Orb Home Site Map Current Week Daynotes Gang |
Orb Designs Grafitti
|
Email Brian Bilbrey Brian's GPG key |
Orb Grafitti is sometimes a conversation, sometimes a soapbox. I use Linux most often, and I write about that and related software frequently. I also have a day job working as a dogsbody for a small manufacturing firm here in the SF Bay Area. Also, Tom Syroid and I recently co-authored Caldera OpenLinux Secrets, unfortunately cancelled by the folks at $LARGE_PUBLISHER. I'm glad you've come to visit, and always happy to hear from you.
EMAIL - I publish email sometimes. If you send me an email and you want privacy or anonymity, please say so, I'll pay attention to your wishes.
Well, good morning. After all was said and done, all that got done this weekend was the patio farm. I suppose that's alright, though I had hopes for so very much more. But like I said at the beginning, "Can I please have a nine-day weekend?" Mmmm. The good news is that if everything takes off properly, this'll be one lush porch this summer. Pretty and edible!
Two items of interest. First, don't forget to check out the recently updated CV. Then we have some mail from Steve in Colorado. I like Colorado, I'd live there if the work would take us there, 'cause it's gorgeous country, decent weather, and non-hideous housing costs. Steve is looking for help with RPM 4.0. I have some thoughts, but they need prompting by coffee, which I haven't had, yet. I figured to post this here, and let Steve (and I, if you please) know your thoughts.
From: "Steve Swickard" <[email protected]>
Subject: rpm error messages
Date: Sun, 11 Mar 2001 23:43:52 -0700
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
Hi and good day Brian,
I was hoping you could enlighten me on a problem that I have run into on
my Linux server which is running Mandrake 7.0. I have recently downloaded
several rpm's in an effort to upgrade some of the services and totally new
programs.
My habit is to just use the rpm from the command line via secure shell
from my other computer. This has worked out pretty good. My current version
of the rpm program is 3.03. Today I installed a few small utilities which
didn't give me any problems. Then later I started getting the following
error message when I tried to issue the rpm command.
" only packages with major numbers <= 3 are supported by this
version of RPM
error rpm-4.0-20mdk.i586.rpm cannot be installed"
As you can see I went to the Mandrake RPMS/COOKER site and downloaded
the latest version of rpm thinking that I needed a newer version to install
these programs. Ah now for the fun part. I can't even install the newer rpm
package. Not sure what this error message means
Any thoughts, or help would be greatly appreciated when you have the
time of course. Thanks for a great and informative/generally entertaining ;)
web site. Take care
Later
Steve Swickard
(in Colorado, god's country)
The thoughts I am having revolve around having to force the installation of RPM 4, then rebuild the RPM database. Of course, dance and sacrifice may also be involved in this procedure, along with the phase of the moon. Those of you who don't know Linux may wonder why things are so difficult? Well, imagine upgrading just some (not all) of the programs in your C:\Windows\System32 directory, and making it work. That's the equivalent, and sometimes there's reason to, under Linux.
More later, when I figure out what my day and week are going to look like. Hasta.
First off, for Steve, the best advice I could come across is to build and install RPM v3.0.6 from sources. It talks both the RPM 3 and RPM 4 package formats, I understand, while continuing to use the RPM 3 database format. The transition from v3.x to v4.x is, I am led to believe, exceedingly tricky. But then, this is a major number revision, which are implicitly understood to be capable of breaking backward compatibility.
Good evening. Some interesting developments on a variety of fronts. Unfortunately, an after-lunch attack of CRS prevents me from even remembering some of them. I had leftovers from the marvelous veal and pasta dish that Marcia built last night, and it sucked all the blood out of my brain, leaving me too comatose even to take a nap. Mmmm. Anyway, the week's project is to learn something about TCL/TK. We'll see where I can take it commercially.
Hey, over at Fry's, the first stop on the documentation foraging tour this afternoon, I note that Linux has more shelf-feet than Windows does. The aisles full of applications are all for either Win or Mac, but still, it's interesting methinks. Oh, and in case you're wondering, there's another Linux rant brewing and boiling under this surface. I am liable to hold it in for a bit. It needs some fermentation and a little more body.
