From odin at gnuskole.no Tue Mar 1 18:28:09 2011 From: odin at gnuskole.no (=?UTF-8?Q?Odin_N=C3=B8sen?=) Date: Tue, 1 Mar 2011 19:28:09 +0100 Subject: [K12OSN] Gnome-panels missing on clients In-Reply-To: <1298916715.171567-15699@martha.daybyday.de> References: <1298916715.171567-15699@martha.daybyday.de> Message-ID: <20110301182022.M99024@gnuskole.no> > fedora14 live-cd (in simple graphics mode) which I find promising. But it did Really? I didn't get it to work in F14-livecd. I don't remember what went wrong - but I know that if it worked with the right screen resolution I wouldn't have bought the other zboxes. Maybe I'll have to try it again :-) > Odin, one more question since you have the ZBOX HD-AD01 on hands: Is there a > fan installed for cooling? If so, what is the noise level in normal operation? Yes, there is a fan installed and it's audible - but it's not an annoying sound. We mount the zbox at the back of 21" LCD-screens (vesa mounting) and the users have not complained (yet ;-). But the speed on the zbox with the catalyst driver installed is impressive :-) We show it off with full 3D desktop - and most of the users love it! Odin From news at siddall.name Wed Mar 2 15:47:18 2011 From: news at siddall.name (Jeff Siddall) Date: Wed, 02 Mar 2011 10:47:18 -0500 Subject: [K12OSN] Gnome-panels missing on clients In-Reply-To: <20110227194440.M81725@gnuskole.no> References: <1298733547.15762.36.camel@rosinante.berlin> <20110227194440.M81725@gnuskole.no> Message-ID: <4D6E6686.6080907@siddall.name> On 02/27/2011 02:52 PM, Odin N?sen wrote: >> Does anyone have ideas or experience with the ZBOX or other Atom/GMA3150 >> based clients? > > ZBOX HD-ID11 - Expensive. Very good on Fedora and Ubuntu (Intel cpu and nVidia chipset) > ZBOX HD-AD01 - Middle priced. Very good on Fedora and Ubuntu (AMD cpu and AMD chipset) > ZBOX HD-ID10 - Cheap. Problems on Fedora and Ubuntu (Intel cpu and Intel chipset) > > The BIOS supports PXE on all of the clients (but it's not enabled by default). > > The ID10-box has problems with Fedora were the gnome-panels are missing. On Ubuntu the > screen resolution is bad (vesa-driver). There doesn't seems to be a functional > linux-driver for the video card (Intel NM10). Huh, Intel problems? Really? I have a D510MO and a D410PT in production, running Fedora 12 in the chroot, with 1920x1080 monitors attached, and to my knowledge both of those use NM10 Express chipsets. chroot kernel is: kernel-2.6.31.12-174.2.22.fc12.i686 chroot intel xorg driver is: xorg-x11-drv-intel-2.9.1-1.fc12.i686 Attached below is a chunk from the working D510MO Xorg log. Hope that helps! Jeff ---------- (--) PCI:*(0:0:2:0) 8086:a001:8086:4f4d Intel Corporation Pineview Integrated Graphics Controller rev 2, Mem @ 0xe0200000/524288, 0xd0000000/268435456, 0xe0100000/1048576, I/O @ 0x000020c0/8, BIOS @ 0x????????/131072 ... (==) Matched intel for the autoconfigured driver (==) Assigned the driver to the xf86ConfigLayout (II) LoadModule: "intel" (II) Loading /usr/lib/xorg/modules/drivers/intel_drv.so (II) Module intel: vendor="X.Org Foundation" compiled for 1.7.0, module version = 2.9.1 Module class: X.Org Video Driver ABI class: X.Org Video Driver, version 6.0 (II) intel: Driver for Intel Integrated Graphics Chipsets: i810, i810-dc100, i810e, i815, i830M, 845G, 852GM/855GM, 865G, 915G, E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM, Pineview G, 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35, Q33, GM45, 4 Series, G45/G43, Q45/Q43, G41, B43, Clarkdale, Arrandale (II) Primary Device is: PCI 00 at 00:02:0 ... (II) intel(0): Integrated Graphics Chipset: Intel(R) Pineview G (--) intel(0): Chipset: "Pineview G" (II) intel(0): Output VGA1 using monitor section Monitor0 ... (II) intel(0): Output VGA1 using initial mode 1920x1080 +0+0 From williamsonb at menominee.k12.mi.us Fri Mar 4 20:01:25 2011 From: williamsonb at menominee.k12.mi.us (Brendan Williamson) Date: Fri, 4 Mar 2011 14:01:25 -0600 Subject: [K12OSN] Thin Client - DHCP Message-ID: <4AA8B450EACDC84EB072040F0831D8D71835A261DD@mapsmail> Hey there, I just recently setup a server with a test client but every time it loads the kernel it gets about half way and says "Could Not Find root-path dhcp option: mount: missing mount point" Not really sure what to change or where to start, any suggestions? Thanks! Brendan Williamson -------------- next part -------------- An HTML attachment was scrubbed... URL: From lars.schade at berlin.de Sat Mar 5 15:15:03 2011 From: lars.schade at berlin.de (Lars Schade) Date: Sat, 05 Mar 2011 16:15:03 +0100 Subject: [K12OSN] Gnome-panels missing on clients In-Reply-To: <4D6E6686.6080907@siddall.name> References: <1298733547.15762.36.camel@rosinante.berlin> <20110227194440.M81725@gnuskole.no> <4D6E6686.6080907@siddall.name> Message-ID: <1299338103.3130.24.camel@rosinante.berlin> Jeff, thanks for the info. I would like to give the ZBOX another try since only a detail seems to be missing. I was looking for the Xorg.0.log file but could not find it. Just to be sure, we are talking about the log of the xserver running on the TC? Where do I find this file? When I log into the TC I always see the file system and log files of the LTSP-server. How do I access the "inside" of the TC? And I have another basic question: Do the xservers on the LTSP-server and the client have to be identical? I guess not, but some sort compatibility should be ensured, I suppose? And how about the compatibility of the xserver and its drivers: Does it make sense to try the xorg-x11-drv-intel from f12 or f14 with the xserver from f13, or is that naive and futile? I appreciate your help! -Lars Am Mittwoch, den 02.03.2011, 10:47 -0500 schrieb Jeff Siddall: > On 02/27/2011 02:52 PM, Odin N?sen wrote: > >> Does anyone have ideas or experience with the ZBOX or other Atom/GMA3150 > >> based clients? > > > > ZBOX HD-ID11 - Expensive. Very good on Fedora and Ubuntu (Intel cpu and nVidia chipset) > > ZBOX HD-AD01 - Middle priced. Very good on Fedora and Ubuntu (AMD cpu and AMD chipset) > > ZBOX HD-ID10 - Cheap. Problems on Fedora and Ubuntu (Intel cpu and Intel chipset) > > > > The BIOS supports PXE on all of the clients (but it's not enabled by default). > > > > The ID10-box has problems with Fedora were the gnome-panels are missing. On Ubuntu the > > screen resolution is bad (vesa-driver). There doesn't seems to be a functional > > linux-driver for the video card (Intel NM10). > > Huh, Intel problems? Really? > > I have a D510MO and a D410PT in production, running Fedora 12 in the > chroot, with 1920x1080 monitors attached, and to my knowledge both of > those use NM10 Express chipsets. > > chroot kernel is: kernel-2.6.31.12-174.2.22.fc12.i686 > chroot intel xorg driver is: xorg-x11-drv-intel-2.9.1-1.fc12.i686 > > Attached below is a chunk from the working D510MO Xorg log. Hope that > helps! > > Jeff > > ---------- > > (--) PCI:*(0:0:2:0) 8086:a001:8086:4f4d Intel Corporation Pineview > Integrated Graphics Controller rev 2, Mem @ 0xe0200000/524288, > 0xd0000000/268435456, 0xe0100000/1048576, I/O @ 0x000020c0/8, BIOS @ > 0x????????/131072 > > ... > > (==) Matched intel for the autoconfigured driver > (==) Assigned the driver to the xf86ConfigLayout > (II) LoadModule: "intel" > (II) Loading /usr/lib/xorg/modules/drivers/intel_drv.so > (II) Module intel: vendor="X.Org Foundation" > compiled for 1.7.0, module version = 2.9.1 > Module class: X.Org Video Driver > ABI class: X.Org Video Driver, version 6.0 > (II) intel: Driver for Intel Integrated Graphics Chipsets: i810, > i810-dc100, i810e, i815, i830M, 845G, 852GM/855GM, 865G, 915G, > E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM, Pineview G, > 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35, Q33, GM45, > 4 Series, G45/G43, Q45/Q43, G41, B43, Clarkdale, Arrandale > (II) Primary Device is: PCI 00 at 00:02:0 > > ... > > (II) intel(0): Integrated Graphics Chipset: Intel(R) Pineview G > (--) intel(0): Chipset: "Pineview G" > (II) intel(0): Output VGA1 using monitor section Monitor0 > > ... > > (II) intel(0): Output VGA1 using initial mode 1920x1080 +0+0 > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From news at siddall.name Sun Mar 6 01:11:58 2011 From: news at siddall.name (Jeff Siddall) Date: Sat, 05 Mar 2011 20:11:58 -0500 Subject: [K12OSN] Gnome-panels missing on clients In-Reply-To: <1299338103.3130.24.camel@rosinante.berlin> References: <1298733547.15762.36.camel@rosinante.berlin> <20110227194440.M81725@gnuskole.no> <4D6E6686.6080907@siddall.name> <1299338103.3130.24.camel@rosinante.berlin> Message-ID: <4D72DF5E.2030208@siddall.name> On 03/05/2011 10:15 AM, Lars Schade wrote: > Jeff, > > thanks for the info. I would like to give the ZBOX another try since > only a detail seems to be missing. > > I was looking for the Xorg.0.log file but could not find it. Just to be > sure, we are talking about the log of the xserver running on the TC? > Where do I find this file? When I log into the TC I always see the file > system and log files of the LTSP-server. How do I access the "inside" of > the TC? To find out what is happening on the client you need to get the Xorg.whatever.log (note that "whatever" was in my case a "1") on the client. There are a few ways to do this. I did it by setting up sshd in the chroot so I could ssh to any client. For that you need to install and enable the sshd stuff as well as set a root password in the chroot. Other alternatives are to look at the file locally by setting something like: SCREEN_02=shell in your lts.conf and then using CTRL-ALT-F2 _on the client_ to get to the shell, then do your normal CLI stuff after that. Another way is to use localapps to run something like: ltsp-localapps xterm on the client, which should bring up an xterm _from the client_ _on the client_. > And I have another basic question: Do the xservers on the LTSP-server > and the client have to be identical? I guess not, but some sort > compatibility should be ensured, I suppose? And how about the > compatibility of the xserver and its drivers: Does it make sense to try > the xorg-x11-drv-intel from f12 or f14 with the xserver from f13, or is > that naive and futile? The xservers don't have to match. In my case I have a F12 chroot with an F13 server and entirely different hardware in both and it works fine. If there is some major protocol change then you might have some problems but that has never been an issue for me and I doubt the xorg guys would let that happen anyway. I would never try to mix an xorg driver from one distribution with a server from another. That will almost certainly not work. I am just using the latest stuff in the standard repos. If you want to be really bleeding edge try enabling rawhide and upgrading it that way. However, the fact that my F12 standard xorg stuff works with the NM10 chipset says to me that something else is wrong. Are you sure xorg-x11-drv-intel is installed in the chroot and not just on the server? Jeff From burke at thealmquists.net Sun Mar 6 08:05:16 2011 From: burke at thealmquists.net (Burke Almquist) Date: Sun, 6 Mar 2011 02:05:16 -0600 Subject: [K12OSN] Thin Client - DHCP In-Reply-To: <4AA8B450EACDC84EB072040F0831D8D71835A261DD@mapsmail> References: <4AA8B450EACDC84EB072040F0831D8D71835A261DD@mapsmail> Message-ID: <96076DFF-7A2D-4F56-815A-3C3C298E070D@thealmquists.net> What version of Fedora are you using and did you follow the install instructions on the wiki? Do you still have the firewall on the server turned on? Do you have multiple dhcp servers running? On Mar 4, 2011, at 2:01 PM, Brendan Williamson wrote: > Hey there, > I just recently setup a server with a test client but every time it loads the kernel it gets about half way and says > ?Could Not Find root-path dhcp option: > mount: missing mount point? > > Not really sure what to change or where to start, any suggestions? > > Thanks! > > Brendan Williamson > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From lars.schade at berlin.de Sun Mar 6 17:21:00 2011 From: lars.schade at berlin.de (Lars Schade) Date: Sun, 06 Mar 2011 18:21:00 +0100 Subject: [K12OSN] Gnome-panels missing on clients In-Reply-To: <4D72DF5E.2030208@siddall.name> References: <1298733547.15762.36.camel@rosinante.berlin> <20110227194440.M81725@gnuskole.no> <4D6E6686.6080907@siddall.name> <1299338103.3130.24.camel@rosinante.berlin> <4D72DF5E.2030208@siddall.name> Message-ID: <1299432060.4461.48.camel@rosinante.berlin> Am Samstag, den 05.03.2011, 20:11 -0500 schrieb Jeff Siddall: > On 03/05/2011 10:15 AM, Lars Schade wrote: > > Jeff, > > > > thanks for the info. I would like to give the ZBOX another try since > > only a detail seems to be missing. > > > > I was looking for the Xorg.0.log file but could not find it. Just to be > > sure, we are talking about the log of the xserver running on the TC? > > Where do I find this file? When I log into the TC I always see the file > > system and log files of the LTSP-server. How do I access the "inside" of > > the TC? > > To find out what is happening on the client you need to get the > Xorg.whatever.log (note that "whatever" was in my case a "1") on the > client. There are a few ways to do this. I did it by setting up sshd > in the chroot so I could ssh to any client. For that you need to > install and enable the sshd stuff as well as set a root password in the > chroot. Other alternatives are to look at the file locally by setting > something like: > > SCREEN_02=shell > > in your lts.conf and then using CTRL-ALT-F2 _on the client_ to get to > the shell, then do your normal CLI stuff after that. Tried that with partial success. I could not get a proper login prompt for some reason. CTRL-ALT-F2 got me to a shell which did not accept keyboard input properly. And timed out back to a login prompt where I could not enter letters in a sensible fashion. I used my notebook via pxe as a client (not graphics issues there, everything runs smooth) and got the same strange behavior at the CTRL-ALT-F2 shell. So I decided to rebuild the client with Fedora-12 since that worked for Jeff, i.e. ltsp-build-client --release 12. That did the job as far as the CTRL-ALT-F2 shell is concerned - mostly. For some reason CTRL-ALT-F2 switches me right away to a root shell without prompting for a username and password. Why is that, seems like a security issue? > Another way is to use localapps to run something like: > > ltsp-localapps xterm > > on the client, which should bring up an xterm _from the client_ _on the > client_. > > > And I have another basic question: Do the xservers on the LTSP-server > > and the client have to be identical? I guess not, but some sort > > compatibility should be ensured, I suppose? And how about the > > compatibility of the xserver and its drivers: Does it make sense to try > > the xorg-x11-drv-intel from f12 or f14 with the xserver from f13, or is > > that naive and futile? > > The xservers don't have to match. In my case I have a F12 chroot with > an F13 server and entirely different hardware in both and it works fine. > If there is some major protocol change then you might have some > problems but that has never been an issue for me and I doubt the xorg > guys would let that happen anyway. > > I would never try to mix an xorg driver from one distribution with a > server from another. That will almost certainly not work. I am just > using the latest stuff in the standard repos. If you want to be really > bleeding edge try enabling rawhide and upgrading it that way. However, > the fact that my F12 standard xorg stuff works with the NM10 chipset > says to me that something else is wrong. Are you sure > xorg-x11-drv-intel is installed in the chroot and not just on the server? > But at least I was able to take a look at the Xorg.1.log and other things on the client (the panel issue is just as previously with f13): kernel-2.6.32.26-175.fc12.i686 xorg-x11-drv-intel-2.9.1-1.fc12.i686 The Xorg.1.log file is attached, it looks very similar to what Jeff posted, here are some pieces from my file: ... (--) PCI:*(0:0:2:0) 8086:a001:8086:a001 Intel Corporation Pineview Integrated Gr aphics Controller rev 2, Mem @ 0xfe880000/524288, 0xd0000000/268435456, 0xfe9000 00/1048576, I/O @ 0x0000dc00/8, BIOS @ 0x????????/131072 (--) PCI: (0:0:2:1) 8086:a002:8086:a001 Intel Corporation Pineview Integrated Gr aphics Controller rev 2, Mem @ 0xfe780000/524288, BIOS @ 0x????????/65536 ... (==) Matched intel for the autoconfigured driver (==) Assigned the driver to the xf86ConfigLayout (II) LoadModule: "intel" (II) Loading /usr/lib/xorg/modules/drivers/intel_drv.so (II) Module intel: vendor="X.Org Foundation" compiled for 1.7.0, module version = 2.9.1 Module class: X.Org Video Driver ABI class: X.Org Video Driver, version 6.0 (II) intel: Driver for Intel Integrated Graphics Chipsets: i810, i810-dc100, i810e, i815, i830M, 845G, 852GM/855GM, 865G, 915G, E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM, Pineview G, 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35, Q33, GM45, 4 Series, G45/G43, Q45/Q43, G41, B43, Clarkdale, Arrandale (II) Primary Device is: PCI 00 at 00:02:0 ... (II) intel(0): Integrated Graphics Chipset: Intel(R) Pineview G (--) intel(0): Chipset: "Pineview G" (II) intel(0): Output LVDS1 has no monitor section (II) intel(0): Output VGA1 has no monitor section ... (here comes probing of the monitor) (II) intel(0): Output LVDS1 connected (II) intel(0): Output VGA1 connected (II) intel(0): Using spanning desktop for initial modes (II) intel(0): Output LVDS1 using initial mode 1024x768 +0+0 (II) intel(0): Output VGA1 using initial mode 1280x1024 +1024+0 ... (here comes info I cannot make sense of:) (II) intel(0): Setting screen physical size to 609 x 270 (II) intel(0): Allocate new frame buffer 2304x1024 stride 4096 ... (and more and more probing info????) Is there info in the log file that points to a problem and thus to a solution? The complete log is attached. If someone has ideas how to further diagnose I would appreciate. Otherwise I may have to give up on this machine... - Lars > Jeff > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see -------------- next part -------------- A non-text attachment was scrubbed... Name: Xorg.1.log.bz2 Type: application/x-bzip Size: 6321 bytes Desc: not available URL: From williamsonb at menominee.k12.mi.us Mon Mar 7 13:59:16 2011 From: williamsonb at menominee.k12.mi.us (Brendan Williamson) Date: Mon, 7 Mar 2011 07:59:16 -0600 Subject: [K12OSN] Thin Client - DHCP In-Reply-To: <96076DFF-7A2D-4F56-815A-3C3C298E070D@thealmquists.net> References: <4AA8B450EACDC84EB072040F0831D8D71835A261DD@mapsmail> <96076DFF-7A2D-4F56-815A-3C3C298E070D@thealmquists.net> Message-ID: <4AA8B450EACDC84EB072040F0831D8D71835A26292@mapsmail> Using Fedora 10, and I followed the wiki instructions start to finish 2-3 times. Ive taken the firewall off and on with exceptions, both attempts yielded the same issue. I do have another dhcp server running on the network but I have the ltsp server running through a small switch in order to hopefully avert any problems. Although I think this may be affecting it. Thanks! -----Original Message----- From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Burke Almquist Sent: Sunday, March 06, 2011 2:05 AM To: Support list for open source software in schools. Subject: Re: [K12OSN] Thin Client - DHCP What version of Fedora are you using and did you follow the install instructions on the wiki? Do you still have the firewall on the server turned on? Do you have multiple dhcp servers running? On Mar 4, 2011, at 2:01 PM, Brendan Williamson wrote: > Hey there, > I just recently setup a server with a test client but every time it loads the kernel it gets about half way and says > "Could Not Find root-path dhcp option: > mount: missing mount point" > > Not really sure what to change or where to start, any suggestions? > > Thanks! > > Brendan Williamson > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see From williamsonb at menominee.k12.mi.us Mon Mar 7 14:11:51 2011 From: williamsonb at menominee.k12.mi.us (Brendan Williamson) Date: Mon, 7 Mar 2011 08:11:51 -0600 Subject: [K12OSN] Thin Client - DHCP In-Reply-To: <4AA8B450EACDC84EB072040F0831D8D71835A26292@mapsmail> References: <4AA8B450EACDC84EB072040F0831D8D71835A261DD@mapsmail> <96076DFF-7A2D-4F56-815A-3C3C298E070D@thealmquists.net> <4AA8B450EACDC84EB072040F0831D8D71835A26292@mapsmail> Message-ID: <4AA8B450EACDC84EB072040F0831D8D71835A262A0@mapsmail> Found out immediately after this, that my DHCP was causing the issue, is there any way to run this through the switch and still not have conflicts from my other DHCP server?? Thanks Brendan -----Original Message----- From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Brendan Williamson Sent: Monday, March 07, 2011 7:59 AM To: Support list for open source software in schools. Subject: Re: [K12OSN] Thin Client - DHCP Using Fedora 10, and I followed the wiki instructions start to finish 2-3 times. Ive taken the firewall off and on with exceptions, both attempts yielded the same issue. I do have another dhcp server running on the network but I have the ltsp server running through a small switch in order to hopefully avert any problems. Although I think this may be affecting it. Thanks! -----Original Message----- From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Burke Almquist Sent: Sunday, March 06, 2011 2:05 AM To: Support list for open source software in schools. Subject: Re: [K12OSN] Thin Client - DHCP What version of Fedora are you using and did you follow the install instructions on the wiki? Do you still have the firewall on the server turned