Stop trying to oversimply things you don't understand.
Well gee I dunno brain, I've only been a professional sysadmin for a decade and been using XFS as my weapon of choice for a good three or four years, but you and your laptop should feel free to carry on.
Well thank goodness you don't have a big ego on top of everything else... sheesh.
I'll admit that I was wrong in that it's possible to 'xfs_check' and 'xfs_repair -d ' a filesystem mounted read-only, but I tried it and see erroneous errors from xfs_check that aren't there when the filesystem isn't mounted at all, so I think it's the wrong way to go. [I tested it, see a reply to another commenter who was more respectful.]
If you want to actually help, don't start out commenting with "no you don't".
[root@host ~]# mount/dev/sdb5/mnt/test [root@host ~]# mount -o remount,ro/dev/sdb5 [root@host ~]# xfs_repair -d/dev/sdb5 Phase 1 - find and verify superblock... Phase 2 - using internal log
- zero log...
- scan filesystem freespace and inode maps.......
so boot to single user mode with a readonly root, grab the console, and off you go, same as, say, ext3.
Try it with LUKS encryption on top. See a further reply from me to another commenter where I detail what happens when I try it. The results are not like the above.
You have your root filesystem mounted read only and then run xfs_repair on it. Sometimes getting your root filesystem remounted read-only can be tricky, however. Sometimes this requires passing init=/bin/sh to the kernel, so you start with no other processes running. However you go about getting your root filesystem mounted read only, after you run xfs_repair(or e2fsck for that matter really) you reboot immediately.
Just tested it [on the box in which I'm using XFS on top of LUKS encyryption], and I didn't like the results. grub2 by default on Debian makes a "recovery" boot option to boot into single user mode, but even with this as you mention it's required to modify the boot option and add init=/bin/sh in order to actually be able to mount the root filesystem read-only. However after finally succeeding in diong this, xfs_check reports about a full screen of errors concerning file and directory link counts, which all appear simply to be due to the filesystem being mounted and in use. When using a Knoppix CD (v6.4.4) and after using 'cryptsetup luksOpen ' to decrypt the root partition, xfs_check reports no errors at all. [And I did run xfs_repair anyway just to double-check in the latter case, and no errors were found.]
Furthermore, upon trying to reboot from or exit the single-user mode, I got an error related to "trying to kill init" immediately followed by a kernel panic.
So I'll admit that I was wrong and that it is possible to run xfs_repair on an XFS filesystem read-only, but I really don't like the results and I highly don't recommend it.
Stop trying to oversimply things you don't understand.
Perhaps you don't understand things as well as you think you do. See the section below regarding the -d option to xfs_repair and the context in which you'd use it.
-d Repair dangerously. Allow xfs_repair to repair an XFS filesystem mounted read only. This is typically done on a root fileystem from single user mode, immediately followed by a reboot.
I had tried it before and IIRC I had lots of trouble getting the filesystem mounted read-only, and had confusing and poor results when I finally did get it mounted read-only. All I remembered clearly in my mind was "it really didn't work", and having gone through it again I still think it doesn't. You can judge for yourself what you think I know or not.;-)
In other words, if you want to run xfs_repair, you need to do it after booting a LiveCD of some kind.
No you don't. Either force unmount the filesystem, or if you deem that too dangerous, boot into single user mode.
? I use XFS for the root filesystem. Tell me how I can completely umount it and then run xfs_repair -- which has to be read from the same filesystem I just umounted.
Stop trying to oversimply things you don't understand.
I set up an xfs volume a couple years back. After copying a few files over nfs, it became corrupted. the xfs fsck did something -- it told me that it was so corrupted, it couldn't be fixed.
I think you mean xfs_repair. On XFS, fsck is a no-op.
I've never yet seen xfs_repair tell me there was an issue it couldn't fix -- that sounds unusual. However there have been lots of changes to XFS in the Linux kernel in recent years, and occasionally there has been a few nasty bugs, some of which I ran into. Linux-2.6.19 in particular had some nasty XFS filesystem corruption bugs.
