfers via ssh.  Machines don't even ping.  And even
a little security by obscurity on top of that- sshd on a
nonstandard port, unique per host (which is also handy when
port-forwarding from the router- ssh to multiple hosts from
single ip with a little simple $HOME/.ssh/config magic).
 
> The canonical centralized database of wireless chipsets now appears to be:
> 
> http://linux-wless.passys.nl/

Outstanding.  Thank you sir- that's a site to bookmark.

> That led me to this page:
> 
> http://rt2x00.serialmonkey.com/wiki/index.php/Vendors
> 
> Mission accomplished: Airlink MIMO chipset identified.

Outstanding.  Thank you sir.  Second reference to Atheros.

I wonder of the router can link to another router?  

Anyone have experience with the latency of modern wireless
chipsets?  Have they improved at all or are they still way
worse than wired?

T



From phaedrus at sasquatch-infotech.com  Mon Dec 12 20:43:03 2005
From: phaedrus at sasquatch-infotech.com (Jeff Frasca)
Date: Mon, 12 Dec 2005 20:43:03 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
In-Reply-To: <20051212053126.GL20139@linuxmafia.com>
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
	<mailman.61.1134118148.673.conspire@linuxmafia.com>
	<pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
	<mailman.63.1134119090.673.conspire@linuxmafia.com>
	<pan.2005.12.09.09.31.24.807759@gimpelevich.san-francisco.ca.us>
	<20051209174649.GI20139@linuxmafia.com>
	<1851b6c80512111117u34ecbeb7y11e67c20ff5bd5d0@mail.gmail.com>
	<20051212053126.GL20139@linuxmafia.com>
Message-ID: <20051213044303.GA2462@sasquatch-infotech.com>

On Sun, Dec 11, 2005 at 09:31:26PM -0800, Rick Moen wrote:
 
> Also, I'd be incredibly wary of the major _gaming_ firms:  Considering
> the intolerable actions carried out by, for example, Blizard
> Entertainment (makers of World of Warcraft, StarCraft, etc.) to sue out
> of existence volunteers at the former "battle.net" domain who wrote an
> _independent, from-scratch_ daemon compatible with their Warcraft game
> software -- using, naturally, DMCA thuggery.
> 
> Given that level of scruple, and their famous liking for copy prevention
> (er, "protection") software sabotage, what _other_ sorts of system
> trojaning are they likely to hide in their binaries?  At minimum, keep
> reading those EULAs:  If there are odd rights they're asserting, you
> should wonder why.
> 
> Me, I would not let a Blizzard Entertainment product -- or any of its
> untrustworthy competitors, near any of my machines.  (Blizzard products
> are not welcome in my house at all.)

I second these rules.  I'm even of the opinion that Transgaming 
are a bunch parasites, they rip-off wine, put a bunch of cheap 
hacks in to replace the DirectX code and sell it under the 
Alladin license (or worse, I haven't been paying attention to 
them recently).  (I have a legacy game that I periodically fail 
to get working with wine...  I'm also pretty sure of its safety, 
being that it was published before all this bs became common, not 
that wine works.) 

I've made one major exception in the past: Id Software.  They 
seem to have an unsullied reputation.  They consistently port
their games to Linux natively[1], they release code under the GPL at
the end of the cycle, and they aren't on the anti-piracy-arms-race
bandwagon (I've only played the Doom3 demo, however, I know the
copy protection on Q3A was minimal).  

I also happen to play FPS games exclusively, mainly Quake and Q3A, 
so I don't feel I'm missing anything by ignoring all the other big
name games (any other gaming desire I have can be solidly sated
with open source games :).

I just wanted to say that there is at least one studio that
seems to understand the stupidity of the arms race and has been
generally supportive of and savvy with the community.  I'd still 
read the EULA, just in case.  

As far as anyone else goes, I sure hope that Steam isn't the
future of game distribution.  I'll continue to stay away.
(Besides the fact that they won't port...)

Jeff

[1] Funny note about their native ports: they started this with
Quake.  A cracker broke into their servers, stole the Quake code
and posted it on the 'net.  A friendly Linux hacker ported it and
sent a patch back to Id.  Instead of prosecuting, they accepted
the patch and released the port.  They've ported every engine 
since. 



From rick at linuxmafia.com  Mon Dec 12 21:42:44 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 12 Dec 2005 21:42:44 -0800
Subject: [conspire] Perimeter vs. host-edge security (wqs: MIMO wireless
	cards cheap at Fry's)
In-Reply-To: <20051213022416.GA3018@of.net>
References: <mailman.90.1134339678.673.conspire@linuxmafia.com>
	<pan.2005.12.12.06.24.46.677101@gimpelevich.san-francisco.ca.us>
	<20051213022416.GA3018@of.net>
Message-ID: <20051213054244.GG7646@linuxmafia.com>

Quoting Tony Godshall (togo at of.net):

> I always assume Wifi is insecure.  Iptables shields up and all
> transfers via ssh.  Machines don't even ping.  And even a little
> security by obscurity on top of that- sshd on a nonstandard port,
> unique per host (which is also handy when port-forwarding from the
> router- ssh to multiple hosts from single ip with a little simple
> $HOME/.ssh/config magic).

This seems as good a time as any to mention the security policy of 2033
Sharon Road (Deirdre's and my house), which is where CABAL has met for
the last five years:

Basically, we provide unfiltered Internet access, period.  When you
connect machines to our LAN, absent special arrangements you will be on
a Dynamic NAT network segment (wired or wireless), serviced by an Apple
Airport base station that to my knowledge does no filtering other than
(if Deirdre has set up the device correctly) disallowing ICMP broadcast
and IP-address spoofing.  In consequence, guests are largely responsible
for their own security.  Be warned.

Our stance owes partly to personal preference, and partly to
circumstance.  The preference part is that we're accustomed to
unmediated, unfiltered Internet access, we're used to the idea of hosts
not trusting each other or the network, and we basically like things
wide open.  The circumstance part is that the incoming broadband
connection provisions our /29 IP subnet arrives over an aDSL bridge,
with the result that unfiltered Internet traffic from Raw Bandwidth
Communications (RBC) touches our five outside IP addresses (my server,
Deirdre's, the base station, and up to two others) whether we like that
or not.

It would be theoretically possible to interpose IP-filtering between
inside and outside LANs where they meet at the Airport base station, but
we basically don't really bother.

                    wired                      wired and wireless
                 IP network                        IP network
             198.144.195.184/29                    10.0.1.0/24
 - - - - - - ---------------------------  ------------------------------
 |           |              |          |  |        |            |      |
RBC     linuxmafia.com  deirdre.net   Airport    Cheryl's PC   Rick   guest
router                                (DNAT)                 laptop    PC

Because we don't control RBC's router, and because of the bridged
connection to that firm, our five usable IPs on the "outside" LAN have
never had, within reason, the option of some magic firewall
contraption to collectively protect them, so each host has a "security
perimeter" at the edge of its case:  Each machine looks out for itself.

Now, I'm not trying to be critical of your approach, Tony, but just
wanted to call your attention to a security model that differs
conceptually from yours.  (You probably have a physical layout with an
incoming "single IP" chokepoint that lends itself better to perimeter
security, for one thing.)  

We don't bother running sshds or anything else on non-standard ports.
We assume that all services on our hosts will be port-scanned, probed,
and attacked continually.  And we assume that intruders might at some
point compromise various hosts and use them to attack the others.

So, everything's exposed, nothing's hidden, and no host trusts any
other.  Which turns out to work very well, and suit us.  Advantages
include extreme clarity and simplicity about where the risks lie, no 
false sense of security about perimeter security, and no bizarre and
mysterious network failures caused by hidden network nannies.  (If
you've never had a difficult time diagnosing a network problem, and
hours later discovered an IP filter that someone forgot to mention, 
count yourself lucky.)

We _do_ have a few monitoring and detection tricks deployed that we
don't talk about much, but those are the only exceptions.




From togo at of.net  Tue Dec 13 02:29:27 2005
From: togo at of.net (Tony Godshall)
Date: Tue, 13 Dec 2005 02:29:27 -0800
Subject: [conspire] Perimeter vs. host-edge security (wqs: MIMO wireless
	cards cheap at Fry's)
In-Reply-To: <20051213054244.GG7646@linuxmafia.com>
References: <mailman.90.1134339678.673.conspire@linuxmafia.com>
	<pan.2005.12.12.06.24.46.677101@gimpelevich.san-francisco.ca.us>
	<20051213022416.GA3018@of.net>
	<20051213054244.GG7646@linuxmafia.com>
Message-ID: <20051213102927.GA10415@of.net>

According to Rick Moen,
> Quoting Tony Godshall (togo at of.net):
> 
> > I always assume Wifi is insecure.  Iptables shields up and all
> > transfers via ssh.  Machines don't even ping.  And even a little
> > security by obscurity on top of that- sshd on a nonstandard port,
> > unique per host (which is also handy when port-forwarding from the
> > router- ssh to multiple hosts from single ip with a little simple
> > $HOME/.ssh/config magic).

...

> Now, I'm not trying to be critical of your approach, Tony, but just
> wanted to call your attention to a security model that differs
> conceptually from yours.  (You probably have a physical layout with an
> incoming "single IP" chokepoint that lends itself better to perimeter
> security, for one thing.)  

...

Yeah, I just use the one static IP.  I'm not sure the
philosophy differs that much... I just have more layers 
and a single IP addr.  Linux boxes are pretty secure 
without the router/firewall and the iptables, and I 
wouldn't hesitate to run them that way if I had the IP 
addrs to spare.  But I do enjoy tweaking the iptables to 
limit even the nature of the systems inside.

The whole point of running sshd with nonstandard port 
numbers started out as a convenience issue rather than a 
security issue- I wanted to be able to get to dude or sena 
or nib from the road.  But why not add a layer of security
by obscurity on top of the rest- as long as you aren't
counting on it.  Sounds like you are doing a little bit of
the same...

> We _do_ have a few monitoring and detection tricks deployed that we
> don't talk about much, but those are the only exceptions.

Say, have you deployed the tarpit module at all?  Looks 
like an altruistic thing to use on spammer-zombies and
ddos'ers (keeps them from moving onto the next victim).
 



From rick at linuxmafia.com  Tue Dec 13 05:14:32 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 13 Dec 2005 05:14:32 -0800
Subject: [conspire] Perimeter vs. host-edge security (wqs: MIMO wireless
	cards cheap at Fry's)
In-Reply-To: <20051213102927.GA10415@of.net>
References: <mailman.90.1134339678.673.conspire@linuxmafia.com>
	<pan.2005.12.12.06.24.46.677101@gimpelevich.san-francisco.ca.us>
	<20051213022416.GA3018@of.net>
	<20051213054244.GG7646@linuxmafia.com>
	<20051213102927.GA10415@of.net>
Message-ID: <20051213131431.GN3859@linuxmafia.com>

Quoting Tony Godshall (togo at of.net):

> Yeah, I just use the one static IP.  I'm not sure the
> philosophy differs that much... I just have more layers 
> and a single IP addr.  Linux boxes are pretty secure 
> without the router/firewall and the iptables, and I 
> wouldn't hesitate to run them that way if I had the IP 
> addrs to spare.  But I do enjoy tweaking the iptables to 
> limit even the nature of the systems inside.

I used to be a wee bit militant in the "I don't need no steenkin' firewall"
department, but have mellowed a bit after seeing different approaches
work well for different people.  Earlier, mostly I'd been seeing people 
shoot themselves in the foot with filtering rulesets -- like the 1980s
boss who entered a set of them into an Ascend router but forgot to save
them to NVRAM.  Next router reboot, no more ruleset -- factory-default
permit policy -- which became apparent when customers started sending
comments about things they liked and didn't on the developers' ftp and
NFS servers.

More often than that is people simply getting the rulesets wrong, and
either crippling security, network functionality, or both.  Not that the
rulesets aren't potentially a good thing, but complexity is the enemy of
reliability to some extent -- and implementing a simple model that you
understand well is often _effectively_ better, in my experience, than
attempting something tricky.

(In part, my attitude is a reaction to pointy-haired managers who
erroenously think throwing more software at any security situation is
the way to improve security, when more often removing software and
simplifying is in general a better remedy.)

> The whole point of running sshd with nonstandard port numbers started
> out as a convenience issue rather than a security issue- I wanted to
> be able to get to dude or sena or nib from the road.  But why not add
> a layer of security by obscurity on top of the rest- as long as you
> aren't counting on it.  Sounds like you are doing a little bit of the
> same...

Well, aside from having some monitoring mechanisms I don't go into
particulars about, all I can think of is making sshd respond on 23/tcp
(telnet port) in addition to 22/tcp (ssh).  That's handy when I
encounter moron outfits that think they're doing themselves a favour by
blocking outbound SSH access -- which happens depressingly often.
(And, after all, I have no other use for inbound telnet on my server.)

> Say, have you deployed the tarpit module at all?  Looks like an
> altruistic thing to use on spammer-zombies and ddos'ers (keeps them
> from moving onto the next victim).

If you mean tarpitting via iptables rules -- e.g.,
IPTables::IPv4::DBTarpit::Tools and the dbtarpit C daemon --  no.  Be
careful of tarpitting techniques:  Anything that plays footsie with
attackers can get you into trouble in a myriad of ways, and I am
extremely wary of automated active defences.  You can easily end up
DoSing yourself.

There are also two distinct types of tarpitting ("teergrubing") sometimes
implemented in SMTP servers.  The truly nasty variety is the one where, 
when your MTA determines that sender is a malware bot or something else
whose time it wishes to chew up, the MTA keeps the delivering remove
machine's socket open for as long as possible, by sending continuation
SMTP messages -- essentially, saying to it "Are you still there?  Please 
keep holding."

I call this "truly nasty" in part because it's a two-edged sword:  It
slows down and hampers the spammers by tying up their resources, but
each socket of theirs that you keep open as long as possible on their
end, is also a socket you're keeping open as long as possible on _your_
end.  You probably have better things to do with your MTA than telling
thousands of spam processes "Please hold."  My MTA therefore doesn't
ever attempt that particular trick.

My MTA does a number of initial checks on incoming SMTP attempts for RFC
compliance, e.g., possession of the required postamaster and abuse
accounts, etc., before passing the incoming SMTP stream through
SpamAssassin.  If SA gives the mail an _extremely_ high spamicity score,
then my MTA applies the gentler variety of mail tarpitting:  450
temporary delivery failure messages.  (Those responses are also used by
greylisting techniques.)

-- 
Cheers,             
Rick Moen                 "Anger makes dull men witty, but it keeps them poor."
rick at linuxmafia.com                                   -- Elizabeth Tudor



From rick at linuxmafia.com  Tue Dec 13 06:05:47 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 13 Dec 2005 06:05:47 -0800
Subject: [conspire] Re: Perimeter vs. host-edge security (wqs: MIMO wireless
	cards cheap at Fry's)
In-Reply-To: <20051213054244.GG7646@linuxmafia.com>
References: <mailman.90.1134339678.673.conspire@linuxmafia.com>
	<pan.2005.12.12.06.24.46.677101@gimpelevich.san-francisco.ca.us>
	<20051213022416.GA3018@of.net>
	<20051213054244.GG7646@linuxmafia.com>
Message-ID: <20051213140547.GA16083@linuxmafia.com>

Typo patrol:

>                     wired                      wired and wireless
>                  IP network                        IP network
>              198.144.195.184/29                    10.0.1.0/24
>  - - - - - - ---------------------------  ------------------------------
>  |           |              |          |  |        |            |      |
> RBC     linuxmafia.com  deirdre.net   Airport    Cheryl's PC   Rick   guest
> router                          ^^^   (DNAT)                 laptop    PC

                          Actually, deirdre.ORG.  Deirdre has deirdre.net 
                          hosted elsewhere.

In my recent follow-up message:

> There are also two distinct types of tarpitting ("teergrubing") sometimes
> implemented in SMTP servers.  The truly nasty variety is the one where,
> when your MTA determines that sender is a malware bot or something else
> whose time it wishes to chew up, the MTA keeps the delivering remove
                                                                    ^
                                                                remote
> machine's socket open for as long as possible, by sending continuation
> SMTP messages -- essentially, saying to it "Are you still there?  Please
> keep holding."


Also, just to clarify:

> We _do_ have a few monitoring and detection tricks deployed that we
> don't talk about much, but those are the only exceptions.

What I'm mostly talking about are "canaries" of various sorts, e.g., IDS
mechanisms and system/network analysis.

One of the principles of network design is "defence in depth".
Unfortunately, many -- maybe even most -- people misinterpret this
dictum as meaning "add more layers", which is not in itself necessarily 
a good thing at all, and is often outright harmeful.

For an example of how people shoot themselves in the foot with
gadet-freak security software, please see:  "Portsentry Considered
Harmful" on http://linuxmafia.com/kb/Security




From rick at linuxmafia.com  Tue Dec 13 06:34:19 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 13 Dec 2005 06:34:19 -0800
Subject: [conspire] Re: penlug DNS seems to be down...
In-Reply-To: <3d2fe1780512121352i23c443d6of51c375d6e91863@mail.gmail.com>
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
	<3d2fe1780512110142k8caa811i6e00388cf563f773@mail.gmail.com>
	<20051212062231.GM20139@linuxmafia.com>
	<3d2fe1780512121352i23c443d6of51c375d6e91863@mail.gmail.com>
Message-ID: <20051213143419.GI7646@linuxmafia.com>

Quoting Bill Ward (bill at wards.net):

[Apologies if I slightly injure threading by using the wrong In-Reply-To
header, but I've already deleted your post, and so am quoting it from
the Web archive.]

> Well, I assume you've heard about the whole Ebay Christmas issue?  It
> seems someone phished ebay and did some domain registration hijinks on
> Ebay's behalf using joker.com, and joker.com was unresponsive when
> Ebay tried to breathe down their necks about it.  They ended up
> getting Network Solutions to pull the plug on that domain, and my
> guess is somehow that ended up affecting joker itself. 

Covered by the fellow who attempted to end the phishing scam in
question, on his blog at
http://richi.co.uk/blog/2005/12/ebay-phishing-saga-in-summary.html :

  Thursday, December 08, 2005
  eBay phishing saga; in summary...

  (VRSN)(EBAY)
  Last week I noted a problem reporting a phishing email to eBay. I'm
  pleased to report that the phishing website -- ebaychristmas.net -- is
  now down. However, I'm not pleased to report how long it took. The
  detail behind the delay is instructive...

  From first report to takedown took 13 days (November 25 to December 7),
  which is simply unacceptable. However, despite the hilarious response
  (http://richi.co.uk/blog/2005/12/ebays-anti-phishing-desk-sucks.html)
  from their "Trust and Safety Department," you should note that eBay
  wasn't the main factor in this delay. Indeed, the company claims that it
  first started takedown proceedings on November 8.

  The main issue was that the phishing webserver was hosted on a botnet of
  virus-compromised PCs. The DNS entry for the web site served up a
  sequence of IP addresses, so that requests for the webpage could go to
  one of many machines. In other words, taking down "the website" wasn't
  an option.

  Removing the DNS entry was the only practical takedown option. However,
  the DNS registrar for the domain -- Joker.com, a small company based in
  Switzerland -- was completely unresponsive to all requests to
  investigate. Finally, it seems Verisign -- the controller of the .net
  top-level domain stepped in and removed authority for ebaychristmas.net
  away from Joker.com. Now requests for the web site come back "no such
  host."

  This sorry saga illustrates the fact that it's important for domain
  registrars to act quickly and responsibly when abuses such as phishing
  are brought to their attention. Authorities upstream of the registrar
  need to be able to exercise some sort of leverage if they don't act.

  Things have calmed down a little on the site now, but please feel free
  to click an interesting advertisement to help me pay for bandwidth!


Coverage at:  
http://news.yahoo.com/s/pcworld/20051206/tc_pcworld/123842
http://www.pcmag.com/article2/0,1895,1897035,00.asp

(None of this casts any light on why _all_ of joker.com's namservers
simultaneously dropped off the Net over the weekend, but it's
interesting, anyway.)




From dmarti at zgp.org  Tue Dec 13 10:13:27 2005
From: dmarti at zgp.org (Don Marti)
Date: Tue, 13 Dec 2005 10:13:27 -0800
Subject: [conspire] No Sony DRM around here; I'm proud of you
In-Reply-To: <20051213044303.GA2462@sasquatch-infotech.com>
References: <mailman.60.1134103066.673.conspire@linuxmafia.com>
	<pan.2005.12.09.07.10.24.865255@gimpelevich.san-francisco.ca.us>
	<mailman.61.1134118148.673.conspire@linuxmafia.com>
	<pan.2005.12.09.08.54.01.790684@gimpelevich.san-francisco.ca.us>
	<mailman.63.1134119090.673.conspire@linuxmafia.com>
	<pan.2005.12.09.09.31.24.807759@gimpelevich.san-francisco.ca.us>
	<20051209174649.GI20139@linuxmafia.com>
	<1851b6c80512111117u34ecbeb7y11e67c20ff5bd5d0@mail.gmail.com>
	<20051212053126.GL20139@linuxmafia.com>
	<20051213044303.GA2462@sasquatch-infotech.com>
Message-ID: <20051213181327.GA18400@zgp.org>

begin Jeff Frasca quotation of Mon, Dec 12, 2005 at 08:43:03PM -0800:

> [1] Funny note about their native ports: they started this with
> Quake.  A cracker broke into their servers, stole the Quake code
> and posted it on the 'net.  A friendly Linux hacker ported it and
> sent a patch back to Id.  Instead of prosecuting, they accepted
> the patch and released the port.  They've ported every engine 
> since. 

Doom came out for Linux in 1994.  Dave Taylor: "Be
a pal and don't pirate doom.wad and doom2.wad it if
you'd be so kind."

...

"I did this 'cause Linux gives me a woody.  It doesn't
generate revenue.  Please don't call or write us with
bug reports."

http://www.ibiblio.org/pub/historic-linux/distributions/slackware/2.1/contrib.4cd/linux-x-doom/README.linux

-- 
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org



From dmarti at zgp.org  Tue Dec 13 10:26:17 2005
From: dmarti at zgp.org (Don Marti)
Date: Tue, 13 Dec 2005 10:26:17 -0800
Subject: [conspire] Perimeter vs. host-edge security (wqs: MIMO wireless
	cards cheap at Fry's)
In-Reply-To: <20051213131431.GN3859@linuxmafia.com>
References: <mailman.90.1134339678.673.conspire@linuxmafia.com>
	<pan.2005.12.12.06.24.46.677101@gimpelevich.san-francisco.ca.us>
	<20051213022416.GA3018@of.net>
	<20051213054244.GG7646@linuxmafia.com>
	<20051213102927.GA10415@of.net>
	<20051213131431.GN3859@linuxmafia.com>
Message-ID: <20051213182617.GB18400@zgp.org>

begin Rick Moen quotation of Tue, Dec 13, 2005 at 05:14:32AM -0800:

> I call this "truly nasty" in part because it's a two-edged sword:  It
> slows down and hampers the spammers by tying up their resources, but
> each socket of theirs that you keep open as long as possible on their
> end, is also a socket you're keeping open as long as possible on _your_
> end.  You probably have better things to do with your MTA than telling
> thousands of spam processes "Please hold."  My MTA therefore doesn't
> ever attempt that particular trick.

The main problem I see with this one is that I've
already turned down the number of incoming SMTP
connections I'm willing to accept, to account for the
spam-filtering software that gets run for each one.

100 Postfix smtpd processeses: fine.  100 smtpds plus
100 spamc processes plus a busy spamd: not fine.

And since I can't really tell if one of my relatively
few smtpd processes is going to be just ticking
along teergrubing or clobbering the server with
regular expressions, I have to assume the latter,
and not teergrube.

-- 
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org



From sigje at sigje.org  Tue Dec 13 11:04:14 2005
From: sigje at sigje.org (Jennifer Davis)
Date: Tue, 13 Dec 2005 11:04:14 -0800 (PST)
Subject: [conspire] December 15: BayLISA Short But Cools (THIS THURSDAY)
In-Reply-To: <Pine.NEB.4.63.0511171219160.1926@slick.sigje.org>
References: <Pine.NEB.4.60.0505111310570.25667@slick.sigje.org>
	<Pine.NEB.4.60.0508271208430.6387@slick.sigje.org>
	<Pine.NEB.4.60.0510211804100.23909@slick.sigje.org>
	<Pine.NEB.4.63.0511171219160.1926@slick.sigje.org>
Message-ID: <Pine.NEB.4.63.0512131042110.10103@slick.sigje.org>


  Date: Thursday, December 15 2005
  Where: Apple Campus 4 Infinite Loop, Cupertino California in
  Garage 1 (room upstairs)
  Free and Open to the General Public!

  7:15 pm Socialize
  7:30 pm Introductions and announcements
  7:35 pm SBCs from
       JS Riehl - Novell and Linux
       Steve Hand - Xen
       Andre Stechert - Splunk
       Ben Rockwood - OpenSolaris
       Satish Dharmaraj and Anand Palaniswamy - Zimbra
       Matthew Dillow - DragonFly Project

   It's a packed evening.. so be on time or you _will_ miss parts of the
   presentations.  Food and drink will be provided!  We also have some give
   aways, and books for review from Apress, O'Reilly, and Addison Wesley.

   Remember, these are shorter style presentations.. Times will be
   monitored closely.  If you really enjoy any (or all) particular talk
   let us know and we'll schedule a longer talk.

   For detailed information about the topics please look at the BayLISA
   website http://www.baylisa.org.

   rsvp at rsvp at baylisa.org.





From ajd at adavies.net  Tue Dec 13 11:20:41 2005
From: ajd at adavies.net (Alan)
Date: Tue, 13 Dec 2005 11:20:41 -0800
Subject: [conspire] Off Topic: Looking for a Bay Area group that supports
	Microsoft desktop/laptops.
Message-ID: <439F1F09.50308@adavies.net>

Hi All,

I've been looking for a group of people that meet on a regular basis in 
the bay area dealing with corporate Microsoft systems.  I'm a help desk 
manager that's looking to share and develop new ideas particulary around 
MS desktop/laptop OS's.  If you know of such a group please let me know.

Regards,
Alan Davies




From mark at cosmicpenguin.com  Tue Dec 13 13:53:52 2005
From: mark at cosmicpenguin.com (Mark S Bilk)
Date: Tue, 13 Dec 2005 13:53:52 -0800
Subject: [conspire] Off Topic: Looking for a Bay Area group that supports
	Microsoft desktop/laptops.
In-Reply-To: <439F1F09.50308@adavies.net>
References: <439F1F09.50308@adavies.net>
Message-ID: <20051213215352.GB9558@linux.hsd1.ca.comcast.net>

On Tue, Dec 13, 2005 at 11:20:41AM -0800, Alan wrote:
>Hi All,
>
>I've been looking for a group of people that meet on a regular basis in 
>the bay area dealing with corporate Microsoft systems.  I'm a help desk 
>manager that's looking to share and develop new ideas particulary around 
>MS desktop/laptop OS's.  If you know of such a group please let me know.
>
>Regards,
>Alan Davies

Sounds like you want the Church of Satan, but I don't know 
if they have a branch around here.

  Mark




From deirdre at deirdre.net  Tue Dec 13 14:08:26 2005
From: deirdre at deirdre.net (Deirdre Saoirse Moen)
Date: Tue, 13 Dec 2005 14:08:26 -0800
Subject: [conspire] Off Topic: Looking for a Bay Area group that supports
	Microsoft desktop/laptops.
In-Reply-To: <20051213215352.GB9558@linux.hsd1.ca.comcast.net>
References: <439F1F09.50308@adavies.net>
	<20051213215352.GB9558@linux.hsd1.ca.comcast.net>
Message-ID: <C6FE2249-21CE-4EF0-87BC-8C492D461A0B@deirdre.net>


On Dec 13, 2005, at 1:53 PM, Mark S Bilk wrote:

> Sounds like you want the Church of Satan, but I don't know
> if they have a branch around here.

I was just gonna say "Good luck with that" but that *that* sounded  
too snarky.

Seriously, though, I'd check places like sdforum. Even if they don't  
have them, people who attend their events may know where to find one.  
Other than that, I'd have no idea where one would look (but I  
consider that a feature in my life).

