Re: [gentoo-user] install from stage1: why gcc-3.3.6?
Qiangning Hong wrote: Well, whatever, I add =sys-devel/gcc-3.4.4 to /etc/portage/packae.unmask and find that gcc-3.3.6 still is to be emerged: # emerge -ept system | grep gcc [ebuild N] sys-devel/gcc-3.3.6 [ebuild N] sys-devel/gcc-3.4.4 [ebuild N] sys-devel/gcc-config-1.3.11-r4 And from the tree output, I find that gcc-3.4.4 is listed as a dependence of gcc-3.3.6. ??? Actually, this means 3.3.6 is a dependancy of 3.4.4 (dependancies are shown at higher levels). Looking at the gcc-3.4.4 ebuild, I find this: PDEPEND=sys-devel/gcc-config x86? ( !nocxx? ( !elibc_uclibc? ( !build? ( || ( sys-libs/libstdc++-v3 =sys-devel/gcc-3.3* ) ) ) ) ) So it seems that gcc 3.3 is a dependancy of 3.4 for the stdc++ library. Thus I think you also need to accept ~x86 for sys-libs/libstdc++-v3 in package.keywords. If that doesn't help, try posting the output of emerge --info. -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] install from stage1: why gcc-3.3.6?
Javier Uribe wrote: Hi. you do this echo sys-devel/gcc ~x86 /etc/portage/package.keywords echo sys-libs/glibc ~x86 /etc/portage/package.keywords echo sys-libs/libstdc++-v3 ~x86 /etc/portage/package.keywords echo sys-devel/gcc-config ~x86 /etc/portage/package.keywords Um, do not copy and paste these directly, as they will destroy your package.keywords file You need to replace all '' with ''. -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Stale Samba in Portage
On Mon, 01 Aug 2005 16:58:56 -0700, Zac Medico wrote: The problem with using things like USE and ACCEPT_KEYWORDS directly on the command line is that the next time you go to upgrade that package or do emerge -u world, Your package specific USE and ACCEPT_KEYWORDS settings will have been forgotten. You can make them persistent if you keep them in package.use and package.keywords. The other problem is that the keywords apply to the entire command, so any dependencies are also merged with that setting, whereas package.keywords only applies to the specific package. -- Neil Bothwick CW music backward: get yer dog, wife, job, truck, kids, and sobriety back. pgpWN1GQaB8KT.pgp Description: PGP signature
Re: [gentoo-user] [OT, game-related,long] Changing file dates?
Iain Buchanan schreef: On Mon, 2005-08-01 at 13:09 +0200, Holly Bostick wrote: Hi, all-- [snip] [1] There are two ways to install Morrowind. You can install it under Wine or Cedega using the regular Setup.exe, or you can install it via a script found at Loki Installers for Linux Gamers (http://liflg.org ). could you provide the specific script (or link to it), rather than just the liflg main page? thanks, Sure. Don't know why you need it; there's a menu right on the side of the front page. Downloads = wine(x) (after all, you know Morrowind ain't native) = morrowind (click more link) takes you to the page http://www.liflg.org/?catid=7gameid=38 (I'm not linking directly to the script; that's not only rude, but it's 19 MB, and everybody doesn't have broadband). Anyway, I linked to the main page because there's a lot of scripts for installing both native and wine(x) games that people might have been glad to know about and (I thought) that finding the link to Morrowind specifically wasn't hard, so I wanted to make sure that people had the chance to see the full site.. Sorry for the difficulty. Holly -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Upgrading KDE
Do: # equery depends kdebase Then: # emerge unmerge package_name to all kde-related packages.. You should then be able to upgrade KDE. Hope that helps, Fernando. On 7/31/05, Daniel D Jones [EMAIL PROTECTED] wrote: Currently running KDE 3.3.I get the following:[EMAIL PROTECTED]:/# emerge --pretend kde-metaThese are the packages that I would merge, in order:Calculating dependencies ...done![blocks B ] =kde-base/kdebase- 3.4* (is blockingkde-base/kscreensaver-3.4.1)[blocks B ] =kde-base/kdebase-3.4* (is blocking kde-base/khotkeys-3.4.1)[blocks B ] =kde-base/kdebase-3.4* (is blocking kde-base/kdesu-3.4.1)[blocks B ] =kde-base/kdebase- 3.4* (is blockingkde-base/kdebase-data-3.4.1)[blocks B ] =kde-base/kdebase-3.4* (is blocking kde-base/kcminit-3.4.1)[blocks B ] =kde-base/kdebase-3.4* (is blockingkde-base/khelpcenter-3.4.1-r1) [blocks B ] =kde-base/kdebase-3.4* (is blockingkde-base/kcontrol-3.4.1-r1)[blocks B ] =kde-base/kdebase-3.4* (is blocking kde-base/kdm-3.4.1)[blocks B ] =kde-base/kdebase-3.4* (is blockingkde-base/kdebugdialog- 3.4.1)[blocks B ] =kde-base/kdebase-3.4* (is blocking kde-base/libkonq-3.4.1)[blocks B ] =kde-base/kdebase-3.4* (is blocking kde-base/kicker-3.4.1)[blocks B ] =kde-base/kdebase-3.4* (is blocking kde-base/kappfinder- 3.4.1)[blocks B ] =kde-base/kdebase-3.4* (is blockingkde-base/ksysguard-3.4.1-r1)And lots more, of course.Do I really have to uninstall 3.3 toinstall 3.4?-- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] install from stage1: why gcc-3.3.6?
On Tue, Aug 02, 2005 at 12:25:53PM +0800, Qiangning Hong wrote: On 8/2/05, Craig Duncan [EMAIL PROTECTED] wrote: Qiangning Hong wrote: The gcc version on livecd (2004.3) is 3.3.x, but I want use -march=pentium-m in my CFLAGS and gcc 3.3.x doesn't support it. So I add the following line in /etc/portage/package.keywords: sys-devel/gcc ~x86 gcc-3.3.6? I don't need it! I have gcc-3.4.4 unmasked! No, package.keywords is architecture specific, to unmask a package, add it to /etc/portage/package.unmask. I thought there is a kind of mask named mask by KEYWORDS :) Well, whatever, I add =sys-devel/gcc-3.4.4 to /etc/portage/packae.unmask and find that gcc-3.3.6 still is to be emerged: # emerge -ept system | grep gcc [ebuild N] sys-devel/gcc-3.3.6 [ebuild N] sys-devel/gcc-3.4.4 [ebuild N] sys-devel/gcc-config-1.3.11-r4 And from the tree output, I find that gcc-3.4.4 is listed as a dependence of gcc-3.3.6. ??? What further I need to do to get rid of installing gcc-3.3.6 in my system? From http://gentoo-wiki.com/HOWTO_Migrate_to_GCC_3.4: emerge -C =gcc-3.3.6 you can probably also do: emerge -P gcc BTW, gcc-3.4 depends on gcc-3.3 for its version of libstdc++. If you remove gcc-3.3, your emerge -ept system should install libstdc++-v3 instead. Hope it helps, Adrian -- Adrian Frith - UCT Comp.Sci. Student - UNIX Geek Many that live deserve death. And some that die deserve life. Can you give it to them? Then do not be too eager to deal out death in judgement. -- Gandalf the Grey, Lord of the Rings Book One Chapter II pgp9XbLVdECFk.pgp Description: PGP signature
Re: [gentoo-user] install from stage1: why gcc-3.3.6?
Javier Uribe schreef: El Mar 02 Ago 2005 01:13, Qiangning Hong escribió: Doesn't work. gcc-3.3.6 is still in the emerge list. GCC 3.3.X is necessary to compile GCC 3.4. it follows with confidence greetings In case this is not clear-- --the idea is that you need a compiler to compile the new version of GCC. (It's obvious when you think about it.) Thus you need gcc-3.3.6 to compile gcc-3.4.4. What you then have to do is change your 'standard' gcc to 3.4.4, if it is not changed already, using gcc-config. Then you have to compiled gcc-3.4.4 again, and now you will be using gcc-3.4.4 to compile gcc-3.4.4. Then you have to clean the rest of the toolchain (which was also compiled using gcc-3.3.6), by compiling that using gcc-3.4.4. Then you should be more-or-less safe to remove gcc-3.3.6. I've done this myself; it's like 2.5 emerge-e worlds, but there are several scripts posted on the forums to automate this as much as is possible. http://forums.gentoo.org/viewtopic-t-282474.html http://forums.gentoo.org/viewtopic-t-345229.html http://forums.gentoo.org/viewtopic-t-189250.html HTH, Holly -- gentoo-user@gentoo.org mailing list
[gentoo-user] ethernet speed
Hi folks, if a gigabit ethernet card is set to auto detect speed and duplex mode, how can I find out how it actually connects? I poked around in /proc but didn't find anything useful. Uwe -- 95% of all programmers rate themselves among the top 5% of all software developers. - Linus Torvalds http://www.uwix.iway.na (last updated: 20.06.2004) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Can't emerge www-client/mozilla-1.7.10-r1 (kernel bug?)
