Ich habe auf dem Laptop meiner Mutter heute ein Bios-Update durchgeführt - und danach konnte man sich bei Windows nicht mehr anmelden. Es besteht nämlich darauf, dass man sich neu registriert bei Microsoft...

Wirklich sehr benutzerfreundlich, Microsoft... was wenn meine Mutter jetzt dringend eine EMail hätte schreiben müssen?

... dann hätte sie vermutlich das Linux drauf verwendet. Das geht nämlich einwandfrei, ohne solche albernen "Ich habe vergessen, dass ich die Original-Windows-Installation auf dem Tschibo-Laptop bin"-Sperenzchen. Fazit: Windows-Raubkopien sind benutzerfreundlicher als Originale? Die kommen sicher nicht mit so einer Meldung... Ist es eigentlich verboten, eine Raubkopie zu verwenden, wenn man eine Originallizenz hat (ist ja leider bei jedem Laptop dabei, sprich ich hab mehr Lizenzen als Installationen...)?

My laptop is now gone for repair of the backlight. While I have my HD at home (and an external casing for it), I don't have my usual work environment...

So I will probably not do any Debian work until I have my laptop back; if you want to NMU (or adopt minit, where I did the orphan upload just yesterday), just send me an email. I should still be reading my email frequently.

I hope with the repaired backlight the laptop will continue running until I've decided on a model to buy instead. Current favourites: IBM Thinkpad T43p (which supposedly is almost the same as my current laptop, and especially also has hopefully the same 1600x1200 15" display...), Samsung X20 or X50, maybe an Apple, or (which is really pretty, but seems overpriced) Samsung Q30plus.

Ranked in order of importance to me: Display quality (shouldn't reflect too much, should be very fine) then weight. Everything else is rather uninteresting...

... Essen gehen ist hier erheblich teurer...

Pizza Magherita für 2 Euro, das gibts hier nicht. Und dass man für 15 Euro drei Hauptgerichte und etwas zu trinken bekommt (die wir zu zweit nicht ganz geschafft haben, obwohl ich ein Vielfraß bin) gleich drei mal nicht.

Selbst beim Pizzaservice zum selbstabholen kommt man hier doch nicht unter 4 Euro für eine Magherita...

Slashdot pointed out IP spotting, a rather primitive tool checking your IP for prime numbers and such.

Instead of trying to come up with a high score, I was looking for a low score. The lowest I've seen so far is gluck, the main debian web server - it has the amazing score of -1.

Update: 129.187.150.128 has a score of -2. And that actually is an IP in a range I administrate. Thanks to Michael for spotting.

It has happened. Today I had the impression that my display was a bit darker than it used to be; and later it started by slight changes in brightness, then real flickering - and then only darkness remained...

I can still somewhat read the display, since I've started using black-on-white two years ago when I noticed the increased readability in pure sunlight.

Now I've hooked up a TFT, but it's not yet running optimal, since my laptop had a 1600x1200 TFT, while the 17" display I've attached has a physical resolution of 1280x1024 I guess.

I loved my IBM ThinkPad, especially because of it's display. Compared with much more recent displays, it had an excellent viewing angle, next to no reflections on it, and stunning sharpness with it's 135 dpi. I'll miss it. And I'll definitely miss the page-left and page-right keys next to the arrow keys I've gotten addicted to for desktop switching...

The laptop is now 3.5 years old, so out of warranty. More stuff had started breaking; just before end of the warranty the harddisk died and I got it replaced, the main battery doesn't charge any more and my secondary battery holds for half an hour. Bluetooth never worked for me, and doesn't show up on USB like in all the Howtos. Heck, even of one of the two USB1 ports (no USB2) falls apart - the plastic part to keep the pins from touching is broken off... So it definitely doesn't pay off to have the display fixed. They would need to fix just about anything there.

What sucks most is that I had intended to buy myself a new laptop in 10 months. I'd like to get one with a Core CPU then, but I don't trust the early models... and I'll have to decide which brand to buy. I loved my A31p display, but 15" and 3.5 kg is too large and heavy for my current taste. I'd go for an IBM ThinkPad X* (and I'd love the X50 I guess) if they weren't a bit expensive... maybe I'll get a Samsung now, but I definitely would want to test the display first... can't stand some of the displays I've recently seen on Dell (don't even think of watching a DVD on them unless you are at most 2 people, and they reflect like shit.)

Does anyone know if there is a sponsorship program for Linux developers to get new laptops cheaper? ;-) Or at least without having to buy a useless Windows licence? Of course I'd help writing drivers and document the installation process...

Bei meinem 3,5 Jahre alten IBM ThinkPad A31p ist eben die Hintergrundbeleuchtung ausgefallen. Jetzt muss ich also im Dunkeln arbeiten. ;-)

Ne, man kann bei meinem Laptop zum Glück auch ohne Beleuchtung am Display etwas erkennen. Das Display war aber definitiv das beste an dem Laptop... Extrem scharf und einen unglaublichen Blickwinkel, keine Spiegelungen.