-- 
_Deirdre                                             http://deirdre.net





From ajd at adavies.net  Tue Dec 13 14:37:42 2005
From: ajd at adavies.net (Alan)
Date: Tue, 13 Dec 2005 14:37:42 -0800
Subject: [conspire] Off Topic: Looking for a Bay Area group that supports
	Microsoft desktop/laptops.
In-Reply-To: <20051213215352.GB9558@linux.hsd1.ca.comcast.net>
References: <439F1F09.50308@adavies.net>
	<20051213215352.GB9558@linux.hsd1.ca.comcast.net>
Message-ID: <439F4D36.2000702@adavies.net>

Yes, but it pays the bills and I actually like the work I do.  I also 
means I get to spend my free time working on worthwhile systems.  When 
it comes to a certain group of computer inept folks XP is not a bad 
solution.

Mark S Bilk wrote:

>On Tue, Dec 13, 2005 at 11:20:41AM -0800, Alan wrote:
>  
>
>>Hi All,
>>
>>I've been looking for a group of people that meet on a regular basis in 
>>the bay area dealing with corporate Microsoft systems.  I'm a help desk 
>>manager that's looking to share and develop new ideas particulary around 
>>MS desktop/laptop OS's.  If you know of such a group please let me know.
>>
>>Regards,
>>Alan Davies
>>    
>>
>
>Sounds like you want the Church of Satan, but I don't know 
>if they have a branch around here.
>
>  Mark
>
>
>
>  
>




From rick at linuxmafia.com  Tue Dec 13 14:45:28 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 13 Dec 2005 14:45:28 -0800
Subject: [conspire] Off Topic: Looking for a Bay Area group that supports
	Microsoft desktop/laptops.
In-Reply-To: <439F4D36.2000702@adavies.net>
References: <439F1F09.50308@adavies.net>
	<20051213215352.GB9558@linux.hsd1.ca.comcast.net>
	<439F4D36.2000702@adavies.net>
Message-ID: <20051213224528.GL7646@linuxmafia.com>

Quoting Alan (ajd at adavies.net):

> Yes, but it pays the bills and I actually like the work I do.  I also 
> means I get to spend my free time working on worthwhile systems.  When 
> it comes to a certain group of computer inept folks XP is not a bad 
> solution.

I'm glad that works for you, and am considering creating a mailing list
to help support your business, offtopic at linuxmafia.com .  ;->
</tongue align="cheek">
</hat identity="just some guy">

-- 
Cheers,             
Rick Moen                 "Anger makes dull men witty, but it keeps them poor."
rick at linuxmafia.com                                   -- Elizabeth Tudor



From phaedrus at sasquatch-infotech.com  Tue Dec 13 15:04:38 2005
From: phaedrus at sasquatch-infotech.com (Jeff Frasca)
Date: Tue, 13 Dec 2005 15:04:38 -0800
Subject: [conspire] Off Topic: Looking for a Bay Area group that supports
	Microsoft desktop/laptops.
In-Reply-To: <20051213215352.GB9558@linux.hsd1.ca.comcast.net>
References: <439F1F09.50308@adavies.net>
	<20051213215352.GB9558@linux.hsd1.ca.comcast.net>
Message-ID: <20051213230438.GA1042@sasquatch-infotech.com>

On Tue, Dec 13, 2005 at 01:53:52PM -0800, Mark S Bilk wrote:
> On Tue, Dec 13, 2005 at 11:20:41AM -0800, Alan wrote:
> >Hi All,
> >
> >I've been looking for a group of people that meet on a regular basis in 
> >the bay area dealing with corporate Microsoft systems.  I'm a help desk 
> >manager that's looking to share and develop new ideas particulary around 
> >MS desktop/laptop OS's.  If you know of such a group please let me know.
> >
> >Regards,
> >Alan Davies
> 
> Sounds like you want the Church of Satan, but I don't know 
> if they have a branch around here.

Last time I had to admin an NT box was in High School, and the
thing was finicky (it would occasionally do the full on BSOD, in
all its register-dump-to-the-screen glory, there was nothing to do
beside reboot the stupid thing).  

Eggnog, one of the other techs, was particularly good with the NT 
server and the windows boxes.  One day, he brought his satanic 
bible (no joke.  Black cover, big upside-down pentagram, looked 
like it came out of a Quake map).  I saw it and became enlightened.

Jeff
-- 



From rick at linuxmafia.com  Tue Dec 13 15:57:43 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 13 Dec 2005 15:57:43 -0800
Subject: [conspire] Off Topic: Looking for a Bay Area group that supports
	Microsoft desktop/laptops.
In-Reply-To: <439F1F09.50308@adavies.net>
References: <439F1F09.50308@adavies.net>
Message-ID: <20051213235743.GM7646@linuxmafia.com>

Quoting Alan (ajd at adavies.net):

> I've been looking for a group of people that meet on a regular basis in 
> the bay area dealing with corporate Microsoft systems.  I'm a help desk 
> manager that's looking to share and develop new ideas particulary around 
> MS desktop/laptop OS's.  If you know of such a group please let me know.

Just to confuse everyone, here's a serious answer:  You might try
SFNTUG, http://www.sfntug.org/ .  It's a predominently Microsoft-centric
user group in San Francisco (and some other cities), run by a guy named
Doug Spindler.  I've never been to one of their meetings, but Doug at
least seems a very active and intelligent guy.

The "SFNTUG" moniker _lately_ has been considered to stand for "San
Francisco Networking Technologies Users Group", as part of their effort
to branch out beyond, well, NT.  "NT" used to stand for that other thing.

Looks like their flagship San Francisco branch meets first Tuesday,
evenings.

Personally, I would rather spend my own valuable volunteer time dealing
with open source, and that users of legacy proprietary operating systems
are best referred to paid technical support
(http://zgp.org/~dmarti/linuxmanship/#enabler), but it's your spare time
to spend, in this case.




From togo at of.net  Tue Dec 13 21:45:24 2005
From: togo at of.net (Tony Godshall)
Date: Tue, 13 Dec 2005 21:45:24 -0800
Subject: being a sharecropper in your own mind [Re: [conspire] Off Topic:
	Looking for a Bay Area group that supports Microsoft desktop/laptops.]
In-Reply-To: <C6FE2249-21CE-4EF0-87BC-8C492D461A0B@deirdre.net>
References: <439F1F09.50308@adavies.net>
	<20051213215352.GB9558@linux.hsd1.ca.comcast.net>
	<C6FE2249-21CE-4EF0-87BC-8C492D461A0B@deirdre.net>
Message-ID: <20051214054524.GA8646@of.net>

According to Deirdre Saoirse Moen,
> 
> On Dec 13, 2005, at 1:53 PM, Mark S Bilk wrote:
> 
> >Sounds like you want the Church of Satan, but I don't know
> >if they have a branch around here.
> 
> I was just gonna say "Good luck with that" but that *that* sounded  
> too snarky.
...
> Personally, I would rather spend my own valuable volunteer
> time dealing with open source, and that users of legacy proprietary
> operating systems are best referred to paid technical support
> (http://zgp.org/~dmarti/linuxmanship/#enabler), but it's your spare time
> to spend, in this case.

What's the famous quote about how developing an expertise in
proprietary technology is akin to being a sharecropper in
your own mind?

A quick google search found me a nice geek discussion of it here...

  http://slashdot.org/article.pl?sid=03/07/13/1557256&mode=thread&tid=185

...and it apparently came from this nice rant...

  http://www.tbray.org/ongoing/When/200x/2003/07/12/WebsThePlace

...and the original observation by Robb Beal about coding
for the Apple OS...

  http://www.tbray.org/ongoing/When/200x/2003/06/06/DC-Day4





From togo at of.net  Tue Dec 13 21:51:02 2005
From: togo at of.net (Tony Godshall)
Date: Tue, 13 Dec 2005 21:51:02 -0800
Subject: being a sharecropper in your own mind [Re: [conspire] Off Topic:
	Looking for a Bay Area group that supports Microsoft desktop/laptops.]
In-Reply-To: <20051214054524.GA8646@of.net>
References: <439F1F09.50308@adavies.net>
	<20051213215352.GB9558@linux.hsd1.ca.comcast.net>
	<C6FE2249-21CE-4EF0-87BC-8C492D461A0B@deirdre.net>
	<20051214054524.GA8646@of.net>
Message-ID: <20051214055102.GA11438@of.net>


Attribution correction and additional comment...

> According to Tony Godshall,
> > According to Deirdre Saoirse Moen,
> > > 
> > > On Dec 13, 2005, at 1:53 PM, Mark S Bilk wrote:
> > > 
> > > >Sounds like you want the Church of Satan, but I don't know
> > > >if they have a branch around here.
 
[Diedre]
> > > I was just gonna say "Good luck with that" but that *that* sounded  
> > > too snarky.

I love snarky!  Doesn't everyone?  My favorite news 
program has become Countdown with Keith Olberman on MSNBC.

[Rick]
> > Personally, I would rather spend my own valuable volunteer
> > time dealing with open source, and that users of legacy proprietary
> > operating systems are best referred to paid technical support
> > (http://zgp.org/~dmarti/linuxmanship/#enabler), but it's your spare time
> > to spend, in this case.

Oh, wait.  I went and read Don Marti's article.  Further
down he makes it clear that everyone does *not* love snarky.
Particularly it seems those who've made other choices.  I
guess flame is snarky carried too far.
 
> What's the famous quote about how developing an expertise in
> proprietary technology is akin to being a sharecropper in
> your own mind?
> 
> A quick google search found me a nice geek discussion of it here...
> 
>   http://slashdot.org/article.pl?sid=03/07/13/1557256&mode=thread&tid=185
> 
> ...and it apparently came from this nice rant...
> 
>   http://www.tbray.org/ongoing/When/200x/2003/07/12/WebsThePlace
> 
> ...and the original observation by Robb Beal about coding
> for the Apple OS...
> 
>   http://www.tbray.org/ongoing/When/200x/2003/06/06/DC-Day4
> 
> 

-- 

Best Regards,

Tony




From rick at linuxmafia.com  Wed Dec 14 02:10:00 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Wed, 14 Dec 2005 02:10:00 -0800
Subject: [conspire] Lupper redux
Message-ID: <20051214100959.GN20384@linuxmafia.com>

Since http://linuxmafia.com/~rick/faq/index.php?page=virus#virus5
aspires to document all Linux malware, I've just caught up regarding the
Lupper worm:


NAME:  Lupper (Lupii, Plupii)
APPEARED:  Nov. 11, 2005.
VULNERABLE:  PHPXMLRPC messaging library v. 1.1.1, via URL input
validation bug enabling execution of arbitrary PHP.  Fixed Aug. 8, 2005.
VULNERABLE:  AWstats Web-statistics Perl CGI script, v. 6.3, via a URL
input validation bug.  Fixed June 10, 2005.
VULNERABLE:  Darryl C. Burgdorf's WebHints proprietary "thought for the
day" Perl CGI script, v. 1.02, has _zero_ URL input validation, a design
failure publicised May 9, 2005.  (References to v. 1.03 and 1.3 are in
error.)
VULNERABLE:  Jimmy's "The Includer" proprietary SSI-emulation Perl CGI
script v. 1.1, has _zero_ URL input validation, a design failure
publicised March 3, 2005.

This worm -- exploiting vulnerabilities already fixed or eliminated for
three, five, six, and eight months, respectively -- derived from the
earlier Slapper worm codebase.  Thus far, it exists only as an i386 Linux
binary, fetched to target Web servers' /tmp directory by one of the four
obsolete, vulnerable Web apps, and then run as httpd.  One of those
exploits (against PHPXMLRPC) would work equally well (after recompiling
the worm) on any operating system.  The others invoke Bourne-like shells
(and thus are feasible on any Unix, but on MS-Windows only with Cygwin,
etc.).  The AWstats exploit also calls wget, via buggily-parsed URL input
of the form "configdir=|program".

The Includer and WebHints CGIs' failures to validate input are total:
URLs "http://www.example.com/hints.pl?|program|",
"http://www.example.com/includer.cgi?|program|", and
"http://www.example.com/includer.cgi?template=|program|" all remotely
execute "program".  However, it's important to note that 
_neither is packaged_ by Linux istributions:  Either would have to be
downloaded and installed manually by an admin of uncommonly bad
judgement.

The AWstats CGI, by contrast, is sometimes packaged but never to the
best of my ability to tell installed by default, in any Linux
distribution:  It has historically been notorious for input validation
flaws, and thus is best run in its optional configuration that generates
static HTML pages (http://www.debian-administration.org/articles/85) ,
rather than its default CGI mode.

PHPXMLRPC is usually offered via optional, supplemental PHP-add-ons
packages but is never to the best of my ability to tell installed by
default, in any Linux distribution.  Like the related and identically
vulnerable (fixed the same day, but not attacked so far by this worm)
PEAR XML-RPC v. 1.3.3 messaging library, it would probably get installed
as part of overfeatured, developed PHP-based Web applications such as
Ampache, b2evolution, egroupware, MailWatch for MailScanner, Nucleus
CMS, phpmyfaq, phpPgAds, phpgroupware, PostNuke, TikiWiki, and Xaraya;
plus older versions of Civicspace and Drupal.

(The two PHP-coded XML-RPC implementations should not be confused with
PHP's optional xmlrpc-epi extension, in C, included with PHP since v.
4.10, or various other non-PHP implementations.)

One lesson that's common to all of those exploits is that Linux
Web-server admins need to be extra careful of applications that will
process public data, e.g., via URL input, and doubly careful (lest they
miss needed fixes) of any they choose to install outside their
distributions' regular maintenance regimes.  As it happens, the worm
requires rather rare (not to mention old) Web-app vulnerabilties, and
extremely few systems have been reported affected.  ("Affected" means
that the attacker can compromise the httpd process but not the Web host
as a whole, without some separate and more serious method to compromise
the machine.)




From dmarti at zgp.org  Wed Dec 14 09:12:32 2005
From: dmarti at zgp.org (Don Marti)
Date: Wed, 14 Dec 2005 09:12:32 -0800
Subject: being a sharecropper in your own mind [Re: [conspire] Off Topic:
	Looking for a Bay Area group that supports Microsoft desktop/laptops.]
In-Reply-To: <20051214055102.GA11438@of.net>
References: <439F1F09.50308@adavies.net>
	<20051213215352.GB9558@linux.hsd1.ca.comcast.net>
	<C6FE2249-21CE-4EF0-87BC-8C492D461A0B@deirdre.net>
	<20051214054524.GA8646@of.net> <20051214055102.GA11438@of.net>
Message-ID: <20051214171232.GA22358@zgp.org>

begin Tony Godshall quotation of Tue, Dec 13, 2005 at 09:51:02PM -0800:

> Oh, wait.  I went and read Don Marti's article.  Further
> down he makes it clear that everyone does *not* love snarky.
> Particularly it seems those who've made other choices.  I
> guess flame is snarky carried too far.

I'm going to quote the great Dr. Phil here.

"When you choose the behavior, you choose the
consequences."

When a user clicks "OK" on that proprietary EULA,
he or she is choosing to leave the normal human
world -- free markets, academic freedom, and all our
"kindergarten values" such as sharing and taking
turns -- for the dismal, authoritarian, micromanaged
EULA-land, where information cannot change hands
except under the watchful eyes of the EULA.

I'm for making the inhabitants of EULA-land play
by their own chosen rules, and not sneaking in to
prop up their broken system.  I won't be impolite
about it, but it's not like the EULA-landers are
North Koreans being starved out by their broken
top-down system -- they just have computer problems,
and they won't get shot at for going over the wire.
(hint: https://shipit.ubuntu.com/)

> > ...and the original observation by Robb Beal about coding
> > for the Apple OS...
> > 
> >   http://www.tbray.org/ongoing/When/200x/2003/06/06/DC-Day4

I said something like that about the Be and Amiga
platforms in 1999.

http://lists.svlug.org/pipermail/svlug/1999-October/020620.html


Just in case you feel like thinking about this kind
of stuff, here's some (pre-Sony spyware) thinking
out loud -- with links to Seth Schoen, Karsten Self,
and Jakob Nielsen -- that leads toward, but doesn't
quite pin down, the idea that the spyware problem and
the proprietary software problem are the same problem.

http://zgp.org/~dmarti/blosxom/freedom/user-education.html

-- 
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org



From daniel at gimpelevich.san-francisco.ca.us  Wed Dec 14 17:16:49 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Wed, 14 Dec 2005 17:16:49 -0800
Subject: [conspire] penlug DNS seems to be down...
References: <1851b6c80512101938g5b3a620se7f6da7df32ad641@mail.gmail.com>
	<20051212092902.GB7646@linuxmafia.com>
	<1851b6c80512121337x7eb730b8jf4bd65fecf12f721@mail.gmail.com>
	<mailman.100.1134429043.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.15.01.16.46.876494@gimpelevich.san-francisco.ca.us>

Have you ever, when hearing about somebody doing something stupid and then
facing the consequences, been glad it wasn't you, while at the same time,
doing the exact same stupid thing? My SOA record has ns1.granitecanyon.com
as my primary DNS server. My registrar had that in their records, along
with ns1.zoneedit.com and ns3.zoneedit.com, which I had set up to get the
zonefile from ns1.granitecanyon.com. At some point I added a fourth NS
record to my zonefile for ns2.granitecanyon.com, but neglected to contact
my registrar. That wasn't causing any problems -- or so it seemed. This
week, I attempted to send an e-mail message to a bug number at
bugs.debian.org, and it bounced with a 451 error. I tried to resend the
following day, and this time it was silently discarded without even a
bounce message. When I googled the Debian mailing lists for 451 errors
from bugs.debian.org, I came across an incident where someone who had a
debian.org e-mail address, and also an address at their own domain, had
set up his zonefile in a way that was somehow interfering with the exim
configuration on the master.debian.org server. This left me wondering
"What if master.debian.org is the MX record for bugs.debian.org?" The
first thing I did then was go to http://www.dnsstuff.com in order to see
whether they had some no-fuss MX record lookup tool, but a link on their
front page immediately caught my eye that I never noticed before:
http://www.dnsstuff.com/tools/my-ip-address.ch
I decided to click it. Then my blissful obliviousness came to an end. I
was shocked and awed by the sight of the "Reverse DNS authenticity" line
telling me that my domain would not resolve. In a panic, I went ahead and
got the full DNS report on myself, and it became clear what had happened:
Some time ago, ns1.granitecanyon.com stopped responding. Eventually, the
SOA EXPIRE value had elapsed, and the ZoneEdit servers tried to get my
zonefile again. After being unable to do so, rather than report stale
data, they started making referrals. This left ns2.granitecanyon.com as
the only authoritative nameserver that would give a valid response, but
nobody was checking that one because it wasn't listed at my registrar,
despite my NS record. The last time I dealt with my registrar, they said I
should e-mail them instead of calling, but this time I was luckily able to
get them on the phone quickly by referencing an e-mail support ticket
number from three and a half years ago. They said they'd add the extra
nameserver within the hour, and if I needed anything else, I could call
back and reference that same ticket number. It took considerably longer
than that for their authoritative parent servers to reflect the change,
but I didn't wait for that. I told the ZoneEdit servers to get their
information from ns2.granitecanyon.com instead of ns1, and shortly
thereafter, ns1.zoneedit.com was making my domain resolve again. As soon
as I saw that, I resent that old e-mail through bugs.debian.org, and it
went through. Unfortunately, I am now getting the feeling that I am
lapsing back into blissful obliviousness to my DNS situation, so expect
more such foolishness from me in the future.

On Mon, 12 Dec 2005 15:10:37 -0800, Rick Moen wrote:

> Quoting Peter Knaggs (peter.knaggs at gmail.com):
> 
>>    Wow, thanks for your explanation.
> 
> No problem.  Since I'm on an "explain DNS" kick, I may do at least one 
> follow-up to my December 2005 "The Basics of DNS" article in _Linux Gazette_, 
> attempting to cover such matters.  In that article, you may have
> noticed, I explained about the four flavours of DNS service, explained
> the first three & showed that they were dead simple, and mostly punted
> on the fourth one, primary authoritative service.  Which is of course
> what we're talking about, now.
> 
>>    So when you hinted about offering to do
>>    secondary DNS, would that mean we'd need
>>    to get the .org nameserver to add an NS entry
>>    for ns1.linuxmafia.org (and a glue record for
>>    ns1.linuxmafia.org pointing it to the real
>>    ns1.linuxmafia.com)? Sounds complicated :)
> 
> There's a simple way, and there's a slightly more complex but better
> way.
> 
> The simple way is just add an "NS" record for ns1.linuxmafia.com.  Boom,
> done.  You would have to add that to both the penlug.org zonefile and
> in the domain records at the registrar.  (The one aspect of primary
> authoritative DNS that people most often get wrong is failing to update
> records at the registrar when they change nameservers' NS or A records
> in their zonefiles.)
> 
> The more-complex way is to first add NS and A records in penlug.org's
> zonefile for new hostname "ns4.penlug.org", with the A record pointing
> to ns1.linuxmafia.com's IP.  Then -- per usual -- do the same in records
> at the registrar.  Again, boom, done.
> 
> In either case, someone would also have to adjust the master
> nameserver's security controls (ACLs) to let my IP pull down the zonefile
> from it.
> 
> But that's really all that's required.  Everything else is automatic, 
> and I would neither have nor want any involvement in the actual contents
> of penlug.org's DNS, that being controlled 100% at the master
> nameserver, which according to the zonefile is "a.ns.joker.com".  The
> only difference is, PenLUG would have greater redundancy.



From rick at linuxmafia.com  Wed Dec 14 18:04:50 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Wed, 14 Dec 2005 18:04:50 -0800
Subject: [conspire] Another DNS trick: Making domains go away
Message-ID: <20051215020449.GD9804@linuxmafia.com>

One of the invited talks at the 2005 LISA conference was "Internet
Counter-Intelligence: Offense and Defense", by Lance Cottrell, head of
Anonymizer, Inc.  In part, he detailed what one might term just how low 
Internet-using companies tend to go, in their manipulation of their 
customers through technical means.  Jim Dennis, who was attending with
me, also found the talk very worthwhile and technically valuable, but 
mentioned as we left that his biggest reaction was one of irritation --
not at Cottrell, but rather at Internet businesses.

Cottrell went into a fair amount of detail about how a surprisingly high
percentage of firms deploy user-tracking and IP-geolocation services to
ensure their ability to set differential pricing.  In part, that means
offering lower prices in some places than others:  He gave the example
of a real-life purchase of some expensive computer gear that the same
firm offered at _twice_ the price to people browsing from European IP 
addresses than to those coming from American IPs.

Mostly, though, the firms work really hard to ensure that competitive,
attractive pricing is offered _only_ to newer customers, and that they
gradually (but invisibly) jack up greatly the prices offered to you
once you're an established customer.  He commented:  Forget about
rewarding customer loyalty.  The opposite is the general rule.

There's some danger that you, reading this, might think the syndrome
occurs with companies some _other_ people deal with, in part because I
can't remember many of the numerou everyday company names he cited:  I
remember that Amazon.com and Barnes & Noble were among them, and many
others -- and we're not talking trivial price differences, either.

To Cottrell's credit, he didn't present this talk primarily as a sale
pitch for Anonymizer's proxying service, that among other things 
completely hides your network location.  But because of his experience
with that project, his analysis was fully credible.


On the drive back from LISA, aspects of Cottrell's talk (of which there
were others, such as IP-blocking and forging for political and business
reasons, information leakage, and the uses of those data in competitive
business intelligence efforts) kept colliding in my head with a
longstanding project of mine:

Many, many years ago, I started wanting for various reasons to want to
make particular hostnames, domains, and IP addresses evaporate from my
experience of the Internet.  Among the first Internet entities to annoy
me to that extent was Doubleclick.net (now owned by Microsoft
Corporation).  Around the 1980s, something they were doing annoyed me
enough that they were the first crash-test dummy for my "make things go
away" project.  At first, this was in /etc/hosts and similar
static-lookup files, which on account of some obvious drawbacks didn't
work too well:

127.0.0.2  ad.doubleclick.net
127.0.0.3  missed-me.doubleclick.net
127.0.0.4  another-one.doubleclick.net
127.0.0.5  tom.doubleclick.net
127.0.0.6  dick.doubleclick.net
127.0.0.7  harry.doubleclick.net

This sort of thing made a huge number of banner ads (etc.) go away, by
mapping their hostnames to my loopback network interface, but the supply
of new hostnames was endless, plus it helped only that one machine (that
had the /etc/hosts file), plus it didn't catch traffic fetched by IP
address.

The more-comprehensive solution (including catching references by IP) was
something elaborate like Junkbuster, but I wanted to see if there was an
easy 95% solution.


Pretty soon, I remembered:  "Oh, wait!  I run a DNS nameserver."  Which
provided an easy way to make all of *.doubleclick.net go bye-bye, in 
one easy step, inside /etc/bind/named.conf.local:

  //doubleclick.net must die.  Internet advertisers (DoubleClick, Inc.).
  zone "doubleclick.net" {
          type master;
          allow-query { any; };
          file "/etc/bind/advertisers.zone";
  };

Even if you never create /etc/bind/advertisers.zone at all, it still
works because you've said "Pay no attention to any other nameserver's 
information about Doubleclick.net hostnames:  I know all."  But here's 
the advertisers.zone file I created, anyway:

  $TTL 86400
  ;Generic make-advertisers-go-away zonefile.  Put YOUR IP address in the 
  ;A line, and YOUR nameserver name in the NS line.
  @	IN	SOA	ns1.linuxmafia.COM.		rick.deirdre.NET. (
  			2005112300		; serial
  			7200			; refresh 3 hours
  			3600			; retry 1 hour
  			2419200			; expire 1000 hours
  			86400 			; minimum 24 hours
  			)		
  ;
  		IN	NS	ns1.linuxmafia.com.
  *		IN	A	198.144.195.186

The wildcard "A" line resolves *.doubleclick.net to my hostname.  You 
could of course map it to somewhere else creative, or whatever you wish. 
The point is, _no_ call to those hostnames to pick up a cookie, a banner 
ad, a "Web bug" (or "beacon") 1x1 pixel GIF, or anything else is going
to get out to those bloodsuckers.  Effectively, they get summarily and
completely vanished.


Over the years since the '80s, occasionally one of those firms would
come to my attention with some "cute" variation on Doubleclick.net's 
advertising-blitz-and-spy-on-users business model, and get dropped into
the same oubliette.  "yimg.com" (Yahoo Images) was an early addition.

You learn some of the euphemisms as you go along:  Some of the firms
sell "market intelligence", "research", "Web metrics", "dynamic personal
messages", "measured response", "targeted promotions", and so on.

Now, I certainly can't spend significant time on this stuff:  I don't
have that time to waste.  However, I'm occasionally willing to devote a
little on a high-bang-for-the-buck basis, especially if I can "bottle"
what progress I've made, and offer it up to others.  Thus this posting:


As I've found domains used entirely or almost entirely for the more
scummy sorts of Internet-spying and advertising activities, I've 
been declaring my nameserver "authoritative" for them in exactly the way
shown above for doubleclick.net -- which means they get included in my 
prototype BIND9 example files, that I publish for the public's benefit.

If you want to see the whole set, in a format that can be dropped
effortlessly into BIND8/BIND9 nameserver configurations, download
http://linuxmafia.com/pub/linux/network/bind9-examples-linuxmafia.tar.gz

Following is the comments lines (only) from the "make domains go away"
section of /etc/bind/named.conf.local :



//Domains Killed Dirt Cheap:
//(advertising and similar domains mapped via local DNS to nowhere at all)

//"2o7.com" issues traffic-tracking cookies (run by Omniture, Inc.).

//"360i.com" are Internet advertisers (360 Integrated, run by 360i LLC.).

//"3dstats.com" are Web-bug advertisers (ImagineNET Company)

//"ad-up.com" are Internet advertisers and sell e-mail address lists
// (Ad-Up Corporation).

//"adbot.com" were big Internet advertisers, but went broke and are now
// probably harmless:  Owned by Cameron Gregory, Web/Java developer.

//"adjuggler.com" are Internet advertisers (Thruport Technologies, Inc.).

//"adknowledge.com" are Web-bug advertisers (Adknowledge, Inc.).

//"adlegend.com" are Web-bug advertisers (run by TruEffect, Inc.).

