Suse 10.2 questions
in [Suse]
|
From: David Bolt on 16 Mar 2010 17:36 On Tuesday 16 Mar 2010 20:31, while playing with a tin of spray paint, houghi painted this mural: > David Bolt wrote: >> That was similar to how I worked with my old Windows newsreader. On >> connection, it would post any replies I'd made, both email and news, >> retrieve all the new ones and disconnect. > > It was Agent that kept me from going to Linux earlier. I believe the > first version I tried was 5.4, but realy started with 6.1 My first version was 6.1, followed by 6.3 and 6.4. Then I made the mistake of saving money by buying the abomination that was 7.0 personal. After that I made sure I always got the professional versions. >> It's still set to do transfers >> every 15 minutes, although I sometimes force a transfer between the >> automatic transfers. > > I also have it set to 15 minutes. :-) It works so good that each time I > need to remember to add it with a new install I don't. It's on only one system, although I have cloned the config and filter file to another system just in case. I did dabble with leafnode v2 for a while but am still using my own packaged v1.11.7. And now you can use zypper -dup to auto-add it when you upgrade :) >> That requires configuring it to allow connections outside the local >> network. The option allowstrangers defaults to 0 and, unless you had it >> listening on your external IP, it shouldn't have allowed connections. >> If it was, then if would still only allow connections from your ISPs >> other customers. Not much of a consolation, but it could have been >> worse. You could have been allowing connections from the entire world. > > It happend when I started with Linux. Firewalls where not yet a > standard. Now there's a thought. I can't remember when SuSEfirewall was first implemented. > At least not standard installed and certainly not activated. Once it was available, I always removed it during the installation. I was rolling my own ipchains, and later iptables, rules and didn't want something mucking them up for me. > You needed to so a lot of scarry stuff to your kernel and add things as > root. Which, quite interestingly, I found the separation of root and normal users to be quite natural. I should have found it strange given the years of working with single-user systems. At the time I actually started using SuSE, I was still using an Atari ST, which was definitely designed as a single-user system, and Windows 95 which also was really a single-user system with some multi-user abilities added on. And boy did I have lots of fun playing with Linux and doing all those things I couldn't do before, like building my own monolithic kernel, forgetting to add ext2 file system support and so making sure I couldn't boot up. That was a lot of fun to fix :-) > Commands I did not understand (and still do not) There's lots of commands I don't know, never mind understand. Heck, I didn't know about the ss command until someone posted about it. However, I'm spending more time teaching myself php, a lot of it by rewriting a lot of my bash scripts in php, and so I'm pouring over the php manuals far more than looking through what's available in my $PATH. > with iptables or > what not. When the 2.6 kernels came out and the change from ipchains to iptables came about, I specifically stayed with the 2.4 kernels just so I wouldn't have to make any changes. Then I bit the bullet and learnt how to do the same things with iptables as I was doing with ipchains. After I realised how similar they were, I moved to the 2.6 kernels and had no issues. Having said that, I'd probably need a bit of a reminder now so I could re-implement some of the old rules I had. Unfortunately, I didn't keep notes for the various rules, tables and chains I wrote. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M3 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11
From: David Bolt on 17 Mar 2010 05:59 On Wednesday 17 Mar 2010 00:01, while playing with a tin of spray paint, houghi painted this mural: > David Bolt wrote: >> My first version was 6.1, followed by 6.3 and 6.4. Then I made the >> mistake of saving money by buying the abomination that was 7.0 >> personal. After that I made sure I always got the professional >> versions. > > I can't remember if I bought the Personal or the Pro of what version. I > never had an issue with any of them. They just seemed to work. The 7.0 personal release was missing a lot of things I was used to with the previous 6.x releases and I ended up spending hours downloading the missing stuff. Wasn't exactly fun because for some packages, they were that large that the ftp server closed the control connection because the transfer took so long, and so YaST failed to install them. >> And now you can use zypper -dup to auto-add it when you upgrade :) > > Not sure if I trust that yet. I upgraded this system from 11.1 to 11.2 using it. I did forget about the lack of KDE3, and forgot to add the KDE3 build service repo, so I did end up with some stuff disappearing. However, that was easily fixed and now I am using KDE4.3.5 with some 3.5 packages that have yet to be ported, or in the case of Amarok, version 1.4 because the developers really dropped the ball with the new version 2+ releases. > I am old fashioned like that. And > re-installing also cleans up all the garbage I put on it and keeps me > sharp about what is going on. That's a good thing, and I do occasionally do fresh installs, and I've still to do at least one such install to upgrade my 10.3 systems. Usually I just do upgrades as it's quicker to get the system up and running as it was. >> was rolling my own ipchains, and later iptables, rules and didn't want >> something mucking them up for me. > > Never could get the hang of those rules and now I don't need to bother > about them. No, SuSEfirewall does appear to be significantly better than