[gentoo-user] Re: can't load driver of vmware network on livecd 2008-0-r1
perhaps the pcnet32 modules has a known bug around, I fixed the problem by configuring VMware to simulate a e1000 ethernet card. hope this would help to those noobs. tks fei On Mon, Sep 8, 2008 at 6:42 PM, fei huang [EMAIL PROTECTED] wrote: hi: since I used to install Gentoo through a Universal CD on x86, there's no need to prepare a network connection before my own kernel is ready, as to livecd2008, network has to be configured to download a stage3 tarball, I started my livecd in vmware server, lspci shows my card is : Ethernet controller: Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] (rev 10) somehow, loading the module results in error as follow: SQUASHFS error: zlib_inflate returned unexpected result 0xfffb, srclength 131072, avail_in 722, avail_out 0 SQUASHFS error: sb_bread failed reading block 0xb2d0 SQUASHFS error: Unable to read fragment cache block [2ca5fcb] SQUASHFS error: Unable to read page, block 2ca5fcb, size e307 WARNING: Cound not read '/lib/modules/2.6.24-gentoo-r5/kernel/drivers/net/mii.ko': Input/output error SQUASHFS error: zlib_inflate returned unexpected result 0xfffd, srclength 131072, avail_in 0, avail_out 4481 SQUASHFS error: sb_bread failed reading block 0xb24a SQUASHFS error: Unable to read page, block 2c89c32, size 8c67 Module len 131072 truncated FATEL: Error inserting pcnet32 (/lib/modules/2.6.24-gentoo-r5/kernel/drivers/net/pcnet32.ko): Invalid module format seems the module is invalid, but how this could happen? why the card is not configured automatically by the livecd? uname -a returns: Linux livecd 2.6.24-gentoo-r5 #1 SMP Thu Jun 26 18:36:15 UTC 2008 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux any clue for the error? thanks fei
Re: [gentoo-user] Exim, Outlook 2007, and Thunderbird
On Mon, 08 Sep 2008 17:51:47 -0500, Michael Sullivan wrote: dovecot doesn't seem to have a log. How do I turn on logging for dovecot? It's explained in the config comments, but turned off by default # Log file to use for error messages, instead of sending them to syslog. # /dev/stderr can be used to log into stderr. log_path = /var/log/dovecot -- Neil Bothwick Assassins do it from behind. signature.asc Description: PGP signature
[gentoo-user] {OT} GPG: pub sec keys required to decrypt?
I've been encrypting and decrypting email on the same remote server. I was under the impression that this was a security risk because it meant having the public and private keys on the same machine. I tried importing the public key to my local system and decrypting via enigmail but I got Error - secret key needed to decrypt message. I imported the private key locally and now it decrypts fine, but I have both keys on the same system again. My understanding of GPG is weak. Can someone point out my misconception(s)? - Grant
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
On Tue, Sep 9, 2008 at 18:09, Grant [EMAIL PROTECTED] wrote: I've been encrypting and decrypting email on the same remote server. I was under the impression that this was a security risk because it meant having the public and private keys on the same machine. I tried importing the public key to my local system and decrypting via enigmail but I got Error - secret key needed to decrypt message. I imported the private key locally and now it decrypts fine, but I have both keys on the same system again. My understanding of GPG is weak. Can someone point out my misconception(s)? Hi, you need the recipient's public key to encrypt the message. This message will be decrypted with the recipient's private key. So if you encrypt something for yourself, you'll need your public key to encrypt and your public key to decrypt. Regards, Boris. - Grant -- $ ruby -e'puts .:@BFegiklnorst.unpack(x4ax7aaX6ax5aX15ax4aax6aaX7ax2 \ aX5aX8axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4 \ ax3aX4aXaX12ax10aaX7a).join'
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
So if you encrypt something for yourself, you'll need your public key to encrypt and your public key to decrypt. Little correction, you need the PRIVATE key to decrypt. Everybody has the public key but since you don't want everybody to be able to decrypt, it's done with the private key. But you want everybody to encrypt things to you, so the public key is used for encryption. Regards, Sascha signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
I've been encrypting and decrypting email on the same remote server. I was under the impression that this was a security risk because it meant having the public and private keys on the same machine. I tried importing the public key to my local system and decrypting via enigmail but I got Error - secret key needed to decrypt message. I imported the private key locally and now it decrypts fine, but I have both keys on the same system again. My understanding of GPG is weak. Can someone point out my misconception(s)? Hi, you need the recipient's public key to encrypt the message. This message will be decrypted with the recipient's private key. So if you encrypt something for yourself, you'll need your public key to encrypt and your public key to decrypt. Regards, Boris. It looks like I've imported a pub/sec keypair now. Should I remove the public key for security? Maybe I misunderstood from the beginning and having both keys on the same system isn't a security issue? - Grant