Finally for this evening, I have my most recent Gnu Privacy Guard public key available. You'll remember that I backed away from PGP when a "vulnerability" regarding the potential unrevealed extra signing and/or decryption keys was discovered a while ago. Add that ascii-armored key to your ring if you want to send me material without intervening eyes or modification. Thanks!
Now to work on the new project with me, at least for a little while! TTFN.
Top / Site Map / Orb Home / Email to Bilbrey
Howdy. Still sleepy this morning. Mmmmm. Monday's never really have been my strong suit, and I can usually tell that this remains the case - Yup. Oh, I did a little more shopping at Fatbrain late last night, and I've already received notice that my order's shipped. I should have it tomorrow. Good quality service.
That reminds me that I need to follow up on the order for replacement stylii for Galileo the Agenda VR3. Oh, did I mention that? While on the plane ride home from San Diego, Galileo dropped out of my lap onto the floor. The stylus came free of it's silo, and went on to stylus heaven, or potentially on to the recent addition to the home for retired, lost and runaway ballpoint pens. So I ordered a half dozen replacements from Agenda Computing last week. They should be here shortly. In the interim, I've been using a Palm M100 stylus borrowed from Marcia.
>Trust Jan to start in on me about that CV...
From: Jan Swijsen X-Mailer: Mozilla 4.6 [en-gb] (Win95; I) Subject: resume <quote> A-Squared Electronics, San Jose, CA, 11/1990 to 09/1997. Positions: Shop Manager, Training Coordinator I was responsible for oversight of production personnel, training and quality control. Performed production, scheduling, sales and customer service duties. </quote> There is either an oversight or pun-intended in that resume. Oxford dictionary : oversight n. 1 failure to do or notice something. 2 inadvertent mistake. 3 supervision. I think you mean the third. But I could be mistaken<quote> I had leftovers from the marvelous veal and pasta dish that Marcia built last night, and it sucked all the blood out of my brain, leaving me too comatose even to take a nap. Mmmm. Anyway, the week's project is to learn something about TCL/TK. <quote> Maybe you should do better to learn something about the Veal/Pasta combination. -- Svenson. Mail at home : [email protected]
[snipped] > 3 supervision. > > I think you mean the third. But I could be mistakenI hope that everyone else makes the same assumption as you, I think... [snipped] > Maybe you should do better to learn something about the Veal/Pasta > combination. I did, I ate it! Learning through absorbtion, a favorite method on my planet^H^H^H^H^H^H Earth.
And with that, I'd best prepare to hit the road, Marcia's got an early conference call this morning, so we need to be off. I am hoping that we have the truck back by, oh, say, Easter? I didn't know that was what we were giving up for Lent!!! TTFN.
18:38 - Good evening. Still a little sun on the trees, and here we are, just about two and one half weeks from Daylight Ripoff time. First, a little more mail out of Colorado...
