From jared at 23x.net Mon Dec 1 02:28:01 2003 From: jared at 23x.net (Jared ''Danger'' Earle) Date: Thu Nov 3 12:34:03 2005 Subject: telnet access In-Reply-To: <20031201035308.GA19994@panix.com> References: <5DCDDCAC-21E9-11D8-953D-000A95A6858C@rlpcon.com> <20031201035308.GA19994@panix.com> Message-ID: <3FCB1A1D.2010200@23x.net> Albert Lunde wrote: > A somewhat more "pure" TCP client, with some features > useful for network protocol testing, is "netcat" (available > via fink). Netcat is preinstalled on Panther. Welcome to Darwin! Uptime: 11:25 up 2:06, 2 users, load averages: 2.02 2.04 2.00 jearle@mantaray$ whereis nc /usr/bin/nc -- "Shiny!" jared@23x.net From shoop at iwiring.net Mon Dec 1 10:35:27 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:03 2005 Subject: telnet access In-Reply-To: <20031201035308.GA19994@panix.com> References: <5DCDDCAC-21E9-11D8-953D-000A95A6858C@rlpcon.com> <20031201035308.GA19994@panix.com> Message-ID: At 10:53 PM -0500 11/30/03, Albert Lunde wrote: >On Sun, Nov 30, 2003 at 07:07:17PM -0500, Dan Shoop wrote: >> [...] The telnet tool can connect to any port and >> pump data, but it's still using whatever service you've attached to. >> The telnet tool is just a simple data pump for opening a remote >> connection. > >And actually, while most of the time you can use a telnet client >to test TCP protocols that use ASCII commands on known ports >(like HTTP, SMTP, and NNTP), what you are getting with telnet >isn't quite a raw TCP socket. There's telnet-specific things >like options negotiation that usually lurk in the background. > >A somewhat more "pure" TCP client, with some features >useful for network protocol testing, is "netcat" (available >via fink). "simple" data pump, not pure The reason telnet is so often used is that it's pretty much ubiquitous. It's hard to find a system where it's not available. At 11:38 AM +0100 12/1/03, Jared ''Danger'' Earle wrote: >Netcat is preinstalled on Panther. Which is very good news! Thanks for that tidbit. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From jimstead at mac.com Mon Dec 1 11:02:02 2003 From: jimstead at mac.com (James E. Stead) Date: Thu Nov 3 12:34:03 2005 Subject: Server 10.3 erratic? In-Reply-To: References: <6ED55DB4-23A3-11D8-9A68-003065BDA9F4@mac.com> Message-ID: That's an excellent question. I'd guess probably, but am not sure what my client put in there, so I will check. These seems to be unlikely symptoms of bad memory, though, for a few reasons: (1) the memory has certainly been exercised before without any issues (why would an OS upgrade provoke the problem); (2) though the behavior is erratic in the sense that netinfo may or may not bind on a specific boot, it's always netinfo binding that is the problem, and it eventually does bind; and (3) once netinfo binds the machine runs indefinitely without problems (other than printing service). In my previous experiences with bad ram, the problems were rather unpredictable depending on which apps got loaded when and how they were exercised. How would memory be responsible for what we've seen? Thanks. Jim On Dec 1, 2003, at 1:35 PM, Dan Shoop wrote: > DO you have any non-Apple memory in your machine? > -- > > -dhan > > ----------------------------------------------------------------------- > - > Dan Shoop > shoop@iwiring.net > Consulting Internet Architect > shoop@mac.com > AIM: iWiring > > pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B > > iWiring designs and supports Internet systems and networks based on > Mac OS X, unix(tm), and Open Source applications technologies and > offers 24x7, guaranteed support to registered clients. How can we help? > > James E. Stead Software Engineer 407.252.3321 jimstead@mac.com From kremels at kreme.com Mon Dec 1 11:50:03 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:03 2005 Subject: Reasons to run Postfix in Panther In-Reply-To: References: <9E89EF94-22B1-11D8-A14B-000A277DD728@optonline.net> Message-ID: <6C54B7EA-2437-11D8-BEF0-000A95935598@kreme.com> On 30 Nov 2003, at 14:10, Dan Shoop wrote: > At 4:18 PM -0500 11/29/03, Charlie Root wrote: >> The ability to swat Junk Mail _before_ it gets to your mail program? > > "Postfix" is a mail program. It's an MTA. Itself it doesn't do > anything to scrub messages. Yes it does. It has both header and body filter tests that can be run. Of course, they are run on ALL messages without exception, so I only use them to check for dangerous attachment types. -- Rent a flat above a shop, cut your hair and get a job, smoke some fags and play some pool, pretend you never went to school and still you'll never get it right cuz when you're lay'n in bed at night watching the roaches climb the wall if you called your dad he could stop it all. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031201/be435764/smime.bin From Jeffrey.Hammond at trincoll.edu Mon Dec 1 12:15:03 2003 From: Jeffrey.Hammond at trincoll.edu (Hammond, Jeffrey) Date: Thu Nov 3 12:34:04 2005 Subject: help Message-ID: -----Original Message----- From: macosx-admin-request@omnigroup.com [mailto:macosx-admin-request@omnigroup.com] Sent: Monday, December 01, 2003 3:01 PM To: macosx-admin@omnigroup.com Subject: MacOSX-admin digest, Vol 1 #1300 - 18 msgs Send MacOSX-admin mailing list submissions to macosx-admin@omnigroup.com To subscribe or unsubscribe via the World Wide Web, visit http://www.omnigroup.com/mailman/listinfo/macosx-admin or, via email, send a message with subject or body 'help' to macosx-admin-request@omnigroup.com You can reach the person managing the list at macosx-admin-admin@omnigroup.com When replying, please edit your Subject line so it is more specific than "Re: Contents of MacOSX-admin digest..." Today's Topics: 1. Re: Reasons to run Postfix in Panther (Dan Shoop) 2. Re: telnet access (Alex Satrapa) 3. Re: Reasons to run Postfix in Panther (Steven Palm) 4. Re: Reasons to run Postfix in Panther (Barry Warsaw) 5. Re: Reasons to run Postfix in Panther (Steven Palm) 6. Re: telnet access (Dan Shoop) 7. Re: Reasons to run Postfix in Panther (Dan Shoop) 8. Re: Reasons to run Postfix in Panther (Brian Cully) 9. Re: Reasons to run Postfix in Panther (Dan Shoop) 10. Re: Reasons to run Postfix in Panther (William A. Carrel) 11. Server 10.3 erratic? (James E. Stead) 12. Re: Reasons to run Postfix in Panther (Chad Leigh -- ObjectWerks Inc.) 13. Re: Reasons to run Postfix in Panther (Dan Shoop) 14. Re: telnet access (Albert Lunde) 15. Re: telnet access (Jared ''Danger'' Earle) 16. Re: telnet access (Dan Shoop) 17. Re: Server 10.3 erratic? (James E. Stead) 18. Re: Reasons to run Postfix in Panther (Lukreme) --__--__-- Message: 1 Date: Sun, 30 Nov 2003 16:10:17 -0500 From: Dan Shoop Subject: Re: Reasons to run Postfix in Panther To: Charlie Root , macosx-admin@omnigroup.com At 4:18 PM -0500 11/29/03, Charlie Root wrote: >What are some reason _you_ run Postfix in 10.3? Postfix is a major improvement over sendmail and it's issues and concerns. It was designed as a drop-in sendmail replacement to "fix" mail aka "post" issues, get the catchy name? Of the major MTAs (sendmail, postfx, exim, qmail), it's the simplest to set up and operate, but not necessarily the most capable. It's good for small to moderate sized installations where you don't need to do much more than the expected things in your MTA. It's configuration is more approachable than sendmail's (which these days requires macro processor and macro language to configure) though not as elegant and streamlined as exim's. qmail is just to weird for my likes. exim is a bit of overkill for most people, so postfix is a good choice. (I run both on my various systems.) >Is it the _cool_ factor? Oh, yes, all us geeks score and extra 5 coolness points for every daemon we run, didn'tcha know? >The ability to swat Junk Mail _before_ it gets to your mail program? "Postfix" is a mail program. It's an MTA. Itself it doesn't do anything to scrub messages. >You are on a laptop and don't want to set SMTP here and there? Easier and better to relay (w AUTH) to your server elsewhere than run a local MTA, so that's not a good reason. I'd say people who cite this reason should reinvestigate what and how you can operate mail servers. >So... why do you run your own mail server? Because a unix system pretty much expects a local MTA or facility for sending mail by SMTP. Because operating an MTA is as important for any site as running a web server, et al. Because who else is better at controlling your mail delivery than you, the knowledgeable sysadmin (if that's not you than use someone's server that can make that statement.) -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? --__--__-- Message: 2 From: Alex Satrapa Subject: Re: telnet access Date: Mon, 1 Dec 2003 07:49:42 +1100 To: macosx-admin On 30 Nov 2003, at 06:42, Dan Shoop wrote: > At 4:25 PM -0500 11/28/03, Richard Peskin wrote: >> Is there a way to access a remote Panther system using telnet? Even >> though I have my Firewall set to pass the appropriate port, telnet >> attempts result in a connection refused message. My "appropriate port", do you mean that the remote machine, your local machine, and any routers in between are allowing your machine to establish a connection to the remote machine on that port? I know some ISPs (like mine!) block outgoing connections on port 25 - both to stop spammers and OutLook viruses. Perhaps the lack of access to port 25 isn't due to anything you've done (or not done)? > If you don't have telnet running as a service (which is a generally > BAD thing) What Dan means is that it's considered "A Bad Thing" to have the telnet service running, or to use telnet in general day-to-day work. This is because everything that you type in telnet is passed over the intermediate network in plain text. Security conscious people use SSH, which encrypts all communication between the two machines. People who use telnet where sensitive information is involved are generally the type who stand on hilltops in lightning storms watching the pretty lightning resolute in their belief that, "it won't happen to me!" That said, telnet is like the "swiss army knife" of Internet protocols - that is, you can use it to do all kinds of stuff it was never meant to do, and eventually you're going to cut off your finger while trying to lever open something with the blade ;) Regards Alex Usenet is like a herd of performing elephants with diarrhea -- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind-boggling amounts of excrement when you least expect it. --Gene Spafford --__--__-- Message: 3 From: Steven Palm Subject: Re: Reasons to run Postfix in Panther Date: Sun, 30 Nov 2003 15:59:32 -0600 To: macosx-admin@omnigroup.com On Nov 30, 2003, at 2:20 AM, Lukreme wrote: > In fact, if it wasn't nigh-impossible to figure out/understand/grok > SMTP AUTH with postfix it would be bloody perfect. There should be some nice HOWTO on that. If only someone who's been through the pain could suffer long enough to put one together... ;-) -. ----. -.-- - -.-- Steve Palm - n9yty@n9yty.com -. ----. -.-- - -.-- --__--__-- Message: 4 Subject: Re: Reasons to run Postfix in Panther From: Barry Warsaw To: Giuliano Gavazzi Cc: Michael J Wise , macosx-admin@omnigroup.com Organization: Proud To Be Windows Free Date: Sun, 30 Nov 2003 17:05:13 -0500 On Sat, 2003-11-29 at 18:12, Giuliano Gavazzi wrote: > well, then I run exim. It's better.. (no, I cannot really say that, > because I haven't tried postfix. I can say exim is extremely good > though.) I don't run an smtpd on my MacOSX boxes, but I run both Postfix and Exim on various mail servers I administer. I typically run Postfix on my home network because it's fast, small, security and very easy to configure. We run Exim on {python,zope}.org because it's extremely flexible for the more complex environment, and there's a very nice extension called elspy that lets us embed Python in Exim for all kinds of fancy schmancy filtering at every stage of SMTP. Both are fine mail servers with different philosophies and thus (IMO) preferred for different environments. -Barry --__--__-- Message: 5 From: Steven Palm Subject: Re: Reasons to run Postfix in Panther Date: Sun, 30 Nov 2003 16:05:39 -0600 To: macosx-admin@omnigroup.com On Nov 30, 2003, at 3:10 PM, Dan Shoop wrote: >> The ability to swat Junk Mail _before_ it gets to your mail program? > > "Postfix" is a mail program. It's an MTA. Itself it doesn't do > anything to scrub messages. Well, that's not *QUITE* true. If you set up Postfix as your mail host for incoming mail for your domain, then you can use it's UCE (Unsolicitied Commercial Email - SMAP) filter function to help filter it out before you pick up with your mail program (using a pop3 daemon or similiar on your local host to serve up the mail received by your postfix smtp daemon). -. ----. -.-- - -.-- Steve Palm - n9yty@n9yty.com -. ----. -.-- - -.-- --__--__-- Message: 6 Date: Sun, 30 Nov 2003 19:07:17 -0500 From: Dan Shoop Subject: Re: telnet access To: Alex Satrapa , macosx-admin At 7:49 AM +1100 12/1/03, Alex Satrapa wrote: >On 30 Nov 2003, at 06:42, Dan Shoop wrote: > >>At 4:25 PM -0500 11/28/03, Richard Peskin wrote: >>>Is there a way to access a remote Panther system using telnet? >>>Even though I have my Firewall set to pass the appropriate port, >>>telnet attempts result in a connection refused message. I think I've answered this, enable the telnet service in xinetd and you can access that system using the telnet protocol. The confusion is that the telnet *tool* can be used to connect to other services, but this is not accessing that remote system by telnet, that's accessing that system through whatever the service you're connecting to. The telnet tool can connect to any port and pump data, but it's still using whatever service you've attached to. The telnet tool is just a simple data pump for opening a remote connection. >[B]y "appropriate port", do you mean that the remote machine, your >local machine, and any routers in between are allowing your machine >to establish a connection to the remote machine on that port? The appropriate port, or more correctly "well known port" for telnet is 23. This doesn't mean you can't run your services on non-standard ports, I often direct port 23 (telnet) on some NAT servers to map to port 22 (ssh) on NAT networks where I need to reach more than one system by ssh. (This is just a nice recycling of low number ports and one I can easily remember, and if someone tries to telnet there they just get jibberish.) >I know some ISPs (like mine!) block outgoing connections on port 25 >- both to stop spammers and OutLook viruses. Perhaps the lack of >access to port 25 isn't due to anything you've done (or not done)? I'm hope everyone understands that telnet is port 23 and smtp is port 25. These are very different services. [As for ISPs that deny you use of certain services in misguided attempts to protect whomever I'd consider this a "degraded level of service" and switch ISPs to someone who can deliver what you expect, inbound and outbound traffic without restrictions. But I digress...] However, if you can't reach port 25 on your own machine's IP address, this isn't the cause. Routing assigns the NI itself as the preferred route to that IP address and it never hits your ISP. If you're using the telnet tool to check if a service like your MTA is up, then you connect to the port for that service, so telnet, the service, doesn't need to be running on that host. Example (SMTP AUTH): % perl -MMIME::Base64 -e \ 'print encode_base64("username\0mailaccount\0passwd");' c2hvb3AAc2hvb3ZZb2NlbG09NjM= % telnet smtp.mac.com 25 Trying 17.250.248.48... Connected to smtp.mac.com. Escape character is '^]'. 220 smtp-mx.mac.com ESMTP Service ehlo adsl-67-126-169-66.dsl.lsan03.pacbell.net 250-mac.com Hello adsl-67-126-169-66.dsl.lsan03.pacbell.net [67.126.169.66], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 3145727 250-AUTH PLAIN LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP AUTH PLAIN c2hvb3AAc2hvb3ZZb2NlbG09NjM= 235 2.0.0 OK Authenticated quit 221 2.0.0 mac.com closing connection Connection closed by foreign host. Example (POP3): % telnet localhost pop3 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK POP3 localhost v2000.69 server ready USER bob +OK User name accepted, password please PASS plover +OK Mailbox open, 0 messages LIST +OK Mailbox scan listing follows . QUIT +OK Sayonara Connection closed by foreign host. >>If you don't have telnet running as a service (which is a generally >>BAD thing) > >What Dan means is that it's considered "A Bad Thing" to have the >telnet service running, or to use telnet in general day-to-day work. >This is because everything that you type in telnet is passed over >the intermediate network in plain text. Security conscious people >use SSH, which encrypts all communication between the two machines. >People who use telnet where sensitive information is involved are >generally the type who stand on hilltops in lightning storms >watching the pretty lightning resolute in their belief that, "it >won't happen to me!" > >That said, telnet is like the "swiss army knife" of Internet >protocols - that is, you can use it to do all kinds of stuff it was >never meant to do, and eventually you're going to cut off your >finger while trying to lever open something with the blade ;) If you mean using the telnet *tool* to connect to other services, well that's not the telnet protocol at all and should never be confused as such. Best to be clear so that people don't think port 23 or the telnet service needs to be running in order to use the tool. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? --__--__-- Message: 7 Date: Sun, 30 Nov 2003 19:09:58 -0500 From: Dan Shoop Subject: Re: Reasons to run Postfix in Panther To: Barry Warsaw , Giuliano Gavazzi Cc: Michael J Wise , macosx-admin@omnigroup.com At 5:05 PM -0500 11/30/03, Barry Warsaw wrote: >On Sat, 2003-11-29 at 18:12, Giuliano Gavazzi wrote: > >> well, then I run exim. It's better.. (no, I cannot really say that, >> because I haven't tried postfix. I can say exim is extremely good >> though.) > >I don't run an smtpd on my MacOSX boxes, but I run both Postfix and >Exim on various mail servers I administer. I typically run Postfix on >my home network because it's fast, small, security and very easy to >configure. We run Exim on {python,zope}.org because it's extremely >flexible for the more complex environment, and there's a very nice >extension called elspy that lets us embed Python in Exim for all kinds >of fancy schmancy filtering at every stage of SMTP. FWIW, exim also has embedded Perl, which is *very* nice. Though if you're a Python person then obviously you prefer that. Point being though that this is one reason why I often prefer exim over Postfix, it's ability to embed code inside the MTA like this is huge. > Both are fine mail >servers with different philosophies and thus (IMO) preferred for >different environments. Right choice of tool for the right job. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? --__--__-- Message: 8 Cc: Michael J Wise , From: Brian Cully Subject: Re: Reasons to run Postfix in Panther Date: Sun, 30 Nov 2003 19:11:08 -0500 To: Giuliano Gavazzi On 29-Nov-2003, at 18:12, Giuliano Gavazzi wrote: > well, then I run exim. It's better.. (no, I cannot really say that, > because I haven't tried postfix. I can say exim is extremely good > though.) FSVO "better," of course. I prefer Postfix for simpler installations. It's much easier to configure, and it does a good 95% of what most people need it to do. I have used Exim, and it is /quite/ powerful. However, I avoid it unless I specifically need the power (such as using SQL user databases, header re-writes, or other such things that exim makes oh-so-possible). So that's my advice. If you're running a Big Mail Server, go with Exim, as you'll likely need it. If you have a standard Unix-y setup (such as OS X), Postfix is an easier solution that will do what you want. FWIW, I have SMTP-Auth working with Postfix, using GSSAPI (through SASL), so it's not impossible. -bjc --__--__-- Message: 9 Date: Sun, 30 Nov 2003 19:13:58 -0500 From: Dan Shoop Subject: Re: Reasons to run Postfix in Panther To: Steven Palm , macosx-admin@omnigroup.com At 4:05 PM -0600 11/30/03, Steven Palm wrote: >On Nov 30, 2003, at 3:10 PM, Dan Shoop wrote: >>>The ability to swat Junk Mail _before_ it gets to your mail program? >> >>"Postfix" is a mail program. It's an MTA. Itself it doesn't do >>anything to scrub messages. > > Well, that's not *QUITE* true. If you set up Postfix as your mail >host for incoming mail for your domain, then you can use it's UCE >(Unsolicitied Commercial Email - SMAP) filter function to help >filter it out before you pick up with your mail program (using a >pop3 daemon or similiar on your local host to serve up the mail >received by your postfix smtp daemon). Well there are features that contribute to UCE scrubbing, but including SpamAssasin or ClamAV with Postfix isn't a function of postfix itself, which was where I was headed with the comment. Making use of RBL lists or verifying senders, et al are common to most MTAs but not to be confused with the former packages which are separate. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? --__--__-- Message: 10 To: macosx-admin@omnigroup.com From: "William A. Carrel" Subject: Re: Reasons to run Postfix in Panther Date: Sun, 30 Nov 2003 16:25:07 -0800 In article <551840CE-2381-11D8-A0FE-000A95B1990C@n9yty.com>, Steven Palm wrote: > On Nov 30, 2003, at 3:10 PM, Dan Shoop wrote: > >> The ability to swat Junk Mail _before_ it gets to your mail > >> program? > > > > "Postfix" is a mail program. It's an MTA. Itself it doesn't do > > anything to scrub messages. > > Well, that's not *QUITE* true. If you set up Postfix as your mail > host > for incoming mail for your domain, then you can use it's UCE > (Unsolicitied Commercial Email - SMAP) filter function to help filter > it out before you pick up with your mail program (using a pop3 daemon > or similiar on your local host to serve up the mail received by your > postfix smtp daemon). You can also insert steps into Postfix's processing pathways to do things like run SpamAssassin and have it do the appropriate thing with incoming messages (i.e. mark them up with bonus X-Spam-Status: headers and what not). There are also some regex rules to block virus email at the gateway. This way Postfix rejects the email outright during the SMTP transaction. The mail server doesn't even have to bother with generating a bounce to a (probably forged) email address. It just responds with a permanent failure "554 Mail rejected (contained virus)". Postfix is in fact just as powerful as Exim (or Sendmail) for mail handling and processing, its just that the syntax and handling is a bit different, that's all. My only snipe at Postfix is that its ability to play nice with an LDAP directory has been somewhat lackluster (doing a lookup for every address of every message rather than caching results). This may have changed in more recent versions, it's been a year or so since I looked real hard at its abilities in this regard. As for SMTP AUTH, the second hit in a google search for "Postfix SMTP AUTH" was http://postfix.state-of-mind.de/patrick.koetter/smtpauth/ While written with the Linux admin in mind, the instructions should be adaptable to OS X or other BSDs. There is also a good Postfix email list (postfix-users@postfix.org / gmane.mail.postfix.user, I think) that questions are answered on. -- William A. Carrel --__--__-- Message: 11 To: macos-x-server@lists.apple.com, macosx-admin@omnigroup.com From: "James E. Stead" Subject: Server 10.3 erratic? Date: Sun, 30 Nov 2003 21:09:45 -0500 Greetings, A primary server at a client's has been exhibiting new and erratic problems in networking and printing services since moving from x server 10.2.8 to panther 10.3, and I wonder if anyone else has experienced anything similar? Initially I had attempted an upgrade install, but after unsatisfactory results wiped the disk and did a fresh install. The environment is now 10.3.1 server with the latest security patches on a G4 with 1.5 G memory, running the following services: AFP, DNS, Mail, NFS, Netinfo, and Windows. Print would be on that list if it came up. First the network services issue. The machine does not boot in a consistent time two times in a row. Sometimes it starts as it should, quickly, and all services (except Print) start properly. Other times the machine hangs for quite awhile, alternately "Waiting for Apple File Service" and "Waiting for IP Filter". When this occurs, netinfo will not bind properly (3 domains live on this server), and netinfo manager will show only the local domain. The system log shows "localhost DirectoryService[224]: NetInfo connection timeout: RPC: Timed out on initial connection to 127.0.0.1/local". This will sometimes self-repair after a period of time without a reboot... the netinfo domains will continue to try to rebind and eventually will succeed. Other times, a reboot will bring the machine up smoothly. None of this seems connected to any hardware issue, networking configuration, firewall, etc., but to the panther upgrade. Second, the print service issue. The initial problem with that after the upgrade was that windows users could no longer print using the server's queue. Within the last week that deteriorated; the service will no longer launch at all and the queues don't show up in server admin. Further, new queues cannot be created and the service cannot be started in server admin. It doesn't complain, though "Server Admin[487] Error result from makePrinterID = -1" shows up in the console, and "Reaped child process 335 ('/usr/sbin/PrintServiceMonitor'); quit with exit status 36." and "Process '/usr/sbin/PrintServiceMonitor' respawning too rapidly!" shows up in the watchdog log. This last still occurs after applying the Apple fix that creates the missing lp and postfix users. So is all going smoothly for everyone else? Thanks! Jim James E. Stead Software Engineer 407.252.3321 jimstead@mac.com --__--__-- Message: 12 Cc: MacosX Admin Reply-To: chad@objectwerks.com From: "Chad Leigh -- ObjectWerks Inc." Date: Sun, 30 Nov 2003 20:02:17 -0700 To: "Jared ''Danger'' Earle" Subject: Re: Reasons to run Postfix in Panther On Nov 30, 2003, at 4:37 AM, Jared ''Danger'' Earle wrote: > On 30 Nov 2003, at 09:20, Lukreme wrote: >> In fact, if it wasn't nigh-impossible to figure out/understand/grok >> SMTP AUTH with postfix it would be bloody perfect. > > That and the fact you can't rewrite outgoing headers. As a few people > here will know from other lists, I run the OSX-Nutters[1] list on > FreeBSD. Having tried Postfix, I returned to Sendmail, even after > enduring the mailman/postfix config permissions slog because I could > not implement Habeas headers in Postfix. > > Oh, and I just find Sendmail's virtusertable easier for multiple > domains running mailman and all manner of odd stuff. Maybe you should try "exim"... Chad > > Having said that, I recommend Postfix for people with fewer domains > and demands as it really is simpler for the basic stuff 99% of people > need. > > [1] http://www.tit-wank.com/mailman/listinfo/osx-nutters > -- > Jared Earle, Nightfall Games, jared@23x.net - http://www.23x.net > "Watashi-wa shin no SUPORUKU desu" > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin --__--__-- Message: 13 Date: Sun, 30 Nov 2003 22:27:54 -0500 From: Dan Shoop Subject: Re: Reasons to run Postfix in Panther To: macosx-admin@omnigroup.com At 4:25 PM -0800 11/30/03, William A. Carrel wrote: >You can also insert steps into Postfix's processing pathways to do >things like run SpamAssassin and have it do the appropriate thing with >incoming messages (i.e. mark them up with bonus X-Spam-Status: headers >and what not). I thing the point of delineation here is that these are not features of Postfix, which is what the initial poster alluded too. >Postfix is in fact just as powerful as Exim (or Sendmail) for mail >handling and processing, its just that the syntax and handling is a bit >different, that's all. This is debatable, though I don't care to start a religious war over it. And at some point ease and elegance play as important role as whether my blender can also be made to trim my hedge. Let's just say that both are good replacements for sendmail. I think the initial posters question was better phrased "why run a local MTA" rather than why run postfix specifically. I think this has been answered. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? --__--__-- Message: 14 Date: Sun, 30 Nov 2003 22:53:08 -0500 From: Albert Lunde To: macosx-admin Subject: Re: telnet access On Sun, Nov 30, 2003 at 07:07:17PM -0500, Dan Shoop wrote: > [...] The telnet tool can connect to any port and > pump data, but it's still using whatever service you've attached to. > The telnet tool is just a simple data pump for opening a remote > connection. And actually, while most of the time you can use a telnet client to test TCP protocols that use ASCII commands on known ports (like HTTP, SMTP, and NNTP), what you are getting with telnet isn't quite a raw TCP socket. There's telnet-specific things like options negotiation that usually lurk in the background. A somewhat more "pure" TCP client, with some features useful for network protocol testing, is "netcat" (available via fink). --__--__-- Message: 15 Date: Mon, 01 Dec 2003 11:38:21 +0100 From: "Jared ''Danger'' Earle" To: macosx-admin@omnigroup.com Subject: Re: telnet access Albert Lunde wrote: > A somewhat more "pure" TCP client, with some features > useful for network protocol testing, is "netcat" (available via fink). Netcat is preinstalled on Panther. Welcome to Darwin! Uptime: 11:25 up 2:06, 2 users, load averages: 2.02 2.04 2.00 jearle@mantaray$ whereis nc /usr/bin/nc -- "Shiny!" jared@23x.net --__--__-- Message: 16 Date: Mon, 01 Dec 2003 13:33:58 -0500 From: Dan Shoop Subject: Re: telnet access To: macosx-admin At 10:53 PM -0500 11/30/03, Albert Lunde wrote: >On Sun, Nov 30, 2003 at 07:07:17PM -0500, Dan Shoop wrote: >> [...] The telnet tool can connect to any port and >> pump data, but it's still using whatever service you've attached to. >> The telnet tool is just a simple data pump for opening a remote >> connection. > >And actually, while most of the time you can use a telnet client to >test TCP protocols that use ASCII commands on known ports (like HTTP, >SMTP, and NNTP), what you are getting with telnet isn't quite a raw TCP >socket. There's telnet-specific things like options negotiation that >usually lurk in the background. > >A somewhat more "pure" TCP client, with some features >useful for network protocol testing, is "netcat" (available via fink). "simple" data pump, not pure The reason telnet is so often used is that it's pretty much ubiquitous. It's hard to find a system where it's not available. At 11:38 AM +0100 12/1/03, Jared ''Danger'' Earle wrote: >Netcat is preinstalled on Panther. Which is very good news! Thanks for that tidbit. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? --__--__-- Message: 17 From: "James E. Stead" Subject: Re: Server 10.3 erratic? Date: Mon, 1 Dec 2003 14:01:22 -0500 To: macos-x-server@lists.apple.com, macosx-admin@omnigroup.com, Dan Shoop That's an excellent question. I'd guess probably, but am not sure what my client put in there, so I will check. These seems to be unlikely symptoms of bad memory, though, for a few reasons: (1) the memory has certainly been exercised before without any issues (why would an OS upgrade provoke the problem); (2) though the behavior is erratic in the sense that netinfo may or may not bind on a specific boot, it's always netinfo binding that is the problem, and it eventually does bind; and (3) once netinfo binds the machine runs indefinitely without problems (other than printing service). In my previous experiences with bad ram, the problems were rather unpredictable depending on which apps got loaded when and how they were exercised. How would memory be responsible for what we've seen? Thanks. Jim On Dec 1, 2003, at 1:35 PM, Dan Shoop wrote: > DO you have any non-Apple memory in your machine? > -- > > -dhan > > ---------------------------------------------------------------------- > - > - > Dan Shoop > shoop@iwiring.net > Consulting Internet Architect > shoop@mac.com > AIM: iWiring > > pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 > DE0B > > iWiring designs and supports Internet systems and networks based on > Mac OS X, unix(tm), and Open Source applications technologies and > offers 24x7, guaranteed support to registered clients. How can we > help? > > James E. Stead Software Engineer 407.252.3321 jimstead@mac.com --__--__-- Message: 18 From: Lukreme Subject: Re: Reasons to run Postfix in Panther Date: Mon, 1 Dec 2003 12:49:06 -0700 To: MacosX Admin --Apple-Mail-4--340850147 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On 30 Nov 2003, at 14:10, Dan Shoop wrote: > At 4:18 PM -0500 11/29/03, Charlie Root wrote: >> The ability to swat Junk Mail _before_ it gets to your mail program? > > "Postfix" is a mail program. It's an MTA. Itself it doesn't do > anything to scrub messages. Yes it does. It has both header and body filter tests that can be run. Of course, they are run on ALL messages without exception, so I only use them to check for dangerous attachment types. -- Rent a flat above a shop, cut your hair and get a job, smoke some fags and play some pool, pretend you never went to school and still you'll never get it right cuz when you're lay'n in bed at night watching the roaches climb the wall if you called your dad he could stop it all. --Apple-Mail-4--340850147 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGFjCC As8w ggI4oAMCAQICAwr/VzANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhh d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZy ZWVt YWlsIElzc3VpbmcgQ0EwHhcNMDMxMDI1MDYyNDQ2WhcNMDQxMDI0MDYyNDQ2WjBDMR8wHQYD VQQD ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFrcmVtZWxzQGtyZW1l LmNv bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDlLD6HFowlLpEgWSCmZc24i5v+ aq4L J1g/GEd81vPngcAMhFQWR4VKCpBxF7FW8JYCmlhy34rPjWJ82dcv+S3C1iWJC5QzLp8bWC3o 8lkZ qjhBNZkIsocGRh3n/XR7jfVg9CV69yPdsJXfskriY1ZXgMj2WfmQuJMeADmIJY+wFJevb4ij dbNB DHLQ2Qv5eKDsukga7DkuCWwgNrfDMfrG3SEU0OJLxEhFfU8FPnOx4STAfh3TTa4xEOQyuLG6 RKv1 1mKphTl9Vrbw7VkR0a8v8m8mS5S3FzCma1lW0wPnZNTZnCam0+YZ+ycoRZLWoUzZAFcszO4a 1mKphTl9Vrbw7VkR0a8v8m8mS5S3FzCma1lW0wPnZNTZnCam0+YZ+rVaa 6uXARrkCAwEAAaMuMCwwHAYDVR0RBBUwE4ERa3JlbWVsc0BrcmVtZS5jb20wDAYDVR0TAQH/ BAIw ADANBgkqhkiG9w0BAQQFAAOBgQCYWKSzadzMxvaYBC862AVbOsDzQ5hj/DDZ4FZNAW4hbg4W mIWt rVoMmVW959O2uxHW7tT2WU+MWK39d1sl4GPA32khEnXibTvJ4hX7P83B1oG8vMFL0xTbEJv6 rVoMmVW959O2uxHW7tT2WU+1hS6 RGb0fQ1KLrC7Fw1EMXs7Lz6dQqzTth5VNf4dYMKbUfEdzDCCAz8wggKooAMCAQICAQ0wDQYJ KoZI hvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNV BAcT CUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRp Zmlj YXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVl bWFp bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0w MzA3 MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3 dGUg Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwg SXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjA SXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+dQRw nd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn 8R+R NiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sC NiQqE88r1fOCdz0Dviv+uxg+AwEA AaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9j cmwu dGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjAp BgNV HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQAD gYEA SIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6 SIzRUIPqCy7MDaNmrGcPf6+GX6E sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341Yh eILc IRk13iSx0x1G/11fZU8xggLnMIIC4wIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3 dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJl ZW1h aWwgSXNzdWluZyBDQQIDCv9XMAkGBSsOAwIaBQCgggFTMBgGCSqGSIb3DQEJAzELBgkqhkiG 9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTIwMTE5NDkwN1owIwYJKoZIhvcNAQkEMRYEFIR+ndMc BwEwHAYJKoZIhvcNAQkFMQ8XDTAzMTIwMTE5NDkwN1owIwYJKoZIhvcNAQkEMRYEFIR+olI0 1KcNrJ1e3REmg5RgMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoT HFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVl bWFpbCBJc3N1aW5nIENBAgMK/1cwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpB MSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVy c29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDCv9XMA0GCSqGSIb3DQEBAQUABIIBAITV7iXi sG7X /ss2NS98cBGsyLlnKGOBtguQ2xRVm5RguZ9B6lN0qT3I4l2XeFjY8JuvOLl4Rk6GVQJZ2Rgj aLCL w0iyQLx5NNlyFhikSDOKivkmAjzlE+zyXP7RnLHRTrQttNMbZiKIl4432EXyflUBro1qZzpq w0iyQLx5NNlyFhikSDOKivkmAjzlE+Ixl3 ZOVzlBK/52q+TubgYTQdlCpUblFNErD6MUPzwfC1nSA7JFRp1vHV2wVneXjDogyNEY7IC6iq kggh ygEpegO3NpPwDSImoqrSDpj6Z/yyfrst04b4YiYz/aOQ+pLVi8VWDKdUlLcwAbkbbx0U8H0G liHD 5DHqoxIFqo1hhPpvjXhCKcMJkBkAAAAAAAA= --Apple-Mail-4--340850147-- --__--__-- _______________________________________________ MacOSX-admin mailing list MacOSX-admin@omnigroup.com http://www.omnigroup.com/mailman/listinfo/macosx-admin End of MacOSX-admin Digest From shawn at freetimesw.com Mon Dec 1 12:29:01 2003 From: shawn at freetimesw.com (Shawn Erickson) Date: Thu Nov 3 12:34:04 2005 Subject: help In-Reply-To: References: Message-ID: On Dec 1, 2003, at 12:13 PM, Hammond, Jeffrey wrote: [snip of list digest] Help? I suggest using a different email application. ;-) -Shawn From kremels at kreme.com Mon Dec 1 12:59:06 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:04 2005 Subject: Reasons to run Postfix in Panther In-Reply-To: <7A8ED676-2380-11D8-A0FE-000A95B1990C@n9yty.com> References: <9E89EF94-22B1-11D8-A14B-000A277DD728@optonline.net> <01F3868A-230E-11D8-993C-000A95935598@kreme.com> <7A8ED676-2380-11D8-A0FE-000A95B1990C@n9yty.com> Message-ID: <2AFC3AE4-2441-11D8-BEF0-000A95935598@kreme.com> On 30 Nov 2003, at 14:59, Steven Palm wrote: > On Nov 30, 2003, at 2:20 AM, Lukreme wrote: >> In fact, if it wasn't nigh-impossible to figure out/understand/grok >> SMTP AUTH with postfix it would be bloody perfect. > > There should be some nice HOWTO on that. If only someone who's been > through the pain could suffer long enough to put one together... ;-) Tehre are too many variables, and it involves building at least two porgram from source (cyrus-sasl and postfix). this means integrating the sasl with your postfix options. I have postfix built for sasl: /usr/sbin/postfix: libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28076000) libssl.so.3 => /usr/local/lib/libssl.so.3 (0x2808a000) libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x280bb000) libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x281bf000) libc.so.5 => /usr/lib/libc.so.5 (0x281ca000) /usr/local/libexec/postfix/smtpd: libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x2809b000) libssl.so.3 => /usr/lib/libssl.so.3 (0x280af000) libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x280e0000) libmysqlclient.so.10 => /usr/local/lib/mysql/libmysqlclient.so.10 (0x281eb000) libz.so.2 => /usr/lib/libz.so.2 (0x28209000) libm.so.2 => /usr/lib/libm.so.2 (0x28217000) libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x28234000) libc.so.5 => /usr/lib/libc.so.5 (0x2823f000) libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x28317000) but at some point upgrading something else (I really think it was something else, and not sasl) I started getting: # sasldblistusers2 can't getkeyhandle listusers failed (and yes, saslauthd -a pam is running) so the sasl is completely broken. reinstalling it doesn't work, and the info on sasl is sparse to say the least. -- Do not meddle in the affairs of wizards for they are subtle and quick to anger. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031201/3f2b37d1/smime.bin From Jukka.Leino at a-lehdet.fi Mon Dec 1 21:56:03 2003 From: Jukka.Leino at a-lehdet.fi (Jukka.Leino@a-lehdet.fi) Date: Thu Nov 3 12:34:04 2005 Subject: nfs home not available after startup Message-ID: I have netinfo users in 10.2 server and home directories are shared with nfs. This works fine with 10.2 clients but 10.3 clients sometimes (after startup) log in with default dock and and prefs. And when You log out and back in You get Your own prefs but dock prefs are lost. I guess this is because 10.3 boots too fast that nfs automount is not ready. But it is ready when you log out so dock prefs are saved... Is there some way I can prevent login if nfs automount are not ready? Jukka From shmit at kublai.com Tue Dec 2 00:16:01 2003 From: shmit at kublai.com (Brian Cully) Date: Thu Nov 3 12:34:04 2005 Subject: nfs home not available after startup In-Reply-To: References: Message-ID: On 2-Dec-2003, at 00:55, Jukka.Leino@a-lehdet.fi wrote: > I guess this is because 10.3 boots too fast > that nfs automount is not ready. But it is ready > when you log out so dock prefs are saved... Panther is /way/ too aggressive about this. To the point that when I had it set to automatically log me in, I would get default desktop pictures, because the external FireWire drive that my pictures are on hasn't mounted yet. I've had this happen locally with shared home directories as well (IOW, when I log into the OpenDirectory host itself as a OD user, I won't have a home directory available yet. Waiting a second before initial login, or logging out and logging in, as you say, cures the problem). > Is there some way I can prevent login > if nfs automount are not ready? Well, the complete hack is to edit /System/Library/StartupItems/LoginWindow/LoginWindow. Put a "sleep 60" or however long you need for AFP to come up before you start loginwindow. -bjc From vicryan at pop500.gsfc.nasa.gov Tue Dec 2 03:41:00 2003 From: vicryan at pop500.gsfc.nasa.gov (James V. Ryan {Vic}) Date: Thu Nov 3 12:34:04 2005 Subject: Monitor display looks like a photo negative?? Message-ID: Original Xserver at 10.2.8 Apple 20" crt display direct connect to Xserve. One on my users was signed on and laid some books on the keyboard while the screensaver was running. Something happened and now the display appears as if your looking at a negative picture. Signing off and on as another user, the display is normal. Signing on as the first user and the display is again negative. Has anyone seen this before, so far nothing I can find nothing to correct it. Thanks for any pointers, Vic -- James V. Ryan Mission Applications Branch GSFC, Bldg. 23 Computer Systems Administration Code 583, Room 322 Q VicRyan@pop500.gsfc.nasa.gov Greenbelt, MD 20771 301-286-6053/8869 From seiryu at comcast.net Tue Dec 2 03:51:01 2003 From: seiryu at comcast.net (Nick Zitzmann) Date: Thu Nov 3 12:34:04 2005 Subject: Monitor display looks like a photo negative?? In-Reply-To: References: Message-ID: On Dec 2, 2003, at 3:41 AM, James V. Ryan {Vic} wrote: > One on my users was signed on and laid some books on the > keyboard while the screensaver was running. Something > happened and now the display appears as if your looking > at a negative picture. Signing off and on as another user, > the display is normal. Signing on as the first user and the > display is again negative. The books probably "hit" Cmd-Option-Ctrl-8, which toggles black-on-white mode. You can also toggle it in the Universal Access preference pane... Nick Zitzmann AIM/iChat: dragonsdontsleep Check out my software page: http://seiryu.home.comcast.net/ S/MIME signature available upon request "That's a funny thing to promise. Well, you can't never let anything happen to him [Nemo]; then, nothing would ever happen to him." - Dory, from the movie "Finding Nemo" From dev+lists at humph.com Tue Dec 2 04:20:10 2003 From: dev+lists at humph.com (Giuliano Gavazzi) Date: Thu Nov 3 12:34:04 2005 Subject: nfs home not available after startup In-Reply-To: References: Message-ID: At 3:15 am -0500 2003/12/02, Brian Cully wrote: >On 2-Dec-2003, at 00:55, Jukka.Leino@a-lehdet.fi wrote: > >>I guess this is because 10.3 boots too fast >>that nfs automount is not ready. But it is ready >>when you log out so dock prefs are saved... > > Panther is /way/ too aggressive about this. To the point that >when I had it set to automatically log me in, I would get default >desktop pictures, because the external FireWire drive that my >pictures are on hasn't mounted yet. > see man hdid: If you get the error "no mountable filesystems" and you believe that the image does contain mountable filesystems, you may be running into a problem common when remotely logged in to a machine with no one logged in on console. diskarbitrationd won't mount removable media until the SystemUIServer process is running for the console user (in a managed environment, it controls what can be mounted). On a non-managed sys- tem, the boolean AutomountDisksWithoutUserLogin can be safely set in /Library/Preferences/SystemConfiguration/com.apple.DiskArbitra- tion.diskarbitrationd.plist. You can also manually mount filesystems in the image after attaching the image with -nomount. or perhaps even: http://www.macosxhints.com/article.php?story=20031103155828117 according to the latter the file to be created is /Library/Preferences/SystemConfiguration/autodiskmount.plist with the following content: AutomountDisksWithoutUserLogin [note that there is no line-break in the DOCTYPE, just a space] Having said so, I have this file but by mistake with a false value, and it also works, or so it looks... Giuliano -- H U M P H || ||| software Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X http://www.humph.com/ From mvanhorn at cs.wright.edu Tue Dec 2 04:42:01 2003 From: mvanhorn at cs.wright.edu (Mike VanHorn) Date: Thu Nov 3 12:34:04 2005 Subject: can't login from 10.3.1. client Message-ID: I have an XServe running 10.2.8, some clients running 10.2.8 and one client running 10.3.1. Home directories and netinfo are shared from the XServe. On the 10.2.8 clients, everything works fine, users can login and get their files. On the 10.3.1 clients, netinfo is working, but there is a hang up with the home directories. On the XServe, the home directories are listed as /Network/Servers/servername/path/to/homedirectory and on the 10.2.8 clients, /Network/Servers/servername is a symlink to /private/Network/Servers/servername, and, as I said, that all works. On the 10.3.1 client, there is no /Network/Servers directory; instead, there is /Network/servername, where servername is a symlink to /private/var/automount/Network/servername. So, I *think* the problem is that, when a user logs in, the systems tried to put the user in /Network/Servers/servername/path/to/home, but, on the 10.3.1 client, the path would actually be /Network/servername/path/to/homedirectory (the string "Servers" is missing). On the XServe, in WorkgroupManager, the home directory is simply specified as afp://servername/path/to/homedirectory, but is specified as /Network/Servers/path/to/homedirectory in NetInfo. Also, in WorkgroupManager, the share that is the homedirectory can either be "dynamically mounted" in /Network/Servers (which doesn't work, since there is no /Network/Servers on the 10.3.1 client) or statically mounted on whatever we want (currently, it's /Network/Servers), but it seems to me that manually changing where it should go via the "statically mount" field would mess up what is supposed to just happen automatically. Is there some way to tell 10.3.1 to use the /Network/Server/ directory when mounting things? -- Mike VanHorn Senior Computer Systems Administrator College of Engineering and Computer Science Wright State University mvanhorn@cs.wright.edu 937-775-5157 http://www.cs.wright.edu/~mvanhorn/ From Philip.Moetteli at tele2.ch Tue Dec 2 06:22:00 2003 From: Philip.Moetteli at tele2.ch (=?ISO-8859-1?Q?Philip_M=F6tteli?=) Date: Thu Nov 3 12:34:04 2005 Subject: Bizarre text object... Message-ID: Hi I have a very strange problem: In TextEdit, Fire, Colloqui, iChat and probably some others, the text input is treated in a special way. As long as I type ordinary characters, there's no problem. The moment I type a space, a comma, a dot, a question mark or thelike, it is printed twice. So I have two question marks, two spaces and so on. iChat reacts a little bit different. At every occurence of the error, it displays a dialog box saying: NSInternalInconsistencyException: Invalid parameter not satisfying: (index >= 0) && (index < (_itemArray ? CFArrayGetCount(_itemArray) : 0)) And I have to confirm it ? which is of course very annoying and renders it virtually unusable. Fortunately, I do not have this error in MailViewer, Xcode and all the other applications I've been using so far. This error appeared for the first time in Panther. I never had it before. Not even in prereleases. Does anybody know, what the problem could be? Thanks Phil From rbogue at phy.ilstu.edu Tue Dec 2 06:40:09 2003 From: rbogue at phy.ilstu.edu (Ross Bogue) Date: Thu Nov 3 12:34:04 2005 Subject: can't login from 10.3.1. client In-Reply-To: References: Message-ID: At 7:41 AM -0500 12/2/03, Mike VanHorn wrote: > >Is there some way to tell 10.3.1 to use the /Network/Server/ >directory when mounting things? Like you, I found I had to change my NetInfo records when I started updating clients to 10.3. Unlike you, I found the /Network/Servers/ tree to work. Here's the scheme that worked for me: My server is still exporting homes as afp://server.mydomain.edu/Users2/username (and Users3/username, etc). That's unchanged. I do not have "mounts" entries for those disks on my NetInfo server. My NetInfo server (not the same machine as my fileserver at the moment) lists the user's home as /Network/Servers/server.mydomain.edu/Users2/username, and the home_loc as afp://server.mydomain.edu/Users2/username. That was a change. There used to be a .../Volumes/... in there. (Mike Bartosh once suggested that I list homes as /Users/username instead of in /Network/Servers/. I never could get that to work.) Ross -- Dr. Ross Bogue Physics Department Illinois State University From magill at mcgillsociety.org Tue Dec 2 07:09:02 2003 From: magill at mcgillsociety.org (William H. Magill) Date: Thu Nov 3 12:34:04 2005 Subject: netcat In-Reply-To: References: <5DCDDCAC-21E9-11D8-953D-000A95A6858C@rlpcon.com> <20031201035308.GA19994@panix.com> Message-ID: <60DB65F2-24D9-11D8-BDC7-000393768D2C@mcgillsociety.org> On 01 Dec, 2003, at 13:33, Dan Shoop wrote: > At 11:38 AM +0100 12/1/03, Jared ''Danger'' Earle wrote: >> Netcat is preinstalled on Panther. > > Which is very good news! Thanks for that tidbit. It is? Where? The only copy I find on my clean install (with xtools) is from either DarwinPorts or Fink. (and zsh) /usr/share/zsh/4.1.1/functions/_netcat T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a magill@mcgillsociety.org magill@acm.org magill@mac.com From mvanhorn at cs.wright.edu Tue Dec 2 07:15:10 2003 From: mvanhorn at cs.wright.edu (Mike VanHorn) Date: Thu Nov 3 12:34:04 2005 Subject: can't login from 10.3.1. client In-Reply-To: References: Message-ID: >My NetInfo server (not the same machine as my fileserver at the >moment) lists the user's home as >/Network/Servers/server.mydomain.edu/Users2/username, and the >home_loc as >afp://server.mydomain.edu/Users2/username. > >That was a change. There used to be a .../Volumes/... in there. Did this work for both the 10.3 clients AND the 10.2 clients, or did you have to move all the client machines to 10.3? -- Mike VanHorn Senior Computer Systems Administrator College of Engineering and Computer Science Wright State University mvanhorn@cs.wright.edu 937-775-5157 http://www.cs.wright.edu/~mvanhorn/ From jared at 23x.net Tue Dec 2 07:23:01 2003 From: jared at 23x.net (Jared ''Danger'' Earle) Date: Thu Nov 3 12:34:04 2005 Subject: netcat In-Reply-To: <60DB65F2-24D9-11D8-BDC7-000393768D2C@mcgillsociety.org> References: <5DCDDCAC-21E9-11D8-953D-000A95A6858C@rlpcon.com> <20031201035308.GA19994@panix.com> <60DB65F2-24D9-11D8-BDC7-000393768D2C@mcgillsociety.org> Message-ID: <3FCCAE17.804@23x.net> William H. Magill wrote: >>> Netcat is preinstalled on Panther. >> >> Which is very good news! Thanks for that tidbit. > > It is? Where? /usr/bin/nc ...exactly where I said in my first post: Jared ''Danger'' Earle wrote: > Netcat is preinstalled on Panther. > > Welcome to Darwin! > Uptime: 11:25 up 2:06, 2 users, load averages: 2.02 2.04 2.00 > jearle@mantaray$ whereis nc > /usr/bin/nc -- "Shiny!" jared@23x.net From magill at mcgillsociety.org Tue Dec 2 07:26:02 2003 From: magill at mcgillsociety.org (William H. Magill) Date: Thu Nov 3 12:34:04 2005 Subject: nfs home not available after startup In-Reply-To: References: Message-ID: On 02 Dec, 2003, at 07:19, Giuliano Gavazzi wrote: > At 3:15 am -0500 2003/12/02, Brian Cully wrote: >> On 2-Dec-2003, at 00:55, Jukka.Leino@a-lehdet.fi wrote: >> >>> I guess this is because 10.3 boots too fast >>> that nfs automount is not ready. But it is ready >>> when you log out so dock prefs are saved... >> >> Panther is /way/ too aggressive about this. To the point that when I >> had it set to automatically log me in, I would get default desktop >> pictures, because the external FireWire drive that my pictures are on >> hasn't mounted yet. >> > > see man hdid: > > If you get the error "no mountable filesystems" and you > believe that > the image does contain mountable filesystems, you may be > running into a > problem common when remotely logged in to a machine with no one > logged > in on console. diskarbitrationd won't mount removable media > until the > SystemUIServer process is running for the console user (in a > managed > environment, it controls what can be mounted). On a > non-managed sys- > tem, the boolean AutomountDisksWithoutUserLogin can be safely > set in > /Library/Preferences/SystemConfiguration/com.apple.DiskArbitra- > tion.diskarbitrationd.plist. You can also manually mount > filesystems > in the image after attaching the image with -nomount. > > or perhaps even: > > http://www.macosxhints.com/article.php?story=20031103155828117 > > according to the latter the file to be created is > /Library/Preferences/SystemConfiguration/autodiskmount.plist > > with the following content: > > > "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> > > > AutomountDisksWithoutUserLogin > > > > [note that there is no line-break in the DOCTYPE, just a space] > > Having said so, I have this file but by mistake with a false value, > and it also works, or so it looks... Easiest way to "fix" this -- one line from the terminal: sudo defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin true Will automatically generate the appropriate file and syntax. T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a magill@mcgillsociety.org magill@acm.org magill@mac.com From rbogue at phy.ilstu.edu Tue Dec 2 07:53:01 2003 From: rbogue at phy.ilstu.edu (Ross Bogue) Date: Thu Nov 3 12:34:04 2005 Subject: can't login from 10.3.1. client In-Reply-To: References: Message-ID: At 10:14 AM -0500 12/2/03, Mike VanHorn wrote: > >Did this work for both the 10.3 clients AND the 10.2 clients, or did >you have to move all the client machines to 10.3? I've just started the upgrade. I have an eclectic mixture of 10.2.x and 10.3 clients. And even though you didn't ask: My OSXS server is still at 10.1.4. I'll be upgrading it to 10.3 over the Christmas break. My NetInfo server (not the same machine as the OSXS file server for historical reasons) is a beige G3 I pressed into service. It's running 10.2.8 client. Ross -- Dr. Ross Bogue Physics Department Illinois State University From cthacker at casmail.ucsf.edu Tue Dec 2 08:43:07 2003 From: cthacker at casmail.ucsf.edu (chris thacker) Date: Thu Nov 3 12:34:04 2005 Subject: network timing out issues... In-Reply-To: References: Message-ID: <72D20F08-24E6-11D8-AD41-0003931CE9CA@casmail.ucsf.edu> I didn't have this problem last month. Sometime since upgrading to Panther (or possibly some other change) I have been getting some network "timed out" errors. I get these when downloading a file from the web. [such as a shareware application from download.com] Safari's download window often says, "timed out", next to the file I tried to download after a partial download. I get these when connecting to a hotline server. [the same one(s) i connected to without problems before] Every minute or so a hotline error pops up saying, "Network error: pending action incompatible with requested action". I get these when downloading with SpeedDownload 2. I have to keep stopping and restarting the download every once in a while until it finishes. I'm using 10.3.1. Linksys wireless 4 hub router with the latest firmware. Perhaps it's a 10.3.1 issue? Any ideas? ------------------- Chris Thacker Campus Life Services - Information Systems University of California at San Francisco [ help desk ] 415 502-5511 [direct line] 415 514-3373 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1211 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031202/00340fb2/attachment.bin From c01nhe at cs.umu.se Tue Dec 2 09:31:28 2003 From: c01nhe at cs.umu.se (Nils Hjelte) Date: Thu Nov 3 12:34:04 2005 Subject: Changing G5 processor performance setting from command line In-Reply-To: References: Message-ID: <2F7B34B2-24ED-11D8-B987-000A9599B30E@cs.umu.se> Is there any way to change the processor performace setting of the PowerMac G5 (Highest/Automatic/Reduced) from the command line? I mean something like "defaults write com.apple.system ProcessorPerformance Highest/Automatic/Reduced" From shawn at freetimesw.com Tue Dec 2 10:16:02 2003 From: shawn at freetimesw.com (Shawn Erickson) Date: Thu Nov 3 12:34:04 2005 Subject: Changing G5 processor performance setting from command line In-Reply-To: <2F7B34B2-24ED-11D8-B987-000A9599B30E@cs.umu.se> References: <2F7B34B2-24ED-11D8-B987-000A9599B30E@cs.umu.se> Message-ID: <76791329-24F3-11D8-9BD8-000A95A6C778@freetimesw.com> On Dec 2, 2003, at 9:30 AM, Nils Hjelte wrote: > Is there any way to change the processor performace setting of the > PowerMac G5 (Highest/Automatic/Reduced) from the command line? > > I mean something like "defaults write com.apple.system > ProcessorPerformance Highest/Automatic/Reduced" Running a diff on the user defaults before and after changing the energy saver setting it doesn't look like an easy setting exists. I see a large blob of binary data change related to the SystemPreferences.app. It would be hard to modify this safely using the default command. Is this fully conclusive no... -Shawn From cwolf at mac.com Tue Dec 2 10:24:10 2003 From: cwolf at mac.com (Christopher Wolf) Date: Thu Nov 3 12:34:04 2005 Subject: Changing G5 processor performance setting from command line In-Reply-To: <76791329-24F3-11D8-9BD8-000A95A6C778@freetimesw.com> References: <2F7B34B2-24ED-11D8-B987-000A9599B30E@cs.umu.se> <76791329-24F3-11D8-9BD8-000A95A6C778@freetimesw.com> Message-ID: On Dec 2, 2003, at 1:15 PM, Shawn Erickson wrote: > > On Dec 2, 2003, at 9:30 AM, Nils Hjelte wrote: > >> Is there any way to change the processor performace setting of the >> PowerMac G5 (Highest/Automatic/Reduced) from the command line? >> >> I mean something like "defaults write com.apple.system >> ProcessorPerformance Highest/Automatic/Reduced" Try the "pmset" command... it allows tweaking of many Power Management settings. Consult the man page for more info. - Chris > > Running a diff on the user defaults before and after changing the > energy saver setting it doesn't look like an easy setting exists. I > see a large blob of binary data change related to the > SystemPreferences.app. It would be hard to modify this safely using > the default command. > > Is this fully conclusive no... > > -Shawn > > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin From c01nhe at cs.umu.se Tue Dec 2 12:56:13 2003 From: c01nhe at cs.umu.se (Nils Hjelte) Date: Thu Nov 3 12:34:04 2005 Subject: Changing G5 processor performance setting from command line In-Reply-To: References: <2F7B34B2-24ED-11D8-B987-000A9599B30E@cs.umu.se> <76791329-24F3-11D8-9BD8-000A95A6C778@freetimesw.com> Message-ID: > Try the "pmset" command... it allows tweaking of many Power Management > settings. Consult the man page for more info. > > - Chris > Yep, pmset was exactly what I was looking for. Thanks! // Nils Hjelte From gordona at mscd.edu Tue Dec 2 14:31:07 2003 From: gordona at mscd.edu (Aaron Gordon) Date: Thu Nov 3 12:34:04 2005 Subject: Bizarre text object... In-Reply-To: References: Message-ID: <246B84E4-2516-11D8-948C-000393B41568@mscd.edu> I had the same problem. Mine was caused by Cocoa-Aspell after I upgraded to Panther. the fix was to: 1) uninstall Aspell 2) download and install the most recent Aspell (from http://www-ciir.cs.umass.edu/~leouski/cocoaspell/). Good luck, Aaron On Dec 2, 2003, at 7:20 AM, Philip M?tteli wrote: > Hi > > > I have a very strange problem: In TextEdit, Fire, Colloqui, iChat and > probably some others, the text input is treated in a special way. As > long as I type ordinary characters, there's no problem. The moment I > type a space, a comma, a dot, a question mark or thelike, it is > printed twice. So I have two question marks, two spaces and so on. > iChat reacts a little bit different. At every occurence of the error, > it displays a dialog box saying: > > NSInternalInconsistencyException: Invalid parameter not satisfying: > (index >= 0) && (index < (_itemArray ? CFArrayGetCount(_itemArray) : > 0)) > > And I have to confirm it ? which is of course very annoying and > renders it virtually unusable. > > Fortunately, I do not have this error in MailViewer, Xcode and all the > other applications I've been using so far. > > This error appeared for the first time in Panther. I never had it > before. Not even in prereleases. > > Does anybody know, what the problem could be? > > > Thanks > Phil > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > > Dr. Aaron Gordon Associate Professor of Computer Science Metropolitan State College of Denver Campus Box 38 P. O. Box 173362 Denver, CO 80217-3362 303-556-5319 303-556-5381 (fax) From kremels at kreme.com Tue Dec 2 16:04:03 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:04 2005 Subject: Monitor display looks like a photo negative?? In-Reply-To: References: Message-ID: <202AB3D4-2524-11D8-BB39-000A95935598@kreme.com> On 02 Dec 2003, at 04:50, Nick Zitzmann wrote: > On Dec 2, 2003, at 3:41 AM, James V. Ryan {Vic} wrote: >> One on my users was signed on and laid some books on the >> keyboard while the screensaver was running. Something >> happened and now the display appears as if your looking >> at a negative picture. Signing off and on as another user, >> the display is normal. Signing on as the first user and the >> display is again negative. > > The books probably "hit" Cmd-Option-Ctrl-8, which toggles > black-on-white mode. You can also toggle it in the Universal Access > preference pane... BTW, Black and white mode is very cool, and a lot better in panther than in Jaguar. I use it frequently. -- Why live in the world when you can live in your head? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031202/eaffdeef/smime.bin From ocs at ocs.cz Tue Dec 2 16:33:04 2003 From: ocs at ocs.cz (ocs) Date: Thu Nov 3 12:34:04 2005 Subject: WTH is a 'schg' flag? Message-ID: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> Hi, trying to solve a friend's problem with an "undeletable" file I've bumped into an "schg" HFS flag. The thing is described as "the system immutable flag", which does not say much, at leaset to me. The best part is that I've found that, as a root, I can _set_ it, but not _remove_ it? 25 /tmp# touch qqq 26 /tmp# chflags schg qqq 27 /tmp# ls -lo qqq -rw-r--r-- 1 root wheel schg 0 3 Dec 01:13 qqq 28 /tmp# whoami root 29 /tmp# chflags noschg qqq chflags: qqq: Operation not permitted 30 /tmp# Can someone shed some light on that (and give me a clue how to get rid of a schg-infected file or folder)? TIA, OC From mrmacman_g4 at mac.com Tue Dec 2 16:56:08 2003 From: mrmacman_g4 at mac.com (Kyle Moffett) Date: Thu Nov 3 12:34:04 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> References: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> Message-ID: <61CB19D8-252B-11D8-84DC-000393ACC76E@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Dec 02, 2003, at 19:25, ocs wrote: > Hi, > > trying to solve a friend's problem with an "undeletable" file I've > bumped into an "schg" HFS flag. The thing is described as "the system > immutable flag", which does not say much, at leaset to me. > > The best part is that I've found that, as a root, I can _set_ it, but > not _remove_ it? > > 25 /tmp# touch qqq > 26 /tmp# chflags schg qqq > 27 /tmp# ls -lo qqq > -rw-r--r-- 1 root wheel schg 0 3 Dec 01:13 qqq > 28 /tmp# whoami > root > 29 /tmp# chflags noschg qqq > chflags: qqq: Operation not permitted > 30 /tmp# > > Can someone shed some light on that (and give me a clue how to get rid > of a schg-infected file or folder)? For the long answer, see the FreeBSD documentation for info on securelevel (Or read that part of the init(8) manpage on OS X). For the short answer, reboot into single-user mode (Cmd-S) to delete the file :-). Cheers, Kyle Moffett -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/zTR+ag7LSGnFq10RAplVAJ9eEIJi/Jh10GpSQ62kf+N3v6Fd2ACeKP9z ZSDsNtI3P1BLP++xpvnOAdc= =R+Q3 -----END PGP SIGNATURE----- From mrmacman_g4 at mac.com Tue Dec 2 16:56:36 2003 From: mrmacman_g4 at mac.com (Kyle Moffett) Date: Thu Nov 3 12:34:04 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> References: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> Message-ID: <61CB19D8-252B-11D8-84DC-000393ACC76E@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Dec 02, 2003, at 19:25, ocs wrote: > Hi, > > trying to solve a friend's problem with an "undeletable" file I've > bumped into an "schg" HFS flag. The thing is described as "the system > immutable flag", which does not say much, at leaset to me. > > The best part is that I've found that, as a root, I can _set_ it, but > not _remove_ it? > > 25 /tmp# touch qqq > 26 /tmp# chflags schg qqq > 27 /tmp# ls -lo qqq > -rw-r--r-- 1 root wheel schg 0 3 Dec 01:13 qqq > 28 /tmp# whoami > root > 29 /tmp# chflags noschg qqq > chflags: qqq: Operation not permitted > 30 /tmp# > > Can someone shed some light on that (and give me a clue how to get rid > of a schg-infected file or folder)? For the long answer, see the FreeBSD documentation for info on securelevel (Or read that part of the init(8) manpage on OS X). For the short answer, reboot into single-user mode (Cmd-S) to delete the file :-). Cheers, Kyle Moffett -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/zTR+ag7LSGnFq10RAplVAJ9eEIJi/Jh10GpSQ62kf+N3v6Fd2ACeKP9z ZSDsNtI3P1BLP++xpvnOAdc= =R+Q3 -----END PGP SIGNATURE----- From gregh at object-craft.com.au Tue Dec 2 16:58:11 2003 From: gregh at object-craft.com.au (Greg Hamilton) Date: Thu Nov 3 12:34:04 2005 Subject: hard disk device names Message-ID: <6A81C3D2-252B-11D8-A1FE-000393B5EFF2@object-craft.com.au> I have a USB hard drive which I use for backups. I use disktool to mount the filesystem at the start of the backup and unmount it when it's done. To use disktool this way I need to know the device name for the USB drive. At the moment it is /dev/disk2s3. If I reformat the drive it changes. Not really a problem, I can just modify the backup script if the device name changes. It will become a problem when I get a few more drives and start rotating them. Each drive will have a volume label something like 'Backup_nn' but will have a different device name. The script won't know which drive is currently attached to the machine. The drive won't be mounted at the start of the backup. Is there a way to get a list of attached but un-mounted file systems from which I could derive the device name for the attached 'Backup_nn' drive? From magill at mcgillsociety.org Tue Dec 2 17:12:03 2003 From: magill at mcgillsociety.org (William H. Magill) Date: Thu Nov 3 12:34:04 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> References: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> Message-ID: <97D41E3A-252D-11D8-8430-000393768D2C@mcgillsociety.org> On 02 Dec, 2003, at 19:25, ocs wrote: > trying to solve a friend's problem with an "undeletable" file I've > bumped into an "schg" HFS flag. The thing is described as "the system > immutable flag", which does not say much, at leaset to me. > > The best part is that I've found that, as a root, I can _set_ it, but > not _remove_ it? > > 25 /tmp# touch qqq > 26 /tmp# chflags schg qqq > 27 /tmp# ls -lo qqq > -rw-r--r-- 1 root wheel schg 0 3 Dec 01:13 qqq > 28 /tmp# whoami > root > 29 /tmp# chflags noschg qqq > chflags: qqq: Operation not permitted > 30 /tmp# > > Can someone shed some light on that (and give me a clue how to get rid > of a schg-infected file or folder)? > It's cousin "uchg" (the user immutable flag) is the "lock" option found in the Get Info panel. This is the same idea -- a system level file lock -- but controlled by the init level as Kyle pointed out. T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a magill@mcgillsociety.org magill@acm.org magill@mac.com From shoop at iwiring.net Tue Dec 2 17:24:02 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:05 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> References: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> Message-ID: At 1:25 AM +0100 12/3/03, ocs wrote: >Hi, > >trying to solve a friend's problem with an "undeletable" file I've >bumped into an "schg" HFS flag. The thing is described as "the >system immutable flag", which does not say much, at leaset to me. It means the file is "immutable": that is can't be changed. (I'd expect, as all other have, that the word means what it says.) >The best part is that I've found that, as a root, I can _set_ it, >but not _remove_ it? > >25 /tmp# touch qqq >26 /tmp# chflags schg qqq >27 /tmp# ls -lo qqq >-rw-r--r-- 1 root wheel schg 0 3 Dec 01:13 qqq >28 /tmp# whoami >root >29 /tmp# chflags noschg qqq >chflags: qqq: Operation not permitted >30 /tmp# > >Can someone shed some light on that (and give me a clue how to get >rid of a schg-infected file or folder)? RTFM: `man chflags` Your issue is because you're not using the command properly. It's uchg. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From gregh at object-craft.com.au Tue Dec 2 17:26:21 2003 From: gregh at object-craft.com.au (Greg Hamilton) Date: Thu Nov 3 12:34:05 2005 Subject: hard disk device names In-Reply-To: <6A81C3D2-252B-11D8-A1FE-000393B5EFF2@object-craft.com.au> References: <6A81C3D2-252B-11D8-A1FE-000393B5EFF2@object-craft.com.au> Message-ID: <9E90199C-252F-11D8-A1FE-000393B5EFF2@object-craft.com.au> disktool -l | grep Backup Note to self: engage brain before annoying people with inane questions. On 03/12/2003, at 11:55 AM, Greg Hamilton wrote: > I have a USB hard drive which I use for backups. I use disktool to > mount the filesystem at the start of the backup and unmount it when > it's done. To use disktool this way I need to know the device name for > the USB drive. At the moment it is /dev/disk2s3. If I reformat the > drive it changes. Not really a problem, I can just modify the backup > script if the device name changes. > > It will become a problem when I get a few more drives and start > rotating them. Each drive will have a volume label something like > 'Backup_nn' but will have a different device name. The script won't > know which drive is currently attached to the machine. The drive won't > be mounted at the start of the backup. > > Is there a way to get a list of attached but un-mounted file systems > from which I could derive the device name for the attached 'Backup_nn' > drive? > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From chrisi at darkhorse.com Tue Dec 2 17:32:12 2003 From: chrisi at darkhorse.com (Chris Irvine) Date: Thu Nov 3 12:34:05 2005 Subject: AFP autmount and strange multi-user security issues Message-ID: <2147483647.1070386291@[10.10.40.10]> I've noticed some strange AFP client behavior, and would like to know more about how it works. Hopefully, some of these features can be leveraged for better support of application and home directory servers. Here are the repeatable steps. (server is 10.2.8) User, joe, mounts an afp mount. (For example, the user has an AFP aumounteded home directory. For this behavior, joe is an administrator on the AFP server) This results in a mount line looking something like this: afp_12344321-1.2d000003 on /private/var/automount/Network/Servers/the_server/Volumes/homevol/Users (nodev, nosuid, automounted, mounted by joe) Very good. This mount, owned by joe can not be accessed by the user 'root'. This is a sensible security feature. It means that the server administrator doesn't have to worry about the compromise of a client machine gaining full access to files on the server. (However, this is annoying if joe wants to do something like `sudo asr -source ~joe/Documents/some.dmg ...`) Not it gets strange: User bob, connects to the using a CLI login(ssh) to the same workstation where joe is logged in. Amazingly, bob's home directory via joe's afp mount is accessible with ~strong~ privileges. Bob can cd into any of his folders, honoring the owner permissions. Strangely however, 'file' permissions are treated more conservatively. A strange property here is that files that are 500 inside a 500 directory can be seen but not read. (Also note, bob can't access joe's protected files.) Crazy, cool, dangerous! How is it that the AFP server allows a single client connected as joe to read directories that should only be accessible to bob. Is this a feature? A bug? Maybe this is a side effect of the AFP protocol trying to behave with "standard UNIX behavior". Even if file contents are not disclosed, a directory listing showing names of my protected files (bank robbing plan.rtf) would be a breach of security. Any comments? Where should go for the specs on the protocol and server options? It has been a long time since I read the AFP spec cover to cover. (Life was simpler before TCP:) -------------------------------------------------------------- Chris Irvine On-line store-> http://www.tfaw.com/ Information Systems Manager phone: 503-652-8815 Dark Horse Comics, Inc. http://www.darkhorse.com/ mailto:chrisi@darkhorse.com spam mailto:misterX@darkhorse.com PGP Key ID: 0x0263648A PGP F.P. 8CEF 1BC8 F763 DF79 6F38 3156 EA30 50DF 0263 648A From david at idiomatrix.com Tue Dec 2 18:13:01 2003 From: david at idiomatrix.com (David Herren) Date: Thu Nov 3 12:34:05 2005 Subject: WTH is a 'schg' flag? In-Reply-To: References: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> Message-ID: <48D0C807-2536-11D8-85AC-003065BABD8C@idiomatrix.com> Hmmm. Dan, I think you misunderstood his question, because schg is most definitely a correct parameter for the chflags command. uchg is the user immutable flag. schg is the _system_ immutable flag. They are different options and according the the FM, the steps he took to turn off the system immutable bit were correct... On Dec 2, 2003, at 8:22 PM, Dan Shoop wrote: >> The best part is that I've found that, as a root, I can _set_ it, but >> not _remove_ it? >> >> 25 /tmp# touch qqq >> 26 /tmp# chflags schg qqq >> 27 /tmp# ls -lo qqq >> -rw-r--r-- 1 root wheel schg 0 3 Dec 01:13 qqq >> 28 /tmp# whoami >> root >> 29 /tmp# chflags noschg qqq >> chflags: qqq: Operation not permitted >> 30 /tmp# >> >> Can someone shed some light on that (and give me a clue how to get >> rid of a schg-infected file or folder)? > > RTFM: `man chflags` > > Your issue is because you're not using the command properly. It's uchg. /david From shoop at iwiring.net Tue Dec 2 19:59:04 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:05 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <48D0C807-2536-11D8-85AC-003065BABD8C@idiomatrix.com> References: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> <48D0C807-2536-11D8-85AC-003065BABD8C@idiomatrix.com> Message-ID: At 9:13 PM -0500 12/2/03, David Herren wrote: >Hmmm. Dan, I think you misunderstood his question, because schg is >most definitely a correct parameter for the chflags command. uchg is >the user immutable flag. schg is the _system_ immutable flag. They >are different options and according the the FM, the steps he took to >turn off the system immutable bit were correct... Yep, I misread that. I had just answered the uchg question the other day for someone else. sorry all -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring From mrmacman_g4 at mac.com Tue Dec 2 20:23:05 2003 From: mrmacman_g4 at mac.com (Kyle Moffett) Date: Thu Nov 3 12:34:05 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <07061C90-252E-11D8-BD0A-000A95977AAA@ocs.cz> References: <07061C90-252E-11D8-BD0A-000A95977AAA@ocs.cz> Message-ID: <4DB887F6-2548-11D8-9116-000393ACC76E@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Dec 02, 2003, at 20:14, Ondra Cada wrote: > BTW, is there a (short and concise) information somewhere what the > immutable (and append-only) beasts are good for, short of making poor > users crazy? Init(8) (nor apropos) has no clue here, and I admit I am > not keen enough to get the information to scan a whole FreeBSD docs or > whatever, so forgive please this question of a lazy person, and answer > only if it means no effort for you. Generally system security. On the x86 platform, there are many kernel modules and replacement kernels that open vulnerabilities. For x86 BSD servers the primary usage is making all kernel stuff (And much of the stuff in (/usr)/sbin) immutable. Then the only way for the attacker to install kernel root-kits is to reboot in single-user mode (Or drop to single-user mode), both of which kill all remote access. Thus, the only way to do anything that compromises the kernel or core utilities is via console access, which, assuming you have good physical security, is VERY hard to get to. Cheers, Kyle Moffett -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/zWUEag7LSGnFq10RAr63AKDWbSv+He1oLSS1g1756E/XECxX9gCfRWEu htWW2db5xboVZuRLBeHJ47Y= =qpvz -----END PGP SIGNATURE----- From hayne at sympatico.ca Tue Dec 2 20:52:00 2003 From: hayne at sympatico.ca (Cameron Hayne) Date: Thu Nov 3 12:34:05 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <2404C286-2527-11D8-B351-003065F27BA4@ocs.cz> Message-ID: On 12/2/03 7:25 PM, "ocs" wrote: > trying to solve a friend's problem with an "undeletable" file I've > bumped into an "schg" HFS flag There is a little bit more info about this flag (and others) in an article I wrote for MacOSXHints: http://www.macosxhints.com/article.php?story=20031017061722471 -- Cameron Hayne (hayne@sympatico.ca) Hayne of Tintagel From macosxadmin at richramos.com Tue Dec 2 21:40:01 2003 From: macosxadmin at richramos.com (Rich Ramos) Date: Thu Nov 3 12:34:05 2005 Subject: file helper editor Message-ID: <2147483647.1070401136@[192.168.2.9]> Does anyone know of a better utility that will edit the 'file helpers' for the OS besides Internet Explorer (I really hate the IE interface)? Preferably something that would allow you to search for specific file types? By the way, why is Apple making this harder instead of easier with Panther? They've taken out web and mail and moved them to the respective apps and new the only thing left is .Mac???!!! -Rich From njriley at uiuc.edu Tue Dec 2 22:02:01 2003 From: njriley at uiuc.edu (Nicholas Riley) Date: Thu Nov 3 12:34:05 2005 Subject: file helper editor In-Reply-To: <2147483647.1070401136@[192.168.2.9]> References: <2147483647.1070401136@[192.168.2.9]> Message-ID: <20031203060122.GA44983@uiuc.edu> On Tue, Dec 02, 2003 at 09:38:56PM -0800, Rich Ramos wrote: > > Does anyone know of a better utility that will edit the 'file > helpers' for the OS besides Internet Explorer (I really hate the IE > interface)? Preferably something that would allow you to search for > specific file types? > By the way, why is Apple making this harder instead of easier with > Panther? They've taken out web and mail and moved them to the > respective apps and new the only thing left is .Mac???!!! The preferences have (mostly) moved to Safari and Mail, but that is rather inconvenient for people who choose other Web browsers and email clients. File a bug. -- =Nicholas Riley | From Jukka.Leino at a-lehdet.fi Tue Dec 2 22:32:03 2003 From: Jukka.Leino at a-lehdet.fi (Jukka.Leino@a-lehdet.fi) Date: Thu Nov 3 12:34:05 2005 Subject: VS: nfs home not available after startup Message-ID: NFS-mounts are auto mounted before login with or without this (only concerns removable media). Probably I just have to use Brian's "complete hack". Jukka -----Alkuper?inen viesti----- L?hett?j?: Giuliano Gavazzi [mailto:dev+lists@humph.com] L?hetetty: 2. joulukuuta 2003 14:19 Vastaanottaja: Brian Cully; Jukka Leino Kopio: macosx-admin@omnigroup.com Aihe: Re: nfs home not available after startup At 3:15 am -0500 2003/12/02, Brian Cully wrote: >On 2-Dec-2003, at 00:55, Jukka.Leino@a-lehdet.fi wrote: > >>I guess this is because 10.3 boots too fast >>that nfs automount is not ready. But it is ready >>when you log out so dock prefs are saved... > > Panther is /way/ too aggressive about this. To the point that >when I had it set to automatically log me in, I would get default >desktop pictures, because the external FireWire drive that my >pictures are on hasn't mounted yet. > see man hdid: If you get the error "no mountable filesystems" and you believe that the image does contain mountable filesystems, you may be running into a problem common when remotely logged in to a machine with no one logged in on console. diskarbitrationd won't mount removable media until the SystemUIServer process is running for the console user (in a managed environment, it controls what can be mounted). On a non-managed sys- tem, the boolean AutomountDisksWithoutUserLogin can be safely set in /Library/Preferences/SystemConfiguration/com.apple.DiskArbitra- tion.diskarbitrationd.plist. You can also manually mount filesystems in the image after attaching the image with -nomount. or perhaps even: http://www.macosxhints.com/article.php?story=20031103155828117 according to the latter the file to be created is /Library/Preferences/SystemConfiguration/autodiskmount.plist with the following content: AutomountDisksWithoutUserLogin [note that there is no line-break in the DOCTYPE, just a space] Having said so, I have this file but by mistake with a false value, and it also works, or so it looks... Giuliano -- H U M P H || ||| software Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X http://www.humph.com/ From chad+macosx at objectwerks.com Tue Dec 2 23:09:02 2003 From: chad+macosx at objectwerks.com (Chad Leigh -- ObjectWerks Inc.) Date: Thu Nov 3 12:34:05 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <4DB887F6-2548-11D8-9116-000393ACC76E@mac.com> References: <07061C90-252E-11D8-BD0A-000A95977AAA@ocs.cz> <4DB887F6-2548-11D8-9116-000393ACC76E@mac.com> Message-ID: <859D2FF7-255F-11D8-9289-003065A70D30@objectwerks.com> On Dec 2, 2003, at 9:22 PM, Kyle Moffett wrote: > Generally system security. On the x86 platform, there are many kernel > modules and replacement kernels that open vulnerabilities. For x86 > BSD servers the primary usage is making all kernel stuff (And much of > the stuff in (/usr)/sbin) immutable. Then the only way for the > attacker to install kernel root-kits is to reboot in single-user mode > (Or drop to single-user mode), both of which kill all remote access. > Thus, the only way to do anything that compromises the kernel or core > utilities is via console access, which, assuming you have good > physical security, is VERY hard to get to. Actually, this is not true. If someone can edit the /etc/rc.conf file (on FreeBSD) and change the securelevel setting, you can reboot (make it look like a spontaneous reboot) and go back to full user mode, but the schg flag will no longer be not changeable... So a hacker can then have a run for your system. It is not necessary to go to single user mode. Chad From rbogue at phy.ilstu.edu Wed Dec 3 06:44:09 2003 From: rbogue at phy.ilstu.edu (Ross Bogue) Date: Thu Nov 3 12:34:05 2005 Subject: [summary] B&W display mode messed up with 10.3 In-Reply-To: References: Message-ID: Several people responded, thanks to all. The problem turned out to be that Apple really did ship 10.3 without drivers for some older ATI video cards. The ATI XclaimVR card that Apple shipped to some education customers was one of those. I temporarily worked around the problem by swapping an ATI Rage 128 card from another B&W G3. Of course, that means I won't be able to upgrade *that* G3 to 10.3. Ross At 5:24 PM -0600 11/25/03, Ross Bogue wrote: >Can anyone help with a display resolution problem? > >I just installed 10.3 on a Blue & White G3, which was behaving just >fine with 10.2.8 before. > >It sorta runs ok with 10.3 also, but will only display at 1600x1200, >256 colors. Nothing else is offered in the Displays prefpane. >Unfortunately, the card/monitor (the original ATI card and >Applevision 17 from Apple) won't quite do 1600x1200. > >What is does display is actually readable, barely. Instead of 256 >colors, it seems to be 16 shades of gray. All text is blurred, >since the pixels aren't really small enough. Buttons are almost the >same color as the button text, making the buttons nearly unusable. > >Any ideas? I'd like to make it use 1024x768, just like it did with >10.2.8. I tried installing the shareware SwitchRes, in the hope of >forcing the thing to use a reasonable resolution. But I'm having >trouble using SwitchRes. The button text is unreadable. I can't >tell what I'm clicking on. > > > >Ross > >-- >Dr. Ross Bogue >Physics Department >Illinois State University >_______________________________________________ >MacOSX-admin mailing list >MacOSX-admin@omnigroup.com >http://www.omnigroup.com/mailman/listinfo/macosx-admin -- Dr. Ross Bogue Physics Department Illinois State University From janos.lobb at yale.edu Wed Dec 3 07:17:14 2003 From: janos.lobb at yale.edu (=?ISO-8859-1?Q?J=E1nos_L=F6bb?=) Date: Thu Nov 3 12:34:05 2005 Subject: [OT] MUMPS on OSX Message-ID: Hi, I have to port a DSM mumps database out from an Alpha 2000 machine quickly - hard drive crashed four times recently. I am looking for a "free" MUMPS implementation on OSX where the whole database can be "beamed" over. Any good suggestions ? /I looked around but found just i386 BSd and Linux implementations. I am willing to work with source./ Thanks ahead, J?nos ------------------------------------------------- clear perl code is better than unclear awk code; but NOTHING comes close to unclear perl code http://www.faqs.org/faqs/computer-lang/awk/faq/ From stl at supertronic.it Wed Dec 3 08:28:01 2003 From: stl at supertronic.it (Stefano Lesandrini) Date: Thu Nov 3 12:34:05 2005 Subject: Open/Save-Panels in QuickTime crash!?! In-Reply-To: <4560E1F8-20DF-11D8-B17A-003065B23A16@ritual.org> References: <4560E1F8-20DF-11D8-B17A-003065B23A16@ritual.org> Message-ID: <3FCE0EEC.8050302@supertronic.it> I've found another severe bug when opening an Image Sequence...; if the images are the .MOV you get sends Quicktime Player (.app) into a frozen state. /Stefano Uli Zappe wrote: > Hi, > > I have encountered a strange problem with QuickTime.app (Pro is > licensed) in Panther 10.3.1. > > Whenever I open some kind of Open/Save panel (from the Open, Save, > Import, Export etc. menus) and close it again (by clicking on "Cancel" > or performing the default action (open, save a file etc.)), QuickTime > crashes. Opening a file via the "Recent Items" menu or by > double-clicking the file works just fine - it's obviously the panel > that's the problem. > > The bug also shows up in QuickTime related apps (e.g. iMovie), but > nowhere else (as far as I can tell). E.g. in iMovie, the Open panel to > open an iMovie project works, as does the Import Open panel, but the > Export Save panel that comes up when you choose to export with your > own settings makes iMovie crash; this Export Save panel makes use of > QuickTime since it allows you to set your video parameters for export. > > Does anybody else experience this problem, or know what's happening? > > Thanks in advance! > > Bye > Uli > ________________________________________________________ > > Uli Zappe, Solmsstra?e 5, D-65189 Wiesbaden, Germany > http://www.ritual.org > Fon: +49-700-ULIZAPPE > Fax: +49-700-ZAPPEFAX > ________________________________________________________ > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > -- +----------------------+-------------------+---------------------------+ | Stefano Lesandrini | Supertronic SpA | Mobile +39348.2496221 | | Divisione Sistemi | Tel +390227208200 | stl@supertronic.it | | e Servizi | Fax +390227208270 | http://www.supertronic.it | +----------------------+-------------------+---------------------------+ From shoop at iwiring.net Wed Dec 3 11:12:06 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:05 2005 Subject: [OT] MUMPS on OSX In-Reply-To: References: Message-ID: At 10:17 AM -0500 12/3/03, J?nos L?bb wrote: >Hi, > >I have to port a DSM mumps database out from an >Alpha 2000 machine quickly - hard drive crashed >four times recently. I am looking for a "free" >MUMPS implementation on OSX where the whole >database can be "beamed" over. >Any good suggestions ? /I looked around but >found just i386 BSd and Linux implementations. >I am willing to work with source./ Ah, MUMPS!! That's been a while. The DSM (Digital Standard MUMPS) version of MUMPS has a lot of extensions too it, so if you found a "portable" MUMPS it is likely not to work very well. Not to mention that the endian format on the machines are different, so all the numbers will be backasswards. Your best bet is to resurrect it on another Alpha. If it's just the hard drive that's going it should be simple to replace. Is this VMS or True64? -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From mbovee at uvm.edu Wed Dec 3 13:16:03 2003 From: mbovee at uvm.edu (Michael Bovee) Date: Thu Nov 3 12:34:05 2005 Subject: cant reinstall jaguar after panther Message-ID: Hi, A friend has a new 15" powerbook/superdrive which originally shipped with jaguar. The machine was updated to Panther when that became available, but it turns out that an application written by the owner no longer runs in Classic mode under panther, whereas it did under Jaguar. Soooo, he wanted to go back to Jaguar but now the computer will not even boot from the Jaguar install CD. Apparently he must reformat the drive using some other utility first? Is there something more problematic going on here? Thanks, --Michael From shoop at iwiring.net Wed Dec 3 13:43:02 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:05 2005 Subject: cant reinstall jaguar after panther In-Reply-To: References: Message-ID: At 4:15 PM -0500 12/3/03, Michael Bovee wrote: >Hi, >A friend has a new 15" powerbook/superdrive which originally shipped >with jaguar. The machine was updated to Panther when that became >available, but it turns out that an application written by the owner >no longer runs in Classic mode under panther, whereas it did under >Jaguar. Soooo, he wanted to go back to Jaguar but erase disk and then do an install >now the computer will not even boot from the Jaguar install CD. I've noticed that too on my Powerbook G4, I thought it was the disc going bad! -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From mrmacman_g4 at mac.com Wed Dec 3 13:44:02 2003 From: mrmacman_g4 at mac.com (Kyle Moffett) Date: Thu Nov 3 12:34:05 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <859D2FF7-255F-11D8-9289-003065A70D30@objectwerks.com> References: <07061C90-252E-11D8-BD0A-000A95977AAA@ocs.cz> <4DB887F6-2548-11D8-9116-000393ACC76E@mac.com> <859D2FF7-255F-11D8-9289-003065A70D30@objectwerks.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Dec 03, 2003, at 02:08, Chad Leigh -- ObjectWerks Inc. wrote: > Actually, this is not true. If someone can edit the /etc/rc.conf file > (on FreeBSD) and change the securelevel setting, you can reboot (make > it look like a spontaneous reboot) and go back to full user mode, but > the schg flag will no longer be not changeable... So a hacker can > then have a run for your system. It is not necessary to go to single > user mode. Which is why that is one of the files that is usually also made schg :-) Basically anything that can lower the securelevel is made schg on such a system, including /etc/rc.conf, /sbin/init, etc... Cheers, Kyle Moffett -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/zljcag7LSGnFq10RAvnHAJ0dlG9dp7/yTL35BGm+ZuJ/nBeqigCdEArw Z0Ia88FGwDO9ZIauHuu+2AI= =insj -----END PGP SIGNATURE----- From chad+macosx at objectwerks.com Wed Dec 3 13:51:02 2003 From: chad+macosx at objectwerks.com (Chad Leigh -- ObjectWerks Inc.) Date: Thu Nov 3 12:34:05 2005 Subject: WTH is a 'schg' flag? In-Reply-To: References: <07061C90-252E-11D8-BD0A-000A95977AAA@ocs.cz> <4DB887F6-2548-11D8-9116-000393ACC76E@mac.com> <859D2FF7-255F-11D8-9289-003065A70D30@objectwerks.com> Message-ID: On Dec 3, 2003, at 2:42 PM, Kyle Moffett wrote: > On Dec 03, 2003, at 02:08, Chad Leigh -- ObjectWerks Inc. wrote: >> Actually, this is not true. If someone can edit the /etc/rc.conf >> file (on FreeBSD) and change the securelevel setting, you can reboot >> (make it look like a spontaneous reboot) and go back to full user >> mode, but the schg flag will no longer be not changeable... So a >> hacker can then have a run for your system. It is not necessary to >> go to single user mode. > > Which is why that is one of the files that is usually also made schg > :-) Basically anything that can lower the securelevel is made schg on > such a system, including /etc/rc.conf, /sbin/init, etc... Just a note: I don't think the default for /etc/rc.conf on freebsd is to make it schg. My 4.x systems did not come this way and my 5.1 test system did not either. Might be a good idea but there are also good reasons to not make it. There are lots of changes that a sysadmin needs to make on an ongoing basis. Things that are activated by hand, and then you want it to remain a permanent thing so you add or edit it in /etc/rc.conf so that the next reboot will keeo your changes. IP aliases are one example. best Chad > > Cheers, > Kyle Moffett From sea_dragons at mac.com Wed Dec 3 14:27:01 2003 From: sea_dragons at mac.com (Christopher D. Lewis) Date: Thu Nov 3 12:34:05 2005 Subject: integrated antivirus Message-ID: X-No-Archive: yes No, I don't think MacOS X can be fairly said to include anti-tiger technology. The reason Outlook and Exchange are big virus propagators, and not the high-volume mailservers, is directly related to the fact that their creator has no real concern about or interest in genuine security. Thus, bolt-on "security" in the form of antivirus software is needed to even begin describing such systems as "secure". (Remember the remote control exploit, useable on any default XP installation on a network, available for XP a few weeks after MS declared XP the most secure product it had ever shipped?) Let's face it: if so many Outlook installations did not execute scripts attached to unauthenticated incoming communications, there would BE no super-scale virus propagation, only the propagation of Trojans by people duped into executing them by hand. I have yet to hear of Pine, Eudora, Mail.app, or any other client causing unintended transmission of self-propagating email to entire address-books full of victims. Mind you, I get junk attachments all the time, returned to me because a virus used my email in a forged return address when attempting to infect a third party -- and my machines have NEVER infected others as a result of receiving such an attachment. No client I have run has the faults that enable self-propagation, the defining feature of a virus. Denying unauthenticated incoming transmissions the power to execute themselves, or to propagate themselves, is a design decision which is a security feature. Sure, KMail *could* enable javascript to run KMail itself, and turn KMail into an instrument of virus propagation, but KMail does not. KMail is in this respect possessed of integrated anti-virus architecture. This is a trait not shared with the creators of Outlook, Exchange, IIS, MS-Word, etc. These apps, running on the operating systems created by the same manufacturer, usually run with privilege which exceeds that of the user at the keyboard, and thus enables further mischief. Parts of IIS as I understand it run effectively in kernel mode; DLLs used by MS-Word on its native platform execute commands with privilege which exceeds the logged-in user's; and since MS-Word now opens ports to try to trade messages with other MS-Word installations, while remaining fully scriptable, thus opening a whole vista of attacks which allow elevated privileges to be enjoyed by strangers who lack privilege even to log into the machine. One day in the Texas capitol, I tested an XP exploit which relied on the predictable, but insecure, misbehavior of XP's software update tool. It is possible for a user on machines which have not been updated since that time to recursively delete all files from any point in the filesystem, merely by clicking a specially malformed hyperlink. (Yes, even C:/ ... though this was not my test. The app which did this was analagous to a SUID app in that it had super privileges though it was executable by any user.) Given that Outlook will happily send this malformed link to everyone in your address book, it seems permitting Outlook to be installed in an error anywhere you do not intend to reinstall every machine's OS and applications. The fact that Outlook will send the link to everyone in your address book is a nuisance, but the fact that the link will hose an entire system is unacceptable. The fun part is that since MS-Explorer is also scriptable, you don't even need the user to click the link ... just run Outlook. Rather than expect "bolt-on" security like anti-virus software to catch attacks, I prefer to see systems designed to avoid exposing vulnerable services with any privilege which would cause real irritation. The Secure Shell Daemon is a good example of an application which permits lots of power without permitting lots of subversion. Especially now that it is designed with separation of privilege, the architecture exposes great functionality without exposing the boxes running it to great embarrassment. It is this sort of thinking that we need to see in security, not a ballooning market of bolt-on software to drive up the cost of running boxes while neglecting real security. Apache does not run as root on any system I have used, it runs as a fictitious user with no privilege to overwrite users' home directories, etc. This is a security feature. Ignoring this because it isn't a third-party add-on is simply not fair. Especially as my server logs have recorded attempted attacks from MS' own servers running IIS (from the hotmail.com domain), I regard minimum-necessary-privilege design and genuine privilege enforcement without in-kernel code run by the webserver to be a very high quality form of anti-virus. The IIS servers which attacked me included machines in Korea, and I could not even tell their operators that the machines were infected. Meanwhile, self-propagating messages were being transmitted throughout IIS-land in the form of Nimda and Code Red ... fearful sysadmins took servers offline as a preventative measure, accomplishing what virus-writers themselves need not in rendering their services unavailable ... and my Apache on MacOS X on an old beige G3 kept serving away, logging all the attacks against it and dutifully serving underwater hockey information to the world. So, actually having apps run in user space to take advantage of user privilege limits, the existence of privilege limits even in "admin" accounts, the forbiddance of auto-execution of any-attachment-received-from-anywhere, and other features do constitute real anti-virus technology, and in my view are better described as "built-in" security than the inclusion of some bolt-on extra like an antivirus scanner package. Sure, feel free to use an antivirus screen on your server to catch cascades of obviously hostile executables, and protect vulnerable users and their scarce disk space. But don't call that "security" when the answer is to architect systems to forbid the most obvious and the most heinous attacks in the first instance. Understanding what goes into virus propagation on other systems is the first step to figuring out what constitutes an antivirus strategy. I'm happy with my antivirus strategy, and it doesn't cost me more than my OS license and my local network environment. Cheers, Chris From mrmacman_g4 at mac.com Wed Dec 3 14:28:03 2003 From: mrmacman_g4 at mac.com (Kyle Moffett) Date: Thu Nov 3 12:34:05 2005 Subject: WTH is a 'schg' flag? In-Reply-To: References: <07061C90-252E-11D8-BD0A-000A95977AAA@ocs.cz> <4DB887F6-2548-11D8-9116-000393ACC76E@mac.com> <859D2FF7-255F-11D8-9289-003065A70D30@objectwerks.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Dec 03, 2003, at 16:50, Chad Leigh -- ObjectWerks Inc. wrote: > Just a note: I don't think the default for /etc/rc.conf on freebsd is > to make it schg. My 4.x systems did not come this way and my 5.1 test > system did not either. Might be a good idea but there are also good > reasons to not make it. There are lots of changes that a sysadmin > needs to make on an ongoing basis. Things that are activated by hand, > and then you want it to remain a permanent thing so you add or edit it > in /etc/rc.conf so that the next reboot will keeo your changes. IP > aliases are one example. While reading online about this, that is only because cpio/etc do not preserve the flags. Apparently running make world causes a bunch of things to have the schg flag set. It is probably not a good idea to have that the default, but many high-security servers do things like that, then just have multiple servers and use high-availability to ensure that the service is always up. Cheers, Kyle Moffett -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/zmNBag7LSGnFq10RAuq4AJ4jWtmCdzYbgLo/2iGt/Rnzi7qvagCfU0QM L+OxpwW0TkbtTwwn157Mwsk= =qdS/ -----END PGP SIGNATURE----- From magill at mcgillsociety.org Wed Dec 3 18:28:01 2003 From: magill at mcgillsociety.org (William H. Magill) Date: Thu Nov 3 12:34:05 2005 Subject: WTH is a 'schg' flag? In-Reply-To: References: <07061C90-252E-11D8-BD0A-000A95977AAA@ocs.cz> <4DB887F6-2548-11D8-9116-000393ACC76E@mac.com> <859D2FF7-255F-11D8-9289-003065A70D30@objectwerks.com> Message-ID: <5B1248D2-2601-11D8-B0F4-000393768D2C@mcgillsociety.org> On 03 Dec, 2003, at 17:27, Kyle Moffett wrote: > On Dec 03, 2003, at 16:50, Chad Leigh -- ObjectWerks Inc. wrote: >> Just a note: I don't think the default for /etc/rc.conf on freebsd >> is to make it schg. My 4.x systems did not come this way and my 5.1 >> test system did not either. Might be a good idea but there are also >> good reasons to not make it. There are lots of changes that a >> sysadmin needs to make on an ongoing basis. Things that are >> activated by hand, and then you want it to remain a permanent thing >> so you add or edit it in /etc/rc.conf so that the next reboot will >> keeo your changes. IP aliases are one example. > > While reading online about this, that is only because cpio/etc do not > preserve the flags. Apparently running make world causes a bunch of > things to have the schg flag set. It is probably not a good idea to > have that the default, but many high-security servers do things like > that, then just have multiple servers and use high-availability to > ensure that the service is always up. There is a difference between a Production Environment and a Development Environment. In a Production Environment, there are no changes that a SysAdmin needs to make on an on-going basis so that they can be activated by hand. That policy only leads to trouble when they don't work the next time the system is booted or when the next SysAdmin comes along and changes them. Similarly, a Production environment simply doesn't get changes made to it "on the fly" -- the LAST thing you want in a Production Environment is changes made "unexpectedly." You want a Production Environment to be "bullet-proof" and "locked-down." You want to be able to "set it and forget it," running monitors to make certain that things don't change. So, the last thing you do before a system goes into production: you "lock it down." And of course, then you test it again to see if it still works after the lock-down! A Development System on the other hand is a different story. (And any "general-purpose time sharing environment is a development environment.) All of these flags are *BSD's "first pass" on Access Control Lists (ACLs). They were added on to the file system "later," and so 98% of the rest of "stuff" (cpio/tar, etc) doesn't deal with them, because they did not exist when those utilities(commands) were written. T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a magill@mcgillsociety.org magill@acm.org magill@mac.com From macosx-admin at psychodad.com Wed Dec 3 19:06:03 2003 From: macosx-admin at psychodad.com (Michael Kirkpatrick) Date: Thu Nov 3 12:34:06 2005 Subject: Postfix Help Needed Message-ID: <000001c3ba13$b43a9930$0100a8c0@presario2800T> I am attempting to setup Postfix on OSX. I have the different modules installed (POP, SMTP, IMAP, etc.) I have tested that the services are there. I need to find out where I can find information on how to configure multiple post offices (1 for each domain), user accounts, etc. Also information on how to set up SMTP for outbound E-Mail authentication based on individual user accounts. Any help will be greatly appreciated. Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: /mailman/archive/macosx-admin/attachments/20031203/c7cbe451/attachment.html From chad+macosx at objectwerks.com Wed Dec 3 19:56:01 2003 From: chad+macosx at objectwerks.com (Chad Leigh -- ObjectWerks Inc.) Date: Thu Nov 3 12:34:06 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <5B1248D2-2601-11D8-B0F4-000393768D2C@mcgillsociety.org> References: <07061C90-252E-11D8-BD0A-000A95977AAA@ocs.cz> <4DB887F6-2548-11D8-9116-000393ACC76E@mac.com> <859D2FF7-255F-11D8-9289-003065A70D30@objectwerks.com> <5B1248D2-2601-11D8-B0F4-000393768D2C@mcgillsociety.org> Message-ID: On Dec 3, 2003, at 7:27 PM, William H. Magill wrote: > On 03 Dec, 2003, at 17:27, Kyle Moffett wrote: >> On Dec 03, 2003, at 16:50, Chad Leigh -- ObjectWerks Inc. wrote: >>> Just a note: I don't think the default for /etc/rc.conf on freebsd >>> is to make it schg. My 4.x systems did not come this way and my 5.1 >>> test system did not either. Might be a good idea but there are also >>> good reasons to not make it. There are lots of changes that a >>> sysadmin needs to make on an ongoing basis. Things that are >>> activated by hand, and then you want it to remain a permanent thing >>> so you add or edit it in /etc/rc.conf so that the next reboot will >>> keeo your changes. IP aliases are one example. >> >> While reading online about this, that is only because cpio/etc do not >> preserve the flags. Apparently running make world causes a bunch of >> things to have the schg flag set. It is probably not a good idea to >> have that the default, but many high-security servers do things like >> that, then just have multiple servers and use high-availability to >> ensure that the service is always up. > > There is a difference between a Production Environment and a > Development Environment. > > In a Production Environment, there are no changes that a SysAdmin > needs to make on an on-going basis so that they can be activated by > hand. That policy only leads to trouble when they don't work the next > time the system is booted or when the next SysAdmin comes along and > changes them. Similarly, a Production environment simply doesn't get > changes made to it "on the fly" -- the LAST thing you want in a > Production Environment is changes made "unexpectedly." Sorry, but this is UTTER BS. No one is talking about "unexpected" changes, whatever they are. There are lots of things that need to be changed in a "Production Environment", and in order to invoke them without rebooting, which you often cannot do in a production environment, you have to "invoke them by hand." And exactly for this reason, things like /etc/rc.conf are not set by default schg so that you can update the file when you make the manual change so that at the next reboot, the change is preserved. An example is a web hosting company: suppose a new alias IP needs to be added for a new customer? What do you do? Reboot the whole production machine in order to add one new IP alias in for a new customer or a new service? The whole customer base would be screaming bloody murder if you rebooted for such measly updates to the system. You add it in by hand. On a production server. Then you update the /etc/rc.conf file, or however it is done on your particular system, to reflect the new setting, so that it is preserved on reboot. Or if you add a new service which requires some kernel parameters be changed. If it is one that can be changed on the fly (not all can), you can change it by hand and then update the appropriate boot level config to match it. I've been running FreeBSD in production for 7 years now. I think I have a clue. Previous to that (88-90) I helped run some VMS systems. I've been there. You do not want to indiscriminately make changes to your production system, but in many cases, in many deployments, you need to be able to have the capability. If you have a "turn key" sort of production system, maybe you can avoid it, but in real life production systems, as business needs changes the systems have to change as well. > > You want a Production Environment to be "bullet-proof" and > "locked-down." You want to be able to "set it and forget it," running > monitors to make certain that things don't change. So, the last thing > you do before a system goes into production: you "lock it down." And > of course, then you test it again to see if it still works after the > lock-down! This is true, but it does not preclude making changes to the system running in production while "in production." One good way to track changes is to require all changes be notated in a system log book (book can be virtual). You can put appropriate controls in place. Chad From mjwise at kapu.net Wed Dec 3 20:13:40 2003 From: mjwise at kapu.net (Michael J Wise) Date: Thu Nov 3 12:34:06 2005 Subject: Postfix Help Needed In-Reply-To: <000001c3ba13$b43a9930$0100a8c0@presario2800T> References: <000001c3ba13$b43a9930$0100a8c0@presario2800T> Message-ID: On Dec 3, 2003, at 5:07 PM, Michael Kirkpatrick wrote: > I need to find out where I can find information on how to configure > multiple post offices (1 for each domain), user accounts, etc? You might want to snarf the full package from http://www.postfix.org/, and check out the SAMPLES directory. Or, paste the following into your /etc/postfix/main.cf file: virtual_alias_domains = domain1.com, domain2.com virtual_alias_maps = hash:/private/etc/postfix/virtual Then, create virtual, and populate it as follows (750, root, postfix): # some comment or other. domain1.com . postmaster@domain1.com postmaster abuse@domain1.com postmaster user1@domain1.com user-a user2@domain1.com user-b domain2.com . postmaster@domain2.com postmaster abuse@domain2.com postmaster user1@domain2.com user-c user2@domain2.com user-d And then.... % sudo postmap virtual And finally: % sudo postfix reload Aloha mai Nai`a! -- "Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy..." From macosx-admin at psychodad.com Wed Dec 3 21:03:07 2003 From: macosx-admin at psychodad.com (Michael Kirkpatrick) Date: Thu Nov 3 12:34:06 2005 Subject: Postfix Help Needed In-Reply-To: Message-ID: <000501c3ba24$102476c0$0100a8c0@presario2800T> OSX 10.2.6 -----Original Message----- From: Dan Shoop [mailto:shoop@iwiring.net] Sent: Wednesday, December 03, 2003 10:05 PM To: Michael Kirkpatrick Subject: Re: Postfix Help Needed At 9:07 PM -0600 12/3/03, Michael Kirkpatrick wrote: I am attempting to setup Postfix on OSX. I have the different modules installed (POP, SMTP, IMAP, etc?) I have tested that the services are there. It would be helpful to know which version of OS X, Postfix is installed on Panther, for instance, but not previous versions. Also if you're running Panhther Server then all this can be done through a GUI. I need to find out where I can find information on how to configure multiple post offices (1 for each domain), They're called "virtual domains", you can google and find a good deal of info. Read it ind then ask specific questions. user accounts, etc? Assuming you're setting them up as system accounts then you add the users to your system accordingly. You may need to map username@virtualdomain.top to uniquesystemusername if they differ. You could be authenticating against a MySQL database as well, but you'd need to specify. Also information on how to set up SMTP for outbound E-Mail authentication based on individual user accounts. Outbound SMTP authentication? SMTP accepts messages and relays them, it's all inbound whether a user is connecting to drop off a mail message or the message is comming from another MTA. You mean something like AUTH? -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? -------------- next part -------------- An HTML attachment was scrubbed... URL: /mailman/archive/macosx-admin/attachments/20031203/0d51b4b1/attachment.html From mrmacman_g4 at mac.com Wed Dec 3 21:21:03 2003 From: mrmacman_g4 at mac.com (Kyle Moffett) Date: Thu Nov 3 12:34:06 2005 Subject: WTH is a 'schg' flag? In-Reply-To: References: <07061C90-252E-11D8-BD0A-000A95977AAA@ocs.cz> <4DB887F6-2548-11D8-9116-000393ACC76E@mac.com> <859D2FF7-255F-11D8-9289-003065A70D30@objectwerks.com> <5B1248D2-2601-11D8-B0F4-000393768D2C@mcgillsociety.org> Message-ID: <7F601E88-2619-11D8-8265-000393ACC76E@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Dec 03, 2003, at 22:54, Chad Leigh -- ObjectWerks Inc. wrote: > Sorry, but this is UTTER BS. No one is talking about "unexpected" > changes, whatever they are. There are lots of things that need to be > changed in a "Production Environment", and in order to invoke them > without rebooting, which you often cannot do in a production > environment, you have to "invoke them by hand." And exactly for this > reason, things like /etc/rc.conf are not set by default schg so that > you can update the file when you make the manual change so that at the > next reboot, the change is preserved. It is set by default this way because when you first install a box it needs to be configured by the sysadmin, not immediately locked. > An example is a web hosting company: suppose a new alias IP needs to > be added for a new customer? What do you do? Reboot the whole > production machine in order to add one new IP alias in for a new > customer or a new service? The whole customer base would be screaming > bloody murder if you rebooted for such measly updates to the system. > You add it in by hand. On a production server. Then you update the > /etc/rc.conf file, or however it is done on your particular system, to > reflect the new setting, so that it is preserved on reboot. Here is the difference, rc.conf affects init and the kernel, both of which are NEVER touched on a production system. If a kernel needs upgrading, you make all the tests on a development system, then reboot into single user mode, upgrade the kernel/init/whatever core process, and reboot. Nobody said you need to reboot into single user to make a change to httpd.conf, what they said was you need to reboot a production system single-user to make changes to the kernel or init. Those are two completely different topics. You would need to reboot the computer for changes to rc.conf or init or the kernel to take effect anyway. > Or if you add a new service which requires some kernel parameters be > changed. If it is one that can be changed on the fly (not all can), > you can change it by hand and then update the appropriate boot level > config to match it. But on a production server you should not be able to change kernel parameters that easily. It should be > This is true, but it does not preclude making changes to the system > running in production while "in production." It does preclude making changes to the kernel/init/boot files. A properly set up production server should never need changes made to the boot config files made without a reboot into single-user mode. Cheers, Kyle Moffett -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/zsP8ag7LSGnFq10RArO5AKC86wltPxPsPmTLf+fhZ97+lvXVRgCfTrNv YtB0VLtCAA4eptKeykypI6s= =G+Sq -----END PGP SIGNATURE----- From rpeskin at rlpcon.com Wed Dec 3 21:59:20 2003 From: rpeskin at rlpcon.com (Richard Peskin) Date: Thu Nov 3 12:34:06 2005 Subject: httpd quits immediately Message-ID: When I start Apache (httpd) on one of my servers it quits immediately. The apachectl configttest shows no problem. The only clue I have is that there is no process owned by www. In effect, "apachectl start" reports a start but the process dies immediately. Any idea where I might look for the problem? (System is an Xserve running 10.2 server.) The httpd logs don't show anything unusual. thanks, --dick peskin ________________________________________________________ The country didn't elect Bush in 2000 and certainly shouldn't elect him in 2004. Support Howard Dean for President. Info: www.DeanForAmerica.com ________________________________________________________ Richard L. Peskin, RLP Consulting, Londonderry, VT http://www.rlpcon.com http://www.caip.rutgers.edu/~peskin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 968 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031203/0fc5121c/attachment.bin From list-omnigroup at fsck.net Wed Dec 3 22:52:01 2003 From: list-omnigroup at fsck.net (Eugene Lee) Date: Thu Nov 3 12:34:06 2005 Subject: httpd quits immediately In-Reply-To: References: Message-ID: <20031204065200.GA1723@Dark-Age.local> On Thu, Dec 04, 2003 at 12:58:26AM -0500, Richard Peskin wrote: : : When I start Apache (httpd) on one of my servers it quits : immediately. The apachectl configttest shows no problem. The only clue : I have is that there is no process owned by www. In effect, "apachectl : start" reports a start but the process dies immediately. Any idea where : I might look for the problem? (System is an Xserve running 10.2 : server.) The httpd logs don't show anything unusual. Are you typing "apachectl start" as root, or typing "sudo apachectl start"? What if you launched "httpd" manually? -- Eugene Lee http://www.coxar.pwp.blueyonder.co.uk/ From chad+macosx at objectwerks.com Wed Dec 3 23:06:04 2003 From: chad+macosx at objectwerks.com (Chad Leigh -- ObjectWerks Inc.) Date: Thu Nov 3 12:34:06 2005 Subject: WTH is a 'schg' flag? In-Reply-To: <7F601E88-2619-11D8-8265-000393ACC76E@mac.com> References: <07061C90-252E-11D8-BD0A-000A95977AAA@ocs.cz> <4DB887F6-2548-11D8-9116-000393ACC76E@mac.com> <859D2FF7-255F-11D8-9289-003065A70D30@objectwerks.com> <5B1248D2-2601-11D8-B0F4-000393768D2C@mcgillsociety.org> <7F601E88-2619-11D8-8265-000393ACC76E@mac.com> Message-ID: <2ABEAF8E-2628-11D8-9289-003065A70D30@objectwerks.com> On Dec 3, 2003, at 10:19 PM, Kyle Moffett wrote: > >> Or if you add a new service which requires some kernel parameters be >> changed. If it is one that can be changed on the fly (not all can), >> you can change it by hand and then update the appropriate boot level >> config to match it. > > But on a production server you should not be able to change kernel > parameters that easily. It should be Ok, I think something got left out here... Changing a kernel parameter shouldn't be a user level thing, but should be able to be done without a reboot. For example, I needed to increase some parameter this past spring when I installed a new installation of Postgresql. Rebooting the whole system was not allowed unless absolutely necessary. Should I have to go to single user mode to do that? That does not make sense. > >> This is true, but it does not preclude making changes to the system >> running in production while "in production." > > It does preclude making changes to the kernel/init/boot files. A > properly set up production server should never need changes made to > the boot config files made without a reboot into single-user mode. > This does not make sense. Do you mean that rc.conf should not be changed except in single user mode? Is it a "boot config" file? Of course a kernel upgrade would require a single user mode switch or a reboot, but changing parameters in the kernel, whether with sysctl or with the init/boot files for kernel params (whose names don't come to mind off hand this very moment) should be possible, perhaps not easy, but possible in a running system. And adding in IP aliases and stuff of course needs to be possible on a running system. And that includes the edits to make them permanent, not just the runtime commands to effect the change. The reasons you need to do it to the init/bootfiles is so that the runtime change you make with sysctl is a permanent one that takes effect at reboot time as well (ie, not lost with the reboot). There are some production systems where you know you won't have to do this stuff, but others where you need more versatility. My point is that to come out and say you should never do these things on a production server is naive at best and stupid at worst. Some production servers can adopt that policy but to advocate them for all is plain old dumb. Chad From mjwise at kapu.net Thu Dec 4 00:01:02 2003 From: mjwise at kapu.net (Michael J Wise) Date: Thu Nov 3 12:34:06 2005 Subject: httpd quits immediately In-Reply-To: References: Message-ID: On Dec 3, 2003, at 7:58 PM, Richard Peskin wrote: > The httpd logs don't show anything unusual. This is both the access and error logs? Aloha mai Nai`a! -- "Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy..." From rbogue at phy.ilstu.edu Thu Dec 4 05:47:01 2003 From: rbogue at phy.ilstu.edu (Ross Bogue) Date: Thu Nov 3 12:34:07 2005 Subject: Passwordless SSH? Message-ID: Are there any SSH experts among us? I'm having a mental block trying to set up a small compute cluster. The software we're using (LAM MPI) requires the master CPU be able to send commands to the slave CPUs via SSH or RSH. OSX is committed to using SSH, so we'll go that route. If the SSH connection asks for a password (the way "ssh slavecpu command" usually does) the software will block. The connection must be passwordless. Obviously, I need to configure /etc/sshd_config, /etc/ssh_config, and /etc/shosts.equiv so this works. Unfortunately, every combination of parameters in those files I've tried hasn't done the job. And the documents are nigh upon unreadable by normal humans. So, does anyone know how to configure SSH on OSX to allow passwordless connections among a select cluster of machines? Ross -- Dr. Ross Bogue Physics Department Illinois State University From clarkcox3 at mac.com Thu Dec 4 06:04:02 2003 From: clarkcox3 at mac.com (Clark Cox) Date: Thu Nov 3 12:34:07 2005 Subject: Passwordless SSH? In-Reply-To: References: Message-ID: On Dec 04, 2003, at 08:46, Ross Bogue wrote: > Are there any SSH experts among us? I'm having a mental block trying > to set up a small compute cluster. > > The software we're using (LAM MPI) requires the master CPU be able to > send commands to the slave CPUs via SSH or RSH. OSX is committed to > using SSH, so we'll go that route. > > If the SSH connection asks for a password (the way "ssh slavecpu > command" usually does) the software will block. The connection must > be passwordless. Obviously, I need to configure /etc/sshd_config, > /etc/ssh_config, and /etc/shosts.equiv so this works. > > Unfortunately, every combination of parameters in those files I've > tried hasn't done the job. And the documents are nigh upon unreadable > by normal humans. > > So, does anyone know how to configure SSH on OSX to allow passwordless > connections among a select cluster of machines? Check out http://www.cs.umd.edu/~arun/misc/ssh.html -- Clark S. Cox III clarkcox3@mac.com http://homepage.mac.com/clarkcox3/blog/B1196589870/index.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031204/3bdf2c36/smime.bin From xsa at scmbb.ulb.ac.be Thu Dec 4 06:10:02 2003 From: xsa at scmbb.ulb.ac.be (Xavier Santolaria) Date: Thu Nov 3 12:34:07 2005 Subject: Passwordless SSH? In-Reply-To: Message-ID: <881F086C-2663-11D8-80C5-000393A6EA2A@scmbb.ulb.ac.be> On Thursday, December 4, 2003, at 02:46 PM, Ross Bogue wrote: > Are there any SSH experts among us? I'm having a mental block trying > to set up a small compute cluster. > > The software we're using (LAM MPI) requires the master CPU be able to > send commands to the slave CPUs via SSH or RSH. OSX is committed to > using SSH, so we'll go that route. > > If the SSH connection asks for a password (the way "ssh slavecpu > command" usually does) the software will block. The connection must > be passwordless. Obviously, I need to configure /etc/sshd_config, > /etc/ssh_config, and /etc/shosts.equiv so this works. > > Unfortunately, every combination of parameters in those files I've > tried hasn't done the job. And the documents are nigh upon unreadable > by normal humans. > > So, does anyone know how to configure SSH on OSX to allow passwordless > connections among a select cluster of machines? check that: http://open.bsdcow.net/tutorials/ssh_pubkey_auth just hit 'Enter' when prompted for a passphrase. HTH - Xavier. -- Xavier Santolaria xsa at {ucmb,scmbb} dot ulb dot ac dot be http://scmbb.ulb.ac.be/~xsa/ From osten2 at itab.com Thu Dec 4 06:37:04 2003 From: osten2 at itab.com (OSX) Date: Thu Nov 3 12:34:07 2005 Subject: Longhorn - OS X doomed?? Message-ID: What do you think this means for OS X: From jonas at zeus.ugent.be Thu Dec 4 06:42:02 2003 From: jonas at zeus.ugent.be (Jonas Maebe) Date: Thu Nov 3 12:34:07 2005 Subject: Longhorn - OS X doomed?? In-Reply-To: References: Message-ID: On 4 dec 2003, at 15:36, OSX wrote: > What do you think this means for OS X: > Can we please *not* have that kind of discussions on this list? I think this kind of stuff belongs on macosx-talk. Jonas (not a moderator) From mstearne at entermix.com Thu Dec 4 07:01:04 2003 From: mstearne at entermix.com (Michael Stearne) Date: Thu Nov 3 12:34:07 2005 Subject: cant reinstall jaguar after panther In-Reply-To: References: Message-ID: <98DD9C04-266A-11D8-BDF6-000A95CD9C5A@entermix.com> On Dec 3, 2003, at 4:15 PM, Michael Bovee wrote: > Hi, > A friend has a new 15" powerbook/superdrive which originally shipped > with jaguar. The machine was updated to Panther when that became > available, but it turns out that an application written by the owner > no longer runs in Classic mode under panther, whereas it did under > Jaguar. Soooo, he wanted to go back to Jaguar but now the computer > will not even boot from the Jaguar install CD. Apparently he must > reformat the drive using some other utility first? Is there something > more problematic going on here? > He might try the Software Restore DVD that came with the machine. But more than likely he will have to reformat the disk. Its hard to downgrade OS X. Michael From rbogue at phy.ilstu.edu Thu Dec 4 07:03:03 2003 From: rbogue at phy.ilstu.edu (Ross Bogue) Date: Thu Nov 3 12:34:07 2005 Subject: Passwordless SSH? In-Reply-To: <881F086C-2663-11D8-80C5-000393A6EA2A@scmbb.ulb.ac.be> References: <881F086C-2663-11D8-80C5-000393A6EA2A@scmbb.ulb.ac.be> Message-ID: At 3:09 PM +0100 12/4/03, Xavier Santolaria wrote: > >check that: http://open.bsdcow.net/tutorials/ssh_pubkey_auth At 9:03 AM -0500 12/4/03, Clark Cox wrote: > >Check out http://www.cs.umd.edu/~arun/misc/ssh.html Thanks! I'll try those. Both of those pages describe a long sequence of gibberish steps that every user of the cluster would have to do on each and every machine in the cluster. That's bad. My users would revolt. Isn't there some way I can just configure the cluster once so it works for every user? Ross (And what's the difference between RSA keys and DSA keys, and why should I care? No, wait! Don't answer that! Just answer: which should I use?) -- Dr. Ross Bogue Physics Department Illinois State University From peterf at semiotx.com Thu Dec 4 07:38:03 2003 From: peterf at semiotx.com (Peter Fraterdeus) Date: Thu Nov 3 12:34:07 2005 Subject: httpd quits immediately In-Reply-To: References: Message-ID: >On Dec 3, 2003, at 7:58 PM, Richard Peskin wrote: > >>The httpd logs don't show anything unusual. > >This is both the access and error logs? And system log? -- AzByCx DwEvFu GtHsIr JqKpLo MnNmOl PkQjRi ShTgUf VeWdXc YbZa&@ Peter Fraterdeus http://www.fraterdeus.com http://www.semiotx.com Web Strategy Consulting "Words that work."(tm) Communication Design and Typography From robertcerny at mac.com Thu Dec 4 08:14:01 2003 From: robertcerny at mac.com (Robert Cerny) Date: Thu Nov 3 12:34:07 2005 Subject: weird records in system.log Message-ID: Hi folks, my system.log on xserve 10.2.8 is suddenly filled with messages like Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root NS (f.root-servers.net) Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root NS (b.root-servers.net) Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root NS (g.root-servers.net) Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root NS (i.root-servers.net) Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root NS (j.root-servers.net) Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root NS (k.root-servers.net) Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root NS (l.root-servers.net) Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root NS (m.root-servers.net) Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root NS (a.root-servers.net) does anyone have a clue what does it mean? Robert -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2367 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031204/57e12192/smime.bin From mjwise at kapu.net Thu Dec 4 08:27:00 2003 From: mjwise at kapu.net (Michael J Wise) Date: Thu Nov 3 12:34:07 2005 Subject: Passwordless SSH? In-Reply-To: References: <881F086C-2663-11D8-80C5-000393A6EA2A@scmbb.ulb.ac.be> Message-ID: On Dec 4, 2003, at 5:01 AM, Ross Bogue wrote: > Both of those pages describe a long sequence of gibberish steps that > every user of the cluster would have to do on each and every machine > in the cluster. That's bad. My users would revolt. Isn't there some > way I can just configure the cluster once so it works for every user? You might want to google for 'sshagent'. That, and change your name to 'Mordac the Preventer'. Aloha mai Nai`a! -- "Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy..." From mjwise at kapu.net Thu Dec 4 08:30:04 2003 From: mjwise at kapu.net (Michael J Wise) Date: Thu Nov 3 12:34:07 2005 Subject: weird records in system.log In-Reply-To: References: Message-ID: On Dec 4, 2003, at 6:13 AM, Robert Cerny wrote: > Hi folks, > my system.log on xserve 10.2.8 is suddenly filled with messages like > Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root > NS (f.root-servers.net) [snip] > does anyone have a clue what does it mean? Sounds like something bad with your name daemon not being able to reach out and touch the 'net, or at least the root name servers. The root name servers are where all DNS queries have to go through if the local name server doesn't immediately know where to find something. Aloha mai Nai`a! -- "Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy..." From robertcerny at mac.com Thu Dec 4 08:39:01 2003 From: robertcerny at mac.com (Robert Cerny) Date: Thu Nov 3 12:34:07 2005 Subject: weird records in system.log In-Reply-To: References: Message-ID: <536F1FC5-2678-11D8-A281-000A9571A4D4@mac.com> well, it looks like everything works. I'm able to ssh the server, web is running as usual and if I remote connect there, I'm able to reach internet back. The only problem is that system.log is 2.6Gb now... Should I care off? Or what should I test? Thanks Robert On 4.12.2003, at 17:29, Michael J Wise wrote: > On Dec 4, 2003, at 6:13 AM, Robert Cerny wrote: > >> Hi folks, >> my system.log on xserve 10.2.8 is suddenly filled with messages like >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (f.root-servers.net) > [snip] >> does anyone have a clue what does it mean? > > Sounds like something bad with your name daemon not being able to > reach out and touch the 'net, or at least the root name servers. The > root name servers are where all DNS queries have to go through if the > local name server doesn't immediately know where to find something. > > Aloha mai Nai`a! > -- > "Please have your Internet License http://kapu.net/~mjwise/ > and Usenet Registration handy..." > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2367 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031204/053246a0/smime.bin From mjwise at kapu.net Thu Dec 4 08:47:05 2003 From: mjwise at kapu.net (Michael J Wise) Date: Thu Nov 3 12:34:07 2005 Subject: weird records in system.log In-Reply-To: <536F1FC5-2678-11D8-A281-000A9571A4D4@mac.com> References: <536F1FC5-2678-11D8-A281-000A9571A4D4@mac.com> Message-ID: <714C14B4-2679-11D8-B182-003065FB84BC@kapu.net> On Dec 4, 2003, at 6:38 AM, Robert Cerny wrote: > I'm able to ssh the server, That wouldn't necessarily test the problem. > web is running as usual Check the weblogs. Do you look up the IP addresses of hits? If so, you might see a log full of IP addresses instead of hostnames. > and if I remote connect there, I'm able to reach internet back. If the location you tried is already in the cache, the root name servers won't be touched. Try someplace ... "New". > The only problem is that system.log is 2.6Gb now... You might wanna rotate the log by hand. Aloha mai Nai`a! -- "Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy..." From cwilbur at mac.com Thu Dec 4 08:49:13 2003 From: cwilbur at mac.com (Charlton Wilbur) Date: Thu Nov 3 12:34:07 2005 Subject: Longhorn - OS X doomed?? In-Reply-To: References: Message-ID: On Dec 4, 2003, at 9:36 AM, OSX wrote: > > What do you think this means for OS X: > > > From the above article: > "Linux, Unix and MacOS platforms are going to be out of it" I think that Microsoft has a long history of promising things it never delivers, and that there's an awfully long time between now and 2006, especially in Internet time. It amazes me that Internet pundits are running around like Chicken Little over this, announcing the end of the world. I suppose it sells magazines. Charlton -- Charlton Wilbur cwilbur@chromatico.net cwilbur@mac.com From dev+lists at humph.com Thu Dec 4 08:56:01 2003 From: dev+lists at humph.com (Giuliano Gavazzi) Date: Thu Nov 3 12:34:07 2005 Subject: weird records in system.log In-Reply-To: References: Message-ID: perhaps something wrong with your hint file? Check this in you named.conf zone "." IN { type hint; file "named.ca"; }; and look at the file that in the example above is called named.ca. In a standard install it seems to be located in /var/named/ cf.: options { directory "/var/named"; Also, don't know what version of named 10.3 is distributed, upgrade to version 9.x if necessary. Giuliano At 5:13 pm +0100 2003/12/04, Robert Cerny wrote: >Hi folks, >my system.log on xserve 10.2.8 is suddenly filled with messages like >Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >NS (f.root-servers.net) >Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >NS (b.root-servers.net) >Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >NS (g.root-servers.net) >Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >NS (i.root-servers.net) >Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >NS (j.root-servers.net) >Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >NS (k.root-servers.net) >Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >NS (l.root-servers.net) >Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >NS (m.root-servers.net) >Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >NS (a.root-servers.net) > > does anyone have a clue what does it mean? From shawn at freetimesw.com Thu Dec 4 09:35:01 2003 From: shawn at freetimesw.com (Shawn Erickson) Date: Thu Nov 3 12:34:07 2005 Subject: Passwordless SSH? In-Reply-To: References: Message-ID: <13C85848-2680-11D8-9BD8-000A95A6C778@freetimesw.com> On Dec 4, 2003, at 5:46 AM, Ross Bogue wrote: > Are there any SSH experts among us? I'm having a mental block trying > to set up a small compute cluster. > > The software we're using (LAM MPI) requires the master CPU be able to > send commands to the slave CPUs via SSH or RSH. OSX is committed to > using SSH, so we'll go that route. > > If the SSH connection asks for a password (the way "ssh slavecpu > command" usually does) the software will block. The connection must > be passwordless. Obviously, I need to configure /etc/sshd_config, > /etc/ssh_config, and /etc/shosts.equiv so this works. > > Unfortunately, every combination of parameters in those files I've > tried hasn't done the job. And the documents are nigh upon unreadable > by normal humans. > > So, does anyone know how to configure SSH on OSX to allow passwordless > connections among a select cluster of machines? It is not clear if you are talking about no login passwords or no ssh key passwords? Simply drop the public keys from all systems into a a single file and drop that file into authorized_keys and drop that file on all hosts. The authorized_keys file is discussed if you man ssh. This will allow folks to connect without passwords between the trusted hosts. -Shawn From peterf at semiotx.com Thu Dec 4 09:51:07 2003 From: peterf at semiotx.com (Peter Fraterdeus) Date: Thu Nov 3 12:34:07 2005 Subject: Longhorn - OS X doomed?? In-Reply-To: References: Message-ID: Wait a minnit. It's not April Fool's day already, is it?? Is Tog really saying that, or is he tweaking M$? ;-) Anyone that would believe that anything that M$ produces will be a. on time b. secure c. productive in the first three years has got to be living in another skewed dimension. Wait a nuther minnit. Maybe that IS where M$ lives? PF >On Dec 4, 2003, at 9:36 AM, OSX wrote: > >> >>What do you think this means for OS X: >> >> >>From the above article: >>"Linux, Unix and MacOS platforms are going to be out of it" > >I think that Microsoft has a long history of promising things it never delivers, and that there's an awfully long time between now and 2006, especially in Internet time. It amazes me that Internet pundits are running around like Chicken Little over this, announcing the end of the world. > >I suppose it sells magazines. > >Charlton > >-- >Charlton Wilbur >cwilbur@chromatico.net >cwilbur@mac.com > >_______________________________________________ >MacOSX-admin mailing list >MacOSX-admin@omnigroup.com >http://www.omnigroup.com/mailman/listinfo/macosx-admin -- AzByCx DwEvFu GtHsIr JqKpLo MnNmOl PkQjRi ShTgUf VeWdXc YbZa&@ Peter Fraterdeus http://www.fraterdeus.com http://www.semiotx.com Web Strategy Consulting "Words that work."(tm) Communication Design and Typography From mbartosh at mac.com Thu Dec 4 09:52:04 2003 From: mbartosh at mac.com (Michael Bartosh) Date: Thu Nov 3 12:34:07 2005 Subject: Passwordless SSH? In-Reply-To: References: <881F086C-2663-11D8-80C5-000393A6EA2A@scmbb.ulb.ac.be> Message-ID: At 6:26 AM -1000 12/4/03, Michael J Wise wrote: >You might want to google for 'sshagent'. >That, and change your name to 'Mordac the Preventer'. Or I'd throw in kerberos. Much cleaner thant all this key stuff. -- Locusts and honey ... not since John The Baptist has there been a voice like that crying in the wilderness. ... Every man knows he is a sissy compared to Johnny Cash. -- Bono From robertcerny at mac.com Thu Dec 4 09:54:43 2003 From: robertcerny at mac.com (Robert Cerny) Date: Thu Nov 3 12:34:07 2005 Subject: weird records in system.log In-Reply-To: References: Message-ID: Hi, I checked the files and they look "normal". Anyway, I restarted named, and the logs are ok for now. I believe the problem will not appear again. Robert On 4.12.2003, at 17:55, Giuliano Gavazzi wrote: > perhaps something wrong with your hint file? > Check this in you named.conf > > zone "." IN { > type hint; > file "named.ca"; > }; > > and look at the file that in the example above is called named.ca. > In a standard install it seems to be located in /var/named/ > > cf.: > > options { > directory "/var/named"; > > Also, don't know what version of named 10.3 is distributed, upgrade to > version 9.x if necessary. > > Giuliano > > At 5:13 pm +0100 2003/12/04, Robert Cerny wrote: >> Hi folks, >> my system.log on xserve 10.2.8 is suddenly filled with messages like >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (f.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (b.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (g.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (i.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (j.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (k.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (l.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (m.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (a.root-servers.net) >> >> does anyone have a clue what does it mean? > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2367 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031204/e8e3a146/smime.bin From bill at celestial.com Thu Dec 4 09:59:41 2003 From: bill at celestial.com (Bill Campbell) Date: Thu Nov 3 12:34:07 2005 Subject: Longhorn - OS X doomed?? In-Reply-To: References: Message-ID: <20031204175712.GA2868@alexis.mi.celestial.com> On Thu, Dec 04, 2003, Peter Fraterdeus wrote: >Wait a minnit. > >It's not April Fool's day already, is it?? Is Tog really saying that, or is he tweaking M$? > >;-) > >Anyone that would believe that anything that M$ produces will be >a. on time >b. secure >c. productive in the first three years Three years? A very good legal secretary I know said that her productivity dropped about 50% when she was forced to use M$ Word instead of WordPerfect. How productive is it to run applications on a system that freezes, loses valuable data (perhaps e-mailed to a competitor via one of the many worms that infect the Windows virus), or has to be reinstalled because it's become unusable? >has got to be living in another skewed dimension. >Wait a nuther minnit. > >Maybe that IS where M$ lives? > >PF > >>On Dec 4, 2003, at 9:36 AM, OSX wrote: >> >>> >>>What do you think this means for OS X: >>> >>> >>>From the above article: >>>"Linux, Unix and MacOS platforms are going to be out of it" >> >>I think that Microsoft has a long history of promising things it never delivers, and that there's an awfully long time between now and 2006, especially in Internet time. It amazes me that Internet pundits are running around like Chicken Little over this, announcing the end of the world. >> >>I suppose it sells magazines. >> >>Charlton >> >>-- >>Charlton Wilbur >>cwilbur@chromatico.net >>cwilbur@mac.com >> >>_______________________________________________ >>MacOSX-admin mailing list >>MacOSX-admin@omnigroup.com >>http://www.omnigroup.com/mailman/listinfo/macosx-admin > > >-- >AzByCx DwEvFu GtHsIr JqKpLo MnNmOl PkQjRi ShTgUf VeWdXc YbZa&@ > >Peter Fraterdeus http://www.fraterdeus.com > >http://www.semiotx.com Web Strategy Consulting >"Words that work."(tm) Communication Design and Typography >_______________________________________________ >MacOSX-admin mailing list >MacOSX-admin@omnigroup.com >http://www.omnigroup.com/mailman/listinfo/macosx-admin > -- Bill -- INTERNET: bill@Celestial.COM Bill Campbell; Celestial Systems, Inc. UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``If the government can take a man's money without his consent, there is no limit to the additional tyranny it may practise upon him; for, with his money, it can hire soldiers to stand over him, keep him in subjection, plunder him at discretion, and kill him if he resists.'' Lysander Spooner, 1852 From janos.lobb at yale.edu Thu Dec 4 10:15:05 2003 From: janos.lobb at yale.edu (=?ISO-8859-1?Q?J=E1nos_L=F6bb?=) Date: Thu Nov 3 12:34:08 2005 Subject: Longhorn - OS X doomed?? In-Reply-To: <20031204175712.GA2868@alexis.mi.celestial.com> References: <20031204175712.GA2868@alexis.mi.celestial.com> Message-ID: I respect Jonas Maebe request to take it to talk - where I am not a member. Let me say just this and I will be silent. There was an article about two months ago in IEEE Computer that MS employed 3 QA programs to catch the bugs in its 2003 Server that - according to MS - is the most bug free OS ever produced /I guess by MS/. There was a small statistics there that about 17% of the bugs were quashed this way. I just marveled at this peek of software engineering as I was reading. Later on at night, when I could not sleep, I was thinking about how did they get to know the other 83%..... J?nos On Dec 4, 2003, at 12:57 PM, Bill Campbell wrote: > On Thu, Dec 04, 2003, Peter Fraterdeus wrote: >> Wait a minnit. >> >> It's not April Fool's day already, is it?? Is Tog really saying that, >> or is he tweaking M$? >> >> ;-) >> >> Anyone that would believe that anything that M$ produces will be >> a. on time >> b. secure >> c. productive in the first three years > > Three years? A very good legal secretary I know said that her > productivity > dropped about 50% when she was forced to use M$ Word instead of > WordPerfect. How productive is it to run applications on a system that > freezes, loses valuable data (perhaps e-mailed to a competitor via one > of > the many worms that infect the Windows virus), or has to be reinstalled > because it's become unusable? > >> has got to be living in another skewed dimension. >> Wait a nuther minnit. >> >> Maybe that IS where M$ lives? >> >> PF >> >>> On Dec 4, 2003, at 9:36 AM, OSX wrote: >>> >>>> >>>> What do you think this means for OS X: >>>> >>> story=469639> >>>> >>>> From the above article: >>>> "Linux, Unix and MacOS platforms are going to be out of it" >>> >>> I think that Microsoft has a long history of promising things it >>> never delivers, and that there's an awfully long time between now >>> and 2006, especially in Internet time. It amazes me that Internet >>> pundits are running around like Chicken Little over this, announcing >>> the end of the world. >>> >>> I suppose it sells magazines. >>> >>> Charlton >>> >>> -- >>> Charlton Wilbur >>> cwilbur@chromatico.net >>> cwilbur@mac.com >>> >>> _______________________________________________ >>> MacOSX-admin mailing list >>> MacOSX-admin@omnigroup.com >>> http://www.omnigroup.com/mailman/listinfo/macosx-admin >> >> >> -- >> AzByCx DwEvFu GtHsIr JqKpLo MnNmOl PkQjRi ShTgUf VeWdXc YbZa&@ >> >> Peter Fraterdeus http://www.fraterdeus.com >> >> http://www.semiotx.com Web Strategy Consulting >> "Words that work."(tm) Communication Design and Typography >> _______________________________________________ >> MacOSX-admin mailing list >> MacOSX-admin@omnigroup.com >> http://www.omnigroup.com/mailman/listinfo/macosx-admin >> > > -- > Bill > -- > INTERNET: bill@Celestial.COM Bill Campbell; Celestial Systems, Inc. > UUCP: camco!bill PO Box 820; 6641 E. Mercer Way > FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) > 236-1676 > URL: http://www.celestial.com/ > > ``If the government can take a man's money without his consent, there > is no > limit to the additional tyranny it may practise upon him; for, with his > money, it can hire soldiers to stand over him, keep him in subjection, > plunder him at discretion, and kill him if he resists.'' > Lysander Spooner, 1852 > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > > ------------------------------------------------- clear perl code is better than unclear awk code; but NOTHING comes close to unclear perl code http://www.faqs.org/faqs/computer-lang/awk/faq/ From robertcerny at mac.com Thu Dec 4 10:21:09 2003 From: robertcerny at mac.com (Robert Cerny) Date: Thu Nov 3 12:34:08 2005 Subject: weird records in system.log In-Reply-To: References: Message-ID: <9F644668-2686-11D8-8DB3-000A95D9A83A@mac.com> Hi, I checked the files and they look "normal". Anyway, I restarted named, and the logs are ok for now. On 4.12.2003, at 17:55, Giuliano Gavazzi wrote: > perhaps something wrong with your hint file? > Check this in you named.conf > > zone "." IN { > type hint; > file "named.ca"; > }; > > and look at the file that in the example above is called named.ca. > In a standard install it seems to be located in /var/named/ > > cf.: > > options { > directory "/var/named"; > > Also, don't know what version of named 10.3 is distributed, upgrade to > version 9.x if necessary. > > Giuliano > > At 5:13 pm +0100 2003/12/04, Robert Cerny wrote: >> Hi folks, >> my system.log on xserve 10.2.8 is suddenly filled with messages like >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (f.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (b.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (g.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (i.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (j.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (k.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (l.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (m.root-servers.net) >> Dec 4 08:33:55 xserve named[380]: sysquery: no addrs found for root >> NS (a.root-servers.net) >> >> does anyone have a clue what does it mean? > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2367 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031204/289a8847/smime.bin From formido at mac.com Thu Dec 4 10:24:05 2003 From: formido at mac.com (Michael Terry) Date: Thu Nov 3 12:34:08 2005 Subject: Defaults Read Message-ID: <893CD7E2-2686-11D8-8CD9-0030657075EA@mac.com> Is there a way to use defaults to read nested values? The man page doesn't recommend a syntax, and nothing I tried worked. Example: Say I wanted to retrieve the value associated with the Width key in the fifth element of the DisplaySets array in the /Library/Preferences/com.apple.windowserver.plist file. Is this possible using just defaults? Cheers, Mike From trang at condor.circa.ufl.edu Thu Dec 4 11:20:01 2003 From: trang at condor.circa.ufl.edu (Trang Le) Date: Thu Nov 3 12:34:08 2005 Subject: OS 9.2.2 and erased files Message-ID: <3FCF889E.6080706@condor.circa.ufl.edu> I know this is not an OS X question, but we need help to recover the deleted folder in OS 9.2.2. One of my co worker dragged a 1.2GB folder to the trash, then emptied the trash. We tried the most recent version of Norton Utility to recover that folder, but no luck. Is there any way we can recover that folder? She really needs that folder. Thanks, Trang Le Academic Technology University of Florida From rpeskin at rlpcon.com Thu Dec 4 11:43:02 2003 From: rpeskin at rlpcon.com (Richard Peskin) Date: Thu Nov 3 12:34:08 2005 Subject: httpd question Message-ID: <03CB840E-2692-11D8-A71B-000A95A6858C@rlpcon.com> What is the expected behavior of the httpd daemon if, at init, there are no resolvable virtual hosts or designated "primary" host? Will the daemon just quit under those circumstances? I'm asking because it appears the problem I had yesterday (httpd quitting immediately after init) was caused by an external name server service failing to resolve any of the virtual hosts served by our server. thanks, --dick peskin ________________________________________________________ The country didn't elect Bush in 2000 and certainly shouldn't elect him in 2004. Support Howard Dean for President. Info: www.DeanForAmerica.com ________________________________________________________ Richard L. Peskin, RLP Consulting, Londonderry, VT http://www.rlpcon.com http://www.caip.rutgers.edu/~peskin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 974 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031204/a4b49993/attachment.bin From mstearne at entermix.com Thu Dec 4 11:54:01 2003 From: mstearne at entermix.com (Michael Stearne) Date: Thu Nov 3 12:34:08 2005 Subject: httpd question In-Reply-To: <03CB840E-2692-11D8-A71B-000A95A6858C@rlpcon.com> References: <03CB840E-2692-11D8-A71B-000A95A6858C@rlpcon.com> Message-ID: <75BE5B41-2693-11D8-A9B7-000A95CD9C5A@entermix.com> It shouldn't fail, it should give a warning and revert to 127.0.0.1 as the primary host AFAIK. You can also look at /var/log/httpd/error_log to see why it is failing. In addition, you can run "apachectl configtest" as root to see if there are errors in the httpd.conf file. Michael On Dec 4, 2003, at 2:42 PM, Richard Peskin wrote: > What is the expected behavior of the httpd daemon if, at init, there > are no resolvable virtual hosts or designated "primary" host? Will > the daemon just quit under those circumstances? I'm asking because it > appears the problem I had yesterday (httpd quitting immediately after > init) was caused by an external name server service failing to resolve > any of the virtual hosts served by our server. > thanks, > --dick peskin > > > > ________________________________________________________ > The country didn't elect Bush in 2000 and certainly shouldn't elect > him in 2004. > Support Howard Dean for President. > Info: www.DeanForAmerica.com > ________________________________________________________ > Richard L. Peskin, RLP Consulting, Londonderry, VT > http://www.rlpcon.com > http://www.caip.rutgers.edu/~peskin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1339 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031204/5bd8216d/attachment.bin From duncan at x180.net Thu Dec 4 12:07:25 2003 From: duncan at x180.net (James Duncan Davidson) Date: Thu Nov 3 12:34:08 2005 Subject: cant reinstall jaguar after panther In-Reply-To: References: Message-ID: On Dec 3, 2003, at 13:15, Michael Bovee wrote: > Hi, > A friend has a new 15" powerbook/superdrive which originally shipped > with jaguar. The machine was updated to Panther when that became > available, but it turns out that an application written by the owner > no longer runs in Classic mode under panther, whereas it did under > Jaguar. Soooo, he wanted to go back to Jaguar but now the computer > will not even boot from the Jaguar install CD. Apparently he must > reformat the drive using some other utility first? Is there something > more problematic going on here? This happens and is normal. What's going on is that the 10.2.0 version of Jaguar doesn't have the drivers for the hardware that was released after it was released. You'll need to use the Mac OS X installation off the Software Restore DVD that came with your new powerbook. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2359 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031204/8810fbc3/smime.bin From mbovee at uvm.edu Thu Dec 4 12:18:36 2003 From: mbovee at uvm.edu (Michael Bovee) Date: Thu Nov 3 12:34:08 2005 Subject: cant reinstall jaguar...resolved In-Reply-To: Message-ID: On Thursday, December 4, 2003, at 03:03 PM, James Duncan Davidson wrote: >> Hi, >> A friend has a new 15" powerbook/superdrive which originally shipped >> with jaguar. The machine was updated to Panther when that became >> available, but it turns out that an application written by the owner >> no longer runs in Classic mode under panther, whereas it did under >> Jaguar. Soooo, he wanted to go back to Jaguar but now the computer >> will not even boot from the Jaguar install CD. Apparently he must >> reformat the drive using some other utility first? Is there something >> more problematic going on here? > > This happens and is normal. What's going on is that the 10.2.0 version > of Jaguar doesn't have the drivers for the hardware that was released > after it was released. > You'll need to use the Mac OS X installation off the Software Restore > DVD that came with your new powerbook. Yes, thanks James, I found out that this was exactly the case. My friend didn't tell me beforehand that he had not tried the Jaguar installer disk that shipped with the machine; instead he was using a Jaguar retail version (10.2.0). All is well now. Sorry to bother...thanks to everyone for the helpful feedback! --Michael From dev+lists at humph.com Thu Dec 4 12:47:03 2003 From: dev+lists at humph.com (Giuliano Gavazzi) Date: Thu Nov 3 12:34:08 2005 Subject: weird records in system.log In-Reply-To: References: Message-ID: At 6:54 pm +0100 2003/12/04, Robert Cerny wrote: >Hi, >I checked the files and they look "normal". Anyway, I restarted >named, and the logs are ok for now. I believe the problem will not >appear again. > >Robert Do not trust named, in particular version 8. Giuliano From shoop at iwiring.net Thu Dec 4 13:53:03 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:08 2005 Subject: Longhorn - OS X doomed?? In-Reply-To: References: Message-ID: At 6:36 AM -0800 12/4/03, OSX wrote: >What do you think this means for OS X: > > >>From the above article: >"Linux, Unix and MacOS platforms are going to be out of it" Can we keep this religious trolling off the list? -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From shoop at iwiring.net Thu Dec 4 14:12:02 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:08 2005 Subject: httpd question In-Reply-To: <03CB840E-2692-11D8-A71B-000A95A6858C@rlpcon.com> References: <03CB840E-2692-11D8-A71B-000A95A6858C@rlpcon.com> Message-ID: At 2:42 PM -0500 12/4/03, Richard Peskin wrote: >What is the expected behavior of the httpd daemon if, at init, there >are no resolvable virtual hosts or designated "primary" host? Will >the daemon just quit under those circumstances? I'm asking because >it appears the problem I had yesterday (httpd quitting immediately >after init) was caused by an external name server service failing to >resolve any of the virtual hosts served by our server. By resolvable I assume you mean resolvable by DNS, not resolvable in terms of Apache being able to map a directory to the request. Apache listens on the addresses:ports that you've configured. It takes requests and maps them against it's rules. If DNS doesn't resolve properly to those addresses:ports then Apache just doesn't get the request. You can still send a valid request, manually, by connecting to Apache and handing it the web page request (say using telnet as a tool or curl). Likewise you don't resally need DNS either, the host to IP resolution could be accomplished by host files or /machine records in netinfo (and if you had these in place on the machine you made the request from then you could use your browser to send the request to apache even w/o DNS.) Apache itslef doesn't use DNS to resolve the request at all, it uses the HOST header in the request or the IP address. See Apache's docs on virtual hosts for more. If you meant the latter, in that Apache doesn't have a mapping in its configuration to map a request for a particular host to a virtual domain, then it will just use it's default document root for that request. Depending on the request and configuration this could either be the default for the server or the first virtual host directive that matches the IP address and port the request came in under. If Apache isn't starting, then you have some other issue, `apachectl configtest` should validate the syntax and grammar of your config file, but errors of valid (but misconfigured) configurations are best examined by looking at the logs and errors. >_____________________________________________________ >The country didn't elect Bush in 2000 and certainly shouldn't elect >him in 2004. >Support Howard Dean for President. >Info: www.DeanForAmerica.com While you should be free to speak your mind, I don't think political advertisements on your email messages are appropriate for this forum. I'd like to keep politics out of it myself, but that's MNSHO -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? -------------- next part -------------- An HTML attachment was scrubbed... URL: /mailman/archive/macosx-admin/attachments/20031204/2ee12bbb/attachment.html From shoop at iwiring.net Thu Dec 4 14:18:02 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:08 2005 Subject: httpd quits immediately In-Reply-To: References: Message-ID: At 12:58 AM -0500 12/4/03, Richard Peskin wrote: >When I start Apache (httpd) on one of my servers it quits >immediately. The apachectl configttest shows no problem. This just proves the config file(s) pass the scanner and parser for syntax and grammar respectively. It won't note misconfiguration issues. > The only clue I have is that there is no process owned by www. httpd could also be root, and the parent apache process normally is. The children get created by this and I suppose if you're not starting any servers explicitly at startup then it might not have any processes owned by www. More likely the case is that it failed to start at all because of an error, like... > In effect, "apachectl start" reports a start but the process dies >immediately. Were you running this as root? > Any idea where I might look for the problem? (System is an Xserve >running 10.2 server.) The httpd logs don't show anything unusual. Which logs were you looking at? -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From shoop at iwiring.net Thu Dec 4 14:26:01 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:08 2005 Subject: Defaults Read In-Reply-To: <893CD7E2-2686-11D8-8CD9-0030657075EA@mac.com> References: <893CD7E2-2686-11D8-8CD9-0030657075EA@mac.com> Message-ID: At 10:20 AM -0800 12/4/03, Michael Terry wrote: >Is there a way to use defaults to read nested values? The man page >doesn't recommend a syntax, and nothing I tried worked. Example: Say >I wanted to retrieve the value associated with the Width key in the >fifth element of the DisplaySets array in the >/Library/Preferences/com.apple.windowserver.plist file. Is this >possible using just defaults? It's just an XML file, you could use any xml parser to read it and pluck out any value. I'm not sure defaults lets you do that. There's also the PropertyListEditor tool -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From osten2 at itab.com Thu Dec 4 14:42:04 2003 From: osten2 at itab.com (OSX) Date: Thu Nov 3 12:34:08 2005 Subject: Longhorn - OS X doomed?? In-Reply-To: Message-ID: > Can we keep this religious trolling off the list? Well I'm pleased, even relieved, that no one thinks this is serious but I thought it was. Guess I got suckered in. I really saw this news as Bill Gates, armed with his knowledge that he can take on the US government and win, is making his move. That's what I'd do. I really did want to know what experienced admins thought Apple's direction would be if MS pulls it off. Why wouldn't they go for 100%, that's their job. Being you guys don't think anything off it I'll just relax. I just wanted to say I wasn't trying to stir anything up, I'm just not as up on things as some of you. Sham From osten2 at itab.com Thu Dec 4 14:47:03 2003 From: osten2 at itab.com (OSX) Date: Thu Nov 3 12:34:08 2005 Subject: OS 9.2.2 and erased files In-Reply-To: <3FCF889E.6080706@condor.circa.ufl.edu> Message-ID: > I know this is not an OS X question, but we need help to recover the > deleted folder in OS 9.2.2. > One of my co worker dragged a 1.2GB folder to the trash, then emptied > the trash. We tried the most recent version of Norton Utility to > recover that folder, but no luck. > > Is there any way we can recover that folder? She really needs that folder. You need to go to one of those places that charge $3,000 to recover drives. They can probably do it. I used one once and they saved what I thought was a seriously hosed drive. No back-up? From scott at maxify.com Thu Dec 4 14:50:24 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:08 2005 Subject: [Moderator] Re: Longhorn - OS X doomed?? In-Reply-To: References: Message-ID: <245D1BF8-26AC-11D8-82A0-003065CA9E5A@maxify.com> On Dec 4, 2003, at 2:41 PM, OSX wrote: > Well I'm pleased, even relieved, that no one thinks this is serious > but I > thought it was. Guess I got suckered in. There's no problem with discussing this article, you just have to do it on macosx-talk. - Scott -- Tree House Ideas http://treehouseideas.com/ From shoop at iwiring.net Thu Dec 4 14:53:25 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:08 2005 Subject: Passwordless SSH? In-Reply-To: References: Message-ID: At 7:46 AM -0600 12/4/03, Ross Bogue wrote: >Are there any SSH experts among us? I'm having a mental block >trying to set up a small compute cluster. > >The software we're using (LAM MPI) requires the master CPU be able >to send commands to the slave CPUs via SSH or RSH. OSX is committed >to using SSH, so we'll go that route. > >If the SSH connection asks for a password (the way "ssh slavecpu >command" usually does) the software will block. The connection must >be passwordless. Obviously, I need to configure /etc/sshd_config, >/etc/ssh_config, and /etc/shosts.equiv so this works. You need to copy your keys (e.g. authorized_keys2) over to the remote system. >Unfortunately, every combination of parameters in those files I've >tried hasn't done the job. And the documents are nigh upon >unreadable by normal humans. I was human last I checked, and aside from a small lapses in sanity am pretty normal. >So, does anyone know how to configure SSH on OSX to allow >passwordless connections among a select cluster of machines? -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From formido at mac.com Thu Dec 4 14:57:11 2003 From: formido at mac.com (Michael Terry) Date: Thu Nov 3 12:34:08 2005 Subject: Defaults Read In-Reply-To: References: <893CD7E2-2686-11D8-8CD9-0030657075EA@mac.com> Message-ID: On Dec 4, 2003, at 2:24 PM, Dan Shoop wrote: > At 10:20 AM -0800 12/4/03, Michael Terry wrote: >> Is there a way to use defaults to read nested values? The man page >> doesn't recommend a syntax, and nothing I tried worked. Example: Say >> I wanted to retrieve the value associated with the Width key in the >> fifth element of the DisplaySets array in the >> /Library/Preferences/com.apple.windowserver.plist file. Is this >> possible using just defaults? > > It's just an XML file, you could use any xml parser to read it and > pluck out any value. I'm not sure defaults lets you do that. There's > also the PropertyListEditor tool > -- > > Yeah, I figured it wasn't possible. I already am parsing it with a a plist parsing AppleScript library, but it's too slow for this task. Embedding a faster, command line parser in the script would be possible, but it will probably be easier to just replace the AS library with a routine to extract what I need directly without fully parsing the file. I don't suppose anyone knows a non-graphical way to determine how many displays are attached to a machine, do they? Cheers, Mike From lists at colorremedies.com Thu Dec 4 15:16:04 2003 From: lists at colorremedies.com (Chris Murphy) Date: Thu Nov 3 12:34:08 2005 Subject: OS 9.2.2 and erased files In-Reply-To: <3FCF889E.6080706@condor.circa.ufl.edu> References: <3FCF889E.6080706@condor.circa.ufl.edu> Message-ID: Try Data Rescue. But in the meantime I'd stop using that machine entirely because the more it gets used, the more the previously allocated sections on the drive are going to get overwritten. Chris Murphy Color Remedies (TM) www.colorremedies.com/realworldcolor --------------------------------------------------------- Co-author "Real World Color Management" Published by PeachPit Press (ISBN 0-201-77340-6) From mgraham at aquaflo.com Thu Dec 4 15:24:05 2003 From: mgraham at aquaflo.com (Marley Graham) Date: Thu Nov 3 12:34:08 2005 Subject: Passwordless SSH? (Modified by Marley Graham) Message-ID: Sorry, this apparently didn't go through before. ===================================== On Dec 4, 2003, at 5:46 AM, Ross Bogue wrote: > Are there any SSH experts among us? I'm having a mental block trying > to set up a small compute cluster. I can't claim to be an expert, but here is how I set up our systems to access our AIX box: * On the User?s machine: Type: ssh-keygen -t rsa cd to /home//.ssh ls to check for id_rsa.pub ftp the file to :/home/ * On the server: cd to /home/ mkdir .ssh (if there isn't one there already) copy the id_rsa.pub file into the user?s .ssh directory: cat id_rsa.pub >> ./.ssh/authorized_keys2 Try it: On the user?s machine: Type: ssh -l You should be logged in without using your password. (If it fails the first time, repeat the login step). Hope that helps. Marley Graham ============ From andreas at harmless.de Thu Dec 4 15:46:13 2003 From: andreas at harmless.de (Andreas Mayer) Date: Thu Nov 3 12:34:08 2005 Subject: Defaults Read In-Reply-To: References: <893CD7E2-2686-11D8-8CD9-0030657075EA@mac.com> Message-ID: Am 04.12.2003 um 23:53 schrieb Michael Terry: > I don't suppose anyone knows a non-graphical way to determine how many > displays are attached to a machine, do they? Well, that's about three lines of code ... Here you go: http://harmless.dyndns.org/~andreas/screens.zip [harmless:~/Sites] andreas% ./screens.app/Contents/MacOS/screens 2003-12-05 00:44:07.063 screens[2101] 1 Haven't tested it on a machine with more than one screen though. :-) bye. Andreas. From osten2 at itab.com Thu Dec 4 18:05:03 2003 From: osten2 at itab.com (OSX) Date: Thu Nov 3 12:34:08 2005 Subject: I'm sorry Message-ID: I didn't realize this list was just for a small group of homosexuals. dhhhhhan and bhhhilly bhhhhob and yahhh'll From jwelch at aer.com Thu Dec 4 18:30:04 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:08 2005 Subject: I'm sorry In-Reply-To: Message-ID: On 12/4/03 8:04 PM, "OSX" wrote: > > I didn't realize this list was just for a small group of homosexuals. > > dhhhhhan and bhhhilly bhhhhob and yahhh'll And the crickets in the back of my mind chirp as silence reigns.. Somewhere, William F. Buckley weeps. And I wonder....WTH? john -- "Onward we stagger, and if the tanks come, may God help the tanks." - Col. William O. Darby From dave.xadmin at alfordmedia.com Thu Dec 4 18:40:06 2003 From: dave.xadmin at alfordmedia.com (Dave Pooser) Date: Thu Nov 3 12:34:08 2005 Subject: I'm sorry In-Reply-To: Message-ID: > And I wonder....WTH? What he said. -- Dave Pooser Manager of Information Services Alford Media http://www.alfordmedia.com From andreas at harmless.de Thu Dec 4 18:57:03 2003 From: andreas at harmless.de (Andreas Mayer) Date: Thu Nov 3 12:34:08 2005 Subject: Defaults Read In-Reply-To: References: <893CD7E2-2686-11D8-8CD9-0030657075EA@mac.com> Message-ID: <9E196610-26CE-11D8-8DA5-000A957A7AFC@harmless.de> Am 05.12.2003 um 00:45 schrieb Andreas Mayer: > Well, that's about three lines of code ... Since someone asked - this is essentially it: - (void)awakeFromNib { NSLog(@"%i", [[NSScreen screens] count]); [NSApp terminate:self]; } I've put the Xcode project here: http://harmless.dyndns.org/~andreas/screens-project.zip The only problem is that the app needs to talk to the window manager. So it wouldn't work as a standard command line project. While it should be