Hi,
the next LinuxDays preparation meeting is this friday afternoon
at 14:30 at the CRP. I won't be able to be there, so in case
someone can replace me...
The subject of the meeting will be the courses' subjects, with
a little agenda (description of the contents), and proposed
speakers.
There will also be propositions for the frame program (art, music,
robotics, ...).
So, we need to decide very quickly now what LiLux will propose for
courses, and write up at least the agendas (a few lines describing
the contents), and write up the names of people who can present
these courses.
Note for those who didn't see this before (I guess I wrote that
only to the admin list until now): the next LinuxDays will be
divided in two parts - 1) a business track at SI Expo, which
will consist in a series of presentations by some companies
and 2) two days of courses plus "villages" about different
themes, consisting of stands with computers where people can
come ask questions and try stuff out (i.e. no more expo and
presentations like the previous years) - this will be end of
january 2005.
So for LiLux:
The idea will be to have a "basic" course for beginners (really
basic, don't go into installation or CLI confusion, just using
an already installed system) - this we have partly prepared
with the basic course from the LinuxDays 2003 and the LinuxFest
2004.
Then, we should split up the "advanced" course from last year
into several shorter courses regarding different services.
This shouldn't be too hard I guess - any takers?
If we have the energy and manpower, we could also propose new
stuff - any proposals, people willing to do such stuff?
I think it is important to be realistic in our propositions,
or else we'll be really stretched in getting things done. We
can do quite some stuff, especially if more people are willing
to help out. Please join the effort! If we start now, we can
get some nice courses done - if we start late, it will get
painful. Preparing courses does take time to do properly.
Greetings & thanks in advance, Eric
I am checking the excellent news site www.theregister.co.uk almost every
day. Today I saw this interesting news article:
http://www.theregister.co.uk/2004/07/05/sender_authentication
Now, what a coincidence! This article matches our recent discussion!
The funny thing: It's probably coming sooner that even I expected in my
wildest dreams ;-) Microsoft will also play an important role.
Here is an extract of the article
<extract>
Sender ID is expected to be relatively simple to deploy, requiring
little ongoing maintenance. In essence, all you need to do is publish
the IP addresses of approved outgoing email MTAs in your domain name
records. When your users send email, the recipient can make sure the
mail is coming from authorized IP addresses by checking the DNS for the
domain in the "From:" field.
</extract>
Greetings, Patrick Kaell
Hi All,
I am looking for a complete CD/DVD set to install a Debian Sarge on a PC
currently without Linux.
Is a Sarge CD/DVD sufficient, or does this only permit to upgrade a
Woody installation?
Has anybody got these CDs/DVD so that I could copy them?
Regards,
-PU
Yes, I was a bit emotional in the last posts, and I wasn't always fair
resp. did not accept some facts to prove my point. Now I see that I
agree with Eric concerning important technical points, even if we have
different philosophical views.
Some may think that the subject may now be OT. Ok, these people can skip
this mail if they want. I believe that we are all concerned by mail
problems and that the last posts may also have put some facts in a new
light, so it may be worth to keep some key elements of it.
I agree that we should give up some freedom to get a bit more security.
There are already infected PC's (modificated Netsky worms) who are
sending "propaganda from the political right wing" to anybody using my
E-Mail address as sender. I know this because I get sometimes "mail
delivery errors". This is not nice, and I am ready to rethink and
reconfigure my system to make life harder for these abuses. But I must
get informed by the provider to prepare myself in advance.
I did not mention it anymore in the last post, but blocking port 25 was
not a problem for me at all (as I wrote the 28 May in this list). My
girlfriend couldn't send any mail as long as I was not there (because I
could't prepare myself in advance) but after I had identified the
problem I simply used the alternative port 587 (RFC conformant) to send
mail. I was glad that my mail provider Puretec supported this.
So blocking port 25 was not the problem. But you need a mail provider
who supports this alternative port.
Eric, I know I was a bit unfair by saying that nobody uses the ISP
provider's relay to send mail. There are many, I know. But there also
people who send mail through their mail provider's SMTP server, which is
perfectly legitimate.
Blocking port 25 and relaying customer's mails through the ISP
provider's server also makes sense at the moment. The ISP can filter the
mails for worms (which might otherwise not be possible) and can not only
log the connections but also the mail headers of all outbound mail
(although some packet filters might also be able to do this (to look
inside IP packets)). And you are right: There is currently no worm which
would send through the ISP relay. I can't you show one, because I know
of none. But as you said yourself: The internet today is not the
internet of 10 years ago. You will see that the internet of tomorrow
will not be the internet of today. In other words: The ISP mail relay
solution you are using is only a temporal solution. As soon as this
technique will be in widespread use (which will be the case if ISPs
block port 25 and only allow access to their own mail relay), the worms
(and the spammers who exploit remote controlled infected systems) *will*
abuse it (we both agree that this will be trivial).
