Planet Debian Administration

ajt: How do I make NFSv4 talk Kerberos?

Wed, 23 Jul 2008 21:19:26 +0000

Some time ago I switched to NFSv4 (RFC 3530) at home on my Lenny boxen. Everything seems to work okay, it seems stable enough, in theory it allows you to better take advantage of modern giggabit networking and if you configure the Kerberos bit up it's apparently quite secure - unlike NFSv3 (RFC 1813) and older.

I followed various recipes and set up a Kerberos domain on the NFSv4 server and followed set-up on the client, but so far I've not had any success in getting the client to talk to the server using Kerberos, only plain old security i.e. no security, seems to work.

Does anyone know how to get Kerberos and NFSv4 working on Debian Lenny?

simonw: Into each life a little rain must fall...

Wed, 23 Jul 2008 01:46:01 +0000

Whilst I've been enjoying watching my son grow amazingly fast this summer, others around me have been having an aestivus horribilis.

As such I demand everyone should blog only good news for the rest of the month.

simonw: Megaraid split in Linux - Appraised?

Mon, 21 Jul 2008 18:26:58 +0000

I'm wondering did the kernel folk ever go back and review the split of the Megaraid driver into two? I understand why these kinds of changes sometimes need to happen, but seems to me that it caused a lot of practical issues.

I'm still left with machines where I (allegedly) have to manually patch the kernel sources to get the right Megaraid driver loaded (presumably because no one had a complete list of hardware IDs), and today I was upgrading an ancient system (to make a test server) and I needed to manually recreate the initrd image with the legacy Megaraid driver in (because it was omitted by default, and the root file system was thus not found). This kind of thing scares off administrators, and Google is little help unless you understand the topic as it mostly lists thousands of others having similar issues.

Meanwhile my bitter experiences of Adaptec, and LSI PC Hardware RAID solutions leads me to be jaundiced about hardware RAID on Linux. Sometimes a good UPS software RAID and keeping stupid people away from your hardware is a better solution. Waiting for disks to spin around is a stupid way of committing data to permanent storage, and the sooner something better becomes truly mainstream the better. Flash storage is pretty much there, but I think administrators need to be clear how much they need this. Our servers are almost universally limited by committing writes (except for the big hardware RAID one, where I can't diagnose what is making it slow because the kernel says there is no I/O at all, but I suspect it is Postgres writing too much too often (because I know how the software is written)).

Wise word follow...
http://linux.yyz.us/why-software-raid.html

Utumno: Fun with Intel 4965 wireless + kismet +aircrack-ng

Sun, 20 Jul 2008 09:28:13 +0000

I thought I'd share with you how the latest iwl4965 wireless drivers are doing w/ respect to kismet, monitor mode, packet injection etc.

1) Stock Debian 2.6.25-2-486 kernel, kismet 2008-05-R1 ( from Debian unstable ) , ThinkPad X61 with

utumno# lspci | grep 4965
03:00.0 Network controller: Intel Corporation PRO/Wireless 4965 AG or AGN Network Connection (rev 61)

Results: managed, ad-hoc mode - works, monitor mode - works, kismet is able to see management packets but no data packets. No matter what I do, it will not see clients nor data packets.

Coming out from monitor mode is kinda problematic: I press 'Q' in kismet, then it either segfaults leaving my card in an unknown state ( rmmod iwl4965; modprobe iwl4965 fixes that ) or sometimes exits cleanly but warns me that resetting the card failed. I still have to rmmod+modprobe to use the card in Managed mode.

Packet injection does not work. Trying out the latest compat-wireless-2008-07-19 + packet injection patches ( tutorial: http://aircrack-ng.org/doku.php?id=iwl4965&DokuWiki=b0f74a175e2ec1e58a11d7d3bfdb5650 ) does not work either: such compiled driver does not even work in managed mode, and rmmoding it results in a hard freeze ( there's nothing I can do apart from pushing the reset button )

2) Stock 2.6.26 kernel from kernel.org, latest ( 2008-07-19 ) compat-wireless with packet injection patches for iwl4965 and mac80211 , the same kismet 2008-05-R1 and ThinkPad X61:

Managed, ad-hoc mode fully work. Kismet is now able to see data packets and clients. Exiting it sucks even worse now, though: I press 'Q', it will always hang. The only way to recover is press 'Ctrl-Z' to put it in the background, kill -9 it and rmmod+modprobe the drivers.