possible to build it without an app bundle, I just didn't want to spend more time on it. bye. Andreas. From Jukka.Leino at a-lehdet.fi Thu Dec 4 22:06:01 2003 From: Jukka.Leino at a-lehdet.fi (Jukka.Leino@a-lehdet.fi) Date: Thu Nov 3 12:34:08 2005 Subject: VS: nfs home not available after startup Message-ID: I was wrong, it was not that NFS was not ready... I put a loop to /System/Library/StartupItems/LoginWindow/LoginWindow that check the exist of NFS-home directory. ---8<---[loop start] nfsloop=0 while test $nfsloop -lt 60 -a ! -e /Network/Servers/Xserve/home/exists do sleep 1 done --->8---[loop end] So it gives loginwindow after if sees a file in NFS-home directory. Still I got wrong prefs if I login too fast. If I just put sleep 60 I can login correct but I don't want to wait a minute. Any ideas what can be wrong? Jukka -----Alkuper?inen viesti----- L?hett?j?: Jukka Leino L?hetetty: 2. joulukuuta 2003 7:55 Vastaanottaja: macosx-admin@omnigroup.com Aihe: nfs home not available after startup I have netinfo users in 10.2 server and home directories are shared with nfs. This works fine with 10.2 clients but 10.3 clients sometimes (after startup) log in with default dock and and prefs. And when You log out and back in You get Your own prefs but dock prefs are lost. I guess this is because 10.3 boots too fast that nfs automount is not ready. But it is ready when you log out so dock prefs are saved... Is there some way I can prevent login if nfs automount are not ready? Jukka _______________________________________________ MacOSX-admin mailing list MacOSX-admin@omnigroup.com http://www.omnigroup.com/mailman/listinfo/macosx-admin From jared at 23x.net Thu Dec 4 23:43:02 2003 From: jared at 23x.net (Jared ''Danger'' Earle) Date: Thu Nov 3 12:34:08 2005 Subject: I'm sorry In-Reply-To: References: Message-ID: <85F59401-26F6-11D8-B591-000A958F180A@23x.net> On 5 Dec 2003, at 03:04, OSX wrote: > I didn't realize this list was just for a small group of homosexuals. Another good reason not to post to mailing lists drunk: you'll read what you said in your inbox in the morning, sober. -- Jared Earle, Nightfall Games, jared@23x.net - http://www.23x.net "Watashi-wa shin no SUPORUKU desu" From robertcerny at mac.com Thu Dec 4 23:45:23 2003 From: robertcerny at mac.com (Robert Cerny) Date: Thu Nov 3 12:34:08 2005 Subject: weird records in system.log In-Reply-To: References: Message-ID: Hi, I downloaded the log file and must say that I don't know anything more. I scrolled to the first occurrence of the problem hoping that I will find any error message there, but nothing: Dec 4 08:30:40 xserve named[380]: USAGE 1070523040 1069784097 CPU=1325.99u/0s CHILDCPU=0u/0s Dec 4 08:30:40 xserve named[380]: NSTATS 1070523040 1069784097 A=3639 CNAME=18 PTR=185 MX=14 AAAA=958 SRV=6 Dec 4 08:30:40 xserve named[380]: XSTATS 1070523040 1069784097 RR=5092 RNXD=3404 RFwdR=66 RDupR=136 RFail=64 RFErr=4 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=3363 SAns=7647 SFwdQ=1462 SDupQ=239 SErr=0 RQ=4821 RIQ=2 RFwdQ=1462 RDupQ=49 RTCP=44 SFwdR=66 SFail=0 SFErr=0 SNaAns=7419 SNXD=1853 RUQ=0 RURQ=0 RUXFR=0 RUUpd=0 Dec 4 08:31:07 xserve bootpd[5219]: DHCP REQUEST [en3]: 1,0:a:95:ba:46:4a Dec 4 08:31:07 xserve bootpd[5219]: ACK sent g5 192.168.1.25 pktsize 307 Dec 4 08:31:13 xserve bootpd[5219]: DHCP DISCOVER [en3]: 1,0:a:95:d7:ff:66 Dec 4 08:31:13 xserve bootpd[5219]: OFFER sent pavel 192.168.1.12 pktsize 307 Dec 4 08:31:15 xserve bootpd[5219]: DHCP REQUEST [en3]: 1,0:a:95:d7:ff:66 Dec 4 08:31:15 xserve bootpd[5219]: ACK sent pavel 192.168.1.12 pktsize 307 Dec 4 08:31:18 xserve named[380]: sysquery: no addrs found for root NS (i.root-servers.net) Dec 4 08:31:18 xserve named[380]: sysquery: no addrs found for root NS (j.root-servers.net) Dec 4 08:31:18 xserve named[380]: sysquery: no addrs found for root NS (k.root-servers.net) Dec 4 08:31:18 xserve named[380]: sysquery: no addrs found for root NS (l.root-servers.net) Dec 4 08:31:18 xserve named[380]: sysquery: no addrs found for root NS (m.root-servers.net) Still have no idea... Robert On 4.12.2003, at 19:42, Giuliano Gavazzi wrote: > At 6:54 pm +0100 2003/12/04, Robert Cerny wrote: >> Hi, >> I checked the files and they look "normal". Anyway, I restarted >> named, and the logs are ok for now. I believe the problem will not >> appear again. >> >> Robert > > Do not trust named, in particular version 8. > > Giuliano > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2367 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031204/9fe7f823/smime.bin From grail at goldweb.com.au Fri Dec 5 00:16:02 2003 From: grail at goldweb.com.au (Alex Satrapa) Date: Thu Nov 3 12:34:08 2005 Subject: Mail.app and Cyrus IMAPd? Message-ID: I'm having a problem getting Mail.app and Cyrus IMAPd to work together. Specifically, if I try to store sent mail, drafts and trash on the Cyrus IMAPd server: 1) Mail.app tries to create the "Sent" folder 2) Cyrus IMAPd responds "NO folder already exists" 3) Mail.app pops up an error sheet saying "could not save the message" 4) Mail.app proceeds to subscribe to the Sent folder, even though it's just told the user that it can't go any further 5) The message is sent, but not saved A similar sequence of events accompanies an attempt to save a draft of a message (which happens automatically from time to time) Does anyone know how to configure Mail.app or Cyrus IMAPd to prevent this behaviour, and preferably allow me to save sent mail and drafts on the server? Thanks Alex Satrapa "Everyone has 20/20 vision in hindsight" -- Old Proverb From grail at goldweb.com.au Fri Dec 5 01:59:04 2003 From: grail at goldweb.com.au (Alex Satrapa) Date: Thu Nov 3 12:34:08 2005 Subject: Passwordless SSH? In-Reply-To: References: Message-ID: <7948C019-2709-11D8-8E0D-0050E4C03462@goldweb.com.au> On 5 Dec 2003, at 09:21, Dan Shoop wrote: > At 7:46 AM -0600 12/4/03, Ross Bogue wrote: >> If the SSH connection asks for a password (the way "ssh slavecpu >> command" usually does) the software will block. The connection must >> be passwordless. Obviously, I need to configure /etc/sshd_config, >> /etc/ssh_config, and /etc/shosts.equiv so this works. > > You need to copy your keys (e.g. authorized_keys2) over to the remote > system. ... and then decide whether to use passwordless keys (but only in connectin with the "command=" parameter in authorized_keys) or an ssh-agent (which requires you to enter the passwords for the keys every time the machine boots). The basic story is: 1) Generate a key (ssh-keygen) 2) Copy (or append) the public key into the remote account's ~/.ssh/authorized_keys 3) Add the secret key to the keyring held by ssh-agent: exec ssh-agent bash ssh-add ~/.ssh/identity 4) ssh account@remote.host "Adding more programmers to a late project generally makes it later." -- Fred Brooks, "The Mythical Man Month" From eric at EMIEng.com Fri Dec 5 04:59:01 2003 From: eric at EMIEng.com (Eric Marshall) Date: Thu Nov 3 12:34:08 2005 Subject: Mail's Junk detector gone crazy In-Reply-To: <200312032001.hB3K16qT001895@slowbro.omnigroup.com> References: <200312032001.hB3K16qT001895@slowbro.omnigroup.com> Message-ID: I upgraded to Panther when it first came out and have just now noticed that Mail's Junk detector is now marking many more messages as Junk than it used to, especially messages that I've often received in the past are now marked Junk. But that's not the worst of it. The Mail app now crashes every single time I mark a message as Junk. I send the crash reports to Apple of course, but I'd like to know if there's a quicker work-around to this problem than waiting for Apple. Thanks in advance. From rbogue at phy.ilstu.edu Fri Dec 5 05:54:07 2003 From: rbogue at phy.ilstu.edu (Ross Bogue) Date: Thu Nov 3 12:34:08 2005 Subject: Passwordless SSH? In-Reply-To: References: Message-ID: At 5:21 PM -0500 12/4/03, Dan Shoop wrote: > >You need to copy your keys (e.g. authorized_keys2) over to the remote system. What do the big sites do? I only have 16 slave CPUs, but they have hundreds. Surely they don't have their users copy files to 1100 slave CPUs? > >I was human last I checked, and aside from a small lapses in sanity >am pretty normal. :-) Ross -- Dr. Ross Bogue Physics Department Illinois State University From jared at 23x.net Fri Dec 5 06:07:04 2003 From: jared at 23x.net (Jared ''Danger'' Earle) Date: Thu Nov 3 12:34:08 2005 Subject: Passwordless SSH? In-Reply-To: References: Message-ID: <3FD0918E.8000906@23x.net> Ross Bogue wrote: > What do the big sites do? I only have 16 slave CPUs, but they have > hundreds. Surely they don't have their users copy files to 1100 slave > CPUs? You script it. Surely if you're going to create *user accounts* on all these machines, you can add their public keys ... Surely you didn't think someone added users manually to 1100 slave CPUs? -- "Shiny!" jared@23x.net From johannes at connected.ch Fri Dec 5 06:13:01 2003 From: johannes at connected.ch (Johannes Vetsch) Date: Thu Nov 3 12:34:08 2005 Subject: OS 9.2.2 and erased files In-Reply-To: Message-ID: <0A9F16D3-272D-11D8-831A-000393764C26@connected.ch> Am Freitag, 05.12.03, um 00:14 Uhr (Europe/Berlin) schrieb Chris Murphy: > Try Data Rescue. But in the meantime I'd stop using that machine > entirely because the more it gets used, the more the previously > allocated sections on the drive are going to get overwritten. Yes, Data Rescue (X) did a nice job for me on a Disk that wasn't even recognized by Norton. Start the machine from an external disk rather than take it into target mode for restoring. good luck! johannes > > > Chris Murphy > Color Remedies (TM) > www.colorremedies.com/realworldcolor > --------------------------------------------------------- > Co-author "Real World Color Management" > Published by PeachPit Press (ISBN 0-201-77340-6) > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From mbartosh at mac.com Fri Dec 5 07:21:01 2003 From: mbartosh at mac.com (Michael Bartosh) Date: Thu Nov 3 12:34:09 2005 Subject: Passwordless SSH? In-Reply-To: <7948C019-2709-11D8-8E0D-0050E4C03462@goldweb.com.au> References: <7948C019-2709-11D8-8E0D-0050E4C03462@goldweb.com.au> Message-ID: At 8:57 PM +1100 12/5/03, Alex Satrapa wrote: >... and then decide whether to use passwordless keys (but only in >connectin with the "command=" parameter in authorized_keys) or an >ssh-agent (which requires you to enter the passwords for the keys >every time the machine boots). Again, kerberized ssh is a) a lot easier and b) a lot more secure than having a bunch of keys floating around. And it's c) a lot simpler than ssh_agent. -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh mbartosh@4am-media.com 303.517.0272 Denver, CO "The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently." - -- Nietzsche Think Different. From philburk at mac.com Fri Dec 5 07:52:00 2003 From: philburk at mac.com (Phil Burk) Date: Thu Nov 3 12:34:09 2005 Subject: I'm sorry In-Reply-To: <85F59401-26F6-11D8-B591-000A958F180A@23x.net> References: <85F59401-26F6-11D8-B591-000A958F180A@23x.net> Message-ID: <16202C31-273A-11D8-B0A1-000A27DD0506@mac.com> On Dec 5, 2003, at 2:42 AM, Jared ''Danger'' Earle wrote: > On 5 Dec 2003, at 03:04, OSX wrote: >> I didn't realize this list was just for a small group of homosexuals. > > Another good reason not to post to mailing lists drunk: you'll read > what you said in your inbox in the morning, sober. And here I thought this list wasn't that small... Phil Burk _______________________________________________________ Systems Support Technician Wiley Publishing, Inc. Indianapolis, IN 46256 317-572-3049 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 618 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031205/ad6994d3/attachment.bin From eric at EMIEng.com Fri Dec 5 07:52:31 2003 From: eric at EMIEng.com (Eric Marshall) Date: Thu Nov 3 12:34:09 2005 Subject: why doesn't niload work all the time for me? In-Reply-To: References: <200312032001.hB3K16qT001895@slowbro.omnigroup.com> Message-ID: I'm just trying to do maintenance on the passwd and group info. All I've been able to do is to add users. Trying to change or delete info never gets saved. I've been using sudo and no errors are ever reported. This is on 10.3.1. From mjwise at kapu.net Fri Dec 5 08:11:13 2003 From: mjwise at kapu.net (Michael J Wise) Date: Thu Nov 3 12:34:09 2005 Subject: weird records in system.log In-Reply-To: References: Message-ID: <99DB9464-273D-11D8-8B8A-003065FB84BC@kapu.net> On Dec 4, 2003, at 9:44 PM, Robert Cerny wrote: > Still have no idea... Is there a firewall blocking port 53? Aloha mai Nai`a! -- "Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy..." From jwelch at aer.com Fri Dec 5 08:25:00 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:09 2005 Subject: I'm sorry In-Reply-To: <16202C31-273A-11D8-B0A1-000A27DD0506@mac.com> Message-ID: On 12/5/03 9:45 AM, "Phil Burk" wrote: > On Dec 5, 2003, at 2:42 AM, Jared ''Danger'' Earle wrote: > > On 5 Dec 2003, at 03:04, OSX wrote: > I didn't realize this list was just for a small group of homosexuals. > > Another good reason not to post to mailing lists drunk: you'll read what you > said in your inbox in the morning, sober. > > And here I thought this list wasn't that small... And if it's full of homosexuals, I'm disappointed in the quality of the parties too. I spent a lot of time in Key West, I have high standards for revelry and drunken foolishness. See...here I am again, the token straight guy john -- No man is fit to command another that cannot command himself. - William Penn From scott at maxify.com Fri Dec 5 08:29:01 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:09 2005 Subject: [Moderator] Re: I'm sorry In-Reply-To: References: Message-ID: <0E342864-2740-11D8-8EF7-003065CA9E5A@maxify.com> On Dec 5, 2003, at 8:24 AM, John C. Welch wrote: > And if it's full of homosexuals, I'm disappointed in the quality of the > parties too. I spent a lot of time in Key West, I have high standards > for > revelry and drunken foolishness. Ooooookay. Can we move on? :) - Scott From kremels at kreme.com Fri Dec 5 08:38:01 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:09 2005 Subject: Longhorn - OS X doomed?? In-Reply-To: References: Message-ID: <3A8D8B90-2741-11D8-A45E-000A95935598@kreme.com> On 04 Dec 2003, at 07:36, OSX wrote: > > What do you think this means for OS X: > > >> From the above article: > "Linux, Unix and MacOS platforms are going to be out of it" I think it means that someone who's job depends on Microsoft in some way or anther has written yet another puff piece praising vaporware and applauding microsoft's "Innovation" of stealing from others. Nothing new here. -- Why live in the world when you can live in your head? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031205/7d8ef3e6/smime.bin From mstearne at entermix.com Fri Dec 5 09:08:05 2003 From: mstearne at entermix.com (Michael Stearne) Date: Thu Nov 3 12:34:09 2005 Subject: Mail's Junk detector gone crazy In-Reply-To: References: <200312032001.hB3K16qT001895@slowbro.omnigroup.com> Message-ID: <8B55EBAE-2745-11D8-B422-000A95CD9C5A@entermix.com> I noticed that Junk is more restrictive also which can be good, but is also annoying. For example, most of the messages to this list go into my Junk folder. Yesterday I added this mailing list to my address book and its still happening. I don't get any crashing however. Michael On Dec 5, 2003, at 7:58 AM, Eric Marshall wrote: > I upgraded to Panther when it first came out and have just now > noticed that Mail's Junk detector is now marking many more messages > as Junk than it used to, especially messages that I've often received > in the past are now marked Junk. But that's not the worst of it. The > Mail app now crashes every single time I mark a message as Junk. I > send the crash reports to Apple of course, but I'd like to know if > there's a quicker work-around to this problem than waiting for Apple. > > Thanks in advance. > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > > From jwelch at aer.com Fri Dec 5 09:17:01 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:09 2005 Subject: [Moderator] Re: I'm sorry In-Reply-To: <0E342864-2740-11D8-8EF7-003065CA9E5A@maxify.com> Message-ID: On 12/5/03 10:28 AM, "Scott Stevenson" wrote: >> And if it's full of homosexuals, I'm disappointed in the quality of the >> parties too. I spent a lot of time in Key West, I have high standards >> for >> revelry and drunken foolishness. > > Ooooookay. Can we move on? :) LMAO...enough surrealism for the week? john -- Know and use all the capabilities in your airplane. If you don't, sooner or later, some guy who does use them all will kick your ass. -- Dave 'Preacher' Pace From kremels at kreme.com Fri Dec 5 09:32:00 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:09 2005 Subject: Passwordless SSH? (Modified by Marley Graham) In-Reply-To: References: Message-ID: On 04 Dec 2003, at 08:32, Marley Graham wrote: > Sorry, this apparently didn't go through before. > ===================================== > > On Dec 4, 2003, at 5:46 AM, Ross Bogue wrote: > >> Are there any SSH experts among us? I'm having a mental block trying >> to set up a small compute cluster. > > > I can't claim to be an expert, but here is how I set up our systems to > access our AIX box: > > * On the User?s machine: > > Type: ssh-keygen -t rsa > cd to /home//.ssh > ls to check for id_rsa.pub > ftp the file to :/home/ ftp? Are you joking? # Make sure the .ssh directory exists on the remote server % ssh user@server 'if [ ! -d .ssh ]; then mkdir .ssh; fi' # Copy the key file(s) % scp id_rsa.pub user@server:.ssh # Put the key in the authorized_keys2 file % sh user@server "cd .ssh; cat id_rsa.pub >> authorized_keys2; chmod 600 authorized_keys2" -- Instant karma's gonna get you -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031205/a3ad71bd/smime.bin From robertcerny at mac.com Fri Dec 5 12:05:10 2003 From: robertcerny at mac.com (Robert Cerny) Date: Thu Nov 3 12:34:09 2005 Subject: weird records in system.log In-Reply-To: <99DB9464-273D-11D8-8B8A-003065FB84BC@kapu.net> References: <99DB9464-273D-11D8-8B8A-003065FB84BC@kapu.net> Message-ID: <61711CCF-275E-11D8-B96F-000A95D9A83A@mac.com> Hi, good idea but I don't think so... /sbin/ipfw add 3000 allow udp from any 1024-65535 to any 53 out via ${exif} keep-state /sbin/ipfw add 4040 allow udp from any to ${exip} 53 in via ${exif} keep-state Robert On 5.12.2003, at 17:10, Michael J Wise wrote: > On Dec 4, 2003, at 9:44 PM, Robert Cerny wrote: > >> Still have no idea... > > Is there a firewall blocking port 53? > > Aloha mai Nai`a! > -- > "Please have your Internet License http://kapu.net/~mjwise/ > and Usenet Registration handy..." > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2367 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031205/9a4b3e23/smime.bin From janos.lobb at yale.edu Fri Dec 5 12:56:03 2003 From: janos.lobb at yale.edu (=?ISO-8859-1?Q?J=E1nos_L=F6bb?=) Date: Thu Nov 3 12:34:09 2005 Subject: Mail's Junk detector gone crazy In-Reply-To: <8B55EBAE-2745-11D8-B422-000A95CD9C5A@entermix.com> References: <200312032001.hB3K16qT001895@slowbro.omnigroup.com> <8B55EBAE-2745-11D8-B422-000A95CD9C5A@entermix.com> Message-ID: <7E0B91C9-2765-11D8-8B9B-000A27DD8970@janos.mail.yale.edu> You can set Junk's rule(s) in Mail preferences->Junk-> Advanced and from there on you will be in control. I also recommend to setup filtering and use as many rules as you can and route the mail out of your inbox at front. In my case I have a mailbox "Mac OS X" which has a number of sub-boxes. One of them is OSx admin from omnigroup. Surely I find all messages coming to me from the group in that mailbox. /I am a POP kind of mailguy, traditional/ Regarding Junk, I just empty it out once in a month without even looking at it. /It MUST be junk :)/ J?nos On Dec 5, 2003, at 12:07 PM, Michael Stearne wrote: > I noticed that Junk is more restrictive also which can be good, but is > also annoying. For example, most of the messages to this list go into > my Junk folder. Yesterday I added this mailing list to my address > book and its still happening. I don't get any crashing however. > > Michael > > > > On Dec 5, 2003, at 7:58 AM, Eric Marshall wrote: > >> I upgraded to Panther when it first came out and have just now >> noticed that Mail's Junk detector is now marking many more messages >> as Junk than it used to, especially messages that I've often received >> in the past are now marked Junk. But that's not the worst of it. The >> Mail app now crashes every single time I mark a message as Junk. I >> send the crash reports to Apple of course, but I'd like to know if >> there's a quicker work-around to this problem than waiting for Apple. >> >> Thanks in advance. >> >> _______________________________________________ >> MacOSX-admin mailing list >> MacOSX-admin@omnigroup.com >> http://www.omnigroup.com/mailman/listinfo/macosx-admin >> >> > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > > ------------------------------------------------- clear perl code is better than unclear awk code; but NOTHING comes close to unclear perl code http://www.faqs.org/faqs/computer-lang/awk/faq/ From blue at ev01.net Fri Dec 5 13:10:01 2003 From: blue at ev01.net (Jeff D) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther Message-ID: <3FD0F40F.4030703@ev01.net> Hi Everyone, I have a user here who is having a strange problem. When ever he takes a screenshot, the icon shows up on the desktop, but as soon as he goes to click on it, it disappears w/o a trace. Anyone ever seen anything like this before? This just started to happen after we did an update to panther. tia, Jeff From scott at maxify.com Fri Dec 5 13:46:05 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: <3FD0F40F.4030703@ev01.net> References: <3FD0F40F.4030703@ev01.net> Message-ID: <45086673-276C-11D8-AB05-003065CA9E5A@maxify.com> On Dec 5, 2003, at 1:09 PM, Jeff D wrote: > I have a user here who is having a strange problem. When ever he > takes a screenshot, the icon shows up on the desktop, but as soon as > he goes to click on it, it disappears w/o a trace. Does he have any scripts or utilities installed that automatically move items off the desktop? There are a few of them out there. - Scott -- Tree House Ideas http://treehouseideas.com/ From kremels at kreme.com Fri Dec 5 13:54:05 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:09 2005 Subject: Defaults Read In-Reply-To: References: <893CD7E2-2686-11D8-8CD9-0030657075EA@mac.com> Message-ID: <7A05D510-276D-11D8-A45E-000A95935598@kreme.com> On 04 Dec 2003, at 15:53, Michael Terry wrote: > I don't suppose anyone knows a non-graphical way to determine how many > displays are attached to a machine, do they? system_profile? -- Don't congratulate yourself too much, or berate yourself either. Your choices are half chance; so are everybody else's. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031205/a2bc8b24/smime.bin From scott at maxify.com Fri Dec 5 14:00:03 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:09 2005 Subject: [Moderator] Re: I'm sorry In-Reply-To: References: Message-ID: <45C3D2A9-276E-11D8-AB05-003065CA9E5A@maxify.com> FYI: This person has been removed from the list. - Scott On Dec 4, 2003, at 6:04 PM, OSX wrote: > I didn't realize this list was just for a small group of homosexuals. > dhhhhhan and bhhhilly bhhhhob and yahhh'll -- Tree House Ideas http://treehouseideas.com/ From blue at ev01.net Fri Dec 5 14:16:02 2003 From: blue at ev01.net (Jeff D) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: <45086673-276C-11D8-AB05-003065CA9E5A@maxify.com> References: <3FD0F40F.4030703@ev01.net> <45086673-276C-11D8-AB05-003065CA9E5A@maxify.com> Message-ID: <3FD1038A.2030405@ev01.net> Scott Stevenson wrote: > > On Dec 5, 2003, at 1:09 PM, Jeff D wrote: > >> I have a user here who is having a strange problem. When ever he >> takes a screenshot, the icon shows up on the desktop, but as soon as >> he goes to click on it, it disappears w/o a trace. > > > Does he have any scripts or utilities installed that automatically move > items off the desktop? There are a few of them out there. > > - Scott > I don't beleive so, this is part of his normal work flow. Jeff From artemis at spies.com Fri Dec 5 14:40:02 2003 From: artemis at spies.com (Kelly Rollefson) Date: Thu Nov 3 12:34:09 2005 Subject: error -14131 when adding ldap attributes in wgm. Message-ID: I've been trying to get our LDAP directory all set up before announcing it to users so it will magically be useful without them having to do anything. :] I've got the LDAP server working on Panther (Mac OS X Server 10.3.1), and everything seems to be running smoothly. However, every time I try to add certain LDAP attributes (e.g. Address Line 2, City, Location, etc.) to a user's account in WGM I get the error: "Error of type -14131 on line 428 of NimrodPluginView.mm". My searching online and in list archives hasn't yielded much fruit (not that I can search on "14131" in the Omni archives). Has anyone else experienced similar issues? Is there another way I should be adding attributes? Thanks for your help! Kelly --- "Do good by stealth, and blush to find it fame." - Alexander Pope From henrys at apple.com Fri Dec 5 15:18:04 2003 From: henrys at apple.com (Henry Stukenborg) Date: Thu Nov 3 12:34:09 2005 Subject: error -14131 when adding ldap attributes in wgm. In-Reply-To: Message-ID: Kelly, > I've been trying to get our LDAP directory all set up before announcing > it to users so it will magically be useful without them having to do > anything. :] I've got the LDAP server working on Panther (Mac OS X > Server 10.3.1), and everything seems to be running smoothly. However, > every time I try to add certain LDAP attributes (e.g. Address Line 2, > City, Location, etc.) to a user's account in WGM I get the error: > "Error of type -14131 on line 428 of NimrodPluginView.mm". You can find all of the error codes from Open Directory here: Essentially that's an invalid attribute error. What's happening is WGM only knows about the attributes defined in the DirectoryAccess mappings. If an attribute isn't mapped, you get that error. If you look at the mappings for OpenDirectory they only define Address Line 1 (which is why that works fine). You can add entries for Address Line 2, or any of the others, but you also have to specify something for it to map to. To find out what those might be you should look in the schema files in /etc/openldap/schema. (i.e. Address Line 2 == postOfficeBox ). I hope that helps. -- Henry Stukenborg AppleCare Enterprise Services henrys@apple.com From suthercd at mac.com Fri Dec 5 15:58:01 2003 From: suthercd at mac.com (Craig Sutherland) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: <3FD1038A.2030405@ev01.net> References: <3FD0F40F.4030703@ev01.net> <45086673-276C-11D8-AB05-003065CA9E5A@maxify.com> <3FD1038A.2030405@ev01.net> Message-ID: Jeff, Repair permissions. Doing this has cleared up quirky behavior for me. There are some shareware utilities to update prebindings or from the CLI- sudo update_prebinding -root / -force Then immediately restart. Craig Sutherland "Who is John Galt" On Dec 5, 2003, at 4:15 PM, Jeff D wrote: > Scott Stevenson wrote: >> On Dec 5, 2003, at 1:09 PM, Jeff D wrote: >>> I have a user here who is having a strange problem. When ever he >>> takes a screenshot, the icon shows up on the desktop, but as soon as >>> he goes to click on it, it disappears w/o a trace. >> Does he have any scripts or utilities installed that automatically >> move items off the desktop? There are a few of them out there. >> - Scott > I don't beleive so, this is part of his normal work flow. > Jeff At 2:15 PM -0800 12/5/03, Jeff D wrote: >Scott Stevenson wrote: >> >>On Dec 5, 2003, at 1:09 PM, Jeff D wrote: >> >>>I have a user here who is having a strange problem. When ever he >>>takes a screenshot, the icon shows up on the desktop, but as soon >>>as he goes to click on it, it disappears w/o a trace. >> >> >>Does he have any scripts or utilities installed that automatically >>move items off the desktop? There are a few of them out there. >> >> - Scott >> > >I don't beleive so, this is part of his normal work flow. > >Jeff One of my users had this happen yesterday. He was actively running Apple's Disk Utility and doing "Repair Disk Preferences" while he had other programs open. He was trying to take a snapshot to send me and complained that he had to Quit from Disk Utility to keep a Picture file from disappearing every time he "touched" it to pick it up and put it his mail message. I told him I didn't think it was "generally a good idea" to be repairing a disk with files and applications open. Don't know if that was it, but I never heard any more and he did send me additional Picture files over the evening. Perhaps Disk Utility is just trying to keep the disk "stable" while it works on it. Seems a sorta logical behavior to me, especially if the Desktop Folder just happens to be one of the "files" having its permissions changed. --DJ -- ******** DJ James, Systems/Network Administrator NYU School of Medicine From garbanzito at mac.com Fri Dec 5 17:21:01 2003 From: garbanzito at mac.com (steve harley) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: References: Message-ID: <626B08F0-278A-11D8-8D1D-000393C5ED50@mac.com> On 5 Dec 2003, at 4:57 PM, DJ James wrote: > One of my users had this happen yesterday. He was actively running > Apple's Disk Utility and doing "Repair Disk Preferences" > [...] > I told him I didn't think it was "generally a good idea" to be > repairing a disk with files and applications open. Don't know if that > was it, but I never heard any more and he did send me additional > Picture files over the evening. do you mean "Repair Disk Permissions"? if so, it's okay to run that while other apps are open.. it just sets some flags on the file headers, doesn't care whether files are open, and doesn't touch most of the files you'd have open anyway.. if you mean "Repair Disk" -- this you can't do on the boot volume, where most of your activity will be from running apps.. and if running apps have files open on another volume, you just won't be able to repair that volume because it can't unmount.. so overall, it's hard to go wrong with either function From conrad at yoders.org Fri Dec 5 17:22:05 2003 From: conrad at yoders.org (Conrad G T Yoder) Date: Thu Nov 3 12:34:09 2005 Subject: Mail's Junk detector gone crazy In-Reply-To: Message-ID: At 12/5/03 7:58 AM -0500, Eric Marshall wrote: > > I upgraded to Panther when it first came out and have just now > noticed that Mail's Junk detector is now marking many more messages > as Junk than it used to, especially messages that I've often received > in the past are now marked Junk. But that's not the worst of it. The > Mail app now crashes every single time I mark a message as Junk. I > send the crash reports to Apple of course, but I'd like to know if > there's a quicker work-around to this problem than waiting for Apple. Could very well be corrupted prefs. Trash as many Safari preference files as you can, and see what happens. -Conrad From djjames at env.med.nyu.edu Fri Dec 5 19:46:01 2003 From: djjames at env.med.nyu.edu (DJ James) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: <626B08F0-278A-11D8-8D1D-000393C5ED50@mac.com> References: <626B08F0-278A-11D8-8D1D-000393C5ED50@mac.com> Message-ID: At 6:20 PM -0700 12/5/03, steve harley wrote: >On 5 Dec 2003, at 4:57 PM, DJ James wrote: >>One of my users had this happen yesterday. He was actively running >>Apple's Disk Utility and doing "Repair Disk Preferences" >>[...] >>I told him I didn't think it was "generally a good idea" to be >>repairing a disk with files and applications open. Don't know if >>that was it, but I never heard any more and he did send me >>additional Picture files over the evening. > >do you mean "Repair Disk Permissions"? if so, it's okay to run that >while other apps are open.. it just sets some flags on the file >headers, doesn't care whether files are open, and doesn't touch most >of the files you'd have open anyway.. Yeah, it was definitely "Repair Disk Permissions". I know the system because I originally set it up and the boot drive is the only one he has and he was complaining that he couldn't run "Repair Disk" and was trying to send me a picture of the ghosted buttons so I know he was booted off that drive, not his Panther CD. I do know Apple says it's safe to repair permissions on the boot drive, so it probably is (even though the unix guru in me says you only fsck a drive from single-user mode -- I don't care what Apple calls it, it sounds too much like fsck to me, but I'm paranoid :-). Anyway, he -was- seeing this odd "Picture files vanishing if he touched them" as long as the Disk Utility program was open and says it stopped when he Quit from it -- so I figured I'd pass it on. Then again, I just tried it here and can't get it to happen so it's probably part of the other flakey things his system is doing since he upgraded. He can't get Safari 1.1.1 to actually run, either, (doesn't quit, just sits there going nowhere) so I think vanishing Picture files is only the beginning. --DJ From scott at maxify.com Fri Dec 5 22:16:01 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: References: <626B08F0-278A-11D8-8D1D-000393C5ED50@mac.com> Message-ID: <9369F165-27B3-11D8-9CD3-003065CA9E5A@maxify.com> On Dec 5, 2003, at 5:46 PM, DJ James wrote: > I do know Apple says it's safe to repair permissions on the boot > drive, so it probably is (even though the unix guru in me says you > only fsck a drive from single-user mode -- I don't care what Apple > calls it, it sounds too much like fsck to me Isn't it just a chmod-like operation? - Scott -- Tree House Ideas http://treehouseideas.com/ From sanguish at digifix.com Sat Dec 6 01:00:11 2003 From: sanguish at digifix.com (Scott Anguish) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: <9369F165-27B3-11D8-9CD3-003065CA9E5A@maxify.com> References: <626B08F0-278A-11D8-8D1D-000393C5ED50@mac.com> <9369F165-27B3-11D8-9CD3-003065CA9E5A@maxify.com> Message-ID: <02B13F97-27CA-11D8-9B57-000393D59866@digifix.com> On Dec 6, 2003, at 1:15 AM, Scott Stevenson wrote: > > On Dec 5, 2003, at 5:46 PM, DJ James wrote: > >> I do know Apple says it's safe to repair permissions on the boot >> drive, so it probably is (even though the unix guru in me says you >> only fsck a drive from single-user mode -- I don't care what Apple >> calls it, it sounds too much like fsck to me > > Isn't it just a chmod-like operation? > > Yes, it isn't fsck.. it just makes sure that the permissions are what they are supposed to be. From artemis at spies.com Sat Dec 6 01:34:01 2003 From: artemis at spies.com (Kelly Rollefson) Date: Thu Nov 3 12:34:09 2005 Subject: error -14131 when adding ldap attributes in wgm. In-Reply-To: References: Message-ID: <396EAA86-27CF-11D8-AD82-000A959B204E@spies.com> On Dec 5, 2003, at 3:17 PM, Henry Stukenborg wrote: > What's happening is WGM only knows about the attributes defined in the > DirectoryAccess mappings... It looks to my untrained eyes like a lot of this is contained in the core schema, but heck if I know how to read it. (The Reference Guide seems more geared towards programmers than sysadmins.) Would you mind giving me an example, like say adding "City" so that I can have a frame of reference from which to get a bead on thing? Thanks for your help, Kelly -*- "Awareness, in and of itself, is curative." - Robert Marrone From jared at 23x.net Sat Dec 6 03:04:04 2003 From: jared at 23x.net (Jared ''Danger'' Earle) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: References: <626B08F0-278A-11D8-8D1D-000393C5ED50@mac.com> Message-ID: On 6 Dec 2003, at 02:46, DJ James wrote: > I do know Apple says it's safe to repair permissions on the boot > drive, so it probably is (even though the unix guru in me says you > only fsck a drive from single-user mode -- I don't care what Apple > calls it, it sounds too much like fsck to me, but I'm paranoid :-). Nope, it's fancy chmodding. Repairing disks is fscking and, as has been pointed out, that can only be done on an unmounted drive. -- Jared Earle, Nightfall Games, jared@23x.net - http://www.23x.net "No SPORK today. SPORK tomorrow. There's always SPORK tomorrow." From djjames at env.med.nyu.edu Sat Dec 6 08:42:03 2003 From: djjames at env.med.nyu.edu (DJ James) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: References: <626B08F0-278A-11D8-8D1D-000393C5ED50@mac.com> Message-ID: At 12:03 PM +0100 12/6/03, Jared ''Danger'' Earle wrote: >On 6 Dec 2003, at 02:46, DJ James wrote: >>I do know Apple says it's safe to repair permissions on the boot >>drive, so it probably is (even though the unix guru in me says you >>only fsck a drive from single-user mode -- I don't care what Apple >>calls it, it sounds too much like fsck to me, but I'm paranoid :-). > >Nope, it's fancy chmodding. Repairing disks is fscking and, as has >been pointed out, that can only be done on an unmounted drive. > Yep, you're absolutely right! And back in my AT&T, BSD, and Solaris days I always wished for a program that would do just -that- for permissions. After a new system install or an upgrade I'd manually run a recursive long listing (something like "ls -lR ./* >> saveperms &") on the whole system starting at root to redirect the results into a file. If a "rogue" installer messed things up a year later, I'd just run the command again into a new file and do a "diff" between them to see what it had changed. It wasn't easy, but having that base file saved me more than once from starting over from scratch. It's still handy today for creating a file containing a listing of, say, your entire Home directory and everything below it prior to moving to a new system. 'Cept today it runs in minutes instead of hours. I remember even doing this from a Terminal window, as root, when I first started playing with OS X, just to get a feel for Apple's Unix -- and because so many installers "broke" things early on. I s'pose "Repair Permissions" in Disk Utility is just doing something similar to my old trick and who, better than Apple, to know how to put things back as they should be? Thanks, Apple! And, thanks Steve, Scott S, Scott A and Jared for slowing me down and making me think! You're all correct and it's surely harmless to Repair Permissions on a "boot drive" with open files and apps. Which means we still don't have a clue about what is/was causing those "vanishing" Picture files, do we? --DJ -- ******** DJ James, Systems/Network Administrator NYU School of Medicine From mstearne at entermix.com Sat Dec 6 09:20:13 2003 From: mstearne at entermix.com (Michael Stearne) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: References: <626B08F0-278A-11D8-8D1D-000393C5ED50@mac.com> Message-ID: <5FA58B18-2810-11D8-9A1D-000A95CD9C5A@entermix.com> I don't understand why I have never needed to use Repair Permissions. People say to use it after every installation. What situations do people need to use this utility. All users on my machines are primarily marked as Administrator. Maybe this is why I don't see these problems. Michael On Dec 6, 2003, at 11:41 AM, DJ James wrote: > At 12:03 PM +0100 12/6/03, Jared ''Danger'' Earle wrote: >> On 6 Dec 2003, at 02:46, DJ James wrote: >>> I do know Apple says it's safe to repair permissions on the boot >>> drive, so it probably is (even though the unix guru in me says you >>> only fsck a drive from single-user mode -- I don't care what Apple >>> calls it, it sounds too much like fsck to me, but I'm paranoid :-). >> >> Nope, it's fancy chmodding. Repairing disks is fscking and, as has >> been pointed out, that can only be done on an unmounted drive. >> > > Yep, you're absolutely right! And back in my AT&T, BSD, and Solaris > days I always wished for a program that would do just -that- for > permissions. After a new system install or an upgrade I'd manually run > a recursive long listing (something like "ls -lR ./* >> saveperms &") > on the whole system starting at root to redirect the results into a > file. If a "rogue" installer messed things up a year later, I'd just > run the command again into a new file and do a "diff" between them to > see what it had changed. It wasn't easy, but having that base file > saved me more than once from starting over from scratch. It's still > handy today for creating a file containing a listing of, say, your > entire Home directory and everything below it prior to moving to a new > system. 'Cept today it runs in minutes instead of hours. > > I remember even doing this from a Terminal window, as root, when I > first started playing with OS X, just to get a feel for Apple's Unix > -- and because so many installers "broke" things early on. I s'pose > "Repair Permissions" in Disk Utility is just doing something similar > to my old trick and who, better than Apple, to know how to put things > back as they should be? Thanks, Apple! > > And, thanks Steve, Scott S, Scott A and Jared for slowing me down and > making me think! You're all correct and it's surely harmless to Repair > Permissions on a "boot drive" with open files and apps. > > Which means we still don't have a clue about what is/was causing those > "vanishing" Picture files, do we? > > --DJ > -- > ******** > DJ James, Systems/Network Administrator > NYU School of Medicine > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > > From shawn at freetimesw.com Sat Dec 6 09:55:04 2003 From: shawn at freetimesw.com (Shawn Erickson) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: <5FA58B18-2810-11D8-9A1D-000A95CD9C5A@entermix.com> References: <626B08F0-278A-11D8-8D1D-000393C5ED50@mac.com> <5FA58B18-2810-11D8-9A1D-000A95CD9C5A@entermix.com> Message-ID: <11C3A6CB-2815-11D8-869D-000A95A6C778@freetimesw.com> On Dec 6, 2003, at 9:19 AM, Michael Stearne wrote: > I don't understand why I have never needed to use Repair Permissions. > People say to use it after every installation. What situations do > people need to use this utility. All users on my machines are > primarily marked as Administrator. Maybe this is why I don't see > these problems. Because most installers today are much better about the permissions they set. Any way if you want to track down the missing screen shots try using fs_usage from the command line to see who is mucking with things. [G5:~] shawnce% sudo fs_usage | grep Picture 09:52:11 getattrlist /.vol/234881042/171540/Picture 2.pdf 0.000035 SystemUIServ 09:52:11 open /.vol/234881042/171540/Picture 2.pdf 0.000133 SystemUIServ 09:52:11 getattrlist /.vol/234881042/171540/Picture 2.pdf 0.000011 SystemUIServ 09:52:11 getattrlist /.vol/234881042/171540/Picture 2.pdf 0.000008 SystemUIServ 09:52:11 setattrlist /.vol/234881042/171540/Picture 2.pdf 0.000019 SystemUIServ 09:52:11 lstat /Users/shawnce/Desktop/Picture 2.pdf 0.000008 screencaptur 09:52:15 getattrlist /Users/shawnce/Desktop/Picture 2.pdf 0.000041 screencaptur 09:52:15 stat /Users/shawnce/Desktop/Picture 2.pdf 0.000026 screencaptur 09:52:15 open /Users/shawnce/Desktop/Picture 2.pdf 0.000067 screencaptur From peterf at semiotx.com Sat Dec 6 10:46:07 2003 From: peterf at semiotx.com (Peter Fraterdeus) Date: Thu Nov 3 12:34:09 2005 Subject: [somewhat OT] virtusertable Message-ID: After some years of running a number of virtual mail domains, under sendmail, using /etc/mail/virtualusertable, I noticed that there's no 'breakpoint' in the processing of local names... That is, say a local user has UID peterf, and virtusertable shows: pf@semiotx.com peterf info@semiotx.com peterf pf@eiotx.net peterf info@someother.com someotheruser etc so far so good, mail to info or peterf is delivered to the listed domains. however, the problem arises with an address like peterf@someother.com which I'd like to think would be refused, but in fact, is ALSO delivered to local user peterf. I can't seem to find anything through Google, since I'm not quite how to refer to the situation. Is there a 'refuse all other' that I can add to the end of each domain's list? TIA Peter -- AzByCx DwEvFu GtHsIr JqKpLo MnNmOl PkQjRi ShTgUf VeWdXc YbZa&@ Peter Fraterdeus http://www.fraterdeus.com http://www.semiotx.com Web Strategy Consulting "Words that work."(tm) Communication Design and Typography From scott at maxify.com Sat Dec 6 10:59:06 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:09 2005 Subject: [somewhat OT] virtusertable In-Reply-To: References: Message-ID: <208AF222-281E-11D8-A284-003065CA9E5A@maxify.com> On Dec 6, 2003, at 10:45 AM, Peter Fraterdeus wrote: > which I'd like to think would be refused, but in fact, is ALSO > delivered to local user peterf. > I can't seem to find anything through Google, since I'm not quite how > to refer to the situation. > Is there a 'refuse all other' that I can add to the end of each > domain's list? You might be able to use the 'access' file to handle this. For example, inside access, you could probably do: peterf@someother.com REJECT Not that this will only work if you don't want 'peterf@someother.com' to go anywhere at all. I'm not sure how to handle a situation where you want a single copy sent somewhere else, but don't want a local copy. You also *might* be able to do: info@someother.com OK someother.com REJECT But I'm not entirely sure that you can 'stack' them like that. - Scott -- Tree House Ideas http://treehouseideas.com/ From jared at 23x.net Sat Dec 6 11:51:01 2003 From: jared at 23x.net (Jared ''Danger'' Earle) Date: Thu Nov 3 12:34:09 2005 Subject: [somewhat OT] virtusertable Message-ID: <63BCB28C-2825-11D8-AB18-000A958F180A@23x.net> On 6 Dec 2003, at 19:45, Peter Fraterdeus wrote: > Is there a 'refuse all other' that I can add to the end of each > domain's list? @someother.com bit-bucket In /etc/aliases, uncomment the bit-bucket entry. -- Jared Earle, Nightfall Games, jared@23x.net - http://www.23x.net "So long, and thanks for all the SPORK" From listor at melin.org Sat Dec 6 14:15:01 2003 From: listor at melin.org (Joacim Melin) Date: Thu Nov 3 12:34:09 2005 Subject: httpd log analyzer for OS X Server 10.3 Message-ID: <6098EBDC-2839-11D8-8753-000A95A01788@melin.org> Hi all, just wanted to check if anyone have an idea of a good httpd log analyzer for OS X Server. I've used Analog in the past which is free and plenty fast but I would like something with a little nicer output and something that doesn't require me to mess with crontab. Any takers ? Joacim ------------------------------------------------------------------------ joacim melin > http://z80.org > joacim at melin dot org ------------------------------------------------------------------------ From list-omnigroup at fsck.net Sat Dec 6 15:24:13 2003 From: list-omnigroup at fsck.net (Eugene Lee) Date: Thu Nov 3 12:34:09 2005 Subject: [somewhat OT] virtusertable In-Reply-To: References: Message-ID: <20031206231705.GA1516@Dark-Age.local> On Sat, Dec 06, 2003 at 12:45:05PM -0600, Peter Fraterdeus wrote: : : After some years of running a number of virtual mail domains, under : sendmail, using /etc/mail/virtualusertable, I noticed that there's no : 'breakpoint' in the processing of local names... : : That is, say a local user has UID peterf, and virtusertable shows: : : pf@semiotx.com peterf : info@semiotx.com peterf : pf@eiotx.net peterf : info@someother.com someotheruser : : etc : : so far so good, mail to info or peterf is delivered to the listed domains. : however, the problem arises with an address like : : peterf@someother.com : : which I'd like to think would be refused, but in fact, is ALSO : delivered to local user peterf. : : I can't seem to find anything through Google, since I'm not quite how : to refer to the situation. : : Is there a 'refuse all other' that I can add to the end of each : domain's list? Yep. After your block of virtusertable entries for that domain, I always like to finish it off with: @someother.com error:nouser No such user here References: http://www.sendmail.org/virtual-hosting.html -- Eugene Lee http://www.coxar.pwp.blueyonder.co.uk/ From magill at mcgillsociety.org Sat Dec 6 19:44:02 2003 From: magill at mcgillsociety.org (William H. Magill) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: <5FA58B18-2810-11D8-9A1D-000A95CD9C5A@entermix.com> References: <626B08F0-278A-11D8-8D1D-000393C5ED50@mac.com> <5FA58B18-2810-11D8-9A1D-000A95CD9C5A@entermix.com> Message-ID: <922675F5-2867-11D8-870A-000393768D2C@mcgillsociety.org> On 06 Dec, 2003, at 12:19, Michael Stearne wrote: > I don't understand why I have never needed to use Repair Permissions. > People say to use it after every installation. What situations do > people need to use this utility. All users on my machines are > primarily marked as Administrator. Maybe this is why I don't see > these problems. That probably helps... Also you probably have "ignore permissions" checked on any mounted non-system disks. Repair permissions checks the bom files in the /library/receipts directory, and sets permissions, and owner/group designations as appropriate. (man lsbom if you want to see what is there.) Panther has been very good at permissions. Third Party software is still random. The newer an application, the cleaner it installs. ... funny thing about that experience thing. T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a magill@mcgillsociety.org magill@acm.org magill@mac.com From bcw at sfu.ca Sat Dec 6 21:42:01 2003 From: bcw at sfu.ca (Brian Warsing) Date: Thu Nov 3 12:34:09 2005 Subject: Screen shots disappearing in Panther In-Reply-To: <3FD0F40F.4030703@ev01.net> References: <3FD0F40F.4030703@ev01.net> Message-ID: <20031207054145.GA27967@sfu.ca> I have seen this behavior in Jaguar when students create PFD's from Illustrator, Photoshop, Pagemaker, and the like... I have also witnessed on several occassions, PDF's disappearing from AFP shares. It's some seriously strange behavior. On Fri, Dec 05, 2003 at 01:09:35PM -0800, Jeff D wrote: > Hi Everyone, > > I have a user here who is having a strange problem. When ever he takes > a screenshot, the icon shows up on the desktop, but as soon as he goes > to click on it, it disappears w/o a trace. > > Anyone ever seen anything like this before? This just started to happen > after we did an update to panther. > > tia, > > Jeff > > > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin -- Brian Warsing Academic Computing Services at Harbour Centre Simon Fraser University ph. 604-291-5030 ICQ# 167127757 From peterf at semiotx.com Sat Dec 6 22:01:02 2003 From: peterf at semiotx.com (Peter Fraterdeus) Date: Thu Nov 3 12:34:09 2005 Subject: [somewhat OT] virtusertable In-Reply-To: <20031206231705.GA1516@Dark-Age.local> References: <20031206231705.GA1516@Dark-Age.local> Message-ID: Great! Thanks for the tips, all! PF >:... >Yep. After your block of virtusertable entries for that domain, I >always like to finish it off with: > > @someother.com error:nouser No such user here > >References: > > http://www.sendmail.org/virtual-hosting.html > > >-- >Eugene Lee >http://www.coxar.pwp.blueyonder.co.uk/ -- AzByCx DwEvFu GtHsIr JqKpLo MnNmOl PkQjRi ShTgUf VeWdXc YbZa&@ Peter Fraterdeus http://www.fraterdeus.com http://www.semiotx.com Web Strategy Consulting "Words that work."(tm) Communication Design and Typography From peterf at semiotx.com Sat Dec 6 23:01:02 2003 From: peterf at semiotx.com (Peter Fraterdeus) Date: Thu Nov 3 12:34:10 2005 Subject: httpd log analyzer for OS X Server 10.3 In-Reply-To: <6098EBDC-2839-11D8-8753-000A95A01788@melin.org> References: <6098EBDC-2839-11D8-8753-000A95A01788@melin.org> Message-ID: Sawmill is quite good. http://www.sawmill.net/ PF At 11:13 PM +0100 2003-12-06, Joacim Melin wrote: >Hi all, > >just wanted to check if anyone have an idea of a good httpd log analyzer for OS X Server. I've used Analog in the past which is free and plenty fast but I would like something with a little nicer output and something that doesn't require me to mess with crontab. > >Any takers ? > >Joacim > >------------------------------------------------------------------------ >joacim melin > http://z80.org > joacim at melin dot org >------------------------------------------------------------------------ > >_______________________________________________ >MacOSX-admin mailing list >MacOSX-admin@omnigroup.com >http://www.omnigroup.com/mailman/listinfo/macosx-admin -- AzByCx DwEvFu GtHsIr JqKpLo MnNmOl PkQjRi ShTgUf VeWdXc YbZa&@ Peter Fraterdeus http://www.fraterdeus.com http://www.semiotx.com Web Strategy Consulting "Words that work."