FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 11-20-2007, 01:52 PM
"Loye Young"
 
Default Server issues

I can't be at the meeting today, but I have two issues that trouble me.


AVAHI
I absolutely hate avahi. I don't want my machines to be advertising
services and trying to find them, especially when I am running a
server that's connected straight to the Internet. But getting avahi
off a system is harder than I expected, especially since avahi doesn't
seem to have good documentation.
(1) Should avahi ever be on a production server that's exposed to the net?
(2) Is there any documentation on how to get it off the system and
still leave the system in a usable and upgradeable state?

DOCUMENTATION
Every package should have a man page as a matter of course, because
the manpage system is the standard documentation This is especially so
in a command-line only environment. manpage-alert tells me that about
10% of the packages on my server, and 20% of the packages on my Ubuntu
desktop machines, don't have man pages. Substantially all of the
missing man pages are from packages that are maintained by the Ubuntu
community. Debian policy requires man pages before including the
package in the repositories. Every once in a while, some slip into the
repos without the man pages, but mostly Debian does a good job of
requiring this basic level of documentation.

Happy Trails,

Loye Young
Isaac & Young Computer Company
Laredo, Texas
http://www.iycc.biz

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 02:15 PM
"Sebastien Estienne"
 
Default Server issues

On Nov 20, 2007 3:52 PM, Loye Young <loye.young@iycc.net> wrote:
> I can't be at the meeting today, but I have two issues that trouble me.
>
>
> AVAHI
> I absolutely hate avahi. I don't want my machines to be advertising
> services and trying to find them, especially when I am running a
> server that's connected straight to the Internet. But getting avahi
> off a system is harder than I expected, especially since avahi doesn't
> seem to have good documentation.
> (1) Should avahi ever be on a production server that's exposed to the net?
> (2) Is there any documentation on how to get it off the system and
> still leave the system in a usable and upgradeable state?

About not starting avahi-daemon: (this is ubuntu/debian specific)
sebest@delly2:~$ cat /etc/default/avahi-daemon
# 0 = don't start, 1 = start
AVAHI_DAEMON_START=1

set it to 0 and then sudo /etc/init.d/avahi-daemon stop
Now on avahi-daemon will never start again

If you only want avahi to publish nothing, just read the manpage:
avahi-daemon.conf it is in the "SEE ALSO" of avahi-daemon
disable-publishing=yes

there are a lot of other well documented options to fit your needs

About documentation, i think that every avahi tools has a manpage
sebest@delly2:~$ man avahi-
avahi-autoipd avahi-autoipd.action avahi-daemon
avahi-daemon.conf

On avahi website:
http://avahi.org/wiki/Avah4users#Documentation

So what is the missing documentation in avahi?

>
> DOCUMENTATION
> Every package should have a man page as a matter of course, because
> the manpage system is the standard documentation This is especially so
> in a command-line only environment. manpage-alert tells me that about
> 10% of the packages on my server, and 20% of the packages on my Ubuntu
> desktop machines, don't have man pages. Substantially all of the
> missing man pages are from packages that are maintained by the Ubuntu
> community. Debian policy requires man pages before including the
> package in the repositories. Every once in a while, some slip into the
> repos without the man pages, but mostly Debian does a good job of
> requiring this basic level of documentation.
>
> Happy Trails,
>
> Loye Young
> Isaac & Young Computer Company
> Laredo, Texas
> http://www.iycc.biz
>
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



--
Sebastien Estienne

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 02:56 PM
"Loye Young"
 
Default Server issues

> About documentation, i think that every avahi tools has a manpage
> sebest@delly2:~$ man avahi-
> avahi-autoipd * * * * avahi-autoipd.action *avahi-daemon
> avahi-daemon.conf


<code>
loyeyoung@homer
:~$ man avahi*
No manual entry for avahi
loyeyoung@homer:~$
man avahi-daemon* # This does have a man page, but it doesn't explain
much to someone who doesn't already know
loyeyoung@homer:~$ man avahi-autoipd

No manual entry for avahi-autoipd
loyeyoung@homer:~$ man avahi-autoipd.action
No manual entry for avahi-autoipd.action
loyeyoung@homer:~$
man avahi-daemon.conf # This does have a man page, but it doesn't
explain much to someone who doesn't already know

</code>

> About not starting avahi-daemon: (this is ubuntu/debian specific)
<snip details>
(1) Your comments are helpful and should be easily accessible in the documentation.