When I had some EBS problems a couple years ago, I figured I would run xfs_check. It seemed to do absolutely nothing, even if there were disks known to be bad in the md array. xfs is nice and fast, but I haven't seen the xfs_check or xfs_repair to do either of the things I'd assume they'd do -- check and repair. I found it easier to delete the volumes and start from scratch, because any compromised xfs filesystem seems to be totally unfixable. Is fsck for xfs new?
It's not you; xfs_repair will only operate on a filesystem that is not mounted at all. In other words, if you want to run xfs_repair, you need to do it after booting a LiveCD of some kind. Even when using the -d option for "dangerous" which implies that it will operate on a filesystem mounted read-only, xfs_repair will refuse and simply quit.
However once you do boot a LiveCD and run xfs_repair, it does actaully repair an XFS filesystem. For obvious reasons this is critical to be able to do, because any improper shutdown without unmounting first will corrupt an XFS filesystem.
I've been running XFS for several years on my laptop, and recently even use XFS on top of encypted LUKS. This is probably a fairly rare setup but I can't find anything better because I like the speed the XFS filesystem allows. Using XFS I'm able to transfer 40 MiB/s solid via FTP over 1Gb ethernet even with LUKS encyption, but can't get any more than about 30 MiB/s (and which speed varies) when using EXT4. However I know EXT4 is safer to use.
The only thing I (sort of) regret) was to use XFS on a remote server. If the power drops I'll have to have the ISP give me a remote KVM connection over IP and tell them to insert a Linux LiveCD to allow me to recover the XFS filesystems. That's a bit inconvenient -- however thankfully the ISP the box is hosted with (CoreNetworks.net) will actually do all of that at no cost, so I can at least deal with the problem if it ever happens.
Ralph Nader? The guy who created mandatory seatbelt laws at the behest of the insurance companies, while claiming it was in the public good (because Nader knows best)? He's among the worst of the worst.
That's your agument? Look, I'm not a fan of the "nanny state" either, but have you seen the result of a car accident when someone isn't wearing their seatbelt? It isn't pretty. Basically it boils down to (mostly) a list of bad endings: a) the person ripping their own face off after it smashed into the windshield, b) destroying of their knees after they smashed into the dashboard, c) the steering wheel breaking away (as it's designed to do) and the center shaft smashing into the driver's chest, d) the driver being thrown around the car and ending up apart and spread across several places, e) the driver being incredibly lucky to be thrown out the driver or passenger window during a side impact like the car being wrapped around a telephone pole.
I've seen all of these. After a "b" accident I was asked by the driver to "please pull the piece of glass out of my leg, it's killing me" -- and the "piece of glass" turned out to be thier own broken bone sticking out of her leg. That gave me nightmares for weeks.
And you want me to hate Ralph Nader because he made seatbelts manditory. sigh. That's not working for me; I want to see people at least in one piece after a car accident. Do you have a better argument?
At least a protest vote for libertarians is still a protest vote, even if they are insane. A protest vote for Nader is like shopping at Sams Club because you think Walmart behaves badly.
You've ignored that I said "or another Independent runner". The point is to vote for someone outside of the two-party system, and choosing specifically who using your own judgement. And preferably someone not insane. Geez.
I think the main difference between "hacker" and "engineer" is the level of detail and concerns on corner cases that you want your code to be able to handle and/or tolerate. Having worked as an engineer for some years, basically I boil down the job to three things -- 1) good clear communication of what the problem to solve actually is, 2) solving the problem such that the solution "meets spec", 3) trying to make sure that the solution continues to work within tolerance in any typical adverse conditions the solution needs to handle. Occasionally you may need to do some kind of formal verification that the solution will be wtihin tolerance in typical adverse conditions. With programming this verification might involve a test suite, code review, fuzzy input testing, memory leak testing, security audit, etc.
