Re: [gentoo-user] New Intel CPU flaws discovered
On 05/15/2019 01:26 AM, Adam Carter wrote: > Here we go again; > https://mdsattacks.com/ > > I notice a microcode update for skylake came through yesterday after being > unchanged since the late June 2018, so i'm guessing this is patched for > this issue. Just waiting for the gentoo sources ebuild to be bumped to > 5.1.2 to try it out. > > Sounds like AMD not affected. x86 isn't the only game in town. There's also the raptorcs OpenPOWER systems which is the only new high performance hardware that is owner controlled, has foss firmware and no PSP/ME DRM. The new amd x86 are just as problematic due to having the PSP (AMD's ME) and all the problems that come with that. I don't include RISC-V since it is just as expensive as OpenPOWER for much less features and performance and it currently doesn't have an IOMMU. For laptops the only decent non-intel IOMMU having option right now is the G505S which has an IOMMU and supports coreboot with open cpu/ram init (note many companies sell shady "open source firmware coreboot" systems that have an entirely blobbed hw init process) Heres to hoping for a POWER or RISC-V+IOMMU laptop! A libre-firmware OpenPOWER Blackbird system is less expensive than a fully pimped libre-firmware KGPE-D16 and is many times faster even with just the base 4 core cpu (4 threads per core :D) and has the IBM version of OpenBMC which is better than the facebook version that was ported to the KCMA-D8/KGPE-D16's less powerful BMC. POWER is also the only high performance general computing CPU that is made in usa so you support jobs that pay a living wage at a fab that isn't messed around with by the PRC. Raptor claims their boards are us made as well although that is a lofty claim claim in the technology sector as the legal standard is "all or virtually all" components and many companies get shady like a certain one that claims their "linux focused" system is "us made" but the only part made here is the metal case. I would say the best and most secure setup would be: OpenPOWER Blackbird workstation KCMA-D8 for VM gaming (POWER only has a few indie games right now not anything commercial) which can max out the latest games in a VM at 1080p with a 4386 cpu and a RX590. G505S laptop for mobile computing running qubes Ideally you wouldn't run any programs on bare metal and everything would be done in a VM which is what I do even for gaming, watching movies etc. 0xDF372A17.asc Description: application/pgp-keys
Re: [gentoo-user] SATA drive controller and Linux driver.
Ahh didn't see your reply. Hook it up via your motherboards sata ports to check. Those no name china brand controllers are almost always really shitty if you want a nice but affordable HBA for SAS/SATA get on with an LSI 2008 chipset you got ripped off paying almost $40 for that junk I paid only $30 for my LSI 2008 chipset HBA and it is great it also supports SATA expanders. Look at the servethehome LSI 2008 topic for ebay keywords.
Re: [gentoo-user] Sata hard drive speed question
Here are some theories. * You gotta properly align the sectors for 4K advanced format * USB doesn't have NCQ which really slows things down. * Copying many small files is almost always slow since they are located on various parts of the drive not in a contiguous block (again see NCQ) * System is set to use IDE not AHCI thus no NCQ etc * You are using a secondary SATA chip such as the terrible ones from JMicron or what not instead of what is on your systems northbridge or a quality PCI-e HBA.
Re: [gentoo-user] Re: CPU upgrade and LVM questions.
On 12/10/2018 05:54 PM, Dale wrote: > Neil Bothwick wrote: >> On Mon, 10 Dec 2018 16:33:10 -0500, taii...@gmx.com wrote: >> >>>> Not sure which country would be a reliable location though, I >>>> wouldn't trust Western European countries either. >>> USA is currently the best option since there have never been proven >>> backdoors in made in usa hardware but plenty in chinese made hardware >>> such as the recent motherboard hack chip scandal. >> So that proves that US manufacturers are better at hiding their back >> doors? >> >> Or is it a numbers game, there are a hell of a lot more systems made in >> China, so the chances of a backdoor being discovered is higher. >> >> Either way, lack of evidence of insecurity is not proof of security. >> So tell us what is your perfect country for hardware manufacturing? Name one other country on earth besides america where you can say no to a governmental request for a backdoor in your hardware or software products and not end up in prison. In the mean time will you continue to buy chinese products with proven backdoors since getting that is somehow better than something that is only almost perfect? The amd bulldozer and piledriver CPU's like the FX-8350 and its opteron counterparts are made in germany (the packaging is done in china but at that point afaik there isn't much that can be done to fuck with it) but that still wouldn't satisfy you since germany doesn't have anything like the constitution - they have no freedom of speech. The future of freedom computing is OpenPOWER and RISC-V since they are the only owner controlled archs that have real performance and features, in other words they have juice.
Re: [gentoo-user] Re: CPU upgrade and LVM questions.
On 12/09/2018 01:57 PM, J. Roeleveld wrote: > On December 9, 2018 6:23:07 PM UTC, "taii...@gmx.com" wrote: >> On 12/07/2018 06:47 PM, Nikos Chantziaras wrote: >>> On 07/12/2018 09:30, Dale wrote: >>>> Nikos Chantziaras wrote: >>>>> If you want to see all of the installed packages that are affected, >>>>> you need to set CPU_FLAGS_X86 to an empty string: >>>>> >>>>> CPU_FLAGS_X86="" >>>>> >>>>> and then do "emerge -puDN --with-bdeps=y @world". This is because >>>>> CPU_FLAGS_X86 is not empty by default. It contains sse and sse2 by >>>>> default, because these are supported by all 64-bit CPUs. >>>>> >>>> >>>> What I did, I commented out the whole line and ran it that way. >>> >>> If you comment it out, it will have default values. If you set it to >> an >>> empty string, you should be able to see which packages make use of >> the >>> default flags (like sse and sse2.) >>> >>> Note it's a pretend emerge (-p). Just to check which packages you >> have >>> installed that make use of these flags. >>> >>> >>>> One last question for anyone who has done this recently. When >> finished, >>>> I'll have a FX-8350 CPU with 8 cores at 4.0/4.2GHz, 32GBs of memory >> all >>>> on a Gigabyte 970 series mobo. Would there be any point in >> upgrading to >>>> a whole new rig or is what I have about as fast is reasonable to >> build? >>>> I don't do gaming or anything. Even the GTX 650 video card is >> likely >>>> overkill for what I do here. The older 200 series card is working >> just >>>> fine. On one hand, my current build is several years old. On the >>>> other, computers seem to have reached their peak. I'm sure there is >>>> more powerful systems out there but would I be any better off with >> one? >> >> Since the AM3+ and its C32/G34 Opteron counterparts are the last and >> best x86 cpus without ME/PSP I would say you are better off with what >> you have - the best piledriver cpus like the FX-8350+ are still able to >> play the latest games and in a VM via IOMMU-GFX if you want. >> >> In any case I would consider a OpenPOWER (ppc64/ppc64le) arch system >> (like the blackbird or talos 2) as an upgrade path instead of any >> futher >> x86 stuff as there aren't any black boxes, there is >> documentation+firmware sources and the cpus are made in usa. > > Made in USA isn't necessarily a good thing when talking about not wanting any > hidden back doors. Hell of a lot better than buying black box hardware from china. x86 is definitely backdoored due to the ME/PSP and various other DRM features that mean you no longer own your x86 computer. In the US you aren't going to prison for telling the government you won't put a backdoor in your hardware whereas in china and many others you would go to jail without even a trial even in western europe people are jailed for saying the wrong things on the internet. It is currently the hardest place for an authority figure to lean on you. Since the only users of POWER are fortune 500's and the government itself it needs to be secure and not fucked around with, ironically the chinese government is buying OpenPOWER now as they want a secure, owner controlled, highly documented and non-x86 high performance CPU (there is absolutely no hardware code signing not even for the cpu microcode and no blobs are required for hardware initiation unlike with new x86 stuff) One doesn't have to put an actual func_backdoor backdoor in a CPU since something so complex will have exploitable bugs that even the manufacturer doesn't know about such as the (fixed via microcode) 2014 AMD Piledriver NMI to root exploit where you could get root and SMM access from a tiny userspace script and that was in there for years without anyone noticing. > Not sure which country would be a reliable location though, I wouldn't trust > Western European countries either. USA is currently the best option since there have never been proven backdoors in made in usa hardware but plenty in chinese made hardware such as the recent motherboard hack chip scandal.
Re: [gentoo-user] Re: CPU upgrade and LVM questions.
On 12/07/2018 06:47 PM, Nikos Chantziaras wrote: > On 07/12/2018 09:30, Dale wrote: >> Nikos Chantziaras wrote: >>> If you want to see all of the installed packages that are affected, >>> you need to set CPU_FLAGS_X86 to an empty string: >>> >>> CPU_FLAGS_X86="" >>> >>> and then do "emerge -puDN --with-bdeps=y @world". This is because >>> CPU_FLAGS_X86 is not empty by default. It contains sse and sse2 by >>> default, because these are supported by all 64-bit CPUs. >>> >> >> What I did, I commented out the whole line and ran it that way. > > If you comment it out, it will have default values. If you set it to an > empty string, you should be able to see which packages make use of the > default flags (like sse and sse2.) > > Note it's a pretend emerge (-p). Just to check which packages you have > installed that make use of these flags. > > >> One last question for anyone who has done this recently. When finished, >> I'll have a FX-8350 CPU with 8 cores at 4.0/4.2GHz, 32GBs of memory all >> on a Gigabyte 970 series mobo. Would there be any point in upgrading to >> a whole new rig or is what I have about as fast is reasonable to build? >> I don't do gaming or anything. Even the GTX 650 video card is likely >> overkill for what I do here. The older 200 series card is working just >> fine. On one hand, my current build is several years old. On the >> other, computers seem to have reached their peak. I'm sure there is >> more powerful systems out there but would I be any better off with one? Since the AM3+ and its C32/G34 Opteron counterparts are the last and best x86 cpus without ME/PSP I would say you are better off with what you have - the best piledriver cpus like the FX-8350+ are still able to play the latest games and in a VM via IOMMU-GFX if you want. In any case I would consider a OpenPOWER (ppc64/ppc64le) arch system (like the blackbird or talos 2) as an upgrade path instead of any futher x86 stuff as there aren't any black boxes, there is documentation+firmware sources and the cpus are made in usa.
Re: [gentoo-user] I want a low-end usb laser printer with minimal config hassle
On 12/07/2018 01:46 PM, Manuel McLure wrote: > The main thing you want to look for is PCL and/or PostScript compatibility. > And I'd highly recommend getting a networked printer that supports Port > 9100 instead of a USB one - this allows you to use the same printer for all > of your systems. Seconded! You will get a lot more milage out of a network pcl/ps printer than one that isn't for instance my printer no longer works with USB as drivers aren't made for newer os but I can still use network pcl/ps to print. My advice is to buy a used HP laserjet 4300 which is a nice usb/network pcl/ps printer and get third party toner carts. hp 4300 model names explained: d = duplexer s = stapler/stacker (2nd output tray with an automatic stapler) t = 2nd tray n = network (dtns is the highest end model as it has all 4 upgrades but they can also be bought individually) Buying new printers especially the cheap models is a suckers bet due to the high consumables costs, the printers themselves being cheaply made and sold for less than the cost of production with the money being made back with overpriced ink and toner - newer models also frequently have a "security" feature that prevents the use of "dangerous" third party toner/ink.