(2)
AVAHI_DAEMON_START=0 should be default, IMHO. Better yet, avahi
shouldn't be on the system at all unless specifically installed. At most, it should be
a "Suggested" dependency.

(3) Still doesn't explain how to get avahi off the machine and leave it in a usable and upgradeable state.

> So what is the missing documentation in avahi?
(1) See above.

(2)
How it interacts with and overrides (some would argue "hijacks") the
normal Debian networking system of ifupdown, /etc/network/interfaces,
etc.

(3) What the jargon in the documentation means. E.g., the
following line from the avahi-daemon manpage is unintelligible to
someone who doesn't already know the avahi system:
****** " The* daemon* registers local* IP addresses and static services using mDNS/DNS-SD and provides

****** two IPC APIs for local programs to make use of the mDNS* record* cache the* avahi-daemon maintains. "
Whoever wrote this must have an affinity for tax regulations under the U.S. Internal Revenue Code. ;-)


--
Loye Young
Isaac & Young Computer Company
Laredo, Texas
(956) 857-1172
loye.young@iycc.net
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 03:06 PM
"Loye Young"
 
Default Server issues

BTW--
My comments on documentation are independent of my comments for Avahi and apply to the system as a whole.

On Nov 20, 2007 8:52 AM, Loye Young <
loye.young@iycc.net> wrote:
I can't be at the meeting today, but I have two issues that trouble me.



AVAHI
I absolutely hate avahi. I don't want my machines to be advertising
services and trying to find them, especially when I am running a
server that's connected straight to the Internet. But getting avahi

off a system is harder than I expected, especially since avahi doesn't
seem to have good documentation.
(1) Should avahi ever be on a production server that's exposed to the net?
(2) Is there any documentation on how to get it off the system and

still leave the system in a usable and upgradeable state?

DOCUMENTATION
Every package should have a man page as a matter of course, because
the manpage system is the standard documentation This is especially so

in a command-line only environment. manpage-alert tells me that about
10% of the packages on my server, and 20% of the packages on my Ubuntu
desktop machines, don't have man pages. Substantially all of the

missing man pages are from packages that are maintained by the Ubuntu
community. Debian policy requires man pages before including the
package in the repositories. Every once in a while, some slip into the
repos without the man pages, but mostly Debian does a good job of

requiring this basic level of documentation.

Happy Trails,

Loye Young
Isaac & Young Computer Company
Laredo, Texas
http://www.iycc.biz



--
Loye Young
Isaac & Young Computer Company
Laredo, Texas
(956) 857-1172
loye.young@iycc.net
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 03:29 PM
Scott Kitterman
 
Default Server issues

On Tuesday 20 November 2007 10:56, Loye Young wrote:

> > About not starting avahi-daemon: (this is ubuntu/debian specific)
>
> <snip details>
> (1) Your comments are helpful and should be easily accessible in the
> documentation.
> (2) AVAHI_DAEMON_START=0 should be default, IMHO. Better yet, avahi
> shouldn't be on the system at all unless specifically installed. At most,
> it should be a "Suggested" dependency.
> (3) Still doesn't explain how to get avahi off the machine and leave it in
> a usable and upgradeable state.

Agreed. IMO it's in technical compliance with no open ports by default, but
really stretches the spirit of it.

> > So what is the missing documentation in avahi?
>
> (1) See above.
> (2) How it interacts with and overrides (some would argue "hijacks") the
> normal Debian networking system of ifupdown, /etc/network/interfaces, etc.
> (3) What the jargon in the documentation means. E.g., the following line
> from the avahi-daemon manpage is unintelligible to someone who doesn't
> already know the avahi system:
> " The daemon registers local IP addresses and static services
> using mDNS/DNS-SD and provides
> two IPC APIs for local programs to make use of the mDNS record
> cache the avahi-daemon maintains. "
> Whoever wrote this must have an affinity for tax regulations under the U.S.
> Internal Revenue Code. ;-)

Personally I'd rather stay entirely away from it. The entire mDNS idea is a
gross DNS hack that ends up piling .local queries up against the DNS roots.