on? Do you have multiple dhcp servers running? On Mar 4, 2011, at 2:01 PM, Brendan Williamson wrote: > Hey there, > I just recently setup a server with a test client but every time it loads the kernel it gets about half way and says > "Could Not Find root-path dhcp option: > mount: missing mount point" > > Not really sure what to change or where to start, any suggestions? > > Thanks! > > Brendan Williamson > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see From ltsp at symbio-technologies.com Mon Mar 7 14:26:47 2011 From: ltsp at symbio-technologies.com (Gideon Romm) Date: Mon, 7 Mar 2011 09:26:47 -0500 Subject: [K12OSN] Thin Client - DHCP In-Reply-To: <4AA8B450EACDC84EB072040F0831D8D71835A262A0@mapsmail> References: <4AA8B450EACDC84EB072040F0831D8D71835A261DD@mapsmail> <96076DFF-7A2D-4F56-815A-3C3C298E070D@thealmquists.net> <4AA8B450EACDC84EB072040F0831D8D71835A26292@mapsmail> <4AA8B450EACDC84EB072040F0831D8D71835A262A0@mapsmail> Message-ID: You can use dnsmasq and proxy dhcp as is described here: https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP -Gadi On Mon, Mar 7, 2011 at 9:11 AM, Brendan Williamson wrote: > Found out immediately after this, that my DHCP was causing the issue, is there any way to run this through the switch and still not have conflicts from my other DHCP server?? > > Thanks > Brendan > > -----Original Message----- > From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Brendan Williamson > Sent: Monday, March 07, 2011 7:59 AM > To: Support list for open source software in schools. > Subject: Re: [K12OSN] Thin Client - DHCP > > Using Fedora 10, and I followed the wiki instructions start to finish 2-3 times. Ive taken the firewall off and on with exceptions, both attempts yielded the same issue. I do have another dhcp server running on the network but I have the ltsp server running through a small switch in order to hopefully avert any problems. Although I think this may be affecting it. > > Thanks! > > -----Original Message----- > From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Burke Almquist > Sent: Sunday, March 06, 2011 2:05 AM > To: Support list for open source software in schools. > Subject: Re: [K12OSN] Thin Client - DHCP > > What version of Fedora are you using and did you follow the install instructions on the wiki? > Do you still have the firewall on the server turned on? > Do you have multiple dhcp servers running? > > On Mar 4, 2011, at 2:01 PM, Brendan Williamson wrote: > >> Hey there, >> I just recently setup a server with a test client but every time it loads the kernel it gets about half way and says >> "Could Not Find root-path dhcp option: >> mount: missing mount point" >> >> Not really sure what to change or where to start, any suggestions? >> >> Thanks! >> >> Brendan Williamson >> >> >> >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> For more info see > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From williamsonb at menominee.k12.mi.us Mon Mar 7 16:31:46 2011 From: williamsonb at menominee.k12.mi.us (Brendan Williamson) Date: Mon, 7 Mar 2011 10:31:46 -0600 Subject: [K12OSN] Thin Client - DHCP In-Reply-To: References: <4AA8B450EACDC84EB072040F0831D8D71835A261DD@mapsmail> <96076DFF-7A2D-4F56-815A-3C3C298E070D@thealmquists.net> <4AA8B450EACDC84EB072040F0831D8D71835A26292@mapsmail> <4AA8B450EACDC84EB072040F0831D8D71835A262A0@mapsmail> Message-ID: <4AA8B450EACDC84EB072040F0831D8D71835A26367@mapsmail> Think this will work on fedora 10? Thanks for the help and suggestions! -----Original Message----- From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Gideon Romm Sent: Monday, March 07, 2011 8:27 AM To: Support list for open source software in schools. Subject: Re: [K12OSN] Thin Client - DHCP You can use dnsmasq and proxy dhcp as is described here: https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP -Gadi On Mon, Mar 7, 2011 at 9:11 AM, Brendan Williamson wrote: > Found out immediately after this, that my DHCP was causing the issue, is there any way to run this through the switch and still not have conflicts from my other DHCP server?? > > Thanks > Brendan > > -----Original Message----- > From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Brendan Williamson > Sent: Monday, March 07, 2011 7:59 AM > To: Support list for open source software in schools. > Subject: Re: [K12OSN] Thin Client - DHCP > > Using Fedora 10, and I followed the wiki instructions start to finish 2-3 times. Ive taken the firewall off and on with exceptions, both attempts yielded the same issue. I do have another dhcp server running on the network but I have the ltsp server running through a small switch in order to hopefully avert any problems. Although I think this may be affecting it. > > Thanks! > > -----Original Message----- > From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Burke Almquist > Sent: Sunday, March 06, 2011 2:05 AM > To: Support list for open source software in schools. > Subject: Re: [K12OSN] Thin Client - DHCP > > What version of Fedora are you using and did you follow the install instructions on the wiki? > Do you still have the firewall on the server turned on? > Do you have multiple dhcp servers running? > > On Mar 4, 2011, at 2:01 PM, Brendan Williamson wrote: > >> Hey there, >> I just recently setup a server with a test client but every time it loads the kernel it gets about half way and says >> "Could Not Find root-path dhcp option: >> mount: missing mount point" >> >> Not really sure what to change or where to start, any suggestions? >> >> Thanks! >> >> Brendan Williamson >> >> >> >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> For more info see > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see From ltsp at symbio-technologies.com Mon Mar 7 16:47:58 2011 From: ltsp at symbio-technologies.com (Gideon Romm) Date: Mon, 7 Mar 2011 11:47:58 -0500 Subject: [K12OSN] Thin Client - DHCP In-Reply-To: <4AA8B450EACDC84EB072040F0831D8D71835A26367@mapsmail> References: <4AA8B450EACDC84EB072040F0831D8D71835A261DD@mapsmail> <96076DFF-7A2D-4F56-815A-3C3C298E070D@thealmquists.net> <4AA8B450EACDC84EB072040F0831D8D71835A26292@mapsmail> <4AA8B450EACDC84EB072040F0831D8D71835A262A0@mapsmail> <4AA8B450EACDC84EB072040F0831D8D71835A26367@mapsmail> Message-ID: It should. Dnsmasq doesn't discriminate. ;) Alternatively, if you have a VLAN switch, you can simply isolate your thin client network to a different VLAN than the rest of the network. -Gadi On Mon, Mar 7, 2011 at 11:31 AM, Brendan Williamson wrote: > Think this will work on fedora 10? > > Thanks for the help and suggestions! > > -----Original Message----- > From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Gideon Romm > Sent: Monday, March 07, 2011 8:27 AM > To: Support list for open source software in schools. > Subject: Re: [K12OSN] Thin Client - DHCP > > You can use dnsmasq and proxy dhcp as is described here: > > https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP > > -Gadi > > On Mon, Mar 7, 2011 at 9:11 AM, Brendan Williamson > wrote: >> Found out immediately after this, that my DHCP was causing the issue, is there any way to run this through the switch and still not have conflicts from my other DHCP server?? >> >> Thanks >> Brendan >> >> -----Original Message----- >> From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Brendan Williamson >> Sent: Monday, March 07, 2011 7:59 AM >> To: Support list for open source software in schools. >> Subject: Re: [K12OSN] Thin Client - DHCP >> >> Using Fedora 10, and I followed the wiki instructions start to finish 2-3 times. Ive taken the firewall off and on with exceptions, both attempts yielded the same issue. I do have another dhcp server running on the network but I have the ltsp server running through a small switch in order to hopefully avert any problems. Although I think this may be affecting it. >> >> Thanks! >> >> -----Original Message----- >> From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Burke Almquist >> Sent: Sunday, March 06, 2011 2:05 AM >> To: Support list for open source software in schools. >> Subject: Re: [K12OSN] Thin Client - DHCP >> >> What version of Fedora are you using and did you follow the install instructions on the wiki? >> Do you still have the firewall on the server turned on? >> Do you have multiple dhcp servers running? >> >> On Mar 4, 2011, at 2:01 PM, Brendan Williamson wrote: >> >>> Hey there, >>> I just recently setup a server with a test client but every time it loads the kernel it gets about half way and says >>> "Could Not Find root-path dhcp option: >>> mount: missing mount point" >>> >>> Not really sure what to change or where to start, any suggestions? >>> >>> Thanks! >>> >>> Brendan Williamson >>> >>> >>> >>> _______________________________________________ >>> K12OSN mailing list >>> K12OSN at redhat.com >>> https://www.redhat.com/mailman/listinfo/k12osn >>> For more info see >> >> >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> For more info see >> >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> For more info see >> >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> For more info see >> > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From news at siddall.name Tue Mar 8 00:57:29 2011 From: news at siddall.name (Jeff Siddall) Date: Mon, 07 Mar 2011 19:57:29 -0500 Subject: [K12OSN] Gnome-panels missing on clients In-Reply-To: <1299432060.4461.48.camel@rosinante.berlin> References: <1298733547.15762.36.camel@rosinante.berlin> <20110227194440.M81725@gnuskole.no> <4D6E6686.6080907@siddall.name> <1299338103.3130.24.camel@rosinante.berlin> <4D72DF5E.2030208@siddall.name> <1299432060.4461.48.camel@rosinante.berlin> Message-ID: <4D757EF9.9020106@siddall.name> On 03/06/2011 12:21 PM, Lars Schade wrote: >> To find out what is happening on the client you need to get the >> Xorg.whatever.log (note that "whatever" was in my case a "1") on the >> client. There are a few ways to do this. I did it by setting up sshd >> in the chroot so I could ssh to any client. For that you need to >> install and enable the sshd stuff as well as set a root password in the >> chroot. Other alternatives are to look at the file locally by setting >> something like: >> >> SCREEN_02=shell >> >> in your lts.conf and then using CTRL-ALT-F2 _on the client_ to get to >> the shell, then do your normal CLI stuff after that. > > Tried that with partial success. I could not get a proper login prompt > for some reason. CTRL-ALT-F2 got me to a shell which did not accept > keyboard input properly. And timed out back to a login prompt where I > could not enter letters in a sensible fashion. I used my notebook via > pxe as a client (not graphics issues there, everything runs smooth) and > got the same strange behavior at the CTRL-ALT-F2 shell. > > So I decided to rebuild the client with Fedora-12 since that worked for > Jeff, i.e. ltsp-build-client --release 12. That did the job as far as > the CTRL-ALT-F2 shell is concerned - mostly. For some reason CTRL-ALT-F2 > switches me right away to a root shell without prompting for a username > and password. Why is that, seems like a security issue? Hmmm... yeah, I recall seeing that also. Try another shell (maybe CTRL-ALT-F3). I think I eventually found one that I could login with. > But at least I was able to take a look at the Xorg.1.log and other > things on the client (the panel issue is just as previously with f13): > > kernel-2.6.32.26-175.fc12.i686 > xorg-x11-drv-intel-2.9.1-1.fc12.i686 > > The Xorg.1.log file is attached, it looks very similar to what Jeff > posted, here are some pieces from my file: > > ... > > (--) PCI:*(0:0:2:0) 8086:a001:8086:a001 Intel Corporation Pineview > Integrated Gr > aphics Controller rev 2, Mem @ 0xfe880000/524288, 0xd0000000/268435456, > 0xfe9000 > 00/1048576, I/O @ 0x0000dc00/8, BIOS @ 0x????????/131072 > (--) PCI: (0:0:2:1) 8086:a002:8086:a001 Intel Corporation Pineview > Integrated Gr > aphics Controller rev 2, Mem @ 0xfe780000/524288, BIOS @ > 0x????????/65536 > > ... > > (==) Matched intel for the autoconfigured driver > (==) Assigned the driver to the xf86ConfigLayout > (II) LoadModule: "intel" > (II) Loading /usr/lib/xorg/modules/drivers/intel_drv.so > (II) Module intel: vendor="X.Org Foundation" > compiled for 1.7.0, module version = 2.9.1 > Module class: X.Org Video Driver > ABI class: X.Org Video Driver, version 6.0 > (II) intel: Driver for Intel Integrated Graphics Chipsets: i810, > i810-dc100, i810e, i815, i830M, 845G, 852GM/855GM, 865G, 915G, > E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM, Pineview G, > 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35, Q33, GM45, > 4 Series, G45/G43, Q45/Q43, G41, B43, Clarkdale, Arrandale > (II) Primary Device is: PCI 00 at 00:02:0 > > ... > > (II) intel(0): Integrated Graphics Chipset: Intel(R) Pineview G > (--) intel(0): Chipset: "Pineview G" > (II) intel(0): Output LVDS1 has no monitor section > (II) intel(0): Output VGA1 has no monitor section > > ... (here comes probing of the monitor) > > (II) intel(0): Output LVDS1 connected > (II) intel(0): Output VGA1 connected > (II) intel(0): Using spanning desktop for initial modes > (II) intel(0): Output LVDS1 using initial mode 1024x768 +0+0 > (II) intel(0): Output VGA1 using initial mode 1280x1024 +1024+0 > > ... (here comes info I cannot make sense of:) > > (II) intel(0): Setting screen physical size to 609 x 270 > (II) intel(0): Allocate new frame buffer 2304x1024 stride 4096 > > ... (and more and more probing info????) Not sure about that physical size thing. Seems very wrong for sure. Are you actually using both LVDS and VGA? It seems to think you are. Since I have not tried a multi-head on one of these I don't know how well that works. Maybe try connecting only one monitor and see if you can get that working first. After that xrandr is your friend for playing with other layouts. If you don't have two monitors attached then the driver is not detecting your monitor correctly. I have a 945GSE chipset board running CentOS that had problems detecting a DVI->HDMI TV correctly. I ended up coming up with a custom xorg.conf that forced the outputs and modes I was interested in. Here's how I made sure that only DVI was being used: In the Device section add something like: Option "monitor-VGA" "VGA" Option "monitor-LVDS" "LVDS" Option "monitor-TMDS-1" "DVI" And in the Monitor section add: Identifier "DVI" Then setup a screen that uses the monitor you want: Section "Screen" Identifier "Screen0" Device "Card0" Monitor "DVI" SubSection "Display" Viewport 0 0 Depth 24 Modes "1920x1080" EndSubSection EndSection Note that you may need to change the monitor-VGA" stuff to match the identification of your actual hardware. Maybe that is the issue you are having or maybe it is unrelated. Trial and error might be the only way to figure it out. > Is there info in the log file that points to a problem and thus to a > solution? The complete log is attached. > > If someone has ideas how to further diagnose I would appreciate. > Otherwise I may have to give up on this machine... I'm pretty much at the end of my abilities here. Let us know how it goes. Maybe someone else has some other ideas. From brcisna at eazylivin.net Tue Mar 8 15:02:30 2011 From: brcisna at eazylivin.net (Barry Cisna) Date: Tue, 08 Mar 2011 09:02:30 -0600 Subject: [K12OSN] Thin Client - DHCP Message-ID: <1299596550.16100.27.camel@hi2.wc235.k12.il.us> Brendan, You can set your k12ltsp server's dhcp server to run on an alternate port #. EG:1067. I do this at one of our school buildings. This dhcp server will appear 'invisible' to the other existing machines on your lan. This is pretty simple,especially if your plug and play switches do not have vlan capability. Here is the URL that explains how to: http://sourceforge.net/apps/mediawiki/ltsp/index.php?title=DHCP#Use_different_port_numbers_for_the_DHCP_servers Take Care, Barry From joseph.bishay at gmail.com Thu Mar 10 16:06:46 2011 From: joseph.bishay at gmail.com (Joseph Bishay) Date: Thu, 10 Mar 2011 11:06:46 -0500 Subject: [K12OSN] Slightly OT - Wireless in your school/building Message-ID: Hello, I hope everyone is well. A while back I asked for people's recommendations on what they would want -- technology-wise -- in a newly-built school. We're in the process now of building our new school and one of the questions that came up was about wifi within the building. I was wondering if you had any recommendations or tips about setting it up. Granted 99% of the machines will be wired, but there are some areas that will be designated 'hot-spots' where people can bring in their laptops to connect, etc. I appreciate all your feedback. Thank you Joseph From jahnigl at hotmail.com Thu Mar 10 16:17:40 2011 From: jahnigl at hotmail.com (Lance Jahnig) Date: Thu, 10 Mar 2011 10:17:40 -0600 Subject: [K12OSN] Thin Client - DHCP In-Reply-To: <1299596550.16100.27.camel@hi2.wc235.k12.il.us> References: <1299596550.16100.27.camel@hi2.wc235.k12.il.us> Message-ID: A couple of things to look at also. One problem might be a managed switch that has spanning tree enabled on all the ports. Disabled spanning tree to fix. Another problem might be with the network card itself. It might recognize the PXE boot but once the kernel tries to recognize the card it won't. If that is the case then you might have to add lines to the pxelinux.cfg/default file to help point it to the correct network card information. -----Original Message----- From: Brendan Williamson To: "k12osn redhat com" Subject: [K12OSN] Thin Client - DHCP Date: Fri, 4 Mar 2011 14:01:25 -0600 -------------------------------------------------------------------------------- Hey there, I just recently setup a server with a test client but every time it loads the kernel it gets about half way and says ?Could Not Find root-path dhcp option: mount: missing mount point? Not really sure what to change or where to start, any suggestions? Thanks! Brendan Williamson From johno at islandwood.org Thu Mar 10 17:38:34 2011 From: johno at islandwood.org (John Oligario) Date: Thu, 10 Mar 2011 09:38:34 -0800 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: Message-ID: <7CD69867FCBA0F4694B0C053BF093313034446B1@POSTINO.pselc.internal> We use the procurve. Our campus is 255 acres however we only cover half, multiple buildings. -----Original Message----- From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Joseph Bishay Sent: Thursday, March 10, 2011 8:07 AM To: Support list for open source software in schools. Subject: [K12OSN] Slightly OT - Wireless in your school/building Hello, I hope everyone is well. A while back I asked for people's recommendations on what they would want -- technology-wise -- in a newly-built school. We're in the process now of building our new school and one of the questions that came up was about wifi within the building. I was wondering if you had any recommendations or tips about setting it up. Granted 99% of the machines will be wired, but there are some areas that will be designated 'hot-spots' where people can bring in their laptops to connect, etc. I appreciate all your feedback. Thank you Joseph _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see From brcisna at eazylivin.net Thu Mar 10 21:40:18 2011 From: brcisna at eazylivin.net (Barry Cisna) Date: Thu, 10 Mar 2011 15:40:18 -0600 Subject: [K12OSN] USB Stick on demand virus scanning Message-ID: <1299793218.13470.12.camel@localhost.localdomain> Hello All, This is somewhat off topic here,and I am guessing this may be a tough nut to crack. I am going to ask anyways. I would like to come up with some sort of usb stick 'on demand' scanning that utilizes Clamav,Samba,and the samba-vscan-clamav module. I have posted this in the Clamav forums and got one reply which really wasn't a turn key setup like I would like it to be. I am for sure not smart enough to come up with some sort of script that would in effect auto mount an usb stick that was inserted into any Winders workstation that was domain logged in and scan this newly seen drive with the samba-vscan module and would function in the same manner as samba-vscan-clamav works. We are at present using the samba-vscan-clamav module which works sweet on all users home folders that resides on one of the K12ltsp servers. It appears to me that if this could happen this would be a 'one point' manageable piece. Some years back we went with the AVG Enterprise thing which worked OK, but still doing updates and the licensing nightmares with this type of thing is a daunting task. We have recently got hit with a virus propagating out to all of the Winders machines,as the admins have been buying laptops by the carload and of course the usb stick thing is just a matter of time and this sort of thing is bound to happen. Possibly someone could chime in with what they use. Thanks, Barry From clifford_ilkay at dinamis.com Fri Mar 11 02:32:58 2011 From: clifford_ilkay at dinamis.com (CLIFFORD ILKAY) Date: Thu, 10 Mar 2011 21:32:58 -0500 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: Message-ID: <4D7989DA.4070902@dinamis.com> On 03/10/2011 11:06 AM, Joseph Bishay wrote: > Hello, > > I hope everyone is well. > > A while back I asked for people's recommendations on what they would > want -- technology-wise -- in a newly-built school. We're in the > process now of building our new school and one of the questions that > came up was about wifi within the building. I was wondering if you > had any recommendations or tips about setting it up. Granted 99% of > the machines will be wired, but there are some areas that will be > designated 'hot-spots' where people can bring