Re: [gentoo-user] java java everywhere
Or maybe the build system is stable enough for general use. If someone can share some experience with the source build, I'd like to hear about it. The build system of the source build, of course. Well, it works, and my impression is that it's a bit faster than icedtea-6 (the build system, I mean). Unless you've got time to spare, though, I wouldn't recommend building from source on anything else than a recent machine. Then there's the usual catch that you need to have a jdk installed in order to build icedtea -- so the first time you cannot use the source ebuild. andrea
Re: [gentoo-user] [OT] Binary install distro
On Thu, Nov 10, 2011 at 4:29 PM, Pandu Poluan pa...@poluan.info wrote: On Nov 11, 2011 5:17 AM, Paul Hartman paul.hartman+gen...@gmail.com wrote: On Thu, Nov 10, 2011 at 12:25 PM, Dale rdalek1...@gmail.com wrote: Hi, This is maybe a bit off topic but here goes. I want to install Linux on my brothers rig. The heat sink on the CPU is not much, OEM type. I don't want to install Gentoo because of that and it is a older rig with a slow CPU and not a lot of ram either. So, what is a easy to install distro that has KDE4, Seamonkey, gtkam, GIMP and such? I want something easy because I want to install and leave it be until he can get a new rig built. Then I'll be installing Gentoo for a more permanent install. Since you're already familiar with Gentoo, I would take a look at Sabayon. It's basically a binary Gentoo distro (and a gentoo overlay). +1 on familiarity. When you are ready to go to gentoo just update make.conf with your tweaks for the system (CFLAGS, USE, etc.) and run emerge --sync; emerge -ae world and you will have gentoo installed and configured. We all know about your (Dale's) daily, um, 'adventures' with Gentoo. So, going Sabayon should be a relative walk in the park for you. We don't really want to tax other Linux distro's mailing list, do we? ;-) It comes preconfigured just like ubuntu or others so you don't need to do anything, just install it and you'll have a working graphical desktop and lots of software. Super easy and all of the configuration is done Gentoo-style. They have GTK, KDE and XFCE versions to choose from. I've only played with it briefly in a VM and tried the LiveDVD on my laptop, but I believe you can even still use emerge and use portage like you would in Gentoo. Indeed: http://wiki.sabayon.org/index.php?title=FAQ#Should_I_use_Sabayon_as_a_source-based_or_binary_based_distribution.3F Rgds, -- No trees were harmed in the sending of this message. However, a large number of electrons were terribly inconvenienced.
Re: [gentoo-user] java java everywhere
On Thu, Nov 10, 2011 at 11:01:56PM +0200, Alan McKinnon wrote: (i) What is icedtea-web? If you had actually clicked on the homepage link in the emerge -s output you posted, you would have seen in the very first bullet point right at the start of the page that icedtea-web is mostly Java Web Start The problem is: that doesn't help me at all. What the heck is Web Start? The corporate-lese at http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136112.html doesn't really tell me why or whether I need it. (iv) Do I really need to have so many different java things on my computer? Do you need to have so many different browsers on your computer? How about editors? Or for that matter why do you have so many coding languages available? How about openoffice? It's not so many, that's a ridiculous assertion. First you have a choice between iced-tea built from source or a bin package. Firefox and OOo do the same. Then there's icedtea-web which is a whole different package altogether, implementing Java Web Start (which is not the java language, the sdk or a jvm). So, if you want Java as implemented by iced-tea, pick between source and -bin. If you want JWS, then emerge that too. Did you even attempt to google this and find answers yourself? Did you read my question? The problem is not that so many JDKs are available. The problem is why does portage want to install them all? (Scroll up to the top of my message and see the emerge --update output which wants to SLOT all three of icedtea, icedtea-bin, icedtea-web.) So cut the snark, Alan. To spell out the question for you more clearly: Why does portage want to install ALL three kinds of icedteas, when all I really need is a JRE? Is there some subtle differences between the three such that I must have all three available? Is the 6-7 major version update one which they significantly changed the API so things start breaking left and right? rant I have two GCCs on my computer because some legacy code won't build with GCC4. I have both perl and python for the obvious reasons. I've long exorcised Emacs because I never use it and prefer Vim. So I do know a thing or two about this choice business in FOSS. What I don't know (as I admitted so much in the first sentence of my original post) is Java. I don't code in it. I don't (to the best of my knowledge) have any packages installed via portage that has code written in Java. All I need is a JRE to look at some applets on the internet and run a couple pre-compiled Java applications on my desktop. It may be that I somehow acquired a need for a JDK and I forgot, I don't know, but why is it that portage wants to installed two JDKS and on top of that some web-based JRE at the same time? /rant W -- Willie W. Wong ww...@math.princeton.edu Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire et vice versa ~~~ I. Newton
[gentoo-user] vimmanpager for MANPAGER not working?
Anyone successful in using vimmanpager as MANPAGER? I keep getting ANSI control char gobbledegook in man man if I use the provided vimmanpager script (USE=vimpager emerge app-editors/vim) However, I tried Rafael Kitover's vimpager replacement from here: https://github.com/rkitover/vimpager ... copy the new vimpager to /usr/local/bin ... and set PAGER=/usr/local/bin/vimpager ... and it works! man man now properly colored, and I even tried diff -u file1 file2 | vimpager, also works nicely. Any comments on why the provided vimpager/vimmanpager of app-editors/vim can no longer properly colorize man man? Rgds, -- FdS Pandu E Poluan ~ IT Optimizer ~ • LOPSA Member #15248 • Blog : http://pepoluan.tumblr.com • Linked-In : http://id.linkedin.com/in/pepoluan
Re: [gentoo-user] java java everywhere
On Fri, Nov 11, 2011 at 12:00:51AM +0100, Florian Philipp wrote: Well, while Willie picks himself up after being slammed like this (Had bad day, Alan?), I might add that the only reason why portage wants to emerge icedtea and icedtea-bin is that apparently virtual/jre:1.7 has been keyworded. On a stable system, this should not happen. At least for me, it still reads KEYWORDS=~amd64 ~x86 And the only thing that satisfies virtual/j{dk,re}:1.7 right now is the oracle-jdk binaries and icedtea-7... The list of RDEPENDS for jdk and jre 1.7 is surprisingly short compared to that of the 1.6 version. I guess I'll just ignore that update for now and wait for the -bin version [1] [1] https://bugs.gentoo.org/show_bug.cgi?id=388917 Thanks, Florian, for hinting me to the right direction, W -- Willie W. Wong ww...@math.princeton.edu Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire et vice versa ~~~ I. Newton
[gentoo-user] Re: vimmanpager for MANPAGER not working?
On Fri, Nov 11, 2011 at 17:26, Pandu Poluan pa...@poluan.info wrote: Anyone successful in using vimmanpager as MANPAGER? I keep getting ANSI control char gobbledegook in man man if I use the provided vimmanpager script (USE=vimpager emerge app-editors/vim) However, I tried Rafael Kitover's vimpager replacement from here: https://github.com/rkitover/vimpager ... copy the new vimpager to /usr/local/bin ... and set PAGER=/usr/local/bin/vimpager ... and it works! man man now properly colored, and I even tried diff -u file1 file2 | vimpager, also works nicely. Any comments on why the provided vimpager/vimmanpager of app-editors/vim can no longer properly colorize man man? Rgds, -- FdS Pandu E Poluan ~ IT Optimizer ~ • LOPSA Member #15248 • Blog : http://pepoluan.tumblr.com • Linked-In : http://id.linkedin.com/in/pepoluan Oookay. So. Finally managed to make vimmanpager work by doing: echo MANPAGER=/usr/bin/vimmanpager /etc/env.d/99manpager To make sure, I deleted rkitover's vimpager from /usr/local/bin, and do man man Now, before I lose my mind, can someone tell me what's the difference between /etc/env.d and /etc/profile.d ?? Rgds, -- FdS Pandu E Poluan ~ IT Optimizer ~ • LOPSA Member #15248 • Blog : http://pepoluan.tumblr.com • Linked-In : http://id.linkedin.com/in/pepoluan
Re: [gentoo-user] java java everywhere
On Fri, Nov 11, 2011 at 11:16 AM, Willie Wong ww...@math.princeton.edu wrote: On Thu, Nov 10, 2011 at 11:01:56PM +0200, Alan McKinnon wrote: (i) What is icedtea-web? If you had actually clicked on the homepage link in the emerge -s output you posted, you would have seen in the very first bullet point right at the start of the page that icedtea-web is mostly Java Web Start The problem is: that doesn't help me at all. What the heck is Web Start? The corporate-lese at http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136112.html doesn't really tell me why or whether I need it. ...snip... Did you read my question? The problem is not that so many JDKs are available. The problem is why does portage want to install them all? (Scroll up to the top of my message and see the emerge --update output which wants to SLOT all three of icedtea, icedtea-bin, icedtea-web.) So cut the snark, Alan. To spell out the question for you more clearly: I can't say he had the friendliest reply but he had a point, if you read the eix output it says that icedtea-web apparently is a browser plugin Why does portage want to install ALL three kinds of icedteas, when all I really need is a JRE? Is there some subtle differences between the three such that I must have all three available? Is the 6-7 major version update one which they significantly changed the API so things start breaking left and right? using emerge with the '-t' option can be very helpful in these case //Fredric
[gentoo-user] Re: [OT] Binary install distro
Dale wrote: Hi, This is maybe a bit off topic but here goes. I want to install Linux on my brothers rig. The heat sink on the CPU is not much, OEM type. I don't want to install Gentoo because of that and it is a older rig with a slow CPU and not a lot of ram either. So, what is a easy to install distro that has KDE4, Seamonkey, gtkam, GIMP and such? I want something easy because I want to install and leave it be until he can get a new rig built. Then I'll be installing Gentoo for a more permanent install. I looked at Kubuntu, Ubuntu and tried to install Mandriva. Mandriva got to a point and just froze up on me. I tried three times and it did the same thing each time so no clue what is going on there. Ideas? You can try Mepis and Pardus : http://distrowatch.com/table.php?distribution=mepis http://distrowatch.com/table.php?distribution=pardus Download pages http://www.mepis.org/get-mepis http://www.pardus.org.tr/en/pardus/indir/
Re: [gentoo-user] Something weird and I'm confused. BIOS and SATA is empty
On Tue, November 8, 2011 10:33 am, Dale wrote: J. Roeleveld wrote: On Mon, November 7, 2011 1:32 pm, Dale wrote: All this from a raccoon knocking out power. Pesky critter. Raccoons are doing some behaviour studies in your area, didn't you get the memo? :) -- Joost The only report that raccoon will give is a bright flash of light. Shorting out 250,000 volts sort of puts a period on the end of the briefest report there has ever been. Those lines are the TVA lines that come from a few hundred miles away. There is no telling how much power comes through those lines either. Heck, even one amp is a lot. That raccoon better get a new plan. The current one is shockingly the wrong way to do it. lol Plus I hate when the lights go out. Winter is about here and we have electric heat. :/ Nah, no new plan needed. The raccoon that physically caused the problem was a convicted criminal. (For refusing to cause havoc) and was sentenced to death by electrocution. The specific location was picked by the actual scientist running the experiments. -- Joost
Re: [gentoo-user] Something weird and I'm confused. BIOS and SATA is empty
J. Roeleveld wrote: On Tue, November 8, 2011 10:33 am, Dale wrote: The only report that raccoon will give is a bright flash of light. Shorting out 250,000 volts sort of puts a period on the end of the briefest report there has ever been. Those lines are the TVA lines that come from a few hundred miles away. There is no telling how much power comes through those lines either. Heck, even one amp is a lot. That raccoon better get a new plan. The current one is shockingly the wrong way to do it. lol Plus I hate when the lights go out. Winter is about here and we have electric heat. :/ Nah, no new plan needed. The raccoon that physically caused the problem was a convicted criminal. (For refusing to cause havoc) and was sentenced to death by electrocution. The specific location was picked by the actual scientist running the experiments. -- Joost Now that you mention it, maybe they will run out of test subjects. o_O Dale :-) :-)
Re: [gentoo-user] [OT] Binary install distro
Lorenzo Bandieri wrote: So, what is a easy to install distro that has KDE4, Seamonkey, gtkam, GIMP and such? I want something easy Well, surely Kubuntu would be a nice choice, but can I suggest OpenSuse? I installed it something like two years ago (I was curious) and I liked it. It has a well-done KDE implementation. Lorenzo Thanks for all the replies. Just picking a random message here. Since I had already started the download of Kubuntu, I installed it. It went pretty well considering I have never even seen it before. I found, by pure blind luck, the installer program and found Seamonkey after some searching. My brother seems to like everything just fine so now I got to work with my sis-n-law. As long as facebook's games work, she will be happy. Now to teach him how to update the thing. Dale :-) :-)
Re: [gentoo-user] Can I read a MacOSX FileVault disk from Linux?