Scott K

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 03:36 PM
"Sebastien Estienne"
 
Default Server issues

On Nov 20, 2007 4:54 PM, Loye Young <loye.young@iycc.net> wrote:
> > About documentation, i think that every avahi tools has a manpage
> > sebest@delly2:~$ man avahi-
> > avahi-autoipd avahi-autoipd.action avahi-daemon
> > avahi-daemon.conf
>
> <code>
> loyeyoung@homer :~$ man avahi
> No manual entry for avahi
> loyeyoung@homer:~$ man avahi-daemon # This does have a man page, but it
> doesn't explain much to someone who doesn't already know
> loyeyoung@homer:~$ man avahi-autoipd
> No manual entry for avahi-autoipd
> loyeyoung@homer:~$ man avahi-autoipd.action
> No manual entry for avahi-autoipd.action
> loyeyoung@homer:~$ man avahi-daemon.conf # This does have a man page, but it
> doesn't explain much to someone who doesn't already know
> </code>
>
>
> > About not starting avahi-daemon: (this is ubuntu/debian specific)
> <snip details>
> (1) Your comments are helpful and should be easily accessible in the
> documentation.
It's a community effort, you can now add this information to the documentation.

> (2) AVAHI_DAEMON_START=0 should be default, IMHO. Better yet, avahi
This is your opinion, some people doesn't agree, that's why it's
possible to disable it.

> shouldn't be the system at all unless installed. At most, it should be a
> "Suggested" dependency.
> (3) Still doesn't explain how to get avahi off the machine and leave it in a
> usable and upgradeable state.
Some part of an OS can't be removed (i don't know if it's the case for
avahi) without breaking the system in some way.
Why do you want to "remove" it, disabling it is not enough?

>
>
> > So what is the missing documentation in avahi?
> (1) See above.
> (2) How it interacts with and overrides (some would argue "hijacks") the
> normal Debian networking system of ifupdown, /etc/network/interfaces, etc.
> (3) What the jargon in the documentation means. E.g., the following line
> from the avahi-daemon manpage is unintelligible to someone who doesn't
> already know the avahi system:
It's perfectly intelligible to someone who knows zeroconf, avahi is
just an implementation of of it.

> " The daemon registers local IP addresses and static services
> using mDNS/DNS-SD and provides
> two IPC APIs for local programs to make use of the mDNS record
> cache the avahi-daemon maintains. "
> Whoever wrote this must have an affinity for tax regulations under the U.S.
> Internal Revenue Code. ;-)

Before this sentence that you can read:
" The Avahi mDNS/DNS-SD daemon implementing Apple's ZeroConf
architecture (also known as "Rendezvous" or "Bonjour")."
If the manpage is not clear enough, you could look for "zeroconf" in wikipedia
http://en.wikipedia.org/wiki/Zeroconf