Packet injection with AirCrack-ng works, at least the injection test passes. I haven't tried any more sophisticated attacks yet.

Side note: with 2.6.26 also the LED in my laptop (signifying that wireless is being used) started working. So progress in all fronts, except exiting kismet :)

simonw: NoScript, __utmlinker and web analytics

Sat, 19 Jul 2008 23:26:41 +0000

I think NoScript is an excellent Firefox plugin, that makes surfing both faster, and safer. Today I hit my first problem in many months of usage. A website using Google-Analytics "__utmlinker" for navigation.

"__utmlinker" is a method of passing cookie details for Google Analytics old Urchin tracking system from one domain to another. Since I don't trust Google-Analytics (in NoScript at least!) the function isn't available, and the link just didn't work for me. End of sale? In my case I cut and pasted the URL out of the JavaScript and carried on.

The "free" Google-Analytics seems to have dampened down the web analytics market somewhat. Is cross subsidizing your Analytics offering with money from your online advertising, and other services, evil?

In my to-do list is "check out nuconomy.com" who include a server side API in their analytics product. It isn't exactly a complicated API, but it makes so much sense for sites like 350.com at work, where navigation doesn't tie nicely with purchasing, and we want many ways of getting to the same Perl purchasing code, just to put the conversion tracking code on the server, rather than worry too much about how they got there (surely that is what the analytics should tell us - without doing all the hard work ourselves).

It strikes me that Google (Urchin) shouldn't have needed or encouraged folks to put in JavaScript linking, since if they have JavaScript running in source and destination, they can fairly easily figure out if it is the same browser instance. Or they could have done something that degrades more gracefully, but then perhaps they assumed folks would trust them!

Either way, if you are starting to use 3rd party JavaScript in place of HTML anchor tags, perhaps it is time to find a simpler way.

Steve: Javascript tweaks

Fri, 18 Jul 2008 13:18:12 +0000

I've made a few tweaks to the javascript used upon this site:

jQuery

The jQuery javascript library is behind all the functionality of the site.

(By which I mean that all of my custom code has been removed or replaced.)

Tag Completion

Each of the "add tag" sections should now offer tag completion, which is pretty neat.

Comment Entry

The comment, and weblog, entry textareas should now resize automatically as more text is inserted.

Any feedback is most welcome.

I don't love javascript to the extent I'll add it arbitrarily over the site, but there will be a few more enhancements added to the site in the near future - I see no harm in improving the site for those that have javascript enabled.

trollll: Recommendation for a mail log analyzer?

Fri, 18 Jul 2008 05:08:55 +0000

I have webalizer installed, dutifully churning through my apache logs, but nothing for my postfix logs. I've done a bit of searching around, but haven't really turned up much beyond AWStats (not sure I want to go that route just yet) and some rather ancient Perl scripts.

What do you use?

simonw: Today we are all Montenegrins

Fri, 18 Jul 2008 00:19:52 +0000

I weakened and bought my surname in the ".me" domain.

I experienced a brief moment of envy when I saw the domain "bobparsons.me" was in the reserved names list, but then I realized he should have got "parsons.me" since then he could share it with his family and not be stumped for what will go before the "@" ;)

Finally an email address which I SHOULDN'T have to spell out to people.

eddor1614: Debian unstable broken?