it used to be. Still doesn't mean I'm going to actually use it though. >>> You needed to so a lot of scarry stuff to your kernel and add things as >>> root. >> >> Which, quite interestingly, I found the separation of root and normal >> users to be quite natural. > > I understood the seperation. I just was scared as I did not know what I > was doing. That's a part of the fun. Breaking stuff and then trying to fix it. > But then I also never have compiled a working kernel myself, > s changing something to the kernel to me is identical to getting a > non-working system. The easiest way would be to clone the running kernel. Once you can clone the running kernel, then go on to try minor modifications. Finally, if you get everything working, start making bigger changes, or even building the latest vanilla kernel. It's been a long while since I built and used a vanilla kernel, so I think I might try and find some time to do that. Oh, and you can avoid the non-working system by using a virtual machine so if you do break it, it's not much of an issue. Heck, if you use snapshots, you can make one before you install the new kernel and so can easily revert if something is broken. >> I should have found it strange given the >> years of working with single-user systems. At the time I actually >> started using SuSE, I was still using an Atari ST, which was definitely >> designed as a single-user system, and Windows 95 which also was really >> a single-user system with some multi-user abilities added on. And boy >> did I have lots of fun playing with Linux and doing all those things I >> couldn't do before, like building my own monolithic kernel, forgetting >> to add ext2 file system support and so making sure I couldn't boot up. >> That was a lot of fun to fix :-) > > I never liked that part. There is so much more that I find interesting. > The kernel is the most boring part of it all. Compiling a kernel may not be the most interesting thing in the world, but fixing a great be fuckup can be. Can also be quite a relief, and a "D'oh" moment when you figure out what you did and how easy it is to fix[0]. >> However, I'm spending more time teaching myself php, a lot of it by >> rewriting a lot of my bash scripts in php, and so I'm pouring over the >> php manuals far more than looking through what's available in my $PATH. > > I unfortunatly do not have much time to do anything. Even have not yet > looked at 11.2. Not even downloaded anything and I even did not go to > FOSDEM. All work and no play make for a very dull boy. > Mine would be most likely very easy to implement. All I need is all > ports closed and only certain ports open and all via an ADSL router. But > as YaST handles that all fine, no need to look into it. I've relied on my router for some time now, which is mostly fine because I'm using NAT. The only issues are where I've some ports forwarded but there's only a few of those, and telnet and ssh are not included, and I keep a close eye on the ones that are just to make sure there's no vulnerabilities I don't know about. > Just looked up some samples and all I could think was: are the makers of > iptables retarded? And I understand why there is apparently still no > good GUI interface to do that stuff. I know there's a GUI interface called Firestarter. I've packaged it for several years now, initially because a friend asked me to do so, and later because I had a request from someone else who wanted it for a later version. It's hiding on the buildservice somewhere. As for whether it's any good, I don't know. I've never actually used it. [0] In my case, after the first broken system, I learnt to clone the LILO, and later GRUB, section for the supplied kernel and modify it for my built kernel. That way, if I broke it, I could still boot with the working kernel and fix the broken one. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M3 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11
From: David Bolt on 18 Mar 2010 17:26 On Wednesday 17 Mar 2010 13:50, while playing with a tin of spray paint, houghi painted this mural: > David Bolt wrote: >> The 7.0 personal release was missing a lot of things I was used to with >> the previous 6.x releases and I ended up spending hours downloading the >> missing stuff. Wasn't exactly fun because for some packages, they were >> that large that the ftp server closed the control connection because >> the transfer took so long, and so YaST failed to install them. > > Can't remember ever having that issue. Could be that I was already on > ADSL. I think a good part of the issue was because I was, at that time, only using a 14400 modem. I had a 28800 by the time 7.1 was released, and a 56k when 7.3 was released. >>> But then I also never have compiled a working kernel myself, >>> s changing something to the kernel to me is identical to getting a >>> non-working system. >> >> The easiest way would be to clone the running kernel. > > Did that once, but I don't see that as building a new kernel. Even if you make one by cloning the config, you are still building a new kernel. It may not be different to the one that you already have installed, but it was build on your machine by you. >> Once you can >> clone the running kernel, then go on to try minor modifications. > > And that is when I ended up with an unbootable system Tweak one or two things at a time. Don't remove the already installed kernel, and also leave it as the default. You can select your new kernel from the boot loader when you are ready to try it. That way, even if you do manage to break the kernel so it won't boot, you don't end up with a system that won't boot. >> Oh, and you can avoid the non-working system by using a virtual machine >> so if you do break it, it's not much of an issue. Heck, if you use >> snapshots, you can make one before you install the new kernel and so >> can easily revert if something