get your disk out and mount it on a kernel which config support mac fs may be work . 在 2011-11-11 凌晨3:25, fe...@crowfix.com写道: I have a 5 year old Mac OS X laptop which died last night -- no lights, nothing, as if the battery and AC line were disconnected. There's nothing on it which is a disaster to lose, but there are some things I'd like to get off. Is it possible to plug the drive into a SATA (?) connector on a Linux system and mount it with some encryption loopback setup to get into my FileVault-protcted home dir? I do have access to a completely different Mac, and I could probably swap drives, boot, get the data I want, shut down, and restore drives, but I have no idea how well that would work. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman rocket surgeon / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o
Re: [gentoo-user] [OT] Binary install distro
On Fri, Nov 11, 2011 at 6:54 AM, Dale rdalek1...@gmail.com wrote: SNIP Now to teach him how to update the thing. Dale :-) :-) I'll be interested in hearing how that goes. I had one weekend running Ubuntu and ended up running away as fast as I could. It wasn't that it was bad or didn't work, but that the management of it seemed so different from any distro I'd run before that I didn't want to deal with learning it. Let's see how that does for you. Again, remembering I didn't really give it much of a chance - I was running on a Power PC Mac Mini - two things that drove me mad were: 1) The basic install didn't tell me what the root password was. 2) All the management was done using sudo. I couldn't get past the idea that if something went wrong that with no root password what was I supposed to do? Now, I was absolutely sure at the time there had to be a way to set that myself, maybe as simple as sudo passwd - root or something like that, but I decided it just wasn't for me and tossed the machine in the garage rather than deal with it! :-) Cheers, Mark
Re: [gentoo-user] [OT] Binary install distro
Mark Knecht wrote: On Fri, Nov 11, 2011 at 6:54 AM, Dalerdalek1...@gmail.com wrote: SNIP Now to teach him how to update the thing. Dale :-) :-) I'll be interested in hearing how that goes. I had one weekend running Ubuntu and ended up running away as fast as I could. It wasn't that it was bad or didn't work, but that the management of it seemed so different from any distro I'd run before that I didn't want to deal with learning it. Let's see how that does for you. Again, remembering I didn't really give it much of a chance - I was running on a Power PC Mac Mini - two things that drove me mad were: 1) The basic install didn't tell me what the root password was. 2) All the management was done using sudo. I couldn't get past the idea that if something went wrong that with no root password what was I supposed to do? Now, I was absolutely sure at the time there had to be a way to set that myself, maybe as simple as sudo passwd - root or something like that, but I decided it just wasn't for me and tossed the machine in the garage rather than deal with it! :-) Cheers, Mark I have noticed the same points you found. I set up the user cutie during the install. I logged in as cutie then did sudo su -. That got me to root user. Yeppie ! Then I did passwd and typed in a root password. After that, I could login as root. I don't like not having the root password set. I don't use sudo on my rig so it sort of annoys me. ;-) I guess we have that in common. lol The update tool is GUI. That's why I think he can do that himself. A lot like winders in a way. Heck, if this works well and that intfs thingy gets on my nerves, may use it myself. :-( I may have found my next distro. I'm not leaving yet. I'm going to give the inity thingy a shot, maybe two. After that, kill shot. Dale :-) :-)
Re: [gentoo-user] [OT] Binary install distro
On Fri, Nov 11, 2011 at 7:41 AM, Dale rdalek1...@gmail.com wrote: SNIP I have noticed the same points you found. I set up the user cutie during the install. I logged in as cutie then did sudo su -. That got me to root user. Yeppie ! Then I did passwd and typed in a root password. After that, I could login as root. I don't like not having the root password set. I don't use sudo on my rig so it sort of annoys me. ;-) I guess we have that in common. lol The update tool is GUI. That's why I think he can do that himself. A lot like winders in a way. Heck, if this works well and that intfs thingy gets on my nerves, may use it myself. :-( I may have found my next distro. I'm not leaving yet. I'm going to give the inity thingy a shot, maybe two. After that, kill shot. Dale Yeah, I was pretty sure it must work normally if you either know what to do or take the time to go learn. In my case I was essentially deciding whether to bother with this really slow Mac Mini that I had almost never used since I bought it (my worst PC purchase in 30 years) or to essentially throw the thing away. In the end I opted for the virtual trash can. - Mark
Re: [gentoo-user] [OT] Binary install distro
I'll be interested in hearing how that goes. I had one weekend running Ubuntu and ended up running away as fast as I could. It wasn't that it was bad or didn't work, but that the management of it seemed so different from any distro I'd run before that I didn't want to deal with learning it. Let's see how that does for you. Again, remembering I didn't really give it much of a chance - I was running on a Power PC Mac Mini - two things that drove me mad were: 1) The basic install didn't tell me what the root password was. 2) All the management was done using sudo. I couldn't get past the idea that if something went wrong that with no root password what was I supposed to do? Now, I was absolutely sure at the time there had to be a way to set that myself, maybe as simple as sudo passwd - root or something like that, but I decided it just wasn't for me and tossed the machine in the garage rather than deal with it! :-) Cheers, Mark SNIP I don't use sudo on my rig so it sort of annoys me. ;-) I guess we have that in common. lol The update tool is GUI. That's why I think he can do that himself. A lot like winders in a way. Heck, if this works well and that intfs thingy gets on my nerves, may use it myself. :-( I may have found my next distro. I'm not leaving yet. I'm going to give the inity thingy a shot, maybe two. After that, kill shot. Dale I hate sudo, I never got the point in using it - and actually it is one of the thing that makes Ubuntu annoying to me. I'm not the only one, then! :D Howerer, I think that Ubuntu is one of the best distro for beginners (especially those coming from windows/os x), so it should work well for your brother. Basically, it is absolutely possible to run and update the distro without ever touching the terminal... Me, I find it too constraining. In regard to Sabayon, last time I tried it, I had the impression it was buggy, but it was three years ago... Actually, I'd like to give it a try one of these days :) Best regards, Lorenzo
Re: [gentoo-user] [OT] Binary install distro
Lorenzo Bandieri wrote: I'll be interested in hearing how that goes. I had one weekend running Ubuntu and ended up running away as fast as I could. It wasn't that it was bad or didn't work, but that the management of it seemed so different from any distro I'd run before that I didn't want to deal with learning it. Let's see how that does for you. Again, remembering I didn't really give it much of a chance - I was running on a Power PC Mac Mini - two things that drove me mad were: 1) The basic install didn't tell me what the root password was. 2) All the management was done using sudo. I couldn't get past the idea that if something went wrong that with no root password what was I supposed to do? Now, I was absolutely sure at the time there had to be a way to set that myself, maybe as simple as sudo passwd - root or something like that, but I decided it just wasn't for me and tossed the machine in the garage rather than deal with it! :-) Cheers, Mark SNIP I don't use sudo on my rig so it sort of annoys me. ;-) I guess we have that in common. lol The update tool is GUI. That's why I think he can do that himself. A lot like winders in a way. Heck, if this works well and that intfs thingy gets on my nerves, may use it myself. :-( I may have found my next distro. I'm not leaving yet. I'm going to give the inity thingy a shot, maybe two. After that, kill shot. Dale I hate sudo, I never got the point in using it - and actually it is one of the thing that makes Ubuntu annoying to me. I'm not the only one, then! :D Howerer, I think that Ubuntu is one of the best distro for beginners (especially those coming from windows/os x), so it should work well for your brother. Basically, it is absolutely possible to run and update the distro without ever touching the terminal... Me, I find it too constraining. In regard to Sabayon, last time I tried it, I had the impression it was buggy, but it was three years ago... Actually, I'd like to give it a try one of these days :) Best regards, Lorenzo Us Gentooers are to much alike. lol Dale :-) :-)
[gentoo-user] how can I disable renaming of root fs to /dev/root?
Hi, this is actually not problem but rather a matter of customs: My new fresh installed system shows root-fs in df as /dev/root, not actuall device (in my case /dev/md2). I think I coud get used to it, but some software still needs /dev/md2 (i.e. lilo), other does not find /dev/md2 anymore and needs /dev/root to work properly (i.e. monit). Moreover, in /etc/fstab I still have to use /dev/md2 as root filesystem, while /etc/mtab shows only /dev/root. I do not like such a mess and I'd like to put it in rather consistent state where root filesystem has always the same and only name. Is there some way to stop this renaming of root filesystem to /dev/root and let it be as in old baselayout1? Jarry -- ___ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.
[gentoo-user] {OT} Are push backups flawed?
A little while ago I set up an automated backup system to back up the data from 3 machines to a backup server. I decided to use a push-style layout where the 3 machines push their data to the backup server. Public SSH keys for the 3 machines are stored on the backup server and restricted to the rdiff-backup command. Each of the 3 machines pushes their data to the backup server as a different user and the top directory of each backup is chmod 700 to prevent any of the 3 machines from reading or writing a backup from another machine. I've run into a problem with this layout that I can't seem to solve, and I'm wondering if I should switch to a pull-style layout where the backup server pulls data from each of the 3 machines. The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. If I run a pull-style layout and the backup server is compromised, the attacker would have root read access to each of the 3 machines, but the attacker would already have access to backups from each of the 3 machines stored on the backup server itself so that's not really an issue. I would also have the added inconvenience of using openvpn or ssh -R for my laptop so the backup server can pull from it through any router. What do you think guys? Are push-style backups flawed and unacceptable? - Grant
Re: [gentoo-user] {OT} Are push backups flawed?
On Fri, Nov 11, 2011 at 12:55 PM, Grant emailgr...@gmail.com wrote: [snip] The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. As a final stage in your backup, could you trigger a 'pull'-style backup copying the data image to a more secure area? How about setting your backup target on top of lvm, and snapshotting? Some mechanism could be employed so that the snapshot command is run by a more restricted user, and done so after, e.g. a certain amount of idle time in the backup target directory If I run a pull-style layout and the backup server is compromised, the attacker would have root read access to each of the 3 machines, but the attacker would already have access to backups from each of the 3 machines stored on the backup server itself so that's not really an issue. I would also have the added inconvenience of using openvpn or ssh -R for my laptop so the backup server can pull from it through any router. Check out freenet6. I use it so that my laptop has a static, global IP address whether it's on my home network or not. It's quite nice. IPv6 in various applications also solves my other direct-access needs. What do you think guys? Are push-style backups flawed and unacceptable? I imagine you might still want to 'pull' from your backup server; if someone gets a key that allows them to manipulate the behavior of a local process that shouldn't normally be manipulated, your vulnerability surface goes up. -- :wq
Re: [gentoo-user] {OT} Are push backups flawed?