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
On Tue, Sep 9, 2008 at 18:40, Sascha Hlusiak [EMAIL PROTECTED] wrote: So if you encrypt something for yourself, you'll need your public key to encrypt and your public key to decrypt. Little correction, you need the PRIVATE key to decrypt. Everybody has the public key but since you don't want everybody to be able to decrypt, it's done with the private key. But you want everybody to encrypt things to you, so the public key is used for encryption. Oh sorry, yes I meant private... Regards, Sascha -- $ ruby -e'puts .:@BFegiklnorst.unpack(x4ax7aaX6ax5aX15ax4aax6aaX7ax2 \ aX5aX8axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4 \ ax3aX4aXaX12ax10aaX7a).join'
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
It looks like I've imported a pub/sec keypair now. Should I remove the public key for security? Maybe I misunderstood from the beginning and having both keys on the same system isn't a security issue? - Grant It is still a security issue, but only as much as any other data on your machine. Physical access to the box, or being remotely hacked will always be a security risk. And yes, if someone does break in and copy your pub/sec keypair, they will have full ability to masquerade as you in signed and encrypted emails. You have to weigh it up for yourself really. Many, many keep pub/sec keypairs for their email on more than one machine. Of course it would be a lot of work for someone to compromise your system for your gpg keys, so your email would have to be of value to them. Just my $0.02 Matt
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
On Tue, Sep 9, 2008 at 18:50, Matt Harrison [EMAIL PROTECTED] wrote: It looks like I've imported a pub/sec keypair now. Should I remove the public key for security? Maybe I misunderstood from the beginning and having both keys on the same system isn't a security issue? - Grant It is still a security issue, but only as much as any other data on your machine. Physical access to the box, or being remotely hacked will always be a security risk. And yes, if someone does break in and copy your pub/sec keypair, they will have full ability to masquerade as you in signed and encrypted emails. You have to weigh it up for yourself really. Many, many keep pub/sec keypairs for their email on more than one machine. Of course it would be a lot of work for someone to compromise your system for your gpg keys, so your email would have to be of value to them. It's always possible to generate a revocations certificate and store it in a safe place (CD, usb key etc.) http://www.gnupg.org/gph/en/manual/c14.html regards, Boris. Just my $0.02 Matt -- $ ruby -e'puts .:@BFegiklnorst.unpack(x4ax7aaX6ax5aX15ax4aax6aaX7ax2 \ aX5aX8axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4 \ ax3aX4aXaX12ax10aaX7a).join'
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
It looks like I've imported a pub/sec keypair now. Should I remove the public key for security? Maybe I misunderstood from the beginning and having both keys on the same system isn't a security issue? - Grant It is still a security issue, but only as much as any other data on your machine. Physical access to the box, or being remotely hacked will always be a security risk. And yes, if someone does break in and copy your pub/sec keypair, they will have full ability to masquerade as you in signed and encrypted emails. You have to weigh it up for yourself really. Many, many keep pub/sec keypairs for their email on more than one machine. Of course it would be a lot of work for someone to compromise your system for your gpg keys, so your email would have to be of value to them. Can I configure this so that I don't have the two keys on the same system? I'd like encrypt with my remote system and decrypt with my local system. Is that possible? It seems like importing my private key also imports the public key. - Grant
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
Grant wrote: My understanding of GPG is weak. Can someone point out my misconception(s)? Speaking from a purely practical standpoint, keeping your private and public keys completely separate is extremely inconvenient with (IMO) a negligible security benefit. However, there is arguably a much bigger security issue with keeping your private key on a remote server, particularly one you have no control over. Pulling your keypair locally and doing any decryption operations locally is a much easier, and more practical, improvement. If you keep the two halves of your keypair physically separate, then an attacker would need to get two distinct pieces of information in order to break any encryption using your keys. For extremely high security purposes, this may be a worthy benefit. For something like email, your public key should be considered common knowledge anyway. If an attacker can gain control of your private key, the extra burden of getting your public key is insignificant. Put another way: a file containing both your public and private key contains essentially the same amount of secure information as a file containing only your private key. So long as your private key is kept secure, with or without your public key, your risks should be minimal. --K
