Zugschlusbeobachtungen

Dear Lazyweb, I have just found out that ksynaptics has stopped working against the X in unstable, and that ksynaptics is not even in lenny, let alone in current testing and/or unstable. This currently leaves me with an unconfigured touchpad, which is a major nuisance since I have gotten accustomed to tap-dragging and touchpad border scrolling.

xserver-xorg-input-synaptics' README.Debian dates back to 2004, so I suspect that the information given there in does not any more apply to today's configfile-less X.

So, dear lazyweb, how do I get my touchpad back into the more intelligent mode? Clickable configuration preferred.

This is a rant. A rant which goes to the grub maintainers, and one that could go nearly identically to many people in the KDE environment or many other open source projects.

I really like grub. I really like grub 0.97 despite that it's been unmaintained for years and not booting on two of my important machines. I should like grub 2 because its configuration looks more straightforward and for its better features - direct booting of .iso images, from LVM and RAID. But actually, I have learned to hate grub 2 since it is not finished and badly documented, and that its existence is already being used as an excuse for grub 0's development having stopped years ago (and it being renamed to "grub-legacy" to clearly show that it's the unloved child) - and things looks like this is not going to change any time soon.

I haven't been using ATM on Linux for some six years now. I neither have access to an ATM network any more nor do I have ATM hardware any more. Therefore, I plan to remove ATM support from ifupdown-scripts-zg2 in the next release which will be done in the next few weeks.

If anybody does still use ATM on Linux in conjunction with my scripts, you might want to offer help with the package if you want to have continued ATM support in ifdown-scripts-zg2. I cannot test the code any more and therefore cannot maintain it in the future.

I just wanted to make an USB stick bootable and wondered why mkdiskimage -4 /dev/sda 0 32 64 complained about the disk having too many cylinders. After a few moments, it ocurred to me that since libata, the system hard disk has become sda and that the stick was sdb or sdc. One ctrl-C later, fdisk confirmed both counts: That I accidentally started mkdiskimaging my main system hard disk and that the partition table was already gone.

A few hours later, the notebook is back in business without too much data loss. Lucky me.

In the last few weeks, I spent quite some time wondering about how to arrange the hard disk layout of my productive systems in the future. This article outlines my thoughts and would like to ask the lazyweb for comments.

I try to keep my Debian servers as identically as possible, making it possible to talk non-linux persons remotely through the system without having to worry about this particular box' configuration.

A few months, I blogged about the pains I had with my nVidia FX 5200 graphics card, Debian and current kernels.

I have solved the issue in the mean time and would like to document what I did. This has been updated to reflect driver 173.14.20 from July 2009.

Dear lazyweb, how do I pin lenny now and have that pin hold after lenny's release?

• Codename lenny doesn't work, apt cannot do this (#433624, 18 months old, without any reaction yet)
• Version 5.0 doesn't work, lenny's Release file doesn't have a Version field yet
• Suite testing will match lenny now and then track squeeze once squeeze is testing

My home workplace is slowly and steadily mutating into a never ending story. I do not remember blogging every aspect of it, but after three graphics cards, an even older mainboard and two DVB-S-Cards, my home workplace PC currently does what I expect it to do: Run Debian unstable, drive two 20 inch DVI TFT monitors with 1600x1200 pixels each and receiving DVB-S transmissions. I do not think that these are exaggerated expectations, but it took over three months to find a combination of hardware which will actually do what I want.

The hardest part was finding a AGP graphics card which can drive two DVI monitors with 1600x1200 pixels each. After failing with two different Matrox cards (the G550 not being able to do 1600x1200 pixels if the monitors are connected via DVI), I finally settled on a used GeForce FX 5200. In the beginning, the binary nVidia module didn't hurt as much as I expected. Unfortunately, this rapidly changed with the 2.6.27 Linux kernel.

$ ping 10.8.0.11
PING 10.8.0.11 (10.8.0.11) 56(84) bytes of data.
64 bytes from 10.8.0.11: icmp_seq=1 ttl=63 time=79.6 ms
64 bytes from 10.8.0.11: icmp_seq=2 ttl=63 time=79.5 ms
64 bytes from 10.8.0.11: icmp_seq=3 ttl=63 time=79.7 ms
<ethernetkabel wird gezogen>
64 bytes from 10.8.0.11: icmp_seq=295 ttl=63 time=724 ms
64 bytes from 10.8.0.11: icmp_seq=296 ttl=63 time=1079 ms
64 bytes from 10.8.0.11: icmp_seq=297 ttl=63 time=559 ms

Dies ist das Verhalten meines Netzüberwachungs-Notebooks auf dem zum Management dienenden OpenVPN-Link beim Ziehen des Ethernetkabels. Auf dem Ding läuft eh ein Nagios und es hat zum Verschicken von Warn-SMS aus dem Nagios eine UMTS-Karte. Also habe ich ihm jetzt per Event Handler beigebracht, automatisch einen pppd zu starten, wenn die Gegenstelle des OpenVPN-Tunnels ihren Status nach DOWN wechselt. Und das funktioniert sogar.