On Nov 12, 2011 12:58 AM, Grant emailgr...@gmail.com wrote: A little while ago I set up an automated backup system to back up the data from 3 machines to a backup server. I decided to use a push-style layout where the 3 machines push their data to the backup server. Public SSH keys for the 3 machines are stored on the backup server and restricted to the rdiff-backup command. Each of the 3 machines pushes their data to the backup server as a different user and the top directory of each backup is chmod 700 to prevent any of the 3 machines from reading or writing a backup from another machine. I've run into a problem with this layout that I can't seem to solve, and I'm wondering if I should switch to a pull-style layout where the backup server pulls data from each of the 3 machines. The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. If I run a pull-style layout and the backup server is compromised, the attacker would have root read access to each of the 3 machines, but the attacker would already have access to backups from each of the 3 machines stored on the backup server itself so that's not really an issue. I would also have the added inconvenience of using openvpn or ssh -R for my laptop so the backup server can pull from it through any router. What do you think guys? Are push-style backups flawed and unacceptable? No, it's not flawed, as long as the implementation is right: versioning and deduplication. With versioning, an attacker (or infiltrator, in this matter) might try to taint the backup, but all she can do is just push a new version to the server. You can recover your data by reverting to a prior version. The deduplication part is only to save storage space. It's less necessary if you have a robust versioning system that can categorize each push as either canonical/perpetual/permanent or ephemeral/temporary. The system can just discard old ephemeral pushes when storage becomes critical. Rgds,
Re: [gentoo-user] {OT} Are push backups flawed?
[snip] The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. As a final stage in your backup, could you trigger a 'pull'-style backup copying the data image to a more secure area? How about setting Even if I pull a copy of the backup to a separate machine from the backup server, it will pull an altered copy if an attacker compromises one of the systems being backed up and alters that system's backup on the backup server. Am I missing something? - Grant your backup target on top of lvm, and snapshotting? Some mechanism could be employed so that the snapshot command is run by a more restricted user, and done so after, e.g. a certain amount of idle time in the backup target directory If I run a pull-style layout and the backup server is compromised, the attacker would have root read access to each of the 3 machines, but the attacker would already have access to backups from each of the 3 machines stored on the backup server itself so that's not really an issue. I would also have the added inconvenience of using openvpn or ssh -R for my laptop so the backup server can pull from it through any router. Check out freenet6. I use it so that my laptop has a static, global IP address whether it's on my home network or not. It's quite nice. IPv6 in various applications also solves my other direct-access needs. What do you think guys? Are push-style backups flawed and unacceptable? I imagine you might still want to 'pull' from your backup server; if someone gets a key that allows them to manipulate the behavior of a local process that shouldn't normally be manipulated, your vulnerability surface goes up. -- :wq
Re: [gentoo-user] {OT} Are push backups flawed?
On Fri, Nov 11, 2011 at 1:27 PM, Grant emailgr...@gmail.com wrote: [snip] The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. As a final stage in your backup, could you trigger a 'pull'-style backup copying the data image to a more secure area? How about setting Even if I pull a copy of the backup to a separate machine from the backup server, it will pull an altered copy if an attacker compromises one of the systems being backed up and alters that system's backup on the backup server. Am I missing something? If you're not applying any kind of versioning, it doesn't matter if you're pushing or pulling; your backup will eventually be overwritten by a backup of a hacked system unless you catch and respond as soon as the original invasion happens. So it sounds like the scenario you fear isn't tied to the mechanism you're reconsidering. -- :wq
Re: [gentoo-user] {OT} Are push backups flawed?
A little while ago I set up an automated backup system to back up the data from 3 machines to a backup server. I decided to use a push-style layout where the 3 machines push their data to the backup server. Public SSH keys for the 3 machines are stored on the backup server and restricted to the rdiff-backup command. Each of the 3 machines pushes their data to the backup server as a different user and the top directory of each backup is chmod 700 to prevent any of the 3 machines from reading or writing a backup from another machine. I've run into a problem with this layout that I can't seem to solve, and I'm wondering if I should switch to a pull-style layout where the backup server pulls data from each of the 3 machines. The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. If I run a pull-style layout and the backup server is compromised, the attacker would have root read access to each of the 3 machines, but the attacker would already have access to backups from each of the 3 machines stored on the backup server itself so that's not really an issue. I would also have the added inconvenience of using openvpn or ssh -R for my laptop so the backup server can pull from it through any router. What do you think guys? Are push-style backups flawed and unacceptable? No, it's not flawed, as long as the implementation is right: versioning and deduplication. With versioning, an attacker (or infiltrator, in this matter) might try to taint the backup, but all she can do is just push a new version to the server. You can recover your data by reverting to a prior version. Is that true? Wouldn't the infiltrator be able to craft some sort of rdiff-backup command that deletes the entire backup? I can't come up with such a command myself, but I thought I was essentially giving full read/write access of a system's backup to an infiltrator by putting that system's public key on the backup server. I do restrict the key like command=rdiff-backup --server but I didn't expect that to completely prevent the backup from being wiped out. Does it? - Grant The deduplication part is only to save storage space. It's less necessary if you have a robust versioning system that can categorize each push as either canonical/perpetual/permanent or ephemeral/temporary. The system can just discard old ephemeral pushes when storage becomes critical.
Re: [gentoo-user] {OT} Are push backups flawed?
On Nov 12, 2011 1:39 AM, Grant emailgr...@gmail.com wrote: A little while ago I set up an automated backup system to back up the data from 3 machines to a backup server. I decided to use a push-style layout where the 3 machines push their data to the backup server. Public SSH keys for the 3 machines are stored on the backup server and restricted to the rdiff-backup command. Each of the 3 machines pushes their data to the backup server as a different user and the top directory of each backup is chmod 700 to prevent any of the 3 machines from reading or writing a backup from another machine. I've run into a problem with this layout that I can't seem to solve, and I'm wondering if I should switch to a pull-style layout where the backup server pulls data from each of the 3 machines. The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. If I run a pull-style layout and the backup server is compromised, the attacker would have root read access to each of the 3 machines, but the attacker would already have access to backups from each of the 3 machines stored on the backup server itself so that's not really an issue. I would also have the added inconvenience of using openvpn or ssh -R for my laptop so the backup server can pull from it through any router. What do you think guys? Are push-style backups flawed and unacceptable? No, it's not flawed, as long as the implementation is right: versioning and deduplication. With versioning, an attacker (or infiltrator, in this matter) might try to taint the backup, but all she can do is just push a new version to the server. You can recover your data by reverting to a prior version. Is that true? Wouldn't the infiltrator be able to craft some sort of rdiff-backup command that deletes the entire backup? I can't come up with such a command myself, but I thought I was essentially giving full read/write access of a system's backup to an infiltrator by putting that system's public key on the backup server. I do restrict the key like command=rdiff-backup --server but I didn't expect that to completely prevent the backup from being wiped out. Does it? - Grant The deduplication part is only to save storage space. It's less necessary if you have a robust versioning system that can categorize each push as either canonical/perpetual/permanent or ephemeral/temporary. The system can just discard old ephemeral pushes when storage becomes critical. Just an illustration: My employer will soon do a PoC/Live Demo of this product: http://www.atempo.com/products/liveBackup/features.asp Only an 'agent' lives inside the employee's workstation. It pushes all writes to certain folders to the server, and able to request 'reverts' to their local copy, but the server's archives are immutable. Unfortunately, said product only supports Windows and Macs. I'm still on the lookout for something similar for Linux. (For pure text files, a git/mercurial server would be enough, though.) Rgds,
Re: [gentoo-user] java java everywhere
Am 11.11.2011 11:16, schrieb Willie Wong: On Thu, Nov 10, 2011 at 11:01:56PM +0200, Alan McKinnon wrote: (i) What is icedtea-web? If you had actually clicked on the homepage link in the emerge -s output you posted, you would have seen in the very first bullet point right at the start of the page that icedtea-web is mostly Java Web Start The problem is: that doesn't help me at all. What the heck is Web Start? The corporate-lese at http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136112.html doesn't really tell me why or whether I need it. It is the applet launcher you mentioned further down in your email. It also allows starting standalone applications straight from the web. There is a difference between these two capabilities but I think they are now served by the same plugin. (iv) Do I really need to have so many different java things on my computer? [...] So, if you want Java as implemented by iced-tea, pick between source and -bin. If you want JWS, then emerge that too. Did you even attempt to google this and find answers yourself? Did you read my question? The problem is not that so many JDKs are available. The problem is why does portage want to install them all? (Scroll up to the top of my message and see the emerge --update output which wants to SLOT all three of icedtea, icedtea-bin, icedtea-web.) So cut the snark, Alan. To spell out the question for you more clearly: Why does portage want to install ALL three kinds of icedteas, when all I really need is a JRE? Is there some subtle differences between the three such that I must have all three available? Is the 6-7 major version update one which they significantly changed the API so things start breaking left and right? Yes, there are new features and APIs available with java 1.7 but I doubt any applications in the stable portage tree already use these. Otherwise it should be backwards compatible. Since 1.7 is pretty new I guess there are still many packages explicitly requiring virtual/jdk:6 just because the devs haven't yet tested the transition. On the other hand, some packages will just require virtual/jdk and therefore trigger portage to install the newer slot. rant [...] What I don't know (as I admitted so much in the first sentence of my original post) is Java. I don't code in it. I don't (to the best of my knowledge) have any packages installed via portage that has code written in Java. All I need is a JRE to look at some applets on the internet and run a couple pre-compiled Java applications on my desktop. It may be that I somehow acquired a need for a JDK and I forgot, I don't know, but why is it that portage wants to installed two JDKS and on top of that some web-based JRE at the same time? /rant W To find out why portage wants the JDK, run `emerge -pv --depclean virtual/jdk`. Repeat until you find @world or something looking familiar. I bet you have LibreOffice installed with USE=java. There is an old thread from earlier this year which describes what functionality you loose when you deactivate that flag. All things considered, though, I think it will be faster to install a JDK than to re-emerge LibreOffice with USE=-java. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] {OT} Are push backups flawed?