The SMTP protocol dates back to 1983 and is not suitable anymore for
today's internet. But I dislike temporal solutions that have been
invented by several ISPs. I want a definitive solution that has been
developed by the internet community. Actually this already exists: SMTP
over SSL. It has already been implemented my all major mail clients
(including Mozilla, Eudora and even Outlook). Now is the time for the
ISPs to implement this community developed standard. And you do not need
port 25 anymore, as SSL uses port 443!
I wonder if PT actually guarantees you the "relay service", or if they
were just to lazy to configure their SMTP server otherwise (as I know PT
I suspect that the latter might be true).
Also remember that any PT customer is able to send mails using your ETH
address though the PT relay. Thus even by examining the mail header, I
can not verify that this mail is really coming from you (if you do not
signature your mail)! As long as your mail has not been relayed by ETH's
mail servers the authenticity of your mail is questionable. Ok, I know
that it is possible to fake the headers by spoofing ETH's IP addresses,
but this is outside the possibilities of infected PCs and spammers.
We need SMTP authentification over SSL, there is no way around this. The
other solutions are temporal at best.
Prepare that PT will block all non @pt.lu mails sometime in the future.
Hope that they will warn you on time!
Greeting, Patrick Kaell
Here an explanation for those who have no clue about SMTP:
Mail Client ------> My Mail Provider ------> Recipient's Mail Provider
SMTP SMTP
The "Mail Client" usually uses a dial up IP address. This is often an IP
address which is on a Black List. Therefore the "Recipient's Mail
Provider" would not accept it directly. The "Mail Client" therefore
sends the mail to the "My Mail Provider". This host can authentificate
the mail: the mail must be from the domain the "My Mail Provider"
administrates and the E-Mail address must exist. A spammer cannot use
"My Mail Provider" as an open relay because he has not a valid account
on this server. The "My Mail Provider" sends the mail to "Recipient's
Mail Provider". The "Recipient's Mail Provider" accepts the mail because
the "My Mail Provider" has a fixed IP address and this IP address is not
an a Black List.
For those who still do not understand why it is not a good idea for
Coditel to relay their customer's non xyz(a)coditel.lu addresses, here's
the explanation:
Unlike "My Mail Provider" Coditels relay could not ensure that I did not
fake my From field. Infact I could even use a non existent address (as
long the domain exists in the DNS). Coditel would essentially be an open
relay reserved for their own customers. The From field could be anything
a worm would find in a address database, Coditel's mail server could not
filter it.
Everybody understands?
I mean if you understand the SMTP protocol and the fact I do not want to
change my own E-Mail address everytime I change a dialup service, than
you will see that I use my dialup access in a *sensible* way.
And yes: The engineless car is waiting for you ;-))))))
Patrick Kaell
Fedora C1: MSI Mega 180 based PVR using MythTV (following Jarod's
Guide)(will change to Debian testing soon)
Debian testing: Asus L8400k personal Laptop
Debian testing: Testing PC
muLinux: Texting PC
greetings
Jang Lemmer
At Thursday, 01 July 2004, Thierry Coutelier <Thierry.Coutelier@linux.
lu> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Patrick Useldinger wrote:
>| I am not sure I should really do this, there's been too much arguing
>| already. But, looking at this from a different point of view, I am
>| curious to know who uses *which* distro for *what* purpose.
>|
>| So would you care, if you wish to participate, to send _one line per
>| distro you use_ to this mailing list, in the form:
>|
>| distro 1: purpose 1
>| distro 2: purpose 2
>| [...]
>|
>
>Fedora C1: desktop at work -> we wanted to stay on the RedHat line
>Suse9.1: desktop on my PC and laptop -> useful for giving courses
>Debian sarge: test PC
>RedHat 7.2: Production servers at work (should go to Fedora C2 when I
>finally get
>time to repackage our software)
>Fedora C1 (upgraded from RH9): Lilux server -> I's working.
>
>| Disto in the sense of Unix/Linux flavour.
>|
>|
>| _______________________________________________
>| Lilux-help mailing list
>| Lilux-help(a)lilux.lu
>| http://lilux.lu/mailman/listinfo/lilux-help
>
>- --
>Thierry Coutelier Président LiLux asbl
>7, Rue Jacques Sturm L-2556 Luxembourg
>Office:+352 710725 608 Home:+352 406776
>http://www.linux.lu/
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.3 (GNU/Linux)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFA47wlPOfrcNNQX7oRAtnLAKCJoPsJVUCo1XHQunflK7clD4+gcwCdFSxz
>IYvbQKKFJcYpAjO+vgDAsgA=
>=gFS4
>-----END PGP SIGNATURE-----
>_______________________________________________
>Lilux-help mailing list
>Lilux-help(a)lilux.lu
>http://lilux.lu/mailman/listinfo/lilux-help
>
----------------------------------------------------------
There are only 10 types of people in the world:
Those who understand binary and those who don't.
----------------------------------------------------------
===================================================================
EASY and FREE access to your email anywhere: http://www.web.lu/web2mail/
===================================================================
> > excuse me?
> > i _fully_ disagree with your opinion.
>
> Are you sure? A distro is only a fraction of all the things you have to
> choose. You have to start sometime. You can always change the distro
> later. Really. You are a good example for this (you have used all sorts
> of distros). You can even dual boot different distros and share the swap
> partition, the /home partition (uid and gid must be the same) and the
> /usr/local partition (for the self compiled programs).
a fraction?
what is a distro? what makes up a distro?