Die hohen RTTs nach dem Ziehen des Ethernetkabels kommen übrigens daher, dass in der UMTS-Karte derzeit eine uralte Simyo-SIM steckt, die noch nicht UMTS-fähig ist. Aber die ist bald leer, und dann kommt da auch eine USIM rein.

Ein "Security Advisory" ist ein meist per E-Mail oder Web verbreitetes Dokument, in dem jemand (oft ein Security-Consultant oder der Autor einer Software) Informatioen über eine Schwachstelle in einer Software veröffentlicht. Üblicherweise werden diese Advisories zurückgehalten, bis eine Korrektur für die Schwachstelle gefunden und getestet wurde, um nicht im Zeitraum zwischen Veröffentlichung des Advisories und der Veröffentlichung des Fixes einen Haufen angreifbarer Systeme mit öffentlich bekanntem Angriffsvektor zu erzeugen.

Auch hier bin ich wieder einmal der Meinung, dass man diesen terminus technicus am besten auch im deutschen Fließtext unübersetzt lässt. Wenn man es partout übersetzen möchte, nehme man "Sicherheits-Bekanntmachung", "Maßnahmenempfehlung" oder "Sicherheitshinweis".

Die Deutschen Übersetzer des Debian-Projekts haben das in der Security-Team-FAQ für lange Zeit mit "Sicherheits-Gutachten" übersetzt. Allerdings muss ich ihnen zugute halten, dass inzwischen das marginal weniger dumm klingende "Sicherheitsankündigung" verwendet wird. Eine wirklich gute Übersetzung ist das jedoch immer noch nicht.

Die Debian Sicherheits-FAQ ist für Sprachpolizisten übrigens ein gefundenes Fressen. Da finden sich Stilblüten wie "Sicherheitsreparatur" und "Sicherheitsverwundbarkeit" am laufenden Meter. Meine Empfehlung: Die englische Version des Dokuments lesen.

This is just a small reminder (for me and others) that Debian is currently migrating from console-tools to kbd (back again, yes, those who have been around for a few years remember).

This information is obviously a closely-guarded secret. Console-tools is still Priority: important, and kbd is still Priority: extra. However, kbd seems to be much better maintained (current uploads happening, while console-log has seen its last maintainer upload two years ago), and unfortunately, neither package description suggests which package is the way to go. And Debian-installer still installs console-tools by default.

However, a few bugs were filed a year ago by the console-tools maintainer to drop console-tools from depends as console-tools is going away. So I guess that he knows what he's doing...

Before I get around to adding console-tools back to console-log's depends (as I almost did accidentally), I'll better blog this to remind people of console-log going away. Maybe we'll get the Priorities changed just in time for lenny.

This article was updated, and the issue seems solved. Please look at the last paragraph before adding comments.

Exim has the habit of trying to find out about its host names and IP addresses when it starts up. This has, in the past, been an issue for the Debian packages, since a Debian system might be on a dial-on-demand modem line with expensive costs and thus should not do unnecessary DNS lookup when the MTA is started.

This article tries to describe the issue and which countermeasures debian took, and asks for tips how to solve this in the case of IPv6, where our past measures unfortunately do not directly apply.

I'd like to solicit opinions from people who are more experienced than me with Unix, the local resolver library including /etc/hosts and /etc/nsswitch.conf, DNS, and - especially - the customs that apply on a system running IPv6.

For various reasons, I have the kernel and the initrd that my notebook needs to boot Linux on an USB stick. I recently added the Debian Installer and grml to the stick to allow additional uses of the stick.

Sometimes a bug report is a labyrinth. #348046 is an example of this. It is a horrible mess of at least three different issues with half of the original participants having become unresponsive. I would like to pull the issues apart into different bug reports to be able to deal with them (and their probably unresponsive submitters) individually.

Obviously, cloning and renaming is not an option since this copies the mess.

So, it would probably be desireable to download the bug mbox and to bounce individual messages to new bugs (that have been created before), but the BTS recognizes the dupes and bins them. Blars has helped me by looking at BTS mail log, so it was clear that removing the X-Loop, X-Debian-PR, X-Spam, Resent- and Received headers from the mbox before loading it into mutt to do the actual bouncing works fine.

A command line to do this:

rm -f mboxout; < mboxbug formail -d -I Received -I X-Debian-PR -I X-Loop -I X-Spam -I Resent -s >> mboxout

After trying this in "production", one needs to send one message per BTS pulse, or one will totally mess up the order of the messages. That's a real pity and an annoyance.

For various reasons, I usually carry an USB stick with me that holds a single ext2fs and has grub installed. This blog entry quickly documents how to copy a Debian-Installer to it to be able to quickly install Debian without the need to burn a CD.