>
>
>
>
> On Nov 20, 2007 9:15 AM, Sebastien Estienne <sebastien.estienne@gmail.com>
> wrote:
> > On Nov 20, 2007 3:52 PM, Loye Young < loye.young@iycc.net> wrote:
> > > I can't be at the meeting today, but I have two issues that trouble me.
> > >
> > >
> > > AVAHI
> > > I absolutely hate avahi. I don't want my machines to be advertising
> > > services and trying to find them, especially when I am running a
> > > server that's connected straight to the Internet. But getting avahi
> > > off a system is harder than I expected, especially since avahi doesn't
> > > seem to have good documentation.
> > > (1) Should avahi ever be on a production server that's exposed to the
> net?
> > > (2) Is there any documentation on how to get it off the system and
> > > still leave the system in a usable and upgradeable state?
> >
> > About not starting avahi-daemon: (this is ubuntu/debian specific)
> > sebest@delly2:~$ cat /etc/default/avahi-daemon
> > # 0 = don't start, 1 = start
> > AVAHI_DAEMON_START=1
> >
> > set it to 0 and then sudo /etc/init.d/avahi-daemon stop
> > Now on avahi-daemon will never start again
> >
> > If you only want avahi to publish nothing, just read the manpage:
> > avahi-daemon.conf it is in the "SEE ALSO" of avahi-daemon
> > disable-publishing=yes
> >
> > there are a lot of other well documented options to fit your needs
> >
> > About documentation, i think that every avahi tools has a manpage
> > sebest@delly2:~$ man avahi-
> > avahi-autoipd avahi-autoipd.action avahi-daemon
> > avahi-daemon.conf
> >
> > On avahi website:
> > http://avahi.org/wiki/Avah4users#Documentation
> >
> > So what is the missing documentation in avahi?
> >
> > >
> > > DOCUMENTATION
> > > Every package should have a man page as a matter of course, because
> > > the manpage system is the standard documentation This is especially so
> > > in a command-line only environment. manpage-alert tells me that about
> > > 10% of the packages on my server, and 20% of the packages on my Ubuntu
> > > desktop machines, don't have man pages. Substantially all of the
> > > missing man pages are from packages that are maintained by the Ubuntu
> > > community. Debian policy requires man pages before including the
> > > package in the repositories. Every once in a while, some slip into the
> > > repos without the man pages, but mostly Debian does a good job of
> > > requiring this basic level of documentation.
> > >
> > > Happy Trails,
> > >
> > > Loye Young
> > > Isaac & Young Computer Company
> > > Laredo, Texas
> > > http://www.iycc.biz
> > >
> > > --
> > > ubuntu-server mailing list
> > > ubuntu-server@lists.ubuntu.com
> > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> > > More info: https://wiki.ubuntu.com/ServerTeam
> > >
> >
> >
> >
> > --
> > Sebastien Estienne
> >
>
>
>
> --
>
> Loye Young
> Isaac & Young Computer Company
> Laredo, Texas
> (956) 857-1172
> loye.young@iycc.net
>



--
Sebastien Estienne

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 03:47 PM
"Sebastien Estienne"
 
Default Server issues

On Nov 20, 2007 5:29 PM, Scott Kitterman <ubuntu@kitterman.com> wrote:
> On Tuesday 20 November 2007 10:56, Loye Young wrote:
>
> > > About not starting avahi-daemon: (this is ubuntu/debian specific)
> >
> > <snip details>
> > (1) Your comments are helpful and should be easily accessible in the
> > documentation.
> > (2) AVAHI_DAEMON_START=0 should be default, IMHO. Better yet, avahi
> > shouldn't be on the system at all unless specifically installed. At most,
> > it should be a "Suggested" dependency.
> > (3) Still doesn't explain how to get avahi off the machine and leave it in
> > a usable and upgradeable state.
>
> Agreed. IMO it's in technical compliance with no open ports by default, but
> really stretches the spirit of it.

No open ports by default?
How would you use dhcp udp/68 or dns udp/53 without opening ports by default?

if you are concern about security, you should use a firewall in the first place.

>
> > > So what is the missing documentation in avahi?
> >
> > (1) See above.
> > (2) How it interacts with and overrides (some would argue "hijacks") the
> > normal Debian networking system of ifupdown, /etc/network/interfaces, etc.
> > (3) What the jargon in the documentation means. E.g., the following line
> > from the avahi-daemon manpage is unintelligible to someone who doesn't
> > already know the avahi system:
> > " The daemon registers local IP addresses and static services
> > using mDNS/DNS-SD and provides
> > two IPC APIs for local programs to make use of the mDNS record
> > cache the avahi-daemon maintains. "
> > Whoever wrote this must have an affinity for tax regulations under the U.S.
> > Internal Revenue Code. ;-)
>
> Personally I'd rather stay entirely away from it. The entire mDNS idea is a
> gross DNS hack that ends up piling .local queries up against the DNS roots.
>
> Scott K
>
> --
>
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



--
Sebastien Estienne

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 04:10 PM
Ante Karamatić
 
Default Server issues

On Tue, 20 Nov 2007 16:15:59 +0100
"Sebastien Estienne" <sebastien.estienne@gmail.com> wrote:

> sebest@delly2:~$ cat /etc/default/avahi-daemon
> # 0 = don't start, 1 = start
> AVAHI_DAEMON_START=1

But, that's not enough. Avahi (and everything done to make it
usable) breaks some stuff on computers on which it doesn't even run.