is broken. > > When I started I was happy I had a running system. I was, at least for a few days. Then I started to get curious. > I had zero knowledge. Neither did I. Didn't stop me reading up on stuff, or playing about though. > Using a virtual machine was not an option. No, it wasn't. Still, I don't recall ever having to do a wipe and reinstall. I did get quite familiar with the rescue system for a short time though. >> Compiling a kernel may not be the most interesting thing in the world, >> but fixing a great be fuckup can be. Can also be quite a relief, and a >> "D'oh" moment when you figure out what you did and how easy it is to >> fix[0]. > > I do enough fuckups without the need to mess up the kernel. I'm very good at not doing many fuckups. Just don't ask my wife to confirm that though :-) >> All work and no play make for a very dull boy. > > Doing an extensive intranet site is also interesting. The closest I've come to doing that are putting up my own pages, and sometimes breaking things in the process. One issue was having various php pages served up as plain html due to the PHP module not being enabled after adding it to Apache. >> I've relied on my router for some time now, which is mostly fine >> because I'm using NAT. The only issues are where I've some ports >> forwarded but there's only a few of those, and telnet and ssh are not >> included, and I keep a close eye on the ones that are just to make sure >> there's no vulnerabilities I don't know about. > > Telnet is an absolute nono. Of course. > ssh is something I could not live without. I've not yet needed to have access via ssh to any of my systems. I've considered setting up a VPN so that I can do, if it's required, but I've not yet taken that plunge. > http is nice if I want to do a fast test even if I am not at home. I have to have http open anyway, since I host my own site. > ssh, > change to the directory, add the file and run the test. Change the file > again and test till it works. Well, without the ssh part, that's basically what I do. > Much easier then to use ftp after each change. Especially since FTP passes passwords and usernames in the clear. >> I know there's a GUI interface called Firestarter. I've packaged it for >> several years now, initially because a friend asked me to do so, and >> later because I had a request from someone else who wanted it for a >> later version. It's hiding on the buildservice somewhere. As for >> whether it's any good, I don't know. I've never actually used it. > > http://www.fs-security.com/download.php That's the one I build. > There is a source rpm, so > putting it anew on OBS should be trivial Not quite. I ended up writing my own spec file and doing some tweaking as it wouldn't build properly with their spec file. > for somebody who has more > brains then I have (which is about everybody. Especially this evening as > my pub is an rish one) Since it's now a day later, I guess you had a good time. Have you managed to recover properly from it though? Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M3 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11
From: David Bolt on 19 Mar 2010 07:35 On Thursday 18 Mar 2010 23:31, while playing with a tin of spray paint, houghi painted this mural: > David Bolt wrote: >> Tweak one or two things at a time. Don't remove the already installed >> kernel, and also leave it as the default. You can select your new >> kernel from the boot loader when you are ready to try it. That way, >> even if you do manage to break the kernel so it won't boot, you don't >> end up with a system that won't boot. > > I ment I was unable to boot from the new kernel. Can you remember why? I won't forget what broke my first kernel build and, at least for a while afterwards, double checked everything before starting the build. >>> Using a virtual machine was not an option. >> >> No, it wasn't. Still, I don't recall ever having to do a wipe and >> reinstall. I did get quite familiar with the rescue system for a short >> time though. > > I did several re-installs. Most of the time because I like doing the > installation. Now that's just weird. Most people hate doing that because it takes such a while to do. >>> Doing an extensive intranet site is also interesting. >> >> The closest I've come to doing that are putting up my own pages, and >> sometimes breaking things in the process. One issue was having various >> php pages served up as plain html due to the PHP module not being >> enabled after adding it to Apache. > > I am not making the pages myself. I have not enough knowledge. I do know > what is possible. I just don't know how to do it in a timely manner. > That is what we pay them for. I see. >>> ssh is something I could not live without. >> >> I've not yet needed to have access via ssh to any of my systems. I've >> considered setting up a VPN so that I can do, if it's required, but >> I've not yet taken that plunge. > > I can read my mails when I am at work or on a holiday. If I'm on holiday, the last thing I'd want to be doing is to be reading email. >> Since it's now a day later, I guess you had a good time. Have you >> managed to recover properly from it though? > > Just woke up about 4 hours ago, so I think I had a great time. :-D > Came home at around 10-ish I think that would qualify as a great time, as long as you weren't[0] in handcuffs at the time :-) [0] Or maybe were, depending on who had the keys to the handcuffs. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M3 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11
From: J G Miller on 19 Mar 2010 12:35 Op Vrijdag, 19 Maart 2010, 17:25:07 +0100, Houghi schreef: > No handcufs, but somehow I now own a whip, riding boots and a saddle. Do you take part in cavalry charges on striking workers?
First
|
Prev
|
Pages: 1 2 3 4 5 Prev: Etiquette question Next: Mod_rewrite, permalinks in WordPress solved! |