But in your particular situation it sounds like you're going to learn what you need on your own on the job one way or the other, so for now I'd say just relax and figure out what you need when you get there. i.e. I think you might be over-thinking this right now.;-)
I can't speak for your installation. I have a Debian remote server without X installed, without xvfb installed, and I can run xterm from it on my local X server without problem.
Hmm okay then I'll try it again. I had set this up when Etch was new, so maybe things have changed since then. If so, that's good. Thx.
Yeah, I tried turning off RPC too on Windows XP back in 2003 or 2004. I was following a classic piece of security advice -- "turn off unnecessary services, especially network-facing ones." To this day I'm not exactly sure what RPC does, and to my mind the very name "remote procedure call" invokes an image of unending security nightmares just waiting to happen. (The ability for an attacker to call procedures remotely is practically the definition of "security vulnerability.")
I had turned of RPC for the same reason -- usually this was recommended to be turned off on Linux boxes (and removal of the 'portmap' package) at the time. I still remove portmap / RPC where possible -- which last I checked wasn't possible on Windows. Maybe it will be in Windows 8?
In order to run an X program on a headless box on Debian I had to install xvfb (which is a "fake" X server), which pulled in x11-common, xserver-common, xauth, and a few other minor X packages. It's certainly not "full X", but it's enough of X that I'm not sure I can say I'm not installing X.
Generally, no, you don't have to install xvfb. There are apparently some badly designed X clients that somehow manage to require a pseudo-X server local to them, even though they're not using it, but properly designed ones (the vast majority) do not.
That's what I had to install to even get 'xterm' to run, and IIRC I wasn't able to ssh X forward to a 2nd box through the 1st one without installing these packages, either. Can you give me an example of a program that works with X forwarding without xvfb installed?
In fact, it's not even appropriate to say you're installing X on the remote host, because you're not. X is on your desktop machine, the remote host just runs an X client that accesses it.
In order to run an X program on a headless box on Debian I had to install xvfb (which is a "fake" X server), which pulled in x11-common, xserver-common, xauth, and a few other minor X packages. It's certainly not "full X", but it's enough of X that I'm not sure I can say I'm not installing X.
The question I (personally) have is how safe X forwarding over ssh is.
It's data run over an encrypted ssh connection. The remote host is not accepting any connections other than the one you used to start your ssh session to do this. Your desktop is not accepting any connections at all to this. It's not any different in any essential security aspect from using scp to copy files.
Sounds right. As lindi mentions there's a local port for X that could be compromised with root access, but that's not something I'm worried about, because the second an attacker has root access the game is over regardless.
Years ago I was running a Windows Desktop and I made the mistake of turnning of the RPC service, after which the entire GUI in Windows broke (no new windows could be opened). I'm assuming that if no GUI is running and there's no services running that require RPC (like NFS) that the RPC service could be turned off. [And will Win8 require RPC to allow GUI functionality?]
As someone who's done Linux server admin for more than a decade, this decision on Microsoft's part somehow seems a bit obvious... but the correct path for the long-term.
Yes, it's easy to install X11 on a Linux server - but it's also generally a stupid thing to do, security-wise, if your server is internet-facing.
In general you're probably right, but it's not necessarily the case. You can install X11 without it actually running a GUI so that in a pinch you can run a GUI program via ssh X forwarding when you have to. This works even on headless machines. The question I (personally) have is how safe X forwarding over ssh is.
What Mr Popovkin is suspicious of is the fact that the failures occur during the time the spacecraft is flying over US territory. And if for some reason the US wanted to damage the receiver of the satellite, that is possible using HPM (High Power Microwave) unless the receiver is specifically designed to defend against that by using limiter diodes between the receiver and the antenna. The only issue is that these protection techniques introduce additional loss, usually on the order of 1 or 2dB, which makes the receiver's front-end preamplifier less sensitive and directly adds to the receiver noise figure. https://en.wikipedia.org/wiki/Noise_figure
There are other naturally occurring HPM events though, such as lightning strikes in the Earth atmosphere. The satellite antenna looking down on the Earth receives those broadband HPM events too, if they occur within the beamwidth of the antenna (or the antenna sidelobes).