Re: rpm error messages From: "Steve Swickard" Hi Brian, Thanks for your replies. I appreciate your taking time to help me out once again. I have been thinking of upgrading to 7.2 but have put it off. Right now my uptime is 131 days and the only reason it is not higher is that I made a lot of configuration changes and wasn't sure if I could make all of the different services stop/start etc... so I did it the easy way I just did a reboot......okay not suppose to do that with a nix OS so I also cheated............;) I guess we do what we have to do. If only I could get at the doc's inside the 4.x rpm package to see what they say. This all started when I downloaded a series of programs. some of the older ones installed without any hitches. Then I tried Bastille and it was a no-go and as I tried some of the other packages I started running into that error message which I had never seen before. That was when I decided to just upgrade to the 4.x version of rpm but nooooooooooooo....... Hey if they upgrade the installer shouldn't it at least be upgradeable by the old rpm manager?? Okay I am asking a little to much. I don't mind so much that I have to go in and play with it so much but the fact that I don't know enough yet. If I do in fact upgrade do you think that it will maintain my present configurations and such in other words if I put in 7.2 or 8.x and do just and upgrade instead of a clean install (like I would definitely do for windows) would I be okay do you think? I have done very little compiling from source although I did manage to luck out with SSH2 client and server they worked out the door (with help from a book from Osborne by Steve Shah,, Linux Administration a Beginner's Guide..excellent book for beginners along with the O'Reilly books) so I would be willing to give it a try and besides I need the experience. Brian you are always welcome out here in Colorado....although we will not be planting any veggies for a while here :) Your porch garden last year look very good Thanks for the help and your time. Take care Steve
I've never had much luck with "upgrading" except for the one or 5 packages at a time type. Certainly I've had no joy with full distro upgrades. If you've got /usr/local and /home on separate partitions, then I'd suggest you backup your /etc to one of those (and then back those up off machine if possible), then install a newer distribution. If you want Mandrake, then 7.2 is pretty stable. If you want to step up further, then wait for 8.0 to formally release. There are some hitches in the Beta, though they can be gotten around. There are enough differences that you'll then want to manually implement your configurations from your old system into the new. For instance, starting with MDK 7.2 (I think), inetd is replaced by xinetd, which uses a different set of files and a new daemon to provide service wrappers. There are lots of changes afoot, and you'd be served well to do a fresh install. For all of your handbuilt stuff in /usr/local, make clean, ./configure, make, make install, especially if you transition to 8.0, since it incorporates glibc2.2.
And now, for something completely different, let's look at chkconfig. There've been a few questions about how to secure a box that's Red Hat or a derivative thereof. The GUI way is called linuxconf, which is alright, but I always wonder what's going on behind the scenes... Well, OK, mostly I know, but once upon I didn't, and I was uncomfortable with running linuxconf without knowing what files were being changed. To talk about chkconfig, the CLI service configuration tool, we'll have to back up and look at some files and organizational bits...
Fundamentally, services are run through a series of startup scripts. These are found in a directory, usually either /etc/init.d or /etc/rc.d/init.d. These scripts are written to a common template, and mostly provide the ability to stop, start and restart a system service, optionally including such features as reload config and/or status and more. When the Linux system boots to a specific runlevel, be it 2, 3, 5 or whatever, the appropriate startup scripts are referenced in another runlevel specific directory, variously called something like /etc/rc.d/rc5.d (to use the MDK/RH GUI boot runlevel for example). Within the rc5.d directory, we find a directory listing that looks like this:
[root@grinch rc5.d]# ls K10xntpd@ K45named@ S10network@ S26apmd@ S72amd@ S98portsentry@ K20nfs@ K50snmpd@ S11portmap@ S35identd@ S75keytable@ S99local@ K20rstatd@ K55routed@ S11usbd@ S40atd@ S80postfix@ K20rusersd@ K75gated@ S12syslog@ S40crond@ S89drakfont@ K25squid@ S05kudzu@ S18autofs@ S55sshd@ S90xfs@ K35smb@ S09sound@ S20random@ S56xinetd@ S95anacron@ K45arpwatch@ S09usb@ S25netfs@ S60cups@ S95kheader@\ [root@grinch rc5.d]# ls -al S10network lrwxrwxrwx 1 root root 17 Mar 8 19:32 S10network -> ../init.d/network*
Each of these files are symbolic links to the script in ../init.d that actually does the work. The script parses from the calling command line the name by which it was called, and takes the appropriate action. Thus K10xntpd when called stops the xntpd daemon. Alternatively, S11usbd when called is the same as calling /etc/init.d/usbd start. Turns out that there are a few tricks to starting these things up right. There's a certain order that makes sense. That's why, among the S*** scripts, you see kudzu startup early. That's the hardware detection beast, something you want running soon after boot. But you don't want to startup your mailserver (postfix) before your network's up (network). How are you supposed to know what to do when you want to change what starts and what stops at each runlevel entry point? Enter stageleft, chkconfig.
CHKCONFIG(8) CHKCONFIG(8) NAME chkconfig - updates and queries runlevel information for system services SYNOPSIS chkconfig --list [name] chkconfig --add name chkconfig --del name chkconfig [--level levels] namechkconfig [--level levels] name DESCRIPTION chkconfig provides a simple command-line tool for maintaining the /etc/rc[0-6].d directory hierarchy by relieving system administra� tors of the task of directly manipulating the numerous symbolic links in those directories. ...