Am 11.11.2011 19:56, schrieb Pandu Poluan: On Nov 12, 2011 1:39 AM, Grant emailgr...@gmail.com mailto:emailgr...@gmail.com wrote: A little while ago I set up an automated backup system to back up the data from 3 machines to a backup server. I decided to use a push-style layout where the 3 machines push their data to the backup server. Public SSH keys for the 3 machines are stored on the backup server and restricted to the rdiff-backup command. Each of the 3 machines pushes their data to the backup server as a different user and the top directory of each backup is chmod 700 to prevent any of the 3 machines from reading or writing a backup from another machine. I've run into a problem with this layout that I can't seem to solve, and I'm wondering if I should switch to a pull-style layout where the backup server pulls data from each of the 3 machines. The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. If I run a pull-style layout and the backup server is compromised, the attacker would have root read access to each of the 3 machines, but the attacker would already have access to backups from each of the 3 machines stored on the backup server itself so that's not really an issue. I would also have the added inconvenience of using openvpn or ssh -R for my laptop so the backup server can pull from it through any router. What do you think guys? Are push-style backups flawed and unacceptable? No, it's not flawed, as long as the implementation is right: versioning and deduplication. With versioning, an attacker (or infiltrator, in this matter) might try to taint the backup, but all she can do is just push a new version to the server. You can recover your data by reverting to a prior version. Is that true? Wouldn't the infiltrator be able to craft some sort of rdiff-backup command that deletes the entire backup? I can't come up with such a command myself, but I thought I was essentially giving full read/write access of a system's backup to an infiltrator by putting that system's public key on the backup server. I do restrict the key like command=rdiff-backup --server but I didn't expect that to completely prevent the backup from being wiped out. Does it? - Grant The deduplication part is only to save storage space. It's less necessary if you have a robust versioning system that can categorize each push as either canonical/perpetual/permanent or ephemeral/temporary. The system can just discard old ephemeral pushes when storage becomes critical. Just an illustration: My employer will soon do a PoC/Live Demo of this product: http://www.atempo.com/products/liveBackup/features.asp Only an 'agent' lives inside the employee's workstation. It pushes all writes to certain folders to the server, and able to request 'reverts' to their local copy, but the server's archives are immutable. Unfortunately, said product only supports Windows and Macs. I'm still on the lookout for something similar for Linux. (For pure text files, a git/mercurial server would be enough, though.) Rgds, Isn't Bacula something like this? http://www.bacula.org/en/dev-manual/main/main/What_is_Bacula.html#SECTION0022 Hint: File server actually is the client that is backed up. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] [OT] Binary install distro
On Fri, 11 Nov 2011 17:49:54 +0100 Lorenzo Bandieri lorenzo.bandi...@gmail.com wrote: I'll be interested in hearing how that goes. I had one weekend running Ubuntu and ended up running away as fast as I could. It wasn't that it was bad or didn't work, but that the management of it seemed so different from any distro I'd run before that I didn't want to deal with learning it. Let's see how that does for you. Again, remembering I didn't really give it much of a chance - I was running on a Power PC Mac Mini - two things that drove me mad were: 1) The basic install didn't tell me what the root password was. 2) All the management was done using sudo. I couldn't get past the idea that if something went wrong that with no root password what was I supposed to do? Now, I was absolutely sure at the time there had to be a way to set that myself, maybe as simple as sudo passwd - root or something like that, but I decided it just wasn't for me and tossed the machine in the garage rather than deal with it! :-) Cheers, Mark SNIP I don't use sudo on my rig so it sort of annoys me. ;-) I guess we have that in common. lol The update tool is GUI. That's why I think he can do that himself. A lot like winders in a way. Heck, if this works well and that intfs thingy gets on my nerves, may use it myself. :-( I may have found my next distro. I'm not leaving yet. I'm going to give the inity thingy a shot, maybe two. After that, kill shot. Dale I hate sudo, I never got the point in using it - and actually it is one of the thing that makes Ubuntu annoying to me. I'm not the only one, then! :D Then you must be using a single-user machine. Like your own laptop or desktop. sudo is absolutely necessary on any multi-user machine unless you like security holes. Instead of bashing sudo, it's better to find out what problem it is designed to solve, then determine if you have that problem. It does have a point, and a very valuable one too, you just seem to not have seen it yet. -- Alan McKinnnon alan.mckin...@gmail.com
Re: [gentoo-user] [OT] Binary install distro
On Friday 11 Nov 2011 07:37:56 J. Roeleveld wrote: On Thu, November 10, 2011 8:03 pm, Dale wrote: SNIPPED Any tips or tricks on Kubuntu anyone? Sort of a basic 'this is how you update/install something for idiots' type thing. lol I think Sabayon would be a better option, but if you really want to go with *buntu/debian: - Install X # sudo apt-get install X - Update repository: # sudo apt-get update - Upgrade system: # sudo apt-get upgrade For major upgrades, you need to change to a different repository or something like that. I installed Gentoo on my netbook as I got really annoyed with the dodgy way ubuntu deals with this. Not to forget: sudo apt-get autoclean and yes, you'll need to get to grips with the various repos to install packages outside the vanilla version of any distro. I've installed Kubuntu on a laptop and a load of extra packages for web development. Have not heard any complaints for at least a year now. ;-) A point to note: Last time I used OpenSuse (must be 4 years ago or more) it did not seem to be as flexible as ?Ubuntu. There were all sort of dependency problems if you veered off the beaten track. Also back then there was no way to upgrade to the later version. It was a matter of reinstalling and reconfiguring. Things may have moved on since. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] [OT] Binary install distro
Then you must be using a single-user machine. Like your own laptop or desktop. sudo is absolutely necessary on any multi-user machine unless you like security holes. Instead of bashing sudo, it's better to find out what problem it is designed to solve, then determine if you have that problem. It does have a point, and a very valuable one too, you just seem to not have seen it yet. Yes, Alan, you're right, I'm on a single-user machine. I apologize, I should have made it clear. Indeed, I can see that in a multi-users machine sudo is useful. I just don't agree on the Ubuntu policy of using sudo instead of root by default, assuming that it provides more security. I don't want to start a flame war about sudo vs su, sorry if I sounded rough! Best regards, Lorenzo
Re: [gentoo-user] [OT] Binary install distro
On Fri, Nov 11, 2011 at 2:20 PM, Mick michaelkintz...@gmail.com wrote: On Friday 11 Nov 2011 07:37:56 J. Roeleveld wrote: On Thu, November 10, 2011 8:03 pm, Dale wrote: SNIPPED Any tips or tricks on Kubuntu anyone? Sort of a basic 'this is how you update/install something for idiots' type thing. lol I think Sabayon would be a better option, but if you really want to go with *buntu/debian: - Install X # sudo apt-get install X - Update repository: # sudo apt-get update - Upgrade system: # sudo apt-get upgrade For major upgrades, you need to change to a different repository or something like that. I installed Gentoo on my netbook as I got really annoyed with the dodgy way ubuntu deals with this. Not to forget: sudo apt-get autoclean and yes, you'll need to get to grips with the various repos to install packages outside the vanilla version of any distro. I've installed Kubuntu on a laptop and a load of extra packages for web development. Have not heard any complaints for at least a year now. ;-) A point to note: Last time I used OpenSuse (must be 4 years ago or more) it did not seem to be as flexible as ?Ubuntu. There were all sort of dependency problems if you veered off the beaten track. Also back then there was no way to upgrade to the later version. It was a matter of reinstalling and reconfiguring. Things may have moved on since. Never used OpenSuse, but I've spent about ten years bouncing between Ubuntu and Debian. (I started using Ubuntu around either 5.04 or 6.06. Not sure.) While Ubuntu is usually among the first of the binary distros to support new things, it's been suffering more and more (and more!) decay when you wander off the beaten path. Over the last couple years, it's tended toward beating its own path, so knowledge and skills are becoming less portable if you're bouncing between Ubuntu and other distros, or even between Ubuntu and Debian. It's nice if you want something up and running fast, it's friendly to newbies, and it's friendly to some kinds of administrators, but it's *not* friendly to power users. -- :wq
Re: [gentoo-user] [OT] Binary install distro
Alan McKinnon wrote: On Fri, 11 Nov 2011 17:49:54 +0100 Lorenzo Bandierilorenzo.bandi...@gmail.com wrote: I don't use sudo on my rig so it sort of annoys me. ;-) I guess we have that in common. lol The update tool is GUI. That's why I think he can do that himself. A lot like winders in a way. Heck, if this works well and that intfs thingy gets on my nerves, may use it myself. :-( I may have found my next distro. I'm not leaving yet. I'm going to give the inity thingy a shot, maybe two. After that, kill shot. Dale I hate sudo, I never got the point in using it - and actually it is one of the thing that makes Ubuntu annoying to me. I'm not the only one, then! :D Then you must be using a single-user machine. Like your own laptop or desktop. sudo is absolutely necessary on any multi-user machine unless you like security holes. Instead of bashing sudo, it's better to find out what problem it is designed to solve, then determine if you have that problem. It does have a point, and a very valuable one too, you just seem to not have seen it yet. Mine is a single user machine both for me and my brother. That said, if I did have other users on my machine, they wouldn't even be in the wheel group so sudo wouldn't happen either. They would be able to do user things but nothing else. That said, I know sudo fixes some problems and has its reason for existing. Me, its just like the init thingy, I haven't found a good reason yet to have one so no need adding it. That will likely change shortly but hopefully not today. I found a workaround on kubuntu tho. Just set the root password so you can login as root and carry on. ;-) Even I have a gas pocket in my brain from time to time. :-D Cheer up Alan. Dale :-) :-)
Re: [gentoo-user] [OT] Binary install distro
Michael Mol wrote: Never used OpenSuse, but I've spent about ten years bouncing between Ubuntu and Debian. (I started using Ubuntu around either 5.04 or 6.06. Not sure.) While Ubuntu is usually among the first of the binary distros to support new things, it's been suffering more and more (and more!) decay when you wander off the beaten path. Over the last couple years, it's tended toward beating its own path, so knowledge and skills are becoming less portable if you're bouncing between Ubuntu and other distros, or even between Ubuntu and Debian. It's nice if you want something up and running fast, it's friendly to newbies, and it's friendly to some kinds of administrators, but it's *not* friendly to power users. I think this will suite my brother tho. They check email, weather and the news and my sis-n-law plays games on facebook. They both play card games which Linux has quite a few of. So, this is really what they need. Of course, if I find something better, I can backup the /home directory and install something else then restore the /home and carry on with something new. This is the beauty of Linux. If I copy the WHOLE .mozilla directory from winders to Linux, won't that keep all their settings, passwords, bookmarks and email? I have done that on Linux a couple times with little problems. I'm just not sure about winders to Linux. Thanks. Ya'll gave me some good ideas for both now and in the future if I need to try something else. Dale :-) :-)
[gentoo-user] mobo replaced; eth0 fails
My dell laptop E6510 had its motherboard replaced (as it turned out, for no good reason) and now the wired ethernet fails. ajglap gottlieb # /etc/init.d/net.eth0 restart * Bringing up interface eth0 * ERROR: interface eth0 does not exist * Ensure that you have loaded the correct kernel module for your hardware * ERROR: net.eth0 failed to start I am hoping it is some wrong setting in the bios, but the only one I see says the ethernet can be disabled enabled enabled (with pxe) I tried both of the enabled variants with the same outcome. I don't think I changed the kernel during that time, but I did try two older kernels; again with no change. I believe I have the correct driver built into the kernel ajglap gottlieb # lspci -v [snip] 00:19.0 Ethernet controller: Intel Corporation 82577LM Gigabit Network Connection (rev 05) Subsystem: Dell Device 040b Flags: bus master, fast devsel, latency 0, IRQ 42 Memory at e960 (32-bit, non-prefetchable) [size=128K] Memory at e968 (32-bit, non-prefetchable) [size=4K] I/O ports at 8040 [size=32] Capabilities: [c8] Power Management version 2 Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [e0] PCI Advanced Features Kernel driver in use: e1000e Any help would be appreciated. thanks, allan
Re: [gentoo-user] mobo replaced; eth0 fails
Am 11.11.2011 21:28, schrieb Allan Gottlieb: My dell laptop E6510 had its motherboard replaced (as it turned out, for no good reason) and now the wired ethernet fails. ajglap gottlieb # /etc/init.d/net.eth0 restart * Bringing up interface eth0 * ERROR: interface eth0 does not exist * Ensure that you have loaded the correct kernel module for your hardware * ERROR: net.eth0 failed to start [...] Try `/sbin/ifconfig -a`. If you are lucky, it will show you an eth1 interface or something alike. The issue is that udev keeps track of network interfaces. If it finds a new one, it asigns it a new number instead of reusing the old one. You can change this, but to get everything running fast, just copy your config from eth0 to eth1, create a symlink between /etc/init.d/net.lo and /etc/init.d/net.eth1 and start that one. Hope this helps, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] mobo replaced; eth0 fails