But why would the US want to damage a Russian Mars probe? That doesn't seem to be something that would be in the US's interest.
They apparently plan to replace it with an empty package.
Huh! Ewww. That... kinda sucks, as it would break machines unless the empty package also has a dependency on OpenJDK to cause it to be installed. I guess a temporary "fix" would be to put a HOLD on the current Sun Java6 package if you really want to keep it. That probably won't work forever, though, because eventually the other packages may have a dependency on OpenJDK unless they continue the virtual package dependency that is currently used at least in Debian.
If they actually do go to that length then they must be desperate to see Java6 de-installed... maybe for licensing/monetary reasons? I've never seen an empty package put in place of a real one before like this.
I agree that it takes some effort and there's a learning curve to doing it. Might help if others had a reference with some step-by step instructions, I suppose -- and I found this:
Second - What the hell are they going to replace it with? Are they saying you have to download and install Java manually? OpenJDK supposedly doesn't work with all things.
That's true; there are certain known issues with OpenJDK and basically Oracle is saying "it'll just have to do".
Third - What does this mean for Ubuntu derivatives like Mint? Are they going to have to pull the jdk as well?
Yes, and that's exactly what's been happening, because there's no other choice.
No, they're just going to remove it. If you want OpenJDK, you have to install that by hand.
I don't think the Debian pacakge management system has support to allow Cononical to force remove a package. [At least AFAIK.] It's much more likely that what they'll do is modify the control file for OpenJDK with "replaces: sun-java-6" so that any installation of OpenJDK will replace Sun Java6, but that still won't force an installation of OpenJDK to cause the replacement to ocurr. And it's very unlikely for Cononical to mark the OpenJDK pacakge as "essential", and AFAIK that's the only way that a forced installation of OpenJDK could happen.
All other free software distributions are having to remove Sun Java6 from their repositories due to the same licensing problems, so the fact that Ubuntu had to do this too wasn't unexpected.
If you have a rented server somewhere running a DNS server, then the usual suggestion I make is to roll your own dynamic DNS. Before somone says "but my router only supports DyDNS", there are solutions that can allow you to update your own dynamic DNS anyway -- the main trick is getting your public IP address. If you also run your own web server, it's quite simple to create a web page like "whatismyip" in PHP:
And from there you can make a custom shell script that checks your public IP, compares it with what your DNS server has for the entry, and then update your DNS server if needed. This doesn't need to be done at the router -- it can be done through it if necessary. If you run Bind9, look at the 'nsupdate' utility -- and of particular note, it's possible to do this dynamic DNS update via TCP rather than UDP. That way you can guarantee that the update will get there. AFAIK all of the popular DNS servers have a way of doing dynamic DNS updates such that they don't have to be done right at the router.
It's more convenient to do this at the router, though, because the router is on all the time and desktops/laptops aren't. So if you really want to also run a custom router to do the job for you, you might like the Alix hardware such as this:
Because I hadn't found it! The OP wants "real Debian" and not a Chroot (and has commented nicely to say so), but I am probably going to go with this DebianChroot. Thanks for pointing it out.
Slashdot Mirror
Hey, I wasn't the one being wrong and calling people dumb.
Where did you get the impression I wanted to help? You were just wrong. Get over it.
I am over it. And you're not helpful at all.
Well gee I dunno brain, I've only been a professional sysadmin for a decade and been using XFS as my weapon of choice for a good three or four years, but you and your laptop should feel free to carry on.
Well thank goodness you don't have a big ego on top of everything else... sheesh.