Jetzt fühl ich mich aber gerade etwas wie ein Fisch im Trockenen... mein Haupt-nicht-Lern-Grund ist jetzt auf einmal weg... :-(

Ich hab zwar schon länger vor, mir einen neuen Laptop zu kaufen, wollte das aber eigentlich bis nach dem Diplom aufschieben - also Ende des Jahres. Dann wären vielleicht auch schon die nächste Generation von Laptops - mit "Core" Prozessor - langsam bezahlbar geworden. So wies aussieht werde ich also weiterhin eine Generation hinterherhinken... naja, ist nicht so schlimm... ich kann ja mal wieder mein Glück bei Ebay versuchen...

[Update: OpenVPN is working again with no configuration changes - after killing the user who was running ettercap.]

I've been using OpenVPN to provide secure wireless for a group of around 200 students here, of which around 60 frequently use it.

It was running fine for the last few months, but started doing weird stuff on friday. Dear Lazyweb, I'm lost at debugging the cause...

I've eliminated the wireless links as possible cause, so here is the simplified setup:

User #1 | -- openvpn  -- | tap0 \                 eth1 | -- DMZ net
                                |- br0  Firewall
User #2 | -- ethernet -- | eth0 /                 eth2 | -- internet

Everything works just fine for User #2. The firewall rules used all use only br0 as device, and a netmask both User #1 is in and User #2. Rule counter in iptables verify that the firewall is working correctly.

User #1 can:

• access hosts in the DMZ network perfectly all the time
• access the internet fine for like 2 seconds
• ping the internet

After these two seconds, packets start being retransmitted; some of the retransmissions will then arrive at the client, but rarely enough to actually receive a simple website.

I am not aware of any changes to the client or server OpenVPN configurations. The latest changes (according to SVN) in the firewall rules were completely unrelated "accept" rules... (and the retransmissions arrive, so...)

Any hint? Some MTU issue maybe? Maybe "upstream" routers increased their MTU, now the packets are hitting some triggers? But why would it work for 2 seconds then each time openvpn on the client is restarted?

To handle the current influx of (annoying) announces, we need to create new mailing lists, named debian-announce-announce and debian-devel-announce-announce, as well as accompanying lists named debian-announce-announce-flames and debian-devel-announce-announce-flames with the Reply-To set to these lists.

Would you please just shut up? Thank you.

The original Ubuntu announcement was probably not appropriate for the list. I just ignored it when I read Ubuntu. The clownish public flame "announcement" afterwards was a nuiscance, and a certain evidence of incapacity. But the amount of pointless discussion that has sprung from it reminds me of why I don't read debian-devel any more...

Please direct further comments to /dev/null.

In fact, such pointless threads explain why we're using Planet.Debian so much: because our mailinglists are so bad. Fortunately, there have been rather few posts on that issue on planet yet... because I don't have a "delete thread" option there.

Given the posts on diverse planets, this seems to be a common nerd disorder...

Your Social Dysfunction: Happy You're a happy person - you have a good amount of self-esteem, and are socially healthy. While this isn't a social dysfunction per se, you're definitely not normal. Consider yourself lucky: you walk that fine line between 'normal' and being outright narcissistic. You're rare - which is something else to be happy about.

Take this quiz at QuizGalaxy.com Please note that we aren't, nor do we claim to be, psychologists. This quiz is for fun and entertainment only. Try not to freak out about your results.

Another quiz meme: You scored as Mathematics. You should be a Math major! Like Pythagoras, you are analytical, rational, and when are always ready to tackle the problem head-on!

I've been setting up EoC lists on a SELinux postfix box recently. It was rather painless, and I have enough experience with SELinux to quickly write a SELinux policy for EoC. The most difficult thing was that basically file descriptors from the postfix delivery process were inherited all the way to bounces for nonexistant lists.

I tried different setups; using EoC directly in .forward, using procmail, and using a shell wrapper like this:

#!/bin/sh -e
# verify the list exists
/usr/bin/enemies-of-carlotta  --skip-prefix=eoc+ --domain=list.foobar.tld \
  --is-list --name "$RECIPIENT" || exit 67
#  deliver to EOC
exec /usr/bin/enemies-of-carlotta --skip-prefix=eoc+ --domain=list.foobar.tld \
  --incoming --quiet

I've seen a solution which used a pipe transport from within postfix with a similar wrapper (basically passing $RECIPIENT and $SENDER via commandline instead of having the local delivery agent set them); but I'm not sure about the benefits I get from that (except maybe even more SELinux policy work).

There are two drawbacks with my current solution:

• Non-existent lists adresses aren't rejected at SMTP time (can a pipe transport based solution in postfix do that?)
• Error messages contain the rewritten list address eoc+listname@hostname instead of the real adress (the pipe based solution doesn't have this drawback)

Hmm... since newer EoC versions now have --sender and --recipient parameters, I guess I'll try running eoc in the pipe transport without any wrapper now...