//"adrevolver.com" are Web-bug advertisers (run by BlueLithium, Inc.).

//"adriver.ru" are Internet advertisers 

//"adserver.com" are Internet advertisers (Fastclick, Inc.).

//"adsmart.com" are Internet advertisers (run by Web holding company CMGI).

//"adtech.de" are Internet advertisers (ADTECH AG).

//"alexa.com" are Internet advertisers (Alexa Internet, Inc.)

//"advertising.com" are Web-bug advertisers (Advertising.com, Inc.).

//"apmebf.com" are Web-bug advertisers (part of ValueClick, Inc.).

//"atdmt.com" issue traffic-tracking cookies (part of Atlas, 
// division of aQuantive, Inc.).

//"atlas.cz" are Czech-language Internet advertisers (ATLAS.CZ, a.s.).

//"atwola.com" are Web-bug advertisers (part of AOL, Inc.).

//"belnk.com" are Internet advertisers (BehaviorLink, in Claria's Vista 
//division).

//"bfast.com" are Internet advertisers (part of ValueClick, Inc.)

//"bizrate.com" are Internet advertisers (Shopzilla, Inc.).

//"blm.net" are Internet advertisers (BrowserMedia, LLC).

//"bluelithium.com" are Internet advertisers (BlueLithium, Inc.).

//"bluestreak.com" are Internet advertisers (Bluestreak, Inc.).

//"bravenet.com" issue traffic-tracking cookies (Bravenet Web Services Inc.).

//"burstnet.com" are Internet advertisers (Burst Media LLC).

//"burstbeacon.com" are Internet advertisers (Burst Media LLC).

//"casalemedia.com" are Internet advertisers (Casale Media, Inc.).

//"centrport.net" are Internet advertisers (CentrPort, Inc.).

//"checkm8.com" are Internet advertisers (Checkm8 Technologies, Inc.)

//"clickability.com" are Internet advertisers (Clickability, Inc.)

//"clicktracks.com" issue traffic-tracking cookies (ClickTracks Analytics Inc.)

//"clickz.com" issue traffic-tracking cookies (Incisive Interactive Marketing,
//LLC).

//"cnnaudience.com" are Internet advertisers (Turner Broadcasting System, Inc.)

//"contextweb.com" are Internet advertisers (ContextWeb, Inc.).

//"coremetrics.com" are Internet advertisers (Coremetrics, Inc.).

//"criticalmass.com" are Internet advertisers (Critical Mass, part of
// Omnicom Group, Inc.).

//"did-it.com" are Internet advertisers (Did-it.com, LLC).

//"dogpile.com" are Internet advertisers run by infospace.com (InfoSpace, Inc.).

//"domainsponsor.com" are Internet advertisers (Oversee.net)

//doubleclick.net must die.  Internet advertisers (DoubleClick, Inc.).

//"esomniture.com" are Web-bug publishers (Omniture, Inc.).

//"falkag.net" are Internet advertisers (Falk eSolutions AG).

//"fastclick.com" are Internet advertisers (Fastclick, Inc.).

//"fastclick.net" are Internet advertisers (Fastclick, Inc.).

//"focalink.com" are Internet advertisers (Focalink Communications).

//"gemius.pl" issue traffic-tracking cookies (Gemius S.A.)

//"gureport.co.uk" issue traffic-tracking cookies (Guardian Newspapers, Ltd.)

//"hitbox.com" are Web-bug publishers (WebSideStory, Inc.).

//"hitslink.com" are Web-bug publishers (Net Applications, Inc.).

//"hitsprocessor.com" are Web-bug publishers (Net Applications, Inc.).

//"humanclick.com" are Internet advertisers (LivePerson, Inc.).

//"imrworldwide.com" are Internet advertisers (NetRatings, Inc., in 
//collaboration with AC Nielsen and Nielsen Media Research). 

//"indextools.com" are Internet advertisers (IndexTools, Inc.)

//"information.com" are Internet advertisers (Oversee.net)

//"infospace.com" serve up ads from ads.infospace.com (InfoSpace, Inc.).

//"insightexpressai.com" are Internet advertisers (InsightExpress, LLC).

//"itadnetwork.co.uk" are Internet advertisers (Net Communities Limited)

//"kanoodle.com" are Internet advertisers (Kanoodle.com, Inc.).

//"linkexchange.com" come across as sleazemeisters.  Advertisers dealing
// in questionable page-rank deals (Microsoft Corporation).

//"liveperson.com" are Internet advertisers (LivePerson. Inc.).

//"liveperson.net" are Internet advertisers (LivePerson. Inc.).

//"maxserving.com" are Internet advertisers (Ask Jeeves, Inc.).

//"medialand.ru" are Internet advertisers (Medialand.Ru, Ltd.).

//"mediaplex.com" are Internet advertisers (Mediaplex, Inc.).

//"myaffiliateprogram.com" are Internet advertisers (KowaBunga Technologies,
// part of Think Partnership Inc. / CGI Holding Corporation)

//"nbcupromotes.com" are Internet advertisers (NBC/Universal Promotions).

//"netservice.de" are German-language Internet advertisers.

//"nozonedata.com" are Internet advertisers (NoZone, Inc.).

//"nytdigital.com" are Internet advertisers (The New York Times Company)

//"omniture.com" are Web-bug advertisers (Omniture, Inc., the people 
// who run 2o7.com).

//"onestat.com" are a Dutch traffic-tracking company.

//"optimost.com" are Internet advertisers (Optimost LLC)

//"poindextersystems.com" are Internet advertisers (Poindexter Systems, Inc.)

//"pointroll.com" are Web-bug advertisers (run by Gannett Company, Inc.).

//"preferences.com" appear to serve up ads from ads.preferences.com 
// (RHCDirect LLC).

//"questionmarket.com" issue traffic-tracking cookies (Dynamic Logic).

//"realmedia.com" are Internet advertisers (24/7 Real Media, Inc.)

//"remoteapproach.com" collect spy-on-users data from Acrobat 7.x 
// and later for the benefit of Adobe Systems, Inc.

//"revenue.net" are Internet advertisers (Oversee.net)

//"revsci.net" are Internet advertisers (Revenue Science, Inc.)

//"riddler.com" advertise from various subdomains (Riddler LLC).

//"rightmedia.com" are Web-bug advertisers (the people who run yieldmanager.com,
// Right Media, LLC).

//"ru4.com" are Web-bug advertisers (Pointdexter Systems).

//"sageanalyst.net" are Internet advertisers (sbasoft, Inc./SageMetrics Corp.).

//"seeq.com" are Internet advertisers (BrowserMedia, LLC).

//"serving-sys.com" are Internet advertisers (Ilissos).

//"sitestat.com" issues traffic-tracking cookies (Nedstat BV)

//"smartadserver.com" are Internet advertisers (auFeminin.com SA).

//"specificclick.com" are Web-bug advertisers (SpecificCLICK).

//"specificclick.net" are Web-bug advertisers (SpecificCLICK).

//"spylog.com" issue traffic-tracking cookies (OOO Spylog)

//"statcounter.com" issues traffic-tracking cookies (Aodhan Cullen of Dublin).

//"tacoda.com" are Internet advertisers (TACODA Systems, Inc.).

//"techbuyer.com" are Web-bug advertisers (YesDirect, Inc.)

//"techtarget.com" are Internet advertisers (TechTarget, Inc.).

//"trafficmp.com" are Internet advertisers (Vendare Group, Inc.)

//"tribalfusion.com" are Internet advertisers (Tribal Fusion, Inc.)

//"trueffect.com" are Web-bug advertisers (TruEffect, Inc. the people 
// who run adlegend.com).

//"ultramercial.com" are Internet advertisers (Ultramercial, LLC).

//"valueclick.com" serve up ads from oz.valueclick.com (ValueClick, Inc.).

//"valueclick.net" are Internet advertisers (ValueClick, Inc.).

//"webads.nl" are Internet advertisers (Webads Europe)

//"webstats4u.com" are Web-bug publishers (Web Measurement Servicews B.V.).

//"webtrendslive.com" are Web-bug advertisers (WebTrends, Inc.).

//"wiredminds.com" are Internet advertisers (WiredMinds, Inc.).

//"wiredminds.de" are Internet advertisers (WiredMinds AG).

//"yadro.ru" are Internet advertisers 

//"yieldmanager.com" are Web-bug advertisers (run by RightMedia, Inc).

//yimg.com must die, too; same reasons as for Doubleclick (Yahoo, Inc.).

//"zedo.com" are Internet advertisers (ZEDO, Inc.).


(Those characterisations aren't very exact, so don't take them as
gospel.  I looked at each domain's known activity just long enough to 
class them as "Should be made to go away", and wrote a quick guess at
what each one seemed to be mostly about.)

One neat thing is:  _Any_ DNS-client machine that uses your nameserver 
will be under your umbrella.  Their processes, like yours, will have
those same bloodsucker domains globally mapped to oblivion.


This can be a two-edged sword, given contrary-minded local users:  My
mother-in-law Cheryl, who lives with us and initially had her
workstations set up to use my nameserver, kept coming to me and
complaining that she was being blocked from reaching desirable content 
by my proxy.

I explained I had no proxy.  She continued to complain, and was certain
it was my fault.

It occurred to me that I had mapped *.doubleclick.net hostnames to
nowhere -- but I stressed that there was _nothing_ but undesirable
crudware ever retrieved from those URLs, and she really shouldn't want
to have that rubbish back.

She continued to complain:  My nameserver was generating "broken links",
so obviously I must be depriving her of stuff she wants.  She knew that
those those links weren't broken anywhere except from home, so obviously
I was impairing her Internet experience.

I looked:  Indeed, there were 404s being generated (because of the
particular variety of oblivion I was then mapping the domain to).  Every
one of those 404s was objectively undesirable junk.

She complained.  I stressed that I wasn't filtering her Internet traffic,
just resolving certain domains locally.  If she didn't like my
nameserver policy, she was welcome to use any of millions of others, or
run her own.

She complained.  I reiterated that her shortage of banner ads, Web bugs,
and spy cookies wasn't my problem.

She complained.  I sat down at her machine and repointed them to Raw
Bandwidth's nameservers.

Moral:  No good deed goes unpunished.



It would be nice if Deirdre had the house Apple Airport base station
referencing my nameserver IP (only) for the DNS IP that it passes to
DHCP clients.  However, I'm betting it doesn't.  Crying shame, that.



http://linuxmafia.com/pub/linux/network/bind9-examples-linuxmafia.tar.gz 
has one other special feature:  a file called "maps-lawsuits".

Many years ago, I managed to make the day of Paul Vixie, DNS expert and
founder of the anti-spam MAPS Project, Inc., at the end of one of his 
lectures at BayLISA:  I told him that, the day Yesmail, Inc. got a
temporary restraining order against MAPS for announcing an intention to
put Yesmail's IPs in its DNS blocklist (alleging tortious interference
in Yesmail's business affairs), I sent an e-mail to several high
executives at Yesmail and its entire sales department:  Paul Vixie and
MAPSs, I said, would eventually get around to forgiving them for their
actions.  By contrast, I pointed out, they'd just managed to piss off
just about every sysadmin in the world, and the oceans would dry up, the
sun would burn out, and the universe would suffer heat death before
_they_ would either forgive or forget.

Therefore, I said, I predicted a long eternity of their IP addresses
gracing a large number of sysadmins' null-route lists, and hoped they
considered the sacrifice worthwhile.

The "maps-lawsuits" file details each of the five firms that sued MAPS
on what in my view were specious and disreputable grounds -- including, 
in some cases, who owns those firms now.  I hope to add specific IP
address lists, soon.

Being mindful of the restraint-of-trade statutes, I certainly won't tell
anyone _else_ to null-route those firms' IP addresses.  You could, for
example, send them Christmas cards.  Let your conscience be your guide.




From hereon1 at fastmail.us  Wed Dec 14 21:05:33 2005
From: hereon1 at fastmail.us (Hereon)
Date: Wed, 14 Dec 2005 21:05:33 -0800
Subject: [conspire] Howto find replace change newline control character in
 filename script program perl
Message-ID: <1134623133.29164.249841331@webmail.messagingengine.com>

Howto find replace change newline control character in filename script program perl for linux unix

Thanks to Bill & Sam.

Useful for fixing .html files saved by Mozilla firefox.

I sometimes copy the title of an article and paste it to the save dialog box of Mozilla firefox.
Sometimes this contains a newline character that I don't notice.
K3b cd writing backup fails on the filenames containing newlines.

Place the script below in a text editor & save it in /usr/local/bin
as FindReplaceNewlineCharacterInFilename.pl
chmod 755 FindReplaceNewlineCharacterInFilename.pl
Go to the top of the directory tree you wish to search & replace.

Run the program
FindReplaceNewlineCharacterInFilename.pl

Running it with no options lists filnames which contain newline characters.
Run it with the "-r" option to actually change the file names.


=====================================================================
#!/usr/bin/perl -w
#
# Usage: FindReplaceNewlineCharacterInFilename.pl [-r]
# Recursively finds all files and directories with newline characters in their name
# and optionally renames them to have spaces instead. By default, files are not renamed;
# the files that would be effected are listed on stdout. If invoked with the -r option,
# the files are renamed. 
#
use File::Find;           # Recursively visits every file in a list of directories
use Cwd;                  # for returning the current directory with getcwd().
use strict;
no warnings 'File::Find';

$::DO_RENAME = $ARGV[0] eq "-r";   # Is true if user wants to actually rename the file

my @dir;
push( @dir, getcwd() );   # Start in the current directory
find( \&RemoveUnsafeCharactersFromFilename , @dir );

##
# Replace all files with \n in them with spaces

sub RemoveUnsafeCharactersFromFilename {

    # If the filename (that Find::File::find() puts in $_ and in $File::Find::name)
    # contains a Newline character (\n, i.e. hex 0A ASCII 11 entered as ^V^J), 
    # replace it with a simple space character.

    # If the current filename contains the undesired control character,
    if( m/[\n]/ ) {  # m/pattern/ does a regex match of `pattern' against the $_ variable

    	# Create string for user display that shows "/r"'s in the file name.
        my $old_filename = $File::Find::name;
        my $old_display_name = $old_filename;   # show the old filename on a single line
        $old_display_name =~ s/[\n]/\\n/g;	# Put "\n" in the output to see.
        s/[\n]/ /g;  # s/old/new/ replaces `old' pattern with `new' value in the $_ variable

	# Show user the file name.
        print $::DO_RENAME ? "Renaming " : "";		# Say "Renaming" if '-r' option
        print "$old_display_name\n";		
	print $::DO_RENAME ? "To ===== $_\n" : "";	# Show new file name if renaming

        # We only rename files if the script is invoked with the -r option
        if( $::DO_RENAME ) {
            rename( $old_filename, $_ ) or die "Couldn't rename $old_display_name to $_: $!";
        }
    }
    1;	# Return 1 just in case.
}
-- 
  Hereon
  hereon1 at fastmail.us

-- 
http://www.fastmail.fm - Same, same, but different





From togo at of.net  Wed Dec 14 23:53:33 2005
From: togo at of.net (Tony Godshall)
Date: Wed, 14 Dec 2005 23:53:33 -0800
Subject: [conspire] Howto find replace change newline control character in
	filename script program perl
In-Reply-To: <1134623133.29164.249841331@webmail.messagingengine.com>
References: <1134623133.29164.249841331@webmail.messagingengine.com>
Message-ID: <20051215075333.GA22180@of.net>


How about this?

find . -type f \
| perl -ne '\
  chomp;
  my $oldname=$_;
  while(s{^(.*)[\r\n]+(.*)$}{$1$2}}) { }
  if ( $oldname == $_ ) { rename($orig,$_); }
  }
'

A little less complicated.  And easily adapted for other
purposes (I use something like this for cleaning up mp3
filenames before dumping them to my iriver).

According to Hereon,
> Howto find replace change newline control character in filename script program perl for linux unix
> 
> Thanks to Bill & Sam.
> 
> Useful for fixing .html files saved by Mozilla firefox.
> 
> I sometimes copy the title of an article and paste it to the save dialog box of Mozilla firefox.
> Sometimes this contains a newline character that I don't notice.
> K3b cd writing backup fails on the filenames containing newlines.
> 
> Place the script below in a text editor & save it in /usr/local/bin
> as FindReplaceNewlineCharacterInFilename.pl
> chmod 755 FindReplaceNewlineCharacterInFilename.pl
> Go to the top of the directory tree you wish to search & replace.
> 
> Run the program
> FindReplaceNewlineCharacterInFilename.pl
> 
> Running it with no options lists filnames which contain newline characters.
> Run it with the "-r" option to actually change the file names.
> 
> 
> =====================================================================
> #!/usr/bin/perl -w
> #
> # Usage: FindReplaceNewlineCharacterInFilename.pl [-r]
> # Recursively finds all files and directories with newline characters in their name
> # and optionally renames them to have spaces instead. By default, files are not renamed;
> # the files that would be effected are listed on stdout. If invoked with the -r option,
> # the files are renamed. 
> #
> use File::Find;           # Recursively visits every file in a list of directories
> use Cwd;                  # for returning the current directory with getcwd().
> use strict;
> no warnings 'File::Find';
> 
> $::DO_RENAME = $ARGV[0] eq "-r";   # Is true if user wants to actually rename the file
> 
> my @dir;
> push( @dir, getcwd() );   # Start in the current directory
> find( \&RemoveUnsafeCharactersFromFilename , @dir );
> 
> ##
> # Replace all files with \n in them with spaces
> 
> sub RemoveUnsafeCharactersFromFilename {
> 
>     # If the filename (that Find::File::find() puts in $_ and in $File::Find::name)
>     # contains a Newline character (\n, i.e. hex 0A ASCII 11 entered as ^V^J), 
>     # replace it with a simple space character.
> 
>     # If the current filename contains the undesired control character,
>     if( m/[\n]/ ) {  # m/pattern/ does a regex match of `pattern' against the $_ variable
> 
>     	# Create string for user display that shows "/r"'s in the file name.
>         my $old_filename = $File::Find::name;
>         my $old_display_name = $old_filename;   # show the old filename on a single line
>         $old_display_name =~ s/[\n]/\\n/g;	# Put "\n" in the output to see.
>         s/[\n]/ /g;  # s/old/new/ replaces `old' pattern with `new' value in the $_ variable
> 
> 	# Show user the file name.
>         print $::DO_RENAME ? "Renaming " : "";		# Say "Renaming" if '-r' option
>         print "$old_display_name\n";		
> 	print $::DO_RENAME ? "To ===== $_\n" : "";	# Show new file name if renaming
> 
>         # We only rename files if the script is invoked with the -r option
>         if( $::DO_RENAME ) {
>             rename( $old_filename, $_ ) or die "Couldn't rename $old_display_name to $_: $!";
>         }
>     }
>     1;	# Return 1 just in case.
> }
> -- 
>   Hereon
>   hereon1 at fastmail.us
> 
> -- 
> http://www.fastmail.fm - Same, same, but different?
> 
> 
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire

-- 

Best Regards,

Tony




From bill at wards.net  Wed Dec 14 23:56:52 2005
From: bill at wards.net (Bill Ward)
Date: Wed, 14 Dec 2005 23:56:52 -0800
Subject: [conspire] Howto find replace change newline control character in
	filename script program perl
In-Reply-To: <20051215075333.GA22180@of.net>
References: <1134623133.29164.249841331@webmail.messagingengine.com>
	<20051215075333.GA22180@of.net>
Message-ID: <3d2fe1780512142356w127c1703wfb4a277b0f6ad05b@mail.gmail.com>

I'd add 'warn "$orig: $!" ' to your rename() but otherwise, looks good.

On 12/14/05, Tony Godshall <togo at of.net> wrote:
>
> How about this?
>
> find . -type f \
> | perl -ne '\
>   chomp;
>   my $oldname=$_;
>   while(s{^(.*)[\r\n]+(.*)$}{$1$2}}) { }
>   if ( $oldname == $_ ) { rename($orig,$_); }
>   }
> '
>
> A little less complicated.  And easily adapted for other
> purposes (I use something like this for cleaning up mp3
> filenames before dumping them to my iriver).
>
> According to Hereon,
> > Howto find replace change newline control character in filename script program perl for linux unix
> >
> > Thanks to Bill & Sam.
> >
> > Useful for fixing .html files saved by Mozilla firefox.
> >
> > I sometimes copy the title of an article and paste it to the save dialog box of Mozilla firefox.
> > Sometimes this contains a newline character that I don't notice.
> > K3b cd writing backup fails on the filenames containing newlines.
> >
> > Place the script below in a text editor & save it in /usr/local/bin
> > as FindReplaceNewlineCharacterInFilename.pl
> > chmod 755 FindReplaceNewlineCharacterInFilename.pl
> > Go to the top of the directory tree you wish to search & replace.
> >
> > Run the program
> > FindReplaceNewlineCharacterInFilename.pl
> >
> > Running it with no options lists filnames which contain newline characters.
> > Run it with the "-r" option to actually change the file names.
> >
> >
> > =====================================================================
> > #!/usr/bin/perl -w
> > #
> > # Usage: FindReplaceNewlineCharacterInFilename.pl [-r]
> > # Recursively finds all files and directories with newline characters in their name
> > # and optionally renames them to have spaces instead. By default, files are not renamed;
> > # the files that would be effected are listed on stdout. If invoked with the -r option,
> > # the files are renamed.
> > #
> > use File::Find;           # Recursively visits every file in a list of directories
> > use Cwd;                  # for returning the current directory with getcwd().
> > use strict;
> > no warnings 'File::Find';
> >
> > $::DO_RENAME = $ARGV[0] eq "-r";   # Is true if user wants to actually rename the file
> >
> > my @dir;
> > push( @dir, getcwd() );   # Start in the current directory
> > find( \&RemoveUnsafeCharactersFromFilename , @dir );
> >
> > ##
> > # Replace all files with \n in them with spaces
> >
> > sub RemoveUnsafeCharactersFromFilename {
> >
> >     # If the filename (that Find::File::find() puts in $_ and in $File::Find::name)
> >     # contains a Newline character (\n, i.e. hex 0A ASCII 11 entered as ^V^J),
> >     # replace it with a simple space character.
> >
> >     # If the current filename contains the undesired control character,
> >     if( m/[\n]/ ) {  # m/pattern/ does a regex match of `pattern' against the $_ variable
> >
> >       # Create string for user display that shows "/r"'s in the file name.
> >         my $old_filename = $File::Find::name;
> >         my $old_display_name = $old_filename;   # show the old filename on a single line
> >         $old_display_name =~ s/[\n]/\\n/g;    # Put "\n" in the output to see.
> >         s/[\n]/ /g;  # s/old/new/ replaces `old' pattern with `new' value in the $_ variable
> >
> >       # Show user the file name.
> >         print $::DO_RENAME ? "Renaming " : "";                # Say "Renaming" if '-r' option
> >         print "$old_display_name\n";
> >       print $::DO_RENAME ? "To ===== $_\n" : "";      # Show new file name if renaming
> >
> >         # We only rename files if the script is invoked with the -r option
> >         if( $::DO_RENAME ) {
> >             rename( $old_filename, $_ ) or die "Couldn't rename $old_display_name to $_: $!";
> >         }
> >     }
> >     1;        # Return 1 just in case.
> > }
> > --
> >   Hereon
> >   hereon1 at fastmail.us
> >
> > --
> > http://www.fastmail.fm - Same, same, but different?
> >
> >
> > _______________________________________________
> > conspire mailing list
> > conspire at linuxmafia.com
> > http://linuxmafia.com/mailman/listinfo/conspire
>
> --
>
> Best Regards,
>
> Tony
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
>


--
Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/



From bill at wards.net  Wed Dec 14 23:57:11 2005
From: bill at wards.net (Bill Ward)
Date: Wed, 14 Dec 2005 23:57:11 -0800
Subject: [conspire] Howto find replace change newline control character in
	filename script program perl
In-Reply-To: <3d2fe1780512142356w127c1703wfb4a277b0f6ad05b@mail.gmail.com>
References: <1134623133.29164.249841331@webmail.messagingengine.com>
	<20051215075333.GA22180@of.net>
	<3d2fe1780512142356w127c1703wfb4a277b0f6ad05b@mail.gmail.com>
Message-ID: <3d2fe1780512142357k1b96c38cne9f6fc63125b7f00@mail.gmail.com>

Sorry should be "or warn..." of course.

On 12/14/05, Bill Ward <bill at wards.net> wrote:
> I'd add 'warn "$orig: $!" ' to your rename() but otherwise, looks good.
>
> On 12/14/05, Tony Godshall <togo at of.net> wrote:
> >
> > How about this?
> >
> > find . -type f \
> > | perl -ne '\
> >   chomp;
> >   my $oldname=$_;
> >   while(s{^(.*)[\r\n]+(.*)$}{$1$2}}) { }
> >   if ( $oldname == $_ ) { rename($orig,$_); }
> >   }
> > '
> >
> > A little less complicated.  And easily adapted for other
> > purposes (I use something like this for cleaning up mp3
> > filenames before dumping them to my iriver).
> >
> > According to Hereon,
> > > Howto find replace change newline control character in filename script program perl for linux unix
> > >
> > > Thanks to Bill & Sam.
> > >
> > > Useful for fixing .html files saved by Mozilla firefox.
> > >
> > > I sometimes copy the title of an article and paste it to the save dialog box of Mozilla firefox.
> > > Sometimes this contains a newline character that I don't notice.
> > > K3b cd writing backup fails on the filenames containing newlines.
> > >
> > > Place the script below in a text editor & save it in /usr/local/bin
> > > as FindReplaceNewlineCharacterInFilename.pl
> > > chmod 755 FindReplaceNewlineCharacterInFilename.pl
> > > Go to the top of the directory tree you wish to search & replace.
> > >
> > > Run the program
> > > FindReplaceNewlineCharacterInFilename.pl
> > >
> > > Running it with no options lists filnames which contain newline characters.
> > > Run it with the "-r" option to actually change the file names.
> > >
> > >
> > > =====================================================================
> > > #!/usr/bin/perl -w
> > > #
> > > # Usage: FindReplaceNewlineCharacterInFilename.pl [-r]
> > > # Recursively finds all files and directories with newline characters in their name
> > > # and optionally renames them to have spaces instead. By default, files are not renamed;
> > > # the files that would be effected are listed on stdout. If invoked with the -r option,
> > > # the files are renamed.
> > > #
> > > use File::Find;           # Recursively visits every file in a list of directories
> > > use Cwd;                  # for returning the current directory with getcwd().
> > > use strict;
> > > no warnings 'File::Find';
> > >
> > > $::DO_RENAME = $ARGV[0] eq "-r";   # Is true if user wants to actually rename the file
> > >
> > > my @dir;
> > > push( @dir, getcwd() );   # Start in the current directory
> > > find( \&RemoveUnsafeCharactersFromFilename , @dir );
> > >
> > > ##
> > > # Replace all files with \n in them with spaces
> > >
> > > sub RemoveUnsafeCharactersFromFilename {
> > >
> > >     # If the filename (that Find::File::find() puts in $_ and in $File::Find::name)
> > >     # contains a Newline character (\n, i.e. hex 0A ASCII 11 entered as ^V^J),
> > >     # replace it with a simple space character.
> > >
> > >     # If the current filename contains the undesired control character,
> > >     if( m/[\n]/ ) {  # m/pattern/ does a regex match of `pattern' against the $_ variable
> > >
> > >       # Create string for user display that shows "/r"'s in the file name.
> > >         my $old_filename = $File::Find::name;
> > >         my $old_display_name = $old_filename;   # show the old filename on a single line
> > >         $old_display_name =~ s/[\n]/\\n/g;    # Put "\n" in the output to see.
> > >         s/[\n]/ /g;  # s/old/new/ replaces `old' pattern with `new' value in the $_ variable
> > >
> > >       # Show user the file name.
> > >         print $::DO_RENAME ? "Renaming " : "";                # Say "Renaming" if '-r' option
> > >         print "$old_display_name\n";
> > >       print $::DO_RENAME ? "To ===== $_\n" : "";      # Show new file name if renaming
> > >
> > >         # We only rename files if the script is invoked with the -r option
> > >         if( $::DO_RENAME ) {
> > >             rename( $old_filename, $_ ) or die "Couldn't rename $old_display_name to $_: $!";
> > >         }
> > >     }
> > >     1;        # Return 1 just in case.
> > > }
> > > --
> > >   Hereon
> > >   hereon1 at fastmail.us
> > >
> > > --
> > > http://www.fastmail.fm - Same, same, but different?
> > >
> > >
> > > _______________________________________________
> > > conspire mailing list
> > > conspire at linuxmafia.com
> > > http://linuxmafia.com/mailman/listinfo/conspire
> >
> > --
> >
> > Best Regards,
> >
> > Tony
> >
> >
> > _______________________________________________
> > conspire mailing list
> > conspire at linuxmafia.com
> > http://linuxmafia.com/mailman/listinfo/conspire
> >
>
>
> --
> Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/
>


--
Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/



From moseley at hank.org  Thu Dec 15 07:55:34 2005
From: moseley at hank.org (Bill Moseley)
Date: Thu, 15 Dec 2005 07:55:34 -0800
Subject: [conspire] Another DNS trick: Making domains go away
In-Reply-To: <20051215020449.GD9804@linuxmafia.com>
References: <20051215020449.GD9804@linuxmafia.com>
Message-ID: <20051215155534.GA18540@hank.org>

Another tool I've used:

http://perl.apache.org/docs/tutorials/tips/mod_perl_tricks/mod_perl_tricks.html#A_Banner_Ad_Blocker


-- 
Bill Moseley
moseley at hank.org




From rick at linuxmafia.com  Thu Dec 15 10:53:06 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 15 Dec 2005 10:53:06 -0800
Subject: [conspire] Usage of NDAs in legal flummery
Message-ID: <20051215185306.GQ20384@linuxmafia.com>

I decided not to send this e-mail to a firm I deal with, in hopes of not
stirring that pot unless it _actually_ becomes an issue.  However, it 
really annoys me that so many computer geeks let themselves be so easily 
manipulated by transparently and insultingly bogus legalistic bullshit
-- and so I hope this draft can be of benefit to some others.