- the package management
- init tools
- system management tools
did i forget anything?
those 3 points (and mayba more) are different from distro to distro
(if you leave clones out).
those three points are very important to me when choosing a distro.
i agree with you that if you don't care whats under the hood, etc, and just
want to work, no matter how, and just let company X care about sec- probs
etc.... it doesn't matter what distro you use and it matters more whether you
choose xine or mplayer.
but if you care, or have to care, that's a big difference.
> > a distro is _VERY_ important.
> > not every distro is the same, not every distro feels the same or has the
> > same "features".
>
> As long as you are not *working*, this might make a big difference. As
> soon as the system is set up, people sometimes want also to do some
> *productive* things with their system. And then they may have chosen the
> best distro but still do not known if they should take mplayer or xine
> to watch movies for example.
see above...
> > i've been using over the years, all sorts of distros, and the one and
> > only i really feel comfortable with right now, is gentoo.
> > why? because it's source based, because it has IMO, the best package
> > manager and system of them all, because _"I"_ have the freedom to do
> > whatever i want,
>
> Sometimes, if you are a C programmer, you will not take the Gentoo
> package, but download the source right away from the project's homepage
> and modify things *yourself* for your needs. The Gentoo database will
> not know that this software is installed on your system (unless you
> package it yourself and take the pain to define the dependencies). The
> next time you install a Gentoo package that needs the software, it will
> install the package a second time without your patch.
sorry, but do you have any clue about gentoo ?
that might be right for rpm or deb or whatever, and the corresponding distros,
but not for gentoo!
gentoo is source-based anyway. if you wanna tweak stuff, it's a matter of secs
or max. mins, and you everything done, AND the system knows about your
software.
with gentoo, we speak of ebuilds, not packages.
ebuilds define how the pkmng-tool configures,compiles and installs your
software.
and to have deps right, that's easy....
you can as well have your ebuild included in portage, so others may profit of
it as well.
i don't see you problem with this...
> That's the reason why I prefer distros without dependency checking. You
> have seen a nice text editor optimized for LaTeX files? But you don't
> need LaTeX, you want to use the editor anyway for other things? What if
> the package maintainer of the LaTeX editor has decided for you that
> there is a dependency, 'emerge editorxyz' will also install LaTeX,
> unless you break dependencies explicitly.
NO!!!!!!!
ever heard of the "USE" variable ?
as i said b4, your assumptions may be right for suse, rh, mandr, deb,
whatever, but NOT!!!! for gentoo.
> Anyway, Gentoo does even not use the original software from the
> project's homepage, but specially patched versions.
NO!!!!!!!!!!!!!!!!
gentoo does mirror the software on many many servers. if the source-package is
not found there, it downloads it from the author's page.
but it may as well only download it from the author's page.
what is the problem with that?
i still don't see any.
and that gentoo patches _EVERY_ software is just plain wrong.
they do apply patches to some software, to fix bugs, or whatever.
but those patches are generally patches from the mailinglist of that project
or so.
> That is not how *I* define freedom! Freedom means to be independent from
> the distro, and (all Gentoo users should listen now) from the network
> connection!
let me tell you this....before you judge about something and make assumptions
about something you have obviously no clue about, TAKE THE TIME TO READ DOCS
AND GET A CLUE ABOUT IT!
> I want to be able to recover from a disc crash at *any* time by
> reinstalling the distro from CD, reinstalling all patches and
> applications from my archive and by restoring my data from my latest
> backup. What if the Gentoo people have given up the distro yesterday?
> You will not able to reinstall your system. You do not have paid for it,
> there is no guarantee that the Gentoo service will last forever.
yes you will be able.
what if slackware will be discontinued?
did you pay for it?
who cares if you paid for something, when they give it up?
your arguments are pretty bad.
gentoo people have grp's or bins, and yes we do have recue and live cds as
well.
read above...i don't wanna re-write everything...
> If Patrick Volkering gives up Slackware tomorrow, I will have plenty of
> time to migrate, because I have saved a copy of everything I downloaded
> and installed. I own my hardware and have everything under my control.
so do i.
and i bet i have more control over my distro than you have over yours
> What about servers? If you have servers, it is important to keep them
> all on the same patch level. If you install new patches, it is very wise
> to test them on a test platform for a few weeks (new packages *can*
> introduce problems). After the test, you have to install the tested
> packages, even if there are newer ones on the distros servers. 'emerge
> world' just doesn't cut it on servers! And our servers aren't even
> connected to the internet!
better inform yourself about what you write....
> But that is even the opposite of what you did. Didn't you find your
> favorite distro by *using* Linux instead of thinking before using??? Why
> do you recommend to the people a different learning curve than for
> yourself?
by think i include try.
maybe not try for years, but try.
sorry that i wasn't more explicit about that.
> I never said otherwise. I only said that it may not be as important as
> we all think.
that's your opinion.
not mine.
--
regards,
Georges Toth