Best example is broken PPTP (VPN) when the other side is using .local
domain. Then you have to edit /etc/nsswitch.conf and remove all the
mdns stuff.

I'm all for removing avahi. It did me more harm than good.

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 04:36 PM
Adam McGreggor
 
Default Server issues

On Tue, Nov 20, 2007 at 06:10:54PM +0100, Ante Karamatić wrote:
> On Tue, 20 Nov 2007 16:15:59 +0100
> "Sebastien Estienne" <sebastien.estienne@gmail.com> wrote:
>
> > sebest@delly2:~$ cat /etc/default/avahi-daemon
> > # 0 = don't start, 1 = start
> > AVAHI_DAEMON_START=1
>
> But, that's not enough. Avahi (and everything done to make it
> usable) breaks some stuff on computers on which it doesn't even run.
>
> Best example is broken PPTP (VPN) when the other side is using .local
> domain. Then you have to edit /etc/nsswitch.conf and remove all the
> mdns stuff.
>
> I'm all for removing avahi. It did me more harm than good.

I can't stand it either.

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 11-20-2007, 04:38 PM
"Loye Young"
 
Default Server issues

> > (2) AVAHI_DAEMON_START=0 should be default, IMHO.

> This is your opinion, some people doesn't agree, that's why it's

> possible to disable it.



Yes, reasonable minds can differ. That's not the issue. The issue is
what should be the default. One could just as easily argue, as I do,
that avahi should be disabled by default, and if you want it, you can
install it.



> Why do you want to "remove" it, disabling it is not enough?

Excellent question, and raises the issue of why I hate it so much. The
thing keeps coming back from the dead, especially at upgrade time.



> It's a community effort, you can now add this information to the documentation.

I don't think you are understanding my point about documentation. The thing that is really broken is the process. Yes, this particular information can be added to the docs for this particular piece of software, but that won't fix the process. If we don't nip this trend in the bud, we'll end up with substantially undocumented system that only a few "experts" contribute to.


There are many specific reasons that Ubuntu is based on Debian, but all of the specifics are the result of a general process that produces a high quality product. The process is codified in the Debian Policy Manual. That process requires documentation so that everyone can participate and improve the product. It's not a difficult step to add a man page; it's just a step that needs doing _for_every_package_.


> It's perfectly intelligible to someone who knows zeroconf, avahi is
> just an implementation of of it.

Well . . . that's my point: You have to already know zeroconf to understand the documentation. But that's silly, of course, because if you already know how it works, you don't need the documentation in the first place.


> Before this sentence that you can read:
> " The *Avahi *mDNS/DNS-SD *daemon *implementing *Apple's ZeroConf
> architecture (also known as "Rendezvous" or "Bonjour")."

> If the manpage is not clear enough, you could look for "zeroconf" in wikipedia
> http://en.wikipedia.org/wiki/Zeroconf

(1) If your networking system is hosed up, you can't read wikipedia or google.

(2) If you want to rely on wikipedia, you don't need authoritative documentation on the system at all. For that matter, you don't need to include the source code either because you could just search the web and read the latest development branch online. While we're at it, let's go all the way and get rid of the help menus, too. We all hate writing help documentation, and anyway all the cool people already know. Let's all just ship a bunch of undocumented
binaries and play hide-the-ball and go-find-it-yourself.

I'm a manufacturer trying to fix Bug Number One. To do that, I have to
ship a product that's easy to learn for those who DON'T already know.



Loye


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 05:53 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org