Hello, $EXECUTIVE.

It was a pleasure speaking to you, on Tuesday, December 13, and I look
foward to the opportunity to examine $FIRM's product line.

There was, however, one thing you said that concerned me:  You asserted
that a non-disclosure agreement I signed 2 1/2 years ago is still in
force, and would apply to our telephone conversation that followed.  The
purpose of this e-mail is to share with you the results of my legal
research on that question.  (I am not an attorney, and nothing in this 
e-mail should be construed as me giving professional legal advice to
you, $FIRM, or anyone else.)

1.  In California law, non-disclosure agreements cannot have force 
without exchange of consideration, as that lack causes no contract to
form.  I note that I have not at any point executed any business
contract whatsoever with you or $FIRM, thus far.  Any moves towards such
a contract would have been executory at that time, and had long gone
defunct by the time 2 1/2 years passed.

2.  California law actually voids completely, in Business and
Professions Code ?16600, any contract that purports to restrain anyone
"from engaging in a lawful profession, trade, or business of any kind",
to the extent of that retraint.

I am, of course, generally speaking, in the Unix-based IT and network
consulting trade.

3.  ?16600's application is of course tempered by California's Civil
Code ?3426 et seq., implementing the Uniform Trade Secrets Act, which
specifies the scope of trade secret law in our state.  But those
provisions apply only within an employment or similar business
relationship involving a duty to maintain the information's secrecy or
limit its use, only for a limited period of time, and only for subject
matters within the scope of that business.  Trade secrets, by the way,
are constrained by statute to these areas:  a "formula, pattern,
compilation, program, device, method, technique, or process" that
maintains economic value.  (Customer lists are also trade secrets per
the separate provision of Business and Professions Code ?16606.)  You
cannot just declare, say, your next intended product ship date to be a
trade secret and expect your opinion to enjoy legal protection.

As a result of these concerns, I cannot regard myself as bound at this
date to the terms of any NDA I might have executed with you or $FIRM,
2 1/2 years ago:  We do not have that close a business relationship.  In
fact, we do not yet have one, at all.  I'm, by intention, a sympathetic
but very much independent and external party, interested in your firm's
products and services. 

Irrespective of that, I am (and will remain) of course careful to
safeguard the privacy and interests of all persons and firms I deal with
during the course of my business affairs:  Protecting people's
confidences is part of just ordinary business ethics, irrespective of
legal obligations.

I hope this matter does not cause you problems, but I felt ethically 
obliged to bring it to your attention.




From alamozzz at yahoo.com  Fri Dec 16 09:34:32 2005
From: alamozzz at yahoo.com (Adrien Lamothe)
Date: Fri, 16 Dec 2005 09:34:32 -0800 (PST)
Subject: [conspire] Linux Systems Engineer job opening
Message-ID: <20051216173432.55090.qmail@web31410.mail.mud.yahoo.com>



Jim Stockford <jim.stockford at gmail.com> wrote: Date: Thu, 15 Dec 2005 14:43:15 -0800
From: Jim Stockford <jim.stockford at gmail.com>
To: jim at well.com
Subject: Linux Systems Engineer job opening

 
 Position:    LINUX SYSTEMS ENGINEER
 Company:  Reactrix Interactive Media Systems (Direct Employer)
 Location:   Redwood City, CA 
 Job Type:   Full-time
 
 COMPANY PROFILE:
 
 Reactrix Systems, Inc. offers reactive media advertising in the
 out-of-home category.  Reactive media is the most engaging and immersive
 media available, creating dramatically higher levels of brand recall and
 retention than television, radio, online, or traditional out-of-home
 advertising.  Through our internally developed, innovative Reactive
 Media Network, advertisers are capable of breaking through the clutter
 and engaging their customers in a way never before possible.  Reactrix
 is funded by Mobius Venture Capital, Worldview Technology Partners, and
 Tom Weisel Venture Partners. 
 
 POSITION SUMMARY:
 
 The Linux Systems Engineer is responsible for the design and initial
 operations of our embedded Linux platform for our distributed multimedia
 network.  Secondarily responsible for the design, development, and
 implementation of a strategic server management suite of tools to manage
 remote Linux hosts from a central site or sites.  In addition, this
 person will provide second level Linux server support for the internal
 needs of the company. 
 
 
 RESPONSIBILITIES:
 
 *           Provide a stable multimedia and network platform for
 thousands of networked Linux boxes. 
 *           Develop software and process for third-party manufacturing
 embedded Linux boxes. 
 *           Develop software and process for hardware testing and
 failure analysis. 
 *           Drive component selection and qualification, and support
 driver updates. 
 *           Automate OS patches and upgrades over the network and via
 CD. 
 *           Develop monitoring and remote management tools for problem
 identification, escalation, and resolution of deployed Linux hosts. 
 *           Develop/configure daemons and drivers as needed to enhance
 stability, ease maintenance, or add functionality.
 *           Participate in the design, testing, deployment, and
 stabilization of a virtual private secure IP web of hosts.
 *           Automate the administration and health monitoring of
 internal (Corporate) production Linux servers. 
 
 QUALIFICATIONS:
 
 *           Expertise with Linux configuration, monitoring, and remote
 administration.
 *           Experience with network and CD based installation/upgrades
 and automated patch deployment. 
 *           Experience with maintenance and failure analysis. 
 *           Experience with large-scale deployments. 
 *           Track record of having deployed large-scale systems and
 network management solutions. 
 *           Perl and shell scripting skills. 
 *           Working knowledge of SSH, RPM, RedHat Kickstart, and
 OpenSSL. 
 *           Expertise with Intrusion Detection and Data Encryption
 practices. 
 *           Strong interpersonal and team skills. 
 *           Must be passionate about working in a start-up. 
 
 DESIRED QUALIFICATIONS:
 
 All skills listed below are "Nice to have's".  Having none or only a few
 of the skills below does not necessarily indicate you are not qualified
 for the job.
 
 *           Experience with Linux-based multimedia platforms.
 *           Experience with Linux-based content management systems. 
 *           Experience with the following industries: advertising,
 interactive entertainment, retail stores. 
 *           Experience in manufacturing or computer system integration. 
 *           Network programming in UNIX/Linux environments. 
 *           Experience with SNMP, Video capture, MySQL, Network
 Security, PKI, Apache, SMTP, DHCP, DNS, Samba, NFS, Router, VPN and
 IPSEC deployment history. 
 
 EDUCATION:
 
 Bachelor's Degree or Master's Degree in Computer Science, Engineering,
 or IT. 
 
 BENEFITS:
 
 Reactrix provides comprehensive and competitive compensation and benefit
 packages.  Benefits include Medical Insurance, Prescription Drug
 Insurance, Dental and Vision Reimbursement, 401KRetirement Plan, Paid
 Holidays, and accrued Paid Time Off - starting at 15 days/yr.
 
 CONTACT INFORMATION:
 
 Only qualified candidates should apply.  If you are interested, please
 do the following: Send your resume and a cover letter summarizing how
 your background matches the requirements to jobs at reactrix.com.  Title it
 "LSE #834" in the subject line.  Please let us know how you heard about
 this opportunity.  
 
 PLEASE VISIT OUR SITE: 
 www.reactrix.com
 Thank you for your interest in Reactrix!
 
 A Proof of authorization to work in the United States required.
 No agency solicitations, please.
 
 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20051216/93af65cd/attachment.html>

From moseley at hank.org  Fri Dec 16 12:47:53 2005
From: moseley at hank.org (Bill Moseley)
Date: Fri, 16 Dec 2005 12:47:53 -0800
Subject: [conspire] Linux Systems Engineer job opening
In-Reply-To: <20051216173432.55090.qmail@web31410.mail.mud.yahoo.com>
References: <20051216173432.55090.qmail@web31410.mail.mud.yahoo.com>
Message-ID: <20051216204753.GA10487@hank.org>

On Fri, Dec 16, 2005 at 09:34:32AM -0800, Adrien Lamothe wrote:
>  Reactrix Systems, Inc. offers reactive media advertising in the
>  out-of-home category.  Reactive media is the most engaging and immersive
>  media available, creating dramatically higher levels of brand recall and
>  retention than television, radio, online, or traditional out-of-home
>  advertising.  Through our internally developed, innovative Reactive
>  Media Network, advertisers are capable of breaking through the clutter
>  and engaging their customers in a way never before possible.

This involve some kind of brain implant?


-- 
Bill Moseley
moseley at hank.org




From jla1200 at netzero.net  Fri Dec 16 01:55:27 2005
From: jla1200 at netzero.net (John Andrews)
Date: Fri, 16 Dec 2005 01:55:27 -0800
Subject: [conspire] Breezy Badger /Netzero
Message-ID: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>

When I try to start Netzero client from the desktop, it does not recognize
the modem. The kppp recognizes the modem fine.I did ln -s tty0 /dev/modem
but that didn't work.I tried it from a terminal as root but that didn't
matter except it said DM is off. What does that mean.
    Any suggestions on getting the Netzero to work?




From daniel at gimpelevich.san-francisco.ca.us  Fri Dec 16 15:00:59 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 16 Dec 2005 15:00:59 -0800
Subject: [conspire] Breezy Badger /Netzero
References: <mailman.145.1134770344.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.16.23.00.54.499592@gimpelevich.san-francisco.ca.us>

Of course tty0 won't work; it's ttyS0, but I already made that symlink, so
I guess udev must be involved. Add the following line to /etc/udev/links.conf:

L modem	ttyS0

Make sure kppp recognizes /dev/modem, and not just /dev/ttyS0. Can you
provide a little more context to the "DM is off" message?

On Fri, 16 Dec 2005 01:55:27 -0800, John Andrews wrote:

> When I try to start Netzero client from the desktop, it does not recognize
> the modem. The kppp recognizes the modem fine.I did ln -s tty0 /dev/modem
> but that didn't work.I tried it from a terminal as root but that didn't
> matter except it said DM is off. What does that mean.
>     Any suggestions on getting the Netzero to work?



From rick at linuxmafia.com  Fri Dec 16 15:55:39 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 16 Dec 2005 15:55:39 -0800
Subject: [conspire] Breezy Badger /Netzero
In-Reply-To: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>
References: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>
Message-ID: <20051216235539.GW7646@linuxmafia.com>

John, I might be able to help you, but this is going to come along with 
what'll come across as a complaint (it's not!) about some of the quirks
of language in your posts.  I'm going to make some suggestions about 
your approach to seeking help in the future, solely with the aim of
helping you more efficiently get assistance in the future, OK?  Please 
don't take any of this as personal criticism.

Please don't get frustrated:  We'll help you on your problem!  I'd just
also like to help prospectively with debugging tips.



Quoting John Andrews (jla1200 at netzero.net):

> I did ln -s tty0 /dev/modem but that didn't work.
              ^^^^

First and foremost, your problem may be as simple as specifying the
right device name.  /dev/tty0 is not a serial port; it's a _terminal_
device.  You probably meant "/dev/ttyS0", which is the machine's first 
serial port, the one that in MS-DOS is called COM1.

But I'm betting that you wrote your help request some while _after_ 
you did your efforts to make things work, rather than contemporaneously
with them, right?  Your descriptions have the rather fuzzy feeling about
them that is characteristic of a write-up someone created from vague
memory (which is bad, as the inevitably inaccuracies prevent effective
help) as opposed to using diligent notes or copying and pasting directly
from your diagnostic attempts.

That is, you might have actually done this:

$ su -
# cd /dev
# ln -s ttyS0 modem
# exit
$

...but then (maybe) you didn't accurately remember what you typed, after
the fact.  The _exact_ contents of what you did are important, which is 
why it wastes a lot of time when questioners get those details wrong.

Second, your phrase "didn't work" is one of a long series of common
phrases that are actively harmful to diagnosis, because they omit what
is really important.  (Others are "crashed", "bombed", "failed", etc.)
What's omitted, and what's really important, is _what actually happened_.

To clarify that point, I tend to tell querents "Techies are from Missouri." 
That is, you need to _show them_.  If you did something that is
important at the command line, _show_ the entire command-line sequence
to the people you want to help you, using cut-and-paste.  E.g.:

$ su -
Password: 
# cd /dev
# ls -l modem
ls: modem: No such file or directory
# ln -s ttyS0 modem
# ls -l modem
lrwxrwxrwx    1 rute     root            5 Dec 17 07:03 modem -> ttyS0
# exit
$

Notice how I take a couple of extra steps to show that no symbolic link
exists when I started, and the exact nature of what was created when
I finished.  Given that information, a technician whom I've asked to
help me would know objectively exactly what I've done and where the
"modem" symlink points to.


Third (and as an extension of the "Show me" point), you're displaying
the very, very common, but problematic trait of telling us your
_interpretations_ rather than the raw data.  Technicians need raw data;
it's not good for them to have to rely on your interpretations.  E.g.:


> When I try to start Netzero client from the desktop, it does not recognize
> the modem.

Your phrase "does not recognize" is your _interpretation_.  You don't
state what sequence of events happened that lead you to that conclusion.  
The latter is the raw data, and is what technicians need.

Because technicians are not present in the room with you, your
description has to compensate for our inability to see what you're
seeing.  Except in the case of baseline tools that are on every Linux 
system, you shouldn't assume that we all have the software you're using,
either.  

If your case, I believe the "Netzero client" you speak of is a graphical 
proprietary application.  But you didn't say that -- and you really do
need to say it.  You said you "started" it "from the desktop".  Started
how?  What desktop?  Sometimes, for purposes of clarity in diagnostic
situations, it's best to run even graphical applications of interest
from a terminal session, e.g.:

$ netzero &
$ 

(The "&" detaches the started-up process from the terminal, starting it
in background, and giving you back your command prompt.

If you that, and copy and paste the command session, then technicians
will know precisely what you did to launch such programs, and will have
greater confidence that you didn't forget to mention something
important.

Does the Netzero client have a screen for configuration (aka
"preferences")?  Does such a screen show a serial port that is to be
used?  Does it say /dev/modem?

>The kppp recognizes the modem fine.

Again, it's really hard for us to know what this means.  You could mean
that kppp dials, connects, negotiates your PPP login, and establishes 
full Internet connectivity that you confirmed by doing the following at
a command prompt:


$ ping www.apple.com
PING www.apple.com.akadns.net (17.254.0.91) 56(84) bytes of data.
64 bytes from www.apple.com (17.254.0.91): icmp_seq=1 ttl=241 time=617 ms
64 bytes from www.apple.com (17.254.0.91): icmp_seq=2 ttl=241 time=618 ms
64 bytes from www.apple.com (17.254.0.91): icmp_seq=3 ttl=241 time=622 ms

--- www.apple.com.akadns.net ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time 3697ms
rtt min/avg/max/mdev = 617.394/619.272/622.122/2.147 ms
$ 


Doesn't kppp have a screen where the modem device can be specified?
What does it say?  Maybe "/dev/ttyS0"?

> I did ln -s tty0 /dev/modem but that didn't work.

Again, the biggest problem in the above, even worse than the fact that
it's unclear what directory you were in, and thus unclear where "tty0" 
is, and even worse than /dev/tty0 (as opposed to /dev/ttyS0) making no 
sense as a serial device, is that we have no way of knowing what you
mean when you say "didn't work".  

You were probably really clear in your mind about what you meant, but we
can't read your mind -- or your screen.  ;->


> I tried it from a terminal as root but that didn't
> matter except it said DM is off. What does that mean.

Insufficient data.

>     Any suggestions on getting the Netzero to work?

Yes.  What does the accompanying documentation state, about how to
specify the serial port?




From daniel at gimpelevich.san-francisco.ca.us  Fri Dec 16 16:53:36 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 16 Dec 2005 16:53:36 -0800
Subject: [conspire] Breezy Badger /Netzero
References: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>
	<mailman.147.1134777344.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.17.00.53.36.224066@gimpelevich.san-francisco.ca.us>

On Fri, 16 Dec 2005 15:55:39 -0800, Rick Moen wrote:

> John, I might be able to help you, but this is going to come along with 
> what'll come across as a complaint (it's not!) about some of the quirks
> of language in your posts.  I'm going to make some suggestions about 
> your approach to seeking help in the future, solely with the aim of
> helping you more efficiently get assistance in the future, OK?  Please 
> don't take any of this as personal criticism.
> 
> Please don't get frustrated:  We'll help you on your problem!  I'd just
> also like to help prospectively with debugging tips.

This is perfectly true, but I am in possession of some of the information
that he left out, because I know what I did to his system and how it
behaved after that.
 
> Quoting John Andrews (jla1200 at netzero.net):
> 
>> I did ln -s tty0 /dev/modem but that didn't work.
>              ^^^^
> 
> First and foremost, your problem may be as simple as specifying the
> right device name.  /dev/tty0 is not a serial port; it's a _terminal_
> device.  You probably meant "/dev/ttyS0", which is the machine's first
> serial port, the one that in MS-DOS is called COM1.
> 
> But I'm betting that you wrote your help request some while _after_ you
> did your efforts to make things work, rather than contemporaneously with
> them, right?  Your descriptions have the rather fuzzy feeling about them
> that is characteristic of a write-up someone created from vague memory
> (which is bad, as the inevitably inaccuracies prevent effective help) as
> opposed to using diligent notes or copying and pasting directly from
> your diagnostic attempts.
> 
> That is, you might have actually done this:
> 
> $ su -
> # cd /dev
> # ln -s ttyS0 modem
> # exit
> $
> 
> ...but then (maybe) you didn't accurately remember what you typed, after
> the fact.  The _exact_ contents of what you did are important, which is
> why it wastes a lot of time when questioners get those details wrong.

I took all of that into account in my reply, but thanks for illustrating
what I had to think about in the process. One of the last things I did to
his system was "sudo ln -s ttyS0 /dev/modem" but did not retest the
NetZero client after that because he had not brought his modem with him
anyway. I also warned him that I did not know whether that symlink would
survive a reboot in the presence of udev. I now know that it would not, so
the symlink I created went away almost immediately, thus leaving the
NetZero client no more nor less functional as when I tested it.

> Second, your phrase "didn't work" is one of a long series of common
> phrases that are actively harmful to diagnosis, because they omit what
> is really important.  (Others are "crashed", "bombed", "failed", etc.)
> What's omitted, and what's really important, is _what actually
> happened_.
> 
> To clarify that point, I tend to tell querents "Techies are from
> Missouri." That is, you need to _show them_.  If you did something that
> is important at the command line, _show_ the entire command-line
> sequence to the people you want to help you, using cut-and-paste.  E.g.:
> 
> $ su -
> Password:
> # cd /dev
> # ls -l modem
> ls: modem: No such file or directory
> # ln -s ttyS0 modem
> # ls -l modem
> lrwxrwxrwx    1 rute     root            5 Dec 17 07:03 modem -> ttyS0 #
> exit
> $
> 
> Notice how I take a couple of extra steps to show that no symbolic link
> exists when I started, and the exact nature of what was created when I
> finished.  Given that information, a technician whom I've asked to help
> me would know objectively exactly what I've done and where the "modem"
> symlink points to.

Yes, this would all be ideal, but one has to keep in mind that one of the
manifestations of the problem at hand is that he cannot access his e-mail
and his Linux installation at the same time. If I had his phone number, I
could try to give some of this a more real-time approach, but the most
real-time approach would of course be tomorrow's SVLUG installfest.

> Third (and as an extension of the "Show me" point), you're displaying
> the very, very common, but problematic trait of telling us your
> _interpretations_ rather than the raw data.  Technicians need raw data;
> it's not good for them to have to rely on your interpretations.  E.g.:
> 
> 
>> When I try to start Netzero client from the desktop, it does not
>> recognize the modem.
> 
> Your phrase "does not recognize" is your _interpretation_.  You don't
> state what sequence of events happened that lead you to that conclusion.
> The latter is the raw data, and is what technicians need.

Yes, it's his interpretation, but I think it's reasonable for me to assume
that it's an interpretation of events identical to what I saw first hand
when I tested to see how well the NetZero client would work, which was
that everything was fine until it tried to access /dev/modem, which didn't
exist.

> Because technicians are not present in the room with you, your
> description has to compensate for our inability to see what you're
> seeing.  Except in the case of baseline tools that are on every Linux
> system, you shouldn't assume that we all have the software you're using,
> either.
> 
> If your case, I believe the "Netzero client" you speak of is a graphical
> proprietary application.  But you didn't say that -- and you really do
> need to say it.  You said you "started" it "from the desktop".  Started
> how?  What desktop?  Sometimes, for purposes of clarity in diagnostic
> situations, it's best to run even graphical applications of interest
> from a terminal session, e.g.:
> 
> $ netzero &
> $
> 
> (The "&" detaches the started-up process from the terminal, starting it
> in background, and giving you back your command prompt.
> 
> If you that, and copy and paste the command session, then technicians
> will know precisely what you did to launch such programs, and will have
> greater confidence that you didn't forget to mention something
> important.

This one's a no-brainer: He has an icon for the NetZero client on his KDE
desktop, because the name of the script that invokes it is not "netzero"
but something cryptic that I didn't bother to remember, and not even in
his $PATH, but buried somewhere in /opt. When the icon is opened, the
script is run, and what looks like it might be a Motif-based app appears.

> Does the Netzero client have a screen for configuration (aka
> "preferences")?  Does such a screen show a serial port that is to be
> used?  Does it say /dev/modem?

It does have configuration and preferences screens, but the serial port is
not among the options. Evidently, that's hardwired to /dev/modem,
presumably meaning that Linspire would have its own configuration and
preferences screens that control to what that symlink would point on such
a system. This is not an incompatibility with Kubuntu since Kubuntu also
has such a configuration option in /etc/udev/links.conf, but Kubuntu does
not have a graphical way to set that because it is not normally used in
that distribution.

>>The kppp recognizes the modem fine.
> 
> Again, it's really hard for us to know what this means.  You could mean
> that kppp dials, connects, negotiates your PPP login, and establishes
> full Internet connectivity that you confirmed by doing the following at
> a command prompt:
> 
> 
> $ ping www.apple.com
> PING www.apple.com.akadns.net (17.254.0.91) 56(84) bytes of data. 64
> bytes from www.apple.com (17.254.0.91): icmp_seq=1 ttl=241 time=617 ms
> 64 bytes from www.apple.com (17.254.0.91): icmp_seq=2 ttl=241 time=618
> ms 64 bytes from www.apple.com (17.254.0.91): icmp_seq=3 ttl=241
> time=622 ms
> 
> --- www.apple.com.akadns.net ping statistics --- 4 packets transmitted,
> 3 received, 25% packet loss, time 3697ms rtt min/avg/max/mdev =
> 617.394/619.272/622.122/2.147 ms $
> 
> 
> Doesn't kppp have a screen where the modem device can be specified? What
> does it say?  Maybe "/dev/ttyS0"?

Obviously, it's not all of that that kppp does, because NetZero is his
only ISP, and they don't accept standard PPP logins. The fact that kppp is
able to do any of it at all tells me that no kernel modules are at fault,
and that's pretty much the only useful information that could be gleaned
at this point from an attempt to use kppp. In light of all of the above, I
think it's reasonable to assume that kppp was configured to use /dev/ttyS0
and not /dev/modem, which is why I said to make sure it behaves
identically both ways.

>> I did ln -s tty0 /dev/modem but that didn't work.
> 
> Again, the biggest problem in the above, even worse than the fact that
> it's unclear what directory you were in, and thus unclear where "tty0"
> is, and even worse than /dev/tty0 (as opposed to /dev/ttyS0) making no
> sense as a serial device, is that we have no way of knowing what you
> mean when you say "didn't work".

The current working directory has no bearing on the creation of a symlink,
except of course that tab-completion will only work if you are in the
directory where the symlink will live.

> You were probably really clear in your mind about what you meant, but we
> can't read your mind -- or your screen.  ;->

Agreed, but it can't be helped in this case, for reasons I stated above.

>> I tried it from a terminal as root but that didn't matter except it
>> said DM is off. What does that mean.
> 
> Insufficient data.

Yes, I said as much.

>>     Any suggestions on getting the Netzero to work?
> 
> Yes.  What does the accompanying documentation state, about how to
> specify the serial port?

I did not detect the presence of any "accompanying documentation" for the
NetZero client. I am assuming that the port is specified by the
destination of the /dev/modem symlink, because when the symlink didn't
exist, the NetZero client complained that it couldn't find /dev/modem.


From rick at linuxmafia.com  Fri Dec 16 17:28:42 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 16 Dec 2005 17:28:42 -0800
Subject: [conspire] Breezy Badger /Netzero
In-Reply-To: <pan.2005.12.17.00.53.36.224066@gimpelevich.san-francisco.ca.us>
References: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>
	<mailman.147.1134777344.673.conspire@linuxmafia.com>
	<pan.2005.12.17.00.53.36.224066@gimpelevich.san-francisco.ca.us>
Message-ID: <20051217012842.GX7646@linuxmafia.com>

Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> Yes, I said as much.

You're probably assuming that I was in possession of your post when I
wrote mine.  That is not the case.  I started writing my reply to John
quite a while ago.  While it was in buffer (and I wasn't reading new 
posts), you sent your own, shorter reply.  A short while later, I
finished mine, posted it, and -- finally -- read yours.

There are several points that I was trying to make for John's long-term 
benefit, above and beyond solving his immediate problem:

1. Techies are from Missouri.  ("Show me.")  Don't make us guess that 
   you were in the correct directory when you typed "ln -s...".  
   Show us!
2. We can't see what the user is seeing.
3. Literally accurate, chronologically ordered recountings of 
   exactly what happened are highly desirable.  Producing those 
   usually requires _trying again_, and either taking really good
   notes or using "script" to capture your session.  
4. You as the user can't assume we know (or remember) your system,
   or your situation.  Yes, there might be _one_ of us who does, 
   but it's rude to not bear in mind that you're speaking to _all_ of us.
   (If you're trying to seek help from just that one guy, kindly at least 
   say so.)
5. You as the user can't assume we also have your choice of "desktop"
   software at our disposal.


> I took all of that into account in my reply....

Which didn't exist, from where I sat, when I composed mine.

> One of the last things I did to his system was "sudo ln -s ttyS0
> /dev/modem" but did not retest the NetZero client after that because
> he had not brought his modem with him anyway. I also warned him that I
> did not know whether that symlink would survive a reboot in the
> presence of udev. I now know that it would not, so the symlink I
> created went away almost immediately, thus leaving the NetZero client
> no more nor less functional as when I tested it.