On Mon, 2005-08-01 at 17:24 -0700, Zac Medico wrote: Hi Zac, Hi Jules, Jules Colding wrote: Hi, I can't emerge mozilla-1.7.10-r1. I don't know if this is just me or if anyone else is seeing the same, but here is what I got. Output and info below. snip (lots of text) What was the solution to the segault that you reported when you tried to remerge automake and autoconf? There are still occasional segfaults during mkdir -p operations in the mkinstalldirs script when I do make install of various packages. I have no clue why but re-running make install makes make pass over where the error was and continue. Very weird indeed... If you suspect hardware problems then you should try the memtest script mentioned by Francesco in this thread: I did something like that. I emerged memtest86plus as a boot option and let it do its thing during the night. It didn't find anything though. I tried the aforementioned script just to see if that picked up anything. Lo and behold... it segfaulted in mkdir. I am beginning to suspect a subtle reiserfs (mounted with noatime and notail) bug as I am only seeing segfaults with mkdir and only under high load. There was something in /var/log/messages as well. Script, output, log and info below. Regards, jules # memtest.sh # #!/bin/bash # # memtest.sh # # Shell script to help isolate memory failures under linux # # Author: Doug Ledford + contributors # # (C) Copyright 2000-2002 Doug Ledford; Red Hat, Inc. # This shell script is released under the terms of the GNU General # Public License Version 2, June 1991. If you do not have a copy # of the GNU General Public License Version 2, then one may be # retrieved from http://people.redhat.com/dledford/GPL.html # # Note, this needs bash2 for the wait command support. # This is where we will run the tests at TEST_DIR=/home/colding/tmp # The location of the linux kernel source file we will be using if [ -z $SOURCE_FILE ]; then SOURCE_FILE=$TEST_DIR/linux.tar.gz fi if [ ! -f $SOURCE_FILE ]; then echo Missing source file $SOURCE_FILE exit 1 fi # How many passes to run of this test, higher numbers are better if [ -z $NR_PASSES ]; then NR_PASSES=1 fi # Guess how many megs the unpacked archive is if [ -z $MEG_PER_COPY ]; then MEG_PER_COPY=$(ls -l $SOURCE_FILE | awk '{print int($5/1024/1024) * 4}') fi # How many trees do we have to unpack in order to make our trees be larger # than physical RAM? If we don't unpack more data than memory can hold # before we start to run the diff program on the trees then we won't # actually flush the data to disk and force the system to reread the data # from disk. Instead, the system will do everything in RAM. That doesn't # work (as far as the memory test is concerned). It's the simultaneous # unpacking of data in memory and the read/writes to hard disk via DMA that # breaks the memory subsystem in most cases. Doing everything in RAM without # causing disk I/O will pass bad memory far more often than when you add # in the disk I/O. if [ -z $NR_SIMULTANEOUS ]; then NR_SIMULTANEOUS=$(free | awk -v meg_per_copy=$MEG_PER_COPY 'NR == 2 {print int($2*1.5/1024/meg_per_copy + (($2/1024)%meg_per_copy = (meg_per_copy/2)) + (($2/1024/32) 1))}') fi # Should we unpack/diff the $NR_SIMULTANEOUS trees in series or in parallel? if [ ! -z $PARALLEL ]; then PARALLEL=yes else PARALLEL=no fi PARALLEL=yes if [ ! -z $JUST_INFO ]; then echo TEST_DIR: $TEST_DIR echo SOURCE_FILE:$SOURCE_FILE echo NR_PASSES: $NR_PASSES echo MEG_PER_COPY: $MEG_PER_COPY echo NR_SIMULTANEOUS:$NR_SIMULTANEOUS echo PARALLEL: $PARALLEL echo exit fi cd $TEST_DIR # Remove any possible left over directories from a cancelled previous run rm -fr linux linux.orig linux.pass.* # Unpack the one copy of the source tree that we will be comparing against tar -xzf $SOURCE_FILE mv linux linux.orig i=0 while [ $i -lt $NR_PASSES ]; do j=0 while [ $j -lt $NR_SIMULTANEOUS ]; do if [ $PARALLEL = yes ]; then (mkdir $j; tar -xzf $SOURCE_FILE -C $j; mv $j/linux linux.pass.$j; rmdir $j) else tar -xzf $SOURCE_FILE mv linux linux.pass.$j fi j=`expr $j + 1` done wait j=0 while [ $j -lt $NR_SIMULTANEOUS ]; do if [ $PARALLEL = yes ]; then (diff -U 3 -rN linux.orig linux.pass.$j; rm -fr linux.pass.$j) else diff -U 3 -rN linux.orig linux.pass.$j rm -fr linux.pass.$j fi j=`expr $j + 1` done wait i=`expr $i + 1` done # Clean up after ourselves rm -fr linux linux.orig linux.pass.* # Complete script output # ./memtest.sh: line 107: 19536 Segmentation fault mkdir $j ./memtest.sh: line 107: 19553 Segmentation fault mkdir $j Inconsistency detected by ld.so: dynamic-link.h: 151: elf_get_dynamic_info: Assertion `info[20]-d_un.d_val == 7' failed! Inconsistency detected by ld.so: dynamic-link.h: 151: elf_get_dynamic_info: Assertion
Re: [gentoo-user] ethernet speed
Uwe Thiem wrote: Hi folks, if a gigabit ethernet card is set to auto detect speed and duplex mode, how can I find out how it actually connects? I poked around in /proc but didn't find anything useful. Uwe With normal 100Mbs card I can see the speed and duplex if I do: tail -f /var/log/everything/current Maybe it will work for you. Greetings, Rhywek. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ethernet speed
On Tuesday 02 August 2005 10:42, Uwe Thiem wrote: if a gigabit ethernet card is set to auto detect speed and duplex mode, how can I find out how it actually connects? I poked around in /proc but didn't find anything useful. mii-tool, part of net-tools. And please don't reply to an existing message to start a new thread. -- Mike Williams -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Trouble compiling Xine-lib 1.1.0
Martin Larsson wrote: I'm getting the following error while trying to compile Xine-lib 1.1.0: dsputil_mmx_avg.h:109: error: can't find a register in class `BREG' while reloading `asm' Go to http://bugs.gentoo.org/query.cgi and search for the error. You need to get rid of fPIC from USE, or update your linux-headers. Benno -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ethernet speed
On 02 August 2005 11:41, Mike Williams wrote: On Tuesday 02 August 2005 10:42, Uwe Thiem wrote: if a gigabit ethernet card is set to auto detect speed and duplex mode, how can I find out how it actually connects? I poked around in /proc but didn't find anything useful. mii-tool, part of net-tools. Thanks. Unfortunately, it doesn't seem to know anything about Gb ethernet. :-( And please don't reply to an existing message to start a new thread. Alright. Uwe -- 95% of all programmers rate themselves among the top 5% of all software developers. - Linus Torvalds http://www.uwix.iway.na (last updated: 20.06.2004) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ethernet speed
On Tue, 2 Aug 2005 12:30:46 +0100, Uwe Thiem wrote: mii-tool, part of net-tools. Thanks. Unfortunately, it doesn't seem to know anything about Gb ethernet. :-( Use ethtool [EMAIL PROTECTED] ~]# ethtool eth0 Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised auto-negotiation: Yes Speed: 100Mb/s Duplex: Full Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: on Link detected: yes This correctly identifies that I have a Gb interface, although it's connected to a 100Mb switch. -- Neil Bothwick A computer program does what you tell it to do, not what you want it to do. pgpCquQyr83Gm.pgp Description: PGP signature
Re: [gentoo-user] Can't emerge xmms plugins
Christian Floeter wrote: I have problems emerging standard xmms plugins, like xmms-mikmod, xmms-mpg123, xmms-vorbis, xmms-oss, xmms-esd, xmms-alsa and xmms-cdaudio. All of these produce the same error while emerging (the following was produced by xmms-mikmod): Have you tried: # revdep-rebuild to see if you have any libraries out of sync? --Kurt -- gentoo-user@gentoo.org mailing list
[gentoo-user] open office icons messed up
Hi, The icons on the toolbars of oofice look like crap; mostly black and I can't make anything out of them. I reinstalled oofice and still same problem. Would it help to install from binary package rather than from sources ? Thanks, Catalin -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Emerge kde-3.4.2 failed.
On Sunday 31 July 2005 23:15, Tony Davison wrote: On Sunday 31 July 2005 22:59, Zac Medico wrote: MAKE_OPTS=-j1 -s CFLAGS =-02 -march=i686 -fomit-frame-pointer -pipe CXXFLAGS= ${CFLAGS} CHOST =i686-pc-linux-gnu Any ideas guys? It's supposed to be MAKEOPTS, not MAKE_OPTS., and make -s means silent so you might get more clues if you take that out. I'll try that. Don't remember adding it anyway. The make_opts is a typo :-) then I had to less make.conf anyway to check the cflags. Update on this problem. Tried Zac's suggestion to get more output from make but it failed in a different module, same failure 'no target' . Commented out all the kde apps in my package.keywords in an attempt to roll back to a complete kde 3.4.1, same collection of make failures. aARGH. Rebuilt Gcc (3.4.4) glibc and binutils, success, now back where we started with a working 3.4.1. I have now rebuilt libxml, libxml2 and libsxlt with 'debug' set. Going to try for 3.4.2 later this evening. -- Tony Davison [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
[gentoo-user] Stage 1 install with GCC4
Is it possible to use GCC 4 to do a stage 1 compile? I kknow its still not stable but I am experimenting with a very old box and would like the extra optimizations that GCC 4 has. Anybody have a clue? -Mike-- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
[gentoo-user] PHP5 Quick Question
Is there a way to build the php 5 extensions (I.E. GD, mysql, etc) as external libraries instead of compiling it all into the core? I assume this is the sharedext flag but I want to make sure before I go try it and muck things up. -Mike-- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] open office icons messed up
On Tuesday 02 August 2005 16:54, Catalin Trifu wrote: Hi, The icons on the toolbars of oofice look like crap; mostly black and I can't make anything out of them. I reinstalled oofice and still same problem. Would it help to install from binary package rather than from sources ? Thanks, Catalin Hi, I have binary 1.1.4-r1 with the same problem, so dint wase time emerging binary. 'Cause everything is on menus I didnt search for fix. Martins -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] open office icons messed up
Catalin Trifu wrote: Hi, The icons on the toolbars of oofice look like crap; mostly black and I can't make anything out of them. I reinstalled oofice and still same problem. Would it help to install from binary package rather than from sources ? Thanks, Catalin There was a small thread on this issue (which I have as well) on 7/16. It is quoted below: Bugzilla Bug #96053 There's lots affected so hopefully it will be fixed soon. In the meantime roll back to previous xorg and mask the current one out. BillK -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] PHP5 Quick Question
On Tue, 2 Aug 2005, Michael Crute wrote: Is there a way to build the php 5 extensions (I.E. GD, mysql, etc) as external libraries instead of compiling it all into the core? I assume this is the sharedext flag but I want to make sure before I go try it and muck things up. Most of the extensions are external libraries though there are one or two USE flags to explicitly configure it (such as gd-external etc). -- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] ethernet speed
On 02 August 2005 12:49, Neil Bothwick wrote: On Tue, 2 Aug 2005 12:30:46 +0100, Uwe Thiem wrote: mii-tool, part of net-tools. Thanks. Unfortunately, it doesn't seem to know anything about Gb ethernet. :-( Use ethtool Thanks! That is exactly what the doctor has prescribed. Uwe -- 95% of all programmers rate themselves among the top 5% of all software developers. - Linus Torvalds http://www.uwix.iway.na (last updated: 20.06.2004) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] PHP5 Quick Question
Hmm... for some reason when I emerged PHP 5 it built all the extensions into the core and now its running very slow (4 ms for most pages as opposed to .007 ms for the same page under PHP 4) my use flags are... dev-db/php apache2 mysql xml xml2 msession gd bcmath bzip2 calendar curl ftp iconv odbc ldap snmp imap memlimit mhash mysqli posix simplexml sharedmem soap sockets threads tidy wddx xmlrpc xsl exif cpdflib mime session Am I missing something? -MikeOn 8/2/05, A. Khattri [EMAIL PROTECTED] wrote: On Tue, 2 Aug 2005, Michael Crute wrote: Is there a way to build the php 5 extensions (I.E. GD, mysql, etc) as external libraries instead of compiling it all into the core? I assume this is the sharedext flag but I want to make sure before I go try it and muck things up.Most of the extensions are external libraries though there are one or twoUSE flags to explicitly configure it (such as gd-external etc). gentoo-user@gentoo.org mailing list-- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] PHP5 Quick Question
Hi, On Tue, 2 Aug 2005 10:32:21 -0400 Michael Crute [EMAIL PROTECTED] wrote: Is there a way to build the php 5 extensions (I.E. GD, mysql, etc) as external libraries instead of compiling it all into the core? I assume this is the sharedext flag but I want to make sure before I go try it and muck things up. $ grep sharedext /usr/portage/profiles/use.desc sharedext - Adds support for building shared extensions in php sounds good, doesn't it ;-)? Regarding the gd-external A. Khattri mentioned, I think this is to make php use a separately compiled (by emerging it as a dependency) GD lib instead of using the sources that php has integrated. -hwh -- gentoo-user@gentoo.org mailing list
[gentoo-user] NFS configuration (tcp/ip MythTV)
Hi, I have set up a large NFS mount for use as remote storage for our MythTV server. It works, but since setting it up the mythbackend program has twice shut down in the middle of the night. Prior to setting up this storage mythbackend had never, to the best of my knowledge, ever shut down unexpectantly. Obviously I'm suspicious that this change is the root cause. From the MythTV-Users list I've seen people talking about using NFS devices but recommending that they be set up with TCP instead of UDP. So far I haven't yet found any Gentoo docs on how to do this. Any comments on whether this is likely to yield better results and how I might look at going about it? Pointers to the right Gentoo docs much appreciated. Thanks, Mark -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] PHP5 Quick Question
Well grepping that file is a nice trick that I didnt know. Thanks! Thats what I needed to know. -MikeOn 8/2/05, Hans-Werner Hilse [EMAIL PROTECTED] wrote: Hi,On Tue, 2 Aug 2005 10:32:21 -0400Michael Crute [EMAIL PROTECTED] wrote: Is there a way to build the php 5 extensions (I.E. GD, mysql, etc) as external libraries instead of compiling it all into the core? I assume this is the sharedext flag but I want to make sure before I go try it and muck things up.$ grep sharedext /usr/portage/profiles/use.descsharedext - Adds support for building shared extensions in php sounds good, doesn't it ;-)?Regarding the gd-external A. Khattri mentioned, I think this is tomake php use a separately compiled (by emerging it as a dependency) GDlib instead of using the sources that php has integrated. -hwh--gentoo-user@gentoo.org mailing list-- Michael E. CruteSoftware Developer SoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