[gentoo-user] RaptorCS Blackbird - Owner controlled, open source firmware system on the POWER ppc64/ppc64le arch - a less expensive mATX TALOS 2
This is a much less expensive mATX variant of the TALOS 2 from the same people. It runs both little and big endian so both ppc64 and ppc64le. https://www.phoronix.com/scan.php?page=news_item=Blackbird-POWER9-Pre-Orders https://raptorcs.com/content/BK1B01/intro.html The only binary blob is the NIC firmware[1], otherwise it is fully open source and has no hardware code signing enforcement so it is entirely yours unlike modern x86 stuff which can't ever be free[2] and has the impossible to disable ME/PSP doing god knows what. OpenPOWER9 CPU's are Made in USA and the board is Made in the USA from US and foreign components so it is much more trustworthy. In terms of speed POWER9 is superior to the offerings from intel/amd or equivilant without x86's spectre/meltdown protections enabled which intel usually dishonestly performs in their benchmarks. [1]It was the best alternative to using an intel nic as there is a large amount of documentation available, people are working on freeing it and the first one to do so gets a free TALOS 2 workstation. [2]New x86 hardware has none of the documentation published that is required to write firmware and it has a variety of black boxes like ME/PSP, boot guard etc designed to prevent you from owning and controlling your hardware.
Re: [gentoo-user] SR-IOV on a LSI Broadcom HBA/RAID SAS2008/SAS3008 card
On 10/17/2018 10:37 AM, J. Roeleveld wrote: > The SAS2008 is quite old. Are you sure it actually supports this? It does yes, lspci reports SR-IOV support and the marketing literature touts it along with the SAS 2308 and 3008 etc.
[gentoo-user] SR-IOV on a LSI Broadcom HBA/RAID SAS2008/SAS3008 card
LSI/Broadcom lists it in their marketing literature, the idea that you can assign drives to a VF and then that VF to a VM however it turns out they do not publish the code that makes it work. I was able to find some for MPT3 SAS3008 on an old repo but I can't find any for MPT2 for SAS2008 and I was wondering if anyone has it or knows more information about this very useful system.
Re: [gentoo-user] disable Intel Mgr Engine
Impossible - ME can't be disabled. Me cleaner only nerfs it by removing various modules, either BUP (init) still runs or the kernel still runs plus any option/mask roms. If you want a PC without black boxes either buy a pre-PSP amd board like KGPE-D16/KCMA-D8, g505s laptop and install coreboot/libreboot+openbmc or get a non-x86 device like the brand new/fast OpenPOWER9 TALOS 2 (https://raptorcs.com) which is currently selling for less than equivilant x86 hardware. The only owner controlled CPU arch now is OpenPOWER. 0xDF372A17.asc Description: application/pgp-keys
[gentoo-user] Anyone using gentoo on POWER?
It is my understanding that both little and big endian work on the regular "linux" POWER9 machines so that you can use gentoo which is ppc64 not ppc64le for some reason - and I was wondering what peoples experiences are with this? what is package availability like? any problems? etc etc. Thanks! 0xDF372A17.asc Description: application/pgp-keys
Re: [gentoo-user] Re: Update circle
On 08/23/2018 10:27 AM, Grant Edwards wrote: > On 2018-08-22, Zoltán Kócsi wrote: >> I have a Gentoo machine, which has not been updated for a while. Quite >> a long while, actually. > >> It seems that I'm kind of stuck. Wiping the disk and rebuilding the >> system from scratch is absolutely not an option, the existing (and >> running) system must be updated somehow. > > Doing a reinstall will probably be far less work and less disruption > for the machines user's. You don't have to "wipe the disk" to do a > re-install. Yeah. I would suggest after the back up then you simply clone the disk and perform the re-install on another computer or in a VM so that you can fiddle with things and then just swap out the drives vs having down-time for your users potentially for days if something goes wrong on the actual server. It is what I do for situations like this and it works great.
[gentoo-user] The TALOS 2 Lite is now for sale - a very affordable OpenPOWER9 owner controlled workstation with open source firmware/hw init and documentation
In case anyone is interested I thought I would share. https://www.phoronix.com/scan.php?page=news_item=Raptor-Talos-2-Lite https://raptorcs.com/TALOSIILITE/ They're really making strides for making high performance owner controlled, open source firmware systems very affordable - now they are much less than a proprietary single socket x86 system of equivilant performance. The regular dual socket TALOS 2 is already a good price for server hardware in its class but this is even better for those who don't need dual socket or many PCI-e slots (although you can always use a PCI-e PLX switch based expansion system if you later want more) I find it simply incredible that a brand new open source firmware OpenPOWER9 system now costs less than the last and best open source firmware owner controlled x86 motherboards (KCMA-D8 and KGPE-D16) where even buying used CPU's you would be spending more money than this to get worse performance.
Re: [gentoo-user] AMD microcode problem - Fam15h ( FYI )
On 05/26/2018 07:51 AM, Corbin Bird wrote: > On 05/25/2018 08:50 PM, Adam Carter wrote: >> > For me dmesg says; >> > [ 1.538275] microcode: CPU0: patch_level=0x06000852 >> > >> > but i still have lwp in /proc/cpuinfo. Are you at 0x06000852 ? >> . >> This is my dmesg output : >> . >> [ 1.111448] microcode: microcode updated early to new >> patch_level=0x06000852 >> >> >> Ok then it looks like the mno-lwp is responsible for lwp's absence in >> your /proc/cpuinfo. >> >> FWIW, no stability problems for me so far. (FX-8350 + 4.16.11). >> > . > I should have clarified ... the '-mno-lwp' was added as a result of the > comparison of the two /proc/cpuinfo files.I was very curious about WHAT > exactly the microcode update did. > > The CPU I am using is a FX-9590. > > Question : Is there a PSP in your CPU? Bulldozer/piledriver CPUs like the FX series and their corresponding G34/C32 opterons don't have PSP - they are the last and best owner controlled x86_64 CPU's and for now can still play the latest games at max settings (even supports playing in a VM via IOMMU :D) The 8350 and 93xx CPU's are pretty much the same the niners are just better binned to support the uber OC's You can have a 100% blob free owner controlled libre firmware workstation/server with the KGPE-D16/KCMA-D8 which is the best option for those who need to run x86 and thus can't get a talos or some other power workstation. 0xDF372A17.asc Description: application/pgp-keys
Re: [gentoo-user] Where are the AMD microcode updates for spectre?
The fam15h microcode update adds IBPB * Indirect Branch Prediction Barrier (IBPB) * PRED_CMD MSR is available: YES * CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit) The question is what about the other stuff? IRBS, STIBP? This is very confusing due to zero documentation...Why don't they have those in this update? 0xDF372A17.asc Description: application/pgp-keys
[gentoo-user] Where are the AMD microcode updates for spectre?
^title AMD has released them for all of the recent CPU's and I simply must have them. It seems the last update to amd-ucode on linux-firmware was in 2016, does anyone know whom I would contact about this who has the juice to do it? I need fam15h. AMD is being annoying and not releasing them to the plebians only OEM partners - I assume perhaps to encourage people to buy new hardware as most OEM's won't release BIOS updates for older boards. Thanks. 0xDF372A17.asc Description: application/pgp-keys
[gentoo-user] AMD Opteron microcode updates for spectre
When is gentoo going to receive these? 0xDF372A17.asc Description: application/pgp-keys
Re: [gentoo-user] Gentoo Hardened vs Kali Linux
/* loading hacking tools /* I met someone who said he games on kaliwhy? all the elite hackers use it - it is a very powerful linux that is perfect for dual-booting with windows 10 due to its high level of security.
Re: [gentoo-user] Re: [TOT: Total offtopic]
I have one from almost 10 years ago, whats the difference :[? how can you tell? I still like it though >:[ 0xDF372A17.asc Description: application/pgp-keys
Re: [gentoo-user] [TOT: Total offtopic]
If you are unable to fix it yourself (but I think you can :D) Unicomp offers parts and repairs for Model M's (along with their kentucky usa made Model M's - they use the original tooling) 0xDF372A17.asc Description: application/pgp-keys
Re: [gentoo-user] Firefox and addons no longer supported question
I am sticking with ice-cat aka firefox 52 stable long term support but I do not know what I shall do when the long terms term is up.maybe switch to waterfox and hope their dev team is skilled enough to make a quality product (of course anyone with the skills should assist) Mozilla is really bad these days they have became almost like microsoft making changes that no one wants and stealthily forcing advertising/tracking on people - there really needs to be a professional fork similar to the devuan/debian split over the evil SystemD. (How come almost every distro adapted it suddenly overnight? entirely not suspicious at all) Damn everything good these days is declared "legacy" and thrown away, soon a modern laptop won't have any ports at all and will be entirely wireless like the macbook wheel parody. 0xDF372A17.asc Description: application/pgp-keys
Re: [gentoo-user] How to flash an LSI SAS controller from IR to IT mode on linux with sas2flsh
On 03/21/2018 04:44 PM, Corbin Bird wrote: > Curious ... you cannot use 'FreeDOS' even as a bootable cdrom? > Its very easy to open the image, tuck in two files and one new > directory, then close and burn the image. I have not figured out where to place them on the iso so that they are accessible nor alternatively how to load the drivers and mount a cdrom. Do you know how? 0xDF372A17.asc Description: application/pgp-keys
Re: [gentoo-user] Re: A new AMD CPU weakness?
On 03/21/2018 11:55 AM, R0b0t1 wrote: > On Sun, Mar 18, 2018 at 4:40 PM, taii...@gmx.com <taii...@gmx.com> wrote: >> On 03/18/2018 05:33 PM, R0b0t1 wrote: >> >>> On Sun, Mar 18, 2018 at 4:24 PM, taii...@gmx.com <taii...@gmx.com> wrote: >>>> Everyone please remember this is simply an exploit to obtain data off of >>>> AMD's version of ME which is a DRM mechanism added for hollywood and it >>>> requires physical access to reprogram the firmware thus this exploit has >>>> zero impact on anyone who doesn't profit off of DRM. >>>> >>> Except if it's anything like the Intel ME exploit, physical access can >>> be faked using a compromized USB device. >> You mean the skylake debug port? >>>> ME/PSP are evil - don't buy computers that have them - you have choices! >>> No we don't. >> Yes we do. >> TALOS 2? g505s laptop? kgpe-d16? novena? >> >> I play new games at max settings on a pre-PSP AMD system KGPE-D16 where I >> have installed a libre firmware for the board and the BMC via the recent >> OpenBMC port (the facebook version of OpenBMCless features than the IBM >> version but still quite nice) >> >> The TALOS 2 costs less than a brand new xeon system with similar performance >> and it has better features such as IBM's OpenBMC, PCI-e 4.0, SMT4 etc. >> The stars have aligned and given us a libre firmware server/workstation that >> is brand new and very very fast. >> > The x86 parts are slowly going out of stock to the point where they > are expensive *when* I have found them. There are still a few sites selling the KGPE-D16 brand new for the original MSRP of $415, and you can obtain a used CPU from ebay for a reasonable price that is capable of having two people maxing out the latest games on a dual gaming VM setup. > The TALOS 2 is the cheapest POWER system available, but is still many > thousands of dollars more > than a consumer computer (though much higher performance). Trying to sell libre computers that compete with grandmas $499 dell is an impossible proposition - competing in the professional workstation market is however practical and attainable. > ARM based computers are not comparable in performance to common consumer > systems. Self hosting on a performant ARM processor is not a > reasonable proposition. High dollar ARM servers have closed > motherboard firmware. > > Sure, if you devote all of a good salary's disposable income to a > mostly open hardware computer you can buy one. Most people don't make > that much. The idea behind the TALOS 2 is that you spend $2.5K (plus case, ram, etc) on a computer every 5-10 years rather than $500-$1K on a computer every year or two. High performance costs real money, otherwise you can buy one of the older libre laptops, a kgpe-d16 with a cheap $10 CPU etc. The Talos 2 is entirely owner controlled, it has libre firmware for the board and BMC plus various documentation is available even if you aren't a member of the OpenPOWER foundation. The only firmware required is for the broadcom nic but there is a project to remove that and it is behind the IOMMU - this was viewed as better than supporting intel by purchasing their NIC ASICs. https://git.raptorcs.com/git/ in case you want to examine some code https://wiki.raptorcs.com/wiki/Category:Documentation the currently available public documentation > The bigger issue than that is all main manufacturers do not > want to remove their backdoors, and so ever so slowly, there will come > to be absolutely no choice at all, even for inordinate amounts of > money. Yeah, but IBM is luckily becoming more open rather than less open and they also accept input from the smaller members of the OpenPOWER foundation. POWER is the way forward for the high performance sector and IBM's only real way of differentiating themselves is being owner controlled, sure POWER is faster than x86 for the same price and it has more threads per core and more cores per CPU but a compelling reason is needed for the average business to take the time to port their software.