Suggestion:  Have the user take notes.  We have spare printer/fax paper,
for those who didn't think to bring any.

The smartest thing I ever did, when I was first admining Linux, was keep
a composition book next to the monitor, and record every significant 
change or configuration or problem in it.  This is _particularly_
important for those new to Linux, since they're going to be overwhelmed
with new things to deal with, and cannot be expected to remember things
you mention as followup items.


> Yes, this would all be ideal, but one has to keep in mind that one of the
> manifestations of the problem at hand is that he cannot access his e-mail
> and his Linux installation at the same time. 

So, he can use a text editor, instead.  Save it to a floppy or USB flash
drive, if necessary.

When I was new to Linux, this is one of the things I used that
composition book (or other notepaper) for.  These days, for just a
terminal session, I'd often use "script" to log the session.


> > Your phrase "does not recognize" is your _interpretation_.  You don't
> > state what sequence of events happened that lead you to that conclusion.
> > The latter is the raw data, and is what technicians need.
> 
> Yes, it's his interpretation, but I think it's reasonable for me to assume
> that it's an interpretation of events identical to what I saw first hand
> when I tested to see how well the NetZero client would work, which was
> that everything was fine until it tried to access /dev/modem, which didn't
> exist.

See point #4:  He was addressing this mailing list's entire membership
as a whole, not just you.  And my point was explicitly a broad, pretty
much universal one, that will aid him in _all_ technical assistance and
documentation situations.


> > If you that, and copy and paste the command session, then technicians
> > will know precisely what you did to launch such programs, and will have
> > greater confidence that you didn't forget to mention something
> > important.
> 
> This one's a no-brainer: He has an icon for the NetZero client on his KDE
> desktop, because the name of the script that invokes it is not "netzero"
> but something cryptic that I didn't bother to remember, and not even in
> his $PATH, but buried somewhere in /opt. When the icon is opened, the
> script is run, and what looks like it might be a Motif-based app appears.

See points #4 and 5.


> > Does the Netzero client have a screen for configuration (aka
> > "preferences")?  Does such a screen show a serial port that is to be
> > used?  Does it say /dev/modem?
> 
> It does have configuration and preferences screens, but the serial port is
> not among the options. Evidently, that's hardwired to /dev/modem,
> presumably meaning that Linspire would have its own configuration and
> preferences screens that control to what that symlink would point on such
> a system.

The point was not so much to find out that datum from John, as to ensure
that he _look_, and mention having done so, in similar situations in the 
future.  I'm attempting to help John learn to fish, instead of just
giving him a fish.


> Obviously, it's not all of that that kppp does, because NetZero is his
> only ISP, and they don't accept standard PPP logins. The fact that kppp is
> able to do any of it at all tells me that no kernel modules are at fault,
> and that's pretty much the only useful information that could be gleaned
> at this point from an attempt to use kppp.

Maybe -- but he didn't say so, and it's better that he not obliged
people to guess.

> In light of all of the above, I think it's reasonable to assume that
> kppp was configured to use /dev/ttyS0 and not /dev/modem, which is why
> I said to make sure it behaves identically both ways.

I made the same guess -- but it was more important to stress to John
that he provide reliable relevant informaiton in his help requests, than
it was for me to guess that information correctly.


> >> I did ln -s tty0 /dev/modem but that didn't work.
> > 
> > Again, the biggest problem in the above, even worse than the fact that
> > it's unclear what directory you were in, and thus unclear where "tty0"
> > is, and even worse than /dev/tty0 (as opposed to /dev/ttyS0) making no
> > sense as a serial device, is that we have no way of knowing what you
> > mean when you say "didn't work".
> 
> The current working directory has no bearing on the creation of a symlink,
> except of course that tab-completion will only work if you are in the
> directory where the symlink will live.

The current working directory would _very_ much have a bearing on that
matter, if he were in the wrong directory.  Thus my point that he should 
_show us_, rather than obliging us to guess that he was _probably_
somewhere useful when he did that.

> > You were probably really clear in your mind about what you meant, but we
> > can't read your mind -- or your screen.  ;->
> 
> Agreed, but it can't be helped in this case, for reasons I stated above.

No, Daniel, I know it _can_.  I've devoted a lot of user-assistance
documentation, including that essay I co-write with Eric Raymond, to
helping users get around that problem.

> > Yes.  What does the accompanying documentation state, about how to
> > specify the serial port?
> 
> I did not detect the presence of any "accompanying documentation" for the
> NetZero client.

If John knew of this, then it would have been a good idea to mention it.
("Oh, by the way, I _did_ check for any documentation provided with 
the Linspire-oriented .deb I installed the NetZero app from onto my 
Kubuntu box from:  There was nothing in /usr/share/doc/netzero or
/usr/share/doc/NetZero, and here's what happened when I tried to call up
a manpage:  [small terminal session]"


> I am assuming that the port is specified by the destination of the
> /dev/modem symlink, because when the symlink didn't exist, the NetZero
> client complained that it couldn't find /dev/modem.

That's what I figured, too -- but my main concern was the broader one.




From daniel at gimpelevich.san-francisco.ca.us  Fri Dec 16 19:25:42 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 16 Dec 2005 19:25:42 -0800
Subject: [conspire] Breezy Badger /Netzero
References: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>
	<mailman.147.1134777344.673.conspire@linuxmafia.com>
	<pan.2005.12.17.00.53.36.224066@gimpelevich.san-francisco.ca.us>
	<mailman.148.1134782927.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.17.03.25.42.513314@gimpelevich.san-francisco.ca.us>

Providing validation for John's lack of information was not the purpose of
my last post. The primary purpose was to elaborate on additional
information regarding the problem, since I was in a unique position to do
that. If my choosing to do so in the context of your post was somehow
construed as dismissing or attacking you, I apologize, as I had no
intention of doing that.

On Fri, 16 Dec 2005 17:28:42 -0800, Rick Moen wrote:

[snip]
> Suggestion:  Have the user take notes.  We have spare printer/fax paper,
> for those who didn't think to bring any.
> 
> The smartest thing I ever did, when I was first admining Linux, was keep
> a composition book next to the monitor, and record every significant
> change or configuration or problem in it.  This is _particularly_
> important for those new to Linux, since they're going to be overwhelmed
> with new things to deal with, and cannot be expected to remember things
> you mention as followup items.

Yes, it may be very helpful for John to do that, but I wouldn't want to
decide for him which tidbits are worthy of recording and where.

>> Yes, this would all be ideal, but one has to keep in mind that one of
>> the manifestations of the problem at hand is that he cannot access his
>> e-mail and his Linux installation at the same time.
> 
> So, he can use a text editor, instead.  Save it to a floppy or USB flash
> drive, if necessary.

You or I could do that, or even access his vfat Windows partition
directly, but I think it's a little much to expect those that are new to
have done that without a separate demonstration of only that.

> When I was new to Linux, this is one of the things I used that
> composition book (or other notepaper) for.  These days, for just a
> terminal session, I'd often use "script" to log the session.

And I tend to use ~/.bash_history for that purpose. "All sizes fit one."

[snip]
> See point #4:  He was addressing this mailing list's entire membership
> as a whole, not just you.  And my point was explicitly a broad, pretty
> much universal one, that will aid him in _all_ technical assistance and
> documentation situations.

Again, what I said is meant to supplement what you said, not supplant it.
I know it's a bit nonstandard, but unless I am making a specific reference
to something as being inaccurate (such as the symlink/directory issue
below), I am underscoring what was previously said. I can see how that
could cause confusion, but it can save a lot of excess typing/speaking.

[snip]
>> > Does the Netzero client have a screen for configuration (aka
>> > "preferences")?  Does such a screen show a serial port that is to be
>> > used?  Does it say /dev/modem?
>> 
>> It does have configuration and preferences screens, but the serial port
>> is not among the options. Evidently, that's hardwired to /dev/modem,
>> presumably meaning that Linspire would have its own configuration and
>> preferences screens that control to what that symlink would point on
>> such a system.
> 
> The point was not so much to find out that datum from John, as to ensure
> that he _look_, and mention having done so, in similar situations in the
> future.  I'm attempting to help John learn to fish, instead of just
> giving him a fish.

OK, this is an example of what may have been worthy of John's hypothetical
notes: the results of previous examinations of the configuration and
preferences screens. If a device setting had been there, the likelihood
that it would say /dev/modem is not that great, but still a strong
possibility. In the event that it said something else, it would have been
necessary to explain what the different serial devices available under
Linux are, which would be desirable, but it was getting late at the time
the NetZero client was being tested, so I took a shortcut by going through
the configuration and preferences screens myself and reporting my
conclusions to John. Mea culpa.

>> Obviously, it's not all of that that kppp does, because NetZero is his
>> only ISP, and they don't accept standard PPP logins. The fact that kppp
>> is able to do any of it at all tells me that no kernel modules are at
>> fault, and that's pretty much the only useful information that could be
>> gleaned at this point from an attempt to use kppp.
> 
> Maybe -- but he didn't say so, and it's better that he not obliged
> people to guess.

Perhaps it may be construed as a request to guess, but for it to be an
obligation, there would have to be some kind of if-then based on the
missing information. Although that is not the case here, I can see how
ignoring this relatively extraneous partial information can encourage
partial information where it matters, necessitating requests for
clarification.

[snip]
>> >> I did ln -s tty0 /dev/modem but that didn't work.
>> > 
>> > Again, the biggest problem in the above, even worse than the fact
>> > that it's unclear what directory you were in, and thus unclear where
>> > "tty0" is, and even worse than /dev/tty0 (as opposed to /dev/ttyS0)
>> > making no sense as a serial device, is that we have no way of knowing
>> > what you mean when you say "didn't work".
>> 
>> The current working directory has no bearing on the creation of a
>> symlink, except of course that tab-completion will only work if you are
>> in the directory where the symlink will live.
> 
> The current working directory would _very_ much have a bearing on that
> matter, if he were in the wrong directory.  Thus my point that he should
> _show us_, rather than obliging us to guess that he was _probably_
> somewhere useful when he did that.

It has been my experience that the current directory is not involved in
the creation of symlinks other than as a basis for a relative pathname
provided to the ln command as the final argument only. Please share any
information you may have as to how that could adversely affect a situation
where one is in the wrong directory while issuing an ln command with an
absolute pathname as the final argument, as John showed above, and as
would be most convenient when putting a symlink so close to the top of the
tree.

>> > You were probably really clear in your mind about what you meant, but we
>> > can't read your mind -- or your screen.  ;->
>> 
>> Agreed, but it can't be helped in this case, for reasons I stated above.
> 
> No, Daniel, I know it _can_.  I've devoted a lot of user-assistance
> documentation, including that essay I co-write with Eric Raymond, to
> helping users get around that problem.

I meant it can't be helped that he had already asked for help without the
system in question in front of him at the time, and that IMO the reasons I
stated were justifiable for him to feel the need to do it that way. It
would always be possible to improve upon how one goes about collecting the
information the next time that would be needed by anyone who might step
in to help.

>> > Yes.  What does the accompanying documentation state, about how to
>> > specify the serial port?
>> 
>> I did not detect the presence of any "accompanying documentation" for
>> the NetZero client.
> 
> If John knew of this, then it would have been a good idea to mention it.
> ("Oh, by the way, I _did_ check for any documentation provided with the
> Linspire-oriented .deb I installed the NetZero app from onto my Kubuntu
> box from:  There was nothing in /usr/share/doc/netzero or
> /usr/share/doc/NetZero, and here's what happened when I tried to call up
> a manpage:  [small terminal session]"

I attempted to inquire about exactly this beforehand when I asked John to
report back on the results of "dpkg -c" some time ago. Unfortunately, he
did not know enough to be able to identify anything of interest from that,
such as a "doc" or "man" directory. I was very hasty when, after he had
installed the package, I did a "dpkg -L" to see where it put anything that
would resemble either an executable or a plug-in for one, so there may
still be some documentation of some kind in there somewhere that I didn't
detect. There may also be some kind of documentation on whatever webpage
he downloaded the package from, which I never saw.

[snip]


From rick at linuxmafia.com  Fri Dec 16 20:09:34 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 16 Dec 2005 20:09:34 -0800
Subject: [conspire] Breezy Badger /Netzero
In-Reply-To: <pan.2005.12.17.03.25.42.513314@gimpelevich.san-francisco.ca.us>
References: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>
	<mailman.147.1134777344.673.conspire@linuxmafia.com>
	<pan.2005.12.17.00.53.36.224066@gimpelevich.san-francisco.ca.us>
	<mailman.148.1134782927.673.conspire@linuxmafia.com>
	<pan.2005.12.17.03.25.42.513314@gimpelevich.san-francisco.ca.us>
Message-ID: <20051217040934.GY7646@linuxmafia.com>

Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> Providing validation for John's lack of information was not the purpose of
> my last post. The primary purpose was to elaborate on additional
> information regarding the problem, since I was in a unique position to do
> that. If my choosing to do so in the context of your post was somehow
> construed as dismissing or attacking you, I apologize, as I had no
> intention of doing that.

No, that's not a problem.  Thanks for stepping in, by the way.

> Yes, it may be very helpful for John to do that, but I wouldn't want to
> decide for him which tidbits are worthy of recording and where.

Yes.  Actually, the very task of having to decide what's worth writing
down was, if I remember correctly, really helpful if something of an
extra challenge.

> > So, he can use a text editor, instead.  Save it to a floppy or USB flash
> > drive, if necessary.
> 
> You or I could do that, or even access his vfat Windows partition
> directly, but I think it's a little much to expect those that are new to
> have done that without a separate demonstration of only that.

In a way, I was sort of thinking aloud, and looking towards my possible
near-term project of a "So CABAL helped you install Linux.  Now what?" 
document -- which, among other things, would address some of those
tricky points like "How (and why) do I do terminal session capture, and
how do I move files between Linux and Windows?"

But this actually was one of the reasons why I initially used a
composition book -- because it was so low-tech as to not pose additional
challenges while I had my hands full enough with an alien OS, already.

> And I tend to use ~/.bash_history for that purpose. "All sizes fit one."

~/.bash_history will show you what _you_ typed at the command line -- but
/usr/bin/script records that _plus_ what the computer responded when you
typed at it, in strict event order.

It's frequently very useful to have an absolutely verbatim log of a
terminal session, and /usr/bin/script does exactly that.


> OK, this is an example of what may have been worthy of John's hypothetical
> notes: the results of previous examinations of the configuration and
> preferences screens. If a device setting had been there, the likelihood
> that it would say /dev/modem is not that great, but still a strong
> possibility. In the event that it said something else, it would have been
> necessary to explain what the different serial devices available under
> Linux are, which would be desirable, but it was getting late at the time
> the NetZero client was being tested, so I took a shortcut by going through
> the configuration and preferences screens myself and reporting my
> conclusions to John. Mea culpa.

Eh, you didn't do anything wrong.  ;->

As you said, you were in the unusual situation of knowing a lot more
about John's situation than the rest of us, but I had only the text of
John's request to work with (plus the vague recollection of answering
questions, earlier, about installing the NetZero .deb from Linspire onto
something else).   

Presumably John's going to want to seek help again, and he'll be best
advised to be aware of the best way to ask technical questions, which 
entails among other things telling people what you checked before
posting.

> Perhaps it may be construed as a request to guess, but for it to be an
> obligation, there would have to be some kind of if-then based on the
> missing information.

Huh?  I'm not sure I'm following you (and I might have been guilty of 
being a little cryptic, myself).  I was saying that "he didn't say"
what kppp succeeded at doing, meaning that the reader is obliged to 
guess if he's to arrive at any conclusions on that score, e.g., "John
must have meant that kppp successfully made the modem dial" or "John
must have meant that kppp successfully secured remote IP transport."

> It has been my experience that the current directory is not involved in
> the creation of symlinks other than as a basis for a relative pathname
> provided to the ln command as the final argument only. Please share any
> information you may have as to how that could adversely affect a situation
> where one is in the wrong directory while issuing an ln command with an
> absolute pathname as the final argument, as John showed above, and as
> would be most convenient when putting a symlink so close to the top of the
> tree.

Huh, you're right.  I just learned something:

~ $ su -
Password: 
linuxmafia:~# ln -s ttyS0 /dev/anothermodem
linuxmafia:~# ls -al /dev/anothermodem 
lrwxrwxrwx  1 root root 5 2005-12-16 19:57 /dev/anothermodem -> ttyS0
linuxmafia:~# 

I've always been really careful when creating symlinks to use explicit 
pathing (either absolute or relative, depending), and had wrongly
assumed that the shell would expand any unqualified filename used as the
first argument, using as default path the current directory.  Wow, and I
never even tested that assumption.

I still do prefer links that have more path information in them, though.

> I meant it can't be helped that he had already asked for help without the
> system in question in front of him at the time, and that IMO the reasons I
> stated were justifiable for him to feel the need to do it that way. It
> would always be possible to improve upon how one goes about collecting the
> information the next time that would be needed by anyone who might step
> in to help.

Eh, don't forget:  I was unaware that you were fully briefed, and
assumed John was addressing all of the mailing list's membership.

> I attempted to inquire about exactly this beforehand when I asked John to
> report back on the results of "dpkg -c" some time ago. Unfortunately, he
> did not know enough to be able to identify anything of interest from that,
> such as a "doc" or "man" directory. I was very hasty when, after he had
> installed the package, I did a "dpkg -L" to see where it put anything that
> would resemble either an executable or a plug-in for one, so there may
> still be some documentation of some kind in there somewhere that I didn't
> detect. There may also be some kind of documentation on whatever webpage
> he downloaded the package from, which I never saw.

Actually, my point was a broader one:  If you have some idea where to
look for documentation before posting, it improves your help request to
mention where you looked.  Equally, if you have _no_ idea where to look, 
it improves your help request to mention that fact, because at least it 
stresses that you tried -- and people will probably then advise you
about where to look, as a bonus.

I should hasten to add, again, for John's benefit, that I'm not trying
to denigrate what he wrote; I'm just trying to help give advice about 
future help requests, to make them easier to assist with, and thus a less
frustrating experience for both John and his future helpers.





From daniel at gimpelevich.san-francisco.ca.us  Fri Dec 16 20:52:59 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 16 Dec 2005 20:52:59 -0800
Subject: [conspire] Breezy Badger /Netzero
References: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>
	<mailman.147.1134777344.673.conspire@linuxmafia.com>
	<pan.2005.12.17.00.53.36.224066@gimpelevich.san-francisco.ca.us>
	<mailman.148.1134782927.673.conspire@linuxmafia.com>
	<pan.2005.12.17.03.25.42.513314@gimpelevich.san-francisco.ca.us>
	<mailman.149.1134792579.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.17.04.52.58.651782@gimpelevich.san-francisco.ca.us>

On Fri, 16 Dec 2005 20:09:34 -0800, Rick Moen wrote:

[snip]
>> Perhaps it may be construed as a request to guess, but for it to be an
>> obligation, there would have to be some kind of if-then based on the
>> missing information.
> 
> Huh?  I'm not sure I'm following you (and I might have been guilty of
> being a little cryptic, myself).  I was saying that "he didn't say" what
> kppp succeeded at doing, meaning that the reader is obliged to guess if
> he's to arrive at any conclusions on that score, e.g., "John must have
> meant that kppp successfully made the modem dial" or "John must have
> meant that kppp successfully secured remote IP transport."
[snip]

Example:
If kppp successfully made the modem dial, then Conclusion A.
If kppp successfully secured remote IP transport, then Conclusion B.

If there is no meaningful difference between Conclusion A and Conclusion
B, one is hardly obligated to guess which of the two conclusions to draw.


From rick at linuxmafia.com  Fri Dec 16 21:02:21 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 16 Dec 2005 21:02:21 -0800
Subject: [conspire] Breezy Badger /Netzero
In-Reply-To: <pan.2005.12.17.04.52.58.651782@gimpelevich.san-francisco.ca.us>
References: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>
	<mailman.147.1134777344.673.conspire@linuxmafia.com>
	<pan.2005.12.17.00.53.36.224066@gimpelevich.san-francisco.ca.us>
	<mailman.148.1134782927.673.conspire@linuxmafia.com>
	<pan.2005.12.17.03.25.42.513314@gimpelevich.san-francisco.ca.us>
	<mailman.149.1134792579.673.conspire@linuxmafia.com>
	<pan.2005.12.17.04.52.58.651782@gimpelevich.san-francisco.ca.us>
Message-ID: <20051217050221.GZ7646@linuxmafia.com>

Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> If there is no meaningful difference between Conclusion A and Conclusion
> B, one is hardly obligated to guess which of the two conclusions to draw.

Yes, but one had to guess, to arrive at _either_ of those conclusions.
For all we knew, "The kppp recognizes the modem fine" might have meant
to John merely that kppp didn't complain, or heavens knows what else.

Call me a cynic, but I've seen people use the terms "worked" and
"recognized" to mean a lot of odd things -- and likewise "crashed", etc.

Deirdre accuses me of having a brain that's a ridiculously over-strict
parser, always throwing up exceptions over even arguably vague syntax.  ;->





From daniel at gimpelevich.san-francisco.ca.us  Fri Dec 16 21:20:50 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 16 Dec 2005 21:20:50 -0800
Subject: [conspire] Breezy Badger /Netzero
References: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>
	<mailman.147.1134777344.673.conspire@linuxmafia.com>
	<pan.2005.12.17.00.53.36.224066@gimpelevich.san-francisco.ca.us>
	<mailman.148.1134782927.673.conspire@linuxmafia.com>
	<pan.2005.12.17.03.25.42.513314@gimpelevich.san-francisco.ca.us>
	<mailman.149.1134792579.673.conspire@linuxmafia.com>
	<pan.2005.12.17.04.52.58.651782@gimpelevich.san-francisco.ca.us>
	<mailman.150.1134795750.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.17.05.20.49.698313@gimpelevich.san-francisco.ca.us>

On Fri, 16 Dec 2005 21:02:21 -0800, Rick Moen wrote:

> Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):
> 
>> If there is no meaningful difference between Conclusion A and Conclusion
>> B, one is hardly obligated to guess which of the two conclusions to draw.
> 
> Yes, but one had to guess, to arrive at _either_ of those conclusions.
> For all we knew, "The kppp recognizes the modem fine" might have meant
> to John merely that kppp didn't complain, or heavens knows what else.

If it did mean that, would there be a different conclusion you would draw?

> Call me a cynic, but I've seen people use the terms "worked" and
> "recognized" to mean a lot of odd things -- and likewise "crashed", etc.

Unless he would define "worked" as "succeeded in crashing," I wouldn't
expect it to skew the situation any.

> Deirdre accuses me of having a brain that's a ridiculously over-strict
> parser, always throwing up exceptions over even arguably vague syntax.  ;->

The necessity of training oneself to be such an over-strict parser is an
occupational hazard. Those of us who are such over-strict parsers without
any special training welcome you.


From rick at linuxmafia.com  Fri Dec 16 23:39:11 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 16 Dec 2005 23:39:11 -0800
Subject: [conspire] Breezy Badger /Netzero
In-Reply-To: <pan.2005.12.17.05.20.49.698313@gimpelevich.san-francisco.ca.us>
References: <003501c60226$d86a5d60$86a25545@usernir6lkfs8c>
	<mailman.147.1134777344.673.conspire@linuxmafia.com>
	<pan.2005.12.17.00.53.36.224066@gimpelevich.san-francisco.ca.us>
	<mailman.148.1134782927.673.conspire@linuxmafia.com>
	<pan.2005.12.17.03.25.42.513314@gimpelevich.san-francisco.ca.us>
	<mailman.149.1134792579.673.conspire@linuxmafia.com>
	<pan.2005.12.17.04.52.58.651782@gimpelevich.san-francisco.ca.us>
	<mailman.150.1134795750.673.conspire@linuxmafia.com>
	<pan.2005.12.17.05.20.49.698313@gimpelevich.san-francisco.ca.us>
Message-ID: <20051217073911.GA7646@linuxmafia.com>

Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> > Yes, but one had to guess, to arrive at _either_ of those conclusions.
> > For all we knew, "The kppp recognizes the modem fine" might have meant
> > to John merely that kppp didn't complain, or heavens knows what else.
> 
> If it did mean that, would there be a different conclusion you would draw?

Sure.  I'd conclude that we didn't even know that kppp was trying to talk
to the correct serial port.  In which case, asking which port kppp was 
configured to use would be useless.  It does make a difference.

> The necessity of training oneself to be such an over-strict parser is
> an occupational hazard. Those of us who are such over-strict parsers
> without any special training welcome you.

<grin>




From jane_ikari at yahoo.com  Sat Dec 17 14:37:40 2005
From: jane_ikari at yahoo.com (bruce coston)
Date: Sat, 17 Dec 2005 14:37:40 -0800 (PST)
Subject: [conspire] pixma printers
Message-ID: <20051217223740.32583.qmail@web60815.mail.yahoo.com>

this is the 2nd refill where my pixma 3000 is dumping gobs of ink that splotch the pages. Was it Daniel who got some experience messing around inside a pixma printer? not as urgent as it could be because I have ross's old canon as a 2nd printer for hi -er quality printing and a friend has my pixma 2000 : does anybody know how to rig a continuous print system cheap ?
 
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20051217/e639e69f/attachment.html>

From daniel at gimpelevich.san-francisco.ca.us  Sat Dec 17 18:51:46 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Sat, 17 Dec 2005 18:51:46 -0800
Subject: [conspire] pixma printers
References: <mailman.153.1134859085.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.18.02.51.43.904387@gimpelevich.san-francisco.ca.us>

I haven't messed around inside a Canon yet, but I have with Epson and HP.
Shouldn't be all that different from an Epson. Continuous-ink systems are
a major PITA, but I seem to remember a cheap one for Epson. If you really
do that much printing, I'll take a look at anything like that when I'm at
the MacWorld Expo next month.

On Sat, 17 Dec 2005 14:37:40 -0800, bruce coston wrote:

> this is the 2nd refill where my pixma 3000 is dumping gobs of ink that splotch the pages. Was it Daniel who got some experience messing around inside a pixma printer? not as urgent as it could be because I have ross's old canon as a 2nd printer for hi -er quality printing and a friend has my pixma 2000 : does anybody know how to rig a continuous print system cheap ?
>  
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com this is the 2nd refill where my pixma 3000 is dumping gobs of ink that splotch the pages. Was it Daniel who got some experience messing around inside a pixma printer? not as urgent as it could be because I have ross's old canon as a 2nd printer for hi -er quality printing and a friend has my pixma 2000 : does anybody know how to rig a continuous print system cheap ?<br> <p>__________________________________________________<br>Do You Yahoo!?<br>Tired of spam?  Yahoo! Mail has the best spam protection around <br>http://mail.yahoo.com



From rossbernheim at speakeasy.net  Sat Dec 17 22:29:34 2005
From: rossbernheim at speakeasy.net (Ross Bernheim)
Date: Sat, 17 Dec 2005 22:29:34 -0800
Subject: [conspire] pixma printers
In-Reply-To: <pan.2005.12.18.02.51.43.904387@gimpelevich.san-francisco.ca.us>
References: <mailman.153.1134859085.673.conspire@linuxmafia.com>
	<pan.2005.12.18.02.51.43.904387@gimpelevich.san-francisco.ca.us>
Message-ID: <2ED6F44F-6D82-420C-AE58-C639BC69C6EF@speakeasy.net>

I have been doing that much printing with my Pixma 6600D lately. So far
the best paper that I have found for pictures is the Konica/Minolta  
glossy
paper. Next best so far is the Epson glossy paper. The paper along with
the ink is expensive. When I finish up the paper on hand, I am going to
try to find a less expensive paper source.

Ross


On Dec 17, 2005, at 6:51 PM, Daniel Gimpelevich wrote:

> I haven't messed around inside a Canon yet, but I have with Epson  
> and HP.
> Shouldn't be all that different from an Epson. Continuous-ink  
> systems are
> a major PITA, but I seem to remember a cheap one for Epson. If you  
> really
> do that much printing, I'll take a look at anything like that when  
> I'm at
> the MacWorld Expo next month.
>
> On Sat, 17 Dec 2005 14:37:40 -0800, bruce coston wrote:
>
>> this is the 2nd refill where my pixma 3000 is dumping gobs of ink  
>> that splotch the pages. Was it Daniel who got some experience  
>> messing around inside a pixma printer? not as urgent as it could  
>> be because I have ross's old canon as a 2nd printer for hi -er  
>> quality printing and a friend has my pixma 2000 : does anybody  
>> know how to rig a continuous print system cheap ?