in their laptops to > connect, etc. > > I appreciate all your feedback. Hello, Be careful. WiFi has lots of health-related concerns surrounding it, especially for children. One of the school boards in this area deployed it and that started a firestorm of controversy with some parents claiming their children were becoming ill from the WiFi. The Superintendent of that school board handled it very badly. The parents whose children were afflicted were asking for a 90 day moratorium to see if the symptoms of their children abated. Instead of doing that, which I think would have been an inexpensive and non-confrontational way of dealing with the issue, it became a war of experts with the school board trotting out their experts who claimed WiFi was safe and the parents trotting out their own experts who claimed that WiFi caused all sorts of problems. Google for "simcoe school board wifi". Here is one article: . If I were in your shoes, I would consult parents so that I would act with their support and I'd be frank about presenting both sides of the issue. It's best to have these discussions before you spend money on technology that you might have to mothball later due to health concerns. I've read enough about the issue that I think there is something going on and would be inclined to err on the side of caution. -- Regards, Clifford Ilkay Dinamis 1419-3266 Yonge St. Toronto, ON Canada M4N 3P6 +1 416-410-3326 From ericbrow at gmail.com Fri Mar 11 04:59:01 2011 From: ericbrow at gmail.com (Eric Brown) Date: Thu, 10 Mar 2011 22:59:01 -0600 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D7989DA.4070902@dinamis.com> References: <4D7989DA.4070902@dinamis.com> Message-ID: I've got to speak out on this one. I've only ever heard of the wi-fi illness when those affected have some sort of ax to grind with the supposed wi-fi offender. While working on my Master's degree, I did one particular study where I drove a grid pattern around our little town of 10,000 using a wireless sniffer. I found 350 different mac addresses of wireless routers in our town, with just over 300 wide open, which was the subject of my paper. Fast forward a year or two, and there's a student who has been in the district since kindergarten suddenly develop this wi-fi sensitivity, particularly at school. This was one child whose mother was quite litigious, having attempted to sue the school on multiple occasions, with the story usually being her kid misbehaved, got in trouble, acted out worse and worse, and then the school did something wrong, when in fact they never really did. She wanted to sue the school because her kid was getting sick from the wireless routers. Turns out his wi-fi sensitivity didn't develop during his elementary years, even though his school had access points outside of two of his classrooms when he was there. Mom claimed he felt fine at home, where casual sniffing while driving by the address showed 4 open access points just outside his front door. If this were a genuine illness, I would suspect it would only be found in those who live truly out in the wilderness, or we'd be suffering a pandemic of catastrophic proportions. Wi-fi is EVERYWHERE now. Every little small business that wants to encourage people hanging around has wi-fi. They may not advertise it, but it's there. Even if they don't, there's someone around who does. I bet if you stand by any window in any classroom of any school that's not out in the country, you WILL find wi-fi signal. And with the availability of technology these days, there's at least one kid in your school who knows how to turn their cell phone into a wi-fi hot spot, who will open it for their buddies during lunch and study hall. I would beware of the tolls though. I'm sure there's someone with an ax to grind who can pretend to be sick. Stick up a wired switch with wireless antenna glued on until you call them out. Then deploy the wireless. I am all for the safety of all children, as well as the scientific method. Sorry for the rant, Eric On Mar 10, 2011 8:38 PM, "CLIFFORD ILKAY" wrote: On 03/10/2011 11:06 AM, Joseph Bishay wrote: > > Hello, > > I hope everyone is well. > > A while bac... Hello, Be careful. WiFi has lots of health-related concerns surrounding it, especially for children. One of the school boards in this area deployed it and that started a firestorm of controversy with some parents claiming their children were becoming ill from the WiFi. The Superintendent of that school board handled it very badly. The parents whose children were afflicted were asking for a 90 day moratorium to see if the symptoms of their children abated. Instead of doing that, which I think would have been an inexpensive and non-confrontational way of dealing with the issue, it became a war of experts with the school board trotting out their experts who claimed WiFi was safe and the parents trotting out their own experts who claimed that WiFi caused all sorts of problems. Google for "simcoe school board wifi". Here is one article: < http://www.cbc.ca/news/health/story/2010/08/16/wifi-students.html>. If I were in your shoes, I would consult parents so that I would act with their support and I'd be frank about presenting both sides of the issue. It's best to have these discussions before you spend money on technology that you might have to mothball later due to health concerns. I've read enough about the issue that I think there is something going on and would be inclined to err on the side of caution. -- Regards, Clifford Ilkay Dinamis 1419-3266 Yonge St. Toronto, ON Canada M4N 3P6 <%2B1%20416-410-3326> <%2B1%20416-410-3326>+1 416-410-3326 _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.... -------------- next part -------------- An HTML attachment was scrubbed... URL: From joseph.bishay at gmail.com Fri Mar 11 14:40:52 2011 From: joseph.bishay at gmail.com (Joseph Bishay) Date: Fri, 11 Mar 2011 09:40:52 -0500 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <4D7989DA.4070902@dinamis.com> Message-ID: Hello, So it is very interesting that the two detailed responses I've received are about the potential dangers associated with wifi and the lack of information backing this perceived danger. To me this says that I should consider a system that allows the wifi to be turned off/on as needed, rather than being on all the time, and limiting it to areas that are necessary, rather than blanketing the property independent of need. This takes a 'middle of the road' approach in my mind. The property actually is not just an elementary school but also houses a day-care and a business meeting conference centre. It is in the business meeting area that I actually need the wifi - the rest can most probably run off LTSP machines. Is there a recommendation on how to set up the wifi for the business areas? Thank you Joseph From johno at islandwood.org Fri Mar 11 15:05:25 2011 From: johno at islandwood.org (John Oligario) Date: Fri, 11 Mar 2011 07:05:25 -0800 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <4D7989DA.4070902@dinamis.com> Message-ID: <5713DD66-BAF2-4883-9FED-92837A271086@islandwood.org> We use procure at our school. Can turn off sections or reboot all from any computer admin has acts to as it runs in the browser. On Mar 11, 2011, at 6:44 AM, "Joseph Bishay" wrote: > Hello, > > So it is very interesting that the two detailed responses I've > received are about the potential dangers associated with wifi and the > lack of information backing this perceived danger. > > To me this says that I should consider a system that allows the wifi > to be turned off/on as needed, rather than being on all the time, and > limiting it to areas that are necessary, rather than blanketing the > property independent of need. This takes a 'middle of the road' > approach in my mind. The property actually is not just an elementary > school but also houses a day-care and a business meeting conference > centre. It is in the business meeting area that I actually need the > wifi - the rest can most probably run off LTSP machines. > > Is there a recommendation on how to set up the wifi for the business areas? > > Thank you > Joseph > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From reb at taco.com Fri Mar 11 15:13:58 2011 From: reb at taco.com (Phydeaux) Date: Fri, 11 Mar 2011 10:13:58 -0500 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <4D7989DA.4070902@dinamis.com> Message-ID: <3f16016ce1790812d42d490d6908e683.squirrel@webmail.taco.com> > So it is very interesting that the two detailed responses I've > received are about the potential dangers associated with wifi and the > lack of information backing this perceived danger. There were two posted responses. One pointed out unjustified hysteria in an Ontario school. The other gave examples of why this sort of complaint is a canard. All WiFi devices I've ever seen can be disabled by the flick of a switch. Most can be disabled via a web interface. That should be more than enough to solve your immediate problem and let you worry about real issues. reb From robark at gmail.com Fri Mar 11 16:43:19 2011 From: robark at gmail.com (Robert Arkiletian) Date: Fri, 11 Mar 2011 08:43:19 -0800 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <4D7989DA.4070902@dinamis.com> Message-ID: On Fri, Mar 11, 2011 at 6:40 AM, Joseph Bishay wrote: > > Is there a recommendation on how to set up the wifi for the business areas? put the wi-fi on a separate network (subnet) . Maybe a vlan if you have managed switches. -- Robert Arkiletian Eric Hamber Secondary, Vancouver, Canada From rasher at paragould.k12.ar.us Fri Mar 11 17:26:11 2011 From: rasher at paragould.k12.ar.us (Rob Asher) Date: Fri, 11 Mar 2011 11:26:11 -0600 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <4D7989DA.4070902@dinamis.com> Message-ID: <4D7A06D3.0172.0037.0@paragould.k12.ar.us> If you're looking for both a secure and guest network along with time based access, in the past I've done that here for just a few AP's with Mikrotik RB411AH routerOS based access points and a few scripts to enable/disable the radio on schedule. Depending on radio, enclosure, power injector, and antenna(s) you use, it's a pretty inexpensive solution for just a few AP's here and there. If you're looking to cover an entire campus though, I'd suggest looking at Aerohive or Meraki just for ease of management as much as anything else. HTH, Rob ---------------- Rob Asher Network Systems Technician Paragould School District 870-236-7744 x169 >>> Joseph Bishay 03/11/11 8:40 AM >>> Hello, So it is very interesting that the two detailed responses I've received are about the potential dangers associated with wifi and the lack of information backing this perceived danger. To me this says that I should consider a system that allows the wifi to be turned off/on as needed, rather than being on all the time, and limiting it to areas that are necessary, rather than blanketing the property independent of need. This takes a 'middle of the road' approach in my mind. The property actually is not just an elementary school but also houses a day-care and a business meeting conference centre. It is in the business meeting area that I actually need the wifi - the rest can most probably run off LTSP machines. Is there a recommendation on how to set up the wifi for the business areas? Thank you Joseph _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see ---------- This message has been scanned for viruses and dangerous content by the Paragould School District MailScanner, and is believed to be clean. ---------- This message has been scanned for viruses and dangerous content by the Paragould School District MailScanner, and is believed to be clean. From cisna-barry at wc235.k12.il.us Fri Mar 11 18:57:52 2011 From: cisna-barry at wc235.k12.il.us (Barry Cisna) Date: Fri, 11 Mar 2011 12:57:52 -0600 Subject: [K12OSN] Slightly OT - Wireless in your school/building Message-ID: <1299869872.16100.40.camel@hi2.wc235.k12.il.us> Not that I can add anything to what others have suggested in regards to your wifi deployment. I wonder how many of these parents that are complaining of their little youngin's getting sick from wifi,the same youngsters have a cell phone(can you say radio?) against their ear every waking minute. A bunch that probably don't have two nickels to rub together, setting up for a lawsuit.No way... Get real... I guess I'm too realistic. Barry From lars.schade at berlin.de Sat Mar 12 21:46:41 2011 From: lars.schade at berlin.de (Lars Schade) Date: Sat, 12 Mar 2011 22:46:41 +0100 Subject: [K12OSN] Gnome-panels missing on clients In-Reply-To: <4D757EF9.9020106@siddall.name> References: <1298733547.15762.36.camel@rosinante.berlin> <20110227194440.M81725@gnuskole.no> <4D6E6686.6080907@siddall.name> <1299338103.3130.24.camel@rosinante.berlin> <4D72DF5E.2030208@siddall.name> <1299432060.4461.48.camel@rosinante.berlin> <4D757EF9.9020106@siddall.name> Message-ID: <1299966401.4971.21.camel@rosinante.berlin> SUCCESS, I finally got the ZBOX working with the gnome-panels visible but have not done extensive testing to see whether absolutely everything is functional (though it appears to be). The problem was that the ZBOX falsely believes to be a notebook equipped with an own LCD-screen. And that the vga-monitor I connect is only a secondary external screen. So the key to getting the thing working is to turn off the fictitious LCD-screen. After hours of testing I found the following to work for me: Add a client specific section in your lts.conf: ################ #[MAC ADDRESS]: ZBOX SD-ID10 ################ [00:01:2E:BC:29:C3] XRANDR_OUTPUT_0="VGA1 --primary" XRANDR_MODE_0="1280x1024" XRANDR_OUTPUT_1="LVDS1 --off" XF86CONFIG_FILE="/etc/X11/xorg.conf.zbox" The external VGA goes by the name VGA1 and the fictitious LCD by the name LVDS1. So the LCD is turned off and the VGA is set as primary device. This does the job for the login screen but the information is somehow lost when the gnome session is started (I have no clue why). Anyway, so you need to provide a client specific xorg.conf file. I created one on the client by running X -configure and then modified it to again turn off LVDS1. The file location is specified in chroot notation, the real location is /opt/ltsp/i386/etc/X11/xorg.conf.zbox Here is what I use: Section "ServerLayout" Identifier "X.org Configured" Screen 0 "Screen0" 0 0 InputDevice "Mouse0" "CorePointer" InputDevice "Keyboard0" "CoreKeyboard" EndSection Section "Files" ModulePath "/usr/lib/xorg/modules" FontPath "catalogue:/etc/X11/fontpath.d" FontPath "built-ins" EndSection Section "Module" Load "record" Load "dbe" Load "dri" Load "glx" Load "dri2" Load "extmod" EndSection Section "InputDevice" Identifier "Keyboard0" Driver "kbd" EndSection Section "InputDevice" Identifier "Mouse0" Driver "mouse" Option "Protocol" "auto" Option "Device" "/dev/input/mice" Option "ZAxisMapping" "4 5 6 7" EndSection Section "Monitor" Identifier "VGA" Option "PreferredMode" "1280x1024" EndSection Section "Monitor" Identifier "LVDS" Option "Ignore" "true" EndSection Section "Device" Identifier "Card0" Driver "intel" Option "monitor-VGA1" "VGA" Option "monitor-LVDS1" "LVDS" BusID "PCI:0:2:0" EndSection Section "Screen" Identifier "Screen0" Device "Card0" Monitor "VGA" SubSection "Display" Viewport 0 0 Depth 16 Modes "1280x1024" EndSubSection EndSection The monitor, device, and screen section were adapted to do the job. Thanks a lot to Jeff and Odin for sharing your knowledge and experience and ideas !!!!! Am Montag, den 07.03.2011, 19:57 -0500 schrieb Jeff Siddall: > On 03/06/2011 12:21 PM, Lars Schade wrote: > >> To find out what is happening on the client you need to get the > >> Xorg.whatever.log (note that "whatever" was in my case a "1") on the > >> client. There are a few ways to do this. I did it by setting up sshd > >> in the chroot so I could ssh to any client. For that you need to > >> install and enable the sshd stuff as well as set a root password in the > >> chroot. Other alternatives are to look at the file locally by setting > >> something like: > >> > >> SCREEN_02=shell > >> > >> in your lts.conf and then using CTRL-ALT-F2 _on the client_ to get to > >> the shell, then do your normal CLI stuff after that. > > > > Tried that with partial success. I could not get a proper login prompt > > for some reason. CTRL-ALT-F2 got me to a shell which did not accept > > keyboard input properly. And timed out back to a login prompt where I > > could not enter letters in a sensible fashion. I used my notebook via > > pxe as a client (not graphics issues there, everything runs smooth) and > > got the same strange behavior at the CTRL-ALT-F2 shell. > > > > So I decided to rebuild the client with Fedora-12 since that worked for > > Jeff, i.e. ltsp-build-client --release 12. That did the job as far as > > the CTRL-ALT-F2 shell is concerned - mostly. For some reason CTRL-ALT-F2 > > switches me right away to a root shell without prompting for a username > > and password. Why is that, seems like a security issue? > > Hmmm... yeah, I recall seeing that also. Try another shell (maybe > CTRL-ALT-F3). I think I eventually found one that I could login with. > > > But at least I was able to take a look at the Xorg.1.log and other > > things on the client (the panel issue is just as previously with f13): > > > > kernel-2.6.32.26-175.fc12.i686 > > xorg-x11-drv-intel-2.9.1-1.fc12.i686 > > > > The Xorg.1.log file is attached, it looks very similar to what Jeff > > posted, here are some pieces from my file: > > > > ... > > > > (--) PCI:*(0:0:2:0) 8086:a001:8086:a001 Intel Corporation Pineview > > Integrated Gr > > aphics Controller rev 2, Mem @ 0xfe880000/524288, 0xd0000000/268435456, > > 0xfe9000 > > 00/1048576, I/O @ 0x0000dc00/8, BIOS @ 0x????????/131072 > > (--) PCI: (0:0:2:1) 8086:a002:8086:a001 Intel Corporation Pineview > > Integrated Gr > > aphics Controller rev 2, Mem @ 0xfe780000/524288, BIOS @ > > 0x????????/65536 > > > > ... > > > > (==) Matched intel for the autoconfigured driver > > (==) Assigned the driver to the xf86ConfigLayout > > (II) LoadModule: "intel" > > (II) Loading /usr/lib/xorg/modules/drivers/intel_drv.so > > (II) Module intel: vendor="X.Org Foundation" > > compiled for 1.7.0, module version = 2.9.1 > > Module class: X.Org Video Driver > > ABI class: X.Org Video Driver, version 6.0 > > (II) intel: Driver for Intel Integrated Graphics Chipsets: i810, > > i810-dc100, i810e, i815, i830M, 845G, 852GM/855GM, 865G, 915G, > > E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM, Pineview G, > > 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35, Q33, GM45, > > 4 Series, G45/G43, Q45/Q43, G41, B43, Clarkdale, Arrandale > > (II) Primary Device is: PCI 00 at 00:02:0 > > > > ... > > > > (II) intel(0): Integrated Graphics Chipset: Intel(R) Pineview G > > (--) intel(0): Chipset: "Pineview G" > > (II) intel(0): Output LVDS1 has no monitor section > > (II) intel(0): Output VGA1 has no monitor section > > > > ... (here comes probing of the monitor) > > > > (II) intel(0): Output LVDS1 connected > > (II) intel(0): Output VGA1 connected > > (II) intel(0): Using spanning desktop for initial modes > > (II) intel(0): Output LVDS1 using initial mode 1024x768 +0+0 > > (II) intel(0): Output VGA1 using initial mode 1280x1024 +1024+0 > > > > ... (here comes info I cannot make sense of:) > > > > (II) intel(0): Setting screen physical size to 609 x 270 > > (II) intel(0): Allocate new frame buffer 2304x1024 stride 4096 > > > > ... (and more and more probing info????) > > Not sure about that physical size thing. Seems very wrong for sure. > Are you actually using both LVDS and VGA? It seems to think you are. > Since I have not tried a multi-head on one of these I don't know how > well that works. Maybe try connecting only one monitor and see if you > can get that working first. After that xrandr is your friend for > playing with other layouts. > > If you don't have two monitors attached then the driver is not detecting > your monitor correctly. I have a 945GSE chipset board running CentOS > that had problems detecting a DVI->HDMI TV correctly. I ended up coming > up with a custom xorg.conf that forced the outputs and modes I was > interested in. Here's how I made sure that only DVI was being used: > > In the Device section add something like: > > Option "monitor-VGA" "VGA" > Option "monitor-LVDS" "LVDS" > Option "monitor-TMDS-1" "DVI" > > And in the Monitor section add: > > Identifier "DVI" > > Then setup a screen that uses the monitor you want: > > Section "Screen" > Identifier "Screen0" > Device "Card0" > Monitor "DVI" > SubSection "Display" > Viewport 0 0 > Depth 24 > Modes "1920x1080" > EndSubSection > EndSection > > Note that you may need to change the > monitor-VGA" stuff to match the identification of your actual hardware. > > Maybe that is the issue you are having or maybe it is unrelated. Trial > and error might be the only way to figure it out. > > > Is there info in the log file that points to a problem and thus to a > > solution? The complete log is attached. > > > > If someone has ideas how to further diagnose I would appreciate. > > Otherwise I may have to give up on this machine... > > I'm pretty much at the end of my abilities here. Let us know how it > goes. Maybe someone else has some other ideas. > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From julius at turtle.com Mon Mar 14 14:22:22 2011 From: julius at turtle.com (Julius Szelagiewicz) Date: Mon, 14 Mar 2011 09:22:22 -0500 (EST) Subject: [K12OSN] Zotac Zbox realtec network driver missing in Centos5.5 Message-ID: <50304.216.216.171.235.1300112542.squirrel@216.216.171.235> Folks, I cought Odin talking how great the Zotac boxes are, so I got me one of those babies in the AMD 64bit flavor. I installed DRBL on an AMD 64 bit pc running Centos 5.5 and proceeded to boot the box. Got PXE going, the system loads and then chokes on not recognised Realtec gigabit adapter. I'm sure that there is a driver for it in Centos 5.5, but how do I get it and what do I do to make it show up on the box? Julius From clifford_ilkay at dinamis.com Tue Mar 15 00:11:58 2011 From: clifford_ilkay at dinamis.com (CLIFFORD ILKAY) Date: Mon, 14 Mar 2011 20:11:58 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <4D7989DA.4070902@dinamis.com> Message-ID: <4D7EAECE.9080100@dinamis.com> On 03/10/2011 11:59 PM, Eric Brown wrote: > I've got to speak out on this one. I've only ever heard of the wi-fi > illness when those affected have some sort of ax to grind with the > supposed wi-fi offender. I've heard of this "heard of" technique for establishing scientific validity. :) > While working on my Master's degree, I did > one particular study where I drove a grid pattern around our little town > of 10,000 using a wireless sniffer. I found 350 different mac addresses > of wireless routers in our town, with just over 300 wide open, which was > the subject of my paper. You managed to find many sources of RF waves, which isn't remarkable. How can you conclude that those waves don't have adverse health effects, especially on children? Unless you have done research and published papers on the health effects of radio waves as Dr. Magda Havas has, your Master's degree doesn't really make you any more qualified than anyone I can stop and ask on the street. > Fast forward a year or two, and there's a > student who has been in the district since kindergarten suddenly develop > this wi-fi sensitivity, particularly at school. This was one child > whose mother was quite litigious, having attempted to sue the school on > multiple occasions, with the story usually being her kid misbehaved, got > in trouble, acted out worse and worse, and then the school did something > wrong, when in fact they never really did. So based on a sample of one, you're concluding that this is all in the minds of litigious parents? > She wanted to sue the school > because her kid was getting sick from the wireless routers. Turns out > his wi-fi sensitivity didn't develop during his elementary years, even > though his school had access points outside of two of his classrooms > when he was there. Mom claimed he felt fine at home, where casual > sniffing while driving by the address showed 4 open access points just > outside his front door. > > If this were a genuine illness, I would suspect it would only be found > in those who live truly out in the wilderness, or we'd be suffering a > pandemic of catastrophic proportions. Wi-fi is EVERYWHERE now. Every > little small business that wants to encourage people hanging around has > wi-fi. They may not advertise it, but it's there. Even if they don't, > there's someone around who does. I bet if you stand by any window in > any classroom of any school that's not out in the country, you WILL find > wi-fi signal. That's true. However, if I recall correctly, signals degrade with the square of the distance. Many schools have large playgrounds, which act as a buffer for low-power signals like WiFi. > And with the availability of technology these days, > there's at least one kid in your school who knows how to turn their cell > phone into a wi-fi hot spot, who will open it for their buddies during > lunch and study hall. > > I would beware of the tolls though. I'm sure there's someone with an ax > to grind who can pretend to be sick. Stick up a wired switch with > wireless antenna glued on until you call them out. Then deploy the > wireless. > > I am all for the safety of all children, as well as the scientific method. As am I, which is why I referenced Dr. Havas' work above. -- Regards, Clifford Ilkay Dinamis 1419-3266 Yonge St. Toronto, ON Canada M4N 3P6 +1 416-410-3326 From caldodge at gmail.com Tue Mar 15 00:49:00 2011 From: caldodge at gmail.com (Calvin Dodge) Date: Mon, 14 Mar 2011 18:49:00 -0600 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D7EAECE.9080100@dinamis.com> References: <4D7989DA.4070902@dinamis.com> <4D7EAECE.9080100@dinamis.com> Message-ID: Clifford, there's a real reason to be skeptical of such claims, especially when someone stands to make serious cash (or get a big splash of fame) from those claims. Remember silicone breast implants? Remember how lawyers who claimed clients had health problems from the same, reaped hundreds of millions of dollars, and drove a Dow division into bankruptcy? What's interesting is that subsequent studies showed NO correlation between those implants and their supposed bad side effects. There is NO difference in the rate of autoimmune diseases betwen women with the implants, and women who didn't have them. But the lawyers got to keep their ill-gotten gains. Then there was the whole "fetal oxygen deficiency for a few seconds causes cerebral palsy" bandwagon. Lawyers made lots of money from that theory, and medical practice changed as a result. Fetal oxygen monitors are now used everywhere, and the incidence of Ceasarean births has gone way up. And what's the result of all this activity to prevent the supposed cause of cerebral palsy? Nothing - the rate hasn't changed at all. But the lawyers get to keep their millions of dollars, while obstetricians become harder to find. More recently there was the "mercury in vaccines causes autism" hysteria. There it turns out the fellow who first made this claim falsified his data. But he gets to keep the money he earned from lectures and such, and so do all the others who jumped on that bandwagon. Plenty of other examples abound, like the nonsense about hexavalent chromium which garnered a couple of million dollars for that fraud, Erin Brockovich. So, no, I'm not going to automatically run in terror because somebody claims "lots of health-related concerns" from WiFi. I want to see multiple studies from a variety of sources, to reduce the chance that confirmation bias (or even outright fraud) is resulting in a false claim. Calvin Dodge From lesmikesell at gmail.com Tue Mar 15 01:37:38 2011 From: lesmikesell at gmail.com (Les Mikesell) Date: Mon, 14 Mar 2011 20:37:38 -0500 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D7EAECE.9080100@dinamis.com> References: <4D7989DA.4070902@dinamis.com> <4D7EAECE.9080100@dinamis.com> Message-ID: <4D7EC2E2.7040800@gmail.com> On 3/14/11 7:11 PM, CLIFFORD ILKAY wrote: > > You managed to find many sources of RF waves, which isn't remarkable. How can > you conclude that those waves don't have adverse health effects, especially on > children? Unless you have done research and published papers on the health > effects of radio waves as Dr. Magda Havas > has, your Master's degree doesn't really make you > any more qualified than anyone I can stop and ask on the street. So, now that pretty much everyone has had a wireless router in their house, maybe a few feet away from where they sit by the computer, not to mention the other ends of the connections in our laptops and cell phones that are even closer, you don't think anyone would have noticed how sick it makes us? > So based on a sample of one, you're concluding that this is all in the minds of > litigious parents? Yes. Or at least that the effects are just the same as an equivalent amount of electromagnetic radiation in the light or heat spectrum. But that won't save you in a lawsuit. -- Les Mikesell lesmikesell at gmail.com From clifford_ilkay at dinamis.com Tue Mar 15 02:53:18 2011 From: clifford_ilkay at dinamis.com (CLIFFORD ILKAY) Date: Mon, 14 Mar 2011 22:53:18 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D7EC2E2.7040800@gmail.com> References: <4D7989DA.4070902@dinamis.com> <4D7EAECE.9080100@dinamis.com> <4D7EC2E2.7040800@gmail.com> Message-ID: <4D7ED49E.5070807@dinamis.com> On 03/14/2011 09:37 PM, Les Mikesell wrote: > So, now that pretty much everyone has had a wireless router in their > house, maybe a few feet away from where they sit by the computer, > not to mention the other ends of the connections in our laptops and > cell phones that are even closer, you don't think anyone would have > noticed how sick it makes us? Some people have noticed. A toddler of a friend in the U.K. was having some mysterious health problems. Doctors couldn't explain it. The father had a home office with a WiFi router right under his son's bedroom. He read an article about the possible adverse effects of WiFi on children and thought that he had nothing to lose by turning off the WiFi router for a while to see if it made any difference. His son's unexplained symptoms disappeared. That situation can't be attributed to a litigious parent. Who was he going to sue? Himself? We don't all react to foods the same way so why is it inconceivable that might not react to RF waves the same way? Is it not possible that some people and some children are more sensitive to this than others? -- Regards, Clifford Ilkay Dinamis 1419-3266 Yonge St. Toronto, ON Canada M4N 3P6 +1 416-410-3326 From lesmikesell at gmail.com Tue Mar 15 04:04:18 2011 From: lesmikesell at gmail.com (Les Mikesell) Date: Mon, 14 Mar 2011 23:04:18 -0500 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D7ED49E.5070807@dinamis.com> References: <4D7989DA.4070902@dinamis.com> <4D7EAECE.9080100@dinamis.com> <4D7EC2E2.7040800@gmail.com> <4D7ED49E.5070807@dinamis.com> Message-ID: <4D7EE542.3000702@gmail.com> On 3/14/11 9:53 PM, CLIFFORD ILKAY wrote: > On 03/14/2011 09:37 PM, Les Mikesell wrote: >> So, now that pretty much everyone has had a wireless router in their >> house, maybe a few feet away from where they sit by the computer, >> not to mention the other ends of the connections in our laptops and >> cell phones that are even closer, you don't think anyone would have >> noticed how sick it makes us? > > Some people have noticed. A toddler of a friend in the U.K. was having some > mysterious health problems. Doctors couldn't explain it. The father had a home > office with a WiFi router right under his son's bedroom. He read an article > about the possible adverse effects of WiFi on children and thought that he had > nothing to lose by turning off the WiFi router for a while to see if it made any > difference. His son's unexplained symptoms disappeared. That situation can't be > attributed to a litigious parent. Who was he going to sue? Himself? > > We don't all react to foods the same way so why is it inconceivable that might > not react to RF waves the same way? Is it not possible that some people and some > children are more sensitive to this than others? I suppose anything is possible - and someone might have the same reaction to the light/heat spectrum too. But people get sick and then better all the time and have made up reasons for both for all of human history. I don't think they'll stop now. -- Les Mikesell lesmikesell at gmail.com From clifford_ilkay at dinamis.com Tue Mar 15 05:29:41 2011 From: clifford_ilkay at dinamis.com (CLIFFORD ILKAY) Date: Tue, 15 Mar 2011 01:29:41 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D7EE542.3000702@gmail.com> References: <4D7989DA.4070902@dinamis.com> <4D7EAECE.9080100@dinamis.com> <4D7EC2E2.7040800@gmail.com> <4D7ED49E.5070807@dinamis.com> <4D7EE542.3000702@gmail.com> Message-ID: <4D7EF945.2090006@dinamis.com> On 03/15/2011 12:04 AM, Les Mikesell wrote: > On 3/14/11 9:53 PM, CLIFFORD ILKAY wrote: >> We don't all react to foods the same way so why is it inconceivable >> that might >> not react to RF waves the same way? Is it not possible that some >> people and some >> children are more sensitive to this than others? > > I suppose anything is possible - and someone might have the same > reaction to the light/heat spectrum too. But people get sick and then > better all the time and have made up reasons for both for all of human > history. I don't think they'll stop now. How timely that I just read this from Dr. Mercola's newsletter: . "If you missed Dr. Martin Blank's presentation in which he explains how wireless devices affect your cells and DNA, I highly recommend you take 20 minutes and listen to it now. Dr. Blank is an Associate Professor at Columbia University in the department of physiology and cellular biophysics, and a researcher in bioelectromagnetics. He is adamant when he says that there IS evidence of harm within the non-ionizing range of radiation, and that the harm to human health can be significant. This evidence has been peer-reviewed, published, and that the results have been replicated, evaluated and "judged by scientists capable of judging it," as Dr. Blank says." What would he know? He's just an associate professor at Columbia who studies this stuff. -- Regards, Clifford Ilkay Dinamis 1419-3266 Yonge St. Toronto, ON Canada M4N 3P6 +1 416-410-3326 From julius at turtle.com Tue Mar 15 13:20:16 2011 From: julius at turtle.com (Julius Szelagiewicz) Date: Tue, 15 Mar 2011 09:20:16 -0400 (EDT) Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D7EAECE.9080100@dinamis.com> Message-ID: It's way OT, but here goes: Magda Havas is a very strong self promoter, not a very strong scientist. Her studies show really poor methodology and the results are not reproducible. If you believe her "research", you probably believe that vaccines cause autism. Julius On Mon, 14 Mar 2011, CLIFFORD ILKAY wrote: > On 03/10/2011 11:59 PM, Eric Brown wrote: > > I've got to speak out on this one. I've only ever heard of the wi-fi > > illness when those affected have some sort of ax to grind with the > > supposed wi-fi offender. > > I've heard of this "heard of" technique for establishing scientific > validity. :) > > > While working on my Master's degree, I did > > one particular study where I drove a grid pattern around our little town > > of 10,000 using a wireless sniffer. I found 350 different mac addresses > > of wireless routers in our town, with just over 300 wide open, which was > > the subject of my paper. > > You managed to find many sources of RF waves, which isn't remarkable. > How can you conclude that those waves don't have adverse health effects, > especially on children? Unless you have done research and published > papers on the health effects of radio waves as Dr. Magda Havas > has, your > Master's degree doesn't really make you any more qualified than anyone I > can stop and ask on the street. > > > Fast forward a year or two, and there's a > > student who has been in the district since kindergarten suddenly develop > > this wi-fi sensitivity, particularly at school. This was one child > > whose mother was quite litigious, having attempted to sue the school on > > multiple occasions, with the story usually being her kid misbehaved, got > > in trouble, acted out worse and worse, and then the school did something > > wrong, when in fact they never really did. > > So based on a sample of one, you're concluding that this is all in the > minds of litigious parents? > > > She wanted to sue the school > > because her kid was getting sick from the wireless routers. Turns out > > his wi-fi sensitivity didn't develop during his elementary years, even > > though his school had access points outside of two of his classrooms > > when he was there. Mom claimed he felt fine at home, where casual > > sniffing while driving by the address showed 4 open access points just > > outside his front door. > > > > If this were a genuine illness, I would suspect it would only be found > > in those who live truly out in the wilderness, or we'd be suffering a > > pandemic of catastrophic proportions. Wi-fi is EVERYWHERE now. Every > > little small business that wants to encourage people hanging around has > > wi-fi. They may not advertise it, but it's there. Even if they don't, > > there's someone around who does. I bet if you stand by any window in > > any classroom of any school that's not out in the country, you WILL find > > wi-fi signal. > > That's true. However, if I recall correctly, signals degrade with the > square of the distance. Many schools have large playgrounds, which act > as a buffer for low-power signals like WiFi. > > > And with the availability of technology these days, > > there's at least one kid in your school who knows how to turn their cell > > phone into a wi-fi hot spot, who will open it for their buddies during > > lunch and study hall. > > > > I would beware of the tolls though. I'm sure there's someone with an ax > > to grind who can pretend to be sick. Stick up a wired switch with > > wireless antenna glued on until you call them out. Then deploy the > > wireless. > > > > I am all for the safety of all children, as well as the scientific method. > > As am I, which is why I referenced Dr. Havas' work above. > -- > Regards, > > Clifford Ilkay > Dinamis > 1419-3266 Yonge St. > Toronto, ON > Canada M4N 3P6 > > > +1 416-410-3326 > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From julius at turtle.com Tue Mar 15 13:30:03 2011 From: julius at turtle.com (Julius Szelagiewicz) Date: Tue, 15 Mar 2011 09:30:03 -0400 (EDT) Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D7EF945.2090006@dinamis.com> Message-ID: The problem with science is that any fraud or crank with a PhD can publish just about any garbage in a "peer reviewed" journal. The sane people just don't have enough time to debunk all the dreck and the gullible will believe anything. There is no global warming! Your peer reviewed "scientists" have proven it! Clifford, Reddit might be a better forum for this kind of nonsense. Julius On Tue, 15 Mar 2011, CLIFFORD ILKAY wrote: > On 03/15/2011 12:04 AM, Les Mikesell wrote: > > On 3/14/11 9:53 PM, CLIFFORD ILKAY wrote: > >> We don't all react to foods the same way so why is it inconceivable > >> that might > >> not react to RF waves the same way? Is it not possible that some > >> people and some > >> children are more sensitive to this than others? > > > > I suppose anything is possible - and someone might have the same > > reaction to the light/heat spectrum too. But people get sick and then > > better all the time and have made up reasons for both for all of human > > history. I don't think they'll stop now. > > How timely that I just read this from Dr. Mercola's newsletter: > . > > "If you missed Dr. Martin Blank's presentation in which he explains how > wireless devices affect your cells and DNA, I highly recommend you take > 20 minutes and listen to it now. > > Dr. Blank is an Associate Professor at Columbia University in the > department of physiology and cellular biophysics, and a researcher in > bioelectromagnetics. He is adamant when he says that there IS evidence > of harm within the non-ionizing range of radiation, and that the harm to > human health can be significant. > > This evidence has been peer-reviewed, published, and that the results > have been replicated, evaluated and "judged by scientists capable of > judging it," as Dr. Blank says." > > What would he know? He's just an associate professor at Columbia who > studies this stuff. > -- > Regards, > > Clifford Ilkay > Dinamis > 1419-3266 Yonge St. > Toronto, ON > Canada M4N 3P6 > > > +1 416-410-3326 > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From k12ltsp at rwcinc.net Tue Mar 15 14:05:57 2011 From: k12ltsp at rwcinc.net (Patrick Fleming) Date: Tue, 15 Mar 2011 07:05:57 -0700 Subject: [K12OSN] Zotac Zbox realtec network driver missing in Centos5.5 In-Reply-To: <50304.216.216.171.235.1300112542.squirrel@216.216.171.235> References: <50304.216.216.171.235.1300112542.squirrel@216.216.171.235> Message-ID: <4D7F7245.7000302@rwcinc.net> First you need to figure out which driver/module the card needs. I have done this by running a LiveCD and seeing which modules are loaded using "lsmod", "lspci" and "dmesg | grep -i eth" It's been a while so I don't remember which is the best to use - and it may vary by machine. Next you have to make sure the module is in your chroot, mine is located at: /opt/ltsp/i386/lib/modules/2.6.17.8-ltsp-1/kernel/drivers/net/tg3.ko (For the Tigrent gigbit adapter) I have a MAC address specific file for the machine that requires this driver: /tftpboot/lts/pxe/pxelinux.cfg/01-00-1e-c9-36-5d-f5 prompt 0 label linux kernel vmlinuz.ltsp append root=/dev/ram0 rw initrd=initramfs.gz NIC=tg3 lts.conf contains these lines: [00:1E:C9:36:5D:F5] MODULE_01 = tg3 I have had to do this for 2 machines so far and expect that to climb as I replace older machines. Hopefully this is enough to give you a head start. This was extremely frustrating when I first ran across it - it took nearly a week to get it figured out. Patrick On 03/14/11 07:22, Julius Szelagiewicz wrote: > > Folks, > I cought Odin talking how great the Zotac boxes are, so I got me one of > those babies in the AMD 64bit flavor. I installed DRBL on an AMD 64 bit > pc running Centos 5.5 and proceeded to boot the box. Got PXE going, the > system loads and then chokes on not recognised Realtec gigabit adapter. > I'm sure that there is a driver for it in Centos 5.5, but how do I get it > and what do I do to make it show up on the box? > > Julius > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From dyoung at mesd.k12.or.us Tue Mar 15 16:18:14 2011 From: dyoung at mesd.k12.or.us (Dan Young) Date: Tue, 15 Mar 2011 09:18:14 -0700 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <4D7EF945.2090006@dinamis.com> Message-ID: Any conversations about health claims regarding EMF are inappropriate in this forum, regardless of your feelings on the topic. This is a forum for technical discussions regarding open source software in education, FULL STOP. Please stop. Many thanks, -- Dan Young Multnomah ESD - Technology Services 503-257-1562 From clifford_ilkay at dinamis.com Tue Mar 15 16:43:40 2011 From: clifford_ilkay at dinamis.com (CLIFFORD ILKAY) Date: Tue, 15 Mar 2011 12:43:40 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: Message-ID: <4D7F973C.8070403@dinamis.com> On 03/15/2011 09:30 AM, Julius Szelagiewicz wrote: > The problem with science is that any fraud or crank with a PhD can publish > just about any garbage in a "peer reviewed" journal. The sane people just > don't have enough time to debunk all the dreck and the gullible will > believe anything. There is no global warming! Your peer reviewed > "scientists" have proven it! > > Clifford, Reddit might be a better forum for this kind of nonsense. Let's say what you're saying is true, that Havas is a crank. What about Blank? What about the other scientists who've done work in this area? Do you know something they don't and can prove it or is this just your "opinion"? What qualifies you to dismiss their work? Is it "just common sense"? If so, common sense also had people doing some pretty stupid things in the past, like subjecting themselves to X-rays at shoe stores and smoking cigarettes because they were "safe". A perfect example of how some scientists who were dismissed as cranks were eventually found to be right is the case of peptic ulcers. You can read about it here: . -- Regards, Clifford Ilkay Dinamis 1419-3266 Yonge St. Toronto, ON Canada M4N 3P6 +1 416-410-3326 From dhuckaby at paasda.org Tue Mar 15 17:12:03 2011 From: dhuckaby at paasda.org (Huck) Date: Tue, 15 Mar 2011 10:12:03 -0700 Subject: [K12OSN] USB Stick on demand virus scanning In-Reply-To: <1299793218.13470.12.camel@localhost.localdomain> References: <1299793218.13470.12.camel@localhost.localdomain> Message-ID: <4D7F9DE3.8080004@paasda.org> Barry, I manage 3 smaller private schools(240 kids in the largest, 100 in smallest)...but maintain about 250 machines total...and I still haven't found a GOOD(read 'easy') way to do this...the best solution so far has ended up being locking down profiles in the most draconian of fashions...so NO executables run except from a specific location...and users have no access to WRITE to this specific location so malware/etc, can't install itself...