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
Grant wrote: Can I configure this so that I don't have the two keys on the same system? I'd like encrypt with my remote system and decrypt with my local system. Is that possible? It seems like importing my private key also imports the public key. I'm a bit confused as to what you're trying to do. If you are encrypting mail to other people, you should be using *their* public key, not your own. The only case where you need your public key is to encrypt mail to *yourself*; otherwise you don't need either of your keys on the remote system. As far as keeping your public key away from your secret key, I believe it is possible to export just one or the other via gpg then import just that key. But a quick glance through the GnuPG FAQ points out this nugget of information: All OpenPGP secret keys have a copy of the public key inside them, and in a worst-case scenario, you can create yourself a new public key using the secret key. A tool to convert a secret key into a public one has been included (it's actually a new option for gpgsplit) and is available with GnuPG versions 1.2.1 or later (or can be found in CVS). So there's really no point in keeping the two separate. --Mike
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
Am Dienstag, 9. September 2008 18:50:54 schrieb Matt Harrison: And yes, if someone does break in and copy your pub/sec keypair, they will have full ability to masquerade as you in signed and encrypted emails. And that's of course only true if the secret key is protected with a weak or no passphrase. Bye... Dirk
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
Create 2 couple of key. one for remote, other for local. Il giorno mar, 09/09/2008 alle 10.24 -0700, Grant ha scritto: It looks like I've imported a pub/sec keypair now. Should I remove the public key for security? Maybe I misunderstood from the beginning and having both keys on the same system isn't a security issue? - Grant It is still a security issue, but only as much as any other data on your machine. Physical access to the box, or being remotely hacked will always be a security risk. And yes, if someone does break in and copy your pub/sec keypair, they will have full ability to masquerade as you in signed and encrypted emails. You have to weigh it up for yourself really. Many, many keep pub/sec keypairs for their email on more than one machine. Of course it would be a lot of work for someone to compromise your system for your gpg keys, so your email would have to be of value to them. Can I configure this so that I don't have the two keys on the same system? I'd like encrypt with my remote system and decrypt with my local system. Is that possible? It seems like importing my private key also imports the public key. - Grant signature.asc Description: Questa è una parte del messaggio firmata digitalmente
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
Am Dienstag, 9. September 2008 19:24:27 schrieb Grant: Can I configure this so that I don't have the two keys on the same system? Well, on the machine where you created the key pair, you would have to export one of them and then delete it from the local keyring. But why should you? I'd like encrypt with my remote system and decrypt with my local system. Then you need the public key on the remote system. Is that possible? Yes. It seems like importing my private key also imports the public key. Only if you also exported both (to the same file). However, nothing keeps you from removing one of them again after import. HTH... Dirk
Re: [gentoo-user] {OT} GPG: pub sec keys required to decrypt?
On Tuesday 09 September 2008, Dirk Heinrichs wrote: Am Dienstag, 9. September 2008 18:50:54 schrieb Matt Harrison: And yes, if someone does break in and copy your pub/sec keypair, they will have full ability to masquerade as you in signed and encrypted emails. And that's of course only true if the secret key is protected with a weak or no passphrase. That's right. There's three elements of information necessary to encrypt/decrypt a message: 1. Public key - everyone has this as long as you publish it via public keyservers, or as long as you send it to them directly, that's why it is called public. They'll use this to encrypt messages they send to you, which you can only decrypt with your private key. 2. Private key - no one should have this other than your goodself. In the sense that your machine has not been compromised (yet) your private key is secure. On the other hand if your machine had been compromised you would probably have bigger problems to deal with. If you are really paranoid you can keep this key saved on separate media (e.g. a USB stick) and mount that before you encrypt/decrypt mail or data. As a matter of fact it is good practice to store a copy of your private key on separate media in case you want to use your public key and for whatever reason you have lost access to your primary machine (theft, fs corruption, etc). 