(tm) Communication Design and Typography From lists at chasin-family.org Sun Dec 7 03:03:02 2003 From: lists at chasin-family.org (Mailing Lists - SBC) Date: Thu Nov 3 12:34:10 2005 Subject: httpd log analyzer for OS X Server 10.3 In-Reply-To: <6098EBDC-2839-11D8-8753-000A95A01788@melin.org> References: <6098EBDC-2839-11D8-8753-000A95A01788@melin.org> Message-ID: On Dec 6, 2003, at 17:13, Joacim Melin wrote: > Hi all, > > just wanted to check if anyone have an idea of a good httpd log > analyzer for OS X Server. I've used Analog in the past which is free > and plenty fast but I would like something with a little nicer output > and something that doesn't require me to mess with crontab. > > I like awstats http://awstats.sourceforge.net From jared at 23x.net Sun Dec 7 04:48:04 2003 From: jared at 23x.net (Jared ''Danger'' Earle) Date: Thu Nov 3 12:34:10 2005 Subject: httpd log analyzer for OS X Server 10.3 In-Reply-To: References: <6098EBDC-2839-11D8-8753-000A95A01788@melin.org> Message-ID: <3BDAACB2-28B3-11D8-ACA6-000A958F180A@23x.net> On 7 Dec 2003, at 12:01, Mailing Lists - SBC wrote: > I like awstats > > http://awstats.sourceforge.net I run awstats on over 40GB of logfiles a month in my real job. While there are faster solutions, it's my personal favourite too. -- Jared Earle, Nightfall Games, jared@23x.net - http://www.23x.net "Watashi-wa shin no SUPORUKU desu" From magill at mcgillsociety.org Sun Dec 7 10:10:17 2003 From: magill at mcgillsociety.org (William H. Magill) Date: Thu Nov 3 12:34:10 2005 Subject: Screen shots disappearing in Panther In-Reply-To: <20031207054145.GA27967@sfu.ca> References: <3FD0F40F.4030703@ev01.net> <20031207054145.GA27967@sfu.ca> Message-ID: <7BEC34F2-28E0-11D8-871B-000393768D2C@mcgillsociety.org> On 07 Dec, 2003, at 00:41, Brian Warsing wrote: > I have seen this behavior in Jaguar when students create PFD's from > Illustrator, Photoshop, Pagemaker, and the like... > I have also witnessed on several occassions, PDF's disappearing from > AFP > shares. > It's some seriously strange behavior. > > On Fri, Dec 05, 2003 at 01:09:35PM -0800, Jeff D wrote: >> I have a user here who is having a strange problem. When ever he >> takes >> a screenshot, the icon shows up on the desktop, but as soon as he goes >> to click on it, it disappears w/o a trace. >> >> Anyone ever seen anything like this before? This just started to >> happen >> after we did an update to panther. This sounds like an application level issue... In general, the Mac OS world never "creates" a file until after it has SUCCESSFULLY created the file. That is to say, if the application creating the file does not successfully close the file before the application quits or errors for some reason, the file is deleted." This is different behavior from a Unix application where the file will be created and "corrupted" at the end of the file because of incomplete closure. The implication is that, in fact, the file is never successfully created. What the user is seeing is the "lag" between Finder's update of the screen and "reality." T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a magill@mcgillsociety.org magill@acm.org magill@mac.com From djjames at env.med.nyu.edu Sun Dec 7 10:33:01 2003 From: djjames at env.med.nyu.edu (DJ James) Date: Thu Nov 3 12:34:10 2005 Subject: Screen shots disappearing in Panther In-Reply-To: <7BEC34F2-28E0-11D8-871B-000393768D2C@mcgillsociety.org> References: <3FD0F40F.4030703@ev01.net> <20031207054145.GA27967@sfu.ca> <7BEC34F2-28E0-11D8-871B-000393768D2C@mcgillsociety.org> Message-ID: At 1:09 PM -0500 12/7/03, William H. Magill wrote: >On 07 Dec, 2003, at 00:41, Brian Warsing wrote: >>I have seen this behavior in Jaguar when students create PFD's from >>Illustrator, Photoshop, Pagemaker, and the like... >>I have also witnessed on several occassions, PDF's disappearing from AFP >>shares. >>It's some seriously strange behavior. >> >>On Fri, Dec 05, 2003 at 01:09:35PM -0800, Jeff D wrote: >>>I have a user here who is having a strange problem. When ever he takes >>>a screenshot, the icon shows up on the desktop, but as soon as he goes >>>to click on it, it disappears w/o a trace. >>> >>>Anyone ever seen anything like this before? This just started to happen >>>after we did an update to panther. > >This sounds like an application level issue... > >In general, the Mac OS world never "creates" a file until after it >has SUCCESSFULLY created the file. That is to say, if the >application creating the file does not successfully close the file >before the application quits or errors for some reason, the file is >deleted." > >This is different behavior from a Unix application where the file >will be created and "corrupted" at the end of the file because of >incomplete closure. > >The implication is that, in fact, the file is never successfully >created. What the user is seeing is the "lag" between Finder's >update of the screen and "reality." > That makes very good sense! So, in these 2 cases, where the users affected were both trying to save screen snapshots, the likely place(s) to look would be either the Grab or ImageCapture applications, yes? If you do Command+Shift+4 and then move the mouse over a window and press the space bar, you see a camera icon (which goes away when you Click the mouse) after which your Picture file should appear -- and stay -- on the Desktop. For these users, that Picture file only stays until they try to "touch" it (i.e., pick it up and drag it somewhere else, like into a mail message and as soon as they touch it, it vanishes. Anyway, that camera icon looks very much like the icon for the ImageCapture program, so that would be my guess for what's doing screen captures in Panther by default. I know I saw the place where all those keystrokes get set somewhere on a new G5 I was setting up yesterday. Does anyone know where that was? Thanks, --DJ -- ******** DJ James, Systems/Network Administrator NYU School of Medicine From epeyton at epicware.com Sun Dec 7 10:48:01 2003 From: epeyton at epicware.com (Eric Peyton) Date: Thu Nov 3 12:34:10 2005 Subject: Screen shots disappearing in Panther In-Reply-To: References: <3FD0F40F.4030703@ev01.net> <20031207054145.GA27967@sfu.ca> <7BEC34F2-28E0-11D8-871B-000393768D2C@mcgillsociety.org> Message-ID: <9CCAFA80-28E5-11D8-A8B5-000393D42984@epicware.com> >> This sounds like an application level issue... >> >> In general, the Mac OS world never "creates" a file until after it >> has SUCCESSFULLY created the file. That is to say, if the application >> creating the file does not successfully close the file before the >> application quits or errors for some reason, the file is deleted." >> >> This is different behavior from a Unix application where the file >> will be created and "corrupted" at the end of the file because of >> incomplete closure. >> >> The implication is that, in fact, the file is never successfully >> created. What the user is seeing is the "lag" between Finder's update >> of the screen and "reality." >> > > That makes very good sense! > > So, in these 2 cases, where the users affected were both trying to > save screen snapshots, the likely place(s) to look would be either the > Grab or ImageCapture applications, yes? > > If you do Command+Shift+4 and then move the mouse over a window and > press the space bar, you see a camera icon (which goes away when you > Click the mouse) after which your Picture file should appear -- and > stay -- on the Desktop. For these users, that Picture file only stays > until they try to "touch" it (i.e., pick it up and drag it somewhere > else, like into a mail message and as soon as they touch it, it > vanishes. > > Anyway, that camera icon looks very much like the icon for the > ImageCapture program, so that would be my guess for what's doing > screen captures in Panther by default. No - it is not image capture that captures the screen. It it the screencapture binary. [spawn:~] [epeyton] screencapture 11:31pm [112] screencapture: illegal usage, file required if not going to clipboard usage: screencapture [-icmwsWx] [file] -i capture screen interactively, by selection or window control key - causes screen shot to go to clipboard space key - toggle between mouse selection and window selection modes escape key - cancels interactive screen shot -c force screen capture to go to the clipboard -m only capture the main monitor, undefined if -i is set -w only allow window selection mode -s only allow mouse selection mode -W start interaction in window selection mode -x do not play sounds -S in window capture mode, capture the screen not the window file where to save the screen capture [spawn:~] [epeyton] which screencapture 12:43pm [113] /usr/sbin/screencapture The way screen capturing works is that a file is created on the desktop, the screencapture is taken, and then the data is written to the file. On failure, the initial file is removed. Obviously screencapture is failing and removing the file, but the Finder doesn't see this until you click on the file. Do you perhaps notice multiple screencapture binaries running? If you use the command line screencapture does it work? Does grab.app work for you? Eric From lists at colorremedies.com Sun Dec 7 15:15:01 2003 From: lists at colorremedies.com (Chris Murphy) Date: Thu Nov 3 12:34:10 2005 Subject: invisible files Message-ID: <0908B6EA-290B-11D8-AA2D-0003934CBC52@colorremedies.com> After carbon copy cloning one machine to another, everything appears to be normal except the root directory where three normally invisible items are visible: dev, mach, and mach.sym. Any suggestions for making them invisible? Chris Murphy Color Remedies (TM) www.colorremedies.com/realworldcolor --------------------------------------------------------- Co-author "Real World Color Management" Published by PeachPit Press (ISBN 0-201-77340-6) From dev+lists at humph.com Sun Dec 7 15:25:01 2003 From: dev+lists at humph.com (Giuliano Gavazzi) Date: Thu Nov 3 12:34:10 2005 Subject: invisible files In-Reply-To: <0908B6EA-290B-11D8-AA2D-0003934CBC52@colorremedies.com> References: <0908B6EA-290B-11D8-AA2D-0003934CBC52@colorremedies.com> Message-ID: At 4:13 pm -0700 2003/12/07, Chris Murphy wrote: >After carbon copy cloning one machine to another, everything appears >to be normal except the root directory where three normally >invisible items are visible: dev, mach, and mach.sym. Any >suggestions for making them invisible? do an ls -a / you'll see the answer yourself! BTW, this seems to mean that . files were not copied. Not a good thing. Giuliano From lists at colorremedies.com Sun Dec 7 15:41:02 2003 From: lists at colorremedies.com (Chris Murphy) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon Message-ID: Is this where we are supposed to go for filesharing in 10.3? I click on it, and get an alias "Server" which I click on and get another alias "ColorMachine.local" which is my G4 desktop (I'm doing this from the laptop). But when I click on that icon, it's pointing to the local machine, not my G4 desktop. The only way it seems to work is if I go to Connect to Server and manually type in the IP address for the G4 desktop machine, login, and tell it what volume I want to mount. Now I can access the files I want. So how is the Network icon supposed to work? Chris Murphy Color Remedies (TM) www.colorremedies.com/realworldcolor --------------------------------------------------------- Co-author "Real World Color Management" Published by PeachPit Press (ISBN 0-201-77340-6) From lists at colorremedies.com Sun Dec 7 15:43:04 2003 From: lists at colorremedies.com (Chris Murphy) Date: Thu Nov 3 12:34:10 2005 Subject: invisible files In-Reply-To: References: <0908B6EA-290B-11D8-AA2D-0003934CBC52@colorremedies.com> Message-ID: On Dec 7, 2003, at 4:24 PM, Giuliano Gavazzi wrote: > At 4:13 pm -0700 2003/12/07, Chris Murphy wrote: >> After carbon copy cloning one machine to another, everything appears >> to be normal except the root directory where three normally invisible >> items are visible: dev, mach, and mach.sym. Any suggestions for >> making them invisible? > > do an > > ls -a / > > you'll see the answer yourself! > > BTW, this seems to mean that . files were not copied. Not a good thing. .hidden was not copied for some reason. Neither was .hotfiles.btree but a new one was created by the system. I image a new copy of this particular file is better than one from another machine - btree sounds directory related to me. Chris Murphy Color Remedies (TM) www.colorremedies.com/realworldcolor --------------------------------------------------------- Co-author "Real World Color Management" Published by PeachPit Press (ISBN 0-201-77340-6) From dev+lists at humph.com Sun Dec 7 15:54:01 2003 From: dev+lists at humph.com (Giuliano Gavazzi) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: References: Message-ID: At 4:40 pm -0700 2003/12/07, Chris Murphy wrote: >Is this where we are supposed to go for filesharing in 10.3? I click >on it, and get an alias "Server" which I click on and get another >alias "ColorMachine.local" which is my G4 desktop (I'm doing this >from the laptop). But when I click on that icon, it's pointing to >the local machine, not my G4 desktop. The only way it seems to work >is if I go to Connect to Server and manually type in the IP address >for the G4 desktop machine, login, and tell it what volume I want to >mount. Now I can access the files I want. > >So how is the Network icon supposed to work? > well, I 'd like to know too. Initially Network would show me the list of appleshare machines and selecting an item in the list would show a connect button in the column to the right. Now no more. I have to do an explicit command-K. But this is nothing, I had very weird things happening, including some socket not connected errors. Volumes that would change name in the Finder view.. fixed by relaunching Finder. I think they screwed up a thing or two. It is so weird that I don't know exactly were to start writing a bug report... Giuliano -- H U M P H || ||| software Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X http://www.humph.com/ From scott at maxify.com Sun Dec 7 16:00:04 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:10 2005 Subject: invisible files In-Reply-To: References: <0908B6EA-290B-11D8-AA2D-0003934CBC52@colorremedies.com> Message-ID: <5C7FD1CC-2911-11D8-A284-003065CA9E5A@maxify.com> On Dec 7, 2003, at 3:41 PM, Chris Murphy wrote: > .hidden was not copied for some reason Could carbon copy cloner be responsible for the problem you described in this older post? http://www.omnigroup.com/mailman/archive/macosx-admin/2003-October/ 032875.html - Scott -- Tree House Ideas http://treehouseideas.com/ From costabel at wanadoo.fr Sun Dec 7 16:21:01 2003 From: costabel at wanadoo.fr (Martin Costabel) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: References: Message-ID: <3FD3C3A8.5020602@wanadoo.fr> Chris Murphy wrote: > Is this where we are supposed to go for filesharing in 10.3? I click on > it, and get an alias "Server" which I click on and get another alias > "ColorMachine.local" which is my G4 desktop (I'm doing this from the > laptop). But when I click on that icon, it's pointing to the local > machine, not my G4 desktop. The only way it seems to work is if I go to > Connect to Server and manually type in the IP address for the G4 desktop > machine, login, and tell it what volume I want to mount. Now I can > access the files I want. > > So how is the Network icon supposed to work? Good question. IMHO the new system is seriously flawed. In principle, you should see, besides the "Server" alias, the rest of the local network, as you used to get from the "Browse" button in the "Connect to server" utility. They removed the network browser and dump you into the Finder instead. Unfortunately, the Finder does not have the same functionality. In my experience, it shows less machines or local networks, it does not allow to put servers on the desktop or in the dock, and if you have a large local network, it is almost impossible to find out which servers you are connected to so you can eject them. For a laptop this is fatal, because if you leave the network without ejecting all servers, you will have to reboot later in order to regain a working machine. Same problem if a server stops to work. In principle, autodiskmount should take care of this, but it doesn't. From scott at maxify.com Sun Dec 7 16:21:46 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: References: Message-ID: <614AAD0E-2914-11D8-A284-003065CA9E5A@maxify.com> On Dec 7, 2003, at 3:52 PM, Giuliano Gavazzi wrote: > well, I 'd like to know too. Initially Network would show me the list > of appleshare machines and selecting an item in the list would show a > connect button in the column to the right. Now no more. Maybe they have to be Rendezvous-based now (instead of AppleTalk)? Just a guess. - Scott -- Tree House Ideas http://treehouseideas.com/ From scott at maxify.com Sun Dec 7 16:26:01 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: <3FD3C3A8.5020602@wanadoo.fr> References: <3FD3C3A8.5020602@wanadoo.fr> Message-ID: <086A145E-2915-11D8-A284-003065CA9E5A@maxify.com> On Dec 7, 2003, at 4:19 PM, Martin Costabel wrote: > if you have a large local network, it is almost impossible to find out > which servers you are connected to so you can eject them Why not to enable the option to display them on the desktop and/or the Panther sidebar? - Scott -- Tree House Ideas http://treehouseideas.com/ From costabel at wanadoo.fr Sun Dec 7 16:38:23 2003 From: costabel at wanadoo.fr (Martin Costabel) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: <086A145E-2915-11D8-A284-003065CA9E5A@maxify.com> References: <3FD3C3A8.5020602@wanadoo.fr> <086A145E-2915-11D8-A284-003065CA9E5A@maxify.com> Message-ID: <3FD3C7D1.4070408@wanadoo.fr> Scott Stevenson wrote: > > On Dec 7, 2003, at 4:19 PM, Martin Costabel wrote: > >> if you have a large local network, it is almost impossible to find out >> which servers you are connected to so you can eject them > > > Why not to enable the option to display them on the desktop and/or the > Panther sidebar? This option does not work for me. -- Martin From jwelch at aer.com Sun Dec 7 16:42:09 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: Message-ID: On 12/7/03 5:40 PM, "Chris Murphy" wrote: > Is this where we are supposed to go for filesharing in 10.3? I click on > it, and get an alias "Server" which I click on and get another alias > "ColorMachine.local" which is my G4 desktop (I'm doing this from the > laptop). But when I click on that icon, it's pointing to the local > machine, not my G4 desktop. The only way it seems to work is if I go to > Connect to Server and manually type in the IP address for the G4 > desktop machine, login, and tell it what volume I want to mount. Now I > can access the files I want. > > So how is the Network icon supposed to work? In theory, you wait long enough, and stuff happens. If you want rendezvous to work a little nicer, in Network prefs, add "local" to your search domains. Then when you browse, you'll see a "local" container, which I have found makes it easier to find Rendezvous file servers. john -- Cum catapultae proscriptae erunt tum soli proscript catapultas habebunt. (When catapults are outlawed, only outlaws will have catapults.) Jeff La Grua From jwelch at aer.com Sun Dec 7 16:44:28 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: Message-ID: On 12/7/03 5:52 PM, "Giuliano Gavazzi" wrote: > well, I 'd like to know too. Initially Network would show me the list > of appleshare machines and selecting an item in the list would show a > connect button in the column to the right. Now no more. > I have to do an explicit command-K. > > But this is nothing, I had very weird things happening, including > some socket not connected errors. Volumes that would change name in > the Finder view.. fixed by relaunching Finder. I think they screwed > up a thing or two. > It is so weird that I don't know exactly were to start writing a bug report... The entire new mount paradigm is stupid and actually MORE tedious and harder to use than the old one. For a more detailed rant, look here: I really get the feeling that Steve should have said "Nov. 24th" for the Panther release. john -- "Lo Que Sea, Cuando Sea, Donde Sea" (Anything, Anytime, Anywhere) 7th Special Forces Group (Airborne) From jwelch at aer.com Sun Dec 7 16:46:09 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: <3FD3C7D1.4070408@wanadoo.fr> Message-ID: On 12/7/03 6:37 PM, "Martin Costabel" wrote: >>> if you have a large local network, it is almost impossible to find out >>> which servers you are connected to so you can eject them >> >> >> Why not to enable the option to display them on the desktop and/or the >> Panther sidebar? > > This option does not work for me. That's not for Network mounts, that's for Connect to Server mounts only. john -- I had no system of shooting as such. It is definitely more in the feeling side of things that these skills develop. I was at the front five and a half years, and you just got a feeling for the right amount of lead. -- Lt. General Guenther Rall, GAF. From costabel at wanadoo.fr Sun Dec 7 16:52:02 2003 From: costabel at wanadoo.fr (Martin Costabel) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: <3FD3C7D1.4070408@wanadoo.fr> References: <3FD3C3A8.5020602@wanadoo.fr> <086A145E-2915-11D8-A284-003065CA9E5A@maxify.com> <3FD3C7D1.4070408@wanadoo.fr> Message-ID: <3FD3CB14.6090109@wanadoo.fr> Martin Costabel wrote: > Scott Stevenson wrote: >> Why not to enable the option to display them on the desktop and/or the >> Panther sidebar? > > This option does not work for me. I should have been more precise: It does work for servers connected to in the old way, via the "Connect to server" utility. Unfortunately, one now has to type the server name by hand, because the browser doesn't work any more. The servers connected to from the Finder's network icon do not show up on the desktop or in the sidebar. The only way to see that you are connected to one is that its icon in the browser window is a little brighter than the others. You need good eyes to detect this, and in a hierarchy of local network directories this is useless. -- Martin From listuser at magicmiles.com Sun Dec 7 17:08:13 2003 From: listuser at magicmiles.com (m i l e s) Date: Thu Nov 3 12:34:10 2005 Subject: Mail Server Suggestions ? Message-ID: Hi, Im running Panther CLIENT (not server) on a client's machine, and want to know what some folks would suggest I run for a mail server ? They are also running DNS as well as web services. Apache is the obvious choice here for web, and DNS (duh- BIND!). So I need a mail server....preferrably with web capabilities. Any suggestions ? -- M i l e s President & Toolbox Architect MagicMiles Software (413) 374 - 5161 PO Box 414, Northampton, MA 01060 http://www.servicetoolbox.com/ http://www.workshoptoolbox.com/ http://www.healingartstoolbox.com/ http://www.artshoptoolbox.com/ We create content management systems for the rest of us, starting at $25.00 a month, includes domain registration, web hosting, email and webmail. Great for Yoga Teachers, Massage Therapists, Lawyers, Doctors, and any professional! From scott at maxify.com Sun Dec 7 17:18:04 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:10 2005 Subject: Mail Server Suggestions ? In-Reply-To: References: Message-ID: <49E5CC98-291C-11D8-A284-003065CA9E5A@maxify.com> On Dec 7, 2003, at 5:07 PM, m i l e s wrote: > Im running Panther CLIENT (not server) on a client's machine, and want > to > know what some folks would suggest I run for a mail server ? They are > also > running DNS as well as web services. Apache is the obvious choice > here for > web, and DNS (duh- BIND!). So I need a mail server....preferrably with > web capabilities. Postfix comes preinstalled in Panther client and probably would work just fine (google 'postfix'). There are alternatives, though. The web part would probably not be built in but rather achieved via something like SquirrelMail. - Scott -- Tree House Ideas http://treehouseideas.com/ From dave.xadmin at alfordmedia.com Sun Dec 7 17:25:02 2003 From: dave.xadmin at alfordmedia.com (Dave Pooser) Date: Thu Nov 3 12:34:10 2005 Subject: Mail Server Suggestions ? In-Reply-To: Message-ID: > Im running Panther CLIENT (not server) on a client's machine, and want to > know what some folks would suggest I run for a mail server ? If you're looking for something that's a snap to set up and easy to administer, take a hard look at CommuniGate Pro. Their default webmail skins peg pretty high on the suck-o-meter, but EudoraLook and Nicolas Hatier's LookOut are free-to-cheap and improve it a lot. -- Dave Pooser Manager of Information Services Alford Media http://www.alfordmedia.com From gms at captainnet.net Sun Dec 7 17:32:01 2003 From: gms at captainnet.net (George Szekely) Date: Thu Nov 3 12:34:10 2005 Subject: Mail Server Suggestions ? In-Reply-To: References: Message-ID: >Hi, > >Im running Panther CLIENT (not server) on a client's machine, and want to >know what some folks would suggest I run for a mail server ? They are also >running DNS as well as web services. Apache is the obvious choice here for >web, and DNS (duh- BIND!). So I need a mail server....preferrably with >web capabilities. > >Any suggestions ? Miles, you can try ECM which is a combination of (MySql + Exim + Exiscan + CourierIMAP + SpamAssassin + Clam AntiVirus) all opensource. http://maxo.captainnet.net/installs/mailserver/index.html George >-- >M i l e s > >President & Toolbox Architect >MagicMiles Software >(413) 374 - 5161 >PO Box 414, Northampton, MA 01060 > >http://www.servicetoolbox.com/ >http://www.workshoptoolbox.com/ >http://www.healingartstoolbox.com/ >http://www.artshoptoolbox.com/ > >We create content management systems for >the rest of us, starting at $25.00 a month, >includes domain registration, web hosting, >email and webmail. Great for Yoga Teachers, >Massage Therapists, Lawyers, Doctors, >and any professional! >_______________________________________________ >MacOSX-admin mailing list >MacOSX-admin@omnigroup.com >http://www.omnigroup.com/mailman/listinfo/macosx-admin From adrianslists at optusnet.com.au Sun Dec 7 17:44:01 2003 From: adrianslists at optusnet.com.au (Adrian Smith) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: References: Message-ID: >Is this where we are supposed to go for filesharing in 10.3? I click >on it, and get an alias "Server" which I click on and get another >alias "ColorMachine.local" which is my G4 desktop (I'm doing this >from the laptop). But when I click on that icon, it's pointing to >the local machine, not my G4 desktop. The only way it seems to work >is if I go to Connect to Server and manually type in the IP address >for the G4 desktop machine, login, and tell it what volume I want to >mount. Now I can access the files I want. > >So how is the Network icon supposed to work? You might need to turn on "AppleTalk" in the "Directory Access" utility in order to see your G4. There is a new KB article which details the two different schemes for connecting to server. http://docs.info.apple.com/article.html?artnum=107804 What a mess!! I like the ability to browse from the Network icon but the inability to see on the desktop or sidebar is seriously stupid. Adrian From garbanzito at mac.com Sun Dec 7 18:16:01 2003 From: garbanzito at mac.com (steve harley) Date: Thu Nov 3 12:34:10 2005 Subject: invisible files In-Reply-To: References: <0908B6EA-290B-11D8-AA2D-0003934CBC52@colorremedies.com> Message-ID: <5FF6BF35-2924-11D8-8D1D-000393C5ED50@mac.com> On 7 Dec 2003, at 4:41 PM, Chris Murphy wrote: > .hidden was not copied for some reason. Neither was .hotfiles.btree .hidden's absence explains why dev, mach & mach.sym are visible.. replacing .hidden would be the fix.. the bigger mystery is why it wasn't copied.. it and .hotfiles.btree are specifically in the default "Items to be Copied" list that CCC displays as one launches a copy, so either you changed the config or CCC didn't do what it said it would do.. i'd try the help forums hosted by CCC's author i can't find any description of .hotfiles.btree, but "btree" isn't a strong indicator of "directory related"; "hotfiles" maybe also note that if you're booting from a cloned volume there are some cautions.. at a minimum, you should name the cloned volume the same as the original, and rename the original if it's still online probably more info here: From mjwise at kapu.net Sun Dec 7 20:04:49 2003 From: mjwise at kapu.net (Michael J Wise) Date: Thu Nov 3 12:34:10 2005 Subject: Mail Server Suggestions ? In-Reply-To: <49E5CC98-291C-11D8-A284-003065CA9E5A@maxify.com> References: <49E5CC98-291C-11D8-A284-003065CA9E5A@maxify.com> Message-ID: <768440D5-2933-11D8-85BC-003065FB84BC@kapu.net> On Dec 7, 2003, at 3:17 PM, Scott Stevenson wrote: > On Dec 7, 2003, at 5:07 PM, m i l e s wrote: >> Im running Panther CLIENT (not server) on a client's machine, and >> want to >> know what some folks would suggest I run for a mail server ? They >> are also >> running DNS as well as web services. Apache is the obvious choice >> here for >> web, and DNS (duh- BIND!). So I need a mail server....preferrably >> with >> web capabilities. > > Postfix comes preinstalled in Panther client and probably would work > just fine (google 'postfix'). Postfix. Aloha mai Nai`a! -- "Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy..." From shoop at iwiring.net Sun Dec 7 22:57:06 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:10 2005 Subject: Mail Server Suggestions ? In-Reply-To: References: Message-ID: At 8:07 PM -0500 12/7/03, m i l e s wrote: >Hi, > >Im running Panther CLIENT (not server) on a client's machine, and want to >know what some folks would suggest I run for a mail server ? They are also >running DNS as well as web services. Apache is the obvious choice here for >web, and DNS (duh- BIND!). So I need a mail server....preferrably with >web capabilities. What do you mean by "mail server"? Just the MTA? Also, how are you authenticating users? Are the real system users or users from a datasource (like MySQL, Radius, etc.) ? I prefer exim as the MTA, but postfix is now shipping with Panther. I like exim b/c it's very robust and scalable, very self contained (not a whole bunch of extra apps), has a single config file that's very approachable and Apache-like, supports ACLs, drops in as a replacement for sendmail, has built-in Perl, and with exiscan and SpamAssassin can reject the email without accepting it. It's also open source with a good support list and the author is very nice and approachable. For an MDA I like to use courier's since it supports maildirs and has many authentication options. Cyrus is now shipping for Panther Server but I find it overkill. YMMV. On the web MUA side there's SquireMail and even PHPost if your needs are simple. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From grail at goldweb.com.au Mon Dec 8 00:55:01 2003 From: grail at goldweb.com.au (Alex Satrapa) Date: Thu Nov 3 12:34:10 2005 Subject: Me too! Re: Network icon In-Reply-To: References: Message-ID: <3FD43C08.9040003@goldweb.com.au> Chris Murphy wrote: > ... an alias "Server" which I click on and get another alias > "ColorMachine.local" which is my G4 desktop (I'm doing this from the > laptop). But when I click on that icon, it's pointing to the local > machine, ... I've had problems with that too. My assumption was that the ".local" referred to the ZeroConf ("Rendezvous") network - but I don't have ZeroConf enabled on anything else, since the local network has a "master" which issues addresses and network configuration through DHCP. I go to my "merlin.local" and it's just the local machine. Things get really weird when I try to use files from that, because after that, every machine becomes my machine, if you know what I mean. I've got a Samba and netatalk servers (running both at the same time), mainly to support the network way back when i was running a couple of Macs through a LocalTalk to EtherTalk gateway. From jonas at zeus.ugent.be Mon Dec 8 01:06:06 2003 From: jonas at zeus.ugent.be (Jonas Maebe) Date: Thu Nov 3 12:34:10 2005 Subject: Network icon In-Reply-To: <3FD3C3A8.5020602@wanadoo.fr> References: <3FD3C3A8.5020602@wanadoo.fr> Message-ID: <99703290-295D-11D8-8C34-003065D3FF28@zeus.ugent.be> On 8 dec 2003, at 01:19, Martin Costabel wrote: > For a laptop this is fatal, because if you leave the network without > ejecting all servers, you will have to reboot later in order to regain > a working machine. This is not true anymore under Mac OS X 10.3.x for AFP and NFS mounts. After 10 seconds of the spinning beachball, you now get a dialog box that allows you to forcibly unmount the missing servers. Jonas From robertcerny at mac.com Mon Dec 8 01:12:05 2003 From: robertcerny at mac.com (Robert Cerny) Date: Thu Nov 3 12:34:11 2005 Subject: Me too! Re: Network icon In-Reply-To: <3FD43C08.9040003@goldweb.com.au> References: <3FD43C08.9040003@goldweb.com.au> Message-ID: <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> http://docs.info.apple.com/article.html?artnum=107804 HTH Robert On 8.12.2003, at 9:53, Alex Satrapa wrote: > Chris Murphy wrote: >> ... an alias "Server" which I click on and get another alias >> "ColorMachine.local" which is my G4 desktop (I'm doing this from the >> laptop). But when I click on that icon, it's pointing to the local >> machine, ... > > I've had problems with that too. My assumption was that the ".local" > referred to the ZeroConf ("Rendezvous") network - but I don't have > ZeroConf enabled on anything else, since the local network has a > "master" which issues addresses and network configuration through > DHCP. > > I go to my "merlin.local" and it's just the local machine. Things get > really weird when I try to use files from that, because after that, > every machine becomes my machine, if you know what I mean. I've got a > Samba and netatalk servers (running both at the same time), mainly to > support the network way back when i was running a couple of Macs > through a LocalTalk to EtherTalk gateway. > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2367 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031208/363f369f/smime.bin From jared at 23x.net Mon Dec 8 01:23:04 2003 From: jared at 23x.net (Jared ''Danger'' Earle) Date: Thu Nov 3 12:34:11 2005 Subject: Network icon In-Reply-To: <614AAD0E-2914-11D8-A284-003065CA9E5A@maxify.com> References: <614AAD0E-2914-11D8-A284-003065CA9E5A@maxify.com> Message-ID: <3FD44418.2090108@23x.net> Scott Stevenson wrote: > On Dec 7, 2003, at 3:52 PM, Giuliano Gavazzi wrote: > >> well, I 'd like to know too. Initially Network would show me the list >> of appleshare machines and selecting an item in the list would show a >> connect button in the column to the right. Now no more. > > Maybe they have to be Rendezvous-based now (instead of AppleTalk)? Just > a guess. I use Samba and a workgroup at home. I can see all my machines without problems. BSD, XP and OSX samba shares all show up in 'Network'. -- "Shiny!" jared@23x.net From hmag at ozemail.com.au Mon Dec 8 01:53:00 2003 From: hmag at ozemail.com.au (Terry Allen) Date: Thu Nov 3 12:34:11 2005 Subject: Mail Server Suggestions ? In-Reply-To: References: Message-ID: >At 8:07 PM -0500 12/7/03, m i l e s wrote: >>Hi, >> >>Im running Panther CLIENT (not server) on a client's machine, and want to >>know what some folks would suggest I run for a mail server ? They are also >>running DNS as well as web services. Apache is the obvious choice here for >>web, and DNS (duh- BIND!). So I need a mail server....preferrably with >>web capabilities. > > Hi again, I came across this interesting little utility - the author seems fairly switched on. I haven't used it, but it looks fine. For those still on OSX 10.2, there's also Sendmail enabler from the same guy & I believe he is working on some other utilities of similar kind: http://www.roadstead.com/weblog/Tutorials/PostfixEnabler.html -- Bye for now, Terry Allen ___________________________________________________________________ hEARd Postal Address: hEARd, 26B Glenning Rd, Glenning Valley, NSW 2261, Australia Internet - WWW: http://heard.com.au or http://www.ozemail.com.au/~hmag http://hosting.heard.com.au - http://itavservices.com Interactive Message Board - http://heard.com.au/wwwboard/ EMAIL: (checked every Thursday & Sunday, sometimes more often) hmag@ozemail.com.au Phone: Australia - 02 4388 1400 / International - + 61 2 43881400 Mobile: Australia - 04 28881400 / International - 61 4 28881400 ----------------------------------------------- Non profit promotion for new music - since 1994 ----------------------------------------------- From grail at goldweb.com.au Mon Dec 8 01:56:03 2003 From: grail at goldweb.com.au (Alex Satrapa) Date: Thu Nov 3 12:34:11 2005 Subject: Mail Server Suggestions ? In-Reply-To: References: Message-ID: <3FD445AC.1050606@goldweb.com.au> Dan Shoop wrote: > For an MDA I like to use courier's since it supports maildirs and has > many authentication options. Cyrus is now shipping for Panther Server > but I find it overkill. YMMV. I'm a bit lost as to Apple's decision to ship Cyrus IMAPd with Panther, since Cyrus and Mail.app don't play well together. I posted to this list earlier with problems (which I still haven't solved) where Mail.app would try to create folders on the IMAP server and on being told the folders already existed, would fail with errors! That's Mail.app's fault though, not Cyrus' I agree with other posters wrt Squirrel Mail - it's small, simple and easy to use. Alex From costabel at wanadoo.fr Mon Dec 8 02:17:03 2003 From: costabel at wanadoo.fr (Martin Costabel) Date: Thu Nov 3 12:34:11 2005 Subject: Network icon In-Reply-To: <99703290-295D-11D8-8C34-003065D3FF28@zeus.ugent.be> References: <3FD3C3A8.5020602@wanadoo.fr> <99703290-295D-11D8-8C34-003065D3FF28@zeus.ugent.be> Message-ID: <3FD44F73.9020903@wanadoo.fr> Jonas Maebe wrote: > > On 8 dec 2003, at 01:19, Martin Costabel wrote: > >> For a laptop this is fatal, because if you leave the network without >> ejecting all servers, you will have to reboot later in order to regain >> a working machine. > > > This is not true anymore under Mac OS X 10.3.x for AFP and NFS mounts. > After 10 seconds of the spinning beachball, you now get a dialog box > that allows you to forcibly unmount the missing servers. Sometimes yes, sometimes no. Sometimes the spinning ball is all you get from the finder until you reboot. I have been through this several times. And even if it works, it is a major PITA, it asks you to unmount every single share on a mounted server. Clicking twice for each one of 50 shared directories is definitely less pleasant than dragging an icon to the trash. -- Martin From costabel at wanadoo.fr Mon Dec 8 02:46:01 2003 From: costabel at wanadoo.fr (Martin Costabel) Date: Thu Nov 3 12:34:11 2005 Subject: Me too! Re: Network icon In-Reply-To: <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> Message-ID: <3FD45638.2040901@wanadoo.fr> Robert Cerny wrote: > http://docs.info.apple.com/article.html?artnum=107804 Yeah, this shows all the gory details of this mess. If Apple don't see, by simply reading their own article, that they have fouled up royally on this, I am beginning to get doubts about Apple's future. I love particularly "Simply type the server's address, click Connect, and complete the connection dialog. (Note that clicking the Browse button takes you back to the Network view described above.)" It is impossible that anyone aware of Apple's HID rules can have written this, they must have hired someone from M$. Using the Browse button to leave an application... "Important: Do not simultaneously connect to the same server using both the Network view and Connect to Server methods. Doing so makes it hard to disconnect from the server later. Be sure to eject a server before connecting to it via the other method." and "It is important to note that there is not a single location for seeing all connected (or "mounted") servers." No comment... "When you connect to a server in the Network view, its icon changes from dimmed to full color". Whatever full color means for a light gray icon... -- Martin From adrianslists at optusnet.com.au Mon Dec 8 03:28:01 2003 From: adrianslists at optusnet.com.au (Adrian Smith) Date: Thu Nov 3 12:34:11 2005 Subject: Me too! Re: Network icon In-Reply-To: <3FD45638.2040901@wanadoo.fr> References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> Message-ID: At 11:45 AM +0100 8/12/03, Martin Costabel wrote: >Robert Cerny wrote: > >>http://docs.info.apple.com/article.html?artnum=107804 > >Yeah, this shows all the gory details of this mess. If Apple don't >see, by simply reading their own article, that they have fouled up >royally on this, I am beginning to get doubts about Apple's future. > The fact that had to write it shows they know there is a problem (and there are lots on posts on the Apple Discussion Boards). I'm sure they will fix it....eventually.... We've all submitted feedback on this I assume :) http://www.apple.com/macosx/feedback/ Adrian From charlesd at newsguy.com Mon Dec 8 05:37:01 2003 From: charlesd at newsguy.com (Charles Dyer) Date: Thu Nov 3 12:34:11 2005 Subject: Me too! Re: Network icon In-Reply-To: References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> Message-ID: At 22:26 +1100 08/12/2003, Adrian Smith wrote: >At 11:45 AM +0100 8/12/03, Martin Costabel wrote: >>Robert Cerny wrote: >> >>>http://docs.info.apple.com/article.html?artnum=107804 >> >>Yeah, this shows all the gory details of this mess. If Apple don't >>see, by simply reading their own article, that they have fouled up >>royally on this, I am beginning to get doubts about Apple's future. >> > >The fact that had to write it shows they know there is a problem >(and there are lots on posts on the Apple Discussion Boards). > >I'm sure they will fix it....eventually.... > >We've all submitted feedback on this I assume :) > >http://www.apple.com/macosx/feedback/ > I certainly have. Whether they'll pay any attention at all to it is a whole different matter. -- We are Microsoft of Borg. You will be assimilated. Stability is irrelevant. Where _you_ want to go to today is irrelevant. We will add your currency to our own. Bend over right now. Resistance is futile. From grail at goldweb.com.au Mon Dec 8 07:05:03 2003 From: grail at goldweb.com.au (Alex Satrapa) Date: Thu Nov 3 12:34:11 2005 Subject: Me too! Re: Network icon In-Reply-To: <3FD45638.2040901@wanadoo.fr> References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> Message-ID: On 8 Dec 2003, at 21:45, Martin Costabel wrote: > Yeah, this shows all the gory details of this mess. If Apple don't > see, by simply reading their own article, that they have fouled up > royally on this, I am beginning to get doubts about Apple's future. In defence of Apple, when my networking is working properly, I can connect to a Samba server by browsing through the "WORKGROUP" icon - though in my setup I've renamed it "HOUSE" (by editing /etc/smb.conf no less). I haven't yet seen how it behaves in a Microsoft Windows domain yet. Alex "Programming is like sex: one mistake and you have to support it for the rest of your life." -Michael Sinz From jwelch at aer.com Mon Dec 8 07:18:04 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:11 2005 Subject: Me too! Re: Network icon In-Reply-To: Message-ID: On 12/8/03 9:03 AM, "Alex Satrapa" wrote: >> Yeah, this shows all the gory details of this mess. If Apple don't >> see, by simply reading their own article, that they have fouled up >> royally on this, I am beginning to get doubts about Apple's future. > > In defence of Apple, when my networking is working properly, I can > connect to a Samba server by browsing through the "WORKGROUP" icon - > though in my setup I've renamed it "HOUSE" (by editing /etc/smb.conf no > less). I haven't yet seen how it behaves in a Microsoft Windows domain > yet. You can do the same thing by changing the workgroup in SMB in Directory Access. john -- I had no system of shooting as such. It is definitely more in the feeling side of things that these skills develop. I was at the front five and a half years, and you just got a feeling for the right amount of lead. -- Lt. General Guenther Rall, GAF. From trang at condor.circa.ufl.edu Mon Dec 8 07:24:05 2003 From: trang at condor.circa.ufl.edu (Trang Le) Date: Thu Nov 3 12:34:11 2005 Subject: Kerberos and 10.3 Message-ID: <3FD4976D.6000807@condor.circa.ufl.edu> We use Kerberos for authentication and LDAP for authorization. When a user logins with a valid account and valid password, he can log in. If he logins with a valid account and invalid password, he can still login. If he uses and invalid account, he won't be able to login at all. It seems that the LoginWindow just bypasses the password checked in Kerberos, or it never hit the Kerberos server. The Kerberos in the command line works fine. LDAP server and Loginwindow works fine because it gives me my full name as it appears in the LDAP server. Does anyone experience something like that? If so, how do you fix it? Trang Le Academic Technology University of Florida From scott at hastings.com Mon Dec 8 07:58:05 2003 From: scott at hastings.com (Larry Scott Hastings) Date: Thu Nov 3 12:34:11 2005 Subject: Network Time CLI? In-Reply-To: References: Message-ID: Thanks for pointing out /etc/hostconfig. I was looking for /etc/rc.conf or /etc/rc.config with no luck. However, I can't modify the /etc/hostconfig file; vi tells me it is read-only, and the file permissions confirm: [OSXServer:~] admin% ls -l /etc/hostconfig -r--r--r-- 1 root wheel 567 Jun 5 2003 /etc/hostconfig So, I can't even edit the file as root. Are the permissions wrong? I ran Repair Permissions, with no change. At 1:10 PM -0500 11/26/03, Andrina Kelly wrote: >I've been playing with this myself recently. > >To start from scratch you need to modify /etc/hostconfig and change >the timesync line to this: TIMESYNC=-YES- >Then modify /etc/ntpd.conf to your desired timeserver - for example, >if you were using Apple's time server the file would look like: >server time.apple.com minpoll 12 maxpoll 17 >You can check and see if the ntpd is running by using the following >line: ps uaxww | grep ntp >if it is running you can use an HUP to get the new details, or if >it's not running simply typing ntpd at a command prompt will start >the daemon. >check after this to see is it's running by using the same ps command again. > >enjoy your network time.... > >Cheers, >Andrina > > >On Nov 25, 2003, at 9:04 AM, Larry Scott Hastings wrote: > >>Is there a command line equivalent to the Network Time tab in the >>Date & Time System Preferences pane? (under 10.2.8 "Jaguar") >>-- >> >>Hook'em >>--Scott H. >>_______________________________________________ >>MacOSX-admin mailing list >>MacOSX-admin@omnigroup.com >>http://www.omnigroup.com/mailman/listinfo/macosx-admin >> >> >........................................................... > >andrina kelly email: andrina@corefa.com >c.o.r.e. feature animation http://www.coredp.com > >........................................................... -- Hook'em --Scott H. -------------- next part -------------- An HTML attachment was scrubbed... URL: /mailman/archive/macosx-admin/attachments/20031208/a9ade7df/attachment.html From magill at mcgillsociety.org Mon Dec 8 09:14:01 2003 From: magill at mcgillsociety.org (William H. Magill) Date: Thu Nov 3 12:34:11 2005 Subject: Kerberos and 10.3 In-Reply-To: <3FD4976D.6000807@condor.circa.ufl.edu> References: <3FD4976D.6000807@condor.circa.ufl.edu> Message-ID: On 08 Dec, 2003, at 10:23, Trang Le wrote: > We use Kerberos for authentication and LDAP for authorization. When a > user logins with a valid account and valid password, he can log in. > If he logins with a valid account and invalid password, he can still > login. If he uses and invalid account, he won't be able to login at > all. It seems that the LoginWindow just bypasses the password > checked in Kerberos, or it never hit the Kerberos server. The > Kerberos in the command line works fine. > > LDAP server and Loginwindow works fine because it gives me my full > name as it appears in the LDAP server. > > Does anyone experience something like that? If so, how do you fix it? I believe that the instructions for Kerberos are in the OS X Server docs. They were extensively written (can call something that didn't exist re-written) for Panther. The old Jaguar manuals are here: http://docs.info.apple.com/article.html?artnum=50525 The Panther manuals are here: http://www.apple.com/server/documentation/ In general Panther is much better documented under OS X Server than client. T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a magill@mcgillsociety.org magill@acm.org magill@mac.com From janos.lobb at yale.edu Mon Dec 8 09:16:09 2003 From: janos.lobb at yale.edu (=?ISO-8859-1?Q?J=E1nos_L=F6bb?=) Date: Thu Nov 3 12:34:11 2005 Subject: [OT] Network performance monitoring tool ? Message-ID: <49F63FFD-29A2-11D8-8A68-000A27DD8970@janos.mail.yale.edu> Folks, I am in need of a good tool on OSX - or OSXS - to monitor the network performance - not just my VLAN but the whole bloody local network /few thousand machines/ - in real time and create a max one month history of it, so I can go back max 30 days if a dispute arise. It has to identify network bottlenecks - like wrongly configured routers - it has to show network glitches either if it is for saturation or from other causes, it should show what amount of data flows via what pipes available. It also should make distinctions between switches and hubs and computers and,.... Its also should alert if a specified machine went down. It should show even very short term spikes like a broadcast flood. It should be below $1K. An interface to an SQL database - Sybase, Posthresql, Oracle ... to store tha data would be nice but not necessary. There was a time when I used Lansurveyor version 4, but it could not create historical data and that was for 8.6 or so. Any good recommendations ? Thanks ahead, J?nos Ping is disabled here and I just do not have time to automate a tcpdump on a promiscous card - which by the way can cost my job. ------------------------------------------------- clear perl code is better than unclear awk code; but NOTHING comes close to unclear perl code http://www.faqs.org/faqs/computer-lang/awk/faq/ From scott at hastings.com Mon Dec 8 09:20:01 2003 From: scott at hastings.com (Larry Scott Hastings) Date: Thu Nov 3 12:34:11 2005 Subject: video card in B&W G3 Message-ID: I just bought and installed a Radeon 7000 for my B&W G3 after the original video card went increasingly flaky. I left the original card in it's PCI slot, and used one of the remaining 3 slots for the new Radeon. IIRC, the original video card is in a "special" 66 MHz PCI slot, specifically for the video card. My question(s): Can I remove the original video card from the "special" slot, and place the Radeon 7000 in it's place? If yes, then, well, _should_ I? -- Hook'em --Scott H. From janos.lobb at yale.edu Mon Dec 8 09:20:47 2003 From: janos.lobb at yale.edu (=?ISO-8859-1?Q?J=E1nos_L=F6bb?=) Date: Thu Nov 3 12:34:11 2005 Subject: Me too! Re: Network icon In-Reply-To: <3FD45638.2040901@wanadoo.fr> References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> Message-ID: On Dec 8, 2003, at 5:45 AM, Martin Costabel wrote: > Robert Cerny wrote: > >> http://docs.info.apple.com/article.html?artnum=107804 > > Yeah, this shows all the gory details of this mess. If Apple don't > see, by simply reading their own article, that they have fouled up > royally on this, I am beginning to get doubts about Apple's future. > > I love particularly > > "Simply type the server's address, click Connect, and complete the > connection dialog. (Note that clicking the Browse button takes you > back to the Network view described above.)" > It is impossible that anyone aware of Apple's HID rules can have > written this, they must have hired someone from M$. Using the Browse > button to leave an application... It does not leave... The box will remain behind, or if it does not show but you close the browsed window it will come back :) > > "Important: Do not simultaneously connect to the same server using > both the Network view and Connect to Server methods. Doing so makes it > hard to disconnect from the server later. Be sure to eject a server > before connecting to it via the other method." and "It is important to > note that there is not a single location for seeing all connected (or > "mounted") servers." > No comment... > > "When you connect to a server in the Network view, its icon changes > from dimmed to full color". > Whatever full color means for a light gray icon... I think it just shows the "network distance" between Apple's Prototyping group and a folks actually writing the code :) J?nos > > -- > Martin > > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > > ------------------------------------------------- clear perl code is better than unclear awk code; but NOTHING comes close to unclear perl code http://www.faqs.org/faqs/computer-lang/awk/faq/ From mstearne at entermix.com Mon Dec 8 09:25:10 2003 From: mstearne at entermix.com (Michael Stearne) Date: Thu Nov 3 12:34:11 2005 Subject: [OT] Network performance monitoring tool ? In-Reply-To: <49F63FFD-29A2-11D8-8A68-000A27DD8970@janos.mail.yale.edu> References: <49F63FFD-29A2-11D8-8A68-000A27DD8970@janos.mail.yale.edu> Message-ID: <34B548C8-29A3-11D8-B2D4-000A95CD9C5A@entermix.com> You might try Intermapper ( http://intermapper.com/ ) but it is more for real-time monitoring I believe. Michael On Dec 8, 2003, at 12:16 PM, J?nos L?bb wrote: > Folks, > > I am in need of a good tool on OSX - or OSXS - to monitor the network > performance - not just my VLAN but the whole bloody local network > /few thousand machines/ - in real time and create a max one month > history of it, so I can go back max 30 days if a dispute arise. It > has to identify network bottlenecks - like wrongly configured routers > - it has to show network glitches either if it is for saturation or > from other causes, it should show what amount of data flows via what > pipes available. It also should make distinctions between switches > and hubs and computers and,.... Its also should alert if a specified > machine went down. It should show even very short term spikes like a > broadcast flood. It should be below $1K. An interface to an SQL > database - Sybase, Posthresql, Oracle ... to store tha data would be > nice but not necessary. > > There was a time when I used Lansurveyor version 4, but it could not > create historical data and that was for 8.6 or so. > > Any good recommendations ? > > Thanks ahead, > > J?nos > Ping is disabled here and I just do not have time to automate a > tcpdump on a promiscous card - which by the way can cost my job. > ------------------------------------------------- > clear perl code is better than unclear awk code; but NOTHING comes > close to unclear perl code > http://www.faqs.org/faqs/computer-lang/awk/faq/ > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > > From jwelch at aer.com Mon Dec 8 09:42:01 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:11 2005 Subject: [OT] Network performance monitoring tool ? In-Reply-To: <34B548C8-29A3-11D8-B2D4-000A95CD9C5A@entermix.com> Message-ID: On 12/8/03 11:23 AM, "Michael Stearne" wrote: > You might try Intermapper ( http://intermapper.com/ ) but it is more > for real-time monitoring I believe. Cybergauge will log, as will Etherpeek. I think with your price requirements, you're limited to open source tools though. john -- "If you're not gonna pull the trigger, don't point the gun." - James Baker From ploiku at earthlink.net Mon Dec 8 09:44:04 2003 From: ploiku at earthlink.net (Hsu) Date: Thu Nov 3 12:34:11 2005 Subject: invisible files In-Reply-To: <5FF6BF35-2924-11D8-8D1D-000393C5ED50@mac.com> References: <0908B6EA-290B-11D8-AA2D-0003934CBC52@colorremedies.com> <5FF6BF35-2924-11D8-8D1D-000393C5ED50@mac.com> Message-ID: <012F4239-29A6-11D8-A0F1-000393BE4072@earthlink.net> On Dec 7, 2003, at 6:15 PM, steve harley wrote: > i can't find any description of .hotfiles.btree I believe is the file that stores the hotfile clustering information (i.e. it tracks which files are currently in the running for hotfile clustering). Karl -- Whatever became of the moment when one first knew about death? There must have been one, a moment, in childhood when it first occurred to you that you don?t go on forever. It must have been shattering - stamped into one?s memory. And yet I can?t remember it. It never occurred to me at all. What does one make of that? We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come, bloodied and squalling with the knowledge that for all the compasses of the world, there?s only one direction, and time is its only measure. Homepage: http://homepage.mac.com/khsu/index.html From martinby at web.de Mon Dec 8 09:52:06 2003 From: martinby at web.de (Martin Bachmayer) Date: Thu Nov 3 12:34:11 2005 Subject: Mounting NeXTSTEP File System Message-ID: Hi there, is there someone out there having a clue: I have some NeXTSTEP diskettes and an External Floppy Disk Drive and I?d like to mount these disks on my G4 running 10.2.8 to copy some old data to my system!? Thank you very much for your help. Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: /mailman/archive/macosx-admin/attachments/20031208/1d620279/attachment.html From kremels at kreme.com Mon Dec 8 10:20:01 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:11 2005 Subject: Network Time CLI? In-Reply-To: References: Message-ID: <032CAB48-29AB-11D8-9CAD-000A95935598@kreme.com> On 08 Dec 2003, at 08:23, Larry Scott Hastings wrote: > Thanks for pointing out /etc/hostconfig.? I was looking for > /etc/rc.conf or /etc/rc.config with no luck. > > However, I can't modify the /etc/hostconfig file; vi tells me it is > read-only, and the file permissions confirm: :w! to force writing. Just an extra safety. -- RTFM replies are great, but please specify exactly which FM to R -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031208/9e175794/smime.bin From kremels at kreme.com Mon Dec 8 10:22:32 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:11 2005 Subject: video card in B&W G3 In-Reply-To: References: Message-ID: <54F7E712-29AB-11D8-9CAD-000A95935598@kreme.com> On 08 Dec 2003, at 10:06, Larry Scott Hastings wrote: > IIRC, the original video card is in a "special" 66 MHz PCI slot, > specifically for the video card. I believe the PCI slot is only 'special' in that it is 66Mhz instead of 33. If the card supports a 66Mhz PCI slot, it should work fine. #include standard_disclaimer.h -- Sarah, age 18, says "man, once you go crayola you can't go back." -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031208/2c47c073/smime.bin From kremels at kreme.com Mon Dec 8 10:27:02 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:11 2005 Subject: Mounting NeXTSTEP File System In-Reply-To: References: Message-ID: On 08 Dec 2003, at 10:50, Martin Bachmayer wrote: > is there someone out there having a clue: I have some NeXTSTEP > diskettes and an External Floppy Disk Drive and I?d like to mount > these disks on my G4 running 10.2.8 to copy some old data to my > system!? What happens if you put the disks in the drive? -- "Send beer, words simply can't adequately express your gratitude" - James Sedgwick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031208/8903eef4/smime.bin From andyring at inebraska.com Mon Dec 8 10:32:48 2003 From: andyring at inebraska.com (andyring@inebraska.com) Date: Thu Nov 3 12:34:11 2005 Subject: Mail trouble with OS X Server 10.3 Message-ID: <1070908298.3fd4c38a55475@webmail.inebraska.com> I am having some extreme frustration with e-mail on 10.3 Server. What it comes down to is, mail coming into the server from the outside world is rejected, and mail sent from inside the network refuses to go out (client computers using 10.3 as well). I have checked and re-checked and re-re-checked and re-re-re-checked everything I can possibly think of, in Server Admin, Workgroup Manager, and Postfix's config files, and nothing makes any difference. Everything was working fine on Friday, and to my knowledge, nothing has changed. Here is what I receive bounced back when I try to send mail from the outside world to any mail account on the server: ----------------------------- The original message was received at Mon, 8 Dec 2003 09:34:45 -0800 (PST) from smtpin08-en2 [10.13.10.153] ----- The following addresses had permanent fatal errors ----- (reason: 554 : Relay access denied) ----- Transcript of session follows ----- .. while talking to mx3.inebraska.com.: DATA <<< 554 : Relay access denied 554 5.0.0 Service unavailable <<< 554 Error: no valid recipients Reporting-MTA: dns; smtpout.mac.com Received-From-MTA: DNS; smtpin08-en2 Arrival-Date: Mon, 8 Dec 2003 09:34:45 -0800 (PST) Final-Recipient: RFC822; andy@newslinkinc.com Action: failed Status: 5.0.0 Remote-MTA: DNS; mx3.inebraska.com Diagnostic-Code: SMTP; 554 : Relay access denied Last-Attempt-Date: Mon, 8 Dec 2003 09:34:50 -0800 (PST) From: Andy Ringsmuth Date: December 8, 2003 10:34:41 AM MST To: andy@newslinkinc.com Subject: test test ------------------------------------- At times (depending on what I'd tweak in settings) I also receive this error: ------------------------------------- This message was created automatically by mail delivery software (Exim). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: andy@newslinkinc.com SMTP error from remote mailer after RCPT TO:: host mx.inebraska.com [199.184.119.9]: 554 : Relay access denied ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from user-uivefeu.dsl.mindspring.com ([165.247.61.222]) by gull.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 1ATHPo-0005U0-00 for andy@newslinkinc.com; Mon, 08 Dec 2003 01:10:53 -0800 Mime-Version: 1.0 (Apple Message framework v606) Content-Transfer-Encoding: 7bit Message-Id: <6944713E-295E-11D8-8A07-000A95789C0C@inebraska.com> Content-Type: text/plain; charset=US-ASCII; format=flowed To: andy@newslinkinc.com From: Andy Ringsmuth Subject: test Date: Mon, 8 Dec 2003 03:10:47 -0600 X-Mailer: Apple Mail (2.606) test ------------------------------------ SMTP is enabled on the server, as far as I can tell, but I don't know what all that would affect. I haven't found anything helpful in Apple's Knowledge Base articles, or Discussion Forums. This is extremely frustrating, because this is my company's production server, and of course, it has to happen when I'm on the road this week. I stayed up until 2:30 a.m. in my hotel room last night fighting with this, to no avail, and I'm at my wits end. Anyone involved in server maintenance knows the drill, the cell phone ringing off the hook, etc. People can log into the server to check mail (POP) just fine, but it seems like any and all incoming mail (addressed to users on the machine from the outside world, or users inside the network trying to send mail) doesn't work. Sending mail (from inside the network) results in this error: "the server 'mail.newslinkinc.com' refused to allow a connection on port 25." Any help is MUCH APPRECIATED. -Andy From magill at mcgillsociety.org Mon Dec 8 10:38:19 2003 From: magill at mcgillsociety.org (William H. Magill) Date: Thu Nov 3 12:34:11 2005 Subject: [OT] Network performance monitoring tool ? In-Reply-To: <49F63FFD-29A2-11D8-8A68-000A27DD8970@janos.mail.yale.edu> References: <49F63FFD-29A2-11D8-8A68-000A27DD8970@janos.mail.yale.edu> Message-ID: <83464CCA-29AD-11D8-B537-000393768D2C@mcgillsociety.org> On 08 Dec, 2003, at 12:16, J?nos L?bb wrote: > I am in need of a good tool on OSX - or OSXS - to monitor the network > performance - not just my VLAN but the whole bloody local network > /few thousand machines/ - in real time and create a max one month > history of it, so I can go back max 30 days if a dispute arise. It > has to identify network bottlenecks - like wrongly configured routers > - it has to show network glitches either if it is for saturation or > from other causes, it should show what amount of data flows via what > pipes available. It also should make distinctions between switches > and hubs and computers and,.... Its also should alert if a specified > machine went down. It should show even very short term spikes like a > broadcast flood. It should be below $1K. An interface to an SQL > database - Sybase, Posthresql, Oracle ... to store tha data would be > nice but not necessary. > > There was a time when I used Lansurveyor version 4, but it could not > create historical data and that was for 8.6 or so. > > Any good recommendations ? Not in your price range. ... you need to add at least two zeros. Simple tools for simple (ie about 100 nodes) networks are cheap, but comprehensive tools for sophisticated networks are not. The size and complexity of your network and the kinds of things you want from your monitoring tools are pretty sophisticated. (Note that I did not say unreasonable.) You are asking for the same Holy Grail of Network Management that those of us in the networking business have been pursuing since the beginning. Some things simply cannot be done by "one tool." Something capable of identifying a wrongly configured router (whatever that might mean, and it could mean many things) is going to be incapable of providing you with a performance history... it's like asking a refrigerator to boil water for you -- it can be done, but that is not what it was designed for. In general, what you are asking for is a Manager of Managers or MOM. It digests the data from the individual proprietary device managers for each different switch, router, and OS vendor on your network. (And depending upon who maintains your cable plant or provides your physical network -- their stuff also.) The individual tools can be cheap and Open Source tools can frequently be quite adequate. But each will be isolated and generate its own reports. The MOM is an expensive item, difficult to create and configure and even harder to keep running. Most enterprises simply substitute the skill and experience of a Network Operator at about $50K+bennies per year -- it's much cheaper. There are also issues of "who you are" -- that is to say, while the Central NOC for your network may be able to monitor and obtain the information you seek, they (probably) will not let you do it. They won't give you the passwords necessary to query the devices in question. One of the big problems in network management is the fact that the act of monitoring the network using the network itself can cause problems -- data can be lost because of the way in which it is generated or transmitted. There is not a simple answer to your problem. Keep in mind especially -- networks today are not as "open" or as "friendly" as they were only a few short years ago. As you have discovered - ping is disabled on your network. The information you are asking for "seems" simple enough on the surface, but in reality, it is anything but. T.T.F.N. William H. Magill # Beige G3 - Rev A motherboard - 768 Meg # Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg # PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a magill@mcgillsociety.org magill@acm.org magill@mac.com From jimstead at mac.com Mon Dec 8 10:43:17 2003 From: jimstead at mac.com (James E. Stead) Date: Thu Nov 3 12:34:11 2005 Subject: Mail trouble with OS X Server 10.3 In-Reply-To: <1070908298.3fd4c38a55475@webmail.inebraska.com> References: <1070908298.3fd4c38a55475@webmail.inebraska.com> Message-ID: <2DFC2476-29AE-11D8-8061-003065BDA9F4@mac.com> What messages do the mail server logs have in them? This is the kind of behavior you would get if you incorrectly specified the rules for mail relay (i.e. which networks you are allowing relay from). Jim On Dec 8, 2003, at 1:31 PM, andyring@inebraska.com wrote: > > I am having some extreme frustration with e-mail on 10.3 Server. What > it comes > down to is, mail coming into the server from the outside world is > rejected, and > mail sent from inside the network refuses to go out (client computers > using > 10.3 as well). I have checked and re-checked and re-re-checked and > re-re-re-checked everything I can possibly think of, in Server Admin, > Workgroup > Manager, and Postfix's config files, and nothing makes any difference. > Everything was working fine on Friday, and to my knowledge, nothing has > changed. > > Here is what I receive bounced back when I try to send mail from the > outside > world to any mail account on the server: > > ----------------------------- > > The original message was received at Mon, 8 Dec 2003 09:34:45 -0800 > (PST) > from smtpin08-en2 [10.13.10.153] > > ----- The following addresses had permanent fatal errors ----- > > (reason: 554 : Relay access denied) > > ----- Transcript of session follows ----- > .. while talking to mx3.inebraska.com.: > DATA > <<< 554 : Relay access denied > 554 5.0.0 Service unavailable > <<< 554 Error: no valid recipients > Reporting-MTA: dns; smtpout.mac.com > Received-From-MTA: DNS; smtpin08-en2 > Arrival-Date: Mon, 8 Dec 2003 09:34:45 -0800 (PST) > > Final-Recipient: RFC822; andy@newslinkinc.com > Action: failed > Status: 5.0.0 > Remote-MTA: DNS; mx3.inebraska.com > Diagnostic-Code: SMTP; 554 : Relay access denied > Last-Attempt-Date: Mon, 8 Dec 2003 09:34:50 -0800 (PST) > > From: Andy Ringsmuth > Date: December 8, 2003 10:34:41 AM MST > To: andy@newslinkinc.com > Subject: test > > > test > > > ------------------------------------- > > At times (depending on what I'd tweak in settings) I also receive this > error: > > ------------------------------------- > > This message was created automatically by mail delivery software > (Exim). > > A message that you sent could not be delivered to one or more of its > recipients. This is a permanent error. The following address(es) > failed: > > andy@newslinkinc.com > SMTP error from remote mailer after RCPT TO:: > host mx.inebraska.com [199.184.119.9]: 554 : > Relay access denied > > ------ This is a copy of the message, including all the headers. ------ > > Return-path: > Received: from user-uivefeu.dsl.mindspring.com ([165.247.61.222]) > by gull.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) > id 1ATHPo-0005U0-00 > for andy@newslinkinc.com; Mon, 08 Dec 2003 01:10:53 -0800 > Mime-Version: 1.0 (Apple Message framework v606) > Content-Transfer-Encoding: 7bit > Message-Id: <6944713E-295E-11D8-8A07-000A95789C0C@inebraska.com> > Content-Type: text/plain; charset=US-ASCII; format=flowed > To: andy@newslinkinc.com > From: Andy Ringsmuth > Subject: test > Date: Mon, 8 Dec 2003 03:10:47 -0600 > X-Mailer: Apple Mail (2.606) > > test > > > ------------------------------------ > > > SMTP is enabled on the server, as far as I can tell, but I don't know > what all > that would affect. I haven't found anything helpful in Apple's > Knowledge Base > articles, or Discussion Forums. This is extremely frustrating, > because this is > my company's production server, and of course, it has to happen when > I'm on the > road this week. I stayed up until 2:30 a.m. in my hotel room last > night > fighting with this, to no avail, and I'm at my wits end. Anyone > involved in > server maintenance knows the drill, the cell phone ringing off the > hook, etc. > > People can log into the server to check mail (POP) just fine, but it > seems like > any and all incoming mail (addressed to users on the machine from the > outside > world, or users inside the network trying to send mail) doesn't work. > > Sending mail (from inside the network) results in this error: > > "the server 'mail.newslinkinc.com' refused to allow a connection on > port 25." > > > > Any help is MUCH APPRECIATED. > > > > -Andy > > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > James E. Stead Software Engineer 407.252.3321 jimstead@mac.com From lists at colorremedies.com Mon Dec 8 11:08:05 2003 From: lists at colorremedies.com (Chris Murphy) Date: Thu Nov 3 12:34:11 2005 Subject: Me too! Re: Network icon In-Reply-To: <3FD45638.2040901@wanadoo.fr> References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> Message-ID: After reading all of the email on this subject, I'm quite confident in saying that it appears Barney Phife, head of Apple Security, continues to be directly involved in the networking UI and coordinating its testing at Apple. At a certain point in time, I think the calls for Apple to fix the network connection UI and the resulting UE (as separate from performance which is quite good I think) should to turn into calls to fire [1] people responsible as they continue to demonstrate their total incompetency in this area. They've had three major versions to figure this out and over a dozen maintenance updates. And it still is a B.S. experience every time. And by the majority of accounts, people find the Jaguar situation better than the Panther one, so in that sense the experience has gotten WORSE not better. Relying on faith in Apple to fix what obviously needs to be fixed is not working very well. To date they've shown very little improvement, interest, or competency in the area of network UI. [1] sending them to the engineering/management equivalent of Siberia is also acceptable. Chris Murphy Color Remedies (TM) www.colorremedies.com/realworldcolor --------------------------------------------------------- Co-author "Real World Color Management" Published by PeachPit Press (ISBN 0-201-77340-6) From mbartosh at mac.com Mon Dec 8 11:21:01 2003 From: mbartosh at mac.com (Michael Bartosh) Date: Thu Nov 3 12:34:11 2005 Subject: Freaky SMTP probs w mail.app In-Reply-To: References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> Message-ID: Anyone seen this: outgoing messages in mail.app just sit and sit and sit in the out folder but... never really go out. SMTP server is working fine; I can telnet to it and issue commands, and sending mail through it with pine works like a charm. Thanks- -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh mbartosh@4am-media.com 303.517.0272 Denver, CO "The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently." - -- Nietzsche Think Different. From lists at colorremedies.com Mon Dec 8 12:01:57 2003 From: lists at colorremedies.com (Chris Murphy) Date: Thu Nov 3 12:34:11 2005 Subject: A constructive solution, was: Me too! Re: Network icon In-Reply-To: References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> Message-ID: <2538BE5E-29B9-11D8-AA2D-0003934CBC52@colorremedies.com> What's the hypothetical email address for Steve Jobs? sjobs@apple.com or something? The email addresses I have at Apple are all first name + first letter of last name. That would mean stevej@apple.com. Anyone? In any event, I think at this point considering how long OS X has been out, how much feedback Apple has been given, and how much of a difference it hasn't made, that to really fix this problem we should all send off an email to Steve. Keep it short. Suggestions: "Network UI sucks. Tell someone to fix it please." "Fix networking UI or I'm sending you a dozen cheap fruitcakes for Christmas." "Network UI in Panther is a step backwards. It needs to go forward. Send a memo please." "Fire the person, or people most responsible for network UI. It sucks." "Please hire a competent person to fix OS X's network UI." And no I'm not kidding. Whoever's job it is right now to make these decisions has done a bad job, and should be replaced. Feedback is insufficient. I am willing to wait until 10.3.2 comes out - since that should represent what Panther would have looked like if it had been released closer to the end of 2003, instead of half baked in October like it was. If it still sucks, I propose an email campaign to circumvent a feedback process that isn't getting the message across. It's either that or live with continuing network UI problems. Chris Murphy Color Remedies (TM) www.colorremedies.com/realworldcolor --------------------------------------------------------- Co-author "Real World Color Management" Published by PeachPit Press (ISBN 0-201-77340-6) From garbanzito at mac.com Mon Dec 8 12:21:02 2003 From: garbanzito at mac.com (steve harley) Date: Thu Nov 3 12:34:11 2005 Subject: video card in B&W G3 In-Reply-To: <54F7E712-29AB-11D8-9CAD-000A95935598@kreme.com> References: <54F7E712-29AB-11D8-9CAD-000A95935598@kreme.com> Message-ID: On 8 Dec 2003, at 11:21 AM, Lukreme wrote: > On 08 Dec 2003, at 10:06, Larry Scott Hastings wrote: >> IIRC, the original video card is in a "special" 66 MHz PCI slot, >> specifically for the video card. > > I believe the PCI slot is only 'special' in that it is 66Mhz instead > of 33. If the card supports a 66Mhz PCI slot, it should work fine. i concur.. i once put a third-party 66MHz video card in the "special" slot of a B&W G3, and it ran fine From plalor at infoasis.com Mon Dec 8 12:58:07 2003 From: plalor at infoasis.com (Peter Lalor) Date: Thu Nov 3 12:34:11 2005 Subject: [OT] Network performance monitoring tool ? In-Reply-To: <200312082001.hB8K1KqT020181@slowbro.omnigroup.com> References: <200312082001.hB8K1KqT020181@slowbro.omnigroup.com> Message-ID: <14E79F44-29C1-11D8-9091-00039351ED0E@infoasis.com> > From: =?ISO-8859-1?Q?J=E1nos_L=F6bb?= > Date: Mon, 8 Dec 2003 12:16:40 -0500 > > I am in need of a good tool on OSX - or OSXS - to monitor the network > performance - not just my VLAN but the whole bloody local network /few > thousand machines/ - in real time and create a max one month history of > it, so I can go back max 30 days if a dispute arise. It has to > identify network bottlenecks - like wrongly configured routers - it > has to show network glitches either if it is for saturation or from > other causes, it should show what amount of data flows via what pipes > available. It also should make distinctions between switches and hubs > and computers and,.... Its also should alert if a specified machine > went down. It should show even very short term spikes like a broadcast > flood. It should be below $1K. An interface to an SQL database - > Sybase, Posthresql, Oracle ... to store tha data would be nice but not > necessary. On your budget, you'll need to use a few different apps for each piece. Traffic (and anything else query-able by SNMP, such as errors and discards) can be graphed for a year by MRTG. http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ Its used by ISPs everywhere and so has been extended in various ways. There's lots there to keep you busy. (http://fink.sourceforge.net/ has a package installer.) For network mapping, monitoring and notification, InterMapper is great. http://www.intermapper.com/ It draws your network with live display of traffic and bottlenecks, errors, etc. and can send highly configurable notification in a multitude of ways, ensuring that you will never sleep a full night again. Used together these two will reveal the ghastly truths of your network. ;-) Peter Lalor From shoop at iwiring.net Mon Dec 8 13:14:04 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:11 2005 Subject: [OT] Network performance monitoring tool ? In-Reply-To: <49F63FFD-29A2-11D8-8A68-000A27DD8970@janos.mail.yale.edu> References: <49F63FFD-29A2-11D8-8A68-000A27DD8970@janos.mail.yale.edu> Message-ID: At 12:16 PM -0500 12/8/03, J?nos L?bb wrote: >Folks, > >I am in need of a good tool on OSX - or OSXS - >to monitor the network performance - not just >my VLAN but the whole bloody local network /few >thousand machines/ - in real time and create a >max one month history of it, so I can go back >max 30 days if a dispute arise. It has to >identify network bottlenecks - like wrongly >configured routers - it has to show network >glitches either if it is for saturation or from >other causes, it should show what amount of data >flows via what pipes available. It also should >make distinctions between switches and hubs and >computers and,.... Its also should alert if a >specified machine went down. It should show >even very short term spikes like a broadcast >flood. It should be below $1K. An interface >to an SQL database - Sybase, Posthresql, Oracle >... to store tha data would be nice but not >necessary. > >There was a time when I used Lansurveyor version >4, but it could not create historical data and >that was for 8.6 or so. > >Any good recommendations ? You're asking for just about everything aren't you? ;) I'd suggest using a suite of different tools. Finding one that does all isn't going to happen. But you're missing the key part too -- the human side of the tool. I'd also question your $1K budget. You want a world class NOC tool on a ValueMeal budget. Even if you could find a tool in such a price range, or even open source, who's going to run it? You'll still need a network manager who's salary will far exceed the purse of someone looking for a tool on the cheap. You can't really have both. If you want a world class tool you'll want a world class human too to interpret the reports and manage the system. It also seems like you're willing to spend huge bucks for the backend datastore but no money for the tool itself, which is odd. (You mention Oracle, which isn't cheap.) That said I'd suggest you look at a wide variety of packages, combing features from all of them to get something that a $75K+ network manager could run and report on for you. Check out things like nagios, InterMapper (commercial), and OpenView (commercial), MRTG, and you'll probably also want something to snort your traffic. And don't forget to add in that $1K budget a managed switch capable of echoing all network traffic to a port, a fast system to act as the sniffer/collector, and a another system for reporting ana management. Even if you built the whole thing on freeware tools, the infrastructure is well beyond $1K. My suggestion is you focus on narrowing down your real requirements and, like the Magic * Ball says, ask your question again. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From shoop at iwiring.net Mon Dec 8 13:31:05 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:11 2005 Subject: Mail trouble with OS X Server 10.3 In-Reply-To: <1070908298.3fd4c38a55475@webmail.inebraska.com> References: <1070908298.3fd4c38a55475@webmail.inebraska.com> Message-ID: At 12:31 PM -0600 12/8/03, andyring@inebraska.com wrote: >I am having some extreme frustration with e-mail on 10.3 Server. >What it comes >down to is, mail coming into the server from the outside world is >rejected, and >mail sent from inside the network refuses to go out (client computers using >10.3 as well). I have checked and re-checked and re-re-checked and >re-re-re-checked everything I can possibly think of, in Server >Admin, Workgroup >Manager, and Postfix's config files, and nothing makes any difference. >Everything was working fine on Friday, and to my knowledge, nothing has >changed. The problem looks like you're running exim and configuring postfix. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From shoop at iwiring.net Mon Dec 8 13:35:10 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:11 2005 Subject: Mail trouble with OS X Server 10.3 In-Reply-To: <1070908298.3fd4c38a55475@webmail.inebraska.com> References: <1070908298.3fd4c38a55475@webmail.inebraska.com> Message-ID: At 12:31 PM -0600 12/8/03, andyring@inebraska.com wrote: >I am having some extreme frustration with e-mail on 10.3 Server. >What it comes >down to is, mail coming into the server from the outside world is >rejected, and >mail sent from inside the network refuses to go out (client computers using >10.3 as well). I have checked and re-checked and re-re-checked and >re-re-re-checked everything I can possibly think of, in Server >Admin, Workgroup >Manager, and Postfix's config files, and nothing makes any difference. >Everything was working fine on Friday, and to my knowledge, nothing has >changed. It's a Friday thing. Things just break on Fridays. ;) >Here is what I receive bounced back when I try to send mail from the outside >world to any mail account on the server: > >----------------------------- > >The original message was received at Mon, 8 Dec 2003 09:34:45 -0800 (PST) >from smtpin08-en2 [10.13.10.153] > > ----- The following addresses had permanent fatal errors ----- > > (reason: 554 : Relay access denied) > > ----- Transcript of session follows ----- >.. while talking to mx3.inebraska.com.: >DATA ><<< 554 : Relay access denied >554 5.0.0 Service unavailable ><<< 554 Error: no valid recipients You're relaying, or so your MTA thinks. It's not permitted in your policies. The sending system isn't permitted to send mail through this machine. Also the mail contained no valid recipients, so how you're looking up you're users is likely incorrect too. >At times (depending on what I'd tweak in settings) I also receive this error: > > >This message was created automatically by mail delivery software (Exim). OK, you're not running postfix (the MTA included in OS X Server), but *exim*!! Sounds to me like you have more than one MTA configured. You're running exim instead of postfix. Perhaps you're trying to start two different MTAs and exim launches first? >------ This is a copy of the message, including all the headers. ------ > >Return-path: >Received: from user-uivefeu.dsl.mindspring.com ([165.247.61.222]) > by gull.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) > id 1ATHPo-0005U0-00 > for andy@newslinkinc.com; Mon, 08 Dec 2003 01:10:53 -0800 Definitely exim here! >SMTP is enabled on the server, as far as I can tell, but I don't know what all >that would affect. Ah, well you do understand what SMTP is, right? Youn understand that we're talking about SMTP servers, right? So what running an SMTP server affects is very key to what we're talking about. > I haven't found anything helpful in Apple's Knowledge Base >articles, or Discussion Forums. This is extremely frustrating, >because this is >my company's production server, and of course, it has to happen when >I'm on the >road this week. I stayed up until 2:30 a.m. in my hotel room last night >fighting with this, to no avail, and I'm at my wits end. Anyone involved in >server maintenance knows the drill, the cell phone ringing off the hook, etc. Never make changes on a Friday, it's a cardinal rule. >People can log into the server to check mail (POP) just fine, but it >seems like >any and all incoming mail (addressed to users on the machine from the outside >world, or users inside the network trying to send mail) doesn't work. That's because POP and IMAP are MDA's and we're having issues with your MTA, which is SMTP. >Sending mail (from inside the network) results in this error: > >"the server 'mail.newslinkinc.com' refused to allow a connection on port 25." Hmm, well that seems to indicate that you're not even talking to the same server thats generated these other messages, or that it's got some sort of firewalling blocking the connection since outside you can connect to the machine but inside you can't. You're connecting to the same IP in each case right? I suspect that somewhere along the line you're not using the same server. I'd suggest, from inside your network, you connect to the smtp server and talk to it. See how it responds, and what it responds as, exim or postfix from something like: % telnet mymailserverip smtp If it's responding as exim, not postfix, then all that GUI configuration with the server tools are configuring the wrong piece of sw b/c you have exim running instead. Try the same thing from outside your network. Compare the IP addresses getting used in all cases. You either have something pointed to the wrong machine or you're running a different SMTP server from what you believe to be running. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From grail at goldweb.com.au Mon Dec 8 13:43:08 2003 From: grail at goldweb.com.au (grail@goldweb.com.au) Date: Thu Nov 3 12:34:12 2005 Subject: Freaky SMTP probs w mail.app In-Reply-To: References: <3FD43C08.9040003@goldweb.com.au><7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com><3FD45638.2040901@wanadoo.fr> Message-ID: <42851.210.11.228.39.1070919413.squirrel@secure.goldweb.com.au> > outgoing messages in mail.app just sit and sit and sit in the out > folder but... never really go out. Is that account "Online"? Have you configured the right hostname in the SMTP server field for that account? From mbartosh at mac.com Mon Dec 8 13:48:03 2003 From: mbartosh at mac.com (Michael Bartosh) Date: Thu Nov 3 12:34:12 2005 Subject: Freaky SMTP probs w mail.app In-Reply-To: <42851.210.11.228.39.1070919413.squirrel@secure.goldweb.com.au> References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> <42851.210.11.228.39.1070919413.squirrel@secure.goldweb.com.au> Message-ID: At 8:36 AM +1100 12/9/03, grail@goldweb.com.au wrote: >Is that account "Online"? Yes >Have you configured the right hostname in the SMTP server field for that >account? Yes From ocs at ocs.cz Mon Dec 8 14:01:02 2003 From: ocs at ocs.cz (Ondra Cada) Date: Thu Nov 3 12:34:12 2005 Subject: customized log in? Message-ID: Is there a way to _extend_ (not replace) the log in procedure using my own code to offer an alternative way of log in? I would like to allow using an extra hardware to log in as an alternative to the standard loginwindow panel. I've found how to change the appearance of the panel, but I haven't been able to find a way of "installing" my own code to allow "automatic" filling of the user/password fields and logging in. Is there a way? Thanks, --- Ondra ?ada OCSoftware: ocs@ocs.cz http://www.ocs.cz private ondra@ocs.cz http://www.ocs.cz/oc From janos.lobb at yale.edu Mon Dec 8 14:13:03 2003 From: janos.lobb at yale.edu (=?ISO-8859-1?Q?J=E1nos_L=F6bb?=) Date: Thu Nov 3 12:34:12 2005 Subject: [OT] Network performance monitoring tool ? In-Reply-To: References: <49F63FFD-29A2-11D8-8A68-000A27DD8970@janos.mail.yale.edu> Message-ID: On Dec 8, 2003, at 4:13 PM, Dan Shoop wrote: > At 12:16 PM -0500 12/8/03, J?nos L?bb wrote: >> Folks, >> >> I am in need of a good tool on OSX - or OSXS - to monitor the network >> performance - not just my VLAN but the whole bloody local network >> /few thousand machines/ - in real time and create a max one month >> history of it, so I can go back max 30 days if a dispute arise. It >> has to identify network bottlenecks - like wrongly configured >> routers - it has to show network glitches either if it is for >> saturation or from other causes, it should show what amount of data >> flows via what pipes available. It also should make distinctions >> between switches and hubs and computers and,.... Its also should >> alert if a specified machine went down. It should show even very >> short term spikes like a broadcast flood. It should be below $1K. >> An interface to an SQL database - Sybase, Posthresql, Oracle ... to >> store tha data would be nice but not necessary. >> >> There was a time when I used Lansurveyor version 4, but it could not >> create historical data and that was for 8.6 or so. >> >> Any good recommendations ? > > You're asking for just about everything aren't you? ;) Yes,... looks like. > > I'd suggest using a suite of different tools. Finding one that does > all isn't going to happen. But you're missing the key part too -- the > human side of the tool. > > I'd also question your $1K budget. You want a world class NOC tool on > a ValueMeal budget. Even if you could find a tool in such a price > range, or even open source, who's going to run it? You'll still need a > network manager who's salary will far exceed the purse of someone > looking for a tool on the cheap. At this moment I am the sysadmin, dba and systems integrator. My compensation is probably adequate to my knowledge in these areas - not much ! > You can't really have both. If you want a world class tool you'll > want a world class human too to interpret the reports and manage the > system. It also seems like you're willing to spend huge bucks for the > backend datastore but no money for the tool itself, which is odd. (You > mention Oracle, which isn't cheap.) Oracle is site licensed at Yale so its cost to me is very good, $0. > > That said I'd suggest you look at a wide variety of packages, combing > features from all of them to get something that a $75K+ network > manager could run and report on for you. Check out things like nagios, > InterMapper (commercial), and OpenView (commercial), MRTG, and you'll > probably also want something to snort your traffic. I will definitely look at InterMapper and MRTG. / I alredy looked Etheral which is a front end to MRTG as I understand./ My network admins have Sniffer and OpenView and they do not see that kind of problems my users are experiencing. Of course we are one of the biggest database users on the network with a very distributed application where response time is critical, so we see every trouble first. I used ping and tcpdump as much as I could, but when I pinpointed with ping that one of the routing devices between two network segments were wrongly configured the pay was that ping got disabled. So, I need something better than that. > > And don't forget to add in that $1K budget a managed switch capable of > echoing all network traffic to a port, a fast system to act as the > sniffer/collector, and a another system for reporting ana management. We are on a Cisco 5xxx and 6xxx network. All switch are managed - of corse not by me. > > Even if you built the whole thing on freeware tools, the > infrastructure is well beyond $1K. > > My suggestion is you focus on narrowing down your real requirements > and, like the Magic * Ball says, ask your question again. So, when my users - who are connected to 7 different Cisco switches all around the network - reports "sluggish network", "bad response time", "very slow screen refresh"," excruciating slow echo in telnet", I would like to spin back time and look the collected network statistics data what did go wrong. /If I have to store 500GByte data somewhere to do that, that is not a problem. I just purchased 2 XRaid for other purposes with 2.5 TerraByte each from where I can probably borrow some storage space now./ When I call my network admins, they say, that the network is "just fine", it is used "just in 50%" and they do not see any significant collisions on my virtual LAN. However with ping I could show that a device malfunctioned between to segments - the lost packets increased by thousand folds. I also could demonstrate that the network DNS servers did not resolve correctly. Just by looking their Sniffer screen I could realize that more than 50% of the bandwidth consumed on my Vlan was from IPX broadcasting although I use very little Novell stuff. Using tcpdump I could show that there was a rouge DHCP server on the network causing broadcast storms. So, there is a history here that I can see network problems because of the application my users using and because of the extensive usage of database requests the application creates way before the network admins notice anything wrong inside OpenView for the rest of the network. So, I am looking for an application or a group of applications which can help me to record any momentary network glitches or spikes where the saturation is there for not even a second but long enough to ruin all active sessions of the application, and can collect historical data on network performance. / For example at 15:34 the available network bandwith dropped to half of its previous value for 2 minutes./ I am already using iostat, vmstat and netstat on my database server to see its load and I am monitoring Sybase performance with sp_sysmon. These tools do not show me any extraordinary regarding my servers' load, so I am still suspecting the network even if the network admins say "there is nothing there". This tool or group of tools should work even in a "not-friendly" or even "hostile" network environment as network admins concerned - I should not know any passwords. Snmp protocol is disabled on this network - or minimum on my Vlan -, so I cannot rely on snmp. Thanks ahead, J?nos P.S. Of course I would like to have it on OSX. PC ? Bhruuu ! -- > > -dhan > > ----------------------------------------------------------------------- > - > Dan Shoop > shoop@iwiring.net > Consulting Internet Architect > shoop@mac.com > AIM: iWiring > > pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B > > iWiring designs and supports Internet systems and networks based on > Mac OS X, unix(tm), and Open Source applications technologies and > offers 24x7, guaranteed support to registered clients. How can we help? > > ------------------------------------------------- clear perl code is better than unclear awk code; but NOTHING comes close to unclear perl code http://www.faqs.org/faqs/computer-lang/awk/faq/ From jwelch at aer.com Mon Dec 8 14:15:08 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:12 2005 Subject: customized log in? In-Reply-To: Message-ID: On 12/8/03 4:00 PM, "Ondra Cada" wrote: > Is there a way to _extend_ (not replace) the log in procedure using my > own code to offer an alternative way of log in? > > I would like to allow using an extra hardware to log in as an > alternative to the standard loginwindow panel. I've found how to change > the appearance of the panel, but I haven't been able to find a way of > "installing" my own code to allow "automatic" filling of the > user/password fields and logging in. Is there a way? Can I ask why you would want to do that much work? Loginwindow is now heavily tied into the overall authentication mechanisms of Mac OS X, Kerberos, etc. john -------------------------------------------------------- Misquotation of unattributed, trite metaphysical saying goes here. Stupid ascii Unnecessary notice of graphic goes here. responsibility goes here. --------------------------------------------------------- From Matthew.van.Eerde at hbinc.com Mon Dec 8 14:26:11 2003 From: Matthew.van.Eerde at hbinc.com (Matthew.van.Eerde@hbinc.com) Date: Thu Nov 3 12:34:12 2005 Subject: Me too! Re: Network icon Message-ID: Hey, networking is complicated. Give them a break, they'll fix it. FWIW, the hardest part seems to be trying to integrate all the different protocols - AFP (Apple), SMB (Windows), and the native UNIX-ish things. Trying to make all this work together in a pretty UI is REALLY HARD - it takes lots of development time. Also bear in mind that Apple would rather work on all sorts of other things, as networking is not used by all that many of their customers. > From: Chris Murphy [mailto:lists@colorremedies.com] > > At a certain point in time, I think the calls for Apple to fix the > network connection UI and the resulting UE (as separate from > performance which is quite good I think) should to turn into calls to > fire [1] people responsible as they continue to demonstrate > their total > incompetency in this area. They've had three major versions to figure > this out and over a dozen maintenance updates. And it still is a B.S. > experience every time. And by the majority of accounts, > people find the > Jaguar situation better than the Panther one, so in that sense the > experience has gotten WORSE not better. From ocs at ocs.cz Mon Dec 8 14:42:01 2003 From: ocs at ocs.cz (Ondra Cada) Date: Thu Nov 3 12:34:12 2005 Subject: customized log in? In-Reply-To: Message-ID: <9E376D04-29CF-11D8-BD0A-000A95977AAA@ocs.cz> On Monday, Dec 8, 2003, at 23:12 Europe/Prague, John C. Welch wrote: > Can I ask why you would want to do that much work? Nope, I want to do *as little work* as possible! The actual goal is that the G4 integrated to my car (well not actually mine, but that is not important for this discussion) automatically logs in me when I use my key and my dear when she uses her key, not forcing us to take the keyboard out and log in the traditional way. The wiring and software needed for the Mac to get the "who sits at the wheel" info is available and does work nicely. What I dunno howto is to use the information for an automatic login. > Loginwindow is now > heavily tied into the overall authentication mechanisms of Mac OS X, > Kerberos, etc. That's exactly why I am seeking for a way to attach my code to loginwindow instead of replacing it. --- Ondra ?ada OCSoftware: ocs@ocs.cz http://www.ocs.cz private ondra@ocs.cz http://www.ocs.cz/oc From adrianslists at optusnet.com.au Mon Dec 8 14:45:25 2003 From: adrianslists at optusnet.com.au (Adrian Smith) Date: Thu Nov 3 12:34:12 2005 Subject: Me too! Re: Network icon In-Reply-To: References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> Message-ID: At 12:07 PM -0700 8/12/03, Chris Murphy wrote: >And by the majority of accounts, people find the Jaguar situation >better than the Panther one, so in that sense the experience has >gotten WORSE not better. Most of my users here overwhelming prefer the Panther UI (ie browsing through the Network Icon and the ability to put an AppleTalk zone in the sidebar*). They do wish servers mounted this way would appear as individual entries on the desktop (or sidebar or whatever) but for most of them Panther is an improvement - but not quite where it should be. Adrian Smith Centenary Institute * we are part of large University network which stills has ~50 AppleTalk zones. In Jag they are appear in the Network Browser and there is no way to go straight to the local zone. In Panther you can drag a zone to the side bar and go straight there. From ocs at ocs.cz Mon Dec 8 14:47:19 2003 From: ocs at ocs.cz (Ondra Cada) Date: Thu Nov 3 12:34:12 2005 Subject: customized log in? In-Reply-To: <9E376D04-29CF-11D8-BD0A-000A95977AAA@ocs.cz> Message-ID: <545E4BAC-29D0-11D8-BD0A-000A95977AAA@ocs.cz> On Monday, Dec 8, 2003, at 23:41 Europe/Prague, Ondra Cada wrote: > the G4 integrated to my car (well not actually mine, but that is not > important for this discussion) Quite irrelevant, but somebody may be interested--it looks like this: http://www.mujmac.cz/images/img_0781.jpg half-finished user interface http://www.mujmac.cz/images/img_1223.jpg finished machine under the hood. --- Ondra ?ada OCSoftware: ocs@ocs.cz http://www.ocs.cz private ondra@ocs.cz http://www.ocs.cz/oc From subscriber at gloaming.com Mon Dec 8 14:56:03 2003 From: subscriber at gloaming.com (James Bucanek) Date: Thu Nov 3 12:34:12 2005 Subject: customized log in? In-Reply-To: <9E376D04-29CF-11D8-BD0A-000A95977AAA@ocs.cz> Message-ID: Ondra Cada wrote on Monday, December 8, 2003: >The actual goal is that the G4 integrated to my car (well not actually >mine, but that is not important for this discussion) automatically logs >in me when I use my key and my dear when she uses her key, not forcing >us to take the keyboard out and log in the traditional way. If your G4 is booted/restarted when you get in the car, and if you could figure out how/where OS X stores the preferences for auto-login, you could write an rc script or StartupItem that would determine who is sitting at the wheel at boot time. The script could then swap in the appropriate pref file for the Login Window to discover. ______________________________________________________ James Bucanek From cthacker at casmail.ucsf.edu Mon Dec 8 14:59:01 2003 From: cthacker at casmail.ucsf.edu (chris thacker) Date: Thu Nov 3 12:34:12 2005 Subject: etting "bootr, unknown word" and firmware screen on reboot... ??? Message-ID: i just installed 10.2.8 on an old imac. upon restarting it always boots into openfirmware and displays this message: -------------- bootr, unknown word Failed to boot Apple iMac Open Firmware 3.0.f10 built on 03/05/99 at 21:14:19 Copyright... ok 0 > --------------- if i reset the p-ram it boots up fine but repeats this error the next time i reboot... i've also tried: reset-nvram [hit return] reset-all [hit return] and that worked, just like resetting p-ram did, but likewise, the next time i restart it goes back into this openfirmware mode. any other ideas? thanks! ------------------- Chris Thacker Campus Life Services - Information Systems University of California at San Francisco [ help desk ] 415 502-5511 [direct line] 415 514-3373 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 931 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031208/a92dc2eb/attachment.bin From wf at wf227.com Mon Dec 8 15:05:39 2003 From: wf at wf227.com (Wolfgang Fischer) Date: Thu Nov 3 12:34:12 2005 Subject: weird records in system.log In-Reply-To: <61711CCF-275E-11D8-B96F-000A95D9A83A@mac.com> References: <99DB9464-273D-11D8-8B8A-003065FB84BC@kapu.net> <61711CCF-275E-11D8-B96F-000A95D9A83A@mac.com> Message-ID: Hi, did someone suggest already to run tcpdump for DNS traffic? Can you start a tcpdump on the next hop too? Do you have a IDS in that segment? Bind8 sounds a little scary. Wolfgang On 05.12.2003, at 21:05, Robert Cerny wrote: > Hi, > good idea but I don't think so... > /sbin/ipfw add 3000 allow udp from any 1024-65535 to any 53 out via > ${exif} keep-state > /sbin/ipfw add 4040 allow udp from any to ${exip} 53 in via ${exif} > keep-state > > Robert > On 5.12.2003, at 17:10, Michael J Wise wrote: > >> On Dec 4, 2003, at 9:44 PM, Robert Cerny wrote: >> >>> Still have no idea... >> >> Is there a firewall blocking port 53? >> >> Aloha mai Nai`a! From djjames at env.med.nyu.edu Mon Dec 8 15:33:02 2003 From: djjames at env.med.nyu.edu (DJ James) Date: Thu Nov 3 12:34:12 2005 Subject: etting "bootr, unknown word" and firmware screen on reboot... ??? Message-ID: While looking for something else, I came across this KnowledgeBase article just this afternoon. http://docs.info.apple.com/article.html?artnum=42642 It sounds like you're doing the right things but might just need to try them in a slightly different order. Try reading that and the linked article inside it, and see if either of them help. Good Luck, --DJ ******** DJ James, Systems/Network Administrator NYU School of Medicine At 2:58 PM -0800 12/8/03, chris thacker wrote: >i just installed 10.2.8 on an old imac. upon restarting it always >boots into openfirmware and displays this message: >-------------- >bootr, unknown word >Failed to boot >Apple iMac Open Firmware 3.0.f10 built on 03/05/99 at 21:14:19 >Copyright... >ok >0 > >--------------- > >if i reset the p-ram it boots up fine but repeats this error the >next time i reboot... >i've also tried: > >reset-nvram >[hit return] >reset-all >[hit return] > >and that worked, just like resetting p-ram did, but likewise, the >next time i restart it goes back into this openfirmware mode. >any other ideas? >thanks! > >------------------- >Chris Thacker >Campus Life Services - Information Systems >University of California at San Francisco >[ help desk ] 415 502-5511 >[direct line] 415 514-3373 -------------- next part -------------- An HTML attachment was scrubbed... URL: /mailman/archive/macosx-admin/attachments/20031208/201a36ad/attachment.html From donaldendres at hotmail.com Mon Dec 8 15:35:07 2003 From: donaldendres at hotmail.com (Donald Endres) Date: Thu Nov 3 12:34:12 2005 Subject: single-sign-on trouble Message-ID: MacOSX-Admin, For several weeks, Active Directory accounts worked in Panther exactly as advertised. Unfortunately, when I tried to move to stage 1 of the production environment, the Kerberos Single-Sign-On feature stopped working. Trying to nail down the problem in the test environment removed all evidence that Single-Sign-On feature ever worked at all. After repeated reinstallation and reconfiguration of the test environment, I have not been able to use the Single-Sign-On feature. I would like to break the Authentication and Authorization systems down into their base components so that I may run well defined tests on them. Unfortunately, the required documentation seems to be under lock and key somewhere at Apple. Any suggestions? Sincerely, -Donald Endres From rogerhoward at mac.com Mon Dec 8 15:46:09 2003 From: rogerhoward at mac.com (rogerhoward@mac.com) Date: Thu Nov 3 12:34:12 2005 Subject: customized log in? In-Reply-To: <545E4BAC-29D0-11D8-BD0A-000A95977AAA@ocs.cz> Message-ID: <9F3DCA7C-29D8-11D8-B5CA-003065B2B6C4@mac.com> On Monday, December 8, 2003, at 02:46 PM, Ondra Cada wrote: > > On Monday, Dec 8, 2003, at 23:41 Europe/Prague, Ondra Cada wrote: > >> the G4 integrated to my car (well not actually mine, but that is not >> important for this discussion) > > Quite irrelevant, but somebody may be interested--it looks like this: > > http://www.mujmac.cz/images/img_0781.jpg > > half-finished user interface > > http://www.mujmac.cz/images/img_1223.jpg > > finished machine under the hood. Excellent. What are the hardware specs? I'm getting ready to retire my 400Mhz TiBook, and am thinking hard about using it in-car, for running GPS (now that we will have Street Atlas 2004 soon) and iTunes mostly (and the occassional email/web on the go - a directional wifi antenna for pulling up near a Starbucks will work). Any resources (especially nice accessory hardware - a tiny USB keyboard would be nice, as would a thin OSX-compatible touchscreen for mouse replacement). Don't have the vertical dash space you've got though, still debating how to handle the display (considering a 8 or 9", with mounting bracket on the dash but detachable to use in the lap or to put away). -R From jwelch at aer.com Mon Dec 8 15:54:02 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:12 2005 Subject: customized log in? In-Reply-To: <9E376D04-29CF-11D8-BD0A-000A95977AAA@ocs.cz> Message-ID: On 12/8/03 4:41 PM, "Ondra Cada" wrote: >> Can I ask why you would want to do that much work? > > Nope, I want to do *as little work* as possible! > > The actual goal is that the G4 integrated to my car (well not actually > mine, but that is not important for this discussion) automatically logs > in me when I use my key and my dear when she uses her key, not forcing > us to take the keyboard out and log in the traditional way. > > The wiring and software needed for the Mac to get the "who sits at the > wheel" info is available and does work nicely. What I dunno howto is to > use the information for an automatic login. > >> Loginwindow is now >> heavily tied into the overall authentication mechanisms of Mac OS X, >> Kerberos, etc. > > That's exactly why I am seeking for a way to attach my code to > loginwindow instead of replacing it. I would take a look at the new security APIs. Apple added a lot of stuff for hard cards, and authentication hardware. I THINK it's called CSA, not sure. Sony has that little thumbprint login thingy. That would be the more elegant way I think. john -- Instead of throwing tomatoes, why not try lobbing the whole plant at someone? - Alex Welch From cthacker at casmail.ucsf.edu Mon Dec 8 16:00:08 2003 From: cthacker at casmail.ucsf.edu (chris thacker) Date: Thu Nov 3 12:34:12 2005 Subject: etting "bootr, unknown word" and firmware screen on reboot... ??? In-Reply-To: References: Message-ID: <9BADCA84-29DA-11D8-94FD-0003931CE9CA@casmail.ucsf.edu> the instructions given are exactly what i tried, in the same order, and it doesn't resolve the issue. thanks for the link though. > reset-nvram > [hit return] > reset-all > [hit return] ------------------- Chris Thacker Campus Life Services - Information Systems University of California at San Francisco [ help desk ] 415 502-5511 [direct line] 415 514-3373 On Dec 8, 2003, at 3:27 PM, DJ James wrote: > While looking for something else, I came across this KnowledgeBase > article just this afternoon. > > ???????http://docs.info.apple.com/article.html?artnum=42642 > > It sounds like you're doing the right things but might just need to > try them in a slightly different order. Try reading that and the > linked article inside it, and see if either of them help. > > Good Luck, > --DJ > ******** > DJ James, Systems/Network Administrator > NYU School of Medicine > > > At 2:58 PM -0800 12/8/03, chris thacker wrote: > i just installed 10.2.8 on an old imac. upon restarting it always > boots into openfirmware and displays this message: > -------------- > bootr, unknown word > Failed to boot > Apple iMac Open Firmware 3.0.f10 built on 03/05/99 at 21:14:19 > Copyright... > ok > 0 > > --------------- > > if i reset the p-ram it boots up fine but repeats this error the next > time i reboot... > i've also tried: > > reset-nvram > [hit return] > reset-all > [hit return] > > and that worked, just like resetting p-ram did, but likewise, the next > time i restart it goes back into this openfirmware mode. > any other ideas? > thanks! > > ------------------- > Chris Thacker > CampusLifeServices - Information Systems > University of California at San Francisco > [ help desk ]? 415 502-5511 > [direct line]? 415 514-3373 > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 3414 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031208/791192ba/attachment.bin From kremels at kreme.com Mon Dec 8 18:08:02 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:12 2005 Subject: Low-end network monitoring (Was Re: Network performance monitoring tool ?) In-Reply-To: <49F63FFD-29A2-11D8-8A68-000A27DD8970@janos.mail.yale.edu> References: <49F63FFD-29A2-11D8-8A68-000A27DD8970@janos.mail.yale.edu> Message-ID: <7C55E343-29EC-11D8-A1B5-000A95935598@kreme.com> On 08 Dec 2003, at 10:16, J?nos L?bb wrote: > I am in need of a good tool on OSX - or OSXS - to monitor the network > performance - not just my VLAN but the whole bloody local network > /few thousand machines/ - in real time and create a max one month > history of it, so I can go back max 30 days if a dispute arise. My needs are similar, but much lower end. Network consists of a few dozen machines, most of them routed through a DHCP server and multiple switches. I want to be able to pinpoint problem machines (and not just be given the IP of the DHCP router) and monitor the traffic for all the machines over a single T1 upstream connection (so there's no connection sharing, balancing, &c to complicate matters). What I want is something that has a simple to look at webface I can pull up and see what the current network status is, and a log of at least the last 30 days (180 would be better though). Oh, and my environment is mixed OS X and BSD, and I've gotten very little cash to spare. -- There is no Satan. That's just god when he's drunk. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031208/d612b425/smime.bin From kremels at kreme.com Mon Dec 8 18:14:01 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:12 2005 Subject: Me too! Re: Network icon In-Reply-To: References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> Message-ID: <45E348BA-29ED-11D8-A1B5-000A95935598@kreme.com> On 08 Dec 2003, at 12:07, Chris Murphy wrote: > After reading all of the email on this subject, I'm quite confident in > saying that it appears Barney Phife, head of Apple Security, continues > to be directly involved in the networking UI and coordinating its > testing at Apple. Criticizing is one thing. Insulting is something else entirely. You've never been able to do the former without the latter, have you? Do you REALLY think comments like this are useful? Do you like being dismissed as some wingnut who is just looking for attention? It doesn't matter what you have to say on an issue. When you post crap like that you simply get people to ignore you. -- No man is free who is not master of himself -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031208/cd9e02e3/smime.bin From scott at maxify.com Mon Dec 8 18:29:06 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:12 2005 Subject: [Moderator] Re: Me too! Re: Network icon In-Reply-To: <45E348BA-29ED-11D8-A1B5-000A95935598@kreme.com> References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> <45E348BA-29ED-11D8-A1B5-000A95935598@kreme.com> Message-ID: <4BDF663D-29EF-11D8-A284-003065CA9E5A@maxify.com> Okay, guys. Personal stuff goes off-list. - Scott On Dec 8, 2003, at 6:13 PM, Lukreme wrote: > Criticizing is one thing. Insulting is something else entirely. > You've never been able to do the former without the latter, have you? > Do you REALLY think comments like this are useful? Do you like being > dismissed as some wingnut who is just looking for attention? > > It doesn't matter what you have to say on an issue. When you post > crap like that you simply get people to ignore you. -- Tree House Ideas http://treehouseideas.com/ From heckj at mac.com Mon Dec 8 18:36:23 2003 From: heckj at mac.com (Joseph Heck) Date: Thu Nov 3 12:34:12 2005 Subject: Low-end network monitoring (Was Re: Network performance monitoring tool ?) In-Reply-To: <7C55E343-29EC-11D8-A1B5-000A95935598@kreme.com> Message-ID: <54AE6BE0-29F0-11D8-8222-003065ED3830@mac.com> If you're willing to build things yourself, look at RRDtool & SNMP to gather and drive the statistics. I use RRDtool for monitoring everything and anything a work (it collects data and generates graphs), and SNMP to pull the data from our network switches. -joe On Monday, December 8, 2003, at 06:07 PM, Lukreme wrote: > On 08 Dec 2003, at 10:16, J?nos L?bb wrote: >> I am in need of a good tool on OSX - or OSXS - to monitor the network >> performance - not just my VLAN but the whole bloody local network >> /few thousand machines/ - in real time and create a max one month >> history of it, so I can go back max 30 days if a dispute arise. > > My needs are similar, but much lower end. Network consists of a few > dozen machines, most of them routed through a DHCP server and multiple > switches. I want to be able to pinpoint problem machines (and not > just be given the IP of the DHCP router) and monitor the traffic for > all the machines over a single T1 upstream connection (so there's no > connection sharing, balancing, &c to complicate matters). > > What I want is something that has a simple to look at webface I can > pull up and see what the current network status is, and a log of at > least the last 30 days (180 would be better though). > > Oh, and my environment is mixed OS X and BSD, and I've gotten very > little cash to spare. > > -- > There is no Satan. That's just god when he's drunk. > From andyring at inebraska.com Mon Dec 8 20:05:01 2003 From: andyring at inebraska.com (Andy Ringsmuth) Date: Thu Nov 3 12:34:12 2005 Subject: Mail trouble with OS X Server 10.3 In-Reply-To: References: <1070908298.3fd4c38a55475@webmail.inebraska.com> Message-ID: On Dec 8, 2003, at 2:34 PM, Dan Shoop wrote: > At 12:31 PM -0600 12/8/03, andyring@inebraska.com wrote: >> I am having some extreme frustration with e-mail on 10.3 Server. What >> it comes >> down to is, mail coming into the server from the outside world is >> rejected, and >> mail sent from inside the network refuses to go out (client computers >> using >> 10.3 as well). I have checked and re-checked and re-re-checked and >> re-re-re-checked everything I can possibly think of, in Server Admin, >> Workgroup >> Manager, and Postfix's config files, and nothing makes any difference. >> Everything was working fine on Friday, and to my knowledge, nothing >> has >> changed. > > It's a Friday thing. Things just break on Fridays. ;) *sigh* Sometimes, it certainly seems that way. > >> Here is what I receive bounced back when I try to send mail from the >> outside >> world to any mail account on the server: >> >> ----------------------------- >> >> The original message was received at Mon, 8 Dec 2003 09:34:45 -0800 >> (PST) >> from smtpin08-en2 [10.13.10.153] >> >> ----- The following addresses had permanent fatal errors ----- >> >> (reason: 554 : Relay access denied) >> >> ----- Transcript of session follows ----- >> .. while talking to mx3.inebraska.com.: >> DATA >> <<< 554 : Relay access denied >> 554 5.0.0 Service unavailable >> <<< 554 Error: no valid recipients > > You're relaying, or so your MTA thinks. It's not permitted in your > policies. The sending system isn't permitted to send mail through this > machine. Also the mail contained no valid recipients, so how you're > looking up you're users is likely incorrect too. Remotely possible, I suppose. The address andy@newslinkinc.com is a very valid address, it is the address I use very frequently. I'm not sure how something could be wrong with how it's looking up addresses if I can check that account just fine. > >> At times (depending on what I'd tweak in settings) I also receive >> this error: >> >> >> This message was created automatically by mail delivery software >> (Exim). > > OK, you're not running postfix (the MTA included in OS X Server), but > *exim*!! > > Sounds to me like you have more than one MTA configured. You're > running exim instead of postfix. Perhaps you're trying to start two > different MTAs and exim launches first? It looks that way, but I don't think so. > >> ------ This is a copy of the message, including all the headers. >> ------ >> >> Return-path: >> Received: from user-uivefeu.dsl.mindspring.com ([165.247.61.222]) >> by gull.