From daniel at gimpelevich.san-francisco.ca.us  Sun Dec 18 02:01:59 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Sun, 18 Dec 2005 02:01:59 -0800
Subject: [conspire] Tray-loading iMac updates prior to a Linux install
Message-ID: <e48b3fbef82f95f7c72e9a65e71034e6@gimpelevich.san-francisco.ca.us>

Firmware information:

http://dialspace.dial.pipex.com/prod/dialspace/town/pipexdsl/s/asfq80/ 
dotcom/panthereatsimac/tray.htm

Modem updater:

http://docs.info.apple.com/article.html?artnum=85018

CD drive updater:

http://docs.info.apple.com/article.html?artnum=60458

-- 
"Consider that two wrongs never make a right, but that three do."
                                                       --National Lampoon




From wallachd at earthlink.net  Sun Dec 18 07:16:37 2005
From: wallachd at earthlink.net (Darlene Wallach)
Date: Sun, 18 Dec 2005 07:16:37 -0800
Subject: [conspire] Re: Tray-loading iMac updates prior to a Linux install
In-Reply-To: <e48b3fbef82f95f7c72e9a65e71034e6@gimpelevich.san-francisco.ca.us>
References: <e48b3fbef82f95f7c72e9a65e71034e6@gimpelevich.san-francisco.ca.us>
Message-ID: <43A57D55.4040709@earthlink.net>

Daniel Gimpelevich wrote:
> Firmware information:
> 
> http://dialspace.dial.pipex.com/prod/dialspace/town/pipexdsl/s/asfq80/dotcom/panthereatsimac/tray.htm
> 
> Modem updater:
> 
> http://docs.info.apple.com/article.html?artnum=85018
> 
> CD drive updater:
> 
> http://docs.info.apple.com/article.html?artnum=60458
> 

Thank you!

-- 
World Centric Fair Trade & Eco Store
http://www.worldcentric.org/store/
We have created and live in a world of gross social
and economic inequalities[1] and are at the same
time severely impacting[2] the natural eco-systems
and regenerating bio-capacity of the planet. Our
every action has an impact on the well-being of our
planet and our everyday decisions[3] can help create
a better world for all. In keeping with this fact
and our vision, the World Centric Fair Trade/Eco
Online Store provides everyday consumption choices,
which can help minimize social & economic
inequalities, reduce the impact of our consumption
on the environment and help create a better and
sustainable world.

[1] http://www.worldcentric.org/stateworld/socialjustice.htm
[2] http://www.worldcentric.org/stateworld/environment.htm
[3] http://www.worldcentric.org/sustain/index.htm



From rick at linuxmafia.com  Sun Dec 18 16:55:35 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Sun, 18 Dec 2005 16:55:35 -0800
Subject: [conspire] pixma printers
In-Reply-To: <20051217223740.32583.qmail@web60815.mail.yahoo.com>
References: <20051217223740.32583.qmail@web60815.mail.yahoo.com>
Message-ID: <20051219005535.GB7646@linuxmafia.com>

Quoting Bruce Coston (jane_ikari at yahoo.com):

> this is the 2nd refill where my pixma 3000 is dumping gobs of ink that splotch the pages. Was it Daniel who got some experience messing around inside a pixma printer? not as urgent as it could be because I have ross's old canon as a 2nd printer for hi -er quality printing and a friend has my pixma 2000 : does anybody know how to rig a continuous print system cheap ?

No, I don't, but it's funny that you should mention Canon's PIXMA
series.  A sometime CABAL attendee wrote me off-list to consult me on 
driver problems with his.  (He did conclude later that a PIXMA iP90 was
a _bad_ choice, and took it back and got an HP DeskJet 450ci, instead.)

Here's the relevant portion of my reply to his trouble report:





I'd say:  Take it back, unless you are looking for a major technical
challenge, and possibly a great deal of frustration, and possibly still
failing after all of that.

Sometimes, people who are really determined to salvage a questionable
purchase like that will resort to the proprietary Linux print drivers
from the German firm TurboPrint, http://www.turboprint.de/
(English-language site at http://www.turboprint.info/) .  As you'll
see on that Web site, they do not yet claim support for the PIXMA iP90.
I suppose, if you were desperate, you could write to them and ask if
they think they'll have a functional driver soon.  This Web forum had 
a post from some someone in that boat, except concerning a Canon PIXMA
ip 1600:  http://ubuntuforums.org/archive/index.php/t-76448.html 

  Today i got a reply from turboprint.de.
  They said something like this:
  (translated from german)

  "We plan a driver at around the end of the year. With this modern
  printers from Canon, its is hard to get the documentation for those so
  its not sure yet if the driver is realiseable"

  I brought the printer back today and got a HP.
  Check www.linuxprinting.org for Hardware compatibility.  

That gentleman's posting was dated Oct. 28, 2005.

Alternatively, you could attempt to extract the CUPS PPD file from the
driver Canon provides for use on Mac OS X, and kludge that into Linux.
But I've never attempted that stunt, and don't know how feasible it is.
Again, I'd class that as a desparation tactic.


Basically, what you did was encounter a very common pitfall:  You went
to Fry's to buy a printer without bringing _with you_ notes or printouts
concerning which printers are well supported in Linux.  Sometimes, you
can get lucky with this approach, but your luck did not pan out with
this printer.

Double-checking about Canon's PIXMA series online, it's possible to
discern some warning signs:

1.  It's specialised as a photo printer.  
2.  It's very inexpensive.
3.  It's a fairly new model (introduced Jan. 2005).

To explain:  

Printer companies regard any special tricks used to get super-high
colour and image quality out of inexpensive inkjets as valuable
proprietary information, and so are disinclined to cooperate with the
open source community, and in some cases might go out of their way to
make the techniques difficult to reverse-engineer.  It might even be
impossible to do regular black-ink text printing without mastering 
those secret techniques.  

The more inexpensive the printer, the more the manufacturer will be
inclined to regard any small proprietary-information advantage as vital 
to their competitive effort.

The newer the printer (and printer series), the less opportunity the
open source community -- or even TurboPrint, who unlike open source
coders are willing to sign non-disclosure agreements -- will have had to
figure out any secret tricks.


If I were you, I'd print out (or take extensive notes from)
Linuxprinting.org's "Suggested Printers' page,
http://www.linuxprinting.org/suggested.html, and shop again sticking
strictly to what's listed on that page.

-- 
Cheers,             
Rick Moen                 "Anger makes dull men witty, but it keeps them poor."
rick at linuxmafia.com                                   -- Elizabeth Tudor



From rick at linuxmafia.com  Sun Dec 18 21:27:36 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Sun, 18 Dec 2005 21:27:36 -0800
Subject: [conspire] Re: Usage of NDAs in legal flummery
In-Reply-To: <20051215185306.GQ20384@linuxmafia.com>
References: <20051215185306.GQ20384@linuxmafia.com>
Message-ID: <20051219052736.GA30955@linuxmafia.com>

I wrote (in my draft letter, that I ended up not sending):

> There was, however, one thing you said that concerned me:  You asserted
> that a non-disclosure agreement I signed 2 1/2 years ago is still in
> force, and would apply to our telephone conversation that followed.

Follow-up discussion of this micro-thread occurred during Saturday's
SVLUG installfest.  Some folks wanted to know (roughly speaking) if NDAs
you sign are, generally, enforceable.  One attendee wanted to know if
NDAs required by an employer automatically _expire_ when you leave a firm.

Yes, they're as a general rule enforceable.  _No_, there's nothing
requiring that employment-related NDAs expire when you leave a firm.
Beware!


Mandatory disclaimer:  Again, I'm not an attorney, and so it's illegal
for me to give people specific legal advice on their specific situations.  
So, I am not doing so:  If you need legal advice about some situation
you're in, _please_ consult an attorney.  (An initial consult isn't even
very expensive.)


Let's take that latter question first, since it's a really important
point:  Employers' NDAs, especially for those of us in the technology
field, are in fact _particularly_ aimed at dissuading people who've just
left employment from blabbing proprietary information.  On the other
hand, it's a fast-moving world, and, y'know, secrets just don't keep.
Any employer who imagines there's any legitimate point in keeping
apron-strings on ex-employees for more than, oh, six months is either
deluded, a power-mad freak, or is in some very unusual line of business
(e.g., you're agreeing to have custody of the secret formula for
Coca-Cola, or are becoming a spy for the CIA).  So:

  Suggestion #0:  Be damned careful what you sign.

  Suggestion #1:  Verify, _before_ you sign it, that any NDA, non-compete
  agreement, or proprietary inventions agreement has a sunset clause making 
  it expire no more than six months after your business relationship ends.  
  If it's missing, propose adding one.  If you don't hear a _really good_ 
  reason why it shouldn't be added, say no and walk away.


Over the weekend, I've been trying to remember things I've signed in the
past, including NDAs, non-compete clauses, and proprietary invention
agrements at a couple of dot-coms I worked for during the boom.  The
dot-coms required agreements of all employees that I knew from my own
legal research to be mostly bogus and unenforceable.  The CEO of one of
them explained to me that this was an iron-clad requirement imposed by
the VCs, and I do believe him.  I signed -- including the laughably
fraudulent paper that toothlessly claimed the firm would own everything
I did, even when I did it at home on my own time.

When I told a group of fellow dot-commers about that bogosity, they
doubted my word.  I posted:


--<begin snip>---

Here's the reference on proprietary inventions agreements, covered in
California by Labor Code section 2870-2872 (i.e., by statute law):

http://caselaw.lp.findlaw.com/cacodes/lab/2870-2872.html                        

In brief:  Regardless of what anything you sign purports to establish to
the contrary, whatever you create entirely on your own time with your
own resources is YOURS.  Caveat:  The burden of proof that you meet
those conditions is on you.


Here are references on non-compete clauses, covered in California by
Business and Professions Code section 16600 (another body of statute
law): 

http://caselaw.lp.findlaw.com/cacodes/bpc/16600-16607.html
http://www.fed.org/onlinemag/Feb00/tips.htm


In brief:  No employment-related covenant not to compete can shut you
out of your trade or profession, regardless of what you signed (except
where you owned the business that "employed" you and are now selling it,
or are dissolving a partnership and making such an agreement with your
fellow partners).  Those covenants are legally void.

[RM adds, 2005-12-18:  Note that that's in _California_.  In some other
states, e.g., Vermont, there are horror stories of people being legally
barred from their own professions for _years_ after leaving one employer,
because of a non-compete agreement.]


It would be nicely subtle -- polite but clear -- to hand in a printout
of the applicable statute to HR Dept. attached to your signed
non-compete and proprietary-inventions agreements, upon being hired.
For one thing, it's likely that most managers are unaware that such
instruments are toothless.

---<end snip>---

It is also a Federal offence for employers to sanction employees for
_comparing salaries_, per the National Labor Relations Act,
http://www.law.cornell.edu/uscode/html/uscode29/usc_sec_29_00000157----000-.html
http://www.law.cornell.edu/uscode/html/uscode29/usc_sec_29_00000158----000-.html
This comes as a surprise to almost everyone I inform about it, since
just about every employer I've ever encountered will tell you with a
straight face that it's a "termination offence" to discuss compensation
with your peers.  In their defence, the managers I've heard that from
believe it to be a fundamental right of employers, and are apparently
ignorant of the law.

(I am _not_ saying it's necessarily a good idea to carry out such
activity, merely that firms' prohibility of it is conclusively illegal
and can be themselves reversed and sanctioned by filings with the NLRB,
if such is ever necessary.)


Getting back to suggestions #0 and 1:  Employers have a legitimate
reason to be concerned about you quitting (or getting laid off) and
taking your knowledge down the street to their competitors.  California
law mostly (with a carve-out for "trade secrets" in a few narrowly
prescribed areas) says "Tough.  Live with it."  I.e., unlike the case in
Vermont and many other states, any agreement that tries to retrain you
from your trade or business is specifically _void_ by California law.

NDAs try to operate against that statute (Business and Professions Code
?16600), and it's apparently a tricky area of employment law for that
reason.  But you should assume they're for real:  Read them carefully; 
if they don't expire automatically (by specific terms to that effect) 
some reasonable time after you leave employment, that really should be
a deal-breaker, in my view.  You're not a serf; you shouldn't have to
sign documents proclaiming yourself one.  Ink in a six-month expiration
clause, and don't sign without it.


A couple of years ago, a former co-worker approached me, wanting to talk
about his idea for a Linux-oriented business.  It would involve a couple
of book-writing contracts, and a lucrative consulting business that
would emerge from the books and lectures.  He was eager to talk over
particulars with me -- but said he could not safely do so until I'd
signed his NDA.

I looked over the NDA.  It stipulated that there was a business
opportunity that would be discussed with me that was deemed valuable
proprietary information.  In signing it, I would agree that I would not
disclose his idea to others outside my business relationship with him,
and that I would not myself try to exploit the business opportunity on
my own.  In the event that I didn't pursue the opportunity, the NDA (and
non-compete) _did_ have a six-month time-out.

I was a little wary, so I stopped and talked with him:  I pointed out
that I operated a largely Linux/BSD-oriented consultancy, and did a
variety of work for small and medium-sized businesses.  I described
several of my recent client engagements, including one that involved
migrating an accounting system over to Linux.  I stressed that I'd be
extremely annoyed if his "business opportunity" turned out to be
something I was already doing, and that his non-compete had bloody well
better not try to bar me from any part of my own business.

I signed.  He then told me about his brainstorm:  Write a couple of
books describing in technical fine detail how to migrate firms over from
MS-Windows business applications to Linux ones.  His idea of the
division of labour was:  I wrote the books, with the two of us listed as
co-authors.  He and I then would split the profits from resulting
consulting opportunities on an, oh, 70/30 basis or something like that.

You guys would have been proud of me:  I didn't commit homicide, no
limbs were cut off.  I very politely declined the "business opportunity", 
wished him the very best of luck, and reminded him that a lot of my
ongoing business was in _precisely_ that area.  

Six months later, the agreement expired, and no harm came of it, but it
occurred to me in retrospect that I should have insisted on attaching to
the NDA/non-compete a list of the sorts of activities that were already
part of my business, and a statement that none of those, or anything
naturally emerging from those, should be considered a violation of the
agreement.  (I'd forgotten about Business and Professions Code
?16600, at the time.)

So, what I'm saying is, here I'm a pretty careful guy in legal matters,
and yet even I didn't heed Suggestion #0 quite well enough.  Do be
careful out there.


About NDA enforceability:  As I was saying, yes, NDAs in general _are_
enforceable as contracts.  If you try to ignore one, you can be hauled
into civil court on for the tort of breach of contract, and either
forced to pay damages (a remedy at law) or be subject to an injunction
(a remedy at equity).  

As I was saying in my earlier message, the NDA that $EXECUTIVE claims I
signed 2 1/2 years ago would have been unenforceable for lack of one of
the required elements for any contract to be valid:  "consideration".  
$FIRM could have said "We'll give you $1 for signing this NDA", and that
would have been enough -- but $FIRM hadn't done bupkes for me, as it
turned out.  (And, by the way, there is California caselaw clarifying
that it's not "consideration" to tell an employee "Sign this and we'll
let you keep your job."  There would have to be something additional 
given to the employee in exchange.)

If the contract _had_ been validly formed, then the law _in general_
doesn't interfere.  The assumption is that, if you're a competent adult,
any foolish commitments you enter into, in a contract, are your own
damned problem.   (California exceptions include the aforementioned ban on
contracts locking you out of your own profession, and Labor Code section
2870-2872's voiding of overreaching proprietary inventions agreements.)

So, beware:  The law will not in general protect you against being bound
by something ill-advised that you signed in a hurry.  Take NDAs and
other such things home to read them at your leisure.  If there's
anything that raises your eyebrow, or anything missing, make sure you 
cover it and settle the matter _in writing_ (not like me merely
_talking_ about problems with the ex-colleague).



From rick at linuxmafia.com  Sun Dec 18 22:38:17 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Sun, 18 Dec 2005 22:38:17 -0800
Subject: [conspire] Re: Usage of NDAs in legal flummery
In-Reply-To: <20051219052736.GA30955@linuxmafia.com>
References: <20051215185306.GQ20384@linuxmafia.com>
	<20051219052736.GA30955@linuxmafia.com>
Message-ID: <20051219063817.GA1770@linuxmafia.com>

I wrote:

> [RM adds, 2005-12-18:  Note that that's in _California_.  In some other
> states, e.g., Vermont, there are horror stories of people being legally
> barred from their own professions for _years_ after leaving one employer,
> because of a non-compete agreement.]

Er, _not_ Vermont.  Sorry, Vermonters!  Apologies for that slight to the
Green Mountain State.

I meant to cite that state's considerably more crazed neighbours, over
in New Hampshire.  Here's the anecdote I had in mind, quoted from a much
earlier discussion elsewhere:


My wife Deirdre used to work under the MIS director at PC Connection,
which is in New Hampshire.  The director's  husband also worked in the
computer industry (in sales), was _laid off_(!), and then was
successfully sued for working at a firm that was vaguely in the same
industry, on grounds of violating his non-compete clause.  The new
employer was in a different state, even!

The court barred him for accepting employment in any sales job in the
computer industry, for the duration of his non-compete term -- enforcing
the terms of the non-compete clause exactly.  So, he ended up taking a
forced three-year vacation with only minimal side-jobs.

Most states won't enforce non-compete clauses against laid off
employees, if (unlike in California) they're regarded as enforceable at
all:  New Hampshire leans towards the lunatic fringe of anarcho-capitalism.



(Yeah, well, "Live free or die", indeed.  Feh.)




From jla1200 at netzero.net  Mon Dec 19 12:44:38 2005
From: jla1200 at netzero.net (John Andrews)
Date: Mon, 19 Dec 2005 12:44:38 -0800
Subject: [conspire] Netzero/Breezy
Message-ID: <001701c604dd$0877f2c0$0ab95545@oemcomputer>

Rick or Daniel
    Daniel or Rick
    Daniel said add  L modem ttyS0 to the file etc/udev/links.conf .I have
not tried this fix yet.
 Is there a /dev/xxx that goes in the second column with that?
    Ls -l modem indicates a link is present in the /dev directory.
The Netzero logon dialog boxes do not contain any way to specify /dev/modem
or dev/ttyS0. Just a radio button to specify a hayes compatible modem.There
is no way to tell NZ that it is an external serial modem .
    I.m having trouble getting a file that Windows 98 can read from
OpenOffice.org. (.odt,.swd,.doc,.txt,.sxw,.sdw.). Otherwise I would send my
terminal output.




From phaedrus at sasquatch-infotech.com  Mon Dec 19 14:10:20 2005
From: phaedrus at sasquatch-infotech.com (Jeff Frasca)
Date: Mon, 19 Dec 2005 14:10:20 -0800
Subject: [conspire] Netzero/Breezy
In-Reply-To: <001701c604dd$0877f2c0$0ab95545@oemcomputer>
References: <001701c604dd$0877f2c0$0ab95545@oemcomputer>
Message-ID: <20051219221020.GA1249@sasquatch-infotech.com>

On Mon, Dec 19, 2005 at 12:44:38PM -0800, John Andrews wrote:
> Rick or Daniel
>     Daniel or Rick
>     Daniel said add  L modem ttyS0 to the file etc/udev/links.conf .I have
> not tried this fix yet.
>  Is there a /dev/xxx that goes in the second column with that?
>     Ls -l modem indicates a link is present in the /dev directory.
> The Netzero logon dialog boxes do not contain any way to specify /dev/modem
> or dev/ttyS0. Just a radio button to specify a hayes compatible modem.There
> is no way to tell NZ that it is an external serial modem .
>     I.m having trouble getting a file that Windows 98 can read from
> OpenOffice.org. (.odt,.swd,.doc,.txt,.sxw,.sdw.). Otherwise I would send my
> terminal output.

Save it as a .txt file and then run these commands on the file
from the command line (I'll assume the file is called "file.txt",
replace as appropriate ;):

$ perl -pe "s/\n/\r\n/" file.txt > file.dos
$ mv file.dos file.txt

This will convert the unix new line characters (what perl thinks '\n'
means) to MS-style new lines, which are really two characters (and
a terrible design), carriage return/newline (the \r\n in the perl 
one-liner).  Old MacOS (version <= 9) used just carriage return for 
their newlines (no worse a choice than the Unix style 
newlines--Microsoft's problem is they used two characters.  It screws 
up the basic programming interface for opening and writing to files).  

If you want to go the opposite direction (windows to Linux), get 
the files on the Linux side and use 

$ perl -pe "s/\r//" file.txt > file.unix
 
for the first statement from above.  

Oh, and usually, text files are the best thing to play with.
Everyone on the list can read, write and mess with them.  They can
be easily added into emails (which should just be text files
themselves), and not all of us have readers for the fancier file
types (for instance, I don't have OO.o installed, and I do not
intend to install it).  

Jeff
-- 



From rick at linuxmafia.com  Tue Dec 20 14:54:53 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 20 Dec 2005 14:54:53 -0800
Subject: [conspire] Netzero/Breezy
In-Reply-To: <001701c604dd$0877f2c0$0ab95545@oemcomputer>
References: <001701c604dd$0877f2c0$0ab95545@oemcomputer>
Message-ID: <20051220225453.GJ7646@linuxmafia.com>

Quoting John Andrews (jla1200 at netzero.net):

>     Daniel or Rick
>     Daniel said add  L modem ttyS0 to the file etc/udev/links.conf .I have
> not tried this fix yet.
>  Is there a /dev/xxx that goes in the second column with that?

As Daniel said, the line for /etc/udev/links.conf (note leading slash,
which is _very important_) should be:

L modem	ttyS0

That's an instruction to the udev subsystem, at boot time, to create
(symbolic) link "modem" pointing to special file "ttyS0" inside the /dev
directory.

Let me give a little background explanation, for the benefit of those
who are curious.  If you're not, you're most welcome to skip whatever
bores you.  ;->

"udev" is a new software subsystem for the Linux kernel, introduced in
the 2.6 series (approximately), for the purpose of managing what's in
the /dev filesystem tree.  Ubuntu/Kubuntu uses it, on account of its
default 2.6.x kernel.

The /dev tree contains funny-looking files (that aren't regular files at
all; hence the term "special file") intended to serve strictly as entry
points to hardware that can then be used for that purpose by the kernel
and all other software.  

For example, serial ports ttyS0 through ttyS4 (aka COM1 through COM5)
are addressed with "major device number" = 4, and "minor device numbers"
= 64 through 68:

:r! ls -l /dev/ttyS*

crw-rw----  1 root dialout 4, 64 2004-09-18 04:52 /dev/ttyS0
crw-rw----  1 root dialout 4, 65 2004-09-18 04:52 /dev/ttyS1
crw-rw----  1 root dialout 4, 66 2004-09-18 04:52 /dev/ttyS2
crw-rw----  1 root dialout 4, 67 2004-09-18 04:52 /dev/ttyS3
crw-rw----  1 root dialout 4, 68 2004-09-18 04:52 /dev/ttyS4
^   ^       ^  ^     ^     ^  ^     ^         ^       ^- filename
|   |       |  |     |     |  |     |         |- last modified time
|   |       |  |     |     |  |     |- last modifed date
|   |       |  |     |     |  |-minor device number
|   |       |  |     |     |-major device number
|   |       |  |     |-owning group
|   |       |  |-owning user
|   |       |-total number of hard links to this file
|   |-rights mask
|-type of file (regular, directory, symlink, character, block, named pipe, socket)

(If those columns don't line up, then you really should stop reading
e-mail / newsgroups in variable-space typefaces.  Use a fixed-space
typeface such as Courier.)

On old-style Unixey systems, /dev's contents are completely static:  It 
gets populated at the time you install your operating system with
special files (block and character device files) corresponding to every 
type of hardware the OS designers anticipate you might ever connect to
your system.  Note:  The existence of a special file doesn't _in any way_
guarantee that the corresponding hardware exists, or that it's enabled
in the motherboard BIOS setup, or that your kernel has a driver for it.

(I mention that matter because it's a frequent stumbling block, during
Linux diagnosis:  "What do you mean, I need to verify that the serial
driver is loaded into my kernel, and that serial support is turned on in
the motherboard setup program?  I've checked that /dev/ttyS0 exists.
Doesn't that means it's supported?")

In roughly the Linux 2.4 series, an optional automated subsystem emerged
for populating /dev with special files for _only_ hardware actually
present and driver-supported on your system, "devfs".  This was used (by
default) by only one mass-market distribution, Mandrakelinux, now known
as Mandriva Linux -- but also Gentoo Linux and the LNX-BBC
micro-distribution.   However, there were some problems and limitations
with it, the most serious of which was its maintainer vanishing for a
couple of years in a row.  As a result, Greg Kroah-Hartman invented
"udev" as a replacement, in May 2003:

http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html

"udev" is still mysterious to most Linux users, even technical ones,
in part because most Linux systems still use 2.4.x kernels.  (For
example, it's _really_ new to me, personally.)  It has several major
advantages over everything that's come before:

o  It finally allows persistent, meaningful device names.
o  It eliminates the need for a static map of device numbers.
o  It emits D-BUS messaging information to tell other software about
   what devices the kernel knows (or has just learned) about.
o  It's commendably tiny, and operates almost entirely outside the kernel.

We old fogies really _should_ by this late date have converted all our
Linux systems over to 2.6.x kernels, read up on udev + hotfix + nameif +
D-BUS, and purged our minds of the dumb assuption of static /dev
contents that are manually edited by the sysadmin.  I haven't, so I'm
behind the curve, and feel bad about this.

Now, John:  Daniel originally created a /dev/modem symbolic link
("symlink") pointing to /dev/ttyS0 on your system for the Netzero
dialer's benefit, but apparently warned you, at the time, that because
udev creates the /dev tree from scratch every time you reboot, his 
manual creation of /dev/modem wasn't going to suffice over the long
term, and you'd have to convince udev to include that symlink in its
boot-up tasklist.  The /etc/udev/links.conf file is one place where a
sysadmin can specify exactly such a tasklist -- both additional special
files to create within /dev and symbolic links to put there.  Another is
/etc/udev/rules.d/10-local.rules , which you could create and add a line
like:

KERNEL="ttyS0", SYMLINK="modem"

>     Ls -l modem indicates a link is present in the /dev directory.

John, it's a little unsetlling to see you type things like "Ls", since
Linux filenames are case-sensitive and the correct command name is "ls".
Seeing that sort of thing -- and, again, I mean no personal criticism -- 
inevitably forces technical observers to wonder how accurately you are
reporting other crucial details.  Bitter experience has taught us that,
when the user isn't reporting details accurately, helpers often end up
wasting their and the user's time going on wild goose-chases.

Would you please get in the habit of double-checking things like the
above, and transcribing them _verbatim_?  You can do this either using
notepaper or copy-and-paste (if possible) or logging commands to file
using /usr/bin/script.  (Typing "script" commences the logging of all
command-lien activity from that point forward into an ASCII text file,
default name "typescript".  Typing "exit" ends logging.)

You can move files between computers using a DOS-formatted floppy:

$ mcopy typescript a:

...or by copying the file onto a USB flash drive.

To illustrate what I suggest, imagine that I wanted to show you what
"/dev/modem" pointed to on my system.  Then, I would do the following
and transcribe or copy it verbatim to this message:

$ ls -l /dev/modem
lrwxrwxrwx    1 root     root            5 Dec 17 07:03 /dev/modem -> ttyS0
$ 

Why don't you do that, as an exercise -- and to better inform us?  Also,
because udev recreates /dev from scratch upon each reboot, please
clarify, if /dev/modem _does_ exist, that you haven't created it
manually since the most recent startup.  Please note that my above
example illustrates my dictum that you should assume our motto is "Show
me" (the state of Missouri's motto):  Instead of _telling_ the mailing
list what /dev/modem points to, I _showed_ it.

(Don't worry if your command prompt is not just "$":  It probably will
be something more complex, such as your username, the hostname, and part
or all of the current directory.  This is normal.  I used "$" just for
simplicity.)

> The Netzero logon dialog boxes do not contain any way to specify /dev/modem
> or dev/ttyS0. Just a radio button to specify a hayes compatible modem.There
> is no way to tell NZ that it is an external serial modem .