Re: [gentoo-user] How to flash an LSI SAS controller from IR to IT mode on linux with sas2flsh
On 03/19/2018 08:02 PM, mad.scientist.at.la...@tutanota.com wrote: A virtual machine is useful largely because it isolates the VM from the real hardware, therefore it's not likely you can update firmware from a VM (you really shouldn't be able to). Actually you can update firmware from a VM, I have done it many times on many different PCI-e cards and I already updated the IR mode firmware to the latest version in a linux VM (but you need DOS to go IR>IT) It is part of the reason as to why SR-IOV was created besides the performance benefits you also get security benefits with restricted registers and the inability to flash a malicious firmware from a guest if you attach a VF to the VM instead of the PF. I don't have any UEFI machines as I hate UEFI (all my machines run coreboot with the grub payload) The reason they still want us to upgrade with dos is it's a lowest common denominator, i.e. every one has it or can get it (freedos). it also helps that it's a minimal enviroment. In any case, I suggest you run a REAL freedos on a Real machine, so that you can update real not virtual firmware. i.e. no Virtual Machine. The issue is not being able to use linux as well and having a bare metal freedos won't help my disk driver issue there still won't be a way to load the files.
[gentoo-user] How to flash an LSI SAS controller from IR to IT mode on linux with sas2flsh
I am told to create a DOS usb flash drive with windows but I am un-able to do that. I have tried getting the required files in to a VM FreeDOS installation but I haven't been able to figure out how to do that, there is no actual way to load the cdrom drivers. Jesus christ it is 2018 and they still want us to use dos to flash hardware >:'[
Re: [gentoo-user] Re: A new AMD CPU weakness?
On 03/18/2018 05:33 PM, R0b0t1 wrote: On Sun, Mar 18, 2018 at 4:24 PM, taii...@gmx.com <taii...@gmx.com> wrote: Everyone please remember this is simply an exploit to obtain data off of AMD's version of ME which is a DRM mechanism added for hollywood and it requires physical access to reprogram the firmware thus this exploit has zero impact on anyone who doesn't profit off of DRM. Except if it's anything like the Intel ME exploit, physical access can be faked using a compromized USB device. You mean the skylake debug port? ME/PSP are evil - don't buy computers that have them - you have choices! No we don't. Yes we do. TALOS 2? g505s laptop? kgpe-d16? novena? I play new games at max settings on a pre-PSP AMD system KGPE-D16 where I have installed a libre firmware for the board and the BMC via the recent OpenBMC port (the facebook version of OpenBMCless features than the IBM version but still quite nice) The TALOS 2 costs less than a brand new xeon system with similar performance and it has better features such as IBM's OpenBMC, PCI-e 4.0, SMT4 etc. The stars have aligned and given us a libre firmware server/workstation that is brand new and very very fast.
Re: [gentoo-user] Re: A new AMD CPU weakness?
Everyone please remember this is simply an exploit to obtain data off of AMD's version of ME which is a DRM mechanism added for hollywood and it requires physical access to reprogram the firmware thus this exploit has zero impact on anyone who doesn't profit off of DRM. ME/PSP are evil - don't buy computers that have them - you have choices!
Re: [gentoo-user] A new AMD CPU weakness?
Here is a non-shortened link. https://it.slashdot.org/story/18/03/13/1558221/researchers-find-critical-vulnerabilities-in-amds-ryzen-and-epyc-processors-but-they-gave-the-chipmaker-only-24-hours-before-making-the-findings-public All the more reason to avoid the ME/PSP garbage and instead buy the equivalently priced, owner controlled and higher performance OpenPOWER arch systems such as the libre firmware TALOS 2. Pretty much someone found a bug in AMD's version of ME which *how terrible* in other words you can use this to defeat hollywoods AMD PSP DRM which is the true reason of existence for ME/PSP, to prevent people from owning and controlling their devices. I can't believe the new normal is not being able to really buy a mainstream computer because you don't own it and everyone in the tech press and so called experts says its a good thing, oh it is to "keep you safe from hackers" and they pretend like it has always been this way as if it wasn't just a recent change that for some reason all the major OEM's did at the exact same timeI wonder why. "The corporate sector asked for this" - MYTH - They already had it, it is a BMC/LOM chip and it was owner controlled. I doubt any company with IP worth something wants a super insecure black box supervisor processor that they don't control on every computer of theirs. If you need secure remote management you can use OpenBMC which is present on the TALOS 2 (IBM OpenBMC) and also the KCMA-D8 and KGPE-D16 pre-PSP x86 boards (you can replace the crappy non-free ASUS firmware on the ASMB module with the facebook version of OpenBMC which was recently ported to it via crowdfunding)
Re: [gentoo-user] A new AMD CPU weakness?
On 03/13/2018 08:54 PM, Ian Zimmerman wrote: https://v.gd/PZkiuR Does anyone know more details? A shortened link? really? not clicking that.
Re: [gentoo-user] How to use SR-IOV on a LSI RAID controller
On 03/08/2018 06:55 PM, R0b0t1 wrote: https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVMF https://wiki.installgentoo.com/index.php/PCI_passthrough https://www.kernel.org/doc/Documentation/vfio.txt The one sticking point is that you need to figure out the layout of your PCIe lanes to share multiple devices without conflicts. Cheers, R0b0t1 No not cheers :< that is not what I am asking for. Again please I know how to assign devices and my board has excellent IOMMU groups that is not the issue - I want to know how to create the SR-IOV virtual functions and assign drives to them to use the same controller on more than one VM concurrently.
Re: [gentoo-user] How to use SR-IOV on a LSI RAID controller
On 03/07/2018 09:02 PM, R0b0t1 wrote: On Wed, Mar 7, 2018 at 7:52 PM, taii...@gmx.com <taii...@gmx.com> wrote: I bought a LSI-9211-8i / SAS 2008 controller which reports support for SR-IOV in lspci and I am wondering how I can use it. There is no info on the internet about this not even for their newer controllers where there is a lot of advertising about SR-IOV. The idea is that you can assign a RAID array, individual hard drive, etc to a VF which is then assigned to a VM via IOMMU providing better almost native performance vs emulated disks. Thanks! If it supports SR-IOV you can pass it to a guest with VFIO. If it did not support SR-IOV it would not support VFIO. I know - my question is how do I create the virtual functions and assign the drives to them instead of simply attaching the entire controller? According to LSI's press release you could have for instance 5 different RAID's assigned to 5 different VM's via virtual functions - not simply all of them assign to one VM via assigning the controller like a non SR-IOV device
[gentoo-user] How to use SR-IOV on a LSI RAID controller
I bought a LSI-9211-8i / SAS 2008 controller which reports support for SR-IOV in lspci and I am wondering how I can use it. There is no info on the internet about this not even for their newer controllers where there is a lot of advertising about SR-IOV. The idea is that you can assign a RAID array, individual hard drive, etc to a VF which is then assigned to a VM via IOMMU providing better almost native performance vs emulated disks. Thanks!
Re: [gentoo-user] USB ports reset/restart
On 03/05/2018 08:40 PM, the...@sys-concept.com wrote: Is there a way to reinitialize USB ports without restarting the computer? You can issue an FLR/function level reset if the hardware supports it. I am not sure how to do this but I know it is done when one assigns a device to a VM.
Re: [gentoo-user] Re: Best *SIMPLE* firewall?
Is there a windows style application layer firewall? I get that it doesn't stop truly malicious programs but I am simply wanting to stop random programs doing connections without my consent which due to the lennart potterings's of the world now are not just a windows freeware problem.
[gentoo-user] Is anyone using a TALOS 2 or any OpenPOWER machine?
I am of curious as to peoples experiences with OpenPOWER machines and gentoo - is it as simple as using the ppc64 arch iso instead of x86_64? If anyone uses it for a workstation, what apps do you have? is there anything normal missing? (ie: that one would have on an x86_64 workstation) I noticed that gentoo only has big endian isos instead of little endian and I am also wondering what this means for software availability as I have never heard of endianness before a few months ago. Info: https://en.wikipedia.org/wiki/POWER9 (POWER is now the only high performance arch that is owner controlled now that AMD has its ME analog PSP) http://raptorcs.com/ (The T2 is a modified "romulus" reference board made available to the general public with libre firmware)
Re: [gentoo-user] Re: gcc 7.3 + kernel 4.15 = spectre_v2 fixed
On 01/31/2018 04:16 AM, Nikos Chantziaras wrote: On 30/01/18 23:43, Rich Freeman wrote: If you had some program that listened on a socket and accepted a length and a string and then did a bounds check using the length, it might be exploitable if a local process could feed it data. Even if the process only listened for outside connections it might be vulnerable if a local process colluded with a remote host to make that connection. Well, if you're running a local process that is trying to attack you, you've been compromised already, imo. Local processes are always trusted. If Spectre is a vulnerability that can be exploited by trusted code, it's not really a vulnerability. Trusted code is called "trusted" for a reason. I wouldn't classify for instance running a multiplayer game in a VM as "trusted" code, the whole point of hardware virtualization is that you don't have to trust what is being executed there. Not to mention the issue with most websites requiring javascript for no reason to function properly.
Re: [gentoo-user] [off topic] Opteron CPU missing chips on the bottom
On 01/30/2018 09:43 AM, Peter Humphrey wrote: On Tuesday, 30 January 2018 13:51:31 GMT taii...@gmx.com wrote: I purchased a used g34 opteron off of fleabay (sold as working with no mention of this) and I noticed that it is missing some of the bits on the bottom Do you mean the pins that mate with the socket? ... and that most of them are crooked, Send it back! Don't even touch it. Any attempt to straighten a pin will snap it off, as like as not. Not the pins (which on socket g34 are on the motherboard) It is the little IC components on the bottom of the CPU.