On Fri, 11 Nov 2011 15:28:26 -0500 Allan Gottlieb gottl...@nyu.edu wrote: My dell laptop E6510 had its motherboard replaced (as it turned out, for no good reason) and now the wired ethernet fails. ajglap gottlieb # /etc/init.d/net.eth0 restart * Bringing up interface eth0 * ERROR: interface eth0 does not exist * Ensure that you have loaded the correct kernel module for your hardware * ERROR: net.eth0 failed to start I am hoping it is some wrong setting in the bios, but the only one I see says the ethernet can be disabled enabled enabled (with pxe) I tried both of the enabled variants with the same outcome. I don't think I changed the kernel during that time, but I did try two older kernels; again with no change. I believe I have the correct driver built into the kernel ajglap gottlieb # lspci -v [snip] 00:19.0 Ethernet controller: Intel Corporation 82577LM Gigabit Network Connection (rev 05) Subsystem: Dell Device 040b Flags: bus master, fast devsel, latency 0, IRQ 42 Memory at e960 (32-bit, non-prefetchable) [size=128K] Memory at e968 (32-bit, non-prefetchable) [size=4K] I/O ports at 8040 [size=32] Capabilities: [c8] Power Management version 2 Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [e0] PCI Advanced Features Kernel driver in use: e1000e Seeing as it's gentoo, my first guess is that the new motherboard doesn't have the same hardware as the old one - Dell can easily fit any wireless card with the same specs - and that you don't have the correct module loaded. In the BIOS the option you want is plain enabled, if you need pxe you will certainly know all about that already. Any clues in dmesg about the hardware? -- Alan McKinnnon alan.mckin...@gmail.com
Re: [gentoo-user] [OT] Binary install distro
Am 11.11.2011 21:25, schrieb Dale: If I copy the WHOLE .mozilla directory from winders to Linux, won't that keep all their settings, passwords, bookmarks and email? I have done that on Linux a couple times with little problems. I'm just not sure about winders to Linux. I suggest using Mozilla's sync feature. It is dead simple and allegedly secure. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] mobo replaced; eth0 fails
On Fri, Nov 11, 2011 at 4:08 PM, Alan McKinnon alan.mckin...@gmail.com wrote: On Fri, 11 Nov 2011 15:28:26 -0500 Allan Gottlieb gottl...@nyu.edu wrote: My dell laptop E6510 had its motherboard replaced (as it turned out, for no good reason) and now the wired ethernet fails. ajglap gottlieb # /etc/init.d/net.eth0 restart * Bringing up interface eth0 * ERROR: interface eth0 does not exist * Ensure that you have loaded the correct kernel module for your hardware * ERROR: net.eth0 failed to start I am hoping it is some wrong setting in the bios, but the only one I see says the ethernet can be disabled enabled enabled (with pxe) I tried both of the enabled variants with the same outcome. I don't think I changed the kernel during that time, but I did try two older kernels; again with no change. I believe I have the correct driver built into the kernel ajglap gottlieb # lspci -v [snip] 00:19.0 Ethernet controller: Intel Corporation 82577LM Gigabit Network Connection (rev 05) Subsystem: Dell Device 040b Flags: bus master, fast devsel, latency 0, IRQ 42 Memory at e960 (32-bit, non-prefetchable) [size=128K] Memory at e968 (32-bit, non-prefetchable) [size=4K] I/O ports at 8040 [size=32] Capabilities: [c8] Power Management version 2 Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [e0] PCI Advanced Features Kernel driver in use: e1000e Seeing as it's gentoo, my first guess is that the new motherboard doesn't have the same hardware as the old one - Dell can easily fit any wireless card with the same specs - and that you don't have the correct module loaded. In the BIOS the option you want is plain enabled, if you need pxe you will certainly know all about that already. Any clues in dmesg about the hardware? On that note, find the udev rule for persistent networking and wipe it. -- :wq
Re: [gentoo-user] [OT] Binary install distro
On Fri, 11 Nov 2011 14:19:45 -0600 Dale rdalek1...@gmail.com wrote: ine is a single user machine both for me and my brother. That said, if I did have other users on my machine, they wouldn't even be in the wheel group so sudo wouldn't happen either. They would be able to do user things but nothing else. That said, I know sudo fixes some problems and has its reason for existing. Me, its just like the init thingy, I haven't found a good reason yet to have one so no need adding it. That will likely change shortly but hopefully not today. I found a workaround on kubuntu tho. Just set the root password so you can login as root and carry on. ;-) Even I have a gas pocket in my brain from time to time. :-D Yeah, that's the way you do it. I don't have sudo on my own machines for the same reason (except the Ubuntu ones, I can't be bothered removing it) but at work I'd be slaughtered by Risk if I didn't have it. Without sudo the only way to let users do anything more than what regular users can do is to give them the root password. Seeing as the root password is randomly generated, forgotten, and kept in a sealed envelope in a safe, that's not really an option. Sudo lets me fine-grain control exactly what users can do, like let the web team install and update sites, let team leaders update team crontabs, and more. Plus everything is logged. If some chop deletes important files, I want a timestamped record telling me who and when :-) So in a corporate environment, sudo is an absolute necessity. It's also very useful for personal machines, especially newbies. Having to enter their password every time encourages them to think about what they are running and treat root privs with a little more respect. It doesn't always work out though - I still have idiots on the above-mentioned multi-user machines who blindly run apt-get install gnome on a SuSE host. At least they can't argue when I call them on it (due to the magic feature called logs) -- Alan McKinnnon alan.mckin...@gmail.com
Re: [gentoo-user] [OT] Binary install distro
On Fri, 11 Nov 2011 21:10:27 +0100 Lorenzo Bandieri lorenzo.bandi...@gmail.com wrote: Then you must be using a single-user machine. Like your own laptop or desktop. sudo is absolutely necessary on any multi-user machine unless you like security holes. Instead of bashing sudo, it's better to find out what problem it is designed to solve, then determine if you have that problem. It does have a point, and a very valuable one too, you just seem to not have seen it yet. Yes, Alan, you're right, I'm on a single-user machine. I apologize, I should have made it clear. No worries :-) Indeed, I can see that in a multi-users machine sudo is useful. I just don't agree on the Ubuntu policy of using sudo instead of root by default, assuming that it provides more security. I don't want to start a flame war about sudo vs su, sorry if I sounded rough! Well, it's worth discussing, as sudo on Ubuntu *does* improve security, but you have to think a little about how first. It's not IT security it provides, it's human security. As I mentioned to Dale, it encourages people to think a little more about what they are doing. It's not perfect, but nothing is. Unix has always been very strong on initial authentication and rather weak on authorization thereafter. If you can prove you know the root password, you get the keys to the kingdom until the end of time (defined as logout) - it's an all or nothing approach which obviously cannot possibly fit RealLife. sudo may or may not implement an authorization scheme that's suitable for use, but the need for it is undeniable. It's easy to get authorization completely wrong and go over the top, take SE-Linux. It's very design and complexity encourages sysadmins to find ways to switch it off! And they mostly do - with a single boot parameter in grub -- Alan McKinnnon alan.mckin...@gmail.com
[gentoo-user] UEFI specification
Here is a quick description of how Redmond intends to taint the bios on new products: http://www.linuxjournal.com/content/linux-heavyweights-develop-secure-boot-strategy So, recently I took a live-dvd-11.2 into Costco to check out a new HP laptop (DV7-6178US). It would not boot the DVD. How can I research if the UEFI bios is the issue? In the past the live gentoo dvds have booted up most every (new) laptop I have tested. Sure I can purchase the laptop, bring it home and hack on it, but, it would be much more straight forward if there was a list of UEFI infected computers somewhere. (any lists?) I do not want to waste my time on a laptop that has this MS tainted bios. Methods and ideas to flush this out, before purchase are most welcome? Is it possible that some windows 7 laptops have the UEFI bios? I usually prefer a dual boot laptop, with doz and gentoo, but that looks like a fading option these days.? James
Re: [gentoo-user] [OT] Binary install distro
On Fri, 11 Nov 2011 15:14:57 -0500 Michael Mol mike...@gmail.com wrote: Never used OpenSuse, but I've spent about ten years bouncing between Ubuntu and Debian. (I started using Ubuntu around either 5.04 or 6.06. Not sure.) While Ubuntu is usually among the first of the binary distros to support new things, it's been suffering more and more (and more!) decay when you wander off the beaten path. Over the last couple years, it's tended toward beating its own path, so knowledge and skills are becoming less portable if you're bouncing between Ubuntu and other distros, or even between Ubuntu and Debian. It's nice if you want something up and running fast, it's friendly to newbies, and it's friendly to some kinds of administrators, but it's *not* friendly to power users. If my ftp server stats are anything to go by, Linux Mint is the one power users are targeting right now. Number of downloads is a significant % of number of Ubuntu downloads. Myself, I've given Ubuntu a decent 10 week trial. And I'm sick of it already. I'm not even using 11.04, this is 10.10 with classic gnome 2 and I miss Gentoo so much it hurts :-) As soon as my new laptop arrives, Gentoo is going right on it. I'm going to miss this Samsung Series 9 Airbook-knockoff hardware but the software on it will get deep sixed with nary a backward glance... -- Alan McKinnnon alan.mckin...@gmail.com
[gentoo-user] Re: [OT] Binary install distro
On 2011-11-11, Mark Knecht markkne...@gmail.com wrote: On Fri, Nov 11, 2011 at 6:54 AM, Dale rdalek1...@gmail.com wrote: SNIP Now to teach him how to update the thing. I'll be interested in hearing how that goes. I had one weekend running Ubuntu and ended up running away as fast as I could. I use Ubuntu occasionally, and it's always a teeth-gritting, hair-pulling experience. For me, it's the most non-intuitive distro I've ever used. And it is the Ubuntu part I can't grok, not the Debian part -- I never had any problems with Debian. I ran Debian on a server at home for years, and even created a Debian subset distro for a product many years back. It wasn't that it was bad or didn't work, but that the management of it seemed so different from any distro I'd run before that I didn't want to deal with learning it. Exactly. Anytime you want to do something administrative, it's always an ordeal unless you can just skip the Ubuntu stuff and do the equivalent of editing /etc/network/interfaces (I never could get the GUI network config thingy to work). Let's see how that does for you. Again, remembering I didn't really give it much of a chance - I was running on a Power PC Mac Mini - two things that drove me mad were: 1) The basic install didn't tell me what the root password was. There isn't one by default. The first thing you do after an Ubuntu install is always set the root password: $ sudo bash # passwd The next thing you do is configure it to boot into text mode with all the kernel messages visible. Then you've got something that's almost tolerable. -- Grant Edwards grant.b.edwardsYow! I own seven-eighths of at all the artists in downtown gmail.comBurbank!
Re: [gentoo-user] mobo replaced; eth0 fails
On Friday 11 Nov 2011 21:12:29 Michael Mol wrote: On Fri, Nov 11, 2011 at 4:08 PM, Alan McKinnon alan.mckin...@gmail.com wrote: On Fri, 11 Nov 2011 15:28:26 -0500 Allan Gottlieb gottl...@nyu.edu wrote: My dell laptop E6510 had its motherboard replaced (as it turned out, for no good reason) and now the wired ethernet fails. ajglap gottlieb # /etc/init.d/net.eth0 restart * Bringing up interface eth0 * ERROR: interface eth0 does not exist * Ensure that you have loaded the correct kernel module for your hardware * ERROR: net.eth0 failed to start I am hoping it is some wrong setting in the bios, but the only one I see says the ethernet can be disabled enabled enabled (with pxe) I tried both of the enabled variants with the same outcome. I don't think I changed the kernel during that time, but I did try two older kernels; again with no change. I believe I have the correct driver built into the kernel ajglap gottlieb # lspci -v [snip] 00:19.0 Ethernet controller: Intel Corporation 82577LM Gigabit Network Connection (rev 05) Subsystem: Dell Device 040b Flags: bus master, fast devsel, latency 0, IRQ 42 Memory at e960 (32-bit, non-prefetchable) [size=128K] Memory at e968 (32-bit, non-prefetchable) [size=4K] I/O ports at 8040 [size=32] Capabilities: [c8] Power Management version 2 Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [e0] PCI Advanced Features Kernel driver in use: e1000e Seeing as it's gentoo, my first guess is that the new motherboard doesn't have the same hardware as the old one - Dell can easily fit any wireless card with the same specs - and that you don't have the correct module loaded. In the BIOS the option you want is plain enabled, if you need pxe you will certainly know all about that already. Any clues in dmesg about the hardware? On that note, find the udev rule for persistent networking and wipe it. +1 rm /etc/udev/rules.d/70-persistent-net.rules then reboot. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: [OT] Binary install distro
On Friday 11 Nov 2011 22:02:40 Grant Edwards wrote: On 2011-11-11, Mark Knecht markkne...@gmail.com wrote: On Fri, Nov 11, 2011 at 6:54 AM, Dale rdalek1...@gmail.com wrote: SNIP Now to teach him how to update the thing. I'll be interested in hearing how that goes. I had one weekend running Ubuntu and ended up running away as fast as I could. I use Ubuntu occasionally, and it's always a teeth-gritting, hair-pulling experience. For me, it's the most non-intuitive distro I've ever used. And it is the Ubuntu part I can't grok, not the Debian part -- I never had any problems with Debian. I ran Debian on a server at home for years, and even created a Debian subset distro for a product many years back. It wasn't that it was bad or didn't work, but that the management of it seemed so different from any distro I'd run before that I didn't want to deal with learning it. Exactly. Anytime you want to do something administrative, it's always an ordeal unless you can just skip the Ubuntu stuff and do the equivalent of editing /etc/network/interfaces (I never could get the GUI network config thingy to work). Let's see how that does for you. Again, remembering I didn't really give it much of a chance - I was running on a Power PC Mac Mini - two things that drove me mad were: 1) The basic install didn't tell me what the root password was. There isn't one by default. The first thing you do after an Ubuntu install is always set the root password: $ sudo bash # passwd The next thing you do is configure it to boot into text mode with all the kernel messages visible. Then you've got something that's almost tolerable. How do you that?!!! Pressing F2 or Esc on the Ubuntu GRUB2 splash just crashes the system. I think I also tried editting the default GRUB2 file, but couldn't get it to be more verbose. Is there some trick I'm missing? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] [OT] Binary install distro
Florian Philipp wrote: Am 11.11.2011 21:25, schrieb Dale: If I copy the WHOLE .mozilla directory from winders to Linux, won't that keep all their settings, passwords, bookmarks and email? I have done that on Linux a couple times with little problems. I'm just not sure about winders to Linux. I suggest using Mozilla's sync feature. It is dead simple and allegedly secure. Regards, Florian Philipp I wasn't aware it had that. I looked on mine here and can't find it. Where is it? This would be awesome if it works. Dale :-) :-)
Re: [gentoo-user] Can I read a MacOSX FileVault disk from Linux?