I'll admit that I was wrong in that it's possible to 'xfs_check' and 'xfs_repair -d ' a filesystem mounted read-only, but I tried it and see erroneous errors from xfs_check that aren't there when the filesystem isn't mounted at all, so I think it's the wrong way to go. [I tested it, see a reply to another commenter who was more respectful.]
If you want to actually help, don't start out commenting with "no you don't".
Check it:
[root@host ~]# mount /dev/sdb5 /mnt/test /dev/sdb5 /dev/sdb5
[root@host ~]# mount -o remount,ro
[root@host ~]# xfs_repair -d
Phase 1 - find and verify superblock...
Phase 2 - using internal log
- zero log...
- scan filesystem freespace and inode maps... ....
so boot to single user mode with a readonly root, grab the console, and off you go, same as, say, ext3.
Try it with LUKS encryption on top. See a further reply from me to another commenter where I detail what happens when I try it. The results are not like the above.
You have your root filesystem mounted read only and then run xfs_repair on it. Sometimes getting your root filesystem remounted read-only can be tricky, however. Sometimes this requires passing init=/bin/sh to the kernel, so you start with no other processes running. However you go about getting your root filesystem mounted read only, after you run xfs_repair(or e2fsck for that matter really) you reboot immediately.
Just tested it [on the box in which I'm using XFS on top of LUKS encyryption], and I didn't like the results.
grub2 by default on Debian makes a "recovery" boot option to boot into single user mode, but even with this as you mention it's required to modify the boot option and add init=/bin/sh in order to actually be able to mount the root filesystem read-only. However after finally succeeding in diong this, xfs_check reports about a full screen of errors concerning file and directory link counts, which all appear simply to be due to the filesystem being mounted and in use. When using a Knoppix CD (v6.4.4) and after using 'cryptsetup luksOpen ' to decrypt the root partition, xfs_check reports no errors at all. [And I did run xfs_repair anyway just to double-check in the latter case, and no errors were found.]
Furthermore, upon trying to reboot from or exit the single-user mode, I got an error related to "trying to kill init" immediately followed by a kernel panic.
So I'll admit that I was wrong and that it is possible to run xfs_repair on an XFS filesystem read-only, but I really don't like the results and I highly don't recommend it.
Perhaps you don't understand things as well as you think you do. See the section below regarding the -d option to xfs_repair and the context in which you'd use it.
-d Repair dangerously. Allow xfs_repair to repair an XFS filesystem mounted read only. This is typically done on a root fileystem from single user mode, immediately followed by a reboot.
I had tried it before and IIRC I had lots of trouble getting the filesystem mounted read-only, and had confusing and poor results when I finally did get it mounted read-only. All I remembered clearly in my mind was "it really didn't work", and having gone through it again I still think it doesn't. You can judge for yourself what you think I know or not. ;-)
No you don't. Either force unmount the filesystem, or if you deem that too dangerous, boot into single user mode.
? I use XFS for the root filesystem. Tell me how I can completely umount it and then run xfs_repair -- which has to be read from the same filesystem I just umounted.
Stop trying to oversimply things you don't understand.
I set up an xfs volume a couple years back. After copying a few files over nfs, it became corrupted. the xfs fsck did something -- it told me that it was so corrupted, it couldn't be fixed.
I think you mean xfs_repair. On XFS, fsck is a no-op.
I've never yet seen xfs_repair tell me there was an issue it couldn't fix -- that sounds unusual. However there have been lots of changes to XFS in the Linux kernel in recent years, and occasionally there has been a few nasty bugs, some of which I ran into. Linux-2.6.19 in particular had some nasty XFS filesystem corruption bugs.
When I had some EBS problems a couple years ago, I figured I would run xfs_check. It seemed to do absolutely nothing, even if there were disks known to be bad in the md array. xfs is nice and fast, but I haven't seen the xfs_check or xfs_repair to do either of the things I'd assume they'd do -- check and repair. I found it easier to delete the volumes and start from scratch, because any compromised xfs filesystem seems to be totally unfixable. Is fsck for xfs new?