[gentoo-user] [off topic] Opteron CPU missing chips on the bottom
I purchased a used g34 opteron off of fleabay (sold as working with no mention of this) and I noticed that it is missing some of the bits on the bottom and that most of them are crooked, I haven't tried it in my system yet and I am wondering should return it? or if there isn't any much risk of it damaging my (expensive kgpe-d16) motherboard and I should see if it works? Igot it for half the usual priceguess I should have asked for photos. I noticed many CPU's sold on ebay have this issue (in those cases they mentioned it) but I can't understand how it happens, for instance I noticed a 6386 for sale where they mentioned that it was missing a few and because of that it doesn't work in a dual socket configuration.
Re: [gentoo-user] Opinions on DVR/PVR backend?
So you know the RPI is not open source as the RPI foundation doesn't provide firmware sources. Proprietary firmware is required to boot and fully use the device as the RPI foundation only cares about open source when it is convenient to them. I would consider purchasing another device, of which legitimately open source low power ARM devices are a dime a dozen (vs the high performance realm where POWER's TALOS 2 or rare developer boards are the only choice)
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On 01/13/2018 12:50 PM, Mick wrote: Thank you Taiidan for taking time to respond. Always man! On Friday, 12 January 2018 17:21:19 GMT you wrote: AMD says they are releasing microcode updates for their previous generation CPU's (Opteron, FX, etc) next week. So much better than intel throwing older CPU owners to the wolves. Indeed, this is one more reason I will not look at Intel ever again! In terms of what CPU to get - I would get either an AMD G34/C32 Opteron (pre-PSP) with a compatible libre firmware board (KGPE-D16 or KCMA-D8) or if you can afford it a POWER9 system as IBM quickly released updates for POWER to solve this issue and if they ever stopped due to considering your system "too old" POWER9 is owner controlled and documented so the community could theoretically patch its own microcode. You can make a C32 libre firmware gaming system for around 500-700, so that is quite affordable. The problem with KGPE-D16 and KCMA-D8 is that I can't find these new in the UK. All I find is stripped down second hand MoBos in ebay from businesses shuttering and repossessions. Also, they do not appear to come with modern niceties for a desktop like HDMI or DP ports? You have to install a graphics card - like with any other server/workstation motherboard the onboard graphics are crappy. I would order one from the US if you can't find a UK retailer, these are the most easily obtainable and affordable owner controlled boards. Power9 appear to be quite new and again I can't find a place that sells them or provides a price for them ... https://raptorcs.com The TALOS 2 - made by the same folks who did the coreboot ports for the D8 and D16 boards It is pending RYF certification, is 100% owner controlled and it has libre firmware from the factory. POWER is the only owner controlled performance CPU out there, IBM publishes a lot of documentation and there is absolutely no hardware code signing enforcement not even for the microcode. Please note that 5K is an average price for server hardware in that performance class, there are a variety of lower end owner controlled options if that is too much/if you don't need something that fast. We don't do any gaming with our PCs. General office suite applications, heavy browsing/emails and some media transcoding. The market has been cornered by the near monopoly of Intel, especially on laptops. The last PC I built was a relatively cheap and cheerful AMD A10-7850K on an ASUS MoBo, which sadly comes loaded with its own hardwired PSP rootkit. :-( You can install a FM2 CPU on that, the plus has PSP the regular doesn't. Any ideas for places I could look for a power9 workstation - assuming it is affordable, or are there are any other CPU/MoBos I could look at? Define affordable? People have gotten used to intel's cheap CPU's that they don't really own - even just 15 years ago computers used to cost significantly more. I remember when the P4 was just released and crappy pre-builds were going for 2K+.
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
On 01/12/2018 02:06 PM, Rich Freeman wrote: It shouldn't be. I'm not sure if Ryzen has anything equivalent to the Intel Management Engine. It does, it is called AMD PSP. Like ME it is closed source and it can't be disabled - no matter what people might claim.
Re: [gentoo-user] Microcode updates for "old" Intel CPU's
AMD says they are releasing microcode updates for their previous generation CPU's (Opteron, FX, etc) next week. So much better than intel throwing older CPU owners to the wolves. In terms of what CPU to get - I would get either an AMD G34/C32 Opteron (pre-PSP) with a compatible libre firmware board (KGPE-D16 or KCMA-D8) or if you can afford it a POWER9 system as IBM quickly released updates for POWER to solve this issue and if they ever stopped due to considering your system "too old" POWER9 is owner controlled and documented so the community could theoretically patch its own microcode. You can make a C32 libre firmware gaming system for around 500-700, so that is quite affordable.
[gentoo-user] Microcode updates for "old" Intel CPU's
I have several sandy/ivybridge CPU's and I was wondering if anyone knows as to if intel is releasing microcode updates for them. It sure would be funny if intel wanted you to buy a new CPU to fix a problem that was their fault to begin with.
Re: [gentoo-user] Re: [was: What can cause printer to crop top of page?] /etc/papersize is ignored
For the record I would also like to add that using the duplexer on some poorly designed printers cuts off the bottom or top of the page without any type of notification.
Re: [gentoo-user] Re: How to harden a system
On 12/25/2017 06:33 PM, Ian Zimmerman wrote: On 2017-12-24 14:44, taii...@gmx.com wrote: POWER 9: TALOS 2 (server/workstation, brand new and very high performance - the only brand new hardware that is legitimately libre) This is interesting, but can it run gentoo? There's a handbook edition for PPC64, but that's not quite the same, is it? It is. PPC64 is big endian, PPC64LE is little endian. POWER8/9 are Bi-Endian so you can use both (most linux distros only support little) PPC64 compile covers PowerPC and POWER. TALOS 2 is an end user obtainable derivative of the Romulus POWER 9 development board, there are a variety of modifications and it is more open source than Romulus - you can also pay for it with bitcoin. It supports dual sforza CPU's which have up to 24 cores per socket with SMT4 (4 threads at the same time per core)
Re: [gentoo-user] How to harden a system
I would also consider purchasing a system with libre firmware and without ME/PSP such as: POWER 9: TALOS 2 (server/workstation, brand new and very high performance - the only brand new hardware that is legitimately libre) x86-64: (older, pre-PSP AMD - the best CPU's for C32/G34 are equivilant to one FX-8310 for the 8 core or almost two FX-8310 for the 16 core) KGPE-D16 (server) KCMA-D8 (workstation) Lenovo G505S (laptop) It is truly disturbing to think that someone with an ME exploit could hack 80% of the computers on the planet.
Re: [gentoo-user] Re: Is gnome becoming obligatory?
On 12/09/2017 05:45 AM, Mick wrote: On Saturday, 9 December 2017 10:34:32 GMT Nikos Chantziaras wrote: On 09/12/17 11:51, Mick wrote: I've seen gnome-base/gnome-common pulled in on more than one systems, all of> which have USE="-gnome" set: # emerge -uaNDvt world These are the packages that would be merged, in reverse order: [...] Calculating dependencies... done! [ebuild N ] gnome-base/gnome-common-3.18.0-r1:3::gentoo USE="autoconf-archive" 153 KiB [...] All systems are on profile: default/linux/amd64/17.0/desktop/plasma Why is gnome-base/gnome-common needed? It's an extremely lightweight package. There seem to be some packages that need files from it. The package itself only installs these files: $ qlist gnome-common /usr/bin/gnome-autogen.sh /usr/share/aclocal/gnome-common.m4 /usr/share/aclocal/gnome-compiler-flags.m4 /usr/share/aclocal/gnome-code-coverage.m4 /usr/share/doc/gnome-common-3.18.0-r1/ChangeLog.bz2 /usr/share/doc/gnome-common-3.18.0-r1/README.bz2 So basically it only copies some small text files to /usr. It doesn't build anything. Thank you all for detailed and clear replies. You'd forgive me for being (a little) paranoid about Poettering's fingers getting anywhere near my systems. :-p For now, only a few text files - tomorrow - many more. You give poettering an inch he will take hundred miles.
Re: [gentoo-user] is multi-core really worth it?
On my 16 core opteron I have to do -j32 or sometimes -j64 to be using everything all the time, is this normal? If I don't do this it won't be pegged at 100% all the time. I assume using a ramdisk would help with this? I wouldn't want to do a SSD as I assume it would excessively wear by doing compiles.
Re: [gentoo-user] Looking for a pre-compiled Linux distribution
On 11/23/2017 12:11 PM, Helmut Jarausch wrote: Hi, I'd like to recommend a Linux distribution to someone who needs an as simple Linux distribution as possible. Since I am going to help that person from time to time, it should be as similar as possible to Gentoo. Which distribution would you recommend. Maybe sabayon?
Re: [gentoo-user] Intel ucode updates for ME issues?
On 11/23/2017 12:47 AM, R0b0t1 wrote: I think the information I outlined is a pretty good argument for assuming the ME can not be disabled. Even if true, there's not much to be done about it anyway Yeah it certainly can't be disabled (I argue this point on a regular basis to no avail), as in non functional as it is involved in the pre-BIOS-boot process. A certain low-morals company claims that they "disable" it with me_cleaner (they also infer they made it) but that is impossible. To me disabled is no electricity flowing through it/physically disconnected and that couldn't be the case without enough money and resources to the point where one could simply make a POWER laptop with the current lot of POWER9 CPU's (ie: downclock and do some power saving engineering) - so de-facto impossible.
Re: [gentoo-user] Intel ucode updates for ME issues?
On 11/22/2017 11:16 PM, R0b0t1 wrote: Does anyone have more information on this? Has anything been published? I'm interested in exploiting my own computers so I can control the ME. It seems that it is the same people who figured out HAP mode but they haven't made a blog update I would ask on the coreboot mailinglist, there are some very smart people there. Although I doubt you will find any real information anywhere at all due to the recent "white hat" tendency to restrict the real nuts and bolts info and utilities to wealthy corporations instead of us peons who *gasp* might do something "bad" with it/don't have lots of money to pay for a "premier" support account. I am curious as to why you wish to do this, considering you can buy a libre firmware owner controlled motherboard with better functionality (ex: OpenBMC) than any me/psp board for only $250 and $100 for a FX-8310 equivalent cpu. On 11/22/2017 11:18 PM, R0b0t1 wrote: On Wed, Nov 22, 2017 at 6:03 PM, taii...@gmx.com <taii...@gmx.com> wrote: Using ME cleaner would also solve the issue and you wouldn't need any more firmware updates when the next "bug" comes around. Intel ME has been found to remain active after being disabled, and some motherboards that do not ship as "vPro enabled" and consequently haven't had the licensing paid for certain features have been found with those same features enabled. I own an Asus laptop which is affected. Some Asus forum post reported that there's a Java-based SOAP webserver listening on the port associated with Intel ME. Intel ME is not visible to the BIOS, and so it can't be turned any more "off." I understand the limitations of me_cleaner, although in this case it would in fact solve the problems as all the currently *publicly* discovered "bugs" are all ME feature exploits (and the features are removed by me_cleaner) rather than exploits of the ME kernel although I am certain that one is on the way. Believe me I know what I am talking about, I regularly provide support on the coreboot mailinglist and I own a variety of devices that are owner controlled with libre firmware (and of course no ME/PSP).
Re: [gentoo-user] Intel ucode updates for ME issues?