3. Your passphrase which allows you to decrypt and use your private key. As Dirk said using a key pair without a really strong passphrase or no passphrase at all(!) is rather foolish from a security perspective. So, for someone to be able to readily compromise your encryption they will need to get their hands on your private and public keys, as well as your passphrase. When you have your key pair stored on a server that you have no absolute control over (i.e. you and only you have access to the root passwd and no one with a LiveCD can access it) then your private key's security relies mainly on your unbreakable for practical purposes strong passphrase. HTH. -- Regards, Mick
[gentoo-user] Weekly portion of Linux humor (w/Gentoo) :-)
Just to release some tensions, check it out: http://www.linuxscrew.com/2008/09/09/weekly-portion-of-linux-humor-6-pics/ -- #Joseph
Re: [gentoo-user] Re: ctrl+alt+fx doesn't work [SOLVED]
On Sat, Sep 06, 2008 at 12:43:04AM +0200, pat wrote: Problem is this line in the keyboard section: Option XkbLayout us,cz Simply, enabling another language disable switching to console (I've check it for another languages too). Ugh =8-() If someone is able to explain why that happen and how to solve it for two languages I'll be glad :-) But right now I'm setting up the dualhead display, so I need to switch to console ... after that I'll turn on the language :-D Thanks to Dale and others for help Pat I remember that some (older) versions of evdev drivers had problems with VT switching (and layouts in general ;) but it seems to work for me for some time now... btw, if you are really desperate you can always map ctrl-alt-fX to commands like sudo chvt 1 :) yoyo -- _ | YoYo () Siska http://www.ksp.sk/
[gentoo-user] Printing fails in Open Office only after upgrade to OO 2.4
I've got some documents that we use around the house, like a grocery shopping list, which we've used for a long time. Since upgrading a couple of days ago, one upgrade was OO 2.4, printing fails in Open Office Writer. Printing in other applications seems to work fine. I do see some messages in the cups error.log file: E [09/Sep/2008:13:51:01 -0700] Unsupported character set iso-8859-1! E [09/Sep/2008:13:51:04 -0700] Unsupported character set iso-8859-1! E [09/Sep/2008:13:51:11 -0700] Unsupported character set iso-8859-1! E [09/Sep/2008:13:51:30 -0700] Unsupported character set iso-8859-1! E [09/Sep/2008:13:52:43 -0700] Unsupported character set iso-8859-1! If this is the problem how do I get this supported again? Thanks, Mark
[gentoo-user] Re: Printing fails in Open Office only after upgrade to OO 2.4
On Tue, Sep 9, 2008 at 2:09 PM, Mark Knecht [EMAIL PROTECTED] wrote: I've got some documents that we use around the house, like a grocery shopping list, which we've used for a long time. Since upgrading a couple of days ago, one upgrade was OO 2.4, printing fails in Open Office Writer. Printing in other applications seems to work fine. I do see some messages in the cups error.log file: E [09/Sep/2008:13:51:01 -0700] Unsupported character set iso-8859-1! E [09/Sep/2008:13:51:04 -0700] Unsupported character set iso-8859-1! E [09/Sep/2008:13:51:11 -0700] Unsupported character set iso-8859-1! E [09/Sep/2008:13:51:30 -0700] Unsupported character set iso-8859-1! E [09/Sep/2008:13:52:43 -0700] Unsupported character set iso-8859-1! If this is the problem how do I get this supported again? Thanks, Mark OK, I seem to have solved this problem using the method outlined in this thread - basically comment out the 8859-1 line, rerun locale-gen and restart cupsd. However I haven't a clue as to why it worked, why the problem appeared now of all times, and I don't think these folks did either. Anyway, it's printing so IU submit this simply to help eliminate firther traffic. Cheers, Mark
[gentoo-user] bash: no job control in this shell
When i login from console i have this error : -bash: no job control in this shell I don't know since i have this because i do not usually console login. this is my .bashrc # /etc/skel/.bashrc: # $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/skel/.bashrc,v 1.8 2003/02/28 15:45:35 azarah Exp $ # This file is sourced by all *interactive* bash shells on startup. This # file *should generate no output* or it will break the scp and rcp commands. # colors for ls, etc. eval `dircolors -b /etc/DIR_COLORS` alias ls=ls --color=auto alias ll=ls --color -l alias rm=rm -iv alias mv=mv -iv alias cp=cp -iv alias grep=grep --color export HISTCONTROL=ignorespace export HISTIGNORE=ignoredups::ls:[bf]g:exit # Change the window title of X terminals case $TERM in xterm*|rxvt|Eterm|eterm) PROMPT_COMMAND='echo -ne \033]0;[EMAIL PROTECTED]: ${PWD/$HOME/~}\007' ;; screen) PROMPT_COMMAND='echo -ne [EMAIL PROTECTED]: ${PWD/$HOME/~}\033\\' ;; esac [ -f /etc/profile.d/bash-completion ] source /etc/profile.d/bash-completion export MAILHOST=gmail.com export MAILUSER=micheleschi signature.asc Description: Questa è una parte del messaggio firmata digitalmente