So, for instance, a small excerpt of the chkconfig listing for this recent Mandrake 8.0 Beta install looks something like this...
[root@grinch rc5.d]# chkconfig --list crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:off 4:off 5:off 6:off sound 0:off 1:off 2:on 3:on 4:on 5:on 6:off usb 0:off 1:off 2:on 3:on 4:on 5:on 6:off keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off oki4daemon 0:off 1:off 2:off 3:off 4:off 5:off 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:offh httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:offl ... xinetd based services: chargen: off chargen-udp: off daytime: off daytime-udp: off echo: off echo-udp: off time: off time-udp: off linuxconf-web: off wu-ftpd: off rsync: off cups-lpd: off swat: off cvs: off telnet: off imap: off imaps: off ipop2: off ipop3: off pop3s: off comsat: off ntalk: off talk: off finger: off tftp: off
Please note that this is not a listing of active, running services. There are many ways to start a service, not least of which is manually, from the command line, or in rc.local, or .... Instead, this is a list of those services that are correctly configured, started and stopped appropriately as a linux system starts in a new runlevel. (NOTE: To learn how to change your current runlevel, type man telinit). So changing the startup status of a system service is simple... here we show how to enable httpd (the Apache webserver) for runlevels 3 and 5:
[root@grinch rc5.d]# chkconfig --level 35 httpd on [root@grinch rc5.d]# chkconfig --list httpd httpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
Observe the change in startup status in runlevels 3 and 5 from the prior listing, showing that chkconfig has done it's job. If we look in the /etc/rc5.d and rc3.d directories, we'll see a correctly configured script link in each: S85httpd. Now, how does chkconfig know what order to place these startup links - what determines the Snn number?
[root@grinch init.d]# cat httpd #!/bin/sh # # Startup script for the Apache Web Server # # chkconfig: 345 85 15 # description: Apache is a World Wide Web server. It is used to serve \ # HTML files and CGI. # processname: httpd # pidfile: /var/run/httpd.pid # config: /etc/httpd/conf/httpd.conf # Source function library. . /etc/rc.d/init.d/functions # [ *** balance of script removed by Bilbrey ***]
Since this isn't a tutorial on how to write startup scripts, I'll stop right after the opening comments. Have a look at the startup scripts on your own system, and puzzle out what's going on. It's both more and less interesting than it sounds. But if you want to run linux and services and administer your own box, I recommend the exercise...
Oh, right, chkconfig. You'll note that there's a comment line that reads chkconfig: 345 85 15. When chkconfig examines the scripts in /etc/init.d, finding a comment like that tells it that the script is something it can administer, that it should start in runlevels 3, 4 and 5 for a default system configuration, it's order in the start links (Snn) is 85 (it starts fairly late in the process) and it's Knn order is 15 (it is stopped early in the shutdown process, both of which make sense. Now, let me go back and change that back, since I am not serving webs from my workstation (anymore).
[root@grinch init.d]# chkconfig httpd off [root@grinch init.d]# chkconfig --list httpd httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
There, that's better. You observe that since I didn't care to specify which levels I wanted to shut off (I just indiscriminately wanted everything off as far as httpd was concerned), I simply turned it off. Works like a charm. Ooops. It's supper time. See you tomorrow!!!
Top / Site Map / Orb Home / Email to Bilbrey
Good morning. I made for this morning's brevity in advance. Last night I posted mail from Steve about upgrading a Linux box, and a bit about chkconfig, the CLI tool for controlling services by runlevel under Red Hat Linux and derivatives, including Mandrake. Handy stuff to know, if you want to be able to shut off services, and lock down your box. Tonight I'll finish the topic out by listing those services you must and should keep running (yes, you can break your box by shutting things off ... not permanently, but it's more fun to learn without having boot failures).