Update: I've now setup EoC to run as pipe without a wrapper; this didn't solve the first wish, but caused some extra SELinux violations and despite using the --quiet option a really bad error message for invalid adresses... Patching EoC right now to exit with 67 in that case...

Here's the diff:

--- /usr/share/enemies-of-carlotta/eoc.py       2005-12-22 01:05:00.000000000 +0100
+++ eoc.py      2006-01-04 19:50:43.000000000 +0100
@@ -1642,7 +1642,17 @@
             debug("Not a mailing list: <%s>" % list_name)
             sys.exit(1)
     elif operation == "--incoming":
-        mlm.incoming_message(skip_prefix, domain, moderate, post)
+        try:
+            mlm.incoming_message(skip_prefix, domain, moderate, post)
+        except BadCommandAddress:
+            sys.stderr.write("Bad command address.\n")
+            sys.exit(os.EX_NOUSER)
+        except BadSignature:
+            sys.stderr.write("Bad signature.\n")
+            sys.exit(os.EX_NOPERM)
+        except UnknownList:
+            sys.stderr.write("Unknown list.\n")
+            sys.exit(os.EX_NOUSER)
     elif operation == "--cleaning-woman":
         mlm.cleaning_woman()
     elif operation == "--show-lists":

eoc       unix  -       n       n       -       3       pipe
        flags=R user=eoc-lists argv=/usr/bin/enemies-of-carlotta --sender=${sender} --recipient=${recipient} --incoming

Es ist geradezu erschreckend, was für ein Unsinn in diesem Zusammenhang geredet wird... ich bin enttäscht von der vorherrschenden Ignoranz.

z.B. werten die Medien es als ein Indiz für Fahrlässigkeit, dass die Staatsanwaltschaft ermittelt - nur: die Staatsanwaltschaft ermittelt immer, wenn jemand eines nicht natürlichen Todes stirbt! Das heisst noch nicht, dass deswegen automatisch ein Verdacht besteht, nur dass die Möglichkeit besteht. Fällt jemand auf einer Baustelle vom Gerüst, wird vermutlich die Staatsanwaltschaft auch ermitteln... Oftmals um eben festzustellen, dass da z.B. eine Windböhe schuld war.

Dann die Schlagzeilen heute: "Stoiber sagt Hilfe zu"... stimmt schon, das macht man normalerweise bei Erdbebenregionen normalerweise so. Aber diese Hilfsfonds sind normalerweise für Regionen, wo Arbeitsplätze und Häuser gleichermaßen zerstört wurden. Den Opfern der Halle sollte eigentlich durch die Krankenversicherungen und durch die Versicherung der Halle (bzw. der Stadt als Betreiber der Halle) bereits ganz gut geholfen sein.

Ansonsten müssen wir fairerweise auch noch einen Hilfsfond für alle einrichten, die von Lawinen verschüttet werden oder vom Blitz getroffen - oder von einem Auto überfahren.

Das soll jetzt nicht heissen, dass ich nicht genauso Anteil nehme an dieser Katastrophe und dem Leid von Menschen, die da Angehörige verloren haben.

Ich finde es nur falsch, wie schamlos das von der Politik ausgenutzt wird. Bei einer Massenkarambolage auf der Autobahn sterben auch mal 15 Menschen, ohne dass ein verlgeichbares Theater gemacht wird, oder Konsequenzen daraus gezogen werden.

I just read my logcheck email, and one box scared me:

Jan  1 00:59:59 dumbledore kernel: Clock: inserting leap second 23:59:60 UTC
Jan  2 00:59:59 dumbledore kernel: Clock: inserting leap second 23:59:60 UTC

All the others, running the same software, had only one leap second, on 1.1.

I've added two SELinux on Debian mailing lists on Alioth: SELinux-user and SELinux-Announce.

The first one is an open SELinux on Debian user mailing lists, the second will be used for announcements (mostly when something important changes, new stuff is added, something breaks etc.).

Every SELinux on Debian user should probably subscribe to the second. Since there aren't that many user, I guess the -user mailinglist will be rather low-volume for some time, and needs love by those who are already running SELinux on their boxes.

Current SELinux packages contain some breakages... updates are stuck in NEW right now, and I've written some extra notes to the mailing list: notice about SELinux changes.

BTW: On the long run, Debian will likely drop it's current "strict" policy, and migrate to a serefpolicy-based Policy like Fedora already uses. Any volunteers to debconficate the setup process?

this joke certainly is an all-time high.

You have to read it!

Nicht verpassen: der beste Blondinenwitz aller Zeiten!

Also: Weitererzählen!

Maybe Intel should donate their new slogan to Linux instead:

This is a small farm of Linux servers, each reporting that it has added the leap second, and logcheck on each of the machines (not running remote syslog yet) reports this line as "unknown or important log message", sending an email each to my off-site account. Guess I'll have to file a bug against logcheck to add a statement for this line, so I won't see it next year. or in 2600, if they maybe add a leap hour instead.

On the other hand, this is a nice new years mail from your servers: Nothing interesting happened, so I had to add a leap second. ;-)