It's not you; xfs_repair will only operate on a filesystem that is not mounted at all. In other words, if you want to run xfs_repair, you need to do it after booting a LiveCD of some kind. Even when using the -d option for "dangerous" which implies that it will operate on a filesystem mounted read-only, xfs_repair will refuse and simply quit.
However once you do boot a LiveCD and run xfs_repair, it does actaully repair an XFS filesystem. For obvious reasons this is critical to be able to do, because any improper shutdown without unmounting first will corrupt an XFS filesystem.
I've been running XFS for several years on my laptop, and recently even use XFS on top of encypted LUKS. This is probably a fairly rare setup but I can't find anything better because I like the speed the XFS filesystem allows. Using XFS I'm able to transfer 40 MiB/s solid via FTP over 1Gb ethernet even with LUKS encyption, but can't get any more than about 30 MiB/s (and which speed varies) when using EXT4. However I know EXT4 is safer to use.
The only thing I (sort of) regret) was to use XFS on a remote server. If the power drops I'll have to have the ISP give me a remote KVM connection over IP and tell them to insert a Linux LiveCD to allow me to recover the XFS filesystems. That's a bit inconvenient -- however thankfully the ISP the box is hosted with (CoreNetworks.net) will actually do all of that at no cost, so I can at least deal with the problem if it ever happens.
My favorite analogy, which seems sort of fitting:
optimist: "the glass is half full" ;-)
pessimist: "the glass is half empty"
engineer: "the glass is twice the size it needs to be"
Ralph Nader? The guy who created mandatory seatbelt laws at the behest of the insurance companies, while claiming it was in the public good (because Nader knows best)? He's among the worst of the worst.
That's your agument? Look, I'm not a fan of the "nanny state" either, but have you seen the result of a car accident when someone isn't wearing their seatbelt? It isn't pretty. Basically it boils down to (mostly) a list of bad endings: a) the person ripping their own face off after it smashed into the windshield, b) destroying of their knees after they smashed into the dashboard, c) the steering wheel breaking away (as it's designed to do) and the center shaft smashing into the driver's chest, d) the driver being thrown around the car and ending up apart and spread across several places, e) the driver being incredibly lucky to be thrown out the driver or passenger window during a side impact like the car being wrapped around a telephone pole.
I've seen all of these. After a "b" accident I was asked by the driver to "please pull the piece of glass out of my leg, it's killing me" -- and the "piece of glass" turned out to be thier own broken bone sticking out of her leg. That gave me nightmares for weeks.
And you want me to hate Ralph Nader because he made seatbelts manditory. sigh. That's not working for me; I want to see people at least in one piece after a car accident. Do you have a better argument?
At least a protest vote for libertarians is still a protest vote, even if they are insane. A protest vote for Nader is like shopping at Sams Club because you think Walmart behaves badly.
You've ignored that I said "or another Independent runner". The point is to vote for someone outside of the two-party system, and choosing specifically who using your own judgement. And preferably someone not insane. Geez.
I think the main difference between "hacker" and "engineer" is the level of detail and concerns on corner cases that you want your code to be able to handle and/or tolerate. Having worked as an engineer for some years, basically I boil down the job to three things -- 1) good clear communication of what the problem to solve actually is, 2) solving the problem such that the solution "meets spec", 3) trying to make sure that the solution continues to work within tolerance in any typical adverse conditions the solution needs to handle. Occasionally you may need to do some kind of formal verification that the solution will be wtihin tolerance in typical adverse conditions. With programming this verification might involve a test suite, code review, fuzzy input testing, memory leak testing, security audit, etc.