That said, I want to get an early start, as I have to head up to Redwood City to pick up some circuit boards that prototype some new circuits that Jack's come up with for Category 5E patch modules. I designed them while they were at NSCA in Florida, and I want to pick the boards up today, and preload components on a couple so that Jack and I can start testing tomorrow when he's back in the office.
Have a lovely day, back atcha later on. TTFN!
Sorry. Been a long and exciting day, in a number of ways. I've signed a contract to do another tutorial for IBM DeveloperWorks, which is both fun and cool. I'll start work once I receive a copy of the contract back with the appropriate Hancock's on it from the good folk at Studio B.
Additionally, I found today that a new body at Toyota Sunnyvale is just what the doctor ordered. You see, the truck's been in Durance Vile for over four weeks now, and I called to find that the Customer Disservice guy that had been NOT helping much was not even working there anymore. Aaaaeerrrggh!!!! Not starting from scratch???? No, calm, it's OK. Now I've got a Duane on my side, and he got things straight with the Warranty company, got a short block on it's way, and believes we'll be picking up the truck on Friday. HooooRAH! If this comes through, Duane gets three gold stars, and an extra graham cracker before naptime.
Also today I took a brief side trip from my run onto the Peninsula. When I went to Bay Area Circuits (excellent service, highly recommended) to pick up the prototype PC boards this morning, I realized I was close to an old friend. Well, not old, but I've known her for a long, long time. We worked together back in the day, at Nellcor, when she was employee 23 and I was employee 29, or something like that. I haven't seen her in about 3 years, which is far too long, since we're so geographically non-challenged. But days and months slip past without anyone noticing. Mmmm. Anyway, I dropped in the door, we got about 15 minutes of yammer in before duty called, and a commitment to have lunch together at Pete's Harbor before they bulldoze the joint to put up condos. Feh. Great burgers up on the sun deck overlooking the marina, and they want to put up condos???? Double-Feh!
We'll return to our regularly scheduled programming: securing a RH or derivative box, tomorrow evening. It's been an eventful day, and I still have work to do! Hasta.
Top / Site Map / Orb Home / Email to Bilbrey
Good morning. The professional weather liar says it's supposed to be cooling down. Mmm. We've been spoiled by proper California springtime the last few days. A little fog in the morning, clearing off the coast, sunny and low to mid 70's by afternoon. Bloody marvelous if you ask me, but then I like being spoiled.
I was noting to Tom last night that this was a bittersweet finding: even though it got cancelled, at least I've got my name on Amazon, at least for a little while.
Running out of time again, as I try to keep up with a heavy load of morning mail. Check last night's post for the good news from yesterday, and look for me to continue on the securing a box theme tonight. Have a great day in the interim.
19:03 - Evenin'. Not much more to report. The truck engine is still "on it's way", so it's likely to push out into next Monday or Tuesday before the Blazer's ours again. Ah, well. One can only be accepting of those things fully out of our control. Of course, when it comes back into our control, we'll work at trading that lemon in on something new so fast your eyeballs are still gonna be spinning next year. Heh.
Here's a web find for the Stupid File, brought to us courtesy of Slashdot:
Computer system maker NCR Corp. sued Palm Inc. and Handspring Inc., alleging their hand-held computers infringed on two NCR-owned core patents. In papers filed on Wednesday in U.S. District Court in Delaware, NCR said, ``Palm and Handspring knew about the NCR patents, (but) chose not to seek licenses from NCR.'' The technology allows retail and consumer users access to and the ability to manage ``substantial'' amounts of information.
Just another attempt to use a cash-draining legal department as a profit center. Did NCR have it's head stuck up it's butt for all of the intervening time between the introduction of the Palm and today??? Here's the rest of the linked story, on Yahoo. Bloody marvelous ... NOT!
Now for some mail on distributions...
Subject: Your Recommendation Date: Wed, 14 Mar 2001 19:47:34 -0500 From: "John Lowell" Hi Brian, I've seen your posts at Robert Thompson's site concerning Linux. I'm building a new system at the moment and plan to devote one hard drive to experimentation and that, almost certainly, with Linux. Which of the distributions would you recommend for a beginner like me? Best regards. John Lowell
Hi, John -
NP. I am inordinately fond of Mandrake, which is currently at a
stable release level of 7.2. That's a good solid distribution,
though I can't speak directly to the beginner's path through the
installer, I always take the expert mode, so I can watch, listen and
learn from the defaults that are chosen by the installer.