On 10 November 2011 19:25, fe...@crowfix.com wrote: I have a 5 year old Mac OS X laptop which died last night -- no lights, nothing, as if the battery and AC line were disconnected. There's nothing on it which is a disaster to lose, but there are some things I'd like to get off. Is it possible to plug the drive into a SATA (?) connector on a Linux system and mount it with some encryption loopback setup to get into my FileVault-protcted home dir? I do have access to a completely different Mac, and I could probably swap drives, boot, get the data I want, shut down, and restore drives, but I have no idea how well that would work. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman rocket surgeon / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o From a casual read through the wiki page on Filevault, you should be able to get it up and running provided you still have the Master password. In fact, the age of the install may be an advantage - the encryption schemes are well understood, and some versions even have cryptographic weaknesses. If you are lucky enough to have the 'Sparse Image' variant (from OS10.4), it may even be possible to recover the majority ov the content, even if some of it is damaged through disk failure (although your description sounds more like motherboard / power failure. As to whether someone has written mount_filevault or not, I've no idea. Happy googling!
Re: [gentoo-user] [OT] Binary install distro
Alan McKinnon wrote: On Fri, 11 Nov 2011 14:19:45 -0600 Dalerdalek1...@gmail.com wrote: ine is a single user machine both for me and my brother. That said, if I did have other users on my machine, they wouldn't even be in the wheel group so sudo wouldn't happen either. They would be able to do user things but nothing else. That said, I know sudo fixes some problems and has its reason for existing. Me, its just like the init thingy, I haven't found a good reason yet to have one so no need adding it. That will likely change shortly but hopefully not today. I found a workaround on kubuntu tho. Just set the root password so you can login as root and carry on. ;-) Even I have a gas pocket in my brain from time to time. :-D Yeah, that's the way you do it. I don't have sudo on my own machines for the same reason (except the Ubuntu ones, I can't be bothered removing it) but at work I'd be slaughtered by Risk if I didn't have it. Without sudo the only way to let users do anything more than what regular users can do is to give them the root password. Seeing as the root password is randomly generated, forgotten, and kept in a sealed envelope in a safe, that's not really an option. Sudo lets me fine-grain control exactly what users can do, like let the web team install and update sites, let team leaders update team crontabs, and more. Plus everything is logged. If some chop deletes important files, I want a timestamped record telling me who and when :-) So in a corporate environment, sudo is an absolute necessity. It's also very useful for personal machines, especially newbies. Having to enter their password every time encourages them to think about what they are running and treat root privs with a little more respect. It doesn't always work out though - I still have idiots on the above-mentioned multi-user machines who blindly run apt-get install gnome on a SuSE host. At least they can't argue when I call them on it (due to the magic feature called logs) Then I can see the benefits of sudo where they is a division of labor for sure. I don't know how it works exactly but I knew it allowed regular users to run CERTAIN things that root as given them access to. I didn't know about the logs tho. If I was running a server where there were several people doing different things that I would never be able to do alone, then sudo would be the tool. I just hope I never have to worry about learning it TO much. ;-) Now to figure out why the windows in Kubuntu have no borders and no little X to close the window. sighs I hate the little details. Dale :-) :-)
Re: [gentoo-user] Re: [OT] Binary install distro
Grant Edwards wrote: The next thing you do is configure it to boot into text mode with all the kernel messages visible. Then you've got something that's almost tolerable. cough cough Care to share how you did that little trick? I like to see the stuff scrolling up myself. Is there a way after the install to add a Windoze OS to grub and all? I unplugged the windoze drive to make sure it didn't mess that up OR I mess up something. So, grub, or some bootloader, is installed on the wrong drive in this case. Dale :-) :-)
Re: [gentoo-user] [OT] Binary install distro
Am 12.11.2011 00:28, schrieb Dale: Florian Philipp wrote: Am 11.11.2011 21:25, schrieb Dale: If I copy the WHOLE .mozilla directory from winders to Linux, won't that keep all their settings, passwords, bookmarks and email? I have done that on Linux a couple times with little problems. I'm just not sure about winders to Linux. I suggest using Mozilla's sync feature. It is dead simple and allegedly secure. Regards, Florian Philipp I wasn't aware it had that. I looked on mine here and can't find it. Where is it? This would be awesome if it works. Dale :-) :-) Edit-Settings-Sync. There you can create a user account. If it is not there, you are probably still running 3.6. Then you can install the plugin here: https://addons.mozilla.org/en/firefox/addon/firefox-sync/ Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] [OT] Binary install distro
Am 12.11.2011 00:36, schrieb Dale: [...] Now to figure out why the windows in Kubuntu have no borders and no little X to close the window. sighs I hate the little details. Dale :-) :-) That is a typical symptom that the window manager is not running (probably crashed while loading some fancy window decorations). Try to execute `kwin` or `kwin --replace` in a terminal. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] [OT] Binary install distro
Florian Philipp wrote: Am 12.11.2011 00:28, schrieb Dale: Florian Philipp wrote: Am 11.11.2011 21:25, schrieb Dale: If I copy the WHOLE .mozilla directory from winders to Linux, won't that keep all their settings, passwords, bookmarks and email? I have done that on Linux a couple times with little problems. I'm just not sure about winders to Linux. I suggest using Mozilla's sync feature. It is dead simple and allegedly secure. Regards, Florian Philipp I wasn't aware it had that. I looked on mine here and can't find it. Where is it? This would be awesome if it works. Dale :-) :-) Edit-Settings-Sync. There you can create a user account. If it is not there, you are probably still running 3.6. Then you can install the plugin here: https://addons.mozilla.org/en/firefox/addon/firefox-sync/ Regards, Florian Philipp Houston, we have a problem. I'm using Seamonkey not Firefox. Now I know why I couldn't find it. lol The email is the biggest thing I wanted to save. Then again, their passwords would be nice too. Dale :-) :-)
Re: [gentoo-user] UEFI specification
On Friday 11 Nov 2011 21:45:08 James wrote: Here is a quick description of how Redmond intends to taint the bios on new products: http://www.linuxjournal.com/content/linux-heavyweights-develop-secure-boot- strategy This I believe is on the cards for MSWindows 8 onwards. So, recently I took a live-dvd-11.2 into Costco to check out a new HP laptop (DV7-6178US). It would not boot the DVD. How can I research if the UEFI bios is the issue? In the past the live gentoo dvds have booted up most every (new) laptop I have tested. I suggest you try another latest version LiveCD, e.g. Knoppix, or SysrescueCD, or see if there is a way of getting up some boot menu that gives you the option to select the LiveCD? Someone who has experience with UEFI hopefully should be able to chime in here - there's AppleMac users frequenting this list too. Sure I can purchase the laptop, bring it home and hack on it, but, it would be much more straight forward if there was a list of UEFI infected computers somewhere. (any lists?) I would not (but it's your money and your time of course). Instead I would complain to the shop - i.e. why is this laptop boot menu not available to the user? and perhaps HP themselves. You are in the USA after all and customer service is paramount. I do not want to waste my time on a laptop that has this MS tainted bios. Methods and ideas to flush this out, before purchase are most welcome? Is it possible that some windows 7 laptops have the UEFI bios? UEFI bios does not necessarily equal secure boot, at least not yet. I usually prefer a dual boot laptop, with doz and gentoo, but that looks like a fading option these days.? Let's hope not! RHL Canonical must be working on making sure that OEMs or MoBo manufacturers address this anti-competitive practice from Microsoft. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] [OT] Binary install distro
On Fri, 11 Nov 2011 14:19:45 -0600, Dale wrote: Mine is a single user machine both for me and my brother. That said, if I did have other users on my machine, they wouldn't even be in the wheel group so sudo wouldn't happen either. They would be able to do user things but nothing else. What happens when there is that one thing they need to do that needs root privileges? Do you give them the root password and let them do what they want, or do you make that one operation available to them? -- Neil Bothwick Windows XP took us to the edge of the cliff. With Windows Vista we took a big step forward. signature.asc Description: PGP signature
Re: [gentoo-user] [OT] Binary install distro
On Fri, 11 Nov 2011 21:10:27 +0100, Lorenzo Bandieri wrote: Yes, Alan, you're right, I'm on a single-user machine. I apologize, I should have made it clear. Indeed, I can see that in a multi-users machine sudo is useful. I just don't agree on the Ubuntu policy of using sudo instead of root by default, assuming that it provides more security. Ubuntu is designed for Linux newbies, those conditioned to the Windows way of working. Give them a root password and they will soon get fed up with typing it whenever they need to do $something and just log into the desktop as root. It is easy enough to enable root access in Ubuntu, but you do have to work out how to break it for yourself. -- Neil Bothwick Diarrhoea is hereditary, it runs in your genes. signature.asc Description: PGP signature
Re: [gentoo-user] Re: [OT] Binary install distro
On Fri, 11 Nov 2011 17:40:26 -0600, Dale wrote: The next thing you do is configure it to boot into text mode with all the kernel messages visible. Then you've got something that's almost tolerable. cough cough Care to share how you did that little trick? I like to see the stuff scrolling up myself. Hold Shift during boot to bring up the GRUB menu, press E to edit, remove the splash and quiet options and press Ctrl-X to boot. It's almost the same as legacy GRUB, with just enough changes to confuse people :( Tp make it permanent, edit /etc/default/grub, remove the splash and quiet options, save the file and run grub2-mkconfig (or the wrapper script that Ubuntu provide, update-grub?). Is there a way after the install to add a Windoze OS to grub and all? I unplugged the windoze drive to make sure it didn't mess that up OR I mess up something. So, grub, or some bootloader, is installed on the wrong drive in this case. Plug the drive back in and run grub2-mkconfig. It will generate a new menu with a Windows option. No manual editing needed. -- Neil Bothwick We are Microsoft of Borg. Prepare to The application assimilation has caused a General Protection Fault and must exit immediately. signature.asc Description: PGP signature
Re: [gentoo-user] [OT] Binary install distro
On Fri, 11 Nov 2011 23:47:31 +0200, Alan McKinnon wrote: If my ftp server stats are anything to go by, Linux Mint is the one power users are targeting right now. Number of downloads is a significant % of number of Ubuntu downloads. How much of that is a knee-jerk reaction to Unity, Mint being seen as Ubuntu without the new-fangled stuff we don't want to try to understand. -- Neil Bothwick This universe is sold by mass, not by volume. Some expansion may have occurred during shipment signature.asc Description: PGP signature
Re: [gentoo-user] [OT] Binary install distro
Am 12.11.2011 01:27, schrieb Neil Bothwick: On Fri, 11 Nov 2011 14:19:45 -0600, Dale wrote: Mine is a single user machine both for me and my brother. That said, if I did have other users on my machine, they wouldn't even be in the wheel group so sudo wouldn't happen either. They would be able to do user things but nothing else. What happens when there is that one thing they need to do that needs root privileges? Do you give them the root password and let them do what they want, or do you make that one operation available to them? SETUID bit like /bin/ping or sudo itself? That being said, I'd also use sudo unless the usage is so frequent that the constant password typing becomes a pain. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
[gentoo-user] Another hardware thread
It's time for a new desktop, I'd rather the the money to Amazon or Ebuyer than the Inland Revenue. I'm currently running a Core2Duo system, but use AMD before that, so I have no real allegiances. I was thinking of something like an AMD 1100T 6 core CPU, the new Bulldozers are expensive and initial reports are not that promising, but an Intel that gives the same bang per buck would do. I'm thinking Gigabyte for motherboard, based on comments made here in similar threads (like the one Dale started a while ago). I need lots of SATA ports (fortunately, I bought a pair of 2TB drives a fortnight ago, just before the prices went ballistic). I'm not a gamer, but I want a system with plenty of grunt. Video performance is not critical, on board would suffice, except I need something with dual output to drive two monitors. Do any of the onboard jobbies do this or is a separate Nvidia still the best option? Thoughts would be welcome, and please feel free to start your own ATI vs Nvidia and AMD vs Intel flamewars. OK, I'd rather you didn't, but I'm not about to waste electrons asking for the impossible :) -- Neil Bothwick Dream as if you'll live forever. Live as if you'll die today. signature.asc Description: PGP signature
Re: [gentoo-user] [OT] Binary install distro
On Sat, 12 Nov 2011 01:45:23 +0100, Florian Philipp wrote: What happens when there is that one thing they need to do that needs root privileges? Do you give them the root password and let them do what they want, or do you make that one operation available to them? SETUID bit like /bin/ping or sudo itself? That being said, I'd also use sudo unless the usage is so frequent that the constant password typing becomes a pain. SETUID enables it for everyone, not just the user in question. You can set sudo to allow specified commands to be executed without a password. -- Neil Bothwick Everything should be made as simple as possible, but no simpler. signature.asc Description: PGP signature
Re: [gentoo-user] {OT} Are push backups flawed?