But in your particular situation it sounds like you're going to learn what you need on your own on the job one way or the other, so for now I'd say just relax and figure out what you need when you get there. i.e. I think you might be over-thinking this right now. ;-)
Ralph Nader, or another Independent runner. Because with the two-party system "the only way to win is not to play".
Or at least at present that's the best suggestion I've got.
I can't speak for your installation. I have a Debian remote server without X installed, without xvfb installed, and I can run xterm from it on my local X server without problem.
Hmm okay then I'll try it again. I had set this up when Etch was new, so maybe things have changed since then. If so, that's good. Thx.
Yeah, I tried turning off RPC too on Windows XP back in 2003 or 2004. I was following a classic piece of security advice -- "turn off unnecessary services, especially network-facing ones." To this day I'm not exactly sure what RPC does, and to my mind the very name "remote procedure call" invokes an image of unending security nightmares just waiting to happen. (The ability for an attacker to call procedures remotely is practically the definition of "security vulnerability.")
I had turned of RPC for the same reason -- usually this was recommended to be turned off on Linux boxes (and removal of the 'portmap' package) at the time. I still remove portmap / RPC where possible -- which last I checked wasn't possible on Windows. Maybe it will be in Windows 8?
Generally, no, you don't have to install xvfb. There are apparently some badly designed X clients that somehow manage to require a pseudo-X server local to them, even though they're not using it, but properly designed ones (the vast majority) do not.
That's what I had to install to even get 'xterm' to run, and IIRC I wasn't able to ssh X forward to a 2nd box through the 1st one without installing these packages, either. Can you give me an example of a program that works with X forwarding without xvfb installed?
In fact, it's not even appropriate to say you're installing X on the remote host, because you're not. X is on your desktop machine, the remote host just runs an X client that accesses it.
In order to run an X program on a headless box on Debian I had to install xvfb (which is a "fake" X server), which pulled in x11-common, xserver-common, xauth, and a few other minor X packages. It's certainly not "full X", but it's enough of X that I'm not sure I can say I'm not installing X.
It's data run over an encrypted ssh connection. The remote host is not accepting any connections other than the one you used to start your ssh session to do this. Your desktop is not accepting any connections at all to this. It's not any different in any essential security aspect from using scp to copy files.
Sounds right. As lindi mentions there's a local port for X that could be compromised with root access, but that's not something I'm worried about, because the second an attacker has root access the game is over regardless.
Years ago I was running a Windows Desktop and I made the mistake of turnning of the RPC service, after which the entire GUI in Windows broke (no new windows could be opened). I'm assuming that if no GUI is running and there's no services running that require RPC (like NFS) that the RPC service could be turned off. [And will Win8 require RPC to allow GUI functionality?]
As someone who's done Linux server admin for more than a decade, this decision on Microsoft's part somehow seems a bit obvious... but the correct path for the long-term.
Yes, it's easy to install X11 on a Linux server - but it's also generally a stupid thing to do, security-wise, if your server is internet-facing.
In general you're probably right, but it's not necessarily the case. You can install X11 without it actually running a GUI so that in a pinch you can run a GUI program via ssh X forwarding when you have to. This works even on headless machines. The question I (personally) have is how safe X forwarding over ssh is.
What Mr Popovkin is suspicious of is the fact that the failures occur during the time the spacecraft is flying over US territory. And if for some reason the US wanted to damage the receiver of the satellite, that is possible using HPM (High Power Microwave) unless the receiver is specifically designed to defend against that by using limiter diodes between the receiver and the antenna. The only issue is that these protection techniques introduce additional loss, usually on the order of 1 or 2dB, which makes the receiver's front-end preamplifier less sensitive and directly adds to the receiver noise figure. https://en.wikipedia.org/wiki/Noise_figure
There are other naturally occurring HPM events though, such as lightning strikes in the Earth atmosphere. The satellite antenna looking down on the Earth receives those broadband HPM events too, if they occur within the beamwidth of the antenna (or the antenna sidelobes).