On 11/22/2017 12:42 AM, Adam Carter wrote: I notice that an update for sys-firmware/intel-microcode just come through on ~amd64, does that address the ME issues? http://www.zdnet.com/article/intel-weve-found-severe-bugs-in-secretive-management-engine-affecting-millions/ Or will my NUC need a firmware update? That would be "solved"[1] via a firmware update, microcode update is microcode - only for the cpu. If you don't get one for your hardware due to the vendor saying it is "too old" (to scam you to buy a new motherboard for no reason) you can bisect the BIOS update and add it yourself (ask on the coreboot mailinglist how to do this for more info) not too difficult. Using ME cleaner would also solve the issue and you wouldn't need any more firmware updates when the next "bug" comes around. [1] Intel ME/AMD PSP will always be full of security "bugs" as they are designed to be an uber backdoor for god knows who - one can avoid this via getting either a slightly older x86-64 setup such as KCMA-D8/KGPE-D16 opteron motherboards (RYF libre firmware and a libre bmc firmware is available for them they also don't need microcode updats for series 2 CPU's), a g505S laptop (open source init firmware available) or a TALOS 2 server/workstation (POWER9, very very high performance high end server hardware with the usual price for that level of performance but you get libre firmware AND libre hardware RYF certification pending on release)
Re: [gentoo-user] #gentoo experiences
On 11/19/2017 11:37 AM, Daniel Frey wrote: The way it's worded makes me think feedback was requested on the irc channels, but maybe I am wrong? Ha oh boy. Most people of my generation refer to things as a hashtag on "social" media, such as I just purchased a #brandX computer. I just woke up so I wasn't yet capable of nuance enough to notice that it was IRC instead :[ silly me. Sorry for the misunderstanding folks!
Re: [gentoo-user] #gentoo experiences
On 11/19/2017 07:56 AM, Michael Palimaka wrote: Hi all, I'm collecting information about people's experiences in #gentoo. Thanks! I'm interested in both good and bad experiences, with users, developers, and operators. Basically, anything that anyone would care to share would be much appreciated. The lack of an ncurses setup gui/an express setup option is a major PITA which is why I haven't yet used gentoo as dom0 in a production environment, If something goes wrong and I am forced to re-install it will take long enough for the boss to think I am bad at my job and it isn't the type of thing one should do late at night. Same for home too - when I get back I want to start my movie watching/gaming VM and kick back. I would really enjoy some type of basic ncurses management gui to assist with the configuration of the litany of options to make things go faster, and to help prevent 2AM mistakes. I like using a CLI, but I also know that it is not always best. Feel free to contact me off-list if you'd rather not reply here (if so, please let me know if you'd like your response kept totally private - otherwise there is a chance that I might anonymise and share it). Like most people I hated using gentoo until I got my first 16 core CPU to ease the compile time suffering, compiling with an average dual or quad core was shockingly slow when I first started using it. Maybe put a list of cheap but high performance CPU's somewhere with a warning to get folks ready for the compile times (ex: the opteron 6386SE $130 used for 16 cores and it doesn't have ME/PSP)
Re: [gentoo-user] Linux USB security holes.
You can forward your USB controllers to a VM OR Disable them in the BIOS It is very easy to re-write a USB drive firmware via another virus on a poorly secured different computer so this doesn't really need physical access not that it would be difficult to simply have someone cause a scene and then have someone else walk by and insert a drive in to your laptop for a few seconds while you were distracted if you were a high profile target (politician, ceo, lawyer etc)
Re: [gentoo-user] Dual booting with Windows 10
On 09/15/2017 05:03 AM, Radoje Stojisic wrote: Hi all, I am interested in doing something too. Do you talk about GPU Pass-through? Few months ago I wanted to try it myself but I own a Ryzen 1800x and just one GPU. Is there a way with only one GPU? I am always willing to assist with complex technical problems. Or do I really need 2GPUs and 2 Keyboard/Mouse? Yeah you do as it is very difficult to re-map the BAR's of an an in-use graphics device. Obviously one can use a single keyboard and mouse with a KVM, but the multi GPU part is mandatory. You can buy a video card that doesn't need an additional power connection for only $30 or so, plus if you only have one USB controller you would need a USB PCI-e card one for $20 - TOTAL $50 very affordable.
Re: [gentoo-user] Dual booting with Windows 10
Install it in a VM! If your system supports IOMMU for graphics devices here is something special you can do: I would instead consider purchasing an additional PCI-e graphics device and a PCI-e usb card then installing Windows in a VM with IOMMU-GFX, this way you can have your cake and eat it too. I play my games in a windows VM on my libre coreboot workstation, it works great and I highly recommend it Another reason a VM is much better is that windows doesn't get access to your bare metal hardware unless you forward a device so it can't send serial numbers back to MS for their spying/marketing database, such as your HDD serial number or NIC mac address, and one can avoid a bad virus as you can simply restore a previous VM snapshot. [1] (for the VM's keyboard and mouse if you don't have more than one usb controller onboard)
Re: [gentoo-user] What do you think about Firefox 57?
To me it seems as though it is more so a political change not so much a change done for some technical improvement (there aren't any). Mozilla is closer and closer with google, as evidenced by making telemetry opt-out rather than opt-in [1] and all the "safe" browsing and downloading "features" which sends a list and hashes of all the files you download to google for inspection. This is going to break a variety of beloved addons as the new method can't support heavy modification of firefox. [1] as if anyone WANTS to be spied on, the average user has no idea what telemetry is and or would believe mozillas bullshit reasoning of "we do this to make the browser better, trust us!" I myself have noticed it mysteriously turned back on a variety of times similar to windows not to mention the annoying practice of allowing addons to randomly open windows every update without permission (10 addons 10 windows to inform of random changes no one cares about, and now my ISP knows what addons I use as it loads their websites - yay)
Re: [gentoo-user] SR-IOV for RAID/HBA's? anyone tried it?
On 07/03/2017 12:24 AM, J. Roeleveld wrote: On July 2, 2017 7:36:02 PM GMT+02:00, "taii...@gmx.com" <taii...@gmx.com> wrote: On 07/02/2017 02:51 AM, J. Roeleveld wrote: On July 1, 2017 11:23:06 PM GMT+02:00, "taii...@gmx.com" <taii...@gmx.com> wrote: I am wondering if anyone has tried this, apparently several LSI controllers support portioning out drives to VF's so the guest sees a controller with those drives attached to it. What was your experience like? and what controllers did you use? - Thanks I am wondering when I would want this? So you only need one HBA/RAID card per system if you want more than one VM with quality performance. It'll always be faster than an emulated disk. Never noticed any performance issues. Using Xen and raw disk format to the VMs. http://semiaccurate.com/2009/09/30/lsi-virtualizes-storage-hardware/ For me I have 3/4 the native copy speed, and the I/O for example extracting a zip is terrible. Either the VM needs a fraction of a single disk. Or it needs multiple disks. For the latter case, I prefer to pass an entire HBA. Which one do you have and does yours support FLR? Using a Supermicro card based on a LSI3008 chipset and dual expander backplane. I can always add a second HBA of I need more bandwidth. What is FLR? Googling that gives me a lot of non IT related results. Function level reset, it is required to be able to assign devices to VM's without annoyance. The 3K series supports SR-IOV so you probably have it. Could you run # lspci -vv? Thank you
Re: [gentoo-user] SR-IOV for RAID/HBA's? anyone tried it?
On 07/02/2017 02:51 AM, J. Roeleveld wrote: On July 1, 2017 11:23:06 PM GMT+02:00, "taii...@gmx.com" <taii...@gmx.com> wrote: I am wondering if anyone has tried this, apparently several LSI controllers support portioning out drives to VF's so the guest sees a controller with those drives attached to it. What was your experience like? and what controllers did you use? - Thanks I am wondering when I would want this? So you only need one HBA/RAID card per system if you want more than one VM with quality performance. It'll always be faster than an emulated disk. Either the VM needs a fraction of a single disk. Or it needs multiple disks. For the latter case, I prefer to pass an entire HBA. Which one do you have and does yours support FLR?
[gentoo-user] SR-IOV for RAID/HBA's? anyone tried it?
I am wondering if anyone has tried this, apparently several LSI controllers support portioning out drives to VF's so the guest sees a controller with those drives attached to it. What was your experience like? and what controllers did you use? - Thanks
Re: [gentoo-user] Gentoo vs Raspbian on Raspberry Pi 3?
I would advise to buy an open source device such as beaglebone not a closed source RPI, bb also has higher performance options and is a better company. I was not at all pleased with the transfer speed of an RPI I tried out, the low end arm stuff is garbage (high end like appliedmicro is decent tho) If you want a decent fileserver I would advise getting a KCMA-D8 with a 35W opteron and installing the libre version of coreboot on it, dual onboard gigabit ethernet will satisfy you for sure.
Re: [gentoo-user] Re: Issues with AMD_IOMMU
Worse, ideally you wouldn't be using SWIOTLB but I don't know how to disable this without re-compiling the kernel. On 05/21/2017 07:12 PM, Adam Carter wrote: [0.991863] iommu: Adding device :06:00.0 to group 12 [0.991982] iommu: Adding device :07:04.0 to group 12 [1.063849] AMD-Vi: Found IOMMU at :00:00.2 cap 0x40 [1.063962] AMD-Vi: Interrupt remapping enabled [1.064145] AMD-Vi: Lazy IO/TLB flushing enabled [1.065331] perf: AMD NB counters detected q I'm similar, but have a couple of extra entries. I've read a little bit about them, but so far am unable to determine if their existence indicates a better or worse kernel config. [1.036309] AMD-Vi: Lazy IO/TLB flushing enabled [1.036419] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [1.036529] software IO TLB [mem 0xba61a000-0xbe61a000] (64MB) mapped at [a3b87a61a000-a3b87e619fff] [1.036744] perf: AMD NB counters detected And the Linux AGP Driver ( in-kernel ) is working now. Now this is showing properly with lspci : 00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD/ATI] RD890S/RD990 I/O Memory Management Unit (IOMMU) Same.
Re: [gentoo-user] Re: Issues with AMD_IOMMU
FYI: IOMMU=pt means pass-through, as in no DMA protection. AMD_IOMMU is for the bulldozer and piledriver based systems, v2 is for the newer excavator and beyond stuff that has vAPIC On 05/16/2017 10:33 AM, Corbin Bird wrote: On 05/15/2017 09:59 PM, taii...@gmx.com wrote: On 05/15/2017 12:58 AM, Ian Zimmerman wrote: The 990FX / 790FX Chipset doesn't have a GART / AGP Aperature or IOMMU in it. The CPU contains the original K8 IOMMU ( v1 ) engineered / converted from a GART. The 8 and 9 series (not 7) does have an IOMMU, AMD-Vi v1.26. I have two 890 series (but the server flavor - SR5690 chipset) boards with an IOMMU and it works great, I play games in a VM with an attached graphics card on my libre firmware KGPE-D16 and devices are DMA restricted. Most consumer boards don't properly implement this feature, in fact I have never seen one that did which is why I bought my coreboot (libre init variant) D16. It wouldn't be that difficult to port coreboot to your board if you want this to work FYI. Thank you for that info. Corrections based on fact are appreciated. http://support.amd.com/TechDocs/43869.pdf Hell yeah dude, this documentation backs up the fact that the IOMMU is on the northbridge - not the CPU. --- How does one 'port' coreboot? Last time I went to the coreboot site, I didn't see anything really helpful to me. The documentation really sucks, its DIY or die - but I have never programmed anything before in my life and I figured out how to port boards. Doesn't the 'CPU voltage table firmware blob' require signing NDA's? Naah you don't need that on most *good* systems, and bulldozer/piledriver era AMD was cool with releasing documentation. Corbin https://www.coreboot.org/Developer_Manual https://www.coreboot.org/Motherboard_Porting_Guide You would start with the KCMA-D8, as it is the closest board - then change the superio, irq mappings, acpi etc. It takes some figuring out for yourself as there isn't really a detailed guide for it.