Thu, 17 Jul 2008 19:55:53 +0000

hello
after a dist-upgrade my machine does not work well.
the mouse is dead, new USB devices don't work, because the /dev entries doesn't get created.
/dev/null has wrong permissions. Sound modules do not load automatically.
this is very strange.
i'm looking into this.
modprobe psmouse and the mouse is working, but after reboot i have to manually modprobe.

mcortese: Windows: reboot is the cure

Thu, 17 Jul 2008 15:07:59 +0000

A big company is distributing this bulletin to all its employees equipped with Windows PCs:

In order to maintain the reliability and ensure optimum performance of your PC, we will begin reminding you of the importance of "rebooting" your PC.
Rebooting your PC ensures critical security patches, virus protection updates and application upgrades are installed on your PC.
You will be reminded to reboot your PC with pop-up message notifications, to ensure that the latest upgrades are installed on your PC.
The pop-up message notifications will begin in mid-July, 2008 for PCs that have not been rebooted within seven days.

Nothing really new: we already knew that for Windows folks rebooting is the cure to all evils...

eric: Ruby on Rails + Apache (without Mongrel) unstable!

Wed, 16 Jul 2008 19:07:17 +0000

I'm currently evaluating Redmine as a project manager and, to keep my virtual server 'clean', I have chosen the 'rails+apache+mod_fcgi without mongrel' solution.
But the application is very unstable: it returns errors (apache logs says something like 'premature end of script: dispatch.fcgi') frecuently and only returning to the base url (http://test.domain.tld) I can return to the application. So my question is: do you know if it's normal (i don't think so) and do you think installing it using Mongrel (like it's indicated in the vast majority of tutorials) is the solution of this problem.

I ask this because howtos about rails app installation without mongrel are hard to find, and nearly all talks about Mongrel (a Ruby webserver) in combination with apache mod_proxy.

simonw: Absence of ftp.mirror.ac.uk with CPAN

Wed, 16 Jul 2008 17:26:58 +0000

Finally upgrading long forgotten Debian box.

Wanted to find what if any modules were installed using CPAN, and what updates were available. But it seems ftp.mirror.ac.uk went in July 2007 which the box was using, which leads to all the information about where to find CPAN being overwritten with error messages (hmm).

Another symptom (of the same or similar problem) is the lack of any continents when running "o conf init" in CPAN.

Lots of folks said I fixed it manually - and the error does suggest the right approach - but what worked for me...

Fixed by....

wget ftp://ftp.mirrorservice.org/sites/ftp.funet.fi/pub/languages/perl/CPAN/MIRRORED.BY
wget ftp://ftp.mirrorservice.org/sites/ftp.funet.fi/pub/languages/perl/CPAN/modules/02packages.details.txt.gz
wget ftp://ftp.mirrorservice.org/sites/ftp.funet.fi/pub/languages/perl/CPAN/modules/03modlist.data.gz

Now overwrite the same named files under your ".cpan" directory (sources/ and sources/modules), and "gunzip" them over the unpacked copy of same. Run "cpan" use "o conf init" to select a mirror that exists*, and "install Bundle::CPAN" which will drag you into the current millennium at the risk of upgrading some core modules.

Alternatively just brave using "apt-get" and friends to drag such servers into the current era. Unless you are heavy Perl users probably all the Perl most folks need is in Etch in .deb packages by now. I suspect blowing away ".cpan" may work as well.

* I suggest avoiding the Demon mirror (long unmaintained), the anlx mirror (Zozo come back!) and the ftp.mirror.ac.uk mirror (that got you into this mess) maybe try mirrorservice.org.

Nilshar: less with tail

Tue, 15 Jul 2008 16:36:24 +0000

You are using tail -f <file> to monitor a log file ? I was too.
You are using less to read and scroll up/down, search, etc.. a file ? I was too.
Today someone showed me that "less" is able to do tail (maybe most of you know already..).

use your usual :
less <file> to read the file, and if you want to use it as a tail, simply shift+F !
you want to stop the "tail mode" ? ctrl-C and you back to usual less. shift-F again to tail again etc..

Steve: New hardware for this site

Tue, 15 Jul 2008 11:35:21 +0000

This site has been hosted for the past couple of years on a machine donated by Bytemark, and it has been suffering under load.