But why would the US want to damage a Russian Mars probe? That doesn't seem to be something that would be in the US's interest.
They apparently plan to replace it with an empty package.
Huh! Ewww. That... kinda sucks, as it would break machines unless the empty package also has a dependency on OpenJDK to cause it to be installed. I guess a temporary "fix" would be to put a HOLD on the current Sun Java6 package if you really want to keep it. That probably won't work forever, though, because eventually the other packages may have a dependency on OpenJDK unless they continue the virtual package dependency that is currently used at least in Debian.
If they actually do go to that length then they must be desperate to see Java6 de-installed... maybe for licensing/monetary reasons? I've never seen an empty package put in place of a real one before like this.
I agree that it takes some effort and there's a learning curve to doing it. Might help if others had a reference with some step-by step instructions, I suppose -- and I found this:
http://www.coredump.us/index.php?n=Main.Alix2c3WithDebianSqueeze
First - I want to see in the license where it requires them to pull it
off systems.
This was followable via the links in the original article.
Oracle has ended the DLJ, the "Distributor License for Java".
http://jdk-distros.java.net/
http://robilad.livejournal.com/90792.html
Second - What the hell are they going to replace it with? Are they saying
you have to download and install Java manually? OpenJDK
supposedly doesn't work with all things.
That's true; there are certain known issues with OpenJDK and basically Oracle is saying "it'll just have to do".
Third - What does this mean for Ubuntu derivatives like Mint? Are they
going to have to pull the jdk as well?
Yes, and that's exactly what's been happening, because there's no other choice.
No, they're just going to remove it. If you want OpenJDK, you have to install that by hand.
I don't think the Debian pacakge management system has support to allow Cononical to force remove a package. [At least AFAIK.] It's much more likely that what they'll do is modify the control file for OpenJDK with "replaces: sun-java-6" so that any installation of OpenJDK will replace Sun Java6, but that still won't force an installation of OpenJDK to cause the replacement to ocurr. And it's very unlikely for Cononical to mark the OpenJDK pacakge as "essential", and AFAIK that's the only way that a forced installation of OpenJDK could happen.
All other free software distributions are having to remove Sun Java6 from their repositories due to the same licensing problems, so the fact that Ubuntu had to do this too wasn't unexpected.
If you have a rented server somewhere running a DNS server, then the usual suggestion I make is to roll your own dynamic DNS. Before somone says "but my router only supports DyDNS", there are solutions that can allow you to update your own dynamic DNS anyway -- the main trick is getting your public IP address. If you also run your own web server, it's quite simple to create a web page like "whatismyip" in PHP:
(start PHP here)
echo $_SERVER['REMOTE_ADDR'];
(stop PHP here)
And from there you can make a custom shell script that checks your public IP, compares it with what your DNS server has for the entry, and then update your DNS server if needed. This doesn't need to be done at the router -- it can be done through it if necessary. If you run Bind9, look at the 'nsupdate' utility -- and of particular note, it's possible to do this dynamic DNS update via TCP rather than UDP. That way you can guarantee that the update will get there. AFAIK all of the popular DNS servers have a way of doing dynamic DNS updates such that they don't have to be done right at the router.
It's more convenient to do this at the router, though, because the router is on all the time and desktops/laptops aren't. So if you really want to also run a custom router to do the job for you, you might like the Alix hardware such as this:
http://pcengines.ch/alix2d3.htm
Debian runs nicely on the Alix hardware directly, using a kernel for a 486.
I did ask not for chroot. :)
Yes you asked for "real Debian". I understand/understood what you want, I just don't know any better way to get there at the moment.
Since the asker wanted debian specifically, why not link to the chroot for debian? http://www.webos-internals.org/wiki/DebianChroot
Because I hadn't found it! The OP wants "real Debian" and not a Chroot (and has commented nicely to say so), but I am probably going to go with this DebianChroot. Thanks for pointing it out.