Re: [gentoo-user] Re: Issues with AMD_IOMMU
On 05/15/2017 10:59 PM, taii...@gmx.com wrote: On 05/15/2017 12:58 AM, Ian Zimmerman wrote: The 990FX / 790FX Chipset doesn't have a GART / AGP Aperature or IOMMU in it. The CPU contains the original K8 IOMMU ( v1 ) engineered / converted from a GART. The 8 and 9 series (not 7) does have an IOMMU, AMD-Vi v1.26. I have two 890 series (but the server flavor - SR5690 chipset) boards with an IOMMU and it works great, I play games in a VM with an attached graphics card on my libre firmware KGPE-D16 and devices are DMA restricted. Most consumer boards don't properly implement this feature, in fact I have never seen one that did which is why I bought my coreboot (libre init variant) D16. It wouldn't be that difficult to port coreboot to your board if you want this to work FYI. To be clear, it is present on the northbridge chipset not the CPU - AMD documentation backs this up.
Re: [gentoo-user] Re: Issues with AMD_IOMMU
On 05/15/2017 12:58 AM, Ian Zimmerman wrote: The 990FX / 790FX Chipset doesn't have a GART / AGP Aperature or IOMMU in it. The CPU contains the original K8 IOMMU ( v1 ) engineered / converted from a GART. The 8 and 9 series (not 7) does have an IOMMU, AMD-Vi v1.26. I have two 890 series (but the server flavor - SR5690 chipset) boards with an IOMMU and it works great, I play games in a VM with an attached graphics card on my libre firmware KGPE-D16 and devices are DMA restricted. Most consumer boards don't properly implement this feature, in fact I have never seen one that did which is why I bought my coreboot (libre init variant) D16. It wouldn't be that difficult to port coreboot to your board if you want this to work FYI.
Re: [gentoo-user] Issues with AMD_IOMMU
On 05/14/2017 01:31 AM, Adam Carter wrote: Tried kernels 4.10.13 and 4.11, with CONFIG_GART_IOMMU=y CONFIG_IOMMU_HELPER=y CONFIG_IOMMU_API=y CONFIG_IOMMU_SUPPORT=y CONFIG_IOMMU_IOVA=y CONFIG_AMD_IOMMU=y CONFIG_AMD_IOMMU_V2=m Chipset is 990FX, and AFAICT the V2 is for the APU (bdver3 and 4 vintage). When I enable the IOMMU in the BIOS I get stack traces. Is anyone using AMD_IOMMU successfully? If so, any tips? Is this a gentoo kernel or one from kernel.org? What are the exact errors you are getting? random? can you post? On 05/14/2017 11:06 AM, Alan Grimes wrote: Adam Carter wrote: Tried kernels 4.10.13 and 4.11, with CONFIG_GART_IOMMU=y CONFIG_IOMMU_HELPER=y CONFIG_IOMMU_API=y CONFIG_IOMMU_SUPPORT=y CONFIG_IOMMU_IOVA=y CONFIG_AMD_IOMMU=y CONFIG_AMD_IOMMU_V2=m Chipset is 990FX, and AFAICT the V2 is for the APU (bdver3 and 4 vintage). When I enable the IOMMU in the BIOS I get stack traces. Is anyone using AMD_IOMMU successfully? If so, any tips? On a Phenom II?Yeah, I just retired mine a month ago. On that system, the IOMMU hardware was kinda a legacy orphan thingy, I had to go through all kinds of gyrations on the kernel command line in order to initialize it correctly. I think I had it off in the bios, then enabled it using a bunch of kernel commands. 990FX would probably be an AMD FX CPU such as the 8350, it usually works fine and is enabled by default on most distros.
Re: [gentoo-user] scanning using the sheet feeder (HP 8600 + xsane)
I am curious do you have the issue where the scanner light returns back to the docking area after every page scanned via ADF? it takes so long to scan with that problem and it wears down the gears. - Thanks
Re: [gentoo-user] switching adapter - power supply
On 03/20/2017 01:36 PM, the...@sys-concept.com wrote: I have a small box "VIA Eden Processor 1200MHz" it runs my asterisk and hylafax but it is powered by those external 12V adapters (12V 5A). They don't usually last long, max 2-years or less. I have a spare unit: Switching Adapter Power Supply. The box is in remote location so if it goes down due to PS I have to there and restart it, it shut down twice on me this morning; I think this adapter is going slowly. If find/connect 12V adapter with higher Amps 10A or 15A will it help extend the live of the these external power supplies? Or take one of the old PS from an old case and solder the tip to 12V line is better solution? I have something like that which I purchased from mini-box, it gets incredibly hot but it still works after a few years - maybe you could get something from them? I would buy another one with higher amps, replace the components inside with better ones and fabricate a metal case for it with a heat-sink so it lasts longer. The lifespan you stated is expected for cheap chinese capacitors, they only last 2000/hrs at 80C which is seriously pathetic. (so 6000 hours at the probable 20C you have) Get yourself some better long life japanese made ones.
Re: [gentoo-user] ISP extorsion - how to negate / get around?
On 03/10/2017 02:50 PM, Corbin Bird wrote: Have a serious problem, might cost me any Internet access. My ISP ( Charter ) merged with Time-Warner. New name "Spectrum" 1 # : Now I have intermittent connectivity. 2 # : And with the death of FCC privacy rules, the new ISP is forcing me to update their records ( for sale-of purposes ). This includes phone ( all ), SSN, bank account numbers, and credit card numbers. Tell them you are a foreigner and thus you don't have an SSN, offer to provide a deposit. 3 # : the ISP attempting to force agreement to "no communications allowed with the FCC". Also is attempting to force agreement to "Arbitration with the ISP as the Arbiter" for all complaints. Ask your local public utilities commission if this is allowed. 4 # : billing is only online now. Not allowed to see a Account Statement, or receive any "receipt for payment" until I comply with ISP demands. 5 # : external e-mail clients ( Thunderbird, Claws-Mail, etc. ) are now starting to have problems. ISP solution -> must use their web based e-mail app only ( only works with Windoze, surprise! ). How can a web based email service only work with windows? 6 # : ISP is starting to filter customers web access. The ISP is deciding what sites customers are allowed to see. ( look up the practice called "ransom" ). Get a vpn service? 7 # : no other broadband ISP in the regional area. No alternatives. They are using a hijack technique that I don't know the name of, attempting to force compliance. NOTE : The ?hijack technique? will corrupt the portage trees if you use "emerge-webrsync". Is there any way to ... fix? work-around? ... this idiocy? Background info : The old cable modem suddenly stopped working. The ISP sent out a clone of a Cisco DPC2316 ( Technicolor ), complete with hacked / trashed / closed firmware. So I returned the rented cable modem ( bought my own ). The Technicolor clone was using a built-in Java based "???" to redirect / filter at the modem. All cable modems are closed source and controlled by the ISP AFAIK. Switched to Google Public DNS. Doesn't effect the ?hijack technique?. You want privacy but you are using google? what? The "uMatrix/uBlock Origin" plugins ( Firefox/ Palemoon ) stop the ?hijack technique? in the web browser. Always shows up as an ipv4 address, embedded in a "frame", that resolves to "*-charter-*". Complain to your local utilities commission.
Re: [gentoo-user] SHA-1 has just been broken
On 03/02/2017 06:26 PM, Andrew Savchenko wrote: On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote: It is possible to have a reasonably secure system where the hard drive firmware (or any other devices) can't fuck around with the stuff on disk, although I highly doubt that the gentoo infrastructure (and kernel.org, and all the source repos for all the other software) does this Hard drive's firmware is a drive's micro OS, it can manipulate data on the disk as it pleases. The only way to protect privacy of the data is to write it already encrypted, so it still can be mangled and become unusable, but privacy will be kept. But see below about DMA. Of course, as I stated you have to bootstrap the crypto from the motherboard EEPROM chip. One way is to use a blob-free coreboot IOMMU supporting board and bootstrap the crypto/kernel off of the board firmware EEPROM chip to load the initial kernel thus no plaintext touches the disk and thus nothing can mess with it. The IOMMU (theoretically) protects the CPU and memory from rogue devices, such as the hard drive. No. Any DMA capable device can bypass IOMMU. IOMMU was not designed to protect OS from device. That isn't true, it was designed for exactly that and of course for assigning devices to VM's. I get an AMD-Vi IOMMU IO_PAGE_FAULT alert in dmesg whenever a device tries to do something it shouldn't and the remapping hardware blocks it. In linux the kernel/drivers configure which memory locations the devices are allowed to access. In terms of ethics IBM *for now* is a way better company than Intel/AMD, their POWER servers are owner controlled as there isn't any boot guard/secure boot/management engine/platform "security" processor (amd's ME) to stop you from re-writing the firmware as you please. They also have an getting-there-almost-reasonable open source effort (OpenPOWER) Indeed they are. But that boxes are quite expensive and hard to get. Hard to get? You can buy them from IBM's website like any other computer. http://www-03.ibm.com/systems/power/hardware/linux-lc.html If you call them you may get a better price, but a credit card, 5 minutes (and $4.5K) will get you an entry level POWER8 server (although the almost open source firmware "Firestone" model costs around 10K) If you want a Palmetto you can get one for around $3K. They are a good deal vs intel/amd when it comes to performance/price, and of course the security and owner control aspects are absolutely swell. If you insert a graphics card you could use one as a workstation.