On 11/11/2011 12:55 PM, Grant wrote: The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. If I run a pull-style layout and the backup server is compromised, the attacker would have root read access to each of the 3 machines, but the attacker would already have access to backups from each of the 3 machines stored on the backup server itself so that's not really an issue. I would also have the added inconvenience of using openvpn or ssh -R for my laptop so the backup server can pull from it through any router. If an attacker can read the entire filesystem, he'll gain full root privileges quickly.
Re: [gentoo-user] UEFI specification
2011/11/12 James wirel...@tampabay.rr.com: Here is a quick description of how Redmond intends to taint the bios on new products: http://www.linuxjournal.com/content/linux-heavyweights-develop-secure-boot-strategy So, recently I took a live-dvd-11.2 into Costco to check out a new HP laptop (DV7-6178US). It would not boot the DVD. How can I research if the UEFI bios is the issue? In the past the live gentoo dvds have booted up most every (new) laptop I have tested. Sure I can purchase the laptop, bring it home and hack on it, but, it would be much more straight forward if there was a list of UEFI infected computers somewhere. (any lists?) I do not want to waste my time on a laptop that has this MS tainted bios. Methods and ideas to flush this out, before purchase are most welcome? Is it possible that some windows 7 laptops have the UEFI bios? UEFI only boots 64bit OS. 32bit OS should be loaded via BIOS emulation mode. So, if the pre-installed windows is 32bit. the UEFI must not be tainted. I usually prefer a dual boot laptop, with doz and gentoo, but that looks like a fading option these days.? James
[gentoo-user] Cannot start up KDE desktop Environment
I have cost eight hours and forty minutes in installing KDE Meta. When I wake up this morning it has done. But when I startx, it can't work, output messages are below: xauth: file /root/.serverauth. ( is changed each time I use startx) does not exist /etc/X11/xinit/xserverrc : line2 : /usr/bin/X No such file or directory /etc/X11/xinit/xserverrc : line2 : exec /usr/bin/X : Cannot execute : No such file or directory xinit : giving up xinit: unable to connect to X server : Connection refused xinit : server error I gotta to tell you that I'm not going to recompile whole package in order to solve it. So if anyone could afford simple methods, I would appreciate him .
Re: [gentoo-user] Another hardware thread
On Nov 12, 2011 7:58 AM, Neil Bothwick n...@digimed.co.uk wrote: It's time for a new desktop, I'd rather the the money to Amazon or Ebuyer than the Inland Revenue. I'm currently running a Core2Duo system, but use AMD before that, so I have no real allegiances. I was thinking of something like an AMD 1100T 6 core CPU, the new Bulldozers are expensive and initial reports are not that promising, but an Intel that gives the same bang per buck would do. I'm thinking Gigabyte for motherboard, based on comments made here in similar threads (like the one Dale started a while ago). I need lots of SATA ports (fortunately, I bought a pair of 2TB drives a fortnight ago, just before the prices went ballistic). I'm not a gamer, but I want a system with plenty of grunt. Video performance is not critical, on board would suffice, except I need something with dual output to drive two monitors. Do any of the onboard jobbies do this or is a separate Nvidia still the best option? AFAIK onboards very rarely have support for dual monitor. Besides, having a separate somewhat-beefier GPU might be usable in some cases. For instance, Ubuntu's Unity and Windows' Aero both rely on GPU to do their eye candy stuff. C'mon, don't be stingy... spare one PCIe slot for a graphic card :-) Thoughts would be welcome, and please feel free to start your own ATI vs Nvidia and AMD vs Intel flamewars. OK, I'd rather you didn't, but I'm not about to waste electrons asking for the impossible :) Honestly, I hate Intel for their tendency to confuse people with their CPU features (e.g., I must be doubly sure if a new processor supports VT-x). But then again, AMD still has no answer for Intel's *Bridge juggernaut. Horrible times :-( Rgds,
Re: [gentoo-user] Cannot start up KDE desktop Environment
2011/11/11 Lavender lavender_mat...@163.com: I have cost eight hours and forty minutes in installing KDE Meta. When I wake up this morning it has done. But when I startx, it can't work, output messages are below: xauth: file /root/.serverauth. ( is changed each time I use startx) does not exist /etc/X11/xinit/xserverrc : line2 : /usr/bin/X No such file or directory /etc/X11/xinit/xserverrc : line2 : exec /usr/bin/X : Cannot execute : No such file or directory xinit : giving up xinit: unable to connect to X server : Connection refused xinit : server error I gotta to tell you that I'm not going to recompile whole package in order to solve it. So if anyone could afford simple methods, I would appreciate him . Install kdm, modify /etc/conf.d/xdm, test it using /etc/init.d.xdm start and turn kdm on permanently with rc-update good luck, Mark
Re: [gentoo-user] Cannot start up KDE desktop Environment
2011/11/11 Lavender lavender_mat...@163.com: I have cost eight hours and forty minutes in installing KDE Meta. When I wake up this morning it has done. But when I startx, it can't work, output messages are below: xauth: file /root/.serverauth. ( is changed each time I use startx) does not exist /etc/X11/xinit/xserverrc : line2 : /usr/bin/X No such file or directory /etc/X11/xinit/xserverrc : line2 : exec /usr/bin/X : Cannot execute : No such file or directory xinit : giving up xinit: unable to connect to X server : Connection refused xinit : server error I gotta to tell you that I'm not going to recompile whole package in order to solve it. So if anyone could afford simple methods, I would appreciate him . The problem is that X is not installed. to install X, edit /etc/make.conf and add VIDEO_CARDS=your video card here and emerge xorg-server or emerge xorg-x11 to get X -- No trees were harmed in the sending of this message. However, a large number of electrons were terribly inconvenienced.
Re: [gentoo-user] {OT} Are push backups flawed?
The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. If I run a pull-style layout and the backup server is compromised, the attacker would have root read access to each of the 3 machines, but the attacker would already have access to backups from each of the 3 machines stored on the backup server itself so that's not really an issue. I would also have the added inconvenience of using openvpn or ssh -R for my laptop so the backup server can pull from it through any router. If an attacker can read the entire filesystem, he'll gain full root privileges quickly. So if I push, I don't really have backups because anyone who breaks into the backed-up system can delete all of its backups like this: rdiff-backup --remove-older-than 1s backup@12.34.56.78::/path/to/backup And if I pull, none of my backed-up systems are secure because anyone who breaks into the backup server has root read privileges on every backed-up system and will thereby gain full root privileges quickly. - Grant
Re:Re: [gentoo-user] Cannot start up KDE desktop Environment
Install kdm, modify /etc/conf.d/xdm, test it using /etc/init.d.xdm start and turn kdm on permanently with rc-update good luck, Mark Ah,thank you ! It seems that what I worried about would not happen :-)
Re:Re: [gentoo-user] Cannot start up KDE desktop Environment
The problem is that X is not installed. to install X, edit /etc/make.conf and add VIDEO_CARDS=your video card here and emerge xorg-server or emerge xorg-x11 to get X Thanks, I hope it is all right without errors .
Re: [gentoo-user] mobo replaced; eth0 fails
On Fri, Nov 11 2011, Allan Gottlieb wrote: My dell laptop E6510 had its motherboard replaced (as it turned out, for no good reason) and now the wired ethernet fails. Thank you florian, alan, michael, and mick. This list is one of gentoo's strongest advantages. To summarize the responses and my actions. 1. Indeed the system had assigned the new wired ethernet device a new name (eth2, my wireless is eth1, previous wired was eth0). 2. /etc/udev/rules.d/persistent-net.rules does tell the story. This file ensures that the same PHYSICAL device keeps the same name. Once you change the hardware, the same logical device (in my case wired ethernet) gets a new permanent name. 3. Some advised blowing away .../persistent-net.rules. I chose to modify it so that the new device is now eth0 and the old device is gone. Thank you again. The result was error solved and knowledge gained. allan
[gentoo-user] Re: how to get rid of kernel modules?
On 11/11/2011 08:14 AM, Pandu Poluan wrote: On Nov 11, 2011 11:02 AM, Nikos Chantziaras rea...@arcor.de mailto:rea...@arcor.de wrote: On 11/11/2011 04:16 AM, Walter Dnes wrote: On Thu, Nov 10, 2011 at 07:51:04PM +0100, Jarry wrote Hi, during testing I compiled kernel with some modules (make make modules_install). Now I deactivated module-support and compiled everything in kernel. On this very same topic, there's one module I can't seem to get rid of. At the end of every make, I see stuff like... Kernel: arch/x86/boot/bzImage is ready (#2) Building modules, stage 2. MODPOST 1 modules CC drivers/scsi/scsi_wait_scan.mod.o LD [M] drivers/scsi/scsi_wait_scan.ko Then make modules_install spits out... [i3][root][/usr/src/linux] make modules_install INSTALL drivers/scsi/scsi_wait_scan.ko DEPMOD 2.6.39-gentoo-r3 *BUT*, it doesn't seem to be running... [i3][root][/usr/src/linux] lsmod Module Size Used by I can't seem to find where in the make menuconfig process it's selected. I don't want to edit my .config directly. What gives? This module cannot be disabled. The function of this module is a bit special and unlike other modules. Its job is to stall the boot process of the kernel until the SCSI drivers have finished scanning all their buses. That's the only thing this module does. It's not a driver and does not offer any kind of functionality; it's just a handbrake, and when that job is finished (SCSI drivers finished scanning) it's no longer needed. It is used by initrd scripts. If you don't use modules in initrd, then this module is not used at all. Also, it *needs* to be loaded as a module and can't be built into the kernel, since it stalls the boot process as soon as its loaded. It cannot be disabled. This is a conscious decision by upstream and not an oversight. The rationale is that there's nothing to gain by disabling it while it can be vital for people using initrd. So short answer: ignore it. Or simply delete it. Isn't there a selection in make menuconfig asynchronous scsi scan (or something like that)? There is. But scsi_wait_scan.ko will still be built.