OK, so Daniel's surmise that it's hard-coded for something, almost
certainly /dev/modem, is correct.

>     I.m having trouble getting a file that Windows 98 can read from
> OpenOffice.org. (.odt,.swd,.doc,.txt,.sxw,.sdw.). Otherwise I would send my
> terminal output.

Please see my prior e-mail's suggestions:  It's very difficult to help
you when you don't detail what _specifically_ you tried, but only say
you're "having trouble" or that something "doesn't work".

Remember:  If you cannot transcribe your terminal sessions using
software, you can always do it the old-fashioned way with notepaper.




From rick at linuxmafia.com  Tue Dec 20 16:27:36 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 20 Dec 2005 16:27:36 -0800
Subject: [conspire] Netzero/Breezy
In-Reply-To: <20051220225453.GJ7646@linuxmafia.com>
References: <001701c604dd$0877f2c0$0ab95545@oemcomputer>
	<20051220225453.GJ7646@linuxmafia.com>
Message-ID: <20051221002736.GM7646@linuxmafia.com>

Eh, nasty typos.  We hates them, we does.

> We old fogies really _should_ by this late date have converted all our
> Linux systems over to 2.6.x kernels, read up on udev + hotfix + nameif
> + D-BUS...                                             ^^^^^^

"hotplug".

The udev and hotplug subsystems work closely together, in 2.6-based
systems.  That's part of the magic of, say, making sure two USB printers 
can be clearly distinguished no matter in what order you connect them,
and making sure that your digital camera always gets mounted as
/dev/camera, etc.

> ...and purged our minds of the dumb assuption of static /dev
                                         ^^

(Bah.) 
 
> John, it's a little unsetlling...

Not to mention unsettling.
 
> (Typing "script" commences the logging of all command-lien activity 
                                                ^^^^^^^^^^^^^^^^^^^^^

And command-line activity!

I clearly need more coffee.




From rick at linuxmafia.com  Tue Dec 20 22:31:08 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 20 Dec 2005 22:31:08 -0800
Subject: [conspire] NDA Addendum page
Message-ID: <20051221063108.GT9804@linuxmafia.com>

After hearing (in confidence) yet another horror story of an
unreasonable non-disclosure agreement (NDA) suddenly sprung on people
without prior warning, in a situation that didn't even involve a
business relationship, I've drafted this thing:

http://linuxmafia.com/faq/Licensing_and_Law/nda.html

The idea is:  You print out a copy, scrawl at the bottom of the NDA
"Addendum A incorporated by reference" just above where your signature
will go, and hand in the sheet with your signed NDA.  They can of course
tell you it's not OK.  Depending, you might walk -- or discuss which
of your terms aren't OK and why (and why it's OK for _them_ to spring a
surprise legal instrument on you, but turnabout is somehow not fair play).

Like all my other writings in the knowledgebase (except as noted), that
page is freely licensed under Creative Commons's Attribution-ShareAlike
2.5 licence, a permissive copyleft licence.  Please modify to suit.

(You could just line out and ink in a replacement for the sentence in
item #3 where I cite my line of business -- substituting your own -- if
you never otherwise create your own modified version.  Also, of course
you might alter the expiration to match the details of your situation --
but there should _be_ one, anyway!)


Reminder:  NDAs can be _dangerous_ to your independence and livelihood, 
if they don't have a suitably narrow scope and duration.  This crap
about "confidential information" needing to be stifled by force of law
is ridiculous in the computer field, if nowhere else.  Six months is 
about the reasonable maximum life of any secret, there.


(Obligatory note:  Neither this mail nor my Web pages are a substitute
for compentent professional legal help, if you're in a situation that
requires it.  I am not a lawyer.  This is not legal advice.)




From rossbernheim at speakeasy.net  Tue Dec 20 23:02:06 2005
From: rossbernheim at speakeasy.net (Ross Bernheim)
Date: Tue, 20 Dec 2005 23:02:06 -0800
Subject: [conspire] NDA Addendum page
In-Reply-To: <20051221063108.GT9804@linuxmafia.com>
References: <20051221063108.GT9804@linuxmafia.com>
Message-ID: <620A7929-B2E8-4B0C-B17D-B25B7B05B1F7@speakeasy.net>

Rick,

Lovely stuff. A very fitting solution to the problem.

Ross


On Dec 20, 2005, at 10:31 PM, Rick Moen wrote:

> After hearing (in confidence) yet another horror story of an
> unreasonable non-disclosure agreement (NDA) suddenly sprung on people
> without prior warning, in a situation that didn't even involve a
> business relationship, I've drafted this thing:
>
> http://linuxmafia.com/faq/Licensing_and_Law/nda.html
>
> The idea is:  You print out a copy, scrawl at the bottom of the NDA
> "Addendum A incorporated by reference" just above where your signature
> will go, and hand in the sheet with your signed NDA.  They can of  
> course
> tell you it's not OK.  Depending, you might walk -- or discuss which
> of your terms aren't OK and why (and why it's OK for _them_ to  
> spring a
> surprise legal instrument on you, but turnabout is somehow not fair  
> play).
>
> Like all my other writings in the knowledgebase (except as noted),  
> that
> page is freely licensed under Creative Commons's Attribution- 
> ShareAlike
> 2.5 licence, a permissive copyleft licence.  Please modify to suit.




From dmarti at zgp.org  Wed Dec 21 09:26:35 2005
From: dmarti at zgp.org (Don Marti)
Date: Wed, 21 Dec 2005 09:26:35 -0800
Subject: [conspire] NDA Addendum page
In-Reply-To: <20051221063108.GT9804@linuxmafia.com>
References: <20051221063108.GT9804@linuxmafia.com>
Message-ID: <20051221172635.GB27621@zgp.org>

As long as we're on the subject of unreasonable NDAs,
here is another scary one (from a company we all know
and love), along with some informative comments from
a lawyer on the tricky parts.

SCO NDA Offers Little Information, Much Risk
http://www.linuxjournal.com/article/6923

-- 
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org



From daniel at gimpelevich.san-francisco.ca.us  Wed Dec 21 22:08:33 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Wed, 21 Dec 2005 22:08:33 -0800
Subject: [conspire] Darlene's VA Linux 420
References: <mailman.74.1120768377.22385.conspire@linuxmafia.com>
	<pan.2005.07.08.07.49.15.449466@gimpelevich.san-francisco.ca.us>
	<mailman.91.1120935393.22385.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.22.06.08.31.163528@gimpelevich.san-francisco.ca.us>

On Sat, 09 Jul 2005 12:56:03 -0700, Darlene Wallach wrote:

> Daniel Gimpelevich wrote:
>> You know, you could head this issue off at the pass with a newer BIOS. I
>> found the specs for the 420 here:
> 
> Daniel,
> 
> Thank you for responding and sending the links!
> 
> After further research into my system using a script,
> system-info, written by Karsten M. Self,
> <kmself at ix.netcom.com>. My BIOS supports ACPI, I have
> a CA81020A, which is listed as an updated BIOS.
> 
> It is taking me quite some time to go thru menuconfig
> and answer/select the options.
> 
> Darlene

Instructions on BIOS flashing that board are at:

http://developer.intel.com/design/motherbd/standardbios.htm

The BIOS ChangeLog is at:

ftp://aiedownload.intel.com/df-support/3995/ENG/p08-0017.pdf

The BIOS itself (in a standard ZIPfile, despite the .exe) is at:

ftp://aiedownload.intel.com/df-support/3995/ENG/CAAP08BI.exe

The last time you brought the machine to CABAL, it had this problem:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139307

The manual for the 420 is at:

http://web.archive.org/web/20010724022112/valinux.com/products/420/420_Users_Guide.tar.gz?&state_info=.US1P1-59726

Pay special attention to pages 56-59, especially the part about setpci.
You wanted to know how to boot it from SCSI. An educated guess would be
that it has a Symbios 8951U card, but we'll double-check that next time
you bring the machine to CABAL. The manual for that card is at:

http://www.lsilogic.com/files/docs/techdocs/storage_stand_prod/PCISCSICont/HABs/8951u.pdf

If the Ctrl-C hotkey does not work as described there, it may be necessary
to flash the SCSI BIOS. Instructions for doing so are at:

http://www.lsilogic.com/files/support/ssp/sdms/Bios/FLASH.TXT

The SCSI BIOS itself is at:

http://www.lsilogic.com/files/support/ssp/sdms/Bios/lsi_bios.zip


From wallachd at earthlink.net  Thu Dec 22 00:13:45 2005
From: wallachd at earthlink.net (Darlene Wallach)
Date: Thu, 22 Dec 2005 00:13:45 -0800
Subject: [conspire] Darlene's VA Linux 420
In-Reply-To: <pan.2005.12.22.06.08.31.163528@gimpelevich.san-francisco.ca.us>
References: <mailman.74.1120768377.22385.conspire@linuxmafia.com>	<pan.2005.07.08.07.49.15.449466@gimpelevich.san-francisco.ca.us>	<mailman.91.1120935393.22385.conspire@linuxmafia.com>
	<pan.2005.12.22.06.08.31.163528@gimpelevich.san-francisco.ca.us>
Message-ID: <43AA6039.9090006@earthlink.net>

Daniel Gimpelevich wrote:
> On Sat, 09 Jul 2005 12:56:03 -0700, Darlene Wallach wrote:
> 
> 
>>Daniel Gimpelevich wrote:
>>
>>>You know, you could head this issue off at the pass with a newer BIOS. I
>>>found the specs for the 420 here:
>>
>>Daniel,
>>
>>Thank you for responding and sending the links!
>>
>>After further research into my system using a script,
>>system-info, written by Karsten M. Self,
>><kmself at ix.netcom.com>. My BIOS supports ACPI, I have
>>a CA81020A, which is listed as an updated BIOS.
>>
>>It is taking me quite some time to go thru menuconfig
>>and answer/select the options.
>>
>>Darlene
> 
> 
> Instructions on BIOS flashing that board are at:
> 
> http://developer.intel.com/design/motherbd/standardbios.htm
> 
> The BIOS ChangeLog is at:
> 
> ftp://aiedownload.intel.com/df-support/3995/ENG/p08-0017.pdf
> 
> The BIOS itself (in a standard ZIPfile, despite the .exe) is at:
> 
> ftp://aiedownload.intel.com/df-support/3995/ENG/CAAP08BI.exe
> 
> The last time you brought the machine to CABAL, it had this problem:
> 
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139307
> 
> The manual for the 420 is at:
> 
> http://web.archive.org/web/20010724022112/valinux.com/products/420/420_Users_Guide.tar.gz?&state_info=.US1P1-59726
> 
> Pay special attention to pages 56-59, especially the part about setpci.
> You wanted to know how to boot it from SCSI. An educated guess would be
> that it has a Symbios 8951U card, but we'll double-check that next time
> you bring the machine to CABAL. The manual for that card is at:
> 
> http://www.lsilogic.com/files/docs/techdocs/storage_stand_prod/PCISCSICont/HABs/8951u.pdf
> 
> If the Ctrl-C hotkey does not work as described there, it may be necessary
> to flash the SCSI BIOS. Instructions for doing so are at:
> 
> http://www.lsilogic.com/files/support/ssp/sdms/Bios/FLASH.TXT
> 
> The SCSI BIOS itself is at:
> 
> http://www.lsilogic.com/files/support/ssp/sdms/Bios/lsi_bios.zip

Daniel,

Thank you very much! I just read this so I haven't
looked at the links you sent. I really appreciate
the time you spent gathering this info and sending
it!!!

Darlene
-- 
World Centric Fair Trade & Eco Store
http://www.worldcentric.org/store/
We have created and live in a world of gross social
and economic inequalities[1] and are at the same
time severely impacting[2] the natural eco-systems
and regenerating bio-capacity of the planet. Our
every action has an impact on the well-being of our
planet and our everyday decisions[3] can help create
a better world for all. In keeping with this fact
and our vision, the World Centric Fair Trade/Eco
Online Store provides everyday consumption choices,
which can help minimize social & economic
inequalities, reduce the impact of our consumption
on the environment and help create a better and
sustainable world.

[1] http://www.worldcentric.org/stateworld/socialjustice.htm
[2] http://www.worldcentric.org/stateworld/environment.htm
[3] http://www.worldcentric.org/sustain/index.htm



From rick at linuxmafia.com  Thu Dec 22 22:11:32 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 22 Dec 2005 22:11:32 -0800
Subject: [conspire] More on legal follies and software: Barracuda v. merger
Message-ID: <20051223061132.GN9804@linuxmafia.com>

Here's another tale of legal follies using fake names (and, for all you
know, fake facts).  As they might have said on Dragnet, the legal issues
are true; only reality has been changed to protect the innocent.

I always explain that I could cite either names or anedotes but not
both; the anecdotes are more interesting.  However, if these
misadventures aren't exciting enough without public disclosure of real
names, as some have complained, then please feel free to go forth unto
businessland, and generate some calamities of your own.


Louise is an accomplished C developer and sysadmin in Miami, who formed
a team with three other coders (the "Gang of Four") to help out a
rapidly growing, services-rich Internet hosting company, Crunchco, that
they all use -- by rapidly prototyping and coding a much-needed C
codebase, Barracuda, that they intend to make available free of change
to Crunchco, filling a high-visibility hole (as a result of
disappearance of a third-party product) in Crunchco's offerings to
customers.  Harvey, founding CEO at Crunchco, is busy trying to staff up
Crunchco and consolidate its too-scattered and slightly chaotic &
overworked operations, drawing them together to new offices near where
he lives in Minneapolis.  Harvey _especially_ wants to hire Louise, in
part because they're rapidly migrating their servers off HP/UX to
Debian, because they have almost no Debian expertise, and because Louise
is a Debianista.  He makes an oral deal (if a somewhat fuzzy one) to
hire her, and tells her she should immediately wind up her commitments
to existing clients.  She starts turning down new prospects, e.g., a
$10,000 local consulting gig, to keep herself available.

Barracuda gets close to deployment status, and seems likely to be a
valuable property.  The Gang of Four line up plans to form an LLC
(limited liability corporation) to licence out Barracuda as a
proprietary software product, with Crunchco intended as the first
official "Barracuda chum" -- a set of favoured, free-of-charge or
low-cost customers.  Harvey arranges to meet with Louise and the others
at conferences and on business trips; he sets up flying two of them out
to Minneapolis HQ in March.

At the same time, Louise and the others hear of something else,
essentially unrelated, that's approaching at the same time:  Harvey has
been putting together, during those same business trips, a _merger_ deal
with Engulfco, a Java shop of about the same size, in Nashville.
Engulfco has more cash; Louise's estimate is that, in substance, it's
really more an outright acquisition than a merger, but these PR
characterisation games are pretty common.[1]

The merger proceeds:  It's to result in a firm called, in a fit of
delirious optimism, Synergistic Engineering[2], with Engulfco CEO Sally
remaining in the resulting firm's CEO spot, and Harvey moving to VP of
Engineering.  The firm picks up the cost of flying Louise and other new
hires up to Minnesota for a week, to sign them on.  Despite having the
typical Floridian's bad luck walking on frozen sidewalks, Louise enjoys
finally meeting her future co-workers and hobnobbing with Harvey, who
among other things hands her (and one of the other Gang of Four members,
who is likewise to be hired) Cruchco's proprietary inventions agreement
as a necessary initial step for her to get hired.  She signs.

Things seem a little haphazard, but she knows from experience that
there's a lot of chaos and missed cues at startups.  It's nothing
personal; you just deal with it.  Nobody's yet done an offer letter.
She expects a pretty good salary, because she's of proven high value to
Crunchco, but making something happen seems to need a kick.  So, she
sends an e-mail to Ron, her intended future boss, reminding him that
this needs to be taken care of.  Ron seems a bit disoriented by the
question, and kicks it over to Sally.  

Sally replies back saying:  "Hmm, I don't know if we can hire you at
this date.  Maybe in a few months, if we get additional funding, and if
we really need a Barrucuda maintainer on staff, which we're not sure we
will."

Louise is understandably peeved:  She's been made a clear offer of
employment, albeit one with some vagueness, by Harvey, has started
turning down other business based on their request that she do so, and
has shlepped 2000 miles into the northern winter -- only to be told by
some clown in Nashville that it's not happening.  She has to wonder: Is
there a complete breakdown in communication between Harvey and Sally?
Do those Java weenies in Nashville simply not understand, unlike the
better-clued Crunchco crowd, exactly how much the firm needs her
talents?  (It later turned out that the answer was "Yes" to both -- but
that _that_ wasn't the full story, either.)

So, Louise carefully writes a reply outlining the extent of Crunchco 
commitments to her, and the fact that her role is hardly to be confined
to, or even principally concern, Barracuda.  She clarifies that she
can't sit around and wait for job opportunities, and names a date by
which it'd have to occur or be written off -- and mentions that
Barracuda's direction of course remains in the Gang of Four's hands, 
_not_ Engulfco/Synergistic's.

Sally sends IM to Louise asking Louise to call her.

They talk:  Sally claims that Louise has already, inherently, signed
over all her rights to Barracuda, when she signed her Crunchco
proprietary inventions agreement, a couple of days ago, and that
Engulfco/Synergistic now owns it outright, by virtue of owning Crunchco.
Sally says she knows this because of comments by someone at Crunchco
about Barracuda, to the effect that Engulfco would be "buying" Barracuda
as part of the merger deal.  In any event, Synergistic doesn't have the
cash flow for more staff at this time, unless and until Louise can find
and bring in a sufficiently compelling revenue model for Synergistic's
property, Barracuda.

However, this is not Sally's lucky day.  This is one of those rare
occasions when not only is an executive (Sally) reaching beyond her
firm's rights out of ignorance (which is _very_ common), but she also
has the poor fortune to try this on someone who _knows the law_.  Louise
now (very politely) lowers the boom on her.

Sally has made several severe errors:

1.  Crunchco never owned Barracuda's copyright.  There is a bulletproof 
    trail of documentation of the Gang of Four's title.
2.  The proprietary inventions agreement was explicitly incidental
    to employment -- which never happened.  In fact, Louise has never
    received anything that can be pointed to as "valuable consideration"
    as a required element of any contract.
3.  Even if it were valid, that proprietary inventions agreement would
    give Cruchco a claim only to the copyright on _new_ work Louise 
    performed within the scope of her employment, under the 
    Copyright Act's "work for hire" rule.
4.  Actually, come to mention that, Sally has completely misunderstood 
    the "work for hire" rule.[3]
5.  According to the Copyright Act, for the Gang of Four to give over
    their _existing_ title (concerning work to date), all would 
    have had to sign a separate transfer-of-copyright legal paper, 
    which never happened.
6.  Only two of the four were ever even courted as potential employees,
    whereas all four members hold title.
7.  And, by the way, Louise pointed out, somehow Crunchco and Engulfco
    seem to have missed the fact that one of the developers is a _minor_,
    and therefore would be entitled to void most contracts he might sign
    upon reaching adulthood, anyway.
8.  There was considerable paperwork on the record from Harold speaking,
    both as Crunchco CEO and as Synergistic Engineering VP, of her 
    employment as an agreed fact.
9.  The entire series of events, taken as a whole, look difficult to
    distinguish from a fraudulent business scheme to cheat Louise out
    of her copyright title through false and misleading documents, 
    erroneous and possibly illegal claims about ownership, and
    insincere business offers.

During the rest of her day, Sally does the one truly intelligent thing
she's managed during this entire fiasco:  Being a Java weenie, she has
contacts at Sun Microsystems, including the legal experts who helped
establish the OpenSolaris project and its CDDL (open source) licensing.
She calls them:  They tell her she's completely wrong and right on the
brink of big trouble.  

She immediately sets up a conference call with the Gang of Four.  To
Louise's surprise and relief, Sally acts on the basis of the Sun guys'
advice, recognising that Synergistic had _no_ title to Barracuda, and
adding that she regretted her prior errors on that point, which were an
honest mistake.  They close the call with the (genuine) possibility of
future business dealings -- since the Gang still wants Synergistic as
the first "Barracuda chum" -- but, alas, with little likelihood of a job
for Louise.


A few points about that anecdote: 

1.  There's a lot of honest, innocent chaos and fsck-ups inside the
businesses that we imagine to be always running well:  It's seldom
really the SPECTRE/Blofeld model, where some guy with a Persian cat &
monocle knows everything and occasionally hits a button to send some
misbehaving underling to the flames below.  More often, it's more like
Chesterton's "The Man Who Was Thursday", where you have multiple people
going around completely clueless about what each other is doing.  Put
another way, think of most businesses as collections of ganglia:  The
organisation has little in the way of a central nervous system.  When
the company does something unpleasant to you, it's often not only "not
personal", but also largely _inadvertant_.

2.  The reason we're not generally aware of this widespread craziness
and patterns of screw-ups is that, typically, everyone involved is
either an interested party or is under a non-disclosure agreement.
So, all of it goes beneath the radar of the general public.[4]

3.  Though business people often attempt to push others around with
mind-numbing legal instruments and impressive-sounding notions about
rights and responsibilities, most of the time they have no earthly idea
what they're doing.  The fact that they hit you up with a bullshit legal
claim probably doesn't reflect evil, fraudulent intent:  It's more often
simple error and wishful thinking.

4.  At the same time, they get in the _habit_ of that legal gamesmanship
because it works -- against computerists, particularly, who generally
are really easy to snow, and (being introverts and legally naive) slow
to assert their interests.  To quote J.P. Morgan, "The meek shall
inherit the earth, but not the mineral rights."

5.  Business executives, especially those trying to build startups, tend
to hand out wild promises in all directions -- far more than they'd
_ever_ be able to fulfill -- just to keep things rolling.  Although it
should be obvious that the oral ones are flimsy, what may _not_ be so
obvious is that the written ones aren't necessarily much more
trustworthy.

(It's likely that Sally was actually insincere in her claim that she
hadn't known of any plan to put Louise on staff:  That doesn't jibe with
her being put through the new-hire process at the same time as several
other hires.  In fact, likely Sally simply decided Louise's salary as a
veteran developer was too expensive, and unilaterally decided to renege
on Harvey's commitments.)

6.  Certain large business initiatives, including mergers and
acquisitions, develop an inertia all of their own:  If you're perceived
as being in their way (as Louise was), you can find yourself subjected
to some tactics of questionable sanity and legality, because you're seen
as easier to move than is the thing you're blocking.  Crazy talk
directed at you by business people often has a perfectly rational
underlying (financial, legal, regulatory) cause, that might just not be
visible from your perspective.




[1] See also:  Electric Lichen.  (Where are they, now that we need them?)

[2] Conventional wisdom is that mergers and acquisitions in the tech
field are even more risky than elsewhere, because so much of the
acquired firms' value resides in the employees.  Many such purchases
have left the buyer holding an empty bag, when disaffected staff depart
for elsewhere.

[3] "Work for hire" is an exception in the Copyright Act and surrounding
caselaw, to the general rule that, the moment you invent a creative work
"in fixed form", you gain copyright title over it:   17 USC 101 and
201(b) says that, if you are an _employee_ and create something within
the scope of your employment (_or_ if it's a specially ordered or
commissioned work), title goes directly to the funder, not to you,
unless there's an agreement to the contrary.  This was a little vague;
the matter was clarified in 1989 in the Supreme Court case of CCNV v.  Reid
(http://www2.tltc.ttu.edu/Cochran/Cases%20&%20Readings/Copyright-UNT/reid.htm).

The term "employee", here, is not defined in the everyday-English sense,
but rather uses the word's meaning from the area of law called "agency
law".  Whether you're _called_ an employee or not has _zero_ relevance.
Employee vs. not an employee is decided according to three criteria,
forming a picture that a court would evaluate, taken as a whole:

o Control by the employer over the work.  (E.g., does putative employer
  have right to dictate how, where, with what tools the work gets done?)
o Control by employer over the employee.  (E.g., does putative employer
  have right to dictate worker's schedule, assignments, method of
  payment, assignment or non-assignment of assistants?)
o Status and conduct of employer.  (E.g., does employer provide job
  benefits?)

For a "specially ordered or commissioned work" to be work for hire, per
17 USC 101(1), there must be a written agreement to that effect, plus
the work can be only in one of nine specifically listed categories:
motion picture, other audiovisual work, translation, supplementary work,
compilation, instructional text, test, answer for a test, or atlas.

Louise politely pointed out that Crunchco had no claim to her copyright
title under either provision.

[4] Do you think there's a news story, every time a bank uncovers a
multimillion dollar embezzlement?  Not if the bank can help it.  In
fact, the culprits are often in a position to negotiate their keeping
all or part of the theft, when caught -- if the sum is big enough:  
The bank's publicity exposure is worrisome enough that parting with the
money is cheaper.





From rick at linuxmafia.com  Fri Dec 23 11:02:54 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 23 Dec 2005 11:02:54 -0800
Subject: [conspire] More about real-world legal conflict
Message-ID: <20051223190253.GA10505@linuxmafia.com>

[A friend was having me review a draft outline of a piece about 
non-disclosure agreements.  This is an excerpt from some of my comments.]


This is good as far as it goes, but it's a bit more black and white than
I think the world really is.

In fact, spending some time around corporate lawyers caused me to have
an epiphany, one day:  Businesses violate each others' (and
individuals') legal rights all the time -- not because they intend to,
but because it just happens.  A lot of the work of a corporate counsel
involves helping the company pick the lesser evil, apply balm to burned
fingers, and apologise -- and in other cases bully some people;
threaten, buy off, or stonewall/outbluff third parties.

Let me tell you a story:  I was the unofficial software-licensing effort
at a company we'll call Venture Capital Linux, Inc.  VCL published
two variant forms of the Red Hat Linux distribution, including one that
was specialised for NAS clusters.  Like most medium-sized
companies, VCL suffered endemic communications and coordination
screw-ups between groups.  The Engineering department did cooperative
work under NDA with Truth Software of Palo Alto, backup specialists, and 
Network Fiascos of Emeryville, both of which firms provided VCL as
confidential proprietary code some of their enhancements to the
third-party GPLed ndmp network-backup utility -- intending it as
strictly internal experimental code.  But then, the Professional
Services department grabbed that code off the internal CVS, made a
binary i386 RPM, and bundled it into the downloadable NAS distribution 
on the exterior public ftp site.

A few months later, a polite query arrived at VCL Technical Support from
a coder at Mountain View NAS, politely asking to be furnished matching
source for our ndmp code under the provisions of GPLv2.  I asked
Professional Services, whose VP said "Oh shit!" and referred me to
Enginsering.  Engineering's VP said "Oh shit!" and referred me to Jim,
the corporate counsel.  I sent Jim what I had.

By the time I arrived at Jim's office, he already had sussed it all out
and had the matter covered -- but I was curious, and needed to have it
spelled out for me:

Me:  "But aren't we obligated to give the Mountain View guy what he
      asked for?"
Jim:  "Yes."
Me:  "But we're not going to do that?"
Jim:  "No."
Me:  "Isn't that a copyright infringement against the upstream ndmp authors?"
Jim:  "Yes."
Me:  "So, why aren't we going to give him the code?"
Jim:  "Because that would be breach of contract with our business
      partners, Truth Software and Network Fiascos, which would have 
      severe and expensive consequences for us."
Me:  "Oh.  What are we telling the Mountain View guy?"
Jim:  "That the modified ndmp was released by mistake, that it's now been
      withdrawn, and that we regret any inconvenience."
Me:  "What if he sues?"
Jim:  "He can't.  He doesn't have standing."
Me:  "Oh, right.  What if the upstream coders sue?"  
Jim:  "In the first place, not likely, since they aren't even aware of
      this situation, and since they haven't been offended, and since
      the infringement has already been remedied.  In the second place,
      without registering their copyrights with the Library of Congress,
      which they haven't done, they could sue only to enjoin further
      infringement, not for damages -- and there is no more infringement
      at this point.  Even if they had registered, their recoverable 
      damages would be keyed to the extent of their commercial loss, 
      of which they've suffered none at all."
Me:  "So, basically, since we have to choose one tort or another, we pick
     the one that's pretty much harmless."
Jim:  "Right."
Me:  "OK, makes sense.  Do I need to reply to the Mountain View guy?"
Jim:  "No.  Legal is sending out that nice, short letter today.  Leave
      it to us."