(these are general workstations)... on the flip side, the organization these schools belong to in their infinite wisdom require the use of an Accounting program that demands the use to be a system administrator(read: nightmare and irresponsible programming)...so there are about 10 machines of the 250 which I have to constantly scan and clean, and take up a lot of time... There may be some OpenSource solution for this that I'm unaware of, and recall FOG having some sort of an 'auto-install' module for ClamAV but have not had time to even look into it.. For what it's worth... --Huck On 03/10/11 1:40 PM, Barry Cisna wrote: > Hello All, > > This is somewhat off topic here,and I am guessing this may be a tough > nut to crack. I am going to ask anyways. > I would like to come up with some sort of usb stick 'on demand' scanning > that utilizes Clamav,Samba,and the samba-vscan-clamav module. I have > posted this in the Clamav forums and got one reply which really wasn't a > turn key setup like I would like it to be. > I am for sure not smart enough to come up with some sort of script that > would in effect auto mount an usb stick that was inserted into any > Winders workstation that was domain logged in and scan this newly seen > drive with the samba-vscan module and would function in the same manner > as samba-vscan-clamav works. We are at present using the > samba-vscan-clamav module which works sweet on all users home folders > that resides on one of the K12ltsp servers. > It appears to me that if this could happen this would be a 'one point' > manageable piece. > Some years back we went with the AVG Enterprise thing which worked OK, > but still doing updates and the licensing nightmares with this type of > thing is a daunting task. > We have recently got hit with a virus propagating out to all of the > Winders machines,as the admins have been buying laptops by the carload > and of course the usb stick thing is just a matter of time and this sort > of thing is bound to happen. > Possibly someone could chime in with what they use. > > Thanks, > Barry > > > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > > From clifford_ilkay at dinamis.com Tue Mar 15 17:14:23 2011 From: clifford_ilkay at dinamis.com (CLIFFORD ILKAY) Date: Tue, 15 Mar 2011 13:14:23 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <4D7EF945.2090006@dinamis.com> Message-ID: <4D7F9E6F.6080205@dinamis.com> On 03/15/2011 12:18 PM, Dan Young wrote: > Any conversations about health claims regarding EMF are inappropriate > in this forum, regardless of your feelings on the topic. This is a > forum for technical discussions regarding open source software in > education, FULL STOP. > > Please stop. Many thanks, Dan, when I say "you" below, I'm not referring to you specifically. It's the general "you". How is it inappropriate to point out that technology someone is considering deploying might be harmful to human health? I'd submit that technologists have an obligation to look beyond just the technology and understand it's implications on human health, too. It's irresponsible to not consider the humans in these systems, especially when someone has pointed out, "Hey, this thing might have some adverse health effects." The decision to deploy WiFi should not just be a decision of vendor A vs. vendor B and it should not be made just by technologists. If you're so certain this technology is safe, then advocate for it but have the integrity to inform all stakeholders of *all* issues, not just the technical ones. Anyone who has been following this thread now has more information and this list is publicly archived. If you don't inform your stakeholders of the potential adverse health effects of WiFi and they find out, you'll have to explain why you didn't despite having been informed. -- Regards, Clifford Ilkay Dinamis 1419-3266 Yonge St. Toronto, ON Canada M4N 3P6 +1 416-410-3326 From dyoung at mesd.k12.or.us Tue Mar 15 17:46:55 2011 From: dyoung at mesd.k12.or.us (Dan Young) Date: Tue, 15 Mar 2011 10:46:55 -0700 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D7F9E6F.6080205@dinamis.com> References: <4D7EF945.2090006@dinamis.com> <4D7F9E6F.6080205@dinamis.com> Message-ID: On Tue, Mar 15, 2011 at 10:14 AM, CLIFFORD ILKAY wrote: > How is it inappropriate to point out that technology someone is considering > deploying might be harmful to human health? I don't care to debate the merits of your points. I do take exception with the venue in which you make them. I would suggest that it's unlikely in the extreme that the question posed can be amicably settled in this forum. Clearly this is a topic you feel strongly about. I'd encourage you to find a forum in which you'd like to engage in such a discussion and link to it here. Continuing to berate folks here for how wrong-headed you feel they are only serves to poison the well of goodwill on which the open-source community is based. -- Dan Young Multnomah ESD - Technology Services 503-257-1562 From julius at turtle.com Wed Mar 16 01:19:35 2011 From: julius at turtle.com (Julius Szelagiewicz) Date: Tue, 15 Mar 2011 20:19:35 -0500 (EST) Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D7F973C.8070403@dinamis.com> References: <4D7F973C.8070403@dinamis.com> Message-ID: <58540.216.216.171.235.1300238375.squirrel@216.216.171.235> I'll bite just this once and no more. The case of peptic ulcers involved repeatable tests and a proof in the form of a bacterium. The wireless stuff seems to be done by people with just a passing knowledge of how science is supposed to be done. As hard as it might be to believe, some great universities have not so great faculty. The thing to remember is that many real radiation studies have been done over the decades. Some of them had funny if true results. As an example I give you the level of microwave radiation you get at the beach on a sunny day - it exceeds by an order of magnitude the radiation you get from your cellphone taped to your skin. The power level of wifi attenuates very quickly. To seriously push a hypothesis that it is harmful you'd need to be very gullible, say on the level of belief in homeopathic medicine. We have all been exposed to lots of microwave radiation with sources like microwave ovens, microwave communication, radars and the big elephant in the room - the Sun. let me put it to you in CS way: it doesn't compute. julius > On 03/15/2011 09:30 AM, Julius Szelagiewicz wrote: >> The problem with science is that any fraud or crank with a PhD can >> publish >> just about any garbage in a "peer reviewed" journal. The sane people >> just >> don't have enough time to debunk all the dreck and the gullible will >> believe anything. There is no global warming! Your peer reviewed >> "scientists" have proven it! >> >> Clifford, Reddit might be a better forum for this kind of nonsense. > > Let's say what you're saying is true, that Havas is a crank. What about > Blank? What about the other scientists who've done work in this area? Do > you know something they don't and can prove it or is this just your > "opinion"? What qualifies you to dismiss their work? Is it "just common > sense"? If so, common sense also had people doing some pretty stupid > things in the past, like subjecting themselves to X-rays at shoe stores > and smoking cigarettes because they were "safe". > > A perfect example of how some scientists who were dismissed as cranks > were eventually found to be right is the case of peptic ulcers. You can > read about it here: > . > -- > Regards, > > Clifford Ilkay > Dinamis > 1419-3266 Yonge St. > Toronto, ON > Canada M4N 3P6 > > > +1 416-410-3326 > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From andy.graybeal at casanueva.com Wed Mar 16 12:40:21 2011 From: andy.graybeal at casanueva.com (Andy Graybeal) Date: Wed, 16 Mar 2011 08:40:21 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <7CD69867FCBA0F4694B0C053BF093313034446B1@POSTINO.pselc.internal> References: <7CD69867FCBA0F4694B0C053BF093313034446B1@POSTINO.pselc.internal> Message-ID: <4D80AFB5.8070003@casanueva.com> On 03/10/2011 12:38 PM, John Oligario wrote: > We use the procurve. Our campus is 255 acres however we only cover > half, multiple buildings. > HP Procurve? Which specific devices? -Andy From brcisna at eazylivin.net Thu Mar 17 02:24:49 2011 From: brcisna at eazylivin.net (Barry R Cisna) Date: Wed, 16 Mar 2011 21:24:49 -0500 Subject: [K12OSN] Zotac Zbox realtec network driver missing in Centos5.5 Message-ID: <1300328689.4730.18.camel@localhost.localdomain> Julius, Just adding to what Patrick has already mentioned here. You want the r8169 driver which is in the ltsp drivers. Were Patrick has the tg3 entries change those two entries to r8169 Also I'm not real sure but the MAC address specific file does not need the dashes "-" in the file name. I am thinking it will work either way(possibly). In other words ############ rather than ##-##-##-##-##-## for the actual file name. It is some leg work but your shiny new Zotac Zbox shoud zzzz after you get these entries into the k12ltsp server's configs. Barry From johno at islandwood.org Thu Mar 17 14:04:45 2011 From: johno at islandwood.org (John Oligario) Date: Thu, 17 Mar 2011 07:04:45 -0700 Subject: [K12OSN] Zotac Zbox realtec network driver missing in Centos5.5 In-Reply-To: <1300328689.4730.18.camel@localhost.localdomain> References: <1300328689.4730.18.camel@localhost.localdomain> Message-ID: <945686FD-A2BF-4F04-855F-BA9443C2BB1E@islandwood.org> I think it is the R8168D you are talking about. On Mar 16, 2011, at 7:27 PM, "Barry R Cisna" wrote: > Julius, > > Just adding to what Patrick has already mentioned here. > > You want the r8169 driver which is in the ltsp drivers. > > Were Patrick has the tg3 entries change those two entries to r8169 > > Also I'm not real sure but the MAC address specific file does not need > the dashes "-" in the file name. I am thinking it will work either > way(possibly). > In other words ############ rather than ##-##-##-##-##-## for the actual > file name. > It is some leg work but your shiny new Zotac Zbox shoud zzzz after you > get these entries into the k12ltsp server's configs. > > Barry > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From carl at snarlnet.com Thu Mar 17 17:27:25 2011 From: carl at snarlnet.com (Carl Keil) Date: Thu, 17 Mar 2011 10:27:25 -0700 Subject: [K12OSN] reporting and/or stopping cracking attempts on server Message-ID: <4D82447D.3030907@snarlnet.com> Hello folks, For those of you that run servers exposed to the outside world, I just wanted to send a ping out and see what others are doing about this. I'm seeing an escalation in what I call "brute force" attacks on my server. Like people trying to SSH in repeatedly from one IP with common sounding user names. Or lots of http requests (I've got web on the same server) for ....setup.php or setup.pl etc. Repeated Auth requests to sendmail. I've started running fail2ban, which, I feel does a great job of cutting this down. Is there anything better that's about equally as easy to setup? Is there any point in making the effort to look up the IP's and contact the ISP's about this? Or does that just piss off the script kiddies and make you more of a target. I don't want to have to become a full on security expert, but I want to make sure I'm doing all the easy no-brainer stuff that can protect you 99% of the time. I hope that attitude doesn't offend anyone. I'm not working for a school. I got into ltsp for home use and just run it for convenience and pleasure. Dealing with idiots who are trying to break in cuts down on both. Thanks, ck From DLWillson at TheGeek.NU Thu Mar 17 17:46:17 2011 From: DLWillson at TheGeek.NU (David L. Willson) Date: Thu, 17 Mar 2011 11:46:17 -0600 (MDT) Subject: [K12OSN] reporting and/or stopping cracking attempts on server In-Reply-To: <4D82447D.3030907@snarlnet.com> Message-ID: <4032312.101.1300383971407.JavaMail.dlwillson@dlwillson-laptop> On a honey-pot: 1. Have really good passwords. 2. dig -x ip.of.attacker 3. www.iptools.com to research owner of ip 4. follow up with owner, send someone to jail/detention/home On an important server: 1. Move ssh to a non-default port. 2. Use fail2ban (you already do. good job.) 3. Put SELinux in enforcing mode and deal with occasional headaches. 4. Remove non-essential services (dovecot? cups? sendmail? apache? up to you) 5. Update frequently and read your log anomaly reports. David L. Willson Trainer, Engineer, Enthusiast RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP tel://720.333.LANS Freedom is better when you earn it. Learn Linux. ----- Original Message ----- From: "Carl Keil" To: "Support list for open source software in schools." Sent: Thursday, March 17, 2011 11:27:25 AM Subject: [K12OSN] reporting and/or stopping cracking attempts on server Hello folks, For those of you that run servers exposed to the outside world, I just wanted to send a ping out and see what others are doing about this. I'm seeing an escalation in what I call "brute force" attacks on my server. Like people trying to SSH in repeatedly from one IP with common sounding user names. Or lots of http requests (I've got web on the same server) for ....setup.php or setup.pl etc. Repeated Auth requests to sendmail. I've started running fail2ban, which, I feel does a great job of cutting this down. Is there anything better that's about equally as easy to setup? Is there any point in making the effort to look up the IP's and contact the ISP's about this? Or does that just piss off the script kiddies and make you more of a target. I don't want to have to become a full on security expert, but I want to make sure I'm doing all the easy no-brainer stuff that can protect you 99% of the time. I hope that attitude doesn't offend anyone. I'm not working for a school. I got into ltsp for home use and just run it for convenience and pleasure. Dealing with idiots who are trying to break in cuts down on both. Thanks, ck _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see From reb at taco.com Thu Mar 17 17:55:56 2011 From: reb at taco.com (Phydeaux) Date: Thu, 17 Mar 2011 13:55:56 -0400 Subject: [K12OSN] reporting and/or stopping cracking attempts on server In-Reply-To: <4D82447D.3030907@snarlnet.com> References: <4D82447D.3030907@snarlnet.com> Message-ID: > Hello folks, > > For those of you that run servers exposed to the outside world, I just > wanted to send a ping out and see what others are doing about this. I'm > seeing an escalation in what I call "brute force" attacks on my server. > Like people trying to SSH in repeatedly from one IP with common sounding > user names. Or lots of http requests (I've got web on the same server) > for ....setup.php or setup.pl etc. Repeated Auth requests to sendmail. For services where you control who has access, like ssh, I recommend using a non-standard port, (for ssh that means anything but 22). That will get rid of the overwhelming majority of script kiddies who try brute force methods of gaining entry. Things like fail2ban that look at access attempts and modify firewall rules are another good option. reb From joseph.bishay at gmail.com Thu Mar 17 20:13:15 2011 From: joseph.bishay at gmail.com (Joseph Bishay) Date: Thu, 17 Mar 2011 16:13:15 -0400 Subject: [K12OSN] reporting and/or stopping cracking attempts on server In-Reply-To: <4D82447D.3030907@snarlnet.com> References: <4D82447D.3030907@snarlnet.com> Message-ID: Hello, On Thu, Mar 17, 2011 at 1:27 PM, Carl Keil wrote: > Hello folks, > > For those of you that run servers exposed to the outside world, I just > wanted to send a ping out and see what others are doing about this. ?I'm > seeing an escalation in what I call "brute force" attacks on my server. > ?Like people trying to SSH in repeatedly from one IP with common sounding > user names. ?Or lots of http requests (I've got web on the same server) for > ....setup.php or setup.pl etc. ?Repeated Auth requests to sendmail. I run DenyHosts ( http://denyhosts.sourceforge.net/ ) on my servers and it works very well for dealing with SSH brute force attacks. Have a good day, Joseph From joseph.bishay at gmail.com Thu Mar 17 20:19:04 2011 From: joseph.bishay at gmail.com (Joseph Bishay) Date: Thu, 17 Mar 2011 16:19:04 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D80AFB5.8070003@casanueva.com> References: <7CD69867FCBA0F4694B0C053BF093313034446B1@POSTINO.pselc.internal> <4D80AFB5.8070003@casanueva.com> Message-ID: Hello, I've been asked to see if I can split the technological spend into things that can be done while the building is going up, and things that can be done in the future once we have more funding. Given most of the machines will be directly-wired, wireless is a secondary priority. But I don't want to miss something now and then suffer in the future once the walls are up. So what I am thinking is that before the drywall goes up I need: 1) identify where the access points would be to overlap the necessary coverage 2) Make sure there is a power outlet at that location 3) Run a cat 6 cable from that location back to where the Internet switch will be located. Am I correct in saying that's all I need? Thank you Joseph On Wed, Mar 16, 2011 at 8:40 AM, Andy Graybeal wrote: > On 03/10/2011 12:38 PM, John Oligario wrote: >> >> We use the procurve. ?Our campus is 255 acres however we only cover >> half, multiple buildings. >> > > HP Procurve? ?Which specific devices? > > -Andy > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From brcisna at eazylivin.net Thu Mar 17 20:57:31 2011 From: brcisna at eazylivin.net (Barry R Cisna) Date: Thu, 17 Mar 2011 15:57:31 -0500 Subject: [K12OSN] Zotac Zbox realtec network driver missing in Centos5.5 Message-ID: <1300395451.4730.28.camel@localhost.localdomain> It may be worth noting there are a few variants of the Realtek gigE nics. The r8169 that is supplied with ltsp/k12ltsp distro will work with most of the Realtek gigE cards/chipsets ,,r8169. It does work on a couple of Acer laptops confirmed. But,,there are some bugs with this nic in some laptops/mobo's in regards to WOL settings within the bios will cause some of these chips to not work as expected or not at all. Something to keep in mind with dealing with these nics. Barry From rie at pcfubar.net Thu Mar 17 20:58:26 2011 From: rie at pcfubar.net (roger) Date: Thu, 17 Mar 2011 13:58:26 -0700 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <7CD69867FCBA0F4694B0C053BF093313034446B1@POSTINO.pselc.internal> <4D80AFB5.8070003@casanueva.com> Message-ID: don't forget you could go POE for the wireless device. You could then use either a switch that handles POE or a power injector at the switch location. With a POE setup, you could then mount the access point high up on the wall away from prying hands. Roger On Thu, Mar 17, 2011 at 1:19 PM, Joseph Bishay wrote: > Hello, > 2) Make sure there is a power outlet at that location From charlie at smbis.com Thu Mar 17 21:42:19 2011 From: charlie at smbis.com (Charlie) Date: Thu, 17 Mar 2011 17:42:19 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <7CD69867FCBA0F4694B0C053BF093313034446B1@POSTINO.pselc.internal> <4D80AFB5.8070003@casanueva.com> Message-ID: <1300398139.1820.37.camel@lws1> Actually, you would be better off investing in a web managed PoE switch (or fully managed if you have deep pockets) and a good UPS. That way you don't have to worry so much where the WAPs go as far as AC availability is concerned, they would get their power from the switch via the LAN cable. This would also eliminate no WAP access during a power outage for users of laptops, that is if they remembered to charge their laptop battery beforehand. You also might want to get a vendor like EnGenius involved to help with the design since this will be a school. Charlie Houp SMBis, LLC http://www.smbis.com/ -----Original Message----- From: Joseph Bishay Reply-to: "Support list for open source software in schools." To: Support list for open source software in schools. Subject: Re: [K12OSN] Slightly OT - Wireless in your school/building Date: Thu, 17 Mar 2011 16:19:04 -0400 Hello, I've been asked to see if I can split the technological spend into things that can be done while the building is going up, and things that can be done in the future once we have more funding. Given most of the machines will be directly-wired, wireless is a secondary priority. But I don't want to miss something now and then suffer in the future once the walls are up. So what I am thinking is that before the drywall goes up I need: 1) identify where the access points would be to overlap the necessary coverage 2) Make sure there is a power outlet at that location 3) Run a cat 6 cable from that location back to where the Internet switch will be located. Am I correct in saying that's all I need? Thank you Joseph On Wed, Mar 16, 2011 at 8:40 AM, Andy Graybeal wrote: > On 03/10/2011 12:38 PM, John Oligario wrote: >> >> We use the procurve. Our campus is 255 acres however we only cover >> half, multiple buildings. >> > > HP Procurve? Which specific devices? > > -Andy > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > _______________________________________________ K12OSN mailing list K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn For more info see -------------- next part -------------- An HTML attachment was scrubbed... URL: From jessemcdonnell at verizon.net Thu Mar 17 22:19:45 2011 From: jessemcdonnell at verizon.net (Jesse McDonnell) Date: Thu, 17 Mar 2011 18:19:45 -0400 Subject: [K12OSN] reporting and/or stopping cracking attempts on server In-Reply-To: <4032312.101.1300383971407.JavaMail.dlwillson@dlwillson-laptop> References: <4D82447D.3030907@snarlnet.com> <4032312.101.1300383971407.JavaMail.dlwillson@dlwillson-laptop> Message-ID: <20110317181945.2253cc09.jessemcdonnell@verizon.net> On Thu, 17 Mar 2011 11:46:17 -0600 (MDT) "David L. Willson" wrote: > > On an important server: > 1. Move ssh to a non-default port. Agree. Doing this will get rid of 99.99% of the brute force attacks, pick a high numbered port, well above 1024. Fail2ban will take care of the rest. If you only need ssh for remote administration, put your server behind a firewall and use port forwarding. If you login consistently from a couple of different remote locations, if possible, limit access to to just the ip addresses of those locations. Jesse McDonnell From rowens at ptd.net Fri Mar 18 00:41:34 2011 From: rowens at ptd.net (Rob Owens) Date: Thu, 17 Mar 2011 20:41:34 -0400 Subject: [K12OSN] reporting and/or stopping cracking attempts on server In-Reply-To: <4D82447D.3030907@snarlnet.com> References: <4D82447D.3030907@snarlnet.com> Message-ID: <20110318004133.GA11330@aurora.owens.net> On Thu, Mar 17, 2011 at 10:27:25AM -0700, Carl Keil wrote: > Hello folks, > > For those of you that run servers exposed to the outside world, I > just wanted to send a ping out and see what others are doing about > this. I'm seeing an escalation in what I call "brute force" attacks > on my server. Like people trying to SSH in repeatedly from one IP > with common sounding user names. Or lots of http requests (I've got > web on the same server) for ....setup.php or setup.pl etc. Repeated > Auth requests to sendmail. > Limit ssh to only users who need it. See "AllowUsers" in sshd_config. Use only public key authentication for ssh. In sshd_config, set: PasswordAuthentication no -Rob From microman at cmosnetworks.com Fri Mar 18 05:13:36 2011 From: microman at cmosnetworks.com (Terrell Prude' Jr.) Date: Fri, 18 Mar 2011 01:13:36 -0400 Subject: [K12OSN] reporting and/or stopping cracking attempts on server In-Reply-To: <4D82447D.3030907@snarlnet.com> References: <4D82447D.3030907@snarlnet.com> Message-ID: <4D82EA00.1090208@cmosnetworks.com> Moving SSH to a nonstandard port has been suggested. I disagree with that, because, as an INFOSEC engineer, I've learned over the years that security through obscurity is no security at all. I'm in a similar situation with a Debian box that I run at work, also accessible from the Internet. What I do is packet-filter the daylights out of it and use fail2ban (looks like you are, too--very good). I like the concept of DenyHosts a lot, and I believe that fail2ban is the improved version of that concept, since it uses iptables, thus preventing the "bad" packets from ever getting to any daemon in the first place. Reduce your total login attempts to 3, and block that offending IP address for a month. Now, that said.... Personally, I wouldn't be running all that stuff on the same box to begin with. Yes, SELinux is helpful, and it should be used. However, I guess I'm still of the old school that says "one bastion host for HTTP, one bastion host for email, one bastion host for ", etc. It's just so much easier to design and keep security rules (ACL's and such) with those functions on separate servers. Virtualization can help out here if you don't want to run more than one physical box. Fortunately, CentOS 5 has Xen and KVM, both of which actually work pretty well. --TP Carl Keil wrote: > Hello folks, > > For those of you that run servers exposed to the outside world, I just > wanted to send a ping out and see what others are doing about this. > I'm seeing an escalation in what I call "brute force" attacks on my > server. Like people trying to SSH in repeatedly from one IP with > common sounding user names. Or lots of http requests (I've got web on > the same server) for ....setup.php or setup.pl etc. Repeated Auth > requests to sendmail. > > I've started running fail2ban, which, I feel does a great job of > cutting this down. Is there anything better that's about equally as > easy to setup? Is there any point in making the effort to look up the > IP's and contact the ISP's about this? Or does that just piss off the > script kiddies and make you more of a target. I don't want to have to > become a full on security expert, but I want to make sure I'm doing > all the easy no-brainer stuff that can protect you 99% of the time. I > hope that attitude doesn't offend anyone. I'm not working for a > school. I got into ltsp for home use and just run it for convenience > and pleasure. Dealing with idiots who are trying to break in cuts > down on both. > > Thanks, > > ck > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From julius at turtle.com Fri Mar 18 12:03:19 2011 From: julius at turtle.com (Julius Szelagiewicz) Date: Fri, 18 Mar 2011 08:03:19 -0400 (EDT) Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: Message-ID: I suggest access points that work on PoE. It is much easier to run just Cat5or Cat6 then to wire for power. The PoE switches from HP work flawlessly. Julius On Thu, 17 Mar 2011, Joseph Bishay wrote: > Hello, > > I've been asked to see if I can split the technological spend into > things that can be done while the building is going up, and things > that can be done in the future once we have more funding. Given most > of the machines will be directly-wired, wireless is a secondary > priority. But I don't want to miss something now and then suffer in > the future once the walls are up. So what I am thinking is that > before the drywall goes up I need: > > 1) identify where the access points would be to overlap the necessary coverage > 2) Make sure there is a power outlet at that location > 3) Run a cat 6 cable from that location back to where the Internet > switch will be located. > > Am I correct in saying that's all I need? > > Thank you > Joseph > > On Wed, Mar 16, 2011 at 8:40 AM, Andy Graybeal > wrote: > > On 03/10/2011 12:38 PM, John Oligario wrote: > >> > >> We use the procurve. ?Our campus is 255 acres however we only cover > >> half, multiple buildings. > >> > > > > HP Procurve? ?Which specific devices? > > > > -Andy > > > > _______________________________________________ > > K12OSN mailing list > > K12OSN at redhat.com > > https://www.redhat.com/mailman/listinfo/k12osn > > For more info see > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From news at siddall.name Fri Mar 18 14:28:28 2011 From: news at siddall.name (Jeff Siddall) Date: Fri, 18 Mar 2011 10:28:28 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: Message-ID: <4D836C0C.7070409@siddall.name> On 03/18/2011 08:03 AM, Julius Szelagiewicz wrote: > I suggest access points that work on PoE. It is much easier to run just > Cat5or Cat6 then to wire for power. The PoE switches from HP work > flawlessly. > Julius Either that or pick whatever AP you like, and if it doesn't do PoE just buy one of these: http://www.trendnet.com/products/proddetail.asp?prod=130_TPE-112GS&cat=58 They are only ~$25 so it really doesn't matter whether your AP does PoE or not, and there is no way you can run power anywhere for $25. Jeff From DLWillson at TheGeek.NU Fri Mar 18 15:43:42 2011 From: DLWillson at TheGeek.NU (David L. Willson) Date: Fri, 18 Mar 2011 09:43:42 -0600 (MDT) Subject: [K12OSN] reporting and/or stopping cracking attempts on server In-Reply-To: <4D82EA00.1090208@cmosnetworks.com> Message-ID: <6902344.4771300463022408.JavaMail.root@zimbra.thegeek.nu> This discussion might deserve to be had if we can keep it civil, and I suppose we can. There are two major "security through obscurity" maneuvers I approve of: - Decline ping - Move ssh to a non-default port Both are intended to evade attack by the 99%, and both are proven effective over time on many hosts. When you say that "security through obscurity is no security at all", what do you mean? I heard those words many, many years ago, and accepted them verbatim for a time, and took them to mean that a secure host would be secure "no matter what". I pictured in my mind, a hardened, shining server gleaming in a field of rampaging orcs, impervious to their blows. Over time I realized that being obvious, by replying to pings, running ssh on the default port, returning service version numbers, etc. encourages attacks, and makes them more frequent, and that responding to attacks takes up valuable bandwidth, mine and the server's. I came gradually to think that not being attacked might be a valuable part of good security, and that therefore obscuring the target might be a perfectly acceptable way to throw off the enemy's archers, so to speak. I suppose you may have heard that perspective, too, and I wonder what you think of it. For me, obscurity actually ~is~ a valuable part of security. David L. Willson Trainer, Engineer, Enthusiast RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP tel://720.333.LANS Freedom is better when you earn it. Learn Linux. ----- "Terrell Prude' Jr." wrote: > Moving SSH to a nonstandard port has been suggested. I disagree with > > that, because, as an INFOSEC engineer, I've learned over the years > that > security through obscurity is no security at all. I'm in a similar > situation with a Debian box that I run at work, also accessible from > the > Internet. > > What I do is packet-filter the daylights out of it and use fail2ban > (looks like you are, too--very good). I like the concept of DenyHosts > a > lot, and I believe that fail2ban is the improved version of that > concept, since it uses iptables, thus preventing the "bad" packets > from > ever getting to any daemon in the first place. Reduce your total > login > attempts to 3, and block that offending IP address for a month. > > Now, that said.... > > Personally, I wouldn't be running all that stuff on the same box to > begin with. Yes, SELinux is helpful, and it should be used. However, > I > guess I'm still of the old school that says "one bastion host for > HTTP, > one bastion host for email, one bastion host for else>", etc. It's just so much easier to design and keep security > rules > (ACL's and such) with those functions on separate servers. > Virtualization can help out here if you don't want to run more than > one > physical box. Fortunately, CentOS 5 has Xen and KVM, both of which > actually work pretty well. > > --TP > > > Carl Keil wrote: > > Hello folks, > > > > For those of you that run servers exposed to the outside world, I > just > > wanted to send a ping out and see what others are doing about this. > > > I'm seeing an escalation in what I call "brute force" attacks on my > > > server. Like people trying to SSH in repeatedly from one IP with > > common sounding user names. Or lots of http requests (I've got web > on > > the same server) for ....setup.php or setup.pl etc. Repeated Auth > > requests to sendmail. > > > > I've started running fail2ban, which, I feel does a great job of > > cutting this down. Is there anything better that's about equally as > > > easy to setup? Is there any point in making the effort to look up > the > > IP's and contact the ISP's about this? Or does that just piss off > the > > script kiddies and make you more of a target. I don't want to have > to > > become a full on security expert, but I want to make sure I'm doing > > > all the easy no-brainer stuff that can protect you 99% of the time. > I > > hope that attitude doesn't offend anyone. I'm not working for a > > school. I got into ltsp for home use and just run it for > convenience > > and pleasure. Dealing with idiots who are trying to break in cuts > > down on both. > > > > Thanks, > > > > ck > > > > _______________________________________________ > > K12OSN mailing list > > K12OSN at redhat.com > > https://www.redhat.com/mailman/listinfo/k12osn > > For more info see > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From microman at cmosnetworks.com Fri Mar 18 17:19:26 2011 From: microman at cmosnetworks.com (Terrell Prude' Jr.) Date: Fri, 18 Mar 2011 13:19:26 -0400 Subject: [K12OSN] reporting and/or stopping cracking attempts on server In-Reply-To: <6902344.4771300463022408.JavaMail.root@zimbra.thegeek.nu> References: <6902344.4771300463022408.JavaMail.root@zimbra.thegeek.nu> Message-ID: <4D83941E.8080308@cmosnetworks.com> Not sure what the "keep it civil" comment was for, as I do not believe I was "uncivil". But anyway.... Moving ports around unfortunately doesn't work, due to SSH-specific port scanners that can easily and quickly scan all 65,536 TCP ports. I tried that myself on a test box as an experiment, and the result was all sorts of attack attempts within a week of standing up the server. Everything but that specific port was blocked coming in. Of course, I had hardened the box so that such attacks would be exceedingly unlikely to succeed, and none did, but the point is that the attackers still found my SSH daemon with the port moved (no, not something obvious like TCP 222, 2222, 31337, or similar). On the other hand, blocking pings is not what I'd call security through obscurity. That's because there are actual attacks against boxes that use ICMP (e. g. Ping of Death from the 1990's, and there may be other, newer ones). For this reason, the typical system cracker that I encounter now assumes that ping will be blocked and simply does a TCP port scan without bothering to ping first. Instead, I would consider setting up a "honey-pot" decoy box on another IP address in that same subnet (preferably one that comes "before" the real box due to the way most people port-scan, e. g. the honey-pot would be a.b.c.99 and the real box a.b.c.100), running a pseudo SSH daemon, kinda-sorta like how the OpenBSD project does with SMTP and their excellent SPAMD program. Have that decoy box configured to email you whenever there is an attack against it, so that you can take action or trigger a script on the "real" box to do an "iptables -A INPUT -s w.x.y.z -j DROP" on the attacking IP address. Naturally, the honey-pot decoy needs to be very well hardened if it's going to talk to the real box like this. --TP David L. Willson wrote: > This discussion might deserve to be had if we can keep it civil, and I suppose we can. > > There are two major "security through obscurity" maneuvers I approve of: > > - Decline ping > - Move ssh to a non-default port > > Both are intended to evade attack by the 99%, and both are proven effective over time on many hosts. > > When you say that "security through obscurity is no security at all", what do you mean? I heard those words many, many years ago, and accepted them verbatim for a time, and took them to mean that a secure host would be secure "no matter what". I pictured in my mind, a hardened, shining server gleaming in a field of rampaging orcs, impervious to their blows. Over time I realized that being obvious, by replying to pings, running ssh on the default port, returning service version numbers, etc. encourages attacks, and makes them more frequent, and that responding to attacks takes up valuable bandwidth, mine and the server's. I came gradually to think that not being attacked might be a valuable part of good security, and that therefore obscuring the target might be a perfectly acceptable way to throw off the enemy's archers, so to speak. > > I suppose you may have heard that perspective, too, and I wonder what you think of it. > > For me, obscurity actually ~is~ a valuable part of security. > > David L. Willson > Trainer, Engineer, Enthusiast > RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP > tel://720.333.LANS > Freedom is better when you earn it. Learn Linux. > > ----- "Terrell Prude' Jr." wrote: > > >> Moving SSH to a nonstandard port has been suggested. I disagree with >> >> that, because, as an INFOSEC engineer, I've learned over the years >> that >> security through obscurity is no security at all. I'm in a similar >> situation with a Debian box that I run at work, also accessible from >> the >> Internet. >> >> What I do is packet-filter the daylights out of it and use fail2ban >> (looks like you are, too--very good). I like the concept of DenyHosts >> a >> lot, and I believe that fail2ban is the improved version of that >> concept, since it uses iptables, thus preventing the "bad" packets >> from >> ever getting to any daemon in the first place. Reduce your total >> login >> attempts to 3, and block that offending IP address for a month. >> >> Now, that said.... >> >> Personally, I wouldn't be running all that stuff on the same box to >> begin with. Yes, SELinux is helpful, and it should be used. However, >> I >> guess I'm still of the old school that says "one bastion host for >> HTTP, >> one bastion host for email, one bastion host for > else>", etc. It's just so much easier to design and keep security >> rules >> (ACL's and such) with those functions on separate servers. >> Virtualization can help out here if you don't want to run more than >> one >> physical box. Fortunately, CentOS 5 has Xen and KVM, both of which >> actually work pretty well. >> >> --TP >> >> >> Carl Keil wrote: >> >>> Hello folks, >>> >>> For those of you that run servers exposed to the outside world, I >>> >> just >> >>> wanted to send a ping out and see what others are doing about this. >>> >>> I'm seeing an escalation in what I call "brute force" attacks on my >>> >>> server. Like people trying to SSH in repeatedly from one IP with >>> common sounding user names. Or lots of http requests (I've got web >>> >> on >> >>> the same server) for ....setup.php or setup.pl etc. Repeated Auth >>> requests to sendmail. >>> >>> I've started running fail2ban, which, I feel does a great job of >>> cutting this down. Is there anything better that's about equally as >>> >>> easy to setup? Is there any point in making the effort to look up >>> >> the >> >>> IP's and contact the ISP's about this? Or does that just piss off >>> >> the >> >>> script kiddies and make you more of a target. I don't want to have >>> >> to >> >>> become a full on security expert, but I want to make sure I'm doing >>> >>> all the easy no-brainer stuff that can protect you 99% of the time. >>> >> I >> >>> hope that attitude doesn't offend anyone. I'm not working for a >>> school. I got into ltsp for home use and just run it for >>> >> convenience >> >>> and pleasure. Dealing with idiots who are trying to break in cuts >>> down on both. >>> >>> Thanks, >>> >>> ck >>> >>> _______________________________________________ >>> K12OSN mailing list >>> K12OSN at redhat.com >>> https://www.redhat.com/mailman/listinfo/k12osn >>> For more info see >>> >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> For more info see >> > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From DLWillson at TheGeek.NU Fri Mar 18 17:50:29 2011 From: DLWillson at TheGeek.NU (David L. Willson) Date: Fri, 18 Mar 2011 11:50:29 -0600 (MDT) Subject: [K12OSN] reporting and/or stopping cracking attempts on server In-Reply-To: <4D83941E.8080308@cmosnetworks.com> Message-ID: <11245227.4861300470629422.JavaMail.root@zimbra.thegeek.nu> I'm sorry if you felt I was accusing you of being uncivil. Nothing like that was my intent. My opening the discussion with "keep it civil" was meant as a preventive, not as a response to anything you said or did. I've been in enough technical discussions over debatable administrative philosophy that degraded into flame-fests, that I figured I'd say at the beginning that, for me, flame-fests aren't fun, they're an embarrassing waste of bandwidth. OTOH, sane discussions of administrative policy/philosophy are fun and enlightening. I think we've covered everything technically. Your findings with regard to ssh cracking are very different from my own. I'll try to find time to do a little fresh testing, and return with my results. ----- "Terrell Prude' Jr." wrote: > Not sure what the "keep it civil" comment was for, as I do not believe > I > was "uncivil". > > But anyway.... > > Moving ports around unfortunately doesn't work, due to SSH-specific > port > scanners that can easily and quickly scan all 65,536 TCP ports. I > tried > that myself on a test box as an experiment, and the result was all > sorts > of attack attempts within a week of standing up the server. > Everything > but that specific port was blocked coming in. Of course, I had > hardened > the box so that such attacks would be exceedingly unlikely to succeed, > > and none did, but the point is that the attackers still found my SSH > daemon with the port moved (no, not something obvious like TCP 222, > 2222, 31337, or similar). > > On the other hand, blocking pings is not what I'd call security > through > obscurity. That's because there are actual attacks against boxes that > > use ICMP (e. g. Ping of Death from the 1990's, and there may be other, > > newer ones). For this reason, the typical system cracker that I > encounter now assumes that ping will be blocked and simply does a TCP > > port scan without bothering to ping first. > > Instead, I would consider setting up a "honey-pot" decoy box on > another > IP address in that same subnet (preferably one that comes "before" the > > real box due to the way most people port-scan, e. g. the honey-pot > would > be a.b.c.99 and the real box a.b.c.100), running a pseudo SSH daemon, > > kinda-sorta like how the OpenBSD project does with SMTP and their > excellent SPAMD program. Have that decoy box configured to email you > > whenever there is an attack against it, so that you can take action or > > trigger a script on the "real" box to do an "iptables -A INPUT -s > w.x.y.z -j DROP" on the attacking IP address. Naturally, the > honey-pot > decoy needs to be very well hardened if it's going to talk to the real > > box like this. > > --TP > > > David L. Willson wrote: > > This discussion might deserve to be had if we can keep it civil, and > I suppose we can. > > > > There are two major "security through obscurity" maneuvers I approve > of: > > > > - Decline ping > > - Move ssh to a non-default port > > > > Both are intended to evade attack by the 99%, and both are proven > effective over time on many hosts. > > > > When you say that "security through obscurity is no security at > all", what do you mean? I heard those words many, many years ago, and > accepted them verbatim for a time, and took them to mean that a secure > host would be secure "no matter what". I pictured in my mind, a > hardened, shining server gleaming in a field of rampaging orcs, > impervious to their blows. Over time I realized that being obvious, by > replying to pings, running ssh on the default port, returning service > version numbers, etc. encourages attacks, and makes them more > frequent, and that responding to attacks takes up valuable bandwidth, > mine and the server's. I came gradually to think that not being > attacked might be a valuable part of good security, and that therefore > obscuring the target might be a perfectly acceptable way to throw off > the enemy's archers, so to speak. > > > > I suppose you may have heard that perspective, too, and I wonder > what you think of it. > > > > For me, obscurity actually ~is~ a valuable part of security. > > > > David L. Willson > > Trainer, Engineer, Enthusiast > > RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP > > tel://720.333.LANS > > Freedom is better when you earn it. Learn Linux. > > > > ----- "Terrell Prude' Jr." wrote: > > > > > >> Moving SSH to a nonstandard port has been suggested. I disagree > with > >> > >> that, because, as an INFOSEC engineer, I've learned over the years > >> that > >> security through obscurity is no security at all. I'm in a similar > > >> situation with a Debian box that I run at work, also accessible > from > >> the > >> Internet. > >> > >> What I do is packet-filter the daylights out of it and use fail2ban > > >> (looks like you are, too--very good). I like the concept of > DenyHosts > >> a > >> lot, and I believe that fail2ban is the improved version of that > >> concept, since it uses iptables, thus preventing the "bad" packets > >> from > >> ever getting to any daemon in the first place. Reduce your total > >> login > >> attempts to 3, and block that offending IP address for a month. > >> > >> Now, that said.... > >> > >> Personally, I wouldn't be running all that stuff on the same box to > > >> begin with. Yes, SELinux is helpful, and it should be used. > However, > >> I > >> guess I'm still of the old school that says "one bastion host for > >> HTTP, > >> one bastion host for email, one bastion host for >> else>", etc. It's just so much easier to design and keep security > >> rules > >> (ACL's and such) with those functions on separate servers. > >> Virtualization can help out here if you don't want to run more > than > >> one > >> physical box. Fortunately, CentOS 5 has Xen and KVM, both of which > > >> actually work pretty well. > >> > >> --TP > >> > >> > >> Carl Keil wrote: > >> > >>> Hello folks, > >>> > >>> For those of you that run servers exposed to the outside world, I > >>> > >> just > >> > >>> wanted to send a ping out and see what others are doing about > this. > >>> > >>> I'm seeing an escalation in what I call "brute force" attacks on > my > >>> > >>> server. Like people trying to SSH in repeatedly from one IP with > > >>> common sounding user names. Or lots of http requests (I've got > web > >>> > >> on > >> > >>> the same server) for ....setup.php or setup.pl etc. Repeated Auth > > >>> requests to sendmail. > >>> > >>> I've started running fail2ban, which, I feel does a great job of > >>> cutting this down. Is there anything better that's about equally > as > >>> > >>> easy to setup? Is there any point in making the effort to look > up > >>> > >> the > >> > >>> IP's and contact the ISP's about this? Or does that just piss > off > >>> > >> the > >> > >>> script kiddies and make you more of a target. I don't want to > have > >>> > >> to > >> > >>> become a full on security expert, but I want to make sure I'm > doing > >>> > >>> all the easy no-brainer stuff that can protect you 99% of the > time. > >>> > >> I > >> > >>> hope that attitude doesn't offend anyone. I'm not working for a > >>> school. I got into ltsp for home use and just run it for > >>> > >> convenience > >> > >>> and pleasure. Dealing with idiots who are trying to break in cuts > > >>> down on both. > >>> > >>> Thanks, > >>> > >>> ck > >>> > >>> _______________________________________________ > >>> K12OSN mailing list > >>> K12OSN at redhat.com > >>> https://www.redhat.com/mailman/listinfo/k12osn > >>> For more info see > >>> > >> _______________________________________________ > >> K12OSN mailing list > >> K12OSN at redhat.com > >> https://www.redhat.com/mailman/listinfo/k12osn > >> For more info see > >> > > > > _______________________________________________ > > K12OSN mailing list > > K12OSN at redhat.com > > https://www.redhat.com/mailman/listinfo/k12osn > > For more info see > > > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see From julius at turtle.com Fri Mar 18 19:52:03 2011 From: julius at turtle.com (Julius Szelagiewicz) Date: Fri, 18 Mar 2011 14:52:03 -0500 (EST) Subject: [K12OSN] reporting and/or stopping cracking attempts on server In-Reply-To: <11245227.4861300470629422.JavaMail.root@zimbra.thegeek.nu> References: <4D83941E.8080308@cmosnetworks.com> <11245227.4861300470629422.JavaMail.root@zimbra.thegeek.nu> Message-ID: <44750.216.216.171.235.1300477923.squirrel@216.216.171.235> All of us would be well advised to listen to Terrell - he is wise and helpful. julius > I'm sorry if you felt I was accusing you of being uncivil. Nothing like > that was my intent. > > My opening the discussion with "keep it civil" was meant as a preventive, > not as a response to anything you said or did. > I've been in enough technical discussions over debatable administrative > philosophy that degraded into flame-fests, that I figured I'd say at the > beginning that, for me, flame-fests aren't fun, they're an embarrassing > waste of bandwidth. OTOH, sane discussions of administrative > policy/philosophy are fun and enlightening. > > I think we've covered everything technically. Your findings with regard to > ssh cracking are very different from my own. I'll try to find time to do a > little fresh testing, and return with my results. > > ----- "Terrell Prude' Jr." wrote: > >> Not sure what the "keep it civil" comment was for, as I do not believe >> I >> was "uncivil". >> >> But anyway.... >> >> Moving ports around unfortunately doesn't work, due to SSH-specific >> port >> scanners that can easily and quickly scan all 65,536 TCP ports. I >> tried >> that myself on a test box as an experiment, and the result was all >> sorts >> of attack attempts within a week of standing up the server. >> Everything >> but that specific port was blocked coming in. Of course, I had >> hardened >> the box so that such attacks would be exceedingly unlikely to succeed, >> >> and none did, but the point is that the attackers still found my SSH >> daemon with the port moved (no, not something obvious like TCP 222, >> 2222, 31337, or similar). >> >> On the other hand, blocking pings is not what I'd call security >> through >> obscurity. That's because there are actual attacks against boxes that >> >> use ICMP (e. g. Ping of Death from the 1990's, and there may be other, >> >> newer ones). For this reason, the typical system cracker that I >> encounter now assumes that ping will be blocked and simply does a TCP >> >> port scan without bothering to ping first. >> >> Instead, I would consider setting up a "honey-pot" decoy box on >> another >> IP address in that same subnet (preferably one that comes "before" the >> >> real box due to the way most people port-scan, e. g. the honey-pot >> would >> be a.b.c.99 and the real box a.b.c.100), running a pseudo SSH daemon, >> >> kinda-sorta like how the OpenBSD project does with SMTP and their >> excellent SPAMD program. Have that decoy box configured to email you >> >> whenever there is an attack against it, so that you can take action or >> >> trigger a script on the "real" box to do an "iptables -A INPUT -s >> w.x.y.z -j DROP" on the attacking IP address. Naturally, the >> honey-pot >> decoy needs to be very well hardened if it's going to talk to the real >> >> box like this. >> >> --TP >> >> >> David L. Willson wrote: >> > This discussion might deserve to be had if we can keep it civil, and >> I suppose we can. >> > >> > There are two major "security through obscurity" maneuvers I approve >> of: >> > >> > - Decline ping >> > - Move ssh to a non-default port >> > >> > Both are intended to evade attack by the 99%, and both are proven >> effective over time on many hosts. >> > >> > When you say that "security through obscurity is no security at >> all", what do you mean? I heard those words many, many years ago, and >> accepted them verbatim for a time, and took them to mean that a secure >> host would be secure "no matter what". I pictured in my mind, a >> hardened, shining server gleaming in a field of rampaging orcs, >> impervious to their blows. Over time I realized that being obvious, by >> replying to pings, running ssh on the default port, returning service >> version numbers, etc. encourages attacks, and makes them more >> frequent, and that responding to attacks takes up valuable bandwidth, >> mine and the server's. I came gradually to think that not being >> attacked might be a valuable part of good security, and that therefore >> obscuring the target might be a perfectly acceptable way to throw off >> the enemy's archers, so to speak. >> > >> > I suppose you may have heard that perspective, too, and I wonder >> what you think of it. >> > >> > For me, obscurity actually ~is~ a valuable part of security. >> > >> > David L. Willson >> > Trainer, Engineer, Enthusiast >> > RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP >> > tel://720.333.LANS >> > Freedom is better when you earn it. Learn Linux. >> > >> > ----- "Terrell Prude' Jr." wrote: >> > >> > >> >> Moving SSH to a nonstandard port has been suggested. I disagree >> with >> >> >> >> that, because, as an INFOSEC engineer, I've learned over the years >> >> that >> >> security through obscurity is no security at all. I'm in a similar >> >> >> situation with a Debian box that I run at work, also accessible >> from >> >> the >> >> Internet. >> >> >> >> What I do is packet-filter the daylights out of it and use fail2ban >> >> >> (looks like you are, too--very good). I like the concept of >> DenyHosts >> >> a >> >> lot, and I believe that fail2ban is the improved version of that >> >> concept, since it uses iptables, thus preventing the "bad" packets >> >> from >> >> ever getting to any daemon in the first place. Reduce your total >> >> login >> >> attempts to 3, and block that offending IP address for a month. >> >> >> >> Now, that said.... >> >> >> >> Personally, I wouldn't be running all that stuff on the same box to >> >> >> begin with. Yes, SELinux is helpful, and it should be used. >> However, >> >> I >> >> guess I'm still of the old school that says "one bastion host for >> >> HTTP, >> >> one bastion host for email, one bastion host for > >> else>", etc. It's just so much easier to design and keep security >> >> rules >> >> (ACL's and such) with those functions on separate servers. >> >> Virtualization can help out here if you don't want to run more >> than >> >> one >> >> physical box. Fortunately, CentOS 5 has Xen and KVM, both of which >> >> >> actually work pretty well. >> >> >> >> --TP >> >> >> >> >> >> Carl Keil wrote: >> >> >> >>> Hello folks, >> >>> >> >>> For those of you that run servers exposed to the outside world, I >> >>> >> >> just >> >> >> >>> wanted to send a ping out and see what others are doing about >> this. >> >>> >> >>> I'm seeing an escalation in what I call "brute force" attacks on >> my >> >>> >> >>> server. Like people trying to SSH in repeatedly from one IP with >> >> >>> common sounding user names. Or lots of http requests (I've got >> web >> >>> >> >> on >> >> >> >>> the same server) for ....setup.php or setup.pl etc. Repeated Auth >> >> >>> requests to sendmail. >> >>> >> >>> I've started running fail2ban, which, I feel does a great job of >> >>> cutting this down. Is there anything better that's about equally >> as >> >>> >> >>> easy to setup? Is there any point in making the effort to look >> up >> >>> >> >> the >> >> >> >>> IP's and contact the ISP's about this? Or does that just piss >> off >> >>> >> >> the >> >> >> >>> script kiddies and make you more of a target. I don't want to >> have >> >>> >> >> to >> >> >> >>> become a full on security expert, but I want to make sure I'm >> doing >> >>> >> >>> all the easy no-brainer stuff that can protect you 99% of the >> time. >> >>> >> >> I >> >> >> >>> hope that attitude doesn't offend anyone. I'm not working for a >> >>> school. I got into ltsp for home use and just run it for >> >>> >> >> convenience >> >> >> >>> and pleasure. Dealing with idiots who are trying to break in cuts >> >> >>> down on both. >> >>> >> >>> Thanks, >> >>> >> >>> ck >> >>> >> >>> _______________________________________________ >> >>> K12OSN mailing list >> >>> K12OSN at redhat.com >> >>> https://www.redhat.com/mailman/listinfo/k12osn >> >>> For more info see >> >>> >> >> _______________________________________________ >> >> K12OSN mailing list >> >> K12OSN at redhat.com >> >> https://www.redhat.com/mailman/listinfo/k12osn >> >> For more info see >> >> >> > >> > _______________________________________________ >> > K12OSN mailing list >> > K12OSN at redhat.com >> > https://www.redhat.com/mailman/listinfo/k12osn >> > For more info see >> > >> >> _______________________________________________ >> K12OSN mailing list >> K12OSN at redhat.com >> https://www.redhat.com/mailman/listinfo/k12osn >> For more info see > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From aahodson at episd.org Sat Mar 19 01:43:08 2011 From: aahodson at episd.org (Alan Hodson) Date: Fri, 18 Mar 2011 19:43:08 -0600 (MDT) Subject: [K12OSN] Fresh Install on Dell PowerEdge T110 In-Reply-To: <2146164677.16657691300498823435.JavaMail.root@ecb-mx-mailbox1.episd.org> Message-ID: <1770293071.16657711300498988120.JavaMail.root@ecb-mx-mailbox1.episd.org> Greetings Colleagues in the K12 environ might have been enjoying a well-deserved restful week while some of us took time to try and wrench some money back from Uncle Sam and catch up in projects such a "fresh install" on a new T110. After several frustrating tries with Centos 5.5 x86-64 and K12LTSP 5.0OEL 64 Bit I decided to go back to the K12Linux X86-64 stable4 disk, the Fedora10 install. (Hope I got those names right - several CD/DVDs ended up far away from the server!) This last install was rather uneventful, except for the fact that after installing Webmin to do a user batch install, the 330 names I tried entering did not take, and after much googling and trial and error I had to enter them by hand! The loading time is very slow (about 80 seconds per client), but once loaded they are a beauty. I will be using old reliable Symbio-Technologies TCs for a cluster of 20 units at one of our middle schools. I wonder if folks in the group have had similar experiences, and what the work-arounds have been. Cheers Alan A Hodson MEd. Instructional Applications Analyst El Paso Independent School District oF: 915-887-6871 fX: 915-772-4016 Nxt:915-892-0389 aahodson at episd.org - http://links.episd.org/ Open Source Proponent - http://tinyurl.com/3e4sh8 Life is not measured by the number of breaths we take, but by the moments that take our breath away -=o=- From brcisna at eazylivin.net Sat Mar 19 06:38:28 2011 From: brcisna at eazylivin.net (Barry R Cisna) Date: Sat, 19 Mar 2011 01:38:28 -0500 Subject: [K12OSN] Fresh Install on Dell PowerEdge T110 Message-ID: <1300516708.28061.15.camel@localhost.localdomain> Howdy Alan, Hey. In regards to the Webmin batch import for your previous users. 1) The very last radio button "Passwords are already encrypted?" HAS to be changed from the default of No to YES. # If you don't change this you will end up with invalid password at login. 