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) >> id 1ATHPo-0005U0-00 >> for andy@newslinkinc.com; Mon, 08 Dec 2003 01:10:53 -0800 > > Definitely exim here! While I see the Exim line as well, it has me 100% confused. This is a stock 10.3 install, I've never installed any extra MTAs at all, just the stock Postfix included in OS X Server. > >> SMTP is enabled on the server, as far as I can tell, but I don't know >> what all >> that would affect. > > Ah, well you do understand what SMTP is, right? Youn understand that > we're talking about SMTP servers, right? So what running an SMTP > server affects is very key to what we're talking about. Yup, understand that part quite well. I'm fairly certain the problem lies in something with SMTP. > >> I haven't found anything helpful in Apple's Knowledge Base >> articles, or Discussion Forums. This is extremely frustrating, >> because this is >> my company's production server, and of course, it has to happen when >> I'm on the >> road this week. I stayed up until 2:30 a.m. in my hotel room last >> night >> fighting with this, to no avail, and I'm at my wits end. Anyone >> involved in >> server maintenance knows the drill, the cell phone ringing off the >> hook, etc. > > Never make changes on a Friday, it's a cardinal rule. Agreed. That's what frustrates me, I didn't make any changes! > >> People can log into the server to check mail (POP) just fine, but it >> seems like >> any and all incoming mail (addressed to users on the machine from the >> outside >> world, or users inside the network trying to send mail) doesn't work. > > That's because POP and IMAP are MDA's and we're having issues with > your MTA, which is SMTP. > >> Sending mail (from inside the network) results in this error: >> >> "the server 'mail.newslinkinc.com' refused to allow a connection on >> port 25." > > Hmm, well that seems to indicate that you're not even talking to the > same server thats generated these other messages, or that it's got > some sort of firewalling blocking the connection since outside you can > connect to the machine but inside you can't. You're connecting to the > same IP in each case right? I suspect that somewhere along the line > you're not using the same server. It's all the same IP, 209.50.17.233. There is one physical machine/server here. I do not have the firewall enabled. > I'd suggest, from inside your network, you connect to the smtp server > and talk to it. See how it responds, and what it responds as, exim or > postfix from something like: > > % telnet mymailserverip smtp > > If it's responding as exim, not postfix, then all that GUI > configuration with the server tools are configuring the wrong piece of > sw b/c you have exim running instead. > > Try the same thing from outside your network. Compare the IP addresses > getting used in all cases. You either have something pointed to the > wrong machine or you're running a different SMTP server from what you > believe to be running. When I try to telnet to the machine, from either internal or external, I receive the identical response: [newslinkinc:~] andyring% telnet newslinkinc.com 25 Trying 209.50.17.233... telnet: connect to address 209.50.17.233: Connection refused telnet: Unable to connect to remote host [newslinkinc:~] andyring% The response pasted here is actually from inside the machine itself (I ssh'd to it and ran the telnet command). I receive an identical response from outside the network as well. It looks like something somewhere is blocking access to port 25, but I can't figure out where or why, as I do not have a firewall running whatsoever. Web, FTP, file sharing, etc. work perfectly (although I realize they are on different ports). Thank you for your willingness to help. Still very frustrating.... -Andy From creed at mac.com Mon Dec 8 21:54:17 2003 From: creed at mac.com (Creed Erickson) Date: Thu Nov 3 12:34:12 2005 Subject: Mounting NeXTSTEP File System In-Reply-To: Message-ID: <0EE94A7D-2A0C-11D8-B9FA-000393CC5A10@mac.com> Didn't NeXT use a higher density diskette, quad density or something like that? Is the external drive compatible with the media? On Monday, December 8, 2003, at 09:50 AM, Martin Bachmayer wrote: > Hi there, > > is there someone out there having a clue: I have some NeXTSTEP > diskettes and an External Floppy Disk Drive and I?d like to mount > these disks on my G4 running 10.2.8 to copy some old data to my > system!? > > Thank you very much for your help. > > Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 529 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031208/c0ab1723/attachment.bin From oeyvind at mac.com Mon Dec 8 22:05:10 2003 From: oeyvind at mac.com (Tim Chong) Date: Thu Nov 3 12:34:12 2005 Subject: Mounting NeXTSTEP File System In-Reply-To: <0EE94A7D-2A0C-11D8-B9FA-000393CC5A10@mac.com> References: <0EE94A7D-2A0C-11D8-B9FA-000393CC5A10@mac.com> Message-ID: <890D52CC-2A0D-11D8-A586-000393DC80A0@mac.com> Martin, You have any NEXT box left? If so, try copy the files and NFS to the Mac OS X boxes. if not maybe there's some driver on Linux can mount NEXT's UFS. Good luck, Tim Chong ±i«ä¼y GSM: +65 967 22 153 mailto:tim@oeyvind.org On Dec 9, 2003, at 13:53, Creed Erickson wrote: > Didn't NeXT use a higher density diskette, quad density or something > like that? Is the external drive compatible with the media? > > > On Monday, December 8, 2003, at 09:50 AM, Martin Bachmayer wrote: > >> Hi there, >> >> is there someone out there having a clue: I have some NeXTSTEP >> diskettes and an External Floppy Disk Drive and I¡¦d like to mount >> these disks on my G4 running 10.2.8 to copy some old data to my >> system!? >> >> Thank you very much for your help. >> >> Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1076 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031208/e0988855/attachment.bin From techcom4340 at mail.mchsi.com Mon Dec 8 22:39:09 2003 From: techcom4340 at mail.mchsi.com (Don Thompson) Date: Thu Nov 3 12:34:12 2005 Subject: Removable Hard drives on a G5 Message-ID: <56731E0A-2A12-11D8-8958-000A278CD6FE@mail.mchsi.com> Does anyone out there have any experience setting up a G5 with external removable drives? I am thinking about using a U320 SCSI interface and Data Silo enclosure(s). As of yet I have not decided on the hard drives to use and would like to request inputs from the list. Don Thompson From hayne at sympatico.ca Tue Dec 9 00:22:01 2003 From: hayne at sympatico.ca (Cameron Hayne) Date: Thu Nov 3 12:34:12 2005 Subject: Freaky SMTP probs w mail.app In-Reply-To: Message-ID: On 12/8/03 2:20 PM, "Michael Bartosh" wrote: > outgoing messages in mail.app just sit and sit and sit in the out > folder but... never really go out. > > SMTP server is working fine; I can telnet to it and issue commands, > and sending mail through it with pine works like a charm. Have you tested sending the exact same message via Pine? I have seen this problem but in my case it didn't depend on what mail tool was used, but it did depend on the size of the message. Changing (lowering) the MTU for the network card solved the problem. -- Cameron Hayne (hayne@sympatico.ca) Hayne of Tintagel From lists at colorremedies.com Tue Dec 9 08:23:04 2003 From: lists at colorremedies.com (Chris Murphy) Date: Thu Nov 3 12:34:12 2005 Subject: Me too! Re: Network icon In-Reply-To: <45E348BA-29ED-11D8-A1B5-000A95935598@kreme.com> References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> <45E348BA-29ED-11D8-A1B5-000A95935598@kreme.com> Message-ID: On Dec 8, 2003, at 7:13 PM, Lukreme wrote: > Criticizing is one thing. Insulting is something else entirely. > You've never been able to do the former without the latter, have you? All the time. I only use ad hominem attacks as a supplement to an argument. In my opinion there is a level of incompetency at play with respect to networking UI [1]. Where the incompetency is, I have no idea. But I don't buy the argument that it's just a case of it being hard to do. Apple have had more than two and a half years to get it right and they haven't. The idea that "they'll fix it" is at this point wishful thinking. Hey maybe they'll get lucky one of these days. Odds are, right? You can't have endless screw ups, eventually they should bump into something good just through process of elimination. > Do you REALLY think comments like this are useful? Do you like > being dismissed as some wingnut who is just looking for attention? Yes I do, and no although I wouldn't mind if you would dismiss me. > It doesn't matter what you have to say on an issue. When you post > crap like that you simply get people to ignore you. But not you. [1] I am speaking specifically about the UI, not the underlying system or its performance which I think is very good. Chris Murphy Color Remedies (TM) www.colorremedies.com/realworldcolor --------------------------------------------------------- Co-author "Real World Color Management" Published by PeachPit Press (ISBN 0-201-77340-6) From dev+lists at humph.com Tue Dec 9 08:51:01 2003 From: dev+lists at humph.com (Giuliano Gavazzi) Date: Thu Nov 3 12:34:12 2005 Subject: Mail trouble with OS X Server 10.3 In-Reply-To: <1070908298.3fd4c38a55475@webmail.inebraska.com> References: <1070908298.3fd4c38a55475@webmail.inebraska.com> Message-ID: On the basis of what I see there is no issue here with your configurations or what, but some wrong mx records for newslinkinc.com: newslinkinc.com. 86400 IN MX 10 mx3.inebraska.com. newslinkinc.com. 86400 IN MX 10 mx4.inebraska.com. newslinkinc.com. 86400 IN MX 5 mail.newslinkinc.com. newslinkinc.com. 86400 IN MX 10 mx.inebraska.com. newslinkinc.com. 86400 IN MX 10 mx2.inebraska.com. [drum:~] g% telnet mx3.inebraska.com 25 Trying 199.184.119.6... Connected to myna.inebraska.com. Escape character is '^]'. 220 myna.inebraska.com ESMTP Postfix HELO mailhost.humph.com 250 myna.inebraska.com MAIL FROM: 250 Ok RCPT TO: 554 : Relay access denied Or simply some misconfigured mailservers there. Ok, now, why is the main MX mail.newslinkinc.com not listening on port 25, you ask. Why that? Have you considered that simply there might be no mailserver running on it? Sorry if I have not edited this post, but I am a bit angry at the moment, no time to think about trimming. And why did you cross post like a someone-who-cannot-even-configure-a-dns-or-mailserver? Giuliano At 12:31 pm -0600 2003/12/08, andyring@inebraska.com wrote: >I am having some extreme frustration with e-mail on 10.3 Server. >What it comes >down to is, mail coming into the server from the outside world is >rejected, and >mail sent from inside the network refuses to go out (client computers using >10.3 as well). I have checked and re-checked and re-re-checked and >re-re-re-checked everything I can possibly think of, in Server >Admin, Workgroup >Manager, and Postfix's config files, and nothing makes any difference. >Everything was working fine on Friday, and to my knowledge, nothing has >changed. > >Here is what I receive bounced back when I try to send mail from the outside >world to any mail account on the server: > >----------------------------- > >The original message was received at Mon, 8 Dec 2003 09:34:45 -0800 (PST) >from smtpin08-en2 [10.13.10.153] > > ----- The following addresses had permanent fatal errors ----- > > (reason: 554 : Relay access denied) > > ----- Transcript of session follows ----- >.. while talking to mx3.inebraska.com.: >DATA ><<< 554 : Relay access denied >554 5.0.0 Service unavailable ><<< 554 Error: no valid recipients >Reporting-MTA: dns; smtpout.mac.com >Received-From-MTA: DNS; smtpin08-en2 >Arrival-Date: Mon, 8 Dec 2003 09:34:45 -0800 (PST) > >Final-Recipient: RFC822; andy@newslinkinc.com >Action: failed >Status: 5.0.0 >Remote-MTA: DNS; mx3.inebraska.com >Diagnostic-Code: SMTP; 554 : Relay access denied >Last-Attempt-Date: Mon, 8 Dec 2003 09:34:50 -0800 (PST) > >From: Andy Ringsmuth >Date: December 8, 2003 10:34:41 AM MST >To: andy@newslinkinc.com >Subject: test > > >test > > >------------------------------------- > >At times (depending on what I'd tweak in settings) I also receive this error: > >------------------------------------- > >This message was created automatically by mail delivery software (Exim). > >A message that you sent could not be delivered to one or more of its >recipients. This is a permanent error. The following address(es) failed: > > andy@newslinkinc.com > SMTP error from remote mailer after RCPT TO:: > host mx.inebraska.com [199.184.119.9]: 554 : > Relay access denied > >------ This is a copy of the message, including all the headers. ------ > >Return-path: >Received: from user-uivefeu.dsl.mindspring.com ([165.247.61.222]) > by gull.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) > id 1ATHPo-0005U0-00 > for andy@newslinkinc.com; Mon, 08 Dec 2003 01:10:53 -0800 >Mime-Version: 1.0 (Apple Message framework v606) >Content-Transfer-Encoding: 7bit >Message-Id: <6944713E-295E-11D8-8A07-000A95789C0C@inebraska.com> >Content-Type: text/plain; charset=US-ASCII; format=flowed >To: andy@newslinkinc.com >From: Andy Ringsmuth >Subject: test >Date: Mon, 8 Dec 2003 03:10:47 -0600 >X-Mailer: Apple Mail (2.606) > >test > > >------------------------------------ > > >SMTP is enabled on the server, as far as I can tell, but I don't know what all >that would affect. I haven't found anything helpful in Apple's Knowledge Base >articles, or Discussion Forums. This is extremely frustrating, >because this is >my company's production server, and of course, it has to happen when >I'm on the >road this week. I stayed up until 2:30 a.m. in my hotel room last night >fighting with this, to no avail, and I'm at my wits end. Anyone involved in >server maintenance knows the drill, the cell phone ringing off the hook, etc. > >People can log into the server to check mail (POP) just fine, but it >seems like >any and all incoming mail (addressed to users on the machine from the outside >world, or users inside the network trying to send mail) doesn't work. > >Sending mail (from inside the network) results in this error: > >"the server 'mail.newslinkinc.com' refused to allow a connection on port 25." > > > >Any help is MUCH APPRECIATED. > > > >-Andy > > >_______________________________________________ >MacOSX-admin mailing list >MacOSX-admin@omnigroup.com >http://www.omnigroup.com/mailman/listinfo/macosx-admin -- H U M P H || ||| software Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X http://www.humph.com/ From jwelch at aer.com Tue Dec 9 08:55:09 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:12 2005 Subject: Me too! Re: Network icon In-Reply-To: Message-ID: On 12/9/03 10:22 AM, "Chris Murphy" wrote: > All the time. I only use ad hominem attacks as a supplement to an > argument. In my opinion there is a level of incompetency at play with > respect to networking UI [1]. Where the incompetency is, I have no > idea. But I don't buy the argument that it's just a case of it being > hard to do. Apple have had more than two and a half years to get it > right and they haven't. The idea that "they'll fix it" is at this point > wishful thinking. Hey maybe they'll get lucky one of these days. Odds > are, right? You can't have endless screw ups, eventually they should > bump into something good just through process of elimination. It's less incompetence than tunnel vision. Having beat on it extensively, I can see what they were TRYING to do. They want to make dealing with the network no different than dealing with a local drive. That's always good. There's not really a good reason for making networking hard on the user. The problem is, it looks like they got real excited, and didn't notice the problems as much. This happens with tunnel vision. Incompetence implies the people doing this are incompetent, and I don't think that applies here. What is happening is a UI thought clash. Whomever initiated network view didn't really spend a lot of time thinking the low level stuff out. Like "does this actually save steps?" Well, the answer is no, not in any way. "Does this make networking easier to use?" I have my doubts. The implementation needs some specific fixes. Other problems are that no one thought about: AppleScript, (although god knows I'm used to that in a .0 release from Apple by now, but that's another rant) the ability to double mount a share (BAD) that people don't think about the server except as a share container that you want an easier way to mount shares, not servers, (with the new paradigm, you mount the server, and therefore every share on the server. This results in hideous disconnect messages) That we are off the network here and there. (This was so obviously not designed by a laptop user) That if there is more than one share when a disconnect event happens, don't make me deal with them one at a time, give me the option to do them all at once. But incompetence is a loaded word that raises hackles, regardless of applicability, and that's what Chris wants...people to get pissed off so that he gets attention. > >> Do you REALLY think comments like this are useful? Do you like >> being dismissed as some wingnut who is just looking for attention? > > Yes I do, and no although I wouldn't mind if you would dismiss me. Chris likes being a Dvorak. He likes the attention, and thinks that it's effective. What he doesn't realize is that he's kinda right. It is effective...but only for a VERY few uses. Once you scream loudly too often, you're the boy who cried wolf, or a Dvorak, and no one takes a thing you say seriously because "oh crap, it's just Chris whining again. Nod, smile, give him a cookie, and he'll go away" > >> It doesn't matter what you have to say on an issue. When you post >> crap like that you simply get people to ignore you. > > But not you. I don't because you're fun to poke. You react well. It's a character flaw of mine. > > [1] I am speaking specifically about the UI, not the underlying system > or its performance which I think is very good. The system performance blows ass when you have to wade through the disconnect messages. -- The GPL is not something we really considered to be a license so much as a political manifesto, and speaking purely for myself, I prefer to keep my license agreements and my politics separate. I feel that code which isn't being used in a situation where it COULD be used is code which isn't achieving its full potential and the GPL scares a lot of potential users away, which is simply counter-productive in my opinion. I don't care whether or not the users give their changes back to me, that's just an added bonus if it happens and nothing I'd want to try and enforce at the point of a gun. --Jordan Hubbard From scott at maxify.com Tue Dec 9 09:28:02 2003 From: scott at maxify.com (Scott Stevenson) Date: Thu Nov 3 12:34:12 2005 Subject: [Moderator] THREAD CLOSED Re: Me too! Re: Network icon In-Reply-To: References: Message-ID: I'm sorry I have to do this, but it's apparent the discussion can't continue without personal arguments getting in the mix. Please discuss it off list, or I'll have to start sending out warnings. Thanks for your help, - Scott From lists at colorremedies.com Tue Dec 9 09:37:08 2003 From: lists at colorremedies.com (Chris Murphy) Date: Thu Nov 3 12:34:12 2005 Subject: Me too! Re: Network icon In-Reply-To: References: Message-ID: <3461B1B0-2A6E-11D8-8AF5-0003934CBC52@colorremedies.com> On Dec 9, 2003, at 9:54 AM, John C. Welch wrote: > It's less incompetence than tunnel vision. Fair enough - tomato, tomahto. > The problem is, it looks like they got real excited, and didn't notice > the > problems as much. This happens with tunnel vision. Incompetence > implies the > people doing this are incompetent, and I don't think that applies > here. What > is happening is a UI thought clash. Whomever initiated network view > didn't > really spend a lot of time thinking the low level stuff out. Like > "does this > actually save steps?" Well, the answer is no, not in any way. This is what I consider incompetent. The process, as designed, did not vet this out. As I said, I don't know where the incompetency is, but I would consider tunnel vision in the context of user interface to be a characteristic of questionable competency. I can't believe this wasn't reported during beta testing. You found vast inconsistencies in all of two seconds after its release. Yet the procedures in place either didn't allow for sufficient testing for these problems to be revealed, or they weren't considered important to get fixed prior to final release. Either way, I would call it lacking in competency. And even more to the point, your specific comment of whether the right someone at Apple asked "does this actually save steps" and does it really make things easier on the user, and does it play well with the old way of doing things that they're going to keep in the UI - to all of these the answer is no. That to me is the job of someone who knows something about user interface and its quality control. That this slipped by tells me the system did not have competent contingency for such a possibility. For all I know, the question of competency is Steve himself and he said "oh well ship it anyway and we'll fix it in a maintenance release as soon as you can." > But incompetence is a loaded word that raises hackles, regardless of > applicability, and that's what Chris wants...people to get pissed off > so > that he gets attention. Not at all. That the ISSUE gets attention and gets fixed is all I care about, because shit I pay for that doesn't work right pisses me off. You know perfectly well that if there is "nothing to see here" I don't just make stuff up, pull it out of my ass, and make a big deal about it just because I need attention. You can excuse it with whatever psycho analysis you want, but just because you say something doesn't make it true. > Chris likes being a Dvorak. He likes the attention, and thinks that > it's > effective. What he doesn't realize is that he's kinda right. It is > effective...but only for a VERY few uses. Once you scream loudly too > often, > you're the boy who cried wolf, or a Dvorak, and no one takes a thing > you say > seriously because "oh crap, it's just Chris whining again. Nod, smile, > give > him a cookie, and he'll go away" Sorry, I haven't gotten my cookie yet. >> [1] I am speaking specifically about the UI, not the underlying system >> or its performance which I think is very good. > > The system performance blows ass when you have to wade through the > disconnect messages. Competent: Answering to all requirements; adequate; sufficient; suitable; capable; legally qualified; fit By your own complaints and description, including "blows ass", is not at all congruent with this definition of competent. Therefore I call it incompetent. That too many people, including yourself, fixate on the connotation of the word incompetent as though I'm trying to intentionally insult someone out of their skin, instead of recognizing the extremely applicable denotation of the word and what it conveys, isn't my fault. Chris Murphy Color Remedies (TM) www.colorremedies.com/realworldcolor --------------------------------------------------------- Co-author "Real World Color Management" Published by PeachPit Press (ISBN 0-201-77340-6) From Gerben.Wierda at rna.nl Tue Dec 9 12:04:51 2003 From: Gerben.Wierda at rna.nl (Gerben Wierda) Date: Thu Nov 3 12:34:12 2005 Subject: winmail.dat form Outlook for Windows client Message-ID: I am getting attachments sent to me by people using Outlook, and they turn up not as (say) foo.ppt but as winmail.dat. What can they (I) do about that? G From jonas at zeus.ugent.be Tue Dec 9 12:12:55 2003 From: jonas at zeus.ugent.be (Jonas Maebe) Date: Thu Nov 3 12:34:12 2005 Subject: winmail.dat form Outlook for Windows client In-Reply-To: References: Message-ID: On 9 dec 2003, at 21:03, Gerben Wierda wrote: > I am getting attachments sent to me by people using Outlook, and they > turn up not as (say) foo.ppt but as winmail.dat. > > What can they (I) do about that? Jonas From ryan.suarez at sheridanc.on.ca Tue Dec 9 13:21:22 2003 From: ryan.suarez at sheridanc.on.ca (Ryan Suarez) Date: Thu Nov 3 12:34:12 2005 Subject: HomeDirectory attribute not returned in Panther In-Reply-To: <98FF6DE6-2A7D-11D8-985C-003065BA90A0@sheridanc.on.ca> References: <4AF26D62-2A67-11D8-985C-003065BA90A0@sheridanc.on.ca> <98FF6DE6-2A7D-11D8-985C-003065BA90A0@sheridanc.on.ca> Message-ID: Hello Admins, I can't seem to get the HomeDirectory attribute mapped to ldap in Panther. This was working in 10.2.x A search on a user returns ALL values EXCEPT the HomeDirectory attribute. Here are the values mapped in Directory Access -> LDAPv3 Default Attribute Types RecordName -> uid (eg. suarez) Users UniqueID -> uidnumber (eg. 404454) UserShell -> #/bin/tcsh PrimaryGroupID -> #20 RealName -> cn (eg. Ryan Suarez) NFSHomeDirectory -> #/home/. HomeDirectory -> osxmount (eg. afp://zion.sheridanc.on.ca/suarezsuarez But if you see below, a search returns everything except the home directory attribute. babylon:~ root# lookupd -d lookupd version 324 (root 2003.09.13 00:28:44 UTC) Enter command name, "help", or "quit" to exit > agent: DSAgent > userWithName: suarez Dictionary: "D-0x00305000" _lookup_agent: DSAgent _lookup_validation: 1071031409 gid: 20 home: /home/. name: suarez passwd: ******** realname: Ryan Suarez shell: /bin/tcsh uid: 404454 The ldap logs show that the client is not even asking for the HomeDirectory attribute. thanks, Ryan From bauwolf at indigo.ie Tue Dec 9 14:48:01 2003 From: bauwolf at indigo.ie (Mark Twomey) Date: Thu Nov 3 12:34:12 2005 Subject: iPod and Darwin. Message-ID: Hi folks, Might be slightly off topic but my question is about OS X command line utilities so it might still be relevant. My month and a half old Third Generation 20 GB iPod appears to have thrown a shoe. When plugged into the dock connected to my flat panel iMac running 10.3.1 tonight it sat there like a dummy with the "Do Not Disconnect" warning, no sign whatsoever of it mounting and launching iTunes as per usual. Reset it, tried again, same thing. After checking the system log I found the following: localhost kernel: IOFireWireSBP2Login::fetchAgentWriteComplete fetch agent write failed! retrying The system then proceeds to keep retrying. After holding down the FF and RW buttons on reset and putting it into Disk Mode I find the following error in the logs... localhost kernel: disk1s3: I/O error. localhost kernel: disk1s3: media is not present. The iPod itself appears to boot and play fine, I've tried holding down all four buttons on reset in order to get it to run iPod disk scan but to no avail, Apple's latest technote on troubleshooting the iPod leads me to suspect that it runs automatically on boot anyway. As both the iPod updater and Disk Utility appear to hang on start up when the iPod is connected, coming back to life almost instantly the moment I drag it out of the cradle, and as fsck appears to hangs when I run fsck -y /dev/rdisk1s3, is there anything I can run from the command line blow away the partition table, reformat the drive than then hit it with the iPod updater? I've tried newfs and watched it under top doing absolutely nothing. Any suggestions for resurrecting this via OS X or am I sending it off to spend Christmas with Apple? Thanks, Mark. From b.lloyd at mac.com Tue Dec 9 14:54:01 2003 From: b.lloyd at mac.com (Bill Lloyd) Date: Thu Nov 3 12:34:12 2005 Subject: winmail.dat form Outlook for Windows client In-Reply-To: References: Message-ID: <8C0BE681-2A9A-11D8-B438-000A958F7A2A@mac.com> This will let you read the attachments. Note, if Outlook users send emails as either: 1) Plain Text format 2) HTML format Then the winmail.dat file won't be sent. It is ONLY sent when they send mail as "rich text format." You may wish to ask them to send emails as plain text... which most everyone but "your mom" seems to use :-) Cheers, -Bill On Dec 9, 2003, at 12:09 PM, Jonas Maebe wrote: > > On 9 dec 2003, at 21:03, Gerben Wierda wrote: > >> I am getting attachments sent to me by people using Outlook, and they >> turn up not as (say) foo.ppt but as winmail.dat. >> >> What can they (I) do about that? > > > > > Jonas > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin From bauwolf at indigo.ie Tue Dec 9 15:13:02 2003 From: bauwolf at indigo.ie (Mark Twomey) Date: Thu Nov 3 12:34:12 2005 Subject: iPod and Darwin. In-Reply-To: References: Message-ID: <3A4C4EA0-2A9D-11D8-B773-000393679BE4@indigo.ie> On Dec 9, 2003, at 10:47 PM, Mark Twomey wrote: > localhost kernel: IOFireWireSBP2Login::fetchAgentWriteComplete fetch > agent write failed! retrying > > The system then proceeds to keep retrying. > > After holding down the FF and RW buttons on reset and putting it into > Disk Mode I find the following error in the logs... > > localhost kernel: disk1s3: I/O error. > localhost kernel: disk1s3: media is not present. Interesting. Out of nothing but sheer boredom I plugged it into a Win2K laptop, via FireWire, which was running iTunes 4.1 and MacDrive. Everything jumped at me all at once, MacDrive mounted up the HFS+ volume and showed me the Calender, Contacts, Notes and Recordings folders and iTunes wanted me to install the iPod software from the Windows CD which came in the package. It looks like it might be a FW thing with my iMac, unusual since my LaCie FW drive mounts up fine when I plug it in and out of either of the two FW 400 ports. When a FW device is unplugged does it automatically clear the FW bus or does it wait to time out? Mark. From tim at diligence.com Tue Dec 9 15:35:01 2003 From: tim at diligence.com (Tim Uckun) Date: Thu Nov 3 12:34:12 2005 Subject: Mounts. In-Reply-To: <3A4C4EA0-2A9D-11D8-B773-000393679BE4@indigo.ie> References: Message-ID: <5.0.0.25.2.20031209162049.01dec768@mail.diligence.com> Hello everybody. I am new to macosx but have been around freebsd and linux a long time. I am having a hard time trying to mount some SMB shares at boot time so that they can be used by some daemon processes. I have written the following script. mkdir /Volumes/X chmod 777 /Volumes/X mount_smbfs -W myworkgroup -I server //myname:mypwd@server/share /Volumes/X When I execute this script I get the following error but the mount happens anyway. mount_smbfs: No credentials cache found krb5_cc_get_principal I figured that since it mounts anyway I added the script to the /Library/StartupItems/Mounts/ directory with the name Mounts I also copied a StartupItems file and made the modifications to it and added it into the directory. Alas it does not work. When I reboot the machine the mount disappears. the system log says execution of startupscript failed. Maybe I am doing this all wrong. Can anybody give me some direction on what to fiddle with where? :wq Tim Uckun US Investigations Services/Due Diligence http://www.diligence.com/ From waltd at wdstudio.com Tue Dec 9 15:37:07 2003 From: waltd at wdstudio.com (Walter Lee Davis) Date: Thu Nov 3 12:34:12 2005 Subject: [OT] Infortrend SCSI->SCSI RAID Controller questions Message-ID: <7D3E8B71-2AA0-11D8-9346-000393C48A5C@wdstudio.com> I need a little hand-holding with a new (to me) Infortrend 3102U2G controller. I have zero experience with these things, but I do have the manuals. I am using it to drive a Sun StoreEdge D1000 8-bay box, and plan to connect it to a 10.2.8 Server. I has been sitting there all afternoon saying "Please wait... Initializing... " on its front panel since I started it up. I am hesitant to do anything but let it sit there, as I think it might actually be initializing the disks, since they are brand new. I hear some disk activity every few minutes, but nothing sustained. The manuals do not mention anything about this sort of behavior, skipping instead over to the moment when it wakes up and asks me to select which disks to put in my array. The Sun box has all green lights on it, but nothing flashing to indicate activity. Has anyone here used one of these controllers before? Any words of advice? Thanks in advance, Walter From chergr at bigpond.com Tue Dec 9 15:47:15 2003 From: chergr at bigpond.com (Richard Rothwell) Date: Thu Nov 3 12:34:12 2005 Subject: iPod and Darwin. In-Reply-To: <3A4C4EA0-2A9D-11D8-B773-000393679BE4@indigo.ie> Message-ID: Bad physical connection?? On Wednesday, December 10, 2003, at 10:12 AM, Mark Twomey wrote: > On Dec 9, 2003, at 10:47 PM, Mark Twomey wrote: > >> localhost kernel: IOFireWireSBP2Login::fetchAgentWriteComplete fetch >> agent write failed! retrying >> >> The system then proceeds to keep retrying. >> >> After holding down the FF and RW buttons on reset and putting it into >> Disk Mode I find the following error in the logs... >> >> localhost kernel: disk1s3: I/O error. >> localhost kernel: disk1s3: media is not present. > > Interesting. > Out of nothing but sheer boredom I plugged it into a Win2K laptop, via > FireWire, which was running iTunes 4.1 and MacDrive. > Everything jumped at me all at once, MacDrive mounted up the HFS+ > volume and showed me the Calender, Contacts, Notes and Recordings > folders and iTunes wanted me to install the iPod software from the > Windows CD which came in the package. > > It looks like it might be a FW thing with my iMac, unusual since my > LaCie FW drive mounts up fine when I plug it in and out of either of > the two FW 400 ports. > When a FW device is unplugged does it automatically clear the FW bus > or does it wait to time out? > > Mark. > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From bauwolf at indigo.ie Tue Dec 9 17:31:02 2003 From: bauwolf at indigo.ie (Mark Twomey) Date: Thu Nov 3 12:34:12 2005 Subject: Bingo..(Was iPod and Darwin.) In-Reply-To: References: Message-ID: <81DAC876-2AB0-11D8-8BA0-000393679BE4@indigo.ie> On Dec 9, 2003, at 11:45 PM, Richard Rothwell wrote: > Bad physical connection?? I thought that at first too, which is why one of the first things I did was reseat both the iPod and the FireWire connection. -No good. Then the problem followed the iPod cradle and cable when I unplugged it from the existing FW port and plugged it into the alternate. -Same issue. Then after checking the logs I thought the filesystem might have been hosed, something written where it shouldn't have been or not fully written when it should. Nothing at all could appear to read/write I/O to the disk. The hard drive must be screwed. -It worked fine on the Windows laptop. At that stage I shut everything down and left the iPod unplugged from the Mac while I went for a glass of water. Later I came back powered the system up and plugged it back in. (Perhaps a bad thing to do when there's a not so small voltage being pushed down the FW silicon, but people do these things.) -Bingo. After numerous restarts, forced power pulls when the system would hang on shutdown and throwing fsck and dd at the iPod in the hope of either repairing a damaged volume or blowing away enough of the volume to allow for a reformat (Sledgehammer meet nut), it happily sprung up on my desktop and synchronised like nothing had ever happened. Bizarre, but then I found this on the Apple hosted discussion forums http://discussions.info.apple.com/webx?13@@.599d63d0/4 They don't give the model of the Mac involved and I can't vouch for the releasing the FW ports stuff, but on my original 15' Flat panel iMac either/or leaving the dock unplugged for a period of time and/or the machine powered off appeared to sort the issue. I can't troubleshoot down any further so unplugging stuff will just have to do as a solution if it happens again. Mark. From kremels at kreme.com Tue Dec 9 18:07:01 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:12 2005 Subject: winmail.dat form Outlook for Windows client In-Reply-To: References: Message-ID: <71ED377F-2AB5-11D8-B07F-000A95935598@kreme.com> On 09 Dec 2003, at 13:03, Gerben Wierda wrote: > I am getting attachments sent to me by people using Outlook, and they > turn up not as (say) foo.ppt but as winmail.dat. foo.ppt is a powerpoint file. Keynote will open it. winmail.dat is probably a vcf which MSFT has desided to make non-compatible with any non-MSFT mail reader. -- There is no Satan. That's just god when he's drunk. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031209/8fbd7367/smime.bin From jwelch at aer.com Tue Dec 9 18:23:05 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:12 2005 Subject: winmail.dat form Outlook for Windows client In-Reply-To: <71ED377F-2AB5-11D8-B07F-000A95935598@kreme.com> Message-ID: On 12/9/03 8:06 PM, "Lukreme" wrote: >> I am getting attachments sent to me by people using Outlook, and they >> turn up not as (say) foo.ppt but as winmail.dat. > > foo.ppt is a powerpoint file. Keynote will open it. > So will PowerPoint > winmail.dat is probably a vcf which MSFT has desided to make > non-compatible with any non-MSFT mail reader. No, winmail.dat is what you get when Outlook is set to use Rich Text instead of Plain Text or HTML. It's all the formatting and attachment data. There are some freeware applications that will deal with these. john -- It never ceases to amaze me throughout history how a small number of determined factionalists have been able to grind progress to a halt for amazingly long amounts of time to promulgate pet religious wars. This of course explains every problem with Unix. john c welch From kremels at kreme.com Wed Dec 10 00:44:03 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:12 2005 Subject: winmail.dat form Outlook for Windows client In-Reply-To: References: Message-ID: On 09 Dec 2003, at 19:22, John C. Welch wrote: > On 12/9/03 8:06 PM, "Lukreme" wrote: > >>> I am getting attachments sent to me by people using Outlook, and they >>> turn up not as (say) foo.ppt but as winmail.dat. >> >> foo.ppt is a powerpoint file. Keynote will open it. > > So will PowerPoint Yes, but if he had Powerpoint it would show up with a nice Powerpoint icon and open when you double click it. >> winmail.dat is probably a vcf which MSFT has desided to make >> non-compatible with any non-MSFT mail reader. > > No, winmail.dat is what you get when Outlook is set to use Rich Text > instead > of Plain Text or HTML. It's all the formatting and attachment data. > There > are some freeware applications that will deal with these. Ah. My mail server strips .dats, so I forgot what exactly they where. I knew it had something to do with MSFT being incompatible with non-MSTF software though. -- Ah we're lonely, we're romantic / and the cider's laced with acid / and the Holy Spirit's crying, Where's the beef? / And the moon is swimming naked / and the summer night is fragrant / with a mighty expectation of relief From ian at acces.co.jp Wed Dec 10 02:12:03 2003 From: ian at acces.co.jp (Ian Masters) Date: Thu Nov 3 12:34:12 2005 Subject: Firewall settings file Message-ID: Could someone be kind enough to point me to where os x server stores its firewall settings file. Much appreciated. Thanks Ian Masters From jwelch at aer.com Wed Dec 10 05:24:02 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:12 2005 Subject: winmail.dat form Outlook for Windows client In-Reply-To: Message-ID: On 12/10/03 2:43 AM, "Lukreme" wrote: >> So will PowerPoint > > Yes, but if he had Powerpoint it would show up with a nice Powerpoint > icon and open when you double click it. Not if it's wrapped inside of a winmail.dat program john -------------------------------------------------------- Misquotation of unattributed, trite metaphysical saying goes here. Stupid ascii Unnecessary notice of graphic goes here. responsibility goes here. --------------------------------------------------------- From creed at mac.com Wed Dec 10 06:50:02 2003 From: creed at mac.com (Creed Erickson) Date: Thu Nov 3 12:34:12 2005 Subject: Firewall settings file In-Reply-To: Message-ID: <04103C9E-2B20-11D8-A5E2-000393CC5A10@mac.com> On Wednesday, December 10, 2003, at 02:11 AM, Ian Masters wrote: > Could someone be kind enough to point me to where os x server stores > its > firewall settings file. Much appreciated. > /Library/Preferences/com.apple.sharing.firewall.plist From hEADcRASH at aGGROcULTURE.com Wed Dec 10 09:52:13 2003 From: hEADcRASH at aGGROcULTURE.com (Glenn Sugden) Date: Thu Nov 3 12:34:12 2005 Subject: Me too! Re: Network icon In-Reply-To: References: <3FD43C08.9040003@goldweb.com.au> <7DFAD124-295E-11D8-921B-000A9571A4D4@mac.com> <3FD45638.2040901@wanadoo.fr> <45E348BA-29ED-11D8-A1B5-000A95935598@kreme.com> Message-ID: <5FE7EB29-2B39-11D8-B30C-000A95D98CDE@aGGROcULTURE.com> On Dec 9, 2003, at 8:22 AM, Chris Murphy wrote: > All the time. I only use ad hominem attacks as a supplement to an > argument. FYI: ad hominem attacks not only don't supplement an argument, they throw the validity of it right out of the window. "Anyone involved in political discourse, and public discourse generally, would do well to become acquainted with it." ::Glenn From conrad at yoders.org Wed Dec 10 10:33:01 2003 From: conrad at yoders.org (Conrad G T Yoder) Date: Thu Nov 3 12:34:12 2005 Subject: KP with AppleHWClock In-Reply-To: Message-ID: At 11/22/03 4:28 PM -0500, Peter Lalor wrote: > >> Date: Sat, 22 Nov 2003 00:51:29 -0500 >> From: Conrad G T Yoder >> >> I recently got a KP (on wake from sleep) on 10.3.1 (dual G4 1GHZ MDD >> PowerMac) with this info: >> >> Kernel loadable modules in backtrace (with dependencies): >> com.Symantec.kext.SymEvent(1.0.3)@0x3505c000 >> dependency: >> com.Symantec.kext.SymOSXKernelUtilities(2.0)@0x347cf000 >> com.apple.driver.AppleHWClock(1.0.4b1)@0x60c000 >> dependency: com.apple.driver.IOPlatformFunction(1.4.2b1)@0x53e000 >> >> What is AppleHWClock? Is it replaceable (on its own) if it's gone >> south? >> Of course I'll get Norton right out of there. > > Norton 7 will panic at some point after boot if it sees a journaled > volume. I wouldn't worry about AppleHWClock unless the problem recurs > after you remove Norton. Well, I removed Norton, but still get KPs/apps failing on wake from sleep. I've reset the PMU, and the battery is in good shape. Any more suggestions with this? -Conrad From david at idiomatrix.com Wed Dec 10 12:39:05 2003 From: david at idiomatrix.com (David Herren) Date: Thu Nov 3 12:34:12 2005 Subject: customized log in? In-Reply-To: References: Message-ID: my guess would be finger or thumb print authentication hardware. On Dec 8, 2003, at 5:12 PM, John C. Welch wrote: > Can I ask why you would want to do that much work? Loginwindow is now > heavily tied into the overall authentication mechanisms of Mac OS X, > Kerberos, etc. /david From waltd at wdstudio.com Wed Dec 10 13:18:03 2003 From: waltd at wdstudio.com (Walter Lee Davis) Date: Thu Nov 3 12:34:12 2005 Subject: B/W G3 video question Message-ID: <51C4F15A-2B56-11D8-9346-000393C48A5C@wdstudio.com> Can the Rage 128 card in the B/W G3 be used in one of the 33MHz slots, instead of the 66MHz (top) slot? I am getting an Apple/ATTO SCSI-3 card, and it wants a 66MHz slot for top performance, I could care less about video performance on a server anyway. Will this work, albeit with lower video performance? Thanks in advance, Walter From garbanzito at mac.com Wed Dec 10 13:32:05 2003 From: garbanzito at mac.com (steve harley) Date: Thu Nov 3 12:34:12 2005 Subject: B/W G3 video question In-Reply-To: <51C4F15A-2B56-11D8-9346-000393C48A5C@wdstudio.com> References: <51C4F15A-2B56-11D8-9346-000393C48A5C@wdstudio.com> Message-ID: <356C633C-2B58-11D8-AE32-000393C5ED50@mac.com> On 10 Dec 2003, at 2:17 PM, Walter Lee Davis wrote: > Can the Rage 128 card in the B/W G3 be used in one of the 33MHz slots, > instead of the 66MHz (top) slot? I am getting an Apple/ATTO SCSI-3 > card, and it wants a 66MHz slot for top performance, I could care less > about video performance on a server anyway. Will this work, albeit > with lower video performance? i believe i have done this successfully, but i would suggest you just try it From waltd at wdstudio.com Wed Dec 10 13:48:08 2003 From: waltd at wdstudio.com (Walter Lee Davis) Date: Thu Nov 3 12:34:12 2005 Subject: B/W G3 video question In-Reply-To: <356C633C-2B58-11D8-AE32-000393C5ED50@mac.com> References: <51C4F15A-2B56-11D8-9346-000393C48A5C@wdstudio.com> <356C633C-2B58-11D8-AE32-000393C5ED50@mac.com> Message-ID: <67D24A20-2B5A-11D8-9346-000393C48A5C@wdstudio.com> Thanks, I will. Walter On Dec 10, 2003, at 4:31 PM, steve harley wrote: > On 10 Dec 2003, at 2:17 PM, Walter Lee Davis wrote: >> Can the Rage 128 card in the B/W G3 be used in one of the 33MHz >> slots, instead of the 66MHz (top) slot? I am getting an Apple/ATTO >> SCSI-3 card, and it wants a 66MHz slot for top performance, I could >> care less about video performance on a server anyway. Will this work, >> albeit with lower video performance? > > i believe i have done this successfully, but i would suggest you just > try it > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From omni_osx_ml at todoo.biz Wed Dec 10 14:08:05 2003 From: omni_osx_ml at todoo.biz (omni_osx_ml@todoo.biz) Date: Thu Nov 3 12:34:12 2005 Subject: Openssl & bind 9.3 Message-ID: Hello, I am trying to compile bind 9.3 (the snapshot that implements DNSSec) and am facing difficulties because of ssl libraries. I am using OSX v10.3.1 with X code. Bind is not able to create his makefile with the provided arguments : ./configure --with-openssl=/usr/bin/openssl The errors that I have are the following... > checking for OpenSSL library... using openssl from /usr/bin/openssl/lib and > /usr/bin/openssl/include > checking whether linking with OpenSSL works... no > configure: error: Could not run test program using OpenSSL from > /usr/bin/openssl/lib and /usr/bin/openssl/include. > Please check the argument to --with-openssl and your > shared library configuration (e.g., LD_LIBRARY_PATH). I have also tried with openssl from /sw/bin/openssl with the same results. Could you help me solve this issue ? Thanks. ________________________________________________ ???????????????????????????????????????????????? ???????????????????????????????????????????????? Gr?gory Bernard 11, rue de la Tour Directeur 75116 Paris France www.ToDoo.biz tel : +(33) 1 40 26 43 14 ________________________________________________ ???????????????????????????????????????????????? ???????????????????????????????????????????????? PGP ID --> 0x1BA3C2FD "I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone." - Bjarne Stroustrup From dev+lists at humph.com Wed Dec 10 14:35:10 2003 From: dev+lists at humph.com (Giuliano Gavazzi) Date: Thu Nov 3 12:34:12 2005 Subject: Openssl & bind 9.3 In-Reply-To: References: Message-ID: At 11:02 pm +0100 2003/12/10, omni_osx_ml@todoo.biz wrote: >Hello, > >I am trying to compile bind 9.3 (the snapshot that implements DNSSec) and am >facing difficulties because of ssl libraries. I am using OSX v10.3.1 with X >code. > >Bind is not able to create his makefile with the provided arguments : > >./configure --with-openssl=/usr/bin/openssl > I guess --with-openssl=/System/Library/OpenSSL Giuliano -- H U M P H || ||| software Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X http://www.humph.com/ From kremels at kreme.com Wed Dec 10 14:46:02 2003 From: kremels at kreme.com (Lukreme) Date: Thu Nov 3 12:34:12 2005 Subject: Openssl & bind 9.3 In-Reply-To: References: Message-ID: <862ACF4B-2B62-11D8-8FEC-000A95935598@kreme.com> On 10 Dec 2003, at 15:02, omni_osx_ml@todoo.biz wrote: > I am trying to compile bind 9.3 (the snapshot that implements DNSSec) > and am > facing difficulties because of ssl libraries. I am using OSX v10.3.1 > with X > code. > > Bind is not able to create his makefile with the provided arguments : > > ./configure --with-openssl=/usr/bin/openssl Is that right? Usually options like that want a directory with libraries, not a path to an executable. --with-openssl=/usr/include/openssl would be my guess (but I have no experience with Bind9 specifically) > > The errors that I have are the following... > >> checking for OpenSSL library... using openssl from >> /usr/bin/openssl/lib and >> /usr/bin/openssl/include >> checking whether linking with OpenSSL works... no >> configure: error: Could not run test program using OpenSSL from >> /usr/bin/openssl/lib and /usr/bin/openssl/include. That pretty much cinches it. -- There's a race of men that don't fit in, A race that can't stay still So they break the hearts of kith and kin, And they roam the world at will. From fmgonzalez at ucdavis.edu Wed Dec 10 15:28:56 2003 From: fmgonzalez at ucdavis.edu (Francisco Gonzalez) Date: Thu Nov 3 12:34:12 2005 Subject: NISAgent in lookupd causes delay Message-ID: <6A5C1BEC-2B68-11D8-A89D-000A95C4889E@ucdavis.edu> I'm experiencing some unusual delays on user lookups and I was hoping to get help from the lookupd experts on this list. I'm attempting to setup a lab environment where all of the Mac OS X clients authenticate to our NIS slave servers. There are about 53,000 user accounts in our NIS server passwd map. While attempting to login via the Login Window there is a delay of a couple minutes. According to /var/log/system.log the user is authenticating right away but something else is going on causing the delay. The interesting thing is that even while logging in via the local mac os x admin account there is still the delay. When I run lookupd in debug mode "lookupd -d" I can do a UserWithName lookup without delay using the DSAgent. In the local NetInfo database the default LookupOrder of /locations/lookupd/users is (CacheAgent, FFAgent, NIAgent, DSAgent, NISAgent), well users isn't actually listed in /locations/lookupd by default in the NetInfo database but I added it so that I could manipulate the LookupOrder. I'm assuming the DSAgent is using the "BSD Flat File/NIS" plugin. But when I specify the NISAgent while in lookupd debug mode and then do a userWithName look up I experience a significant delay. This is where I think the source of my delays are. I don't only experience delays in the Login Window, also when using sudo or when I ssh into the mac os x client, or doing an ls -ll. Given that the NISAgent is causing the delay it doesn't make sense that there would be a delay in the LoginWindow because the DSAgent should return the result from the user name search and never get to the NISAgent. When I remove the NISAgent from the LookupOrder of /locations/lookupd/users all of the delays go away. But there is a side effect of doing this. From what I understand either Apple Open Directory or just the BSD/NIS plugin can't do look ups by id. While in lookupd debug mode I've specified the DSAgent and did a userWithNumber lookup and it returns nil, unless the record is in cache. I found this statement in the source code of the BSD/NIS plugin "DBGLOG( "BSDPlugin::HandleRequest, we don't handle kGetRecordAttributeValueByID yet\n" );" So perhaps the NISAgent in lookupd is still around because open directory can't do lookups by id? When I remove the NISAgent from the LookupOrder in /locations/lookupd/users our nfs mounts don't work as expected. When issuing an ls -ll on a directory in the nfs mount it shows the uid of the owner instead of the name. The Mac OS X Finder interprets uids as "unknown" owners. This functionality is important to our environment. I'm not a programmer but I've taken a look at both the NISAgent source and the NIS plugin source. The NIS plugin seems to use ypmatch function calls and the NISAgent is using yp_first and yp_next calls. Since we have over 50,000 user accounts in our passwd map it's going to take a long time to look at the first record and each record after that until it finds a match. I've identified the first and last record of our passwd map by doing a "ypcat passwd | head/tail -1". Doing a lookup using the NISAgent on the username of the first record matches quickly as expected, and the last record takes several minutes. Is there anybody that could shed some light on a possible fix to this problem? Does anybody know where the NISAgent requests are logged? I've turned on logging on lookupd and I only see DS function calls. There must be other people out there with large NIS maps and I haven't heard of them experiencing these delays. Any help would be greatly appreciated. Quico -- Francisco "Quico" Gonzalez University of California Davis Computer Lab Management Information and Education Technology email: fmgonzalez@ucdavis.edu phone: 530.754.5587 From jp-www at dcs.gla.ac.uk Wed Dec 10 15:47:00 2003 From: jp-www at dcs.gla.ac.uk (Jonathan Paisley) Date: Thu Nov 3 12:34:12 2005 Subject: NISAgent in lookupd causes delay In-Reply-To: <6A5C1BEC-2B68-11D8-A89D-000A95C4889E@ucdavis.edu> References: <6A5C1BEC-2B68-11D8-A89D-000A95C4889E@ucdavis.edu> Message-ID: <02814D1A-2B6B-11D8-B2A0-000A95A4D990@dcs.gla.ac.uk> On 10 Dec 2003, at 23:27, Francisco Gonzalez wrote: > I'm not a programmer but I've taken a look at both the NISAgent source > and the NIS plugin source. The NIS plugin seems to use ypmatch > function calls and the NISAgent is using yp_first and yp_next calls. > Since we have over 50,000 user accounts in our passwd map it's going > to take a long time to look at the first record and each record after > that until it finds a match. I've identified the first and last record > of our passwd map by doing a "ypcat passwd | head/tail -1". Doing a > lookup using the NISAgent on the username of the first record matches > quickly as expected, and the last record takes several minutes. > > Is there anybody that could shed some light on a possible fix to this > problem? Does anybody know where the NISAgent requests are logged? > I've turned on logging on lookupd and I only see DS function calls. > There must be other people out there with large NIS maps and I haven't > heard of them experiencing these delays. Any help would be greatly > appreciated. > I experienced similar problems whilst attempting to make a 10.3 machine use NIS. Symptoms were very long delays whilst doing most things on the system. I traced it to the NIS yp_first/yp_next behaviour by examining the network traffic to the NIS server with ethereal. It seemed that the entire host, group and user maps were being grabbed for each lookup of the respective type. In the end I gave up with NIS and wrote a tiny script to convert the NIS maps to local files to go in /etc. These can be updated from cron (either by remote disting or the local machine can use ypcat etc). Sorry I can't suggest anything more palatable -- hopefully somebody else will have a better solution! From mylists at serverlogistics.com Wed Dec 10 16:13:55 2003 From: mylists at serverlogistics.com (Aaron Faby) Date: Thu Nov 3 12:34:13 2005 Subject: Openssl & bind 9.3 In-Reply-To: <862ACF4B-2B62-11D8-8FEC-000A95935598@kreme.com> References: <862ACF4B-2B62-11D8-8FEC-000A95935598@kreme.com> Message-ID: <94B3943C-2B6E-11D8-9899-003065512B90@serverlogistics.com> Hello, Usually