Another good distro, though one I don't have personal experience
with, is SuSE 7.1. Tom Syroid says that with just a few hints, his
fairly non-technical wife could set up a functioning Linux
workstation on a network using SuSE.
Most of the recent releases by other publishers are also fairly
reasonable. Personally, I didn't think much of Corel, and the Debian
and Slackware distributions, while powerful and extraordinarily
stable, are not for beginners nor the faint of heart.
Best estimate: you probably can't go wrong choosing between
Mandrake, SuSE and Red Hat (though I haven't used the latter in a
few cycles).
Warmest regards,
.brian
--
Brian Bilbrey :: [email protected] :: www.orbdesigns.com
"In times of great joy, it is a comfort to know
that tragedy is just around the corner." - An Irish proverb
Subject: Your Recommendation Date: Thu, Mar 15, 2001 01:11:47AM -0500 From: "John Lowell" Hi Brian, How would it be possible for me to begin without expressing my utter approval of your taste in Irish proverbs. :-) Just a quick follow-up question if you will permit. I'd noticed an article earlier in the week which pointed up with real concern SuSE's recent dissolution of their United States facilities. Since you've proposed SuSE as one of three good launching pads, how important might something like this be to a beginner? Might these developments strengthen the argument for Red Hat or Mandrake ? I sincerely appreciate having benefit of your experience with Linux, Brian. Very best wishes to you. John Lowell
Nah. SuSE is *strong* in Europe, and they were dumping their US offices because they weren't making a buck selling Linux per se (well, who is???), and they were being locked out of the service game partnerships by the big three in that market, Red Hat, Caldera and TurboLinux. TurboLinux has merged, Caldera's distribution is quite long in the tooth. http://www.mailordercentral.com/lsl/prodinfo.asp?number=L000-010 Check that one out. Now I mostly download and burn my own, but I then go back and buy the distro/version that I settle on, in order to support their work. Another way to get several distros cheap is to go to lsl or cheapbytes http://cart.cheapbytes.com/cgi-bin/cart and pick up what you want for just above copying and shipping costs. Very cool.
OK. Now, just what's loose with this recent Mandrake 8.0 Beta install of mine? Yup, it's security time again... First a bit of chkconfig history: I understand from recent reading that chkconfig has been used in the Irix (SGI) system for about a decade, so probably pre-dating it's debut in RHL, you think? Now, we'll use the netstat command to have a look at active network connections, then we'll go about plugging holes. Warning - this isn't a pretty sight, but since I am behind two tiers of firewall, I was lax for a while, especially since I don't yet know whether this distro is staying, or not...
[root@grinch 2001]# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:32769 *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:6000 *:* LISTEN tcp 0 0 *:auth *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:631 *:* LISTEN tcp 0 0 *:665 *:* LISTEN tcp 0 0 *:33534 *:* LISTEN tcp 0 0 grinch:1023 dsl081-069-163.sfo1:ssh ESTABLISHED tcp 1 0 grinch:32770 dsl081-069-163.sfo1:www CLOSE_WAIT udp 0 0 *:666 *:* udp 0 0 *:xdmcp *:* udp 0 0 *:sunrpc *:* udp 0 0 *:631 *:* udp 0 0 *:1022 *:* udp 0 0 *:1023 *:*
Let's look at those services I can identify. For each of the unnamed services, I'll use lsof to identify the offender, like so:
[root@grinch 2001]# lsof -n | grep ":" | grep 32769 kdeinit 1914 bilbrey 6u IPv4 977045 TCP *:32769 (LISTEN) [root@grinch 2001]# ps -ax | grep 1914 1914 ? S 0:00 kdeinit: kxmlrpcd
First out of the gate, way up at port 32769, we have an instance of kdeinit. The PID is 1914, so a little more research using ps I see that it's a wea beastie called kxmlrpcd. Mmmm. Have to find out what that is, and why it's there... Next, we have sunrpc (aka portmap) a requirement if I plan on running NFS on this box, which I plan on doing soon, so that stays. Port 6000 is X listening for external connections. Now, for an external box, I'd shut that down in a heartbeat, probably by not running X, or certainly by editing the appropriate files in /etc/X11...