When you emerge nfs use the tcpd use flag to get TCP support. -MikeOn 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: Hi, I have set up a large NFS mount for use as remote storage for ourMythTV server. It works, but since setting it up the mythbackendprogram has twice shut down in the middle of the night. Prior tosetting up this storage mythbackend had never, to the best of my knowledge, ever shut down unexpectantly. Obviously I'm suspicious thatthis change is the root cause. From the MythTV-Users list I've seen people talking about using NFSdevices but recommending that they be set up with TCP instead of UDP. So far I haven't yet found any Gentoo docs on how to do this. Any comments on whether this is likely to yield better results andhow I might look at going about it? Pointers to the right Gentoo docsmuch appreciated. Thanks,Mark--gentoo-user@gentoo.org mailing list-- Michael E. Crute Software DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: From the MythTV-Users list I've seen people talking about using NFS devices but recommending that they be set up with TCP instead of UDP. So far I haven't yet found any Gentoo docs on how to do this. IIRC, there is also a kernel config option that enables NFS over TCP, which you need to enable on the server (maybe also client?). Matt -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
Matthew Cline wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: From the MythTV-Users list I've seen people talking about using NFS devices but recommending that they be set up with TCP instead of UDP. So far I haven't yet found any Gentoo docs on how to do this. IIRC, there is also a kernel config option that enables NFS over TCP, which you need to enable on the server (maybe also client?). You should also add 'tcp' to your mount options in fstab. See 'man mount'. -Richard -- gentoo-user@gentoo.org mailing list
[gentoo-user] can't unload modules
Hello everyone, The ATI FAQ recommends compiling module unloading into the kernel, which I did. Then I tried modprobing the various requisite modules to see what would work, fglrx, radeon, nvidia-agp etc. But I found I couldn't rmmod anything; got FATAL, Module unloading unavailable(something like that). Does that advanced feature under module unloading need to be checked as well? I thought I'd check with the list about it. FAQ doesn't say. -mw __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
Matthew, Michael and Richard, Thanks for the responses. They seem to outline the options pretty clearly. One question - once I get it converted and I think I'm running NFS using tcp, how do I determine that I actually am? Thanks, Mark On 8/2/05, Richard Fish [EMAIL PROTECTED] wrote: Matthew Cline wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: From the MythTV-Users list I've seen people talking about using NFS devices but recommending that they be set up with TCP instead of UDP. So far I haven't yet found any Gentoo docs on how to do this. IIRC, there is also a kernel config option that enables NFS over TCP, which you need to enable on the server (maybe also client?). You should also add 'tcp' to your mount options in fstab. See 'man mount'. -Richard -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
On 02 August 2005 17:43, Mark Knecht wrote: Matthew, Michael and Richard, Thanks for the responses. They seem to outline the options pretty clearly. One question - once I get it converted and I think I'm running NFS using tcp, how do I determine that I actually am? Several possibilities: - Close the NFS UDP port on the server. If it still works you ae using TCP. - Analyse the traffic with tcpdump or some such. - Use netstat. Uwe -- 95% of all programmers rate themselves among the top 5% of all software developers. - Linus Torvalds http://www.uwix.iway.na (last updated: 20.06.2004) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
I would use 'sudo netstat -lp | grep nfs' to see what nfs is listening on. -MikeOn 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: Matthew, Michael and Richard, Thanks for the responses. They seem to outline the options pretty clearly. One question - once I get it converted and I think I'm running NFSusing tcp, how do I determine that I actually am? Thanks,MarkOn 8/2/05, Richard Fish [EMAIL PROTECTED] wrote: Matthew Cline wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote:From the MythTV-Users list I've seen people talking about using NFS devices but recommending that they be set up with TCP instead of UDP. So far I haven't yet found any Gentoo docs on how to do this.IIRC, there is also a kernel config option that enables NFS over TCP, which you need to enable on the server (maybe also client?).You should also add 'tcp' to your mount options in fstab.See 'man mount'. -Richard -- gentoo-user@gentoo.org mailing list--gentoo-user@gentoo.org mailing list -- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] gentoo icons
oh bugger sorry was being lazy didnt realise id hijack your thread :-( On Tue, 2005-08-02 at 19:11 +0100, phil wrote: i dont suppose there is an easy way of using the gentoo icons other than doing each one by hand? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] gentoo icons
There isn't any other way that I know of. If you do build a gentoo theme with the icons though it would be nice if you would share with us on gnome-look or something. -MikeOn 8/2/05, phil [EMAIL PROTECTED] wrote: i dont suppose there is an easy way of using the gentoo icons other thandoing each one by hand?--gentoo-user@gentoo.org mailing list -- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] can't unload modules
Try using 'modprobe -rnv module' and see what errors you get. -MikeOn 8/2/05, maxim wexler [EMAIL PROTECTED] wrote: Hello everyone,The ATI FAQ recommends compiling module unloading intothe kernel, which I did.Then I tried modprobing the various requisite modulesto see what would work, fglrx, radeon, nvidia-agp etc. But I found I couldn't rmmod anything; got FATAL,Module unloading unavailable(something like that).Does that advanced feature under module unloading needto be checked as well? I thought I'd check with the list about it. FAQ doesn't say.-mw__Do You Yahoo!?Tired of spam?Yahoo! Mail has the best spam protection around http://mail.yahoo.com--gentoo-user@gentoo.org mailing list-- Michael E. Crute Software DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
On 8/2/05, Michael Crute [EMAIL PROTECTED] wrote: I would use 'sudo netstat -lp | grep nfs' to see what nfs is listening on. -Mike Thanks Mike, it appears that both ends are currently listening on tcp which is good. However, am I not supposed to also use the tcp mount option on the mythbackend server to tell it to mount /video using tcp? The man pages tell me the default for NFS mounts is udp. Or does the tcp build flag for nfs-utils override all of this? Cheers, Mark -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] Can't emerge xmms plugins
Have you tried using 'beep media player' instead? It is a clone of XMMS (which is dead basically). It uses skins and plugins and looks like xmms. -Original Message- From: Kurt Guenther [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 5:49 AM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Can't emerge xmms plugins Christian Floeter wrote: I have problems emerging standard xmms plugins, like xmms-mikmod, xmms-mpg123, xmms-vorbis, xmms-oss, xmms-esd, xmms-alsa and xmms-cdaudio. All of these produce the same error while emerging (the following was produced by xmms-mikmod): Have you tried: # revdep-rebuild to see if you have any libraries out of sync? --Kurt -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] gentoo icons
phil schreef: i dont suppose there is an easy way of using the gentoo icons other than doing each one by hand? Well, I feel like I came in in the middle of this conversation, so I may be misunderstanding just which icons you mean, but on the main site there are links to 'Gentoo graphic resources': http://www.gentoo.org/dyn/icons.xml http://www.gentoo.org/main/en/name-logo.xml (for the g) http://www.gentoo.org/main/en/graphics.xml (misc graphics that you could chop apart). Holly -- gentoo-user@gentoo.org mailing list
[gentoo-user] Changing volume name of a FAT partition
Is there a way to set or change the volume name of a FAT partition without reformatting it? When using HAL with KDE or Gnome Volume Manager to display icons of USB devices, it uses the volume name, if present, as the icon text, so it would be useful to be able to change this to give a more meaningful label. -- Neil Bothwick the sum of all human intelligence is constant, only the number of humans increases. pgpWB9nZCC8Kz.pgp Description: PGP signature
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
On 8/2/05, Michael Crute [EMAIL PROTECTED] wrote: Using the tcp flag when you mount should override the default behavior for nfs to use udp. I'm not sure if its strictly necessary but what the heck, it can't hurt. -Mike That's what I thought also. However, even though I can see the server is listening on tcp it seems to still have a udp component: dragonfly ~ # netstat -lp | grep nfs tcp0 0 *:nfs *:* LISTEN - udp0 0 *:nfs *:* - dragonfly ~ # This side is the mythbackend server which is mounting the remote NFS partition. The remote nfs server looks the same way. What I can't figure out yet is how to be sure the actual mount happened using tcp. Sure, I placed it in the mount command in fstab: dragonfly ~ # cat /etc/fstab | grep video myth14:/video /video nfs auto,user,rw,_netdev,tcp,rsize=8192 0 0 dragonfly ~ # but how do I know it's being used? And how do I know that the rsize option is being used? Thanks, Mark -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: but how do I know it's being used? And how do I know that the rsize option is being used? Thanks, Mark Could you watch the traffic between the two using something like ethereal? This should tell you which protocol is being used. Matt -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Changing volume name of a FAT partition
Neil Bothwick wrote: Is there a way to set or change the volume name of a FAT partition without reformatting it? When using HAL with KDE or Gnome Volume Manager to display icons of USB devices, it uses the volume name, if present, as the icon text, so it would be useful to be able to change this to give a more meaningful label. That sounds like a job for dd (be careful though). I used conv=notrunc but that shouldn't be necessary for a normal block device. $ dd if=/dev/zero of=floppy.img bs=1k seek=1440 count=0 0+0 records in 0+0 records out $ /usr/sbin/mkdosfs -n 12345678901 floppy.img mkdosfs 2.11 (12 Mar 2005) $ strings -t d floppy.img 3 mkdosfs 42 B12345678901FAT12 91 This is not a bootable disk. Please insert a bootable floppy and 158 press any key to try again ... 9728 12345678901 $ echo -n abcdefghijk | dd of=floppy.img bs=1 seek=43 count=11 conv=notrunc 11+0 records in 11+0 records out $ strings -t d floppy.img 3 mkdosfs 42 BabcdefghijkFAT12 91 This is not a bootable disk. Please insert a bootable floppy and 158 press any key to try again ... 9728 12345678901 Zac -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] can't unload modules
--- Michael Crute [EMAIL PROTECTED] wrote: Try using 'modprobe -rnv module' and see what errors you get. dayglo root # modprobe-rnv fglrx rmmod /lib/modules/2.6.11-gentoo-r3/video/fglrx.ko rmmod /lib/modules/2.6.11-gentoo-r3/kernel/drivers/char/agp/agpgart.ko dayglo root # modprobe fglrx dayglo root # modprobe -rv fglrx rmmod /lib/modules/2.6.11-gentoo-r3/video/fglrx.ko FATAL: Error removing fglrx (/lib/modules/2.6.11-gentoo-r3/video/fglrx.ko): Kernel does not have module unloading support none the wiser :/ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] can't unload modules
maxim wexler wrote: --- Michael Crute [EMAIL PROTECTED] wrote: Try using 'modprobe -rnv module' and see what errors you get. dayglo root # modprobe-rnv fglrx rmmod /lib/modules/2.6.11-gentoo-r3/video/fglrx.ko rmmod /lib/modules/2.6.11-gentoo-r3/kernel/drivers/char/agp/agpgart.ko dayglo root # modprobe fglrx dayglo root # modprobe -rv fglrx rmmod /lib/modules/2.6.11-gentoo-r3/video/fglrx.ko FATAL: Error removing fglrx (/lib/modules/2.6.11-gentoo-r3/video/fglrx.ko): Kernel does not have module unloading support none the wiser :/ Module unloading support is optional. You want to enable it in your kernel config. Zac -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] can't unload modules
On 12:36 Tue 02 Aug , maxim wexler wrote: dayglo root # modprobe -rv fglrx rmmod /lib/modules/2.6.11-gentoo-r3/video/fglrx.ko FATAL: Error removing fglrx (/lib/modules/2.6.11-gentoo-r3/video/fglrx.ko): Kernel does not have module unloading support none the wiser :/ Sounds like you don't have CONFIG_MODULE_UNLOAD set (it's under loadable module support in menuconfig) Dave -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
On 8/2/05, Matthew Cline [EMAIL PROTECTED] wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: but how do I know it's being used? And how do I know that the rsize option is being used? Thanks, Mark Could you watch the traffic between the two using something like ethereal? This should tell you which protocol is being used. Matt I could give it a try. I've never used ethereal so I don't know how it works at all. Emerging it now to try it out. Thanks, Mark -- gentoo-user@gentoo.org mailing list
[gentoo-user] glxcompmgr
Hey, Does anybody have the line on glxcompmgr? I've heard of its existance, and that it was demoed at a convention, but I haven't seen any real proof of these rumors. Can anybody substantiate these rumors at all? -- Justin W. Hart -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
On 8/2/05, Matthew Cline [EMAIL PROTECTED] wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: but how do I know it's being used? And how do I know that the rsize option is being used? Thanks, Mark Could you watch the traffic between the two using something like ethereal? This should tell you which protocol is being used. Hi Matt, OK, ethereal was pretty easy to use, and it does indeed show that I'm using TCP for packat transfer. I see a proto=NFS packet followed by a number of TCP packets with sizes of 8K bytes so this seems to verify that both options I was looking for ar indeed working. Thanks! Unfortunately this means I'm no closer to the root cause of my real problem which is mythbackend shutting down without warning. It happened again just a few minutes ago. This all started happening after I brought this NFS mount on-line as storage for the mythbackend server. I suppose I'll have to go back to the reduced storage option (15 hours instead of 120 hours) and make sure that it's really this disk/PC/network connection. Thanks again for your help. Cheers, Mark -- gentoo-user@gentoo.org mailing list
[gentoo-user] alsa strangeness...