the argument to --with-openssl is the prefix to which OpenSSL has been installed. On OS X (as with most systems) it is /usr. So the correct argument should be: --with-openssl=/usr If that fails, check config.log. Sometimes configure scripts look for libssl.so and not libssl.dylib, so that can cause it to fail on OS X. That's about all I can think of. Regards, Aaron On Dec 10, 2003, at 2:45 PM, Lukreme wrote: > On 10 Dec 2003, at 15:02, omni_osx_ml@todoo.biz wrote: >> I am trying to compile bind 9.3 (the snapshot that implements DNSSec) >> and am >> facing difficulties because of ssl libraries. I am using OSX v10.3.1 >> with X >> code. >> >> Bind is not able to create his makefile with the provided arguments : >> >> ./configure --with-openssl=/usr/bin/openssl > > Is that right? Usually options like that want a directory with > libraries, not a path to an executable. > > --with-openssl=/usr/include/openssl > > would be my guess (but I have no experience with Bind9 specifically) > >> >> The errors that I have are the following... >> >>> checking for OpenSSL library... using openssl from >>> /usr/bin/openssl/lib and >>> /usr/bin/openssl/include >>> checking whether linking with OpenSSL works... no >>> configure: error: Could not run test program using OpenSSL from >>> /usr/bin/openssl/lib and /usr/bin/openssl/include. > > That pretty much cinches it. > > -- > There's a race of men that don't fit in, > A race that can't stay still > So they break the hearts of kith and kin, > And they roam the world at will. > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > ---------------------------------------------------------------- Aaron Faby Server Logistics aaron@serverlogistics.com Phone: 323-363-9127 http://www.serverlogistics.com Fax: 323-372-3546 http://www.serverlogistics.com/publickeys/aaronfaby.gpgkey ---------------------------------------------------------------- From ian at acces.co.jp Wed Dec 10 16:20:46 2003 From: ian at acces.co.jp (Ian Masters) Date: Thu Nov 3 12:34:13 2005 Subject: Firewall settings file In-Reply-To: <04103C9E-2B20-11D8-A5E2-000393CC5A10@mac.com> Message-ID: Thanks for the reply. That file doesn't exist on either of the 2 systems I have the firewall enabled on. Just to be clear, the firewall is the one set from Server Settings -> Network tab -> Firewall And I'm talking about OS v10.2.8 Thanks Ian Masters > On Wednesday, December 10, 2003, at 02:11 AM, Ian Masters wrote: > >> Could someone be kind enough to point me to where os x server stores >> its >> firewall settings file. Much appreciated. >> > > /Library/Preferences/com.apple.sharing.firewall.plist > > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin From andreas at harmless.de Wed Dec 10 16:22:18 2003 From: andreas at harmless.de (Andreas Mayer) Date: Thu Nov 3 12:34:13 2005 Subject: B/W G3 video question In-Reply-To: <51C4F15A-2B56-11D8-9346-000393C48A5C@wdstudio.com> References: <51C4F15A-2B56-11D8-9346-000393C48A5C@wdstudio.com> Message-ID: <9D44F170-2B6F-11D8-A983-000A957A7AFC@harmless.de> Am 10.12.2003 um 22:17 schrieb Walter Lee Davis: > Can the Rage 128 card in the B/W G3 be used in one of the 33MHz slots, > instead of the 66MHz (top) slot? Yes. At least it's working for me. bye. Andreas. From creed at mac.com Wed Dec 10 16:31:01 2003 From: creed at mac.com (Creed Erickson) Date: Thu Nov 3 12:34:13 2005 Subject: Firewall settings file In-Reply-To: Message-ID: <2771D64E-2B71-11D8-B382-000393CC5A10@mac.com> Perhaps you're running Mac OS X Server. I have no such pref panel "Server Settings." The file /Library/Preferences/com.apple.sharing.firewall.plist exists on all of my machines, both 10.2.8 and 10.3.1, and contains the settings I specified in System Preferences->Sharing->Firewall. On Wednesday, December 10, 2003, at 04:17 PM, Ian Masters wrote: > Thanks for the reply. > > That file doesn't exist on either of the 2 systems I have the firewall > enabled on. > > Just to be clear, the firewall is the one set from Server Settings -> > Network tab -> Firewall > > And I'm talking about OS v10.2.8 > > Thanks > > Ian Masters > >> On Wednesday, December 10, 2003, at 02:11 AM, Ian Masters wrote: >> >>> Could someone be kind enough to point me to where os x server stores >>> its >>> firewall settings file. Much appreciated. >>> >> >> /Library/Preferences/com.apple.sharing.firewall.plist >> >> >> _______________________________________________ >> MacOSX-admin mailing list >> MacOSX-admin@omnigroup.com >> http://www.omnigroup.com/mailman/listinfo/macosx-admin > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From coral at ssmith.com Wed Dec 10 19:08:02 2003 From: coral at ssmith.com (Howzit) Date: Thu Nov 3 12:34:13 2005 Subject: Go> ftp:// mount read/write? Message-ID: I can mount a volume of an FTP host with the Finder's Go > Connect to server feature but even with authentication the volume mounts read only. How can I make it mount read write? NOTE: don't try this on OS X 10.2. I was able to consistently freeze Jaguar machines when attempting to mount FTP volumes that required login and password, anonymous login did not cause the freeze though. Thanks From seiryu at comcast.net Wed Dec 10 19:18:12 2003 From: seiryu at comcast.net (Nick Zitzmann) Date: Thu Nov 3 12:34:13 2005 Subject: Go> ftp:// mount read/write? In-Reply-To: References: Message-ID: <7C1A59D2-2B88-11D8-A482-000A95BB5E12@comcast.net> On Dec 10, 2003, at 7:07 PM, Howzit wrote: > I can mount a volume of an FTP host with the Finder's Go > Connect to > server > feature but even with authentication the volume mounts read only. > > How can I make it mount read write? You can't; you need to use an FTP client to write to FTP servers. Nick Zitzmann S/MIME signature available upon request "That's a funny thing to promise. Well, you can't never let anything happen to him [Nemo]; then, nothing would ever happen to him." - Dory, from the movie "Finding Nemo" From dev+lists at humph.com Thu Dec 11 02:50:06 2003 From: dev+lists at humph.com (Giuliano Gavazzi) Date: Thu Nov 3 12:34:13 2005 Subject: Openssl & bind 9.3 In-Reply-To: References: Message-ID: At 11:34 pm +0100 2003/12/10, Giuliano Gavazzi wrote: >At 11:02 pm +0100 2003/12/10, omni_osx_ml@todoo.biz wrote: >>Hello, >> >>I am trying to compile bind 9.3 (the snapshot that implements DNSSec) and am >>facing difficulties because of ssl libraries. I am using OSX v10.3.1 with X >>code. >> >>Bind is not able to create his makefile with the provided arguments : >> >>./configure --with-openssl=/usr/bin/openssl >> > >I guess --with-openssl=/System/Library/OpenSSL > I just compiled 9.2.3 using these flags and it works, but of course, I think any directory would have done... just not a file! Nevertheless I would say that that *is* the correct location to give. Why are you using 9.3 anyway, the latest snapshot I can find is about a year old, I would not trust that over 9.2.3 (about a month old). I have tested the flag I gave against bind-9.3.0s20021217 anyway, and it compiles. Giuliano -- H U M P H || ||| software Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X http://www.humph.com/ From scott at hastings.com Thu Dec 11 08:47:01 2003 From: scott at hastings.com (Larry Scott Hastings) Date: Thu Nov 3 12:34:13 2005 Subject: Repair in Austin, TX Message-ID: Can anyone make a recommendation for a repair facility in Austin, TX? My B&W G3 now won't boot. I was having trouble with video; If I'd ever reboot, the screen would be blank or a mess - leaving it unplugged overnight usually fixed the problem. I bought a new video card (Radeon 7000), which seemed to fix the problem until last night. Now, the machine won't even chime when powering up. Here's wishing there was an Apple Store in Austin... -- Hook'em --Scott H. From root at nimug.org Thu Dec 11 10:01:56 2003 From: root at nimug.org (root@nimug.org) Date: Thu Nov 3 12:34:13 2005 Subject: Repair in Austin, TX In-Reply-To: References: Message-ID: <66A2B0D8-2C03-11D8-AA97-000A95DC1742@nimug.org> On 11 Dec 2003, at 16:45, Larry Scott Hastings wrote: > Can anyone make a recommendation for a repair facility in Austin, TX? AppleCare US is based in Austin innit? There are 75 Resellers in Austin according to Apple. Im sure one of them has a certified engineer. From stevebyan at mac.com Thu Dec 11 10:37:02 2003 From: stevebyan at mac.com (Steve Byan) Date: Thu Nov 3 12:34:13 2005 Subject: [OT] Unraveling a .PST file on a Mac without the benefit of an Exchange server In-Reply-To: <200311250144.hAP1iYqT013462@slowbro.omnigroup.com> References: <200311250144.hAP1iYqT013462@slowbro.omnigroup.com> Message-ID: On Nov 24, 2003, at 8:44 PM, macosx-admin-request@omnigroup.com wrote: > Message: 7 > Cc: macosx-admin > From: Walter Lee Davis > Subject: Re: [OT] Unraveling a .PST file on a Mac without the benefit > of an Exchange server > Date: Sun, 23 Nov 2003 16:38:55 -0500 > To: Suraj Rai > > Thanks, that seems to be the consensus. I guess I will have to locate > one of those Windows machines that people are always nattering on > about. Don't have any near me. > > Walter Even if you find a Windows machine, you'll still need the Exchange server and an account on it. If you can't snag one of those, then one of these two alternatives may help. They only need a Windows machine with the Outlook client; no server needed. The reason you still need the Windows machine and Outlook Client is that the only code on earth that understands the file format is inside Outlook Client. These utilities use Outlook's OLE scripting interface to use that code to access the file and return the contents. Regards, -Steve Personal Message Store (PST) Export Utility 1.0 Stephen Genusa (steve at genusa.com) What PMSEU Does PMSEU was designed to export Internet messages out of Outlook while preserving the Internet headers during export. One of our company folders had nearly 30,000 messages in it. Try doing a text search across a folder that large! Why not use Outlook's Export feature? Outlook's "export" function strips all the useful Internet message header information as well, making their export worthless for our needs. Using PMSEU, what we've done is to export all our message data into another software package that indexes the text providing "instant" search features. at http://www.genusa.com/utils/pmseu.htm What is Outport Outport aims to be a generic program for exporting date from Outlook (Outlook + export = Outport. Original eh? :-) ) to various email/pim programs. It currently it can export to the Contact, Calendar and Task formats of Evolution, plus a number of generic formats supported by Outlook itself (Rich Text Format, HTML, vCalendar, vCard, iCalendar, etc). I've tested this with Outlook 2000 and most releases of Evolution 1.0.x and 1.2.x. I have not tested this with any other version of Outlook. I've received some reports of success with Outlook XP (and some bugs). at http://outport.sourceforge.net/ -------- Steve Byan or From waltd at wdstudio.com Thu Dec 11 11:06:02 2003 From: waltd at wdstudio.com (Walter Lee Davis) Date: Thu Nov 3 12:34:13 2005 Subject: [OT] Unraveling a .PST file on a Mac without the benefit of an Exchange server In-Reply-To: References: <200311250144.hAP1iYqT013462@slowbro.omnigroup.com> Message-ID: Thanks very much. These look like excellent suggestions. Walter On Dec 11, 2003, at 1:35 PM, Steve Byan wrote: > > On Nov 24, 2003, at 8:44 PM, macosx-admin-request@omnigroup.com wrote: > >> Message: 7 >> Cc: macosx-admin >> From: Walter Lee Davis >> Subject: Re: [OT] Unraveling a .PST file on a Mac without the benefit >> of an Exchange server >> Date: Sun, 23 Nov 2003 16:38:55 -0500 >> To: Suraj Rai >> >> Thanks, that seems to be the consensus. I guess I will have to locate >> one of those Windows machines that people are always nattering on >> about. Don't have any near me. >> >> Walter > > Even if you find a Windows machine, you'll still need the Exchange > server and an account on it. If you can't snag one of those, then one > of these two alternatives may help. They only need a Windows machine > with the Outlook client; no server needed. > > The reason you still need the Windows machine and Outlook Client is > that the only code on earth that understands the file format is inside > Outlook Client. These utilities use Outlook's OLE scripting interface > to use that code to access the file and return the contents. > > Regards, > -Steve > > > Personal Message Store (PST) Export Utility 1.0 > > Stephen Genusa (steve at genusa.com) > > What PMSEU Does > > PMSEU was designed to export Internet messages out of Outlook while > preserving the Internet headers during export. One of our company > folders had nearly 30,000 messages in it. Try doing a text search > across a folder that large! Why not use Outlook's Export feature? > Outlook's "export" function strips all the useful Internet message > header information as well, making their export worthless for our > needs. Using PMSEU, what we've done is to export all our message data > into another software package that indexes the text providing > "instant" search features. > > at http://www.genusa.com/utils/pmseu.htm > > > What is Outport > > Outport aims to be a generic program for exporting date from Outlook > (Outlook + export = Outport. Original eh? :-) ) to various email/pim > programs. It currently it can export to the Contact, Calendar and Task > formats of Evolution, plus a number of generic formats supported by > Outlook itself (Rich Text Format, HTML, vCalendar, vCard, iCalendar, > etc). I've tested this with Outlook 2000 and most releases of > Evolution 1.0.x and 1.2.x. I have not tested this with any other > version of Outlook. I've received some reports of success with Outlook > XP (and some bugs). > > at http://outport.sourceforge.net/ > -------- > Steve Byan or > From listor at melin.org Thu Dec 11 13:34:29 2003 From: listor at melin.org (Joacim Melin) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? Message-ID: <7C8B1D80-2C21-11D8-912B-000A95A01788@melin.org> http://www.carrel.org/dhcp-vuln.html /j ------------------------------------------------------------------------ joacim melin > http://z80.org > joacim at melin dot org ------------------------------------------------------------------------ From leonvs at occam.com Thu Dec 11 13:42:53 2003 From: leonvs at occam.com (Leon Towns-von Stauber) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: <7C8B1D80-2C21-11D8-912B-000A95A01788@melin.org> Message-ID: > http://www.carrel.org/dhcp-vuln.html Have you checked the list archives before posting? The answer to your question is there. _____________________________________________________________ Leon Towns-von Stauber http://www.occam.com/leonvs/ "We have not come to save you, but you will not die in vain!" From jwelch at aer.com Thu Dec 11 13:51:28 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: <7C8B1D80-2C21-11D8-912B-000A95A01788@melin.org> Message-ID: On 12/11/03 3:32 PM, "Joacim Melin" wrote: > http://www.carrel.org/dhcp-vuln.html Yes, and if you read rfc2131, you realize there is no security whatsoever in DHCP, so *any* DHCP use is a security crapshoot. Barring approval of rfc3118 or something similar, I don't see it changing anytime soon. john -- Cum catapultae proscriptae erunt tum soli proscript catapultas habebunt. (When catapults are outlawed, only outlaws will have catapults.) Jeff La Grua From listor at melin.org Thu Dec 11 13:55:27 2003 From: listor at melin.org (Joacim Melin) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: References: Message-ID: You can just answer yes or no. No point being an asshole about it. /j ------------------------------------------------------------------------ joacim melin > http://z80.org > joacim at melin dot org ------------------------------------------------------------------------ On Dec 11, 2003, at 10:40 PM, Leon Towns-von Stauber wrote: >> http://www.carrel.org/dhcp-vuln.html > > Have you checked the list archives before posting? The answer > to your question is there. > > _____________________________________________________________ > Leon Towns-von Stauber http://www.occam.com/leonvs/ > "We have not come to save you, but you will not die in vain!" > From leonvs at occam.com Thu Dec 11 14:16:07 2003 From: leonvs at occam.com (Leon Towns-von Stauber) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: Message-ID: <88C59A7E-2C27-11D8-83DC-003065A76B44@occam.com> > You can just answer yes or no. No point being an asshole about it. I apologize, that came out a bit snippier than I'd intended. I guess I'm extra-sensitive about this one because I think this "vulnerability report" has already gotten way more attention than it deserves. >>> http://www.carrel.org/dhcp-vuln.html >> >> Have you checked the list archives before posting? The answer >> to your question is there. _____________________________________________________________ Leon Towns-von Stauber http://www.occam.com/leonvs/ "We have not come to save you, but you will not die in vain!" From ssen at opendarwin.org Thu Dec 11 14:25:12 2003 From: ssen at opendarwin.org (Shantonu Sen) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: <88C59A7E-2C27-11D8-83DC-003065A76B44@occam.com> References: <88C59A7E-2C27-11D8-83DC-003065A76B44@occam.com> Message-ID: I did not think Leon's response was particular assholish... Part of participating in a forum such as this is being respectful of not wasting other peoples time or your own by reading what other people have discussed on this topic. If people think DHCP is insecure, wait until they realize the trust implications of Rendezvous, or lack thereof. These systems are designed to enable communication, not replace other trust mechanisms. Shantonu On Dec 11, 2003, at 2:15 PM, Leon Towns-von Stauber wrote: >> You can just answer yes or no. No point being an asshole about it. > > I apologize, that came out a bit snippier than I'd intended. > I guess I'm extra-sensitive about this one because I think this > "vulnerability report" has already gotten way more attention > than it deserves. > >>>> http://www.carrel.org/dhcp-vuln.html >>> >>> Have you checked the list archives before posting? The answer >>> to your question is there. > > _____________________________________________________________ > Leon Towns-von Stauber http://www.occam.com/leonvs/ > "We have not come to save you, but you will not die in vain!" > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin From chrisanders at mac.com Thu Dec 11 15:26:01 2003 From: chrisanders at mac.com (Chris Anders) Date: Thu Nov 3 12:34:13 2005 Subject: OT: RS6000 Message-ID: <4E10660E-2C31-11D8-A6F2-00039371866C@mac.com> Hi, sorry for the OT, but maybe someone in the list can help me: I'm looking for such a thing as described here: http://de.sun.com/Produkte/Hardware/Workstations/SunPCi/index.html for an IBM RS6000. So - if somebody knows about it maybe she/he would contact me via private mail and point me to some resource where I can find out more. Thanks in advance Chris -- I just found out that the brain is like a computer. If that's true, then there really aren't any stupid people. Just people running Windows. From shoop at iwiring.net Thu Dec 11 16:06:06 2003 From: shoop at iwiring.net (Dan Shoop) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: <88C59A7E-2C27-11D8-83DC-003065A76B44@occam.com> References: <88C59A7E-2C27-11D8-83DC-003065A76B44@occam.com> Message-ID: At 2:15 PM -0800 12/11/03, Leon Towns-von Stauber wrote: >>You can just answer yes or no. No point being an asshole about it. > >I apologize, that came out a bit snippier than I'd intended. >I guess I'm extra-sensitive about this one because I think this >"vulnerability report" has already gotten way more attention >than it deserves. That is it deserves *no* attention. It looked to me like a poor attempt to capture some attention. The sad thing is Apple had to devote resources to counter it, posts like these got spread like wildfire. Even some of the trade magazines fell for it. The issue is well known, one of those "that's just the way things work" things. It's far from specific to Apple too, but Apple does have some services that others don't that are also effected, but big deal. Can I see a show of hands of people who run DHCP servers over the public Internet? That's what I thought. -- -dhan ------------------------------------------------------------------------ Dan Shoop shoop@iwiring.net Consulting Internet Architect shoop@mac.com AIM: iWiring pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring designs and supports Internet systems and networks based on Mac OS X, unix(tm), and Open Source applications technologies and offers 24x7, guaranteed support to registered clients. How can we help? From robinmcf at altern.org Thu Dec 11 16:53:02 2003 From: robinmcf at altern.org (Robin) Date: Thu Nov 3 12:34:13 2005 Subject: installing ming on Jaguar Message-ID: <64BC02DC-2C3D-11D8-82F9-00039386EEA6@altern.org> I'm attempting to install the ming2.0a lib, there are some errors being thrown up by make (included below) and that's as far as I get. Digging around on the web I found a Darwin/OSX patch but not instructions on how to use said patch, beyond those on the webpage, and I'm not using fink. http://www.haque.net/software/ http://www.haque.net/software/patches/ming-0.2a-mhaque-darwin- jaguar.patch.gz any suggestions/ links welcomed Robin Make output: cd src && make dynamic gcc -g -Wall -c -o movie.o movie.c gcc -g -Wall -c -o displaylist.o displaylist.c gcc -g -Wall -c -o blocklist.o blocklist.c gcc -g -Wall -c -o position.o position.c gcc -g -Wall -c -o movieclip.o movieclip.c gcc -g -Wall -c -o shape_util.o shape_util.c gcc -g -Wall -c -o shape_cubic.o shape_cubic.c shape_cubic.c: In function `subdivideCubicLeft': shape_cubic.c:53: warning: implicit declaration of function `memcpy' gcc -g -Wall -c -o text_util.o text_util.c gcc -g -Wall -c -o fill.o fill.c gcc -g -Wall -c -o ming.o ming.c cd blocks && make gcc -g -Wall -c -o output.o output.c gcc -g -Wall -c -o character.o character.c gcc -g -Wall -c -o shape.o shape.c gcc -g -Wall -c -o morph.o morph.c gcc -g -Wall -c -o fillstyle.o fillstyle.c gcc -g -Wall -c -o matrix.o matrix.c gcc -g -Wall -c -o font.o font.c gcc -g -Wall -c -o block.o block.c gcc -g -Wall -c -o cxform.o cxform.c gcc -g -Wall -c -o text.o text.c gcc -g -Wall -c -o action.o action.c gcc -g -Wall -c -o button.o button.c gcc -g -Wall -c -o placeobject.o placeobject.c gcc -g -Wall -c -o outputblock.o outputblock.c gcc -g -Wall -c -o method.o method.c gcc -g -Wall -c -o sprite.o sprite.c gcc -g -Wall -c -o fontinfo.o fontinfo.c gcc -g -Wall -c -o loadfont.o loadfont.c gcc -g -Wall -c -o rect.o rect.c gcc -g -Wall -c -o jpeg.o jpeg.c gcc -g -Wall -c -o soundstream.o soundstream.c gcc -g -Wall -c -o mp3.o mp3.c gcc -g -Wall -c -o textfield.o textfield.c gcc -g -Wall -c -o browserfont.o browserfont.c gcc -g -Wall -c -o dbl.o dbl.c gcc -g -Wall -c -o linestyle.o linestyle.c gcc -g -Wall -c -o gradient.o gradient.c gcc -g -Wall -c -o bitmap.o bitmap.c gcc -g -Wall -c -o error.o error.c error.c: In function `error_default': error.c:23: warning: implicit declaration of function `exit' gcc -g -Wall -c -o input.o input.c cd actioncompiler && make gcc -g -Wall -c -o compile.o compile.c gcc -g -Wall -c -o listaction.o listaction.c flex -i -Pswf4 swf4compiler.flex gcc -g -Wall -c -o lex.swf4.o lex.swf4.c flex -i -Pswf5 swf5compiler.flex gcc -g -Wall -c -o lex.swf5.o lex.swf5.c bison -p swf5 swf5compiler.y swf5compiler.y contains 26 shift/reduce conflicts and 63 reduce/reduce conflicts. gcc -g -Wall -c -o swf5compiler.tab.o swf5compiler.tab.c bison -p swf4 swf4compiler.y swf4compiler.y contains 49 shift/reduce conflicts and 42 reduce/reduce conflicts. gcc -g -Wall -c -o swf4compiler.tab.o swf4compiler.tab.c gcc -g -Wall -c -o assembler.o assembler.c gcc -g -Wall -c -o compileaction.o compileaction.c gcc -g -Wall movie.o displaylist.o blocklist.o position.o movieclip.o shape_util.o shape_cubic.o text_util.o fill.o ming.o actioncompiler/compile.o actioncompiler/swf4compiler.tab.o actioncompiler/lex.swf4.o actioncompiler/swf5compiler.tab.o actioncompiler/lex.swf5.o actioncompiler/compileaction.o actioncompiler/assembler.o blocks/*.o -shared -fpic \ -o libming.so gcc: unrecognized option `-shared' ld: Undefined symbols: _main make[1]: *** [dynamic] Error 1 make: *** [dynamic] Error 2 From lists at colorremedies.com Thu Dec 11 19:32:53 2003 From: lists at colorremedies.com (Chris Murphy) Date: Thu Nov 3 12:34:13 2005 Subject: You cannot install OS X on this volume Message-ID: <73577AF4-2C51-11D8-8AF5-0003934CBC52@colorremedies.com> Got a 500Mhz cube, and stuck in a 160GM Maxtor. It formats fine, but the installer say it's not possible to install or startup from this volume. I'm wondering if this has something to do with the 137G limit since the Cube only has ATA/66? While nothing special is needed to use a bigger drive (it just gets limited to 137G), in order to actually boot from such a drive maybe requires ATA/133. Yes? Or is something else going on here? Chris Murphy Color Remedies (TM) www.colorremedies.com/realworldcolor --------------------------------------------------------- Co-author "Real World Color Management" Published by PeachPit Press (ISBN 0-201-77340-6) From chergr at bigpond.com Thu Dec 11 20:09:20 2003 From: chergr at bigpond.com (Richard Rothwell) Date: Thu Nov 3 12:34:13 2005 Subject: installing ming on Jaguar In-Reply-To: <64BC02DC-2C3D-11D8-82F9-00039386EEA6@altern.org> Message-ID: <671C4AB2-2C57-11D8-A512-0050E4605519@bigpond.com> I vaguely recollect compiling the fink version of ming (the flash thing) but it had some byte-ordering issues so it now is a project waiting for me to discover free time. On Friday, December 12, 2003, at 11:52 AM, Robin wrote: > > > I'm attempting to install the ming2.0a lib, there are some errors > being thrown up by make (included below) and that's as far as I get. > > Digging around on the web I found a Darwin/OSX patch but not > instructions on how to use said patch, beyond those on the webpage, > and I'm not using fink. > > http://www.haque.net/software/ > > http://www.haque.net/software/patches/ming-0.2a-mhaque-darwin- > jaguar.patch.gz > > > > any suggestions/ links welcomed > > > Robin > > > > > Make output: > > cd src && make dynamic > gcc -g -Wall -c -o movie.o movie.c > gcc -g -Wall -c -o displaylist.o displaylist.c > gcc -g -Wall -c -o blocklist.o blocklist.c > gcc -g -Wall -c -o position.o position.c > gcc -g -Wall -c -o movieclip.o movieclip.c > gcc -g -Wall -c -o shape_util.o shape_util.c > gcc -g -Wall -c -o shape_cubic.o shape_cubic.c > shape_cubic.c: In function `subdivideCubicLeft': > shape_cubic.c:53: warning: implicit declaration of function `memcpy' > gcc -g -Wall -c -o text_util.o text_util.c > gcc -g -Wall -c -o fill.o fill.c > gcc -g -Wall -c -o ming.o ming.c > cd blocks && make > gcc -g -Wall -c -o output.o output.c > gcc -g -Wall -c -o character.o character.c > gcc -g -Wall -c -o shape.o shape.c > gcc -g -Wall -c -o morph.o morph.c > gcc -g -Wall -c -o fillstyle.o fillstyle.c > gcc -g -Wall -c -o matrix.o matrix.c > gcc -g -Wall -c -o font.o font.c > gcc -g -Wall -c -o block.o block.c > gcc -g -Wall -c -o cxform.o cxform.c > gcc -g -Wall -c -o text.o text.c > gcc -g -Wall -c -o action.o action.c > gcc -g -Wall -c -o button.o button.c > gcc -g -Wall -c -o placeobject.o placeobject.c > gcc -g -Wall -c -o outputblock.o outputblock.c > gcc -g -Wall -c -o method.o method.c > gcc -g -Wall -c -o sprite.o sprite.c > gcc -g -Wall -c -o fontinfo.o fontinfo.c > gcc -g -Wall -c -o loadfont.o loadfont.c > gcc -g -Wall -c -o rect.o rect.c > gcc -g -Wall -c -o jpeg.o jpeg.c > gcc -g -Wall -c -o soundstream.o soundstream.c > gcc -g -Wall -c -o mp3.o mp3.c > gcc -g -Wall -c -o textfield.o textfield.c > gcc -g -Wall -c -o browserfont.o browserfont.c > gcc -g -Wall -c -o dbl.o dbl.c > gcc -g -Wall -c -o linestyle.o linestyle.c > gcc -g -Wall -c -o gradient.o gradient.c > gcc -g -Wall -c -o bitmap.o bitmap.c > gcc -g -Wall -c -o error.o error.c > error.c: In function `error_default': > error.c:23: warning: implicit declaration of function `exit' > gcc -g -Wall -c -o input.o input.c > cd actioncompiler && make > gcc -g -Wall -c -o compile.o compile.c > gcc -g -Wall -c -o listaction.o listaction.c > flex -i -Pswf4 swf4compiler.flex > gcc -g -Wall -c -o lex.swf4.o lex.swf4.c > flex -i -Pswf5 swf5compiler.flex > gcc -g -Wall -c -o lex.swf5.o lex.swf5.c > bison -p swf5 swf5compiler.y > swf5compiler.y contains 26 shift/reduce conflicts and 63 reduce/reduce > conflicts. > gcc -g -Wall -c -o swf5compiler.tab.o swf5compiler.tab.c > bison -p swf4 swf4compiler.y > swf4compiler.y contains 49 shift/reduce conflicts and 42 reduce/reduce > conflicts. > gcc -g -Wall -c -o swf4compiler.tab.o swf4compiler.tab.c > gcc -g -Wall -c -o assembler.o assembler.c > gcc -g -Wall -c -o compileaction.o compileaction.c > gcc -g -Wall movie.o displaylist.o blocklist.o position.o movieclip.o > shape_util.o shape_cubic.o text_util.o fill.o ming.o > actioncompiler/compile.o actioncompiler/swf4compiler.tab.o > actioncompiler/lex.swf4.o actioncompiler/swf5compiler.tab.o > actioncompiler/lex.swf5.o actioncompiler/compileaction.o > actioncompiler/assembler.o blocks/*.o -shared -fpic \ > -o libming.so > gcc: unrecognized option `-shared' > ld: Undefined symbols: > _main > make[1]: *** [dynamic] Error 1 > make: *** [dynamic] Error 2 > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From lists at colorremedies.com Thu Dec 11 20:54:01 2003 From: lists at colorremedies.com (Chris Murphy) Date: Thu Nov 3 12:34:13 2005 Subject: You cannot install OS X on this volume Message-ID: <039E537B-2C5F-11D8-8AF5-0003934CBC52@colorremedies.com> This is too weird. So OS X 10.2 installed fine, and then booted fine on this same drive. I restart off the 10.3 CD and it won't let me install. What's up with that? Chris Murphy Color Remedies (TM) www.colorremedies.com/realworldcolor --------------------------------------------------------- Co-author "Real World Color Management" Published by PeachPit Press (ISBN 0-201-77340-6) From robinmcf at altern.org Fri Dec 12 00:32:14 2003 From: robinmcf at altern.org (Robin) Date: Thu Nov 3 12:34:13 2005 Subject: installing ming on Jaguar success(long-ish) In-Reply-To: <64BC02DC-2C3D-11D8-82F9-00039386EEA6@altern.org> Message-ID: <773D552B-2C7B-11D8-82F9-00039386EEA6@altern.org> I'm crossposting this into the OSX perl mailing list as I was basically trying to get ming to work with perl. Where I left off - stymied at getting the ming lib ( http://www.opaque.net/ming/ ) to compile (original post appended at end of this one), so I went back and read the instructions for the OSX Jaguar patch ( http://www.haque.net/software/ ), which say "........'zcat ming-0.2a-mhaque-darwin-jaguar.patch.gz | patch -p0' while in the ming directory ...." Being new to dealing with ports to OSX I had no idea what that meant, so after reading through the man pages for zcat, flex, bison, and patch (old Unix hands no laughing please) I figured out that typing the above line with correct paths in the terminal would actually modify the ming make file. Make file thus patched, I ran make and, a couple or warnings aside, everything seemed groovey, then make install and lo I now have the following in /usr/lib: libming.a libming.dylib libming.so libming.so.0 libming.so.0.2 Next I went on to install the perl wrapper which comes wih the distro using the standard proceedure for perl modules perl Makefile.PL make make test make install make test output thus: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/00_basic....ok t/01_shape....ok t/03_movie....ok t/button......ok t/drag........ok t/fill........ok t/filljpeg....Test header seen more than once! t/filljpeg....FAILED tests 1-2 Failed 2/2 tests, 0.00% okay t/gradient....ok t/png.........Test header seen more than once! t/png.........FAILED test 1 Failed 1/1 tests, 0.00% okay t/sound.......Test header seen more than once! t/sound.......FAILED tests 1-3 Failed 3/3 tests, 0.00% okay t/sprite......ok Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------ ------- t/filljpeg.t 2 2 100.00% 1-2 t/png.t 1 1 100.00% 1 t/sound.t 3 3 100.00% 1-3 Failed 3/11 test scripts, 72.73% okay. 6/26 subtests failed, 76.92% okay. make: *** [test_dynamic] Error 2 Not knowing if these tests were crucial or not I forced the install Next I run a test script to see if I have a working distro or not: #!/usr/bin/perl -w use strict; use SWF qw(:ALL); my($font,$movie,$text); SWF::setScale(1.0); $font = new SWF::Font("/Users/robin/Desktop/serif.fdb"); $text = new SWF::Text(); $text->setFont($font); $text->moveTo(200, 2400); $text->setColor(0xff, 0xff, 0x99); $text->setHeight(1000); $text->addString("It works!"); $movie = new SWF::Movie(); $movie->setDimension(5400, 3600); $movie->add($text); $movie->save("/Users/robin/Desktop/SWFtest.swf"); this failed because there was no .fdb file on my computer, Flash needs a special font definition for each font used apparently, but luckily O'Reilly has a book out about Perl and graphics and the author has a .fdb file on his web site: http://shawn.apocabilly.org/PGP/examples/serif.fdb Once I'd downloaded the .fdb, and ammended the script, I got it to run, and I could view the sweat of my labours as it were. So there you go open source flash animations. Oh and just incase you didn't know Quicktime viewer can handle raw SWF files. I'm hoping to produce animations with sound using ming/perl, anyone interested in knowing how and if the project develops drop me a line off list. On Friday, December 12, 2003, at 09:52 am, Robin wrote: > > > I'm attempting to install the ming2.0a lib, there are some errors > being thrown up by make (included below) and that's as far as I get. > > Digging around on the web I found a Darwin/OSX patch but not > instructions on how to use said patch, beyond those on the webpage, > and I'm not using fink. > > http://www.haque.net/software/ > > http://www.haque.net/software/patches/ming-0.2a-mhaque-darwin- > jaguar.patch.gz > > > > any suggestions/ links welcomed > > > Robin > > > > > Make output: > > cd src && make dynamic > gcc -g -Wall -c -o movie.o movie.c > gcc -g -Wall -c -o displaylist.o displaylist.c > gcc -g -Wall -c -o blocklist.o blocklist.c > gcc -g -Wall -c -o position.o position.c > gcc -g -Wall -c -o movieclip.o movieclip.c > gcc -g -Wall -c -o shape_util.o shape_util.c > gcc -g -Wall -c -o shape_cubic.o shape_cubic.c > shape_cubic.c: In function `subdivideCubicLeft': > shape_cubic.c:53: warning: implicit declaration of function `memcpy' > gcc -g -Wall -c -o text_util.o text_util.c > gcc -g -Wall -c -o fill.o fill.c > gcc -g -Wall -c -o ming.o ming.c > cd blocks && make > gcc -g -Wall -c -o output.o output.c > gcc -g -Wall -c -o character.o character.c > gcc -g -Wall -c -o shape.o shape.c > gcc -g -Wall -c -o morph.o morph.c > gcc -g -Wall -c -o fillstyle.o fillstyle.c > gcc -g -Wall -c -o matrix.o matrix.c > gcc -g -Wall -c -o font.o font.c > gcc -g -Wall -c -o block.o block.c > gcc -g -Wall -c -o cxform.o cxform.c > gcc -g -Wall -c -o text.o text.c > gcc -g -Wall -c -o action.o action.c > gcc -g -Wall -c -o button.o button.c > gcc -g -Wall -c -o placeobject.o placeobject.c > gcc -g -Wall -c -o outputblock.o outputblock.c > gcc -g -Wall -c -o method.o method.c > gcc -g -Wall -c -o sprite.o sprite.c > gcc -g -Wall -c -o fontinfo.o fontinfo.c > gcc -g -Wall -c -o loadfont.o loadfont.c > gcc -g -Wall -c -o rect.o rect.c > gcc -g -Wall -c -o jpeg.o jpeg.c > gcc -g -Wall -c -o soundstream.o soundstream.c > gcc -g -Wall -c -o mp3.o mp3.c > gcc -g -Wall -c -o textfield.o textfield.c > gcc -g -Wall -c -o browserfont.o browserfont.c > gcc -g -Wall -c -o dbl.o dbl.c > gcc -g -Wall -c -o linestyle.o linestyle.c > gcc -g -Wall -c -o gradient.o gradient.c > gcc -g -Wall -c -o bitmap.o bitmap.c > gcc -g -Wall -c -o error.o error.c > error.c: In function `error_default': > error.c:23: warning: implicit declaration of function `exit' > gcc -g -Wall -c -o input.o input.c > cd actioncompiler && make > gcc -g -Wall -c -o compile.o compile.c > gcc -g -Wall -c -o listaction.o listaction.c > flex -i -Pswf4 swf4compiler.flex > gcc -g -Wall -c -o lex.swf4.o lex.swf4.c > flex -i -Pswf5 swf5compiler.flex > gcc -g -Wall -c -o lex.swf5.o lex.swf5.c > bison -p swf5 swf5compiler.y > swf5compiler.y contains 26 shift/reduce conflicts and 63 reduce/reduce > conflicts. > gcc -g -Wall -c -o swf5compiler.tab.o swf5compiler.tab.c > bison -p swf4 swf4compiler.y > swf4compiler.y contains 49 shift/reduce conflicts and 42 reduce/reduce > conflicts. > gcc -g -Wall -c -o swf4compiler.tab.o swf4compiler.tab.c > gcc -g -Wall -c -o assembler.o assembler.c > gcc -g -Wall -c -o compileaction.o compileaction.c > gcc -g -Wall movie.o displaylist.o blocklist.o position.o movieclip.o > shape_util.o shape_cubic.o text_util.o fill.o ming.o > actioncompiler/compile.o actioncompiler/swf4compiler.tab.o > actioncompiler/lex.swf4.o actioncompiler/swf5compiler.tab.o > actioncompiler/lex.swf5.o actioncompiler/compileaction.o > actioncompiler/assembler.o blocks/*.o -shared -fpic \ > -o libming.so > gcc: unrecognized option `-shared' > ld: Undefined symbols: > _main > make[1]: *** [dynamic] Error 1 > make: *** [dynamic] Error 2 > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From mjwise at kapu.net Fri Dec 12 02:19:06 2003 From: mjwise at kapu.net (Michael J Wise) Date: Thu Nov 3 12:34:13 2005 Subject: You cannot install OS X on this volume In-Reply-To: <73577AF4-2C51-11D8-8AF5-0003934CBC52@colorremedies.com> References: <73577AF4-2C51-11D8-8AF5-0003934CBC52@colorremedies.com> Message-ID: On Dec 11, 2003, at 5:15 PM, Chris Murphy wrote: > Got a 500Mhz cube, and stuck in a 160GM Maxtor. It formats fine, ... Formatted using what? Formatted as what? (HFS Plus, I trust?) Aloha mai Nai`a! -- "Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy..." From dev+lists at humph.com Fri Dec 12 03:17:01 2003 From: dev+lists at humph.com (Giuliano Gavazzi) Date: Thu Nov 3 12:34:13 2005 Subject: Openssl & bind 9.3 In-Reply-To: References: Message-ID: I have run the test suite of both bind-9.3.0s20021217 and bind-9.2.3, far more tests fail in 9.3, perhaps this is due to the test suite itself, I did not investigate much, but a look at the output makes me think that there are problems with 9.3. Giuliano -- H U M P H || ||| software Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X http://www.humph.com/ From bsilver at chrononomicon.com Fri Dec 12 05:09:03 2003 From: bsilver at chrononomicon.com (Bart Silverstrim) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: References: <88C59A7E-2C27-11D8-83DC-003065A76B44@occam.com> Message-ID: <5C9F1E7C-2CA4-11D8-A5AA-000A956D2452@chrononomicon.com> On Dec 11, 2003, at 7:04 PM, Dan Shoop wrote: > At 2:15 PM -0800 12/11/03, Leon Towns-von Stauber wrote: >>> You can just answer yes or no. No point being an asshole about it. >> >> I apologize, that came out a bit snippier than I'd intended. >> I guess I'm extra-sensitive about this one because I think this >> "vulnerability report" has already gotten way more attention >> than it deserves. > > That is it deserves *no* attention. It looked to me like a poor > attempt to capture some attention. > > The sad thing is Apple had to devote resources to counter it, posts > like these got spread like wildfire. Even some of the trade magazines > fell for it. > > The issue is well known, one of those "that's just the way things > work" things. It's far from specific to Apple too, but Apple does have > some services that others don't that are also effected, but big deal. > > Can I see a show of hands of people who run DHCP servers over the > public Internet? > > That's what I thought. > -- > > -dhan > Would it be "safer" if there were a way to select what services DHCP could and could not fill in, like a mask over settable attributes? that way you'd know what can and could not be reset... I know it would be a bigger pain in some cases to configure on a large number of machines unless you were installing via image over a network, but I would think it would be handy for an iBooker like me who may find himself traveling to "foreign" networks. I want to get DNS, gateway, and an IP and mask. Proxy, if there is one. I didn't realize that the DHCP could, in theory, end up injecting data that would allow a new user into my system. Maybe I'm just naive :-) I am relatively new to OS X, and was surprised to hear to the extent that the OS X server's management could take over my iBook without me knowing; at a trade show I spoke to an apple tech who told me that in certain environments if they set up their server to do so and my iBook grabbed config info from them, they could "manage" my notebook and it could automatically lock me out of of my configuration information, applications, etc. until I left their Airport's range. they weren't really clear on how to not authenticate to their system, though...I was still surprised because it sounded like waking my notebook from sleep near them could have them take control over the notebook in it's default configuration. Even the DHCP "problem" can't seem to be fixed unless I disable DHCP... but I *need* DHCP for the environments I go to often. Personally some way to mask what can and can't be set would be a good solution to me, but maybe I'm overlooking something. -Bart From jwelch at aer.com Fri Dec 12 05:32:03 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: <5C9F1E7C-2CA4-11D8-A5AA-000A956D2452@chrononomicon.com> Message-ID: On 12/12/03 7:09 AM, "Bart Silverstrim" wrote: > Even the DHCP "problem" can't seem to be fixed unless I disable DHCP... > but I *need* DHCP for the environments I go to often. Personally some > way to mask what can and can't be set would be a good solution to me, > but maybe I'm overlooking something. You're overlooking that you would have a non-standard DHCP implementation that probably would cause problems with other systems. That's also not fixing the problem of DHCP, which is a total lack of authentication. For that, we need RFC3118 to become a standard. john -- "There may be no stupid questions, but there are an awful lot of inquisitive idiots" -Bill, digital.forest tech support From lists at mostrom.pp.se Fri Dec 12 05:34:17 2003 From: lists at mostrom.pp.se (Jan Erik =?iso-8859-1?Q?Mostr=F6m?=) Date: Thu Nov 3 12:34:13 2005 Subject: lpr printing port Message-ID: I've just installed Panther on a machine and is testing this on out network. One problem is that when I configure it for using lpr printing it seems to use a port number > 50000 while our printserver expects contact on a port less than 1024. So my question is : have I missed something duing install or how do I tell the Mac to use a port in the correct range? jem -- Jan Erik Mostr?m jem@mostrom.pp.se www.mostrom.pp.se From bsilver at chrononomicon.com Fri Dec 12 06:42:03 2003 From: bsilver at chrononomicon.com (Bart Silverstrim) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: References: Message-ID: <61D352F1-2CB1-11D8-99D0-000A956D2452@chrononomicon.com> On Dec 12, 2003, at 8:31 AM, John C. Welch wrote: > On 12/12/03 7:09 AM, "Bart Silverstrim" > wrote: > >> Even the DHCP "problem" can't seem to be fixed unless I disable >> DHCP... >> but I *need* DHCP for the environments I go to often. Personally some >> way to mask what can and can't be set would be a good solution to me, >> but maybe I'm overlooking something. > > You're overlooking that you would have a non-standard DHCP > implementation > that probably would cause problems with other systems. That's also not > fixing the problem of DHCP, which is a total lack of authentication. > For > that, we need RFC3118 to become a standard. > On the server side it wouldn't hurt anything to implement a masking. It would only effect the client side. (I was saying the masking would be done on the client, not the server...the server can hand out whatever information it wants, I want the client to selectively accept parameters). I would think that it would make a system more secure to "firewall" changes that can be altered on the client without you necessarily knowing it, no? To a degree this "masking" is already done...Windows 9x machines with their DNS already set manually don't listen to the DHCP server's DNS parameters for example, IIRC. I see your point about the authentication, but the whole point behind DHCP is to make a client more plug-n-play...stick it on the network, it works. Authentication would probably add more hassle to either the client or the server in many cases. :-/ It's a tradeoff, I suppose. When it comes to ease vs. security, it's always been a tradeoff. -Bart From noah at abrahamson.ca Fri Dec 12 07:10:15 2003 From: noah at abrahamson.ca (Noah B F Abrahamson) Date: Thu Nov 3 12:34:13 2005 Subject: iSCSI for MOSXS Message-ID: <396BE2D0-2CB5-11D8-AC72-000A95DBA63C@abrahamson.ca> Has anyone seen or smelt anything iSCSI related or even a vendor for a SNIC for Mac OS X or a PPC box? Noah Abrahamson Doner Advertising Information Technologies ___________________ nabrahamson@donerus.com A|M / iChat: flumignan72 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2478 bytes Desc: not available Url : /mailman/archive/macosx-admin/attachments/20031212/4c87fd6c/smime.bin From pkn at cs.utexas.edu Fri Dec 12 07:12:11 2003 From: pkn at cs.utexas.edu (Kay Nettle) Date: Thu Nov 3 12:34:13 2005 Subject: lpr printing port In-Reply-To: Message from Jan Erik =?iso-8859-1?Q?Mostr=F6m?= of "Fri, 12 Dec 2003 14:32:30 +0100." Message-ID: <200312121509.hBCF9tER019882@mail.cs.utexas.edu> I couldn't find a way to do it via the GUI, but I edited /etc/cups/printers.conf and added '?reserve=true' to the end of each DeviceURL line. They end up looking like: DeviceURI lpd://printhost/lw9?reserve=true If the user changes anything with the GUI, it will overwrite your additions, so I turned on the uchg bit. If someone knows how to do this via the GUI, please let me know. From jwelch at aer.com Fri Dec 12 07:46:02 2003 From: jwelch at aer.com (John C. Welch) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: <61D352F1-2CB1-11D8-99D0-000A956D2452@chrononomicon.com> Message-ID: On 12/12/03 8:42 AM, "Bart Silverstrim" wrote: > On the server side it wouldn't hurt anything to implement a masking. > It would only effect the client side. (I was saying the masking would > be done on the client, not the server...the server can hand out > whatever information it wants, I want the client to selectively accept > parameters). I would think that it would make a system more secure to > "firewall" changes that can be altered on the client without you > necessarily knowing it, no? That's not masking. That's the client only accepting parameters it understands. That's done now. If you have a windows DHCP client, it will happily ignore all the Open Directory stuff. If you turn off DHCP LDAP binding in Directory Access, you're "masking". In any event, your solution isn't fixing the problem. You still don't know if the DHCP server you connect to is the correct one. THAT is the problem. > > To a degree this "masking" is already done...Windows 9x machines with > their DNS already set manually don't listen to the DHCP server's DNS > parameters for example, IIRC. That's not masking. That's DHCP behavior. If you set DNS manually, it doesn't override that setting. This is proper. That's not masking. > > I see your point about the authentication, but the whole point behind > DHCP is to make a client more plug-n-play...stick it on the network, it > works. Authentication would probably add more hassle to either the > client or the server in many cases. :-/ Read 3118. No it wouldn't. It would require updates to both, but it wouldn't remove the reasons for using DHCP. Masking doesn't prevent a rogue server from hijacking your DHCP session. > > It's a tradeoff, I suppose. When it comes to ease vs. security, it's > always been a tradeoff. You can have authentication and ease of use. john -- "The universe is so vast and ageless that the life of one man can only be measured by the size of his sacrifice." - Flying Officer VA Rosewarne, RAF, killed in the Battle of Britain. From scott at hastings.com Fri Dec 12 10:27:02 2003 From: scott at hastings.com (Larry Scott Hastings) Date: Thu Nov 3 12:34:13 2005 Subject: Repair in Austin, TX In-Reply-To: <66A2B0D8-2C03-11D8-AA97-000A95DC1742@nimug.org> References: <66A2B0D8-2C03-11D8-AA97-000A95DC1742@nimug.org> Message-ID: At 5:56 PM +0000 12/11/03, root@nimug.org wrote: >On 11 Dec 2003, at 16:45, Larry Scott Hastings wrote: > >>Can anyone make a recommendation for a repair facility in Austin, TX? > >AppleCare US is based in Austin innit? Their call center is here, but no Apple-branded repair facility for the public. > >There are 75 Resellers in Austin according to Apple. Im sure one of >them has a certified engineer. I received several specific recommendations privately. I took the machine to MacAlliance yesterday. They just called to let me know the machine is ready. Thanks for everyone's help! [I'm still hoping for an Apple Store...] -- Hook'em --Scott H. From bsilver at chrononomicon.com Fri Dec 12 10:57:01 2003 From: bsilver at chrononomicon.com (Bart Silverstrim) Date: Thu Nov 3 12:34:13 2005 Subject: have you seen this ? In-Reply-To: References: Message-ID: On Dec 12, 2003, at 10:45 AM, John C. Welch wrote: > That's not masking. That's the client only accepting parameters it > understands. That's done now. If you have a windows DHCP client, it > will > happily ignore all the Open Directory stuff. If you turn off DHCP LDAP > binding in Directory Access, you're "masking". In any event, your > solution > isn't fixing the problem. You still don't know if the DHCP server you > connect to is the correct one. THAT is the problem. > Okay, then I'd prefer a way to configure a client so that it only accepts parameters I want it to get instead of all of them. Whenever you go into a foreign network, you run the risk of a sniffer monitoring your system, a DHCP server handing you addresses to proxies that are collecting data on what you send, or spoofed DNS servers, etc. etc. > Read 3118. No it wouldn't. It would require updates to both, but it > wouldn't > remove the reasons for using DHCP. Masking doesn't prevent a rogue > server > from hijacking your DHCP session. > I haven't had a chance to read the RFC yet, and I understand a rogue server could hijack the computer. That was my reference to the tradeoff of ease and security. I'll read the RFC when I get a chance though. > You can have authentication and ease of use. > Yes, authentication and ease of use to a degree. But the more security you put in, the more something's gotta give. We have users who don't even want to remember one password, let alone change their passwords every 3 months. What then? Give their machine credentials to gain access to resources, like shared-key SSH? But then someone could use the machine and get access to things they shouldn't... when it comes to users just doing everyday things, a trojan program could be run via an email attachment that masquerades as the legitimate user and can give access within the network to someone on the outside. It's a balancing act. I suppose this is getting off topic, though. -Bart From mspring at bu.edu Fri Dec 12 11:26:04 2003 From: mspring at bu.edu (Matt Spring) Date: Thu Nov 3 12:34:13 2005 Subject: High UIDs and console In-Reply-To: <11BB465D-E559-11D7-BFB8-00306544D642@mac.com> References: <11BB465D-E559-11D7-BFB8-00306544D642@mac.com> Message-ID: Hi all- I've run into an odd problem that I can't find information about. I changed the UID of my account to achieve compatibility with an NFS export that I needed to mount- my new UID is 28,341. Now, when I open Console.app, it will not show me the console- other logs open fine, just not the console. I created a new account with a UID over 20,000 on a test system, and it has the same problem. As far as I know, the console worked fine in 10.2 with my UID, and it's just become a problem in 10.3. Do any of you know why this is happening, and how I could correct it (without changing my UID to something lower?) Any suggestions would be much appreciated. Thanks, -Matt From mspring at bu.edu Fri Dec 12 11:29:23 2003 From: mspring at bu.edu (Matt Spring) Date: Thu Nov 3 12:34:13 2005 Subject: High UIDs and console In-Reply-To: References: <11BB465D-E559-11D7-BFB8-00306544D642@mac.com> Message-ID: <650ECF88-2CD9-11D8-AD8F-000A95686C5E@bu.edu> I forgot to mention that I also changed the GID for those accounts- sorry to leave out that bit of detail. Thanks, -Matt On Dec 12, 2003, at 2:25 PM, Matt Spring wrote: > Hi all- > I've run into an odd problem that I can't find information about. > > I changed the UID of my account to achieve compatibility with an NFS > export that I needed to mount- my new UID is 28,341. Now, when I open > Console.app, it will not show me the console- other logs open fine, > just not the console. I created a new account with a UID over 20,000 > on a test system, and it has the same problem. As far as I know, the > console worked fine in 10.2 with my UID, and it's just become a > problem in 10.3. > > Do any of you know why this is happening, and how I could correct it > (without changing my UID to something lower?) Any suggestions would be > much appreciated. > > Thanks, > -Matt > From rogerhoward at mac.com Fri Dec 12 12:04:58 2003 From: rogerhoward at mac.com (Roger Howard) Date: Thu Nov 3 12:34:13 2005 Subject: AFP over ssh? Message-ID: Can anyone walk me through AFP over ssh? I assume this would require only ssh ports open to the outside world... I've got a Panther server behind a firewall, would love occassional AFP access (I usually use ssh) but haven't gotten it to work. I've enabled "Enable secure connections" in Server Admin. I can connect locally just fine. Cheers, Roger From mspring at bu.edu Fri Dec 12 12:07:49 2003 From: mspring at bu.edu (Matt Spring) Date: Thu Nov 3 12:34:13 2005 Subject: High UIDs and console In-Reply-To: References: <11BB465D-E559-11D7-BFB8-00306544D642@mac.com> Message-ID: On Dec 12, 2003, at 2:39 PM, Christopher Wolf wrote: > > On Dec 12, 2003, at 2:25 PM, Matt Spring wrote: > >> I changed the UID of my account to achieve compatibility with an NFS >> export that I needed to mount- my new UID is 28,341. Now, when I open >> Console.app, it will not show me the console- other logs open fine, >> just not the console. > In 10.3, to accomodate Fast User Switching, the Console logs are > stored in /Library/Logs/Console/. If you change the UID of > a user you need to change the ownership of that directory (chown) to > reflect the new UID or else the directory will be un-readable by the > new UID. > > In 10.2 there was only a single console.log in /var/tmp/console.log > and the ownership of that log was changed automatically at log-in time > so this was not a problem. > > - Chris Thanks very much, Chris, that did it. I had changed the permissions on my home directory, but did not know about the folder in /Library. Where did you find this documented? I did a search on the developer site and didn't manage to find anything about it. While on the topic, has anyone run into other similarly user-specific items that could also cause problems? Thanks, -Matt From justin at mac.com Fri Dec 12 12:17:29 2003 From: justin at mac.com (Justin Walker) Date: Thu Nov 3 12:34:13 2005 Subject: High UIDs and console In-Reply-To: Message-ID: On Friday, December 12, 2003, at 11:25 AM, Matt Spring wrote: > I changed the UID of my account to achieve compatibility with an NFS > export that I needed to mount- my new UID is 28,341. Now, when I open > Console.app, it will not show me the console- other logs open fine, > just not the console. I created a new account with a UID over 20,000 > on a test system, and it has the same problem. As far as I know, the > console worked fine in 10.2 with my UID, and it's just become a > problem in 10.3. One difference between 10.2 and 10.3 is that the console log is owned by the logged-in user in 10.2, while it's owned by root in 10.3. I don't know that this will explain your problem, though. > Do any of you know why this is happening, and how I could correct it > (without changing my UID to something lower?) Any suggestions would be > much appreciated. You've verified that the 'Console' app will show you the Console log when your UID is < 20K?? That's bizarre, I have to admit. Did you inadvertently change your GID, or knock down your Admin bit? I see from your followup that you did change your GID. You could experiment with UIDs and GIDs to see what the boundaries are. My UID is ~11000, and I have no problems. Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large * Institute for General Semantics | "Weaseling out of things is what | separates us from the animals. | Well, except the weasel." | - Homer J Simpson *--------------------------------------*-------------------------------* From mstearne at entermix.com Fri Dec 12 12:23:42 2003 From: mst