auth is the ident daemon, responding to pings and other related identity queries. We can do without that one, though some IRC servers won't let you connect for long if you don't respond to pings. I think most of us here are familiar with ssh, so we'll just acknowledge that it belongs, and move on. Port 631 is home to the cupsd, the new printer daemon. This makes the local printer available over the network, though it is (or can be, anyway) protected by a hosts.allow/hosts.deny style configuration file. Ports 665 tcp and 666 udp are home to amd, the automount daemon. Mmmmm. Why two, and why external? I can't remember off the top of my head. I don't use automounting, and unless I need it for the NFS stuff, I'll shut this one down.
33534 is kdm listening for external connections. We'll be shutting that one off. At port 1023 is an active ssh client session between Grinch and Grendel. xdmcp... X Display Manager Control Protocol. I've never seen this running on a box from a fresh install before. It's history.
There's several steps to be taken next, and I am out of time for tonight. We'll return to removing all the external connections that aren't desired in another edition, same bat time, same bat channel. Meantime, take care of each other.
Top / Site Map / Orb Home / Email to Bilbrey
Howdy. Getting an early start on the day, a frightening thought on a Friday when what I'd really like to do is sleep in. But I have an early appointment, and then a fight through later traffic to get to work.
Last night we called my niece Alexandra to wish her a happy fifth birthday. She and friends went to an ice cream parlor to celebrate (my bright sister figuring out that paid staff can clean up after a batch of five year olds better than she). Alex says she got the biggest ice cream sundae, because it's her birthday. We'll be popping up to Sacramento tomorrow for a lightning visit to hug the birthday girl, give her a present, and catch up with my sister and her husband. Then we'll shoot back down here, since I have an evening meeting for SBAY.org. I've missed these every month due to other obligations, and I'd really like to participate a bit more. Sunday should be restful, though.
One of the nice features of the new Bluefish (version 0.6, came out in January) is that it has a Custom Menu structure, user editable. This is extraordinarily handy, since I need a whole suite of custom XML tags to write the initial content file for the IBM tutorial. In the first iteration, on last month's KDE Themes gig, I hand built all the tags around pre-written content. The problem with that is pairing. IBM's XML parser is fanatic about correct (and correctly nested) opening and closing tags. This is because the original file is morphed into two different versions of HTML, two formats of PDF, and a zip file containing... ? one or both of those formats? I didn't pay attention to that one last time, I simply packaged the thing and mailed it off. Mmmm.
Oh, right. So anyway, I used both the XML Tag Reference guide, and example work from the Tutorial Authoring guidelines to generate a custom menu for this type of job. The menus are tear-away, so that I can stick up three small windows, for symbols, container tags, and formatting tags, off to the left of my editing window, and they're right there for me. Handy. Oh, sure, I could do the same thing with aliasing in Vim, but I've grown accustomed to this tool, for this type of work. If I had to work in a non-GUI environment, you bet I'd be on that route, though.
Last night I looked a little further into security and services on this box, and we'll continue that theme shortly. In the meantime, my time is gone for now, so you have a great day. Catch you later!
Top / Site Map / Orb Home / Email to Bilbrey
And we all know which road is paved with good intentions, don't we?
Really, I intended to pop back up here early yesterday evening, post a bit more about security, maybe whine about the week a bit, who knows what all? However, as I was leaving work yesterday, I found myself drawn towards Fry's. You see, while fundamentally I rather like this Mandrake 8 Beta, there are still cords and geegaws lying about in the dark-ish corners, waiting to trip me up. After all, it is a beta!