2) The server has to be restarted for users to be able to log in. # I know this don't make sense ,but the voice of experience talking here...:) Next time give these two items a go after doing the batch import and no more hand entering previous users. I know your pain! :-). In regards to the clients loading so slowly. Are you using just the cheapo unmanaged switches feeding the TC's? If you are using a managed switch it could be the STP snafoo that causes stuff like this (sometimes). Although if the TC's perform A-OK in the desktop this doesn't make sense either. Have you tried adding a NBD / swap to just one of the TC's in the lts.conf file to see if bootup would speed up possibly? Barry From ahodson at elp.rr.com Sun Mar 20 02:52:06 2011 From: ahodson at elp.rr.com (Alan Hodson) Date: Sat, 19 Mar 2011 20:52:06 -0600 Subject: [K12OSN] Fresh Install on Dell PowerEdge T110 In-Reply-To: <1300516708.28061.15.camel@localhost.localdomain> References: <1300516708.28061.15.camel@localhost.localdomain> Message-ID: <4D856BD6.3020402@elp.rr.com> Thanks Barry for your comments. Over the years you've seen my queries and an occasional how-to post. I've done _many_ webmin batch installs, and I've never had to change a password setting - in fact the batch has student ID# as passwords, and that does not fit the criteria of encrypted password. I'll try it anyhow. I wasn't getting invalid password entries. I was being able to enter the info, and after rebooting, they did not appear as login names - very strange! Regarding the load times, yes, I am using el cheapo unmanaged switch (I am a non-Wi$con$in educator), but your NBD/swap entry peaked my curiosity... Fedora 10 loaded both gnbd-utils and nbd itself, but I am at a loss on how to setup any of the Thin Clients for this possible major-time-saving approach. Any more specific suggestions/help? As usual, thanks - You are THE MAN! Barry R Cisna wrote: > Howdy Alan, > > Hey. In regards to the Webmin batch import for your previous users. > > 1) The very last radio button "Passwords are already encrypted?" HAS to > be changed from the default of No to YES. > # If you don't change this you will end up with invalid password at > login. > > 2) The server has to be restarted for users to be able to log in. > # I know this don't make sense ,but the voice of experience talking > here...:) > Next time give these two items a go after doing the batch import and no > more hand entering previous users. I know your pain! :-). > > In regards to the clients loading so slowly. Are you using just the > cheapo unmanaged switches feeding the TC's? If you are using a managed > switch it could be the STP snafoo that causes stuff like this > (sometimes). Although if the TC's perform A-OK in the desktop this > doesn't make sense either. > Have you tried adding a NBD / swap to just one of the TC's in the > lts.conf file to see if bootup would speed up possibly? > > Barry > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > From brcisna at eazylivin.net Sun Mar 20 14:15:34 2011 From: brcisna at eazylivin.net (Barry R Cisna) Date: Sun, 20 Mar 2011 09:15:34 -0500 Subject: [K12OSN] Fresh Install on Dell PowerEdge T110 Message-ID: <1300630534.28061.55.camel@localhost.localdomain> Howdy Alan, Below is an nbd swap entry to place in the server's lts.conf file for A TC. I never tried to add this globally. I would think if you done this same thing in the global section of lts.conf you could get this loaded onto ALL TC's? Of course doing the routine listed in the lts.conf file you will need to make a matching workstation ip address entry in the k12ltsp-dhcpd.conf file to match up with this. When the TC boots up you will of course see about 7-8 lines of NBD SWAP being loaded.I think default size is 1024? Reason I say this if you do NOT see a few lines relating to NBD SWAP you have a typo in the lts.conf. Voice of experience talking once again,,,,:-) After having read your post I tried that very distro you are using, ( not the 64 bit though) at one school building and all of the tc's i tested booted very slowly. Probably about the same time amount as you mentioned for booting to a login box. The show stopper was our TC's were unusable as well. I had to ditch that setup and go back to Centos 5.x ltsp. My VERY unscientific 'guess' was something to do with the out of the box nic bridging setup. Maybe the packet sizes being used at image loading time? They call me Mr. Foobar in these here parts. I wonder why? Try that batch install via Webmin on to a temporary install on a dummy machine and see if it works so in the future you don't have to do all the grunt work of being Mr. Manual Labor,,,,doing the users install by hand,,,:) EX: #Ebox2300 WDLSystems [ws008] SMODULE_01 = sis7019 USE_NBD_SWAP = Y # X4_MODULE_03 = glx # LOCAL_APPS = Y Barry From joseph.bishay at gmail.com Mon Mar 21 01:06:54 2011 From: joseph.bishay at gmail.com (Joseph Bishay) Date: Sun, 20 Mar 2011 21:06:54 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D836C0C.7070409@siddall.name> References: <4D836C0C.7070409@siddall.name> Message-ID: Hello, On Fri, Mar 18, 2011 at 10:28 AM, Jeff Siddall wrote: > On 03/18/2011 08:03 AM, Julius Szelagiewicz wrote: > Either that or pick whatever AP you like, and if it doesn't do PoE just > buy one of these: > > http://www.trendnet.com/products/proddetail.asp?prod=130_TPE-112GS&cat=58 > > They are only ~$25 so it really doesn't matter whether your AP does PoE > or not, and there is no way you can run power anywhere for $25. > > Jeff That is a pretty cool thing! My concern is that POE switches/APs are probably more expensive than non-POE and thus I'd be very limited in what I can purchase. This may actually help resolve that. Thank you Joseph From lesmikesell at gmail.com Mon Mar 21 01:25:34 2011 From: lesmikesell at gmail.com (Les Mikesell) Date: Sun, 20 Mar 2011 20:25:34 -0500 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: References: <4D836C0C.7070409@siddall.name> Message-ID: <4D86A90E.5060006@gmail.com> On 3/20/11 8:06 PM, Joseph Bishay wrote: > Hello, > > On Fri, Mar 18, 2011 at 10:28 AM, Jeff Siddall wrote: >> On 03/18/2011 08:03 AM, Julius Szelagiewicz wrote: >> Either that or pick whatever AP you like, and if it doesn't do PoE just >> buy one of these: >> >> http://www.trendnet.com/products/proddetail.asp?prod=130_TPE-112GS&cat=58 >> >> They are only ~$25 so it really doesn't matter whether your AP does PoE >> or not, and there is no way you can run power anywhere for $25. >> >> Jeff > > That is a pretty cool thing! My concern is that POE switches/APs are > probably more expensive than non-POE and thus I'd be very limited in > what I can purchase. This may actually help resolve that. That brick splits a POE into ethernet and power out. There are equivalents to inject power at the other end if you don't need enough runs to justify a POE switch. -- Les Mikesell lesmikesell at gmail.com From news at siddall.name Mon Mar 21 14:02:37 2011 From: news at siddall.name (Jeff Siddall) Date: Mon, 21 Mar 2011 10:02:37 -0400 Subject: [K12OSN] Slightly OT - Wireless in your school/building In-Reply-To: <4D86A90E.5060006@gmail.com> References: <4D836C0C.7070409@siddall.name> <4D86A90E.5060006@gmail.com> Message-ID: <4D875A7D.70905@siddall.name> On 03/20/2011 09:25 PM, Les Mikesell wrote: > On 3/20/11 8:06 PM, Joseph Bishay wrote: >> Hello, >> >> On Fri, Mar 18, 2011 at 10:28 AM, Jeff Siddall wrote: >>> On 03/18/2011 08:03 AM, Julius Szelagiewicz wrote: >>> Either that or pick whatever AP you like, and if it doesn't do PoE just >>> buy one of these: >>> >>> http://www.trendnet.com/products/proddetail.asp?prod=130_TPE-112GS&cat=58 >>> >>> >>> They are only ~$25 so it really doesn't matter whether your AP does PoE >>> or not, and there is no way you can run power anywhere for $25. >>> >>> Jeff >> >> That is a pretty cool thing! My concern is that POE switches/APs are >> probably more expensive than non-POE and thus I'd be very limited in >> what I can purchase. This may actually help resolve that. > > That brick splits a POE into ethernet and power out. There are > equivalents to inject power at the other end if you don't need enough > runs to justify a POE switch. Correct. The power injectors tend to be about twice as expensive though so at some point pretty early on it is better/cheaper to just buy a PoE switch. You can get a Netgear ProSafe FS108 8 Port Fast Ethernet switch with 4 port PoE for about $120. Jeff From news at siddall.name Mon Mar 21 15:25:18 2011 From: news at siddall.name (Jeff Siddall) Date: Mon, 21 Mar 2011 11:25:18 -0400 Subject: [K12OSN] SPICE GSoC request Message-ID: <4D876DDE.4060806@siddall.name> I added a GSoC request to implement SPICE as a VNC/LTSP replacement: https://fedoraproject.org/wiki/Summer_coding_ideas_for_2011#SPICE_as_a_replacement_for_VNC_and_LTSP Feel free to add to/change the request as you see fit. Jeff From tomasstraupis at gmail.com Mon Mar 21 15:50:45 2011 From: tomasstraupis at gmail.com (Tomas Straupis) Date: Mon, 21 Mar 2011 17:50:45 +0200 Subject: [K12OSN] Shutting down client Message-ID: Hello I'm trying to shut down ltsp client from server machine. I found this old message about shutting down a client but this was for ltsp 4.1 and ltspinfo is no longer there (there is ltsp-info but I'm not sure it's the same thing). So is this procedure still possible: http://www.redhat.com/archives/k12osn/2004-August/msg00773.html Otherwise, how should I shut down the client? (I've tried enabling sshd on client machine running in kiosk mode which worked after adding additional packages, playing around with rwtab and key pairs. Then I've enabled sudo but after I run "sudo shutdown -h now" client goes into "shutting down" blue screen and never actually switches off). Thank you P.S. Fedora 14. -- Tomas Straupis From brcisna at eazylivin.net Wed Mar 23 00:28:03 2011 From: brcisna at eazylivin.net (Barry R Cisna) Date: Tue, 22 Mar 2011 19:28:03 -0500 Subject: [K12OSN] SPICE GSoC request Message-ID: <1300840083.28061.85.camel@localhost.localdomain> Jeff, Have you or anyone you know set up one of the SPICE setups? Just curious how this setup works in the real world. It's always interesting to see new spins on stuff. Barry From news at siddall.name Wed Mar 23 00:47:53 2011 From: news at siddall.name (Jeff Siddall) Date: Tue, 22 Mar 2011 20:47:53 -0400 Subject: [K12OSN] SPICE GSoC request In-Reply-To: <1300840083.28061.85.camel@localhost.localdomain> References: <1300840083.28061.85.camel@localhost.localdomain> Message-ID: <4D894339.1020707@siddall.name> On 03/22/2011 08:28 PM, Barry R Cisna wrote: > Jeff, > > Have you or anyone you know set up one of the SPICE setups? Just curious > how this setup works in the real world. It's always interesting to see > new spins on stuff. > > Barry Nope, no idea, but it sure looks good on paper! Seriously though, there are some use cases where raw X just doesn't work well (ex: video, low bandwidth links), VNC is really quite poor even for remote display, and it doesn't have sound (well, not easily anyway), doesn't have remote drive support etc. Ditto FreeNX. This seemed like an easy way to jump on the virtualization bandwagon. Jeff From dtrask at vcsvikings.org Wed Mar 23 04:45:55 2011 From: dtrask at vcsvikings.org (David Trask) Date: Wed, 23 Mar 2011 00:45:55 -0400 Subject: [K12OSN] FOSSed 2011! You should come! Here's why... In-Reply-To: References: Message-ID: FOSSed 2011 isn't all that far off. As I write this I am typing on a smartphone with an open source operating system called Android. Those of you who are familiar with Android, smartphones, and tablets may know that Android has gotten a lot of traction recently. Why? People like freedom and openness. I'm not knocking the iPhone or the iPad. Both are wonderful devices. Android, however, has arrived. In fact, it was just announced the other day that Amazon will be making an Android powered Kindle...and they opened their own Android App store today. So...why am I typing on an Android phone? I'm sitting in Logan Airport waiting for my flight to Charlotte, NC (and eventually to Columbia, SC). I'm headed to present at POSSCON (www.posscon.org) to further spread the word about free and open source software and it's uses in education. I'm excited. First...it's warmer there....and second...I get to do what I love to do. I'm even incorporating my trip into my lessons with my kids back at school. All made possible with open source software. (and you can expect at least one Android session at FOSSed this year) ;-) If not more... I'm also writing to let you know that you deserve great professional development. If success can be measured in longevity, then I can honestly say that FOSSed has truly been successful in meeting the goal of providing quality professional development over the years. FOSSed is now going into our 9th year! Over the years we've had some truly excellent presenters and presentations. This year, I'm sure, will be no exception. We already have some great sessions and instructors lined up and are looking for more (are you interested?) We want you to come and be a part of the FOSSed experience. Many folks come back year after year simply because it is a truly great experience. You not only learn a lot from the sessions, but even more learning takes place after-hours and during the incredible meals. (yes...I said it....the meals are AWESOME at FOSSed) You get a real chance to connect with colleagues and learn so much more than you can in a typical conference environment. We want YOU! Come and be a part of FOSSed...either as a presenter...a participant or both! FOSSed is and always has been participant driven. We want to know what you would like to learn more about. Please go to the FOSSed site (or click here) and go to Call for presentations for FOSSed 2011 (on the left side in the navigation menu) and fill out the simple form where you can tell us more about what you want to learn! Once you get beyond the first page or so there's also an opportunity for you to let us know if you'd like to present. Most of our FOSSed presenters are also FOSSed participants. These folks simply want to share their knowledge and excitement with YOU. If you have an idea...let me know about it...I'd love to have you present to your colleagues. (and did I mention we pay you a bit?) I know the economy isn't what it could be. Times are tough. This is why it's more important than ever that we leverage quality professional development at a great price. The price for FOSSed is ALL INCLUSIVE. Meals, lodging, and the conference are all one low price (that's the same as last year...we held the line and so did Gould Academy). You can stay on-campus...or you can save a little $$$ and stay off-campus. (off-campus is mostly for the local folks with a short commute) It's $495 for on-campus participants and $455 for off-campus. All meals are included. For those of you who are ACTEM members...combine it with your ACTEM professional development benefit and you could be able to come to FOSSed for less than $100! We're also VERY flexible. Some schools need special billing arrangements to accomodate the new fiscal year and so forth...no worries...just contact me and I'll be happy to help you out. ( copperdoggy at gmail.com ) OH! And don't forget...FOSSed is in July...so it is part of the NEW budget/fiscal year...that might help you! So...whaddya' waiting for? For more information and to register for FOSSed 2011...go to http://www.fossed.com Hope you can join us this year! Bryant and I will be at POSSCON for the next few days (for all you FOSSed Alum...Maddog is here as well!) I will try to post some of the "happenings" here at POSSCON on twitter...you can follow me @dtrask So...register for FOSSed 2011...it's going to be awesome and we want you to be a part of it! http://www.fossed.com or you can click here directly to register. If you have ANY questions at all...please drop me an email and I'll be happy to answer it. Sent from my Android phone David Trask FOSSed 2011 www.fossed.com copperdoggy at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From bfristen at shaw.ca Thu Mar 24 19:09:30 2011 From: bfristen at shaw.ca (Brian Fristensky) Date: Thu, 24 Mar 2011 14:09:30 -0500 Subject: [K12OSN] LTSP 5.2.4.5 - lts.conf is not read Message-ID: <4D8B96EA.2040104@shaw.ca> An HTML attachment was scrubbed... URL: From dyoung at mesd.k12.or.us Thu Mar 24 19:18:28 2011 From: dyoung at mesd.k12.or.us (Dan Young) Date: Thu, 24 Mar 2011 12:18:28 -0700 Subject: [K12OSN] LTSP 5.2.4.5 - lts.conf is not read In-Reply-To: <4D8B96EA.2040104@shaw.ca> References: <4D8B96EA.2040104@shaw.ca> Message-ID: On Thu, Mar 24, 2011 at 12:09 PM, Brian Fristensky wrote: > passwd: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 is not > authorized to change the password of root > > My gut feeling is that this is an SE_Linux message, but I've disabled > SE_Linux. > Does this message look familiar to anyone? Maybe this? https://bugs.launchpad.net/ubuntu/+source/ltsp/+bug/667378 The unconfined_u:unconfined_r:unconfined_t:s0 bit refers to SELinux labeling. Can you run sestatus and post the output? -- Dan Young Multnomah ESD - Technology Services 503-257-1562 From bfristen at shaw.ca Thu Mar 24 19:41:49 2011 From: bfristen at shaw.ca (Brian Fristensky) Date: Thu, 24 Mar 2011 14:41:49 -0500 Subject: [K12OSN] LTSP 5.2.4.5 - lts.conf is not read In-Reply-To: References: <4D8B96EA.2040104@shaw.ca> Message-ID: <4D8B9E7D.5000002@shaw.ca> Thanks, Dan. It turned out that a simple reboot of the server got rid of this error, but that is with the proviso that SE-Linux is turned disabled. My understanding of SE Linux is minimal, but I it may be that during the reboot it relabled some files. I never had the problem of being unable to run ltsp-build-client, even when SE linux was running. Dan Young wrote: > On Thu, Mar 24, 2011 at 12:09 PM, Brian Fristensky wrote: > >> passwd: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 is not >> authorized to change the password of root >> >> My gut feeling is that this is an SE_Linux message, but I've disabled >> SE_Linux. >> Does this message look familiar to anyone? >> > Maybe this? > https://bugs.launchpad.net/ubuntu/+source/ltsp/+bug/667378 > > The unconfined_u:unconfined_r:unconfined_t:s0 bit refers to SELinux > labeling. Can you run > sestatus and post the output? > > -- > Dan Young > Multnomah ESD - Technology Services > 503-257-1562 > > _______________________________________________ > K12OSN mailing list > K12OSN at redhat.com > https://www.redhat.com/mailman/listinfo/k12osn > For more info see > > -- ============================================ Brian Fristensky 971 Somerville Avenue Winnipeg MB R3T 1B4 CANADA bfristen at shaw.ca 204-261-3960 ============================================ From dyoung at mesd.k12.or.us Thu Mar 24 19:51:34 2011 From: dyoung at mesd.k12.or.us (Dan Young) Date: Thu, 24 Mar 2011 12:51:34 -0700 Subject: [K12OSN] LTSP 5.2.4.5 - lts.conf is not read In-Reply-To: <4D8B9E7D.5000002@shaw.ca> References: <4D8B96EA.2040104@shaw.ca> <4D8B9E7D.5000002@shaw.ca> Message-ID: On Thu, Mar 24, 2011 at 12:41 PM, Brian Fristensky wrote: > Thanks, Dan. It turned out that a simple reboot of the server > got rid of this error, but that is with the proviso that > SE-Linux is turned disabled. My understanding of SE Linux > is minimal, but I it may be that during the reboot it > relabled some files. If you just changed /etc/sysconfig/selinux, it wouldn't take effect until your restarted. You can always "setenforce 0" to set SELinux into permissive mode w/o a reboot. -- Dan Young Multnomah ESD - Technology Services 503-257-1562 From burke at thealmquists.net Fri Mar 25 04:59:23 2011 From: burke at thealmquists.net (Burke Almquist) Date: Thu, 24 Mar 2011 23:59:23 -0500 Subject: [K12OSN] LTSP 5.2.4.5 - lts.conf is not read In-Reply-To: <4D8B96EA.2040104@shaw.ca> References: <4D8B96EA.2040104@shaw.ca> Message-ID: > I also did the following: > > In the Firewall wizard set > TFTP 69/udp > Other ports: 177 udp xdmcp I think by default (at least in previous versions) the bridge br0 was a trusted interface. All traffic on a trusted interface is allowed by default. Check and make sure that is turned on (or temporarily disable the firewall) and restart it. Then you know if your firewall is blocking traffic. > > I have turned off SE linux, which always seems to mess up LTSP. Agreed, I think this is mentioned on the wiki. I just set it to non-enforcing, cause it's less work, but you get the idea. From bfristen at shaw.ca Sat Mar 26 17:34:38 2011 From: bfristen at shaw.ca (Brian Fristensky) Date: Sat, 26 Mar 2011 12:34:38 -0500 Subject: [K12OSN] LTSP 5.2.4.5 - lts.conf is not read In-Reply-To: References: <4D8B96EA.2040104@shaw.ca> Message-ID: <4D8E23AE.9080904@shaw.ca> Burke Almquist wrote: >> I also did the following: >> >> In the Firewall wizard set >> TFTP 69/udp >> Other ports: 177 udp xdmcp >> > I think by default (at least in previous versions) the bridge br0 was a trusted interface. All traffic on a trusted interface is allowed by default. Check and make sure that is turned on (or temporarily disable the firewall) and restart it. > Then you know if your firewall is blocking traffic. > It's not a firewall issue. I did the experiment of turning off the firewall with the same result. There are really two issues: 1. At least one important environment variables is not being set: LDM_XSESSION. It took tremendous effort to discover that this was why every user would get kicked back to the login screen at login. Messages from /var/log on the client showed that they were logged into the server alright, but ldm had no way to know which desktop to use. I verified this by adding the following line to lts.conf LDM_XSESSION=gnome-session Now, users can login. But to discover this, I had to solve problem #2. The point is that none of the sample lts.conf files I have seen ever had this line in them. So LTSP SHOULD be able to figure out which window manager to use without having to read lts.conf. 2. lts.conf isn't being read from the server. It was only after I copied lts.conf to /opt/ltsp/i386/etc, and rebuilt the image, that this file had any effect. I have done some detective work, trying to sort through the rc scripts to figure out which script actually reads lts.conf, but with no luck. It doesn't help that the LTSP Administrator's Reference guide has not been updated to reflect the locations of files. Specifically, Chapter 6 describes the steps in the boot process. Step 13 refers to /etc/event.d and /etc/rcS.d, neither of which exist in the chroot. In step 16, it refers to the file /etc/rc2.d/ltsp-client-core, which is also not in the chroot. So I am a bit lost in trying to figure out which script reads lts.conf from the server. I will reiterate that these problems are seen on a fresh install (not an upgrade) of Fedora 14. However, I discovered the problems on an existing F13 system. -- ============================================ Brian Fristensky 971 Somerville Avenue Winnipeg MB R3T 1B4 CANADA bfristen at shaw.ca 204-261-3960 ============================================ From brcisna at eazylivin.net Sun Mar 27 16:29:18 2011 From: brcisna at eazylivin.net (Barry R Cisna) Date: Sun, 27 Mar 2011 11:29:18 -0500 Subject: [K12OSN] LTSP 5.2.4.5 - lts.conf is not read Message-ID: <1301243358.28061.159.camel@localhost.localdomain> Brian, This doesn't help you out a whole lot,but we had this same scenario happen about three years ago on one server. Just as you mentioned ,in the logs it appeared as though the user was logged in,but then logged back out 1 second later. If a user selected KDE or ICE as the desktop they could log in no probs. After much wrangling ,as you have experienced ,(at the time) was to select Gnome as the session,then save (at login) as each users default login. Whatever this done behind the scenes fixed each users login. Not a real clean fix if you have many users,though. In other words even selecting 'default' from the available desktops enviornments the user would get kicked back out to login after looking like login was successful. Did you by chance try selecting for example KDE desktop at login when this was occuring? Barry