Re: [gentoo-user] SHA-1 has just been broken
On 02/28/2017 12:05 PM, Miroslav Rovis wrote: On 170227-21:59-0500, Rich Freeman wrote: On Mon, Feb 27, 2017 at 8:10 PM, Miroslav Roviswrote: Apologies for my not being able to reply sooner! On 170227-18:18+0300, Andrew Savchenko wrote: And via a new private big business, the Github. Giving over all users to big Github brother. ??? Github is entirely optional and is only for those who want to use it (we have both users and devs willing so), but in no way anyone demands its usage. Yeah! Still, it would be great if git was used in distributed way, and not from a central private business... Git can pretty-much ONLY be used in a distributed way. Correct, in that sense. But I didn't express clearly what I meant. I really meant in this sense (invented quotations in this paragraph): Git was intended for everyone to run their own little git server and pull from each other. Git was NOT invented for centralized commercial social networking clouds such as github! That was from: https://wiki.gentoo.org/wiki/Overlay:Youbroketheinternet In the sync workflow github is basically just a mirror. A lot of our mirrors are run by private businesses, and nobody knows what OS they're even hosted on, let alone whether the firmware and CPU microcode are FOSS along with their hard drive firmware. I understand that. And I support any honess business. What I hate is examples like Google, Oracle, Microsoft, IBM is a little more honest, I think... The few at the control of those ruined so much in computing and the internet. GNU and FOSS, to lesser extent OSi, are good, even beautiful, socially and philosophically. As far as distribution goes I think github is the wrong thing to worry about. What you want is traceable signatures from dev to user. Once you have that you can download from an NSA mirror and there shouldn't be any risk. All a mirror does is replicate data, and if modifications are detectable the worst they can do is a DoS. I see. Most of the concerns that people tend to have with github is that you can become dependent on them for issue and pull request tracking and then if they decide to pull the plug you lose all that data. We try to minimize the use of these features and not make it a core part of the dev workflow. Good practice! But, we do use pull requests and in theory we could lose those someday. The actual code itself gets pushed to the Gentoo infra Repo from a developer's box using plain old git after they've inspected/tested/etc it. So, there isn't really any way for Github to go injecting commits into the repositories we actually use. I guess they could do it for anybody using our github mirrors on the distribution side, but that's only because we don't have that all locked down and the same issue applies with any other mirror (rsync, etc). Again, you really need end-to-end signature checking to make any of these things truly safe. Absolutely! I did figure that out since long! -- Rich And what I've spent some time doing today, is figuring out about the info that I finally got from you people! About time! My rattling was all about whether there was or wasn't a way to do what is still in the title of that mail that I linked to, and gave Message-ID of, to do this: Is it safe to switch from webrsync to the git repo now? And finally Andrew Shavchenko pointed me to gkeys ! Here's the answer to my query (ah, just the beginning of, my implementation of it will take time): emerge -tuDN app-crypt/gkeys app-crypt/gkeys-gen # equery f gkeys-gen ... /usr/share/doc/gkeys-gen-0.2/README.md.bz2 ... ( NOTE: The: /usr/share/doc/gkeys-0.2/README.md.bz2 of the gkeys package is identical. ) # bzcat /usr/share/doc/gkeys-gen-0.2/README.md.bz2 Gentoo Keys --- ### About Gentoo Keys is a Python based project that aims to manage the GPG keys used for validation on users and Gentoo's infrastracutre servers. Gentoo Keys will be able to verify GPG keys used for Gentoo's release media, such as installation CD's, Live DVD's, packages and other GPG signed documents. It will also be used by Gentoo infrastructure to achieve GPG signed git commits in the forthcoming git migration of the main CVS tree. ### License Gentoo Keys is under GPL-2 License # But do I read this correctly?: ...Gentoo Keys will be able to verify GPG keys used for Gentoo's release media, such as installation CD's, Live DVD's, packages and other GPG signed documents. Again, about this (syntactical) object (in the sentence), with other objects removed: ...Gentoo Keys will be able to verify GPG keys used for ... ... packages... Does that mean what I read? That with gkeys any user will be able to get packages via git, and somehow automatically gpg -verify the signature of each package that (s)he got when (s)he, say: emerge -tuDN world ? Does that mean that? And then, to achieve true verifiability in the open (machine connected to online, and doing
Re: [gentoo-user] Streaming Live TV News channels
On 02/15/2017 09:36 PM, the...@sys-concept.com wrote: I was thinking of cutting the TV cord but I think Internet TV is not yet ready. Even my Shaw FreeRange TV will not play any Live TV News Channels on my Android TV box due to some kind of licensing issues. They will stream it to cell phone but not to a box connected to internet. I hardly watch any TV moves (some Netflix and some TV News). Did anybody had a good experience with internet Live TV network? Maybe get a tv tuner and an antenna?
Re: [gentoo-user] WARNING: Crucial MX300 drives SUUUUUCK!!!!
I had a crucial SSD drive too and it failed in the warranty but as I didn't have the receipt they refused to honor it and said I was out of warranty as based on the date they sold it to the store not the day the store sold it to me. Apparently failures on my model were a very common thing due to a manufacturing defect. Thank god for backups. Bunch of jerks, don't buy from them.
Re: [gentoo-user] advice on a new laptop
On 02/04/2017 06:20 AM, Stefano Crocco wrote: On Thursday, 2 February 2017 09:28:05 CET Stefano Crocco wrote: Hello to everyone, I need to buy a new laptop and I'd like some advice. Currently, I'm thinking of buying an ASUS UX310UA-GL547T. Has anyone tried running Gentoo on it? If so, how did it go? A Google search only lead me to a page hinting it should work with linux, but didn't give any detail. Alternatively, which other model would you suggest with similar specifications? The ASUS UX310UA-GL547T has the following characteristics: Screen: 13.3" - 1920x1080 Pixel - Full HD, LED, No Glare CPU: Intel® CoreTM i3-7100U (2.4 GHZ) RAM: 4 GB DDR4 Max RAM: 16 GB Video Card: Intel® HD Graphics 620 Video OUT: HDMI Hard Disk: 500 GB SATA 5400 rpm Wireless: WiFi 802.11n (a/c) Intel® Wireless Display (WiDi) Bluetooth: Bluetooth 4.1 USB slots: 2x USB 2.0 - 1x USB 3.0 - 1x USB 3.1 Card Reader: SD/MMC Size and weight: 32.3x22.3x1.84~1.90 cm / 1.45 Kg The price should be less than 800€/$. Thanks in advance Stefano Thanks to everyone who answered. I've ordered the laptop and it should arrive next week. I'll let you know how it goes. Stefano I am a little bit late but for future reference there are no wireless ac devices that have libre firmware, they all require blobs so do the USB 3 ports on that laptop. The intel wi-fi chips will never be freed either. 4GB RAM and a crappy 5.4K 500gb drive was pathetic - in 2010. The best laptop choice is the lenovo G505S, which supports (real) coreboot, 16gb ram and is pre-AMD PSP (amds version of ME).
Re: [gentoo-user] java replacement
On 01/25/2017 05:03 AM, Bill Kenworthy wrote: The java 8u112 download that the latest oracle java pulls in requires an invasive questionnaire to create an Oracle account to enable the download. I was using iced-tea at one stage but found the android sdk didn’t work well with it - is there a less objectionable java source than oracle that has a compatible java? BillK "Why does radio-shack ask for your phone number why you buy batteries!" Always good to not put up with this crap, I like to feed them obviously fake information when I need something from a place that insists on doing this. I purchased some hardware (at a physical store with cash none the less) recently and the cashier asked for my information and was annoyingly insistent[1] so I gave them "John Smith at 123 1st Street" as she audibly sucked her teeth. The more people put up with this stuff the more bad things will happen - two police officers recently were murdered in france because a terrorist got their address off the internet and paid them a visit. [1]I presume they get a bonus for how many marketing emails/information they collect.
Re: [gentoo-user] The final of free software
On 01/08/2017 11:44 AM, Dominus Mundi wrote: sume time ago i blessed sume gentooers with technological advantage to the future. I had good intentions but litel did i now that it would lead to the free software wars. Upon returning to my time I fund that free software was dead. Popular free sofware projects replaced by government controled forks. We held a comite at my time and concluded that it wus not posible to unscrew this mess without also hurting the porn industrie whish is unaceptable so we voted on just giving gentooers a heads up. We also considered killing Donald Trump before he passes the one kernel law but unfortunately due to the grandfather paradox and other freaky stuf past asesinations are forbiden by the intergalactic constitution so brace yourselfes because the free software wars are about to begin and it's gonna be bloody. Our hope is that this message will trigger a reaction that will cause gentoo to be selected as the US Government approved distro for use in the US and conquered territories (whish in a short time will cover most of the planet). May the light that radiates from the primeval hole shine upon all gentooers! -- Securely sent with Tutanota. Claim your encrypted mailbox today! https://tutanota.com Damn what drugs are you on man.
Re: [gentoo-user] New box
On 12/30/2016 11:43 AM, lee wrote: "taii...@gmx.com" <taii...@gmx.com> writes: On 12/30/2016 08:39 AM, lee wrote: the...@sys-concept.com writes: I'm putting a new system, it will be running mainly, VirtualBox, [...] If you want a rock solid machine with lots of cores and RAM and very capable of powering VMs, the HP Z800 is worthwhile to check out. [...] You can build a system with a (new) KGPE-D16, two used 6276 processors and used 64gb ecc ram for only around $500 which will net you a 32 core computer that can run blob free no microcode coreboot that supports max 256GB RDIMM RAM. Including an excellent 850W power supply, a good case, SAS RAID controller and a graphics card? The 6276 is a more power hungry than a Xeon and runs at only 2.3GHz (though I don't know how that compares to the Xeon). Power consumption is an issue for me because electricity is way too expensive here. Asus doesn't seem to say anything about coreboot? There is another coreboot compatible (theoretically, but not tested) QP max 1TB (jesus christ) RDIMM RAM G34 motherboard, so you could have 64 cores for only $20 or so per 16 cores. (plus the $30 for a cpu cooler) It's good to have so many options to choose from :) Considering all this, is there a good reason to go for an FX-8350? Ahh good point, I was assuming he already had a case like I did. I have a single 6274 plus graphics card with a *quality* 500watt PSU and it works fine at full load. 6 cores vs 16 cores and coreboot with zero blobs or microcode, IMO the power consumption is greatly worth it. Asus didn't implement coreboot on the kgpe-d16 (asus sucks), it was done by the firmware heroes at raptor engineering. 6276 actually runs at 2.6ghz with turbo assuming you have proper cooling, and 8 cores can turbo to 3.2ghz if the other 8 are in CC6. If you care about linux you will care about free firmware, if we do not care one day microsoft will simply flip a switch and shut us out for good ("secure" boot 2.0 spec does not mandate the option to disable it)
Re: [gentoo-user] New box
On 12/30/2016 08:39 AM, lee wrote: the...@sys-concept.com writes: I'm putting a new system, it will be running mainly, VirtualBox, Asterisk, Hylafax etc. (nothing graphic intensive). - IN WIN BL631 Low Profile Micro ATX Case w/ 300W Power Supply, - AMD FX-8350 Processor 4.0GHz w/ 16MB Cache - Gigabyte GA-78LMT-USB3 w/ DDR3, 7.1 Audio, Gigabit Lan - Kingston HyperX Fury 16GB DDR3-1866MHz CL10 Dual Channel Kit - Samsung 850 EVO Series mSATA Solid State Drive, 1TB - Asus GeForce GT 720 Silent CSM, 2GB, PCI-E w/ D-Sub VGA, DVI, HDMI Will I have any problems installing Gentoo on this configuration, eg. with Video Card etc.? Do I need more RAM? If you want a rock solid machine with lots of cores and RAM and very capable of powering VMs, the HP Z800 is worthwhile to check out. You can get them for good prices here from resellers/ebay, and they are IMO currently the best you can get for your money if you want something like that. Technology has moved on a bit, but you'd spend about twice the money if you buy something new that offers comparable overall performance. The Z820s are still rather pricey. "Top speed" may be higher with the AMD, but I think it will have a hard time beating the overall performance of 2 Xeons with 6x2 cores each and 48GB RAM (or whatever configuration you get) when you load it with VMs and start compiling stuff. IF that's an issue for you: I've measured the power consumption of a Z800 with two X5675, 48GB RAM and a GTX770: 130W at idle, which I think is amazing. It can reach about 600W when compiling, with the graphics card working hard and 6 spinning 3.5" disks. There are no issues with temperatures or anything, and they are pretty quiet. The power supplies they have are impressive. I've seen the lights go out for like half a second or so, and I expected the machines to go down, but they kept running as if nothing happened. You can run Gentoo, Debian and Fedora on them. If you run Xen on it, limit cstates to 1 or you may see random freezes. I wouldn't change mine for anything less than a Z820. I used to build my machines from parts, and I quit doing that because it isn't worthwhile when you can just get a Z800 which offers more for half the money. Other than that, as others have already said, you're probably better off with at least 32GB and a better PSU. I also don't store data or a system on a single disk with no redundancy, except for backups. (A Z800 has four 3.5" bays, and you can get adapters for 2.5" disks that plug in. You could use 2x72GB 2.5" 15k SAS disks which you can get very cheaply for the system, put everything else on your SSD and use a 3.5" SATA disk for backups.) You can build a system with a (new) KGPE-D16, two used 6276 processors and used 64gb ecc ram for only around $500 which will net you a 32 core computer that can run blob free no microcode coreboot that supports max 256GB RDIMM RAM. There is another coreboot compatible (theoretically, but not tested) QP max 1TB (jesus christ) RDIMM RAM G34 motherboard, so you could have 64 cores for only $20 or so per 16 cores. (plus the $30 for a cpu cooler)
Re: [gentoo-user] New box
On 12/30/2016 07:54 AM, Alan McKinnon wrote: On 30/12/2016 14:12, Neil Bothwick wrote: On Fri, 30 Dec 2016 00:24:36 -0600, Dale wrote: Makes me drool a bit here. I want a 8 core CPU. The only downside, gkrellm won't have enough screen to show each core separately. That's a problem there. lol It already takes up the whole right side on one desktop. I guess I could make the thing shorter to fit them all in. What's the problem, now you have all the justification you need for buying a bigger monitor ;-) I have 8 cores with krells for each, plus for procs, 2 disks and 3 interfaces. And plenty vertical space to spare. 1920x1080 monitor of course :-) I have 16 cores. You can get a g34 16 core 62xx or 63xx opteron for only $10-40, buy two and combine that with a compatible coreboot motherboard and compile times will at last be bearable. Note: the 63xx series needs microcode updates for virtualization, but 62xx works with no microcode at all.