Re: [gentoo-user] [OT] Binary install distro
Neil Bothwick wrote: On Fri, 11 Nov 2011 21:10:27 +0100, Lorenzo Bandieri wrote: Yes, Alan, you're right, I'm on a single-user machine. I apologize, I should have made it clear. Indeed, I can see that in a multi-users machine sudo is useful. I just don't agree on the Ubuntu policy of using sudo instead of root by default, assuming that it provides more security. Ubuntu is designed for Linux newbies, those conditioned to the Windows way of working. Give them a root password and they will soon get fed up with typing it whenever they need to do $something and just log into the desktop as root. It is easy enough to enable root access in Ubuntu, but you do have to work out how to break it for yourself. I worked it out then. lol Dale :-) :-)
[gentoo-user] Re: how can I disable renaming of root fs to /dev/root?
On 11/11/2011 07:37 PM, Jarry wrote: Hi, this is actually not problem but rather a matter of customs: My new fresh installed system shows root-fs in df as /dev/root, not actuall device (in my case /dev/md2). I think I coud get used to it, but some software still needs /dev/md2 (i.e. lilo), other does not find /dev/md2 anymore and needs /dev/root to work properly (i.e. monit). Moreover, in /etc/fstab I still have to use /dev/md2 as root filesystem, while /etc/mtab shows only /dev/root. I do not like such a mess and I'd like to put it in rather consistent state where root filesystem has always the same and only name. /dev/root *is* always the same and only name. It's always /dev/root. That makes is the only and same everywhere :-/
Re: [gentoo-user] [OT] Binary install distro
Neil Bothwick wrote: On Fri, 11 Nov 2011 14:19:45 -0600, Dale wrote: Mine is a single user machine both for me and my brother. That said, if I did have other users on my machine, they wouldn't even be in the wheel group so sudo wouldn't happen either. They would be able to do user things but nothing else. What happens when there is that one thing they need to do that needs root privileges? Do you give them the root password and let them do what they want, or do you make that one operation available to them? I would do it myself. I don't let anyone mess with my OS. I might let someone surf the net with my rig or use OOo or something but not the OS itself. They would get over it I'm sure. lol Dale :-) :-)
[gentoo-user] Re: UEFI specification
On 11/11/2011 11:45 PM, James wrote: Here is a quick description of how Redmond intends to taint the bios on new products: http://www.linuxjournal.com/content/linux-heavyweights-develop-secure-boot-strategy So, recently I took a live-dvd-11.2 into Costco to check out a new HP laptop (DV7-6178US). It would not boot the DVD. How can I research if the UEFI bios is the issue? By asking HP about it. They have customer support.
Re: [gentoo-user] Re: [OT] Binary install distro
Neil Bothwick wrote: On Fri, 11 Nov 2011 17:40:26 -0600, Dale wrote: The next thing you do is configure it to boot into text mode with all the kernel messages visible. Then you've got something that's almost tolerable. cough cough Care to share how you did that little trick? I like to see the stuff scrolling up myself. Hold Shift during boot to bring up the GRUB menu, press E to edit, remove the splash and quiet options and press Ctrl-X to boot. It's almost the same as legacy GRUB, with just enough changes to confuse people :( Tp make it permanent, edit /etc/default/grub, remove the splash and quiet options, save the file and run grub2-mkconfig (or the wrapper script that Ubuntu provide, update-grub?). Is there a way after the install to add a Windoze OS to grub and all? I unplugged the windoze drive to make sure it didn't mess that up OR I mess up something. So, grub, or some bootloader, is installed on the wrong drive in this case. Plug the drive back in and run grub2-mkconfig. It will generate a new menu with a Windows option. No manual editing needed. Oh no. It can't be that easy. O_O I'm going to screw something up you watch. lol Dale :-) :-) Oh, how do I boot it the first time tho? When I plug the windoze drive up, there won't be a grub. Yet anyway. Hm.
Re: [gentoo-user] {OT} Are push backups flawed?
On Nov 12, 2011 9:29 AM, Grant emailgr...@gmail.com wrote: The problem with my current push-style layout is that if one of the 3 machines is compromised, the attacker can delete or alter the backup of the compromised machine on the backup server. I can rsync the backups from the backup server to another machine, but if the backups are deleted or altered on the backup server, the rsync'ed copy on the next machine will also be deleted or altered. If I run a pull-style layout and the backup server is compromised, the attacker would have root read access to each of the 3 machines, but the attacker would already have access to backups from each of the 3 machines stored on the backup server itself so that's not really an issue. I would also have the added inconvenience of using openvpn or ssh -R for my laptop so the backup server can pull from it through any router. If an attacker can read the entire filesystem, he'll gain full root privileges quickly. So if I push, I don't really have backups because anyone who breaks into the backed-up system can delete all of its backups like this: rdiff-backup --remove-older-than 1s backup@12.34.56.78::/path/to/backup Write a daemon that immediately create hardlinks of the backed-up files in a separate folder. Thus, even if rdiff decides to unlink everything, your data are safe thanks to the nature of hardlinks. Optionally, have the same daemon tarball the files (via the hardlinks) if you deem the revision 'permanent'. And if I pull, none of my backed-up systems are secure because anyone who breaks into the backup server has root read privileges on every backed-up system and will thereby gain full root privileges quickly. IMO that depends on whether you also backup the authentication-related files or not. Exclude them from backup, ensure different root passwords for all boxes, and now you can limit the infiltration. Rgds,
Re: [gentoo-user] {OT} Are push backups flawed?
On Nov 12, 2011 2:17 AM, Florian Philipp li...@binarywings.net wrote: Just an illustration: My employer will soon do a PoC/Live Demo of this product: http://www.atempo.com/products/liveBackup/features.asp Only an 'agent' lives inside the employee's workstation. It pushes all writes to certain folders to the server, and able to request 'reverts' to their local copy, but the server's archives are immutable. Unfortunately, said product only supports Windows and Macs. I'm still on the lookout for something similar for Linux. (For pure text files, a git/mercurial server would be enough, though.) Rgds, Isn't Bacula something like this? http://www.bacula.org/en/dev-manual/main/main/What_is_Bacula.html#SECTION0022 Hint: File server actually is the client that is backed up. Thanks! I knew someone has created something similar for Linux, but the name escaped my mind :-) Rgds,
Re: [gentoo-user] Re: [OT] Binary install distro
On Fri, Nov 11, 2011 at 9:05 PM, Dale rdalek1...@gmail.com wrote: Neil Bothwick wrote: On Fri, 11 Nov 2011 17:40:26 -0600, Dale wrote: The next thing you do is configure it to boot into text mode with all the kernel messages visible. Then you've got something that's almost tolerable. cough cough Care to share how you did that little trick? I like to see the stuff scrolling up myself. Hold Shift during boot to bring up the GRUB menu, press E to edit, remove the splash and quiet options and press Ctrl-X to boot. It's almost the same as legacy GRUB, with just enough changes to confuse people :( Tp make it permanent, edit /etc/default/grub, remove the splash and quiet options, save the file and run grub2-mkconfig (or the wrapper script that Ubuntu provide, update-grub?). Is there a way after the install to add a Windoze OS to grub and all? I unplugged the windoze drive to make sure it didn't mess that up OR I mess up something. So, grub, or some bootloader, is installed on the wrong drive in this case. Plug the drive back in and run grub2-mkconfig. It will generate a new menu with a Windows option. No manual editing needed. Oh no. It can't be that easy. O_O I'm going to screw something up you watch. lol Dale :-) :-) Oh, how do I boot it the first time tho? When I plug the windoze drive up, there won't be a grub. Yet anyway. Hm. Boot off the Ubuntu disc and chroot to the new install to run the commands. -- No trees were harmed in the sending of this message. However, a large number of electrons were terribly inconvenienced.
Re: [gentoo-user] {OT} Are push backups flawed?
On 11/11/2011 09:22 PM, Grant wrote: So if I push, I don't really have backups because anyone who breaks into the backed-up system can delete all of its backups like this: rdiff-backup --remove-older-than 1s backup@12.34.56.78::/path/to/backup And if I pull, none of my backed-up systems are secure because anyone who breaks into the backup server has root read privileges on every backed-up system and will thereby gain full root privileges quickly. It's a false dichotomy[1], but sums up the trade-off between those two options well enough. The last hacker who tried to delete everything on my system was a 5.25in floppy. So, I'm biased towards the other case. [1] Third option: choose push or pull, and ALSO make off-site read-only backups of the backup server every once in a while.
Re: [gentoo-user] {OT} Are push backups flawed?
On 11/11/2011 10:20 PM, Pandu Poluan wrote: And if I pull, none of my backed-up systems are secure because anyone who breaks into the backup server has root read privileges on every backed-up system and will thereby gain full root privileges quickly. IMO that depends on whether you also backup the authentication-related files or not. Exclude them from backup, ensure different root passwords for all boxes, and now you can limit the infiltration. If you're pulling to the backup server, that backup server has to be able to log in to and read all files on the other servers. Including e.g. your swap partition and device files.
Re: [gentoo-user] Another hardware thread
On Nov 11, 2011 9:13 PM, Pandu Poluan pa...@poluan.info wrote: On Nov 12, 2011 7:58 AM, Neil Bothwick n...@digimed.co.uk wrote: It's time for a new desktop, I'd rather the the money to Amazon or Ebuyer than the Inland Revenue. I'm currently running a Core2Duo system, but use AMD before that, so I have no real allegiances. I was thinking of something like an AMD 1100T 6 core CPU, the new Bulldozers are expensive and initial reports are not that promising, but an Intel that gives the same bang per buck would do. I'm thinking Gigabyte for motherboard, based on comments made here in similar threads (like the one Dale started a while ago). I need lots of SATA ports (fortunately, I bought a pair of 2TB drives a fortnight ago, just before the prices went ballistic). I'm not a gamer, but I want a system with plenty of grunt. Video performance is not critical, on board would suffice, except I need something with dual output to drive two monitors. Do any of the onboard jobbies do this or is a separate Nvidia still the best option? AFAIK onboards very rarely have support for dual monitor. Besides, having a separate somewhat-beefier GPU might be usable in some cases. For instance, Ubuntu's Unity and Windows' Aero both rely on GPU to do their eye candy stuff. The ATI chipsets handle it fine. Well, the DVI and HDMI outputs can be used at same time. I *think* I used the VGA, DVI and HDMI at the same time.
Re: [gentoo-user] {OT} Are push backups flawed?
On Nov 12, 2011 11:23 AM, Michael Orlitzky mich...@orlitzky.com wrote: On 11/11/2011 10:20 PM, Pandu Poluan wrote: And if I pull, none of my backed-up systems are secure because anyone who breaks into the backup server has root read privileges on every backed-up system and will thereby gain full root privileges quickly. IMO that depends on whether you also backup the authentication-related files or not. Exclude them from backup, ensure different root passwords for all boxes, and now you can limit the infiltration. If you're pulling to the backup server, that backup server has to be able to log in to and read all files on the other servers. Including e.g. your swap partition and device files. Again, that's a matter of implementation. If