The point is that this sort of thing happens all the time.  Firms step
on each others' toes, through screw-ups or because smaller interests and
concerns got in the way of larger ones; the end-result is some sort of
accomodation:  Either someone's merely annoyed but not enough to act, or
that firm gets a favour or payment or apology, or in extreme cases the
firm is annoyed and self-righteous enough to sue for some form of remedy
-- but not very often.  The public isn't aware of 99% of this, because
the parties simply don't publicise it.


_NDAs_ get violated all the time, too.  How many reviews or "previews"
of prerelease software have you read?  Only a tiny fraction of those were 
authorised.  The reviewers didn't get sued, because the firms didn't
think that would work out as to cost/benefit.  And the authors don't
even, realisitically, get blacklisted.  The world just moves on.

Thus, your "Avoid breaching the NDA" would be better if it were qualifed
and put in perspective:  Avoid breaching the NDA, or else what,
_really_?  Are all breaches equal?  What happens if you end up violating
the NDA despite your intention to the contrary, either by accident or
because it was the lesser of two evils?

If someone does sue you for breach of contract (i.e., the NDA), then
what determine whether they're likely to prevail, and what they're
likely to get?




From jla1200 at netzero.net  Fri Dec 23 12:20:35 2005
From: jla1200 at netzero.net (John Andrews)
Date: Fri, 23 Dec 2005 12:20:35 -0800
Subject: [conspire] Netzero/Breezy Badger
Message-ID: <000701c607fe$55fefe20$eab85545@oemcomputer>

Rick or Daniel:
    Here is the output from my terminal. Do you have any suggestions to get
Netzero going. I added L modemttySo like Daniel suggested to
/etc/udev/links.conf.
    The modem link.(ln -s ttyS0 modem) has to recreated each time but still
doesn't solve the problem.

jla at vstrom:~$ Netzero &
bash: Netzero: command not found
[1] 7937
[1]   Exit 127                Netzero
jla at vstrom:~$ cd /dev
jla at vstrom:/dev$ ls -l modem
lrwxrwxrwx  1 root root 5 2005-12-23 11:38 modem -> ttyS0
jla at vstrom:/dev$ cd
jla at vstrom:~$ cd /etc
jla at vstrom:/etc$ cd udev
jla at vstrom:/etc/udev$ cat links.conf
# This file does not exist. Please do not ask the debian maintainer about
it.
# You may use it to do strange and wonderful things, at your risk.

L fd            /proc/self/fd
L stdin         /proc/self/fd/0
L stdout        /proc/self/fd/1
L stderr        /proc/self/fd/2
L core          /proc/kcore
L sndstat       /proc/asound/oss/sndstat
L MAKEDEV       /sbin/MAKEDEV
L modemttyS0

D pts
D shm

# Hic sunt leones.
M ppp           c 108 0
D loop
M loop/0        b 7 0
D net
M net/tun       c 10 200






From daniel at gimpelevich.san-francisco.ca.us  Fri Dec 23 15:40:11 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 23 Dec 2005 15:40:11 -0800
Subject: [conspire] Netzero/Breezy Badger
References: <mailman.192.1135369332.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.23.23.40.05.913719@gimpelevich.san-francisco.ca.us>

The line I suggested adding to /etc/udev/links.conf was
"capital-L-space-m-o-d-e-m-tab-t-t-y-capital-S-zero" to keep the link from
needing to be recreated each time. You seem to have left out the tab.
After you have that line correct, reboot. After the reboot, check to see
whether the link is there. If it isn't, that needs to be fixed some way,
but for the time being, create it yourself. On the other hand, if it is
there, proceed to the next phase of the diagnostic: You had mentioned
earlier that kppp recognizes the modem, which I take to mean it can dial.
Make sure this is still working, first with kppp configured to use
/dev/ttyS0, and then again with it configured to use /dev/modem. If either
of those fails, that needs to be fixed in some way. If they both work,
proceed to the next phase: Open the NetZero icon on your desktop and try
to connect. Write down whatever error message it prints exactly.

PS- One more thing I need to know: In the event that kppp is able to dial
with /dev/modem but NetZero is not, make a note of whether or not kppp
asks you for your password at any given point in time, and let me know.

On Fri, 23 Dec 2005 12:20:35 -0800, John Andrews wrote:

> Rick or Daniel:
>     Here is the output from my terminal. Do you have any suggestions to get
> Netzero going. I added L modemttySo like Daniel suggested to
> /etc/udev/links.conf.
>     The modem link.(ln -s ttyS0 modem) has to recreated each time but still
> doesn't solve the problem.
> 
> jla at vstrom:~$ Netzero &
> bash: Netzero: command not found
> [1] 7937
> [1]   Exit 127                Netzero
> jla at vstrom:~$ cd /dev
> jla at vstrom:/dev$ ls -l modem
> lrwxrwxrwx  1 root root 5 2005-12-23 11:38 modem -> ttyS0
> jla at vstrom:/dev$ cd
> jla at vstrom:~$ cd /etc
> jla at vstrom:/etc$ cd udev
> jla at vstrom:/etc/udev$ cat links.conf
> # This file does not exist. Please do not ask the debian maintainer about
> it.
> # You may use it to do strange and wonderful things, at your risk.
> 
> L fd            /proc/self/fd
> L stdin         /proc/self/fd/0
> L stdout        /proc/self/fd/1
> L stderr        /proc/self/fd/2
> L core          /proc/kcore
> L sndstat       /proc/asound/oss/sndstat
> L MAKEDEV       /sbin/MAKEDEV
> L modemttyS0
> 
> D pts
> D shm
> 
> # Hic sunt leones.
> M ppp           c 108 0
> D loop
> M loop/0        b 7 0
> D net
> M net/tun       c 10 200



From rick at linuxmafia.com  Fri Dec 23 20:21:41 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 23 Dec 2005 20:21:41 -0800
Subject: [conspire] Not that they asked my opinion, but:
Message-ID: <20051224042141.GO9804@linuxmafia.com>

http://linuxmafia.com/faq/Essays/winolj.html


Rick Moen  .   .   .  
INOLJ-OOW2.0C (Is Not On LiveJournal Or Other Web 2.0 Cults)

No, I'm really not interested in your Web-based "social network". And my
data aren't going onto your Web-hosted "service".

I've been spammed by Orkut, LiveJournal, GreatestJournal, Xanga,
LinkedIn, MeetUp, Friendster, ArtBoom, openBC, Bebo, MySpace, hi5.com,
Memetika, Ryze, and Tribe.net  all telling me over and over how they're
going to "build my social network", even though I'm absolutely not
interested. On the app-server side, TextDrive, FilmLoop, Flickr,
del.icio.us, GMail, Basecamp, 43 Things, Socialtext.net, Frappr,
Blinksale, Protopage, Plaxo, Favorville, snapmania, and Fotki all say
they're rapturously eager to do me the great favour of storing my
personal data for me, telling me all about the "convenience" of not
having to do it myself. 

[...]




From daniel at gimpelevich.san-francisco.ca.us  Fri Dec 23 21:29:42 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Fri, 23 Dec 2005 21:29:42 -0800
Subject: [conspire] Analysis of netzero.deb
Message-ID: <pan.2005.12.24.05.29.40.916023@gimpelevich.san-francisco.ca.us>

I decided to take a look at NetZero's website to see their
Lindows/Linspire package myself. They have some instructions on its usage,
and the screenshots clearly show that it is version 6, but on John's
system, I noticed that he had version 5, which is apparently now neither
available nor supported, so I'm guessing that he downloaded it quite some
time ago. Navigating their website did not allow me to download their
Lindows/Linspire software without having a NetZero account, but evidently
if I had that, the website would simply have given me the same download
link I got from the topmost link on Google's first search results page:

http://dl.netzero.net/pub/netzero/linux/lindows/netzero.deb

The package, a 1.7MiB download, installs some files here and there to
support the software it installs into /opt/nzclient. Among these is a
"desktop config file" in root's home directory that would tell GNOME or
KDE what to run if clicked, and what icon to display, among other things.
The file it says to run appeared to be a shell script, but turned out to
be nothing more than a line to pass a specific classpath to Java. Indeed,
it appears NetZero's Linux software is written almost entirely in Java, so
any Linux on any architecture could potentially use it to connect to
NetZero, as long as a Java Runtime Environment is installed. However, the
package does have a file "nzppp" in it, and it's an i386 dynamically
linked executable which is not stripped. A quick look at the file reveals
it to be some kind of modification to the following GPL code:

http://www.ibiblio.org/pub/Linux/system/network/serial/ppp/pppsetup.2.28.tar.gz

Therefore, all it would take to get their software working on a K/X/Ubuntu
or Debian system running on either PowerPC or AMD64 would be a simple GPL
source code request for their modifications to that piece of code, which
can then simply be recompiled. Since that code does not do much, I'm
wondering why they didn't just do what it does using proprietary Java
code, like the rest of the package. A GPL source code request may prompt
them to do just that, which would still accomplish the
NetZero-on-other-architectures feat, by instantly making the package
platform-independent. No reverse engineering necessary either way.

It's no surprise that there are reports that NetZero's software will not
function properly without superuser privileges, but something doesn't feel
right about granting such privileges to a Java Virtual Machine. Still, you
gotta do what you gotta do.


From daniel at gimpelevich.san-francisco.ca.us  Sat Dec 24 22:43:25 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Sat, 24 Dec 2005 22:43:25 -0800
Subject: [conspire] Obscure Way to Drastically Improve User Experience under
	Debian or K/X/Ubuntu (or MEPIS or Knoppix/Kanotix, etc.)
Message-ID: <pan.2005.12.25.06.43.25.248412@gimpelevich.san-francisco.ca.us>

Most RPM-based distros, as well as DEB-based Fink, provide an optional
package, sometimes installed by default, that magically makes tabbing in
the bash shell context-sensitive. For example, without this package, if
you type "cd foo" and press tab when you have a file named foo1 and a
folder named foo2, it will beep and not do anything. A second tab will
show you both foo1 and foo2 as possible choices, because it's too stupid
to know that foo1 is a file, and that cd only operates on folders. If the
package is installed, the tab will choose foo2 for you. In fact, if you
have no other folders, only files, you could just type "cd " and press tab
for it to choose foo2 for you. This doesn't just apply to cd, but to all
sorts of commands, allowing you to type just part of an option or operand.
Where then, does one obtain such a magical package for Debian? The answer
is that under Debian, the stuff in that package is always installed, but
never used unless you deliberately enable it. Whereas under RPM-based
distros, the trick to enable or disable it is the simple installation or
removal of a single package, under Debian, it's buried in a config file.
Open the oddly named file /etc/bash.bashrc in your favorite editor with
superuser privileges, and you will see the last three lines of the file
commented out. Uncomment them and save changes. The next time you start a
shell, tabs will be context-sensitive.


From moseley at hank.org  Sun Dec 25 21:57:35 2005
From: moseley at hank.org (Bill Moseley)
Date: Sun, 25 Dec 2005 21:57:35 -0800
Subject: [conspire] Obscure Way to Drastically Improve User Experience
	under Debian or K/X/Ubuntu (or MEPIS or Knoppix/Kanotix, etc.)
In-Reply-To: <pan.2005.12.25.06.43.25.248412@gimpelevich.san-francisco.ca.us>
References: <pan.2005.12.25.06.43.25.248412@gimpelevich.san-francisco.ca.us>
Message-ID: <20051226055735.GA31243@hank.org>

On Sat, Dec 24, 2005 at 10:43:25PM -0800, Daniel Gimpelevich wrote:
> Open the oddly named file /etc/bash.bashrc in your favorite editor with
> superuser privileges, and you will see the last three lines of the file
> commented out. Uncomment them and save changes. The next time you start a
> shell, tabs will be context-sensitive.

It's also in $HOME/.bashrc

Kind of a mixed blessing in the default setup.  For example, zless
works on plain text files, but with the default completion, tab no
longer gives all files as an option.

-- 
Bill Moseley
moseley at hank.org




From mark.weisler at comcast.net  Tue Dec 27 06:07:04 2005
From: mark.weisler at comcast.net (mark weisler)
Date: Tue, 27 Dec 2005 06:07:04 -0800
Subject: [conspire] Obscure Way to Drastically Improve User Experience
	under Debian or K/X/Ubuntu (or MEPIS or Knoppix/Kanotix, etc.)
In-Reply-To: <pan.2005.12.25.06.43.25.248412@gimpelevich.san-francisco.ca.us>
References: <pan.2005.12.25.06.43.25.248412@gimpelevich.san-francisco.ca.us>
Message-ID: <200512270607.08817.mark.weisler@comcast.net>

On Saturday 24 December 2005 22:43, Daniel Gimpelevich wrote:
> Most RPM-based distros, as well as DEB-based Fink, provide an optional
> package, sometimes installed by default, that magically makes tabbing in
> the bash shell context-sensitive. For example, without this package, if
> you type "cd foo" and press tab when you have a file named foo1 and a
> folder named foo2, it will beep and not do anything. 
snip...
> Uncomment them and save changes. The next time you start a 
> shell, tabs will be context-sensitive.
This useful tip works for me. Thanks for passing it on. Might it be good to 
give this tip wider circulation by, say, offering it to Linux Journal or a 
similar purveyor of tips and tools?

-- 
Mark Weisler
mark.weisler at comcast.net
PGP Key 4096/1024 23FFF8B468E462B6
Key fingerprint = 87D5 A77B FC47 3CC3 DFF0  586D 23FF F8B4 68E4 62B6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20051227/9582d49b/attachment.pgp>

From daniel at gimpelevich.san-francisco.ca.us  Tue Dec 27 08:26:44 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Tue, 27 Dec 2005 08:26:44 -0800
Subject: [conspire] Obscure Way to Drastically Improve User
	Experience	under Debian or K/X/Ubuntu (or MEPIS or
	Knoppix/Kanotix, etc.)
References: <pan.2005.12.25.06.43.25.248412@gimpelevich.san-francisco.ca.us>
	<mailman.206.1135692454.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.27.16.26.43.443181@gimpelevich.san-francisco.ca.us>

On Tue, 27 Dec 2005 06:07:04 -0800, mark weisler wrote:

> On Saturday 24 December 2005 22:43, Daniel Gimpelevich wrote:
>> Most RPM-based distros, as well as DEB-based Fink, provide an optional
>> package, sometimes installed by default, that magically makes tabbing in
>> the bash shell context-sensitive. For example, without this package, if
>> you type "cd foo" and press tab when you have a file named foo1 and a
>> folder named foo2, it will beep and not do anything. 
> snip...
>> Uncomment them and save changes. The next time you start a 
>> shell, tabs will be context-sensitive.
> This useful tip works for me. Thanks for passing it on. Might it be good to 
> give this tip wider circulation by, say, offering it to Linux Journal or a 
> similar purveyor of tips and tools?

This information is only obscure in the sense that it's so non-obvious
where to find it out. It's clearly spelled out in the file
/usr/share/doc/bash/README.bash_completion.gz, and it is not an uncommon
practice to read the /usr/share/doc files specific to Debian for packages
you install. The problem lies in the fact that the package "bash" is
always installed, so this file is not likely to be seen. It never even
occurred to myself to look for such a file there. What I did was search
packages.ubuntu.com for filenames containing "bash_completion" (the name
of the aforementioned RPM package), and this was one of the files that
popped up. As soon as I saw its name and location, I knew it would contain
the information I was seeking. I personally would not consider
LinuxJournal or the like to be a substitute for RTFMing, but if others do,
I wouldn't really care who submits this trivial thing. Also, for the
hardcore command-line fan, this "feature" is a trade-off, as Bill said,
which is why it's disabled by default. An additional annoyance it
introduces is that, with it enabled, usage of the "$_" variable fails at
seemingly random times. While I may consider that a relatively fair price
to pay, I'm sure there are others who would not.


From jla1200 at netzero.net  Wed Dec 28 18:23:16 2005
From: jla1200 at netzero.net (John Andrews)
Date: Wed, 28 Dec 2005 18:23:16 -0800
Subject: [conspire] Breezy/kppp/Netzero
Message-ID: <000101c60c26$a19c3f60$a4b95545@oemcomputer>

Daniel
    I appreciated your analysis of Netzero.deb. I've looked at dozens of
articles and not many have come up with a way to run it on linux. I'm about
to give up on it and try one which is linux friendly called highstream.com.
    I'm trying to establish that my kppp works right. When you are
configuiring it and query the modem while you are in the configuation mode
it responds properly. Even if you switch /dev/modem and /dev/ttyS0 between
two boxes you still get a positive response.However when you start it from a
terminal and then hit the connect button you get this result and kppp
freezes up.Do you have any ideas as to what is causing it to freeze up?
    jla at vstrom  $ kppp    The kppp starts properly at this point. Then when
you try to connect it does this .

opener:    received setsecret
opener:    received setsecret
opener:    received openlock
opener:     received opendevice




From daniel at gimpelevich.san-francisco.ca.us  Thu Dec 29 00:07:28 2005
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Thu, 29 Dec 2005 00:07:28 -0800
Subject: [conspire] Breezy/kppp/Netzero
References: <mailman.213.1135826450.673.conspire@linuxmafia.com>
Message-ID: <pan.2005.12.29.08.07.27.664660@gimpelevich.san-francisco.ca.us>

On Wed, 28 Dec 2005 18:23:16 -0800, John Andrews wrote:

> Daniel
>     I appreciated your analysis of Netzero.deb. I've looked at dozens of
> articles and not many have come up with a way to run it on linux. I'm about
> to give up on it and try one which is linux friendly called highstream.com.

That's always your option, but if you're having problems dealing with
connect issues on one ISP in a Linuxy manner, you're going to have similar
problems dealing with any connect issues that may arise on another ISP,
and I'm not referring to technical problems. In the message immediately
prior to my "Analysis" message, I broke a diagnostic workflow down into
steps, and asked you to report the results of each step. Either I am
having severe trouble recognizing your report back as being the results of
those steps, or you just did your own thing, which may or may not be
equally helpful to me in helping you, as I shall attempt to make sense out
of it below in the context of what you're trying to accomplish.
Furthermore, let it be known that I wanted to see for myself how quickly I
could connect to NetZero under Linux myself, so I booted the Knoppix 4.0.2
CD a few minutes ago, downloaded and installed the NetZero client, and
made sure it would be my only net-connection by turning off Ethernet with:

sudo ifconfig eth0 down

I created the /dev/modem symlink and then started the NetZero client with:

sudo -b /opt/nzclient/runclient.sh

I told it to create a new account, and it successfully dialed the modem
and connected. It told me to wait for the sign-up window to appear, and
Firefox opened a blank window (I already had Konqueror running) and
complained that it wasn't able to reach the URL, without telling me what
the URL was. I told Firefox to go to www.netzero.com, and it instantly
redirected me to www.netzero.net and successfully displayed that page at
dial-up speed. I then tried a non-NetZero URL, and their proxy kicked in,
telling me that I need to be logged in to a NetZero account in order to do
that. So, presumably, I could then use the NetZero website to create an
account while connected to NetZero, and then go back to the other window
that was still waiting for sign-up information, put the new account
information in there, and be off!

>     I'm trying to establish that my kppp works right. When you are

By "works right" I understand you to mean: dials, connects to remote
modem, fails to establish PPP link.

> configuiring it and query the modem while you are in the configuation mode
> it responds properly. Even if you switch /dev/modem and /dev/ttyS0 between
> two boxes you still get a positive response.However when you start it from a

I'm not sure what you mean by switching them "between two boxes" here. Are
you switching between two computers? Are you switching the modem
connection on the back of the computer? What I asked you to do was switch
kppp's connection between /dev/ttyS0 and /dev/modem and see whether it
behaves identically with each, to test the usability of the /dev/modem
symlink, and nothing more.

> terminal and then hit the connect button you get this result and kppp
> freezes up.Do you have any ideas as to what is causing it to freeze up?

I did not ask you to start kppp from the terminal, but I did ask whether
it asks for a password at any time when you start it from the K menu
(sorry if I wasn't specific enough). If it asks for a password, it is
doing so in order to become root. If it normally needs to be root, but you
start it without root privileges by, for example, typing only "kppp" in
the terminal, don't expect it to work properly. On the other hand, if kppp
never asks for a password when started from the K menu, I have no idea
what is causing it to freeze up.

>     jla at vstrom  $ kppp    The kppp starts properly at this point. Then when
> you try to connect it does this .
> 
> opener:    received setsecret
> opener:    received setsecret
> opener:    received openlock
> opener:     received opendevice

Yeah, those are largely irrelevant-to-the-ultimate-goal internal kppp
messages. If kppp is able to dial when started from the K menu and told to
use /dev/modem, the symlink works, and you don't need to have anything
more to do with kppp. On to the NetZero client. Is it now able to dial and
attempt to connect? If not, tell me _exactly_ what it says in the little
window that tells you something is wrong. If, on the other hand, it
successfully dials and then flakes out while trying to establish a
connection to NetZero, THEN THIS PHASE OF THE TEST HAS CONCLUDED WITH A
SUCCESS. Do not interpret failure to establish a connection at this
particular point in the process as a bad thing, because it is known that
the NetZero client cannot function properly without root privileges, and
you have not given it those yet, and should not until everything else is
verified to be as it should be. When you get to that stage, the way I
would recommend for specifically you to accomplish that would be to
right-click on the NetZero icon on your desktop, select Properties, click
on the Application tab, and edit the Command field to begin with "gksudo "
so that it says "gksudo /opt/whatever" there, and click OK. Note that
gksudo is part of Ubuntu, not Kubuntu, but you have them both installed in
a combined system, and I would consider gksudo to be a more
straightforward option in such a case than either kdesu or the Advanced
Options button in that Application tab, which also allows running as a
different user, such as root.


From rick at linuxmafia.com  Thu Dec 29 01:18:29 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 29 Dec 2005 01:18:29 -0800
Subject: [conspire] Breezy/kppp/Netzero
In-Reply-To: <pan.2005.12.29.08.07.27.664660@gimpelevich.san-francisco.ca.us>
References: <mailman.213.1135826450.673.conspire@linuxmafia.com>
	<pan.2005.12.29.08.07.27.664660@gimpelevich.san-francisco.ca.us>
Message-ID: <20051229091828.GM7646@linuxmafia.com>

Just hoping to assist, in case one minor point in Daniel's excellent
analysis & explanation was unclear, I'll step in briefly:

> On to the NetZero client. Is it now able to dial and attempt to
> connect? If not, tell me _exactly_ what it says in the little window
> that tells you something is wrong. If, on the other hand, it
> successfully dials and then flakes out while trying to establish a
> connection to NetZero, THEN THIS PHASE OF THE TEST HAS CONCLUDED WITH
> A SUCCESS. Do not interpret failure to establish a connection at this
> particular point in the process as a bad thing, because it is known
> that the NetZero client cannot function properly without root
> privileges, and you have not given it those yet, and should not until
> everything else is verified to be as it should be. When you get to
> that stage, the way I would recommend for specifically you to
> accomplish that would be to right-click on the NetZero icon on your
> desktop, select Properties, click on the Application tab, and edit the
> Command field to begin with "gksudo " so that it says "gksudo
> /opt/whatever" there, and click OK.

John, the "gksudo" utility is a graphical wrapper around "sudo" (the
Substitute User Do command) that lets you run some specified command as
if you were another user -- such as the root user, which is the user
implied by default unless otherwise specified.  

As Daniel notes, up through the present, he's been attempting to have
you do particular steps with the NetZero binary (and other things) for
_diagnostic purposes_.  He's been wanting you to carry out particular,
exact steps and report back with the exact results.

There actually were good reasons why he's wanted you to do those things,
and you'll get a lot better assistance, in general, if you'll cooperate
with people attempting to assist you rather than ignoring (or at least, 
rather freely reinterpreting) their suggestions and requests.  I mean,
presumably you're asking Linux diagnostic help from people you suspect
are better at that than you, right?  ;->

Any, _after_ you've carried out the other steps Daniel suggested, the 
purpose of editing the NetZero KDE icon's Command properties to prepend
"gksudo " is so that -- as the _last_ step of fixing your setup, the 
NetZero dialer is able to operate with root-user authority even though 
you're otherwise running things as user jla.

-- 
Cheers,                   Now, it's time to hack the real world, and let other
Rick Moen                 people write Web sites about it.
rick at linuxmafia.com                                   -- Donald B. Marti



From rick at linuxmafia.com  Thu Dec 29 17:05:03 2005
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 29 Dec 2005 17:05:03 -0800
Subject: [conspire] Software for making Frappr clones
Message-ID: <20051230010503.GD20384@linuxmafia.com>

(With luck, this mailing list post will show up when people search for
"Frappr clone".  There:  Now, I've said it twice.)

I note the coincidence of these two posts today, one by BayLISA
president Jennifer Davis on BayLISA's main mailing list, the other by me
on Usenet.  (I _do_ support Jennifer's initiatives.  I just favour
open source and no dependencies on proprietary company services.)


  Date: Thu, 29 Dec 2005 14:20:08 -0800 (PST)
  From: Jennifer Davis <sigje at sigje.org>
  To: baylisa at baylisa.org
  Subject: Frappr!

  Borrowing a page from LOPSA, I've created a Frappr group for BayLISA:
  http://www.frappr.com/baylisa

  It would be good to see where people are localized around the Bay area
  so we have a better idea as to where it's good to have meetings/events.
  All it takes is a name and a city to add yourself to the map, so please
  do.

  Thanks!

  Jennifer



  From: Rick Moen <rick at linuxmafia.com>
  Subject: Re: frappr for the freeware community ?
  Newsgroups: alt.comp.freeware
  References: <43a803ed$0$21257$8fcfb975 at news.wanadoo.fr>
  Organization: If you lived here, you'd be $HOME already.

  FTR <news.ftr at free.fr> wrote:
  > One of the last gadgets in the community 'business' is to map the
  > locations of community members. www.frappr.com is one which is nice
  > and simple.

  "Frappr" (from "friend mapper") is an example of "social software"
  developed as a Web application "mashup"[1] using the proprietary Google
  Maps application's public programming interface.

  I'm personally much more curious about free software (aka open source)
  implementations of the same general idea -- so that people can accomplish
  the same goals without becoming dependent on some Web 2.0 company to go
  your computing, hold your data, collect logfiles tracking your
  interests, blitz you with advertising, etc. -- those being the way those
  companies make money.[2]

  Looks like this page has information on open-source geographical
  information services in general:  http://www.opensourcegis.org/
  Included in those listings are MapServer and MapServer Enterprise, two
  open-source _engines_ usable for developing Web-based map applications.

  I'll be curious to see if someone comes out with, e.g., a clone of
  Frappr in Ruby on Rails, preferably without the dependency on Google
  Maps.

  > Wouldn't it be nice to see where all the people of this active list
  > live ? To see how the world is populated by freeware activists (or, at
  > least, sympathisers, and users) ?

  Wouldn't it be even nice if they were to do that using their own
  resources, rather than Frappr's and Google's?  ;->

  [1] http://en.wikipedia.org/wiki/Mashup_(web_application_hybrid)
  [2] http://linuxmafia.com/faq/Essays/winolj.html

  --
  Cheers,                   Now, it's time to hack the real world, and let other
  Rick Moen                 people write Web sites about it.
  rick at linuxmafia.com                                   -- Donald B. Marti




From jla1200 at netzero.net  Sat Dec 31 12:24:41 2005
From: jla1200 at netzero.net (John Andrews)
Date: Sat, 31 Dec 2005 12:24:41 -0800
Subject: [conspire] Netzero/Breezy
Message-ID: <200512311224.41552.>

Daniel & Rick
	FINALLY, FINALLY got Netzero going on Breezy Badger. That gksudo
command did the trick.It runs without any netzero ad bar like it has on 
windoze.I've got lots of things to experiment and study now. Thanks for all 
your help. John



From jla1200 at netzero.net  Sat Dec 31 12:26:54 2005
From: jla1200 at netzero.net (John Andrews)
Date: Sat, 31 Dec 2005 12:26:54 -0800
Subject: [conspire] Netzero/Breezy
Message-ID: <200512311226.54400.>

Daniel & Rick
	FINALLY, FINALLY got Netzero going on Breezy Badger. That gksudo
command did the trick.It runs without any netzero ad bar like it has on 
windoze.I've got lots of things to experiment and study now. Thanks for all 
your help. John