I've been given replacement hardware which should solve these stability problems, so another big thank-you to Bytemark!

The IP address of the site will have changed too - so here are the details:

Old Site: 89.16.176.176

New Site: 89.16.161.98

I've installed rinetd to forward connections from the old host to the new, and I'll leave that in place until DNS updates.

lee: Blocking backscatter with DNSBLs

Mon, 14 Jul 2008 19:17:31 +0000

If you're being deluged by backscatter email, there is a way to block at least some them with Exim using a DNSBL. However you need to treat these sources differently from normal spam sources.

A database of backscatter IPs is available for use via backscatterer.org but, as it warns, you'll want to use it in "SAFE" mode.

Firstly, if you don't already have one, you'll want to add a local ACL file for the RCPT ACL check. On a split config, add something like the following to /etc/exim4/conf.d/00_local_config .

CHECK_RCPT_LOCAL_ACL_FILE=/etc/exim4/local_acl_check_rcpt

Then edit this file, or your local equivalent, and add the following:

deny senders = :
     dnslists = ips.backscatterer.org
     log_message = $sender_host_address listed at $dnslist_domain
     message = Backscatter: $dnslist_text

The trick here is the senders line contains a single colon, which will match the NULL sender used by the vast majority of bounce sources.

If you want to test it out before activating a deny rule, use a warn rule to begin with:

warn senders = :
     dnslists = ips.backscatterer.org
     log_message = $sender_host_address listed at $dnslist_domain
     message = X-Backscatter: $dnslist_text

Update the config with update-exim4.conf and restart the exim daemon to activate.

Note: mail to postmaster is, by default, not affected by locally applied ACLs on a standard configuration. You'd need to make additional changes if you want to block backscatter sources from mailing postmaster - but this is not advised.

rossen: how to activate bash history timestamps

Mon, 14 Jul 2008 09:27:19 +0000

While re-reading the man page for bash 3.1 (in etch) I discovered that one can have timestamps in the output of "history". Just set the HISTTIMEFORMAT environment variable like so:

HISTTIMEFORMAT='%F %T '
export HISTTIMEFORMAT

...and "history" will give you output like:

536 2008-07-14 10:13:02 echo $HISTTIMEFORMAT
537 2008-07-14 10:13:50 cat /etc/profile.local
538 2008-07-14 10:14:52 history

The .bash_history will contain hash-commented timestamps as seconds since the epoch:

#1216023182
echo $HISTTIMEFORMAT
#1216023230
cat /etc/profile.local
#1216023292
history

simonw: Firefox 3 - sqlite a mistake?

Thu, 10 Jul 2008 12:40:09 +0000

Aside from complaining others complained too much about Firefox 3...

I was somewhat surprised to see that the search plugins in FF3 are now also in a sqlite database (you can use a technology too much - is a database really appropriate here? Write rarely, read often, small XML files?).

Now I need to figure out how to import my Opensearch XML file into Sqlite (or how to host my custom search engine nicely just to import one search engine). Previously I could just copy the XML file into the relevant directory, and restart Firefox.

I need to import this because my home directory is on NFS, and something glitched, and my old profile then found itself incapable of using the disk as a cache (recreating the "Cache" directory didn't help here).

I'm think Firefox's decision to use sqlite was a mistake or possibly just poorly executed, that may have made it impractical in almost all set ups where user home directories are mounted (CIFS or NFS), which is a lot of corporate environments. Certainly they need to think about recovery and locking with sqlite more, blowing away, or manually recovering a profile backup every time something goes wrong is going to be exceedingly tedious - guess I can write a wrapper script for Firefox to do it for me but this isn't the Tao of software route.

I've abandoned trying to persuade it to use a local disk for Cache at the moment - which ought to help performance slightly - although hopefully most of the Cache is in buffer cache most of the time. Possibly local caching here is actually slower than using the local Squid proxy, but in that path through the code it renders the alt text before fetching the graphics (yuk). No doubt some obscure rendering parameter may help here.