Hi, I have just given up on a strange thing with alsa. basically I can plug something into the proper port and hear sound coming out of the laptop speakers, be it a mic or a synth. strange enough, I cannot record these sounds with any of the software, SC3-Audacity(portaudio=v19 and oss and alsa)-ardour... I have found something strange in my kernel so I recompiled, then alsa and finally jack too. nothing seemed to work fine. when I open alsamixer I can adjust the levels and everything. What could this be? Any ideas? Karsten -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Can't emerge xmms plugins
Kurt Guenther wrote: Christian Floeter wrote: I have problems emerging standard xmms plugins, like xmms-mikmod, xmms-mpg123, xmms-vorbis, xmms-oss, xmms-esd, xmms-alsa and xmms-cdaudio. All of these produce the same error while emerging (the following was produced by xmms-mikmod): Have you tried: # revdep-rebuild to see if you have any libraries out of sync? --Kurt I tried it, but it didn't find anything suspicious. -- gentoo-user@gentoo.org mailing list
[gentoo-user] ReiserFS4
Does anyone know of or know where to get the limitations of ReiserFS4? I've looked at the reiserFS4 and it does not list things such as Num. of subdirs that a single dir can have, num. of files a single dir can have, etc. I am looking for something like this: (only for ReiserFS4 instead of ReiserFS) Got this from: http://everything2.com/index.pl?node_id=510028 1. You can store a maximum of 4,294,967,296 files in a reiserfs partition. 2. You can put no more than 2,147,483,648 files in a directory. 3. The maximum number of subdirectories inside a directory is 64.536. 4. The maximum file-size is 17.6 terabyte http://everything2.com/index.pl?node=terabytes on 32 bit architectures. 5. You can have as much as 4,294,967,296 link http://everything2.com/index.pl?node=links to a file. 6. And finally your file system overall maximum size will be 4,294,967,296 x 4K blocks, i.e., 17.6 terabytes. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] alsa strangeness...
when I open alsamixer I can adjust the levels and everything. What could this be? Any ideas? I guess everything is fine with your setup but your mixer isn't set properly. * Your card has a monitor. Incoming signals are routed back to the outputs immediately. This means that the incoming data never left your soundcard towords your CPU!!! * If you want to record (especially with JACK) you do not want this kind of hardware monitor. So switch it off in ALSAmixer * Now ensure that your recording environment catches the audio input (this means unmuting and levelling the inports) and process it the right way. If you're using JACK maybe you want to use meterbridge -n meterbridge -t dpm alsa_pcm:capture_1 alsa_pcm:capture_2 to monitor and level the incoming signal before recording it with qarecord or ardour Best regards ce -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
Mark, Here is my suggestion to get the best of both worlds (note my limited knowledge of mythtv). Setup a shell script to copy all your video files from the myth capture directory over to the nfs share and delete the files thus clearing your local space and also allowing you to capture 135 hours. You could even cron it so you don't have to think about it. Pardon me if this is a gross misunderstanding of mythtv but if its not it should work like a charm. -MikeOn 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: On 8/2/05, Matthew Cline [EMAIL PROTECTED] wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: but how do I know it's being used? And how do I know that the rsize option is being used? Thanks, Mark Could you watch the traffic between the two using something like ethereal? This should tell you which protocol is being used.Hi Matt, OK, ethereal was pretty easy to use, and it does indeed show thatI'm using TCP for packat transfer. I see a proto=NFS packet followed by a number of TCP packets with sizes of 8K bytes so this seems toverify that both options I was looking for ar indeed working.Thanks! Unfortunately this means I'm no closer to the root cause of my real problem which is mythbackend shutting down without warning. Ithappened again just a few minutes ago. This all started happeningafter I brought this NFS mount on-line as storage for the mythbackendserver. I suppose I'll have to go back to the reduced storage option (15 hours instead of 120 hours) and make sure that it's really thisdisk/PC/network connection. Thanks again for your help.Cheers,Mark--gentoo-user@gentoo.org mailing list-- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] can't unload modules
Maxim: Try this command `cat /usr/src/linux/.config | grep CONFIG_MODULE_UNLOAD`. On my machine (which has module unloading compiled into the kernel) I see CONFIG_MODULE_UNLOAD=y -MikeOn 8/2/05, David Morgan [EMAIL PROTECTED] wrote: On 12:36 Tue 02 Aug , maxim wexler wrote: dayglo root # modprobe -rv fglrx rmmod /lib/modules/2.6.11-gentoo-r3/video/fglrx.ko FATAL: Error removing fglrx (/lib/modules/2.6.11-gentoo-r3/video/fglrx.ko): Kernel does not have module unloading support none the wiser :/Sounds like you don't haveCONFIG_MODULE_UNLOAD set (it's underloadable module support in menuconfig)Dave-- gentoo-user@gentoo.org mailing list-- Michael E. CruteSoftware DeveloperSoftGroup Development Corporation In a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
The best way is to ask the portmapper (example below): [EMAIL PROTECTED] ~]$ rpcinfo -p program vers proto port 102 tcp111 portmapper 102 udp111 portmapper 1000241 udp921 status 1000241 tcp928 status 172 udp 1000 ypbind 171 udp 1000 ypbind 172 tcp 1003 ypbind 171 tcp 1003 ypbind 1000111 udp647 rquotad 1000112 udp647 rquotad 1000111 tcp669 rquotad 1000112 tcp669 rquotad 132 udp 2049 nfs 133 udp 2049 nfs 134 udp 2049 nfs 132 tcp 2049 nfs 133 tcp 2049 nfs 134 tcp 2049 nfs 1000211 udp 32768 nlockmgr 1000213 udp 32768 nlockmgr 1000214 udp 32768 nlockmgr 1000211 tcp 32768 nlockmgr 1000213 tcp 32768 nlockmgr 1000214 tcp 32768 nlockmgr 151 udp165 mountd 151 tcp165 mountd 152 udp165 mountd 152 tcp165 mountd 153 udp165 mountd 153 tcp165 mountd [EMAIL PROTECTED] ~]$ Look at the nfs service. It has udp and tcp. I also have protocol 2, 3, and 4 available to clients. On Tue, 2 Aug 2005, Mark Knecht wrote: Matthew, Michael and Richard, Thanks for the responses. They seem to outline the options pretty clearly. One question - once I get it converted and I think I'm running NFS using tcp, how do I determine that I actually am? Thanks, Mark On 8/2/05, Richard Fish [EMAIL PROTECTED] wrote: Matthew Cline wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: From the MythTV-Users list I've seen people talking about using NFS devices but recommending that they be set up with TCP instead of UDP. So far I haven't yet found any Gentoo docs on how to do this. IIRC, there is also a kernel config option that enables NFS over TCP, which you need to enable on the server (maybe also client?). You should also add 'tcp' to your mount options in fstab. See 'man mount'. -Richard -- gentoo-user@gentoo.org mailing list -- Bryan Whitehead Email:[EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
[gentoo-user] How to get jfs root partition to properly fsck on power failure?