Re: [gentoo-user] Installing Gentoo on a VPS with little RAM
On 12/26/2016 03:45 PM, Francesco Turco wrote: Hello. I have a Vultr VPS instance with Arch Linux but I'd like to replace it with Gentoo Linux. The last time I tried that I couldn't build some packages because the kernel killed gcc after a while. Please notice this VPS instance has only 768 MiB of RAM. What can I try besides removing -pipe from C(XX)FLAGS and setting MAKEOPTS to -j1? Should I add a swap partition? Currently there's only a single root btrfs filesystem with @, @boot and @home subvolumes. Btrfs doesn't support a swap file as far as I know. My VPS is currently used for the following things: - Static personal website - Shaarli (PHP application with no database) - Tiny Tiny RSS (PHP application with database) - ZNC server Thanks. How about do a distributed compile via an SSH tunnel?
Re: [gentoo-user] from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 & Youtube... Audio: No
On 12/19/2016 05:50 PM, Dale wrote: lee wrote: Daniel Freywrites: On 12/19/2016 10:15 AM, lee wrote: "Walter Dnes" writes: Similarly, the vast majority of home users have a machine with one ethernet port, and in the past it's always been eth0. Since 10 years or so, the default is two ports. Not in any of the computers I've built. Generally only high end or workstation/server boards have two ports. i.e. not what the typical home user would buy. It is not reasonable to assume that a "typical home user" would want a computer with a crappy board to run Linux on it (or for anything else). If they are that cheap, they're better off buying a used one. When they are sufficiently clueless to want something like that, what does it matter what the network interfaces are called. I built my current rig just a few years ago. It has one ethernet port on it. Since it didn't work right, bad drivers I guess, I added a card to have the second port. The rig I built before that, it also had one ethernet port. I might add, I didn't buy a "crappy board" either. The first was Abit which was the top rated brand at the time and my current board is Gigabyte, another highly rated board at the time I bought it. As Daniel points out, you have to get into some pretty high end boards before you get two ethernet ports. Just for giggles, I went and looked at Asus boards, currently highly rated. I had to get up around the $400 range to find two ports. Most computers built for home use, and even some, maybe most, business computers, only have one port. It's all they need. I might also add, I have a lot of friends that give me their old computers. Of all the puters I have ever seen, they had one ethernet port. Over the past decade or so, I've likely stripped out a few dozen computers for parts. Not one of them had two ethernet ports. I'm with Daniel on this one. Dale :-) :-) I too have never seen a non server board with more than one embedded network interface. I have an expensive server board that features two ethernet ports but I really hate the removal of the ethX scheme, sometimes they get detected in the wrong order and ethX is way easier to type than ens1s0 or what not. It is just another swell example of the pottering-eqsue corruption of the free software movement.
Re: [gentoo-user] [OT] SCSII Adapter ?
On 12/18/2016 10:28 PM, meino.cra...@gmx.de wrote: taii...@gmx.com <taii...@gmx.com> [16-12-19 03:57]: On 12/17/2016 11:31 PM, meino.cra...@gmx.de wrote: Hi, I searched for this on the Web and the only one I found, which is available, seems to be a Windows-only product (needs Windows drivers). May be someone on this list knows a solution: Is there any "something"-to-SCSII-adapter, which can be used with Linux, and which is not a "hardisk only" one? With "something" I mean an interface, which is common on modern PCs like USB, SATA, Firewire... Thank you very much for any help in advance! Cheers Meino PCI-e ok? You can pick up a cheap server pull pci-e scsi HBA off of ebay, just check the kernel compatibility lists for that chipset. A RAID card is also an option however some do not provide pass-through (HBA) mode. Hi Talidan, PCI-e unfortunately is not an option (and I didn't mentioned it, sorry), because there is no space in my PC anymore. All slots are occupied - only one is free and that one is behind the double-widthed graphics card. Am I out of luck or are there other options? Cheers Meino Uhh curious is this for a tape drive? Perhaps an autoloader? seems like the only reason you'd be putting so much time and effort in to this is for one of those. https://web.archive.org/web/20161109002310/http://adaptec.com/en-us/support/_eol/usb_scsi/usbxchange// http://lkml.iu.edu/hypermail/linux/kernel/0509.1/1976.html Boom! - adaptec usbxchange Took me 5mins to find this... Slow, and $150 or so on ebay so pricey too. No idea if it works with newer kernels but this is a start. If you want more slots you can always buy an external pci-e expansion system such as the ones from cyclone microsystems, expensive but if you need em you need em and they support PCI-e ACS.
Re: [gentoo-user] [OT] SCSII Adapter ?
On 12/17/2016 11:31 PM, meino.cra...@gmx.de wrote: Hi, I searched for this on the Web and the only one I found, which is available, seems to be a Windows-only product (needs Windows drivers). May be someone on this list knows a solution: Is there any "something"-to-SCSII-adapter, which can be used with Linux, and which is not a "hardisk only" one? With "something" I mean an interface, which is common on modern PCs like USB, SATA, Firewire... Thank you very much for any help in advance! Cheers Meino PCI-e ok? You can pick up a cheap server pull pci-e scsi HBA off of ebay, just check the kernel compatibility lists for that chipset. A RAID card is also an option however some do not provide pass-through (HBA) mode.
Re: [gentoo-user] from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 & Youtube... Audio: No
On 12/17/2016 08:56 PM, Walter Dnes wrote: I'm running Pale Moon. In an xterm, I did... export SSLKEYLOGFILE=/dev/shm/sslkeylogfile.txt ...and launched Pale Moon manually from the commandline. nd visited a couple of https sites. I did get /dev/shm/sslkeylogfile.txt which begins with the line... # SSL/TLS secrets log file, generated by NSS Following that are a bunch of lines starting with... CLIENT_RANDOM ...followed by a space, followed by 161 random hex-numeric characters i.e. [0-9a-f]. I also saw a line beginning with... RSA ...followed by a space, followed by 113 random hex-numeric characters i.e. [0-9a-f]. If you plan to do this regularly, your program launcher will need to launch bash scripts with seperate filenames for each profile. Maybe append date-time stamp to filenames to avoid multiple sessions overwriting each other. As for privacy, there are the usual features, like... * asking sites to not track (don't trust that) * control of which sites to accept/refuse regular cookies, and 3rd-party cookies, from * whether or not to clear browsing and download history * private browsing session random - I have always wondered why none of the "user respecting" forks nor mozilla have any serious efforts to thwart browser fingerprinting, private browsing session is simply a misnomer without it.
Re: [gentoo-user] from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 & Youtube... Audio: No
On 12/17/2016 04:57 PM, Marc Joliet wrote: On Saturday 17 December 2016 19:20:03 Heiko Baums wrote: Am 17.12.2016 um 15:58 schrieb Rich Freeman: [...] If you don't think the guides on how to install Gentoo on a Pi are good enough, then play around with it until you figure it out, and then post an article on the Wiki. Didn't you read my e-mail? I don't want to have Gentoo on my Pi, because this would destroy the advantage of the Pi, its low power consumption. Well, maybe I will install Gentoo on the Pi once, just for fun, but that's not the question here. Looks like somebody hasn't heard of cross-compiling! Perhaps check out sys- devel/crossdev and/or ask on the gentoo-embedded mailing list. In fact, in this particular case I *will* provide you with a link: https://wiki.gentoo.org/wiki/Raspberry_Pi_Cross_building I didn't ask for a howto for installing Gentoo on a Pi, I asked for a howto for getting rid of systemd on recent versions of Arch Linux, Debian, Raspbian, Ubuntu, Fedora etc. You said it's possible and I'm not forced to use systemd, so I guess you know how and can explain it to me. Aha, so it's not enough that there are distros *right now* that let you avoid systemd (e.g., Gentoo, Funtoo, Devuan, Knoppix), it has to be one of *those particular* distros. [...] Viele Grüße Funtoo, knoppix and devuan are not serious professional grade distros, two of those are in beta and gentoo isn't something you want on most production servers. You can't be seriously suggesting that hobbyist distros with one or two developers and bad security policies is a serious replacement for the systemd corrupted distros can you? For some reason everyone in this thread also seems to be making this about sysvinit vs systemd rather than systemd vs sysvinit and openRC...
Re: [gentoo-user] from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 & Youtube... Audio: No
What makes it better than icecat, iceweasel, foxcat, and so on? On 12/17/2016 12:59 AM, Walter Dnes wrote: On Fri, Dec 16, 2016 at 11:27:08PM +0100, Miroslav Rovis wrote There, the few sentences, but the topic really is serious, will Firefox, from Firefox52, in my machine, and in people who don't want Pulseaudio, like I don't want it, be silent really from Firefox52, as some Mozilla devs of a ...particular kind, promised, repeatedly on that Mozilla bug page. An alternative to Firefox is Pale Moon, http://linux.palemoon.org/ Disclosure... I'm involved as a volunteer with the Pale Moon project.
[gentoo-user] Boot freeze/kthreadd stack trace - AMD_PMU_INIT
Specs: blob free coreboot on a kgpe-d16 (amd opteron) Happens with both the livecd/usb and a kernel I compiled on another machine (however with that one I simply get a black screen and a bootloop) Other distros kernels work fine, it is just gentoo. The livecd and compiled kernel work fine on all my other computers/VMM's. Upon loading I get to amd performance counters, it freezes and 5-10 secs later I receive stack trace for kthreadd "hung" (amd_pmu_init - seems to be the primary reason) I never get to a login prompt. It isn't microcode related as I removed the microcode packages from the other distros I tried. Any ideas? Is there any additional info that would be helpful? How can I dump the boot text?