Epiphany looks suddenly so attractive, and is so much faster on GNOME.

mcortese: Big question: CFS

Wed, 09 Jul 2008 18:12:00 +0000

I have a couple of those 'Big Questions' I would really like to find the 'Ultimate Answer' to.

One is related to the Completely Fair Scheduler (CFS) that was merged into our beloved kernel not without a great deal of discussion.

Is this innovative scheduler really delivering the higher performance that its author promised? Does it grant a better feeling to a desktop's users? Are a server's requests served in a better way, from a client's perspective?

To put it in simpler words: at the end of the day, is being fair definitely a Good Thing to the final user?

Wayne: Postfix & procmail help

Tue, 08 Jul 2008 16:35:20 +0000

I have a postfix box which I have inherited. It is running disk quota's and the main anti-spam features built into postfix. The trouble I'm having is a lot of the email addresses are now no longer used so any email going into them is accepted by postfix then procmail tries to deliver the mail which fails and is then put back into the postfix queue to be sent back to the original sender.

We are not using mysql so I'm unsure of how to stop postfix accepting the email when the user is over quota, failing that how can I redirect (to dev/null or another address) the over quota message from procmail or postfix?

Once I have a list of the boxes over quota I can check the email addresses to see if they are still active or not.

Wayne

ericrox: nvidia - wtf

Mon, 07 Jul 2008 14:08:51 +0000

So i just got a Tecra A9 and it was working great. I then try to add the nvidia-glx drivers onto it and boom! The system is cooked. Whenever kdm starts up all video dies. Can't switch Ctrl+Alt+F1-F6 anywhere all black screens.

Awesome.

simonw: How to detect broken browser caching behaviour?

Sun, 06 Jul 2008 00:10:04 +0000

Looking at the logs from a load peak on one of our web servers, a single client seems to have requested the same file many times. In one case, for a common graphic it was requested 800+ times in a 2 hour period (I'd have expected once or twice), all HTTP 304 requests. Many other graphics were similarly requested multiple times.

Clearly this browser has no local caching, or has caching disabled. The User-Agent string suggests IE7, and the user otherwise appears to be using the web site as expected.

I doubt this user alone is the cause of the load peak, but it would seem useful to identify and inform this user that his browser settings are suboptimal for both his benefit and ours. The performance of our site must suck, even when everything is working well server side for this user.

I'm sure it isn't hard to invent our own test for this, but it also struck me that we aren't going to be the first people in the world to want this test, but my attempts to search for such a test failed miserably.

Anyone seem this done before?

ajt: Overton Regency Sheep Fair

Sat, 05 Jul 2008 15:46:13 +0000

On Saturday and Sunday 19/20 July my village will be holding it's quadrennial sheep fair. This time it's a Regency theme. I'll be there manning the OBS stall for a few hours. I won't be wearing a fancy Regency costume as I believe as a member of the working class, we always looked scruffy and poor no matter what the era...

The organising committee are doing something really strange though. They are closing the main road for both days of the event which will cause no end of chaos as the village exists because it's at the crossroads of two major historical routes, driving sheep along one of them gives rise to the sheep fair. So given the chaos they will cause you'd think they'd be keen to get as many visitors as possible but in fact they are hardly advertising the event at all, and have even turned down free adverts in the local newspapers... BONKERS!

No matter I'll be there selling my home made rhubarb jam and though Jane Austen may not have been a Linux user, I'll be promoting Debian GNU/Linux some how - I've just got to figure out how!

simonw: Good online voting

Sat, 05 Jul 2008 13:31:38 +0000

Sadly so many web sites are badly designed these days.

I'm sure I've probably made some of those bad sites, so I'm casting no stones.

Just voted for my building society using votebyinternet.com

A service from the Electoral Reform Society company Electoral Reform Services Ltd.

http://www.electoral-reform.org.uk/

It just worked, it wasn't freaked out by my strange browser user agent string, or my use of "NoScript". Okay online voting is probably one of the easier things to do when there are no paranoid folk insisting it be many times more secure than voting in person, but the service worked well. It did insist on JavaScript, I didn't investigate if there was a 'no JavaScript' option.

Now all I need is for the building society to send me the voting material by (encrypted?) email and we can save a whole host of trees.

cloakable: Home SAN?

Fri, 04 Jul 2008 20:01:39 +0000

I'm considering building a home SAN as a more upgradeable replacement for my Debian fileserver. The fileserver will be the SAN head, and I'll be hooking the devices in using AoE on a private switch.

Does anyone think this is a good or a bad idea? Any suggestions? LVM? RAID? Filesystems?

Derevko: Smbind, PHP-based tool for managing DNS zones for

Fri, 04 Jul 2008 17:22:43 +0000

Smbind is a PHP-based tool for managing DNS zones for BIND via the web.

Supports per-user administration of zones, error checking, and a PEAR DB database backend.
This tool will enable you to administer your bind-based DNS server without having to touch your zone files with a text editor, while also providing a redundant backup of the data stored in both a PEAR DB database and in the normal text configuration files.

Since it is web-accessible, those without shell access or command-line skills (or whom are just plain lazy) can enjoy DNS administration from the comfort of a remote browser.

Here some screenshots:

In order to get smbind with apt, you must use my unofficial repository (or use sid/lenny version).

Open your terminal and add my deb repository in your sources.list:

debian:~# vi /etc/apt/sources.list

Add these lines:

deb http://debian.iuculano.it/apt etch main contrib non-free
deb-src http://debian.iuculano.it/apt etch main contrib non-free

and then you can update and install the package:

debian:~# apt-get update && apt-get install smbind

* WHAT TO DO AFTER INSTALLATION:

1. Add the user that runs your web server (default in debian is www-data) to the group that runs the BIND server (default in debian is bind), for example:

usermod -G bind www-data

2. Restart your web server:

/etc/init.d/apache2 restart

3. Include /etc/smbind/smbind.conf in your bind configuration:

echo 'include "/etc/smbind/smbind.conf";' >> /etc/bind/named.conf.local

4. Restart bind
/etc/init.d/bind9 restart

* PASSWORDS:

Once the package is installed, point your browser to http://localhost/smbind/ Smbind will ask you for a user name and password, Login to the web interface with the user 'admin' and password 'admin'. (You should change admin password immediately)

simonw: Microsoft Logic / Google focus

Fri, 04 Jul 2008 14:01:32 +0000

Content-Type: text/plain

Is plain text...

Microsoft sniff it, to see if it isn't. Their logic is that asking everyone who does it wrong to "fix their own servers" is too hard. So they introduce "authoritative=true" option to the Content-Type, thus asking all those who do it right to "fix their own servers".

I so hope it is April the 1st.

In other news Google tells me some web pages we are serving as "Content-Type: text/plain" for free hosting customers contains malicious JavaScript - surely some mistake here.

Whilst Google's attempts to clean up the web are laudable, client security has to be fixed by the software vendors. I think Google would better achieve its goal by detecting browsers with known security issues and recommending/insisting on an upgrade.

http://blogs.msdn.com/ie/archive/2005/02/01/364581.aspx

http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx

I believe there is a registry setting to disable content sniffing in IE, but I would suggest not using IE. Firefox NoScript Add-on is your friend.

alfadir: exim + ldap

Tue, 01 Jul 2008 08:45:38 +0000

I have been working along with my server, and it is running. Lately I have been attacking the only real peice that is missing. Email.

I picked exim4 as it is the standard mail server in debian.

I am running two domains on one server. example.net and example.com

I have created a ldap route (using split configuration)

850_exim4-config_ldap_user
ldap_user:
  debug_print = "R: ldap_user for $local_part@$domain"
  driver = accept
  domains = +local_domains
  local_parts = ${extract {uid}{${lookup ldap {USER_LOOKUP} {$value} fail }}}@$domain
  transport = LOCAL_DELIVERY

But the problem is the $domain ends up beeing debian.example.com for an email to user@example.com. The actual lookup works if the correct domain is supplied.

The paniclog shows the expanded query :

ldaps://ldap.example.com/ou=people,dc=debian,dc=example?uid,uidNumber?sub?(&(mail=user@debian.example.com)(uidNumber=*))

What fails is the dc=debian which is constructed by

dc=${extract{1}{.}{${lc:$domain}}}

It is not possible to set up matching if the local hostname is used. What am I doing wrong ? How can I access the the server part of the incommming email ? Do I have to set up one ldap router per domain ?

The second problem is how to treat SMTP auth. How does that work with virtual servers ? One option is to have the user supply the full mail address as username. I guess apache like dns matching is not possible.. user X loging in to mail.example.net becomes authenticated under X@example.net and user Y loggint into mail.example.com becomes authenticated under Y@example.com.

Thirdly what options and permissions do one has to set to have directories created ?

Want to store all mails to /srv/mail/$domain/$local_parts/Maildir and have created /srv/mail with owner Debian-exim.

MAILDIR_HOME_MAILDIR_LOCATION = /srv/mail/${lc:$domain}/${lc:$local_part}/Maildir
MAILDIR_HOME_CREATE_DIRECTORY = true
MAILDIR_HOME_CREATE_FILE = anywhere

are set but I get :

(13): Permission denied: stat(
) error for /srv/mail/example.com/user/Maildir: Permission denied

(strangly gives the ${lc:$domain} here example.com and not debian.example.com.

Otherwise I am working on a write up of all my experiences with other programs on the server. Everything else is nicely controlled by LDAP. I will publish it once I have a propper draft.

Arthur: <rant>Less than optimally competent ISPs...

Sun, 29 Jun 2008 02:55:38 +0000

... annoy me to no end. I'm sure I'm not the only one in this fine company who's been annoyed by an incompetent ISP.

The ISP in question provides ZyXEL ADSL modems to their hapless users, a brand of which I've heard nothing good but with which I had no previous experience. The first one puked a few months in, the replacement unit started dropping connections within a week. As time went on, the frequency of failure increased, and it reached the point at which a power cycle reboot was required to recover. A dozen or more times per day. So, I went out and bought my own ADSL modem at a retail outlet, and when it stayed online and fine for a solid ten days I brought my complaint to the ISP. An excerpt of their response:

We would like to examine the old modem and run some tests with it to see if the modem exhibits similar problems at our site. If we determine that the modem is not the problem, we will want to look into possible phone wiriing issues.
The symptoms that both modems models exhibit do reflect the possibility of line condition issue. If the house wiring is at the root of this issue, [telco] does offer installations of whole house filtering solutions. The price is variable, and dependant on how much labor it takes.

Yeah... right... it's 'at dad-burned pesky ole house wahrin. If'n 'at new one I bot were atchully workin' as good as I think it is, day woon'ta offered me a whole house filterin' slooshun.

</rant>

simonw: Firefox 3 (and Iceweasel) extensions

Tue, 24 Jun 2008 21:10:48 +0000

There is a lot of griping about Firefox 3 and extensions around.

In most cases you can uninstall the old extension, and install the new version using the new and improved "Add-ons" manager under the "Tools" menu.

Mozilla did manage the migration of add-ons, and they did ensure most add-ons that folks use work with Firefox 3. They just didn't shout it loud enough.

I suspect the problems are largely a result of improved security handling of extension retrieval (people need to stop installing software from random websites, and that applies to browser plug-ins as well as anything else - even if the website is trustworthy now next week when it is bought up by the domain drop catchers the story may be different); but whatever the cause the message clearly didn't get out about what to do.

e5z8652: winbind, could not receive trustdoms, and avahi

Tue, 24 Jun 2008 05:57:04 +0000

Recently had an issue where Samba was malfunctioning, specifically winbind. wbinfo -u and wbinfo -g failed, and log.winbindd had "Could not receive trustdoms" errors when winbindd was started.

This entry has been truncated read the full entry.