Hello Everyone, I feel like the answer here should be obvious, but either my google skills have deteriorated badly, I'm missing the obvious, or I've just run into a strange problem (which I doubt). I have a Gentoo install with the following filesystem layout (from fstab):/dev/sda2 /boot ext3noatime 1 2/dev/sda6 / jfs noatime 1 1/dev/sda3 noneswapsw0 0/dev/sda5 /varjfs noatime 0 2/dev/sda7 /home jfs noatime 0 2 Things work fine under normal circumstances, however if the machine is powered off uncleanly (power button, power failure, etc) it refuses to boot. The problem seems to stem from the fact that the root partition does not get checked prior to mounting. I have the following grub stanza which boots the system. It includes the ro option which is supposed to tell the kernel to mount the root partition read-only at first to perform a fsck. title=Gentoo Linux 2.6.12-r6 root (hd0,1) kernel /kernel-genkernel-x86-2.6.12-gentoo-r6 root=/dev/ram0 init=/linuxrc ramdisk=8192 real_root=/dev/sda6 udev hda=ide-scsi hde=ide-scsi ro initrd /initramfs-genkernel-x86-2.6.12-gentoo-r6 When booting this it basicly starts udev, then tries to mount filesystems and says /dev/sda6 is not a valid partition and drops me into busybox. The way I'm able to recover this is to boot to the live CD, fsck.jfs /dev/sda6 and then reboot and the remaining filesystems fsck fine and the system boots. However, one thing I notice is that once / is unmounted unexpectedly, it cannot be mounted prior to an fsck (get errors from mount). This seems like a bit of a chicken egg situation. I can't believe this is a unique problem I've stumbled upon - does anyone have either an obvious answer to this question or some examples of a working gentoo install using jfs as the root partition (please, no responses of yeah, works fine for me if you can resist). I'll happily provide more info as desired - but thought I'd start here. Aaron
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
cat /proc/mounts | grep -E 'nfs.*tcp' On Tue, 2 Aug 2005, Mark Knecht wrote: Matthew, Michael and Richard, Thanks for the responses. They seem to outline the options pretty clearly. One question - once I get it converted and I think I'm running NFS using tcp, how do I determine that I actually am? Thanks, Mark On 8/2/05, Richard Fish [EMAIL PROTECTED] wrote: Matthew Cline wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: From the MythTV-Users list I've seen people talking about using NFS devices but recommending that they be set up with TCP instead of UDP. So far I haven't yet found any Gentoo docs on how to do this. IIRC, there is also a kernel config option that enables NFS over TCP, which you need to enable on the server (maybe also client?). You should also add 'tcp' to your mount options in fstab. See 'man mount'. -Richard -- gentoo-user@gentoo.org mailing list -- Bryan Whitehead Email:[EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
[gentoo-user] Its not fair! (PCMCIA issue)
HI guys, I have resorted to putting Ubuntu on my friend's laptop. If you remember, it was an evil Panasonic Toughbook, with a Ricoh PCMCIA card slot(?) from hell. If you want a brief explanation, read starting from the 1. If you want to skip to the problem, goto 2. :) 1. Well, I tried everything, with a friend of mine on the phone, a Gentoo user himself. We couldn't get the driver to detect the unknown 3.3 volt Linksys WPC11 v4 card in the PCMCIA slot. I had promised over and over to him that we could get the card working that day, since all I thought I had to do was a modprobe. But no such luck. I had promised him internet, and I would get him internet. I decided to resize his Gentoo partitions and install Windows (98SE). The resize failed, corrupting his Gentoo install. I decided, well, he doesn't have anything on there, so I wiped it with fdisk under the 2005.0 livecd and created an empty DOS partition table. It said something about this hard drive having more 'somethings' (maybe blocks, I cant remember) than the usual amount. We had 1222. It said that Windows may not like this. I ignored it, and tried booting with a Win98SE disc, which refused to install on his computer. Stumped, I dug up a Ubuntu install disc, and had him up in under an hour. I was so mad!! I would have put Gentoo back on, but the time it takes to install was more than we had taht day. 2. So Ubuntu is up. Also note that I have posted this problem on their list, and I have gotten one useless reply. Im asking you guys cause there are more of you and I think your smarter. Here is the issue: When I pop in a standard 3com 589cs card, the computer beeps, and beeps again when I take it out. That looked promising. I then put in his WAN card, a new Linksys Wireless B Adapter. (WPC11 version 4, which uses a Realtek chipset.) I heard nothing when putting it in, but heard a beep upon removing it. I checked the dmesg, and got a Nobody cared message (IRQ 9, I believe) and a: cs: unable to apply power. He's on Kernel 2.6.Ithink11, 2.6.* for sure. His bridge is a Ricoh RL5C475. There is a nice how-to for this bridge --if your on kernel 2.4. But it was written before 2.6 came out, I think.. The address is: http://raw-io.com/pci_802.11b.html If you dont want to visit the site, I copied the condensed howto here: - *Short version*: 1) compile and install 2.4.x (preferable an alan cox kernel) without PCMCIA support but with Wireless LAN support (just Wireless LAN support, none of the drivers under that option) 2) compile and install latest pcmcia-cs 3) compile and install latest wireless-tools edit your pcmcia options so that your socket driver is i82365 and your PCIC_OPTS=irq_mode=0 (use only PCI IRQs) reboot --- Now, I dont know what to do. Ubuntu is on the 2.6 kernel. Any ideas? Thanks guys, I really appreciate the help. Ian begin:vcard fn:Ian K n:K;Ian email;internet:[EMAIL PROTECTED] note;quoted-printable:Pentium 3=0D=0A= 500mHz=0D=0A= 256MB RAM=0D=0A= 80.0GB HDD=0D=0A= ATI Radeon 7000 Evil Wizard 64MB=0D=0A= Computer name: PentaQuad=0D=0A= x-mozilla-html:TRUE version:2.1 end:vcard
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
Mike, Thanks for the idea. I like the idea of being able to record locally for 15 hours safely and then just using the new NFS storage for playback only, but I think it won't work from a practical standpoint: 1) MythTV runs in conjunction with MySQL which is managing the data files. If I simply move the data files to some other location then MySQL won't know where they are for playback. 2) As far as I know MythTV expects all the data file to be in a single location for playback. I've never heard of anyone having multiple disks for playback, but if they could then your idea would possibly work. I like the idea though and will do some research to see if there's a practical solution. Possibly some sort of logical disk drive? That's a bit beyond my meager skill set. Thanks, Mark On 8/2/05, Michael Crute [EMAIL PROTECTED] wrote: Mark, Here is my suggestion to get the best of both worlds (note my limited knowledge of mythtv). Setup a shell script to copy all your video files from the myth capture directory over to the nfs share and delete the files thus clearing your local space and also allowing you to capture 135 hours. You could even cron it so you don't have to think about it. Pardon me if this is a gross misunderstanding of mythtv but if its not it should work like a charm. -Mike On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: On 8/2/05, Matthew Cline [EMAIL PROTECTED] wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: but how do I know it's being used? And how do I know that the rsize option is being used? Thanks, Mark Could you watch the traffic between the two using something like ethereal? This should tell you which protocol is being used. Hi Matt, OK, ethereal was pretty easy to use, and it does indeed show that I'm using TCP for packat transfer. I see a proto=NFS packet followed by a number of TCP packets with sizes of 8K bytes so this seems to verify that both options I was looking for ar indeed working. Thanks! Unfortunately this means I'm no closer to the root cause of my real problem which is mythbackend shutting down without warning. It happened again just a few minutes ago. This all started happening after I brought this NFS mount on-line as storage for the mythbackend server. I suppose I'll have to go back to the reduced storage option (15 hours instead of 120 hours) and make sure that it's really this disk/PC/network connection. Thanks again for your help. Cheers, Mark -- gentoo-user@gentoo.org mailing list -- Michael E. Crute Software Developer SoftGroup Development Corporation In a world without walls and fences, who needs windows and gates? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] can't unload modules
Module unloading support is optional. You want to enable it in your kernel config. See the start of this thread. It *is* enabled Zac -- gentoo-user@gentoo.org mailing list __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing list
[gentoo-user] Safe Cflags for Celeron M340 on a FSC Amilo Pro V2010?
Hello! In the coming days, I'll get a Fujitsu Siemens FSC Amilo Pro v2010 notebook in which a Intel Celeron M340 1,5 GHz, 400FSB CPU is built into. For this system, I'd like to setup a build host following the http://gentoo-wiki.com/HOWTO_Create_A_Build_Host. Quite obviously, it would be good to know the exact CPU type, so that I can choose the correct CFLAGS settings. For this, I'd like to be on the safe side and follow the instructions at http://gentoo-wiki.com/Safe_Cflags. But I'm not sure, which CPU the machine hosts. Maybe someone from here could post the output of cat /proc/cpuinfo or tell me, if the CPU is one of: - Celeron (Mendocino), aka Celeron1 (Intel) - Celeron (Coppermine) aka Celeron2 (Intel) - Celeron (Willamette) (Intel) Thanks a lot, Alexander Skwar -- They call them squares because it's the most complicated shape they can deal with. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
BTW, it could be you are using NFS v2 which is ONLY 32bit so you have the 4gb filesize limit. run nftstat -s (on the server) and nfsstat -c (on the client) to see what version of NFS you are using (note: what version of NFS you are using is not related to the transport - udp/tcp). I use bigger than 4GB files on Linux server/client all the time to move DVD iso's to machines with better burners... you are running the 2.6 kernel? On Tue, 2 Aug 2005, Bryan Whitehead wrote: What filesystem are you exporting over NFS? On Tue, 2 Aug 2005, Mark Knecht wrote: On 8/2/05, Matthew Cline [EMAIL PROTECTED] wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: but how do I know it's being used? And how do I know that the rsize option is being used? Thanks, Mark Could you watch the traffic between the two using something like ethereal? This should tell you which protocol is being used. Hi Matt, OK, ethereal was pretty easy to use, and it does indeed show that I'm using TCP for packat transfer. I see a proto=NFS packet followed by a number of TCP packets with sizes of 8K bytes so this seems to verify that both options I was looking for ar indeed working. Thanks! Unfortunately this means I'm no closer to the root cause of my real problem which is mythbackend shutting down without warning. It happened again just a few minutes ago. This all started happening after I brought this NFS mount on-line as storage for the mythbackend server. I suppose I'll have to go back to the reduced storage option (15 hours instead of 120 hours) and make sure that it's really this disk/PC/network connection. Thanks again for your help. Cheers, Mark -- Bryan Whitehead Email:[EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
Well if you are a perl or python kinda guy you could write a more sophisticated script to copy the files and update the database so that everything is transparent as far as myth is concerned. -MikeOn 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: Mike, Thanks for the idea. I like the idea of being able to recordlocally for 15 hours safely and then just using the new NFS storagefor playback only, but I think it won't work from a practicalstandpoint: 1) MythTV runs in conjunction with MySQL which is managing the datafiles. If I simply move the data files to some other location thenMySQL won't know where they are for playback.2) As far as I know MythTV expects all the data file to be in a single location for playback. I've never heard of anyone having multipledisks for playback, but if they could then your idea would possiblywork. I like the idea though and will do some research to see if there's a practical solution. Possibly some sort of logical disk drive? That'sa bit beyond my meager skill set.Thanks,MarkOn 8/2/05, Michael Crute [EMAIL PROTECTED] wrote: Mark,Here is my suggestion to get the best of both worlds (note my limited knowledge of mythtv). Setup a shell script to copy all your video files from the myth capture directory over to the nfs share and delete the files thus clearing your local space and also allowing you to capture 135 hours. You could even cron it so you don't have to think about it. Pardon me if this is a gross misunderstanding of mythtv but if its not it should work like a charm.-Mike On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: On 8/2/05, Matthew Cline [EMAIL PROTECTED] wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: but how do I know it's being used? And how do I know that the rsize option is being used? Thanks,Mark Could you watch the traffic between the two using something like ethereal? This should tell you which protocol is being used. Hi Matt, OK, ethereal was pretty easy to use, and it does indeed show that I'm using TCP for packat transfer. I see a proto=NFS packet followed by a number of TCP packets with sizes of 8K bytes so this seems to verify that both options I was looking for ar indeed working. Thanks! Unfortunately this means I'm no closer to the root cause of my real problem which is mythbackend shutting down without warning. It happened again just a few minutes ago. This all started happening after I brought this NFS mount on-line as storage for the mythbackend server. I suppose I'll have to go back to the reduced storage option (15 hours instead of 120 hours) and make sure that it's really this disk/PC/network connection. Thanks again for your help. Cheers, Mark -- gentoo-user@gentoo.org mailing list -- Michael E. Crute Software Developer SoftGroup Development Corporation In a world without walls and fences, who needs windows and gates? --gentoo-user@gentoo.org mailing list-- Michael E. CruteSoftware Developer SoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] can't unload modules
It would appear that it is not. Double check with my cat grep command and perhaps recompile your kernel. -MikeOn 8/2/05, maxim wexler [EMAIL PROTECTED] wrote: Module unloading support is optional.You want to enable it in your kernel config.See the start of this thread. It *is* enabled Zac -- gentoo-user@gentoo.org mailing list__Do You Yahoo!?Tired of spam?Yahoo! Mail has the best spam protection around http://mail.yahoo.com--gentoo-user@gentoo.org mailing list-- Michael E. Crute Software DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