So I thought to myself (usually an extraordinarily bad warning sign) that I might as well try that distro that Tom's been having so much success with. It's across the 2.4 kernel / 2.2 glibc border, which I am OK with for my workstation, but theoretically, it's stable. Hmmm. Several things are true: The price is right, about 30% off retail at Fry's right now. There are a LOT of disks that come with SuSE 7.1 Professional - 7 CDs, 2 diskettes, and one DVD. Also there are three books, which aren't quite written for me as an audience, but then again, I've been using Linux for a bit.
Backed up /home and /usr/local to CDR, and then I was off to the races. Reboot with CD1 in the cupholder. Lots of questions, and a call to Tom for his interpretation on a question in the setup screen later, the disc started trundling, starting to load out the whole magilla. I figure I'd unfold the entire distro, have a quick look around to see what gets put where, then back out, re-partition, and do an install of the bits I wanted. So I became the meatspace emulation of a CD jukebox, swapping disks whenever prompted, taking a break for supper in the middle of the process.
When all was said and done, it booted up to kdm (the GUI login program that accompanies KDE), and I logged in. It works. Mmmm. An odd pre-opened console window - what's that for? and why does the screen look so ratty?
That last question was my downfall. During the configuration process, I'd selected the same resolution and color depth as I usually do, 1280x1024 @ 16bpp. But here it looked like junk. I nearly just fired up xvidtune, or popped up a terminal to hand edit the /etc/X11/XF86Config-4 file directly, but thought to myself (oooh, there it is again, that thinking thing.... not a good sign) that I might as well see what GUI configuration tools SuSE has to offer. Mmmm. Pretty. Asks all the right questions. Let me change the color depth... yup. OK. Test it - - - HANG!!!
Hangs badly. Very badly. Change to console fails. Three finger salute fails. Ballpoint pen in the reset hole of the front bezel succeeds. fsck of /usr partition fails. SuSE installation hosed. Core meltdown imminent (OK, that last bit's a lie).
I have work to do, and MDK Beta instabilities that I understand are better than a crashing distro that I don't yet grok. I haven't given up on SuSE, but it's not for my workstation while I still have a tutorial to write. So one more (much faster) YALI last night, and I was back where I started.
In other news, the short block still has not arrived at the dealership. Duane is embarrassed, but I don't feel sorry for him, as it's passing through the end of week 5 and on into week 6 of the truck repair oddessy. This'll end up taking longer than Walder's remodel, but at least we don't have to live in the mess of bits of Blazer spread across two technician bays - the dealership service department has that joy.
I am ... tired. It's been a long, long week. Next week's likely to be the same, and it's getting old. However, we're off to see the birthday girl for a while today, then a quick trip back down so that I can do the sbay.org thing tonight. Tomorrow's devoted to the tutorial writing gig, then the merry-go-round flashes past that brass ring thingy and starts another circuit. Maybe one day I'll hit the lottery and get off this bloody circus ride.
Have a nice day, see you tomorrow.
Top / Site Map / Orb Home / Email to Bilbrey
Morning. Fun trip up to Sacramento, next time we're going to have to figure a way to have more time over there. We spent less time there (a little less than 4 hours) than we did driving (a little less than 6 hours)...
...45 minutes later. I've been stumbling over some odd missing bits in Mandrake 8.0 Beta (all repaired now), and some interesting connectivity conundrums. I'm not sure what's going on, but there's a delay in everything I do, and for a moment or 5 there, I couldn't resolve the home page, even though I'm on the same network. I could ssh in, but not resolve. Weird. Name service problem of some kind, no doubt.
Time is gone for now. Marcia has some pictures up of our visit yesterday, and I'll be back later with something more useful to say. Now it's time to get ready for the Costco run, then I have a bunch of writing to do. TTFN
Top / Site Map / Orb Home / Email to Bilbrey
Visit the rest of the DAYNOTES GANG, a collection of bright minds and sharp wits. Really, I don't know why they tolerate me <grin>. My personal inspiration for these pages is Dr. Jerry Pournelle. I am also indebted to Bob Thompson and Tom Syroid for their patience, guidance and feedback. Of course, I am sustained by and beholden to my lovely wife, Marcia. You can find her online too, at http://www.dutchgirl.net/. Thanks for dropping by.
All Content Copyright © 1999-2001 Brian P. Bilbrey.