I'm not any kind of programmer. Guitar player actually. I just need stuff to work or I'm helpless! Thanks, Mark On 8/2/05, Michael Crute [EMAIL PROTECTED] wrote: Well if you are a perl or python kinda guy you could write a more sophisticated script to copy the files and update the database so that everything is transparent as far as myth is concerned. -Mike On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: Mike, Thanks for the idea. I like the idea of being able to record locally for 15 hours safely and then just using the new NFS storage for playback only, but I think it won't work from a practical standpoint: 1) MythTV runs in conjunction with MySQL which is managing the data files. If I simply move the data files to some other location then MySQL won't know where they are for playback. 2) As far as I know MythTV expects all the data file to be in a single location for playback. I've never heard of anyone having multiple disks for playback, but if they could then your idea would possibly work. I like the idea though and will do some research to see if there's a practical solution. Possibly some sort of logical disk drive? That's a bit beyond my meager skill set. Thanks, Mark On 8/2/05, Michael Crute [EMAIL PROTECTED] wrote: Mark, Here is my suggestion to get the best of both worlds (note my limited knowledge of mythtv). Setup a shell script to copy all your video files from the myth capture directory over to the nfs share and delete the files thus clearing your local space and also allowing you to capture 135 hours. You could even cron it so you don't have to think about it. Pardon me if this is a gross misunderstanding of mythtv but if its not it should work like a charm. -Mike On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: On 8/2/05, Matthew Cline [EMAIL PROTECTED] wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: but how do I know it's being used? And how do I know that the rsize option is being used? Thanks, Mark Could you watch the traffic between the two using something like ethereal? This should tell you which protocol is being used. Hi Matt, OK, ethereal was pretty easy to use, and it does indeed show that I'm using TCP for packat transfer. I see a proto=NFS packet followed by a number of TCP packets with sizes of 8K bytes so this seems to verify that both options I was looking for ar indeed working. Thanks! Unfortunately this means I'm no closer to the root cause of my real problem which is mythbackend shutting down without warning. It happened again just a few minutes ago. This all started happening after I brought this NFS mount on-line as storage for the mythbackend server. I suppose I'll have to go back to the reduced storage option (15 hours instead of 120 hours) and make sure that it's really this disk/PC/network connection. Thanks again for your help. Cheers, Mark -- gentoo-user@gentoo.org mailing list -- Michael E. Crute Software Developer SoftGroup Development Corporation In a world without walls and fences, who needs windows and gates? -- gentoo-user@gentoo.org mailing list -- Michael E. Crute Software Developer SoftGroup Development Corporation In a world without walls and fences, who needs windows and gates? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
I think it is much more easy to get NFS working right... ;) Just my 2 cents. On Tue, 2 Aug 2005, Michael Crute wrote: Well if you are a perl or python kinda guy you could write a more sophisticated script to copy the files and update the database so that everything is transparent as far as myth is concerned. -Mike On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: Mike, Thanks for the idea. I like the idea of being able to record locally for 15 hours safely and then just using the new NFS storage for playback only, but I think it won't work from a practical standpoint: 1) MythTV runs in conjunction with MySQL which is managing the data files. If I simply move the data files to some other location then MySQL won't know where they are for playback. 2) As far as I know MythTV expects all the data file to be in a single location for playback. I've never heard of anyone having multiple disks for playback, but if they could then your idea would possibly work. I like the idea though and will do some research to see if there's a practical solution. Possibly some sort of logical disk drive? That's a bit beyond my meager skill set. Thanks, Mark On 8/2/05, Michael Crute [EMAIL PROTECTED] wrote: Mark, Here is my suggestion to get the best of both worlds (note my limited knowledge of mythtv). Setup a shell script to copy all your video files from the myth capture directory over to the nfs share and delete the files thus clearing your local space and also allowing you to capture 135 hours. You could even cron it so you don't have to think about it. Pardon me if this is a gross misunderstanding of mythtv but if its not it should work like a charm. -Mike On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: On 8/2/05, Matthew Cline [EMAIL PROTECTED] wrote: On 8/2/05, Mark Knecht [EMAIL PROTECTED] wrote: but how do I know it's being used? And how do I know that the rsize option is being used? Thanks, Mark Could you watch the traffic between the two using something like ethereal? This should tell you which protocol is being used. Hi Matt, OK, ethereal was pretty easy to use, and it does indeed show that I'm using TCP for packat transfer. I see a proto=NFS packet followed by a number of TCP packets with sizes of 8K bytes so this seems to verify that both options I was looking for ar indeed working. Thanks! Unfortunately this means I'm no closer to the root cause of my real problem which is mythbackend shutting down without warning. It happened again just a few minutes ago. This all started happening after I brought this NFS mount on-line as storage for the mythbackend server. I suppose I'll have to go back to the reduced storage option (15 hours instead of 120 hours) and make sure that it's really this disk/PC/network connection. Thanks again for your help. Cheers, Mark -- gentoo-user@gentoo.org mailing list -- Michael E. Crute Software Developer SoftGroup Development Corporation In a world without walls and fences, who needs windows and gates? -- gentoo-user@gentoo.org mailing list -- Bryan Whitehead Email:[EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Its not fair! (PCMCIA issue)
Being lazy I would start with the dead simple route. Boot the ubuntu livecd check out what driver it loads and if the card works, if all is peachy under ubuntu reboot gentoo and modprobe the driver that ubuntu loaded. If all that fails then you need to dig deeper into your kernel config. I could make some guesses on what options you need there but since I dont have a computer with PCMCIA I really cant say for sure. -MikeOn 8/2/05, Ian K [EMAIL PROTECTED] wrote: HI guys,I have resorted to putting Ubuntu on my friend's laptop.If you remember, it was an evil Panasonic Toughbook, witha Ricoh PCMCIA card slot(?) from hell. If you want a briefexplanation, read starting from the 1. If you want to skip to the problem, goto 2. :)1. Well, I tried everything, with a friend of mine on the phone,a Gentoo user himself. We couldn't get the driver to detectthe unknown 3.3 volt Linksys WPC11 v4 card in the PCMCIA slot. I had promised over and over to him that we could get the cardworking that day, since all I thought I had to do was a modprobe.But no such luck. I had promised him internet, and I would gethim internet. I decided to resize his Gentoo partitions and install Windows (98SE). The resize failed, corrupting his Gentoo install.I decided, well, he doesn't have anything on there, so I wiped itwith fdisk under the 2005.0 livecd and created an empty DOSpartition table. It said something about this hard drive having more 'somethings' (maybe blocks, I cant remember) than the usualamount. We had 1222. It said that Windows may not like this.I ignored it, and tried booting with a Win98SE disc, which refusedto install on his computer. Stumped, I dug up a Ubuntu install disc, and had him up in under an hour. I was so mad!! I would haveput Gentoo back on, but the time it takes to install was more thanwe had taht day.2. So Ubuntu is up. Also note that I have posted this problem on their list, and I have gotten one useless reply. Im asking you guys causethere are more of you and I think your smarter. Here is the issue:When I pop in a standard 3com 589cs card, the computer beeps, andbeeps again when I take it out. That looked promising. I then put in his WAN card, a new Linksys Wireless B Adapter. (WPC11 version 4,which uses a Realtek chipset.) I heard nothing when putting it in,but heard a beep upon removing it. I checked the dmesg, and gota Nobody cared message (IRQ 9, I believe) and a: cs: unable to apply power.He's on Kernel 2.6.Ithink11, 2.6.* for sure. His bridge is a RicohRL5C475. There is a nice how-to for this bridge --if your on kernel 2.4.But it was written before 2.6 came out, I think.. The address is: http://raw-io.com/pci_802.11b.htmlIf you dont want to visit the site, I copied the condensed howto here:- *Short version*:1) compile and install 2.4.x (preferable an alan cox kernel) withoutPCMCIA support but with Wireless LAN support (just Wireless LAN support,none of the drivers under that option) 2) compile and install latest pcmcia-cs3) compile and install latest wireless-toolsedit your pcmcia options so that your socket driver is i82365 and yourPCIC_OPTS=irq_mode=0 (use only PCI IRQs) reboot---Now, I dont know what to do. Ubuntu is on the 2.6 kernel.Any ideas?Thanks guys, I really appreciate the help. Ian-- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] can't unload modules
Sounds like a forgotten make mrproper or make clean before a full build? I'm sure the kernel isn't making this stuff up. :D On Tue, 2 Aug 2005, maxim wexler wrote: Module unloading support is optional. You want to enable it in your kernel config. See the start of this thread. It *is* enabled Zac -- gentoo-user@gentoo.org mailing list __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- Bryan Whitehead Email:[EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Its not fair! (PCMCIA issue)
or maybe a knoppix disk which is pretty good at detecting hardware. On Tue, 2 Aug 2005 19:22:37 -0400 Michael Crute wrote: Being lazy I would start with the dead simple route. Boot the ubuntu livecd check out what driver it loads and if the card works, if all is peachy under ubuntu reboot gentoo and modprobe the driver that ubuntu loaded. If all that fails then you need to dig deeper into your kernel config. I could make some guesses on what options you need there but since I dont have a computer with PCMCIA I really cant say for sure. -Mike On 8/2/05, Ian K [EMAIL PROTECTED] wrote: HI guys, I have resorted to putting Ubuntu on my friend's laptop. If you remember, it was an evil Panasonic Toughbook, with a Ricoh PCMCIA card slot(?) from hell. If you want a brief explanation, read starting from the 1. If you want to skip to the problem, goto 2. :) 1. Well, I tried everything, with a friend of mine on the phone, a Gentoo user himself. We couldn't get the driver to detect the unknown 3.3 volt Linksys WPC11 v4 card in the PCMCIA slot. I had promised over and over to him that we could get the card working that day, since all I thought I had to do was a modprobe. But no such luck. I had promised him internet, and I would get him internet. I decided to resize his Gentoo partitions and install Windows (98SE). The resize failed, corrupting his Gentoo install. I decided, well, he doesn't have anything on there, so I wiped it with fdisk under the 2005.0 livecd and created an empty DOS partition table. It said something about this hard drive having more 'somethings' (maybe blocks, I cant remember) than the usual amount. We had 1222. It said that Windows may not like this. I ignored it, and tried booting with a Win98SE disc, which refused to install on his computer. Stumped, I dug up a Ubuntu install disc, and had him up in under an hour. I was so mad!! I would have put Gentoo back on, but the time it takes to install was more than we had taht day. 2. So Ubuntu is up. Also note that I have posted this problem on their list, and I have gotten one useless reply. Im asking you guys cause there are more of you and I think your smarter. Here is the issue: When I pop in a standard 3com 589cs card, the computer beeps, and beeps again when I take it out. That looked promising. I then put in his WAN card, a new Linksys Wireless B Adapter. (WPC11 version 4, which uses a Realtek chipset.) I heard nothing when putting it in, but heard a beep upon removing it. I checked the dmesg, and got a Nobody cared message (IRQ 9, I believe) and a: cs: unable to apply power. He's on Kernel 2.6.Ithink11, 2.6.* for sure. His bridge is a Ricoh RL5C475. There is a nice how-to for this bridge --if your on kernel 2.4. But it was written before 2.6 came out, I think.. The address is: http://raw-io.com/pci_802.11b.html If you dont want to visit the site, I copied the condensed howto here: - *Short version*: 1) compile and install 2.4.x (preferable an alan cox kernel) without PCMCIA support but with Wireless LAN support (just Wireless LAN support, none of the drivers under that option) 2) compile and install latest pcmcia-cs 3) compile and install latest wireless-tools edit your pcmcia options so that your socket driver is i82365 and your PCIC_OPTS=irq_mode=0 (use only PCI IRQs) reboot --- Now, I dont know what to do. Ubuntu is on the 2.6 kernel. Any ideas? Thanks guys, I really appreciate the help. Ian -- Michael E. Crute Software Developer SoftGroup Development Corporation In a world without walls and fences, who needs windows and gates? -- Nick Rout -- gentoo-user@gentoo.org mailing list
[gentoo-user] Testing how secure a server is...
Hi there, I was wondering what tools should I use to detect security flaws to my server and a few tips on how to use them. What are the most common forms of attack and how do I avoid being attacked by one of them? The services avaliable are only Apache - SSL and SSH. I've installed an firewall, iptables and firestarter to control it, and blocked all ports except 443 and 8080, where the SSH is listening. Apache has PHP installed as a module. Thanks for the attention, Raphael. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Changing volume name of a FAT partition
On Tue, 2 Aug 2005 22:15:57 +0100, Peter Ruskin wrote: man mlabel $ qpkg -f `which mlabel` sys-fs/mtools * Aha! I looked in dosfstools but didn't think of mtool. Thanks. -- Neil Bothwick Genius is 99% inspiration and 2% arithmetic pgp7TOTwkv7fs.pgp Description: PGP signature
Re: [gentoo-user] Testing how secure a server is...
Hi, 2 tools nmap and nessus for network/port scanning and others. For hardering you could use bastille. Of course all found in portage. PeterOn 8/3/05, Raphael Melo de Oliveira Bastos Sales [EMAIL PROTECTED] wrote: Hi there, I was wondering what tools should I use to detect security flaws tomy server and a few tips on how to use them. What are the most commonforms of attack and how do I avoid being attacked by one of them? The services avaliable are only Apache - SSL and SSH. I'veinstalled an firewall, iptables and firestarter to control it, andblocked all ports except 443 and 8080, where the SSH is listening.Apache has PHP installed as a module. Thanks for the attention,Raphael.--gentoo-user@gentoo.org mailing list-- I have plenty of common sense, I just choose to ignore it. --- Calvin
Re: [gentoo-user] Testing how secure a server is...
On Aug 2, 2005, at 7:50 PM, Raphael Melo de Oliveira Bastos Sales wrote: Hi there, I was wondering what tools should I use to detect security flaws to my server and a few tips on how to use them. What are the most common forms of attack and how do I avoid being attacked by one of them? The services avaliable are only Apache - SSL and SSH. I've installed an firewall, iptables and firestarter to control it, and blocked all ports except 443 and 8080, where the SSH is listening. Apache has PHP installed as a module. Want to know how secure your server is? Try and hack it! A good port scanner like nmap should be a basic check of your firewall. I would also set nmap (if it can do this) to perform a SYN flood as it scans, to see if your server can withstand that basic DoS attack. (Adding --syn to your TCP rules in iptables can prevent SYN flooding when used with SYN cookies.) When you break in, find out why it worked and how it can be patched. Some things I would advise (I'm currently working on a server at the moment as well): - If the server is really important (or if you're paranoid), use the hardened-sources with PIE/SSP to prevent badly-written programs from arbitrarily executing code. - Enable SYN flood protection. There's a kernel option somewhere about IPv4 SYN cookies, enable that, and couple it with --syn attached to your TCP rules in iptables. It's a very popular denial- of-service attack. - Whenever you need to login or authenticate yourself, make the system delay five seconds after a bad password is entered. This will make a brute-force attack much much slower (0.2 passwords/sec as opposed to millions passwords/sec without a delay, depending on your server's speed). - Make sure iptables is set to deny all traffic that isn't explicitly allowed. - Turn off any services you don't need. - Read through your logs every now and then. I highly advise having the server burn them to a CD/floppy every now and then for an instant backup. Get a log reader/parser, too. Naturally, hide the server in the attic or basement. Chain it to something, or if it has a security slot, use a security cable. Put a lock on the case door. Unplug your floppy/CD drives if you're not using them. As of this writing, there is no kernel option to keep your computer or its innards from walking away. :-) -- Colin -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Testing how secure a server is...
Thanks Peter. I'm just finishing visiting the home page of almost every package on the net-analyzer category. If I didn't have such a short dead line, I'd test them all. ;) 2005/8/3, Peter De Zutter [EMAIL PROTECTED]: Hi, 2 tools nmap and nessus for network/port scanning and others. For hardering you could use bastille. Of course all found in portage. Peter On 8/3/05, Raphael Melo de Oliveira Bastos Sales [EMAIL PROTECTED] wrote: Hi there, I was wondering what tools should I use to detect security flaws to my server and a few tips on how to use them. What are the most common forms of attack and how do I avoid being attacked by one of them? The services avaliable are only Apache - SSL and SSH. I've installed an firewall, iptables and firestarter to control it, and blocked all ports except 443 and 8080, where the SSH is listening. Apache has PHP installed as a module. Thanks for the attention, Raphael. -- gentoo-user@gentoo.org mailing list -- I have plenty of common sense, I just choose to ignore it. --- Calvin -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] NFS configuration (tcp/ip MythTV)
On 8/2/05, Bryan Whitehead [EMAIL PROTECTED] wrote: BTW, it could be you are using NFS v2 which is ONLY 32bit so you have the 4gb filesize limit. OK, I've built the kernels on both machines and have support for both V3 and V3 clients and servers built in. Ethereal tells me now that I'm using V3. We'll see if that stays on line longer than the V2 protocol did. thanks! - Mark -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] DELTUP servers
Hello, Andrew. Вы писали 30 июля 2005 г., 21:41:14: Andrew Gaydenko It seems like Andrew Gaydenko DELTUP_SERVER=http://linux01.gwdg.de/~nlissne/deltup.php; Andrew Gaydenko is under reconstruction (standard Andrew Gaydenko apache page is shown). Are there Andrew Gaydenko other DELTUP servers? No. Author does not wish to share server-side code sources yet motivating that as security precautions. -- Alexey -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Testing how secure a server is...
Hey Colin, I was looking at the /etc/ssh/sshd_config file and found these: LoginGraceTime 600 MaxAuthTries 6 Is the first one what you meant? The second seems like an attempt to avoid brute force login. Also, does Grub need any kind of password protection? I don't know if it was Grub or Lilo that allowed root access unless password protected. Am I mistaken? As you can see, I still have a lot to learn. ;) 2005/8/3, Colin [EMAIL PROTECTED]: On Aug 2, 2005, at 7:50 PM, Raphael Melo de Oliveira Bastos Sales wrote: Hi there, I was wondering what tools should I use to detect security flaws to my server and a few tips on how to use them. What are the most common forms of attack and how do I avoid being attacked by one of them? The services avaliable are only Apache - SSL and SSH. I've installed an firewall, iptables and firestarter to control it, and blocked all ports except 443 and 8080, where the SSH is listening. Apache has PHP installed as a module. Want to know how secure your server is? Try and hack it! A good port scanner like nmap should be a basic check of your firewall. I would also set nmap (if it can do this) to perform a SYN flood as it scans, to see if your server can withstand that basic DoS attack. (Adding --syn to your TCP rules in iptables can prevent SYN flooding when used with SYN cookies.) When you break in, find out why it worked and how it can be patched. Some things I would advise (I'm currently working on a server at the moment as well): - If the server is really important (or if you're paranoid), use the hardened-sources with PIE/SSP to prevent badly-written programs from arbitrarily executing code. - Enable SYN flood protection. There's a kernel option somewhere about IPv4 SYN cookies, enable that, and couple it with --syn attached to your TCP rules in iptables. It's a very popular denial- of-service attack. - Whenever you need to login or authenticate yourself, make the system delay five seconds after a bad password is entered. This will make a brute-force attack much much slower (0.2 passwords/sec as opposed to millions passwords/sec without a delay, depending on your server's speed). - Make sure iptables is set to deny all traffic that isn't explicitly allowed. - Turn off any services you don't need. - Read through your logs every now and then. I highly advise having the server burn them to a CD/floppy every now and then for an instant backup. Get a log reader/parser, too. Naturally, hide the server in the attic or basement. Chain it to something, or if it has a security slot, use a security cable. Put a lock on the case door. Unplug your floppy/CD drives if you're not using them. As of this writing, there is no kernel option to keep your computer or its innards from walking away. :-) -- Colin -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] open office icons messed up
If everybody added there names to the bug so that it gets noticed that many people are affected by this, it might get fixed faster. There's a few already, but the more the merrier ... BillK On Tue, 2005-08-02 at 09:39 -0500, Kevin Hanson wrote: Catalin Trifu wrote: Hi, The icons on the toolbars of oofice look like crap; mostly black and I can't make anything out of them. I reinstalled oofice and still same problem. Would it help to install from binary package rather than from sources ? Thanks, Catalin There was a small thread on this issue (which I have as well) on 7/16. It is quoted below: Bugzilla Bug #96053 There's lots affected so hopefully it will be fixed soon. In the meantime roll back to previous xorg and mask the current one out. BillK -- gentoo-user@gentoo.org mailing list
[gentoo-user] Need more help with remote access of local X server
Last month I started a thread on this list about setting up an arrangement so that my wife's computer running Red Hat 9 would be able to access my X server. I was referred to the Gentoo LTSP guide. I followed the guide and set it up. It worked great for about a week and then it just kinda stopped. Now whenever the command X :1.0 -query bay (baby is my computer running Gentoo) is issued all we get on my wife's computer is a blank screen with an X cursor (pointer) in the middle of it. The cursor can be moved around, but the screen remains blank otherwise. Since she is using RH9 (which reached its end-of-life years ago) and she never installs new software on it (a.k.a it never changes) and my Gentoo system is updated every night, I thought the problem must be with my computer. I went back through the LTSP guide and checked everything - it all looked right. I've checked the X windows log files on both machines, but didn't find anything. Could something else be causing this that's not mentioned in the guide? Any other advice on how to remedy this problem? -Michael Sullivan- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Testing how secure a server is...
On Aug 2, 2005, at 9:18 PM, Raphael Melo de Oliveira Bastos Sales wrote: Hey Colin, I was looking at the /etc/ssh/sshd_config file and found these: LoginGraceTime 600 MaxAuthTries 6 Is the first one what you meant? The second seems like an attempt to avoid brute force login. Neither is what I was thinking of, but they're quite similar. LoginGraceTime means if nobody logged in within 10 minutes of the connection being opened, then it will be closed. I don't know exactly what MaxAuthTries does, but I imagine after the sixth invalid login, the connection would be closed. I found this site, check it out. It's for Red Hat (Gentoo is better!), but it's the same SSHd: http://www.faqs.org/docs/securing/chap15sec122.html Also, does Grub need any kind of password protection? I don't know if it was Grub or Lilo that allowed root access unless password protected. Am I mistaken? GRUB does have some password protection, but it is optional and only needed IIRC if you want to boot something other than the default entry. As you can see, I still have a lot to learn. ;) Me too. I'm waiting for some more hardware to arrive before I connect this server to the networks (it's primarily a NAT gateway with iptables, but also *for the LAN, not the Internet* runs Apache, ProFTPd, SSHd and rsyncd for Portage). -- Colin -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: Need more help with remote access of local X server [SOLVED, (for now)
On Tue, 2005-08-02 at 20:42 -0500, Michael Sullivan wrote: Last month I started a thread on this list about setting up an arrangement so that my wife's computer running Red Hat 9 would be able to access my X server. I was referred to the Gentoo LTSP guide. I followed the guide and set it up. It worked great for about a week and then it just kinda stopped. Now whenever the command X :1.0 -query bay (baby is my computer running Gentoo) is issued all we get on my wife's computer is a blank screen with an X cursor (pointer) in the middle of it. The cursor can be moved around, but the screen remains blank otherwise. Since she is using RH9 (which reached its end-of-life years ago) and she never installs new software on it (a.k.a it never changes) and my Gentoo system is updated every night, I thought the problem must be with my computer. I went back through the LTSP guide and checked everything - it all looked right. I've checked the X windows log files on both machines, but didn't find anything. Could something else be causing this that's not mentioned in the guide? Any other advice on how to remedy this problem? -Michael Sullivan- Nevermind. I missed something when I was going through the guide. Enable in the [xdmcp] section of /etc/X11/gdm/gdm.conf was set to false. Probably by etc-update. I guess I'd forgotten that I changed that file... -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] can't unload modules
--- Michael Crute [EMAIL PROTECTED] wrote: It would appear that it is not. Double check with my cat grep command and perhaps recompile your kernel. bash-2.05b$ cat /usr/src/linux/.config | grep CONFIG_MODULE_UNLOAD CONFIG_MODULE_UNLOAD=y bash-2.05b$ I knew it was there having just added it to the .config yesterday after reading the ATI FAQ. Saved it, then ran make modules_install. Did I forget something? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] can't unload modules
--- Bryan Whitehead [EMAIL PROTECTED] wrote: Sounds like a forgotten make mrproper or make clean before a full build? Aren't they for 2.4.x kernels? I'm using a 2.6.11. __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Testing how secure a server is...
On Tue, Aug 02, 2005 at 09:43:17PM -0400, Colin wrote: Neither is what I was thinking of, but they're quite similar. LoginGraceTime means if nobody logged in within 10 minutes of the connection being opened, then it will be closed. I don't know exactly what MaxAuthTries does, but I imagine after the sixth invalid login, the connection would be closed. Yes, and if the failure reaches half the number, all further failures will be logged. In the case of MaxAuthTries 6 It means that the first three failures will go unnoticed, the fourth through sixth logged, and the connection closes after that. There is, unfortunately, not an option in sshd_config to allow for the behaviour you specified, where after a password failure, the next prompt comes up delayed by five seconds. Perhaps if should be put as a feature request (=. Your best bet against brute forcing sshd is 1) Not allowing password login at all or 2) Use some sort of IDS coupled with a firewall rule to block the particular host after multiple login failures. But even that won't stop a distributed brute force. But then again, if you are guarding a system that really demands that much security against a determined cracker, you really should consider NOT putting the system on the internet. or 3) Maybe port-knocking? Note that just by running ssh on a non-standard port, you probably are avoiding most of the 5||21p7 kiddie attacks... again, only someone who really wants in on your system will take the effort to locate where sshd is listening. I found this site, check it out. It's for Red Hat (Gentoo is better!), but it's the same SSHd: http://www.faqs.org/docs/securing/chap15sec122.html -- It's easy to come up with new ideas; the hard part is letting go of what worked for you two years ago, but will soon be out of date. -- Roger Von Oech Sortir en Pantoufles: up 2 days, 9:25 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] can't unload modules
Sounds like a forgotten make mrproper or make clean before a full build? Aren't they for 2.4.x kernels? I'm using a 2.6.11. You need to rebuild the kernel proper - it's responsible for loading and unloading modules. Rebuilding just the modules won't help you. And no, those make commands aren't just for 2.4 kernels - they work with 2.6 kernels as well. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Testing how secure a server is...
Which IDS system do you recommend? I also need to worry about HTTP auth brute force. Know any way to stop it from happening? I've read about HoneyPots, which I can only assume is a decoy for an attacker. Anyone knows how to set one up? I have a feeling that there isn't much I can do if a pro actually tries to break the system. All I can do is avoid the dummies from doing it as well. 2005/8/3, Willie Wong [EMAIL PROTECTED]: On Tue, Aug 02, 2005 at 09:43:17PM -0400, Colin wrote: Neither is what I was thinking of, but they're quite similar. LoginGraceTime means if nobody logged in within 10 minutes of the connection being opened, then it will be closed. I don't know exactly what MaxAuthTries does, but I imagine after the sixth invalid login, the connection would be closed. Yes, and if the failure reaches half the number, all further failures will be logged. In the case of MaxAuthTries 6 It means that the first three failures will go unnoticed, the fourth through sixth logged, and the connection closes after that. There is, unfortunately, not an option in sshd_config to allow for the behaviour you specified, where after a password failure, the next prompt comes up delayed by five seconds. Perhaps if should be put as a feature request (=. Your best bet against brute forcing sshd is 1) Not allowing password login at all or 2) Use some sort of IDS coupled with a firewall rule to block the particular host after multiple login failures. But even that won't stop a distributed brute force. But then again, if you are guarding a system that really demands that much security against a determined cracker, you really should consider NOT putting the system on the internet. or 3) Maybe port-knocking? Note that just by running ssh on a non-standard port, you probably are avoiding most of the 5||21p7 kiddie attacks... again, only someone who really wants in on your system will take the effort to locate where sshd is listening. I found this site, check it out. It's for Red Hat (Gentoo is better!), but it's the same SSHd: http://www.faqs.org/docs/securing/chap15sec122.html -- It's easy to come up with new ideas; the hard part is letting go of what worked for you two years ago, but will soon be out of date. -- Roger Von Oech Sortir en Pantoufles: up 2 days, 9:25 -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] can't unload modules
Run a make clean on the kernel source tree and then a make make modules_install and see what happens. Perhaps that will solve it. -MikeOn 8/2/05, James Hiscock [EMAIL PROTECTED] wrote: Sounds like a forgotten make mrproper or make clean before a full build? Aren't they for 2.4.x kernels? I'm using a 2.6.11.You need to rebuild the kernel proper - it's responsible for loading and unloading modules. Rebuilding just the modules won't help you.And no, those make commands aren't just for 2.4 kernels - they workwith 2.6 kernels as well.-- gentoo-user@gentoo.org mailing list-- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationIn a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] can't unload modules
On Tue, 2 Aug 2005 18:56:14 -0700 (PDT) maxim wexler wrote: --- Michael Crute [EMAIL PROTECTED] wrote: It would appear that it is not. Double check with my cat grep command and perhaps recompile your kernel. bash-2.05b$ cat /usr/src/linux/.config | grep CONFIG_MODULE_UNLOAD CONFIG_MODULE_UNLOAD=y bash-2.05b$ I knew it was there having just added it to the .config yesterday after reading the ATI FAQ. Saved it, then ran make modules_install. Did I forget something? yes you forgot to make the kernel and forgot to install the kernel and reboot. the functionality for unloading modules does not itself reside in a module! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing list -- Nick Rout -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] can't unload modules
On Wed, 03 Aug 2005 15:18:11 +1200 Nick Rout wrote: On Tue, 2 Aug 2005 18:56:14 -0700 (PDT) maxim wexler wrote: --- Michael Crute [EMAIL PROTECTED] wrote: It would appear that it is not. Double check with my cat grep command and perhaps recompile your kernel. bash-2.05b$ cat /usr/src/linux/.config | grep CONFIG_MODULE_UNLOAD CONFIG_MODULE_UNLOAD=y bash-2.05b$ I knew it was there having just added it to the .config yesterday after reading the ATI FAQ. Saved it, then ran make modules_install. Did I forget something? yes you forgot to make the kernel and forgot to install the kernel and reboot. the functionality for unloading modules does not itself reside in a module! ps to see the .config for the running kernel you can: zless /proc/config.gz (although that too has to be compiled into the kernel - I recommend you do it as standard, although it adds a little bit of size to the kernel. It is very convenient if you accidentally blitz your .config file, which you will do if you use make mrproper without backing up) __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- gentoo-user@gentoo.org mailing list -- Nick Rout -- gentoo-user@gentoo.org mailing list -- Nick Rout -- gentoo-user@gentoo.org mailing list
[gentoo-user] [OT] Site-specific proxy
Hi all, I am wondering if it is possible to make it such that when accessing certain webpages, the connections goes through a proxy, and when accessing others, the connections goes out directly to the internet. In particular, since I am a graduate student living off campus, if I need to use certain web services (for example, the Oxford English Dictionary Online, American Mathematics Society's MathSciNet, access to various scientific Journals), I have to go through the university's proxy server, as I don't have a personal license to use those services. The university proxy requires a login. I don't want to pass all connections through the proxy if I can help it, since it slows the connections down noticeably. So I am wondering if there's a way to implement it such that connection requests to certain websites will be sent through the university proxy server while the remainder of the connections are unaffected. Can this be done with some sort of squid-magic? Is there a way of doing it transparently? Thanks, Willie -- It takes an uncommon mind to think of these things. --- Calvin Sortir en Pantoufles: up 2 days, 11:58 -- gentoo-user@gentoo.org mailing list
[gentoo-user] Dell PowerEdge 800 CERC SATA RAID Controller
Hi Everyone, Is there anyone out there who has installed Gentoo Linux on a Dell PowerEdge 800 system with a CERC hardware RAID controller? If so what drivers are required? Devraj --- Devraj Mukherjee ([EMAIL PROTECTED]) Eternity Technologies Pty. Ltd. ACN 107 600 975 P O Box 5949 Wagga Wagga NSW 2650 Australia Voice: +61-2-69717131 / Fax: +61-2-69251039 http://www.eternitytechnologies.com/ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Testing how secure a server is...
On Wed, Aug 03, 2005 at 02:25:29AM +, Raphael Melo de Oliveira Bastos Sales wrote: Which IDS system do you recommend? I also need to worry about HTTP auth brute force. Know any way to stop it from happening? I've read about HoneyPots, which I can only assume is a decoy for an attacker. Anyone knows how to set one up? I have a feeling that there isn't much I can do if a pro actually tries to break the system. All I can do is avoid the dummies from doing it as well. Beats me there? Guys? Thoughts? I don't run an enterprise server. I am just a student q=. All I care about is not having my own server rooted by script kiddies to serve warez. With that said, since I found most IDS too powerful for my needs and difficult to configure (too steep a learning curve for my limited needs), I just code my own IDS in perl q=. I just have scripts that parse the server logs and look for trigger conditions, at which time it blocks off the offending site or the entire service for a set amount of time necessary. Pretty standard way to deal with things I believe. But then, since you are really into security, perhaps you need better systems. Finally, if you are just working with the SSH portion of the brute forcing problem, /. had an article about it a few weeks back. There were MANY IDS systems posted in the comments that specifically works with openssh. HTH, W 2005/8/3, Willie Wong [EMAIL PROTECTED]: On Tue, Aug 02, 2005 at 09:43:17PM -0400, Colin wrote: Neither is what I was thinking of, but they're quite similar. LoginGraceTime means if nobody logged in within 10 minutes of the connection being opened, then it will be closed. I don't know exactly what MaxAuthTries does, but I imagine after the sixth invalid login, the connection would be closed. Yes, and if the failure reaches half the number, all further failures will be logged. In the case of MaxAuthTries 6 It means that the first three failures will go unnoticed, the fourth through sixth logged, and the connection closes after that. There is, unfortunately, not an option in sshd_config to allow for the behaviour you specified, where after a password failure, the next prompt comes up delayed by five seconds. Perhaps if should be put as a feature request (=. Your best bet against brute forcing sshd is 1) Not allowing password login at all or 2) Use some sort of IDS coupled with a firewall rule to block the particular host after multiple login failures. But even that won't stop a distributed brute force. But then again, if you are guarding a system that really demands that much security against a determined cracker, you really should consider NOT putting the system on the internet. or 3) Maybe port-knocking? Note that just by running ssh on a non-standard port, you probably are avoiding most of the 5||21p7 kiddie attacks... again, only someone who really wants in on your system will take the effort to locate where sshd is listening. I found this site, check it out. It's for Red Hat (Gentoo is better!), but it's the same SSHd: http://www.faqs.org/docs/securing/chap15sec122.html -- It's easy to come up with new ideas; the hard part is letting go of what worked for you two years ago, but will soon be out of date. -- Roger Von Oech Sortir en Pantoufles: up 2 days, 9:25 -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- A nice box of chocolates can provide your total daily intake of calories in one place. Now, isn't that handy? Sortir en Pantoufles: up 2 days, 12:06 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Testing how secure a server is...
Hi, Raphael Melo de Oliveira Bastos Sales wrote: Which IDS system do you recommend? I also need to worry about HTTP auth brute force. Know any way to stop it from happening? I've read about HoneyPots, which I can only assume is a decoy for an attacker. Anyone knows how to set one up? I have a feeling that there isn't much I can do if a pro actually tries to break the system. All I can do is avoid the dummies from doing it as well. ..SNIP... For a long time using 'prelude+snort' easy to set up and use, all are in portage and there is a guide to setup. Or just snort alone. Simpler easier. HTH. Rumen smime.p7s Description: S/MIME Cryptographic Signature
Re: [gentoo-user] Testing how secure a server is...
Colin wrote: Want to know how secure your server is? Try and hack it! A good port scanner like nmap should be a basic check of your firewall. I would also set nmap (if it can do this) to perform a SYN flood as it scans, to see if your server can withstand that basic DoS attack. (Adding --syn to your TCP rules in iptables can prevent SYN flooding when used with SYN cookies.) When you break in, find out why it worked and how it can be patched. I'd like to put forth a few words of caution. Depending on the complexity of your environment aggressive security scans can be fairly detrimental to your services stability. Make sure you inform the other admins if any that a scan will be taking place and do it in off hours. While most Internet facing applications today are pretty good about handling a scan internal custom built applications or newly released appliances are not. I once had massive load balancer failures across three geographic sites because of an unauthorized port scan by out new security director. Yes they shouldn't have locked up when send a weird packet, but we'd have avoided quite a bit of downtime if we had known what to look for. kashani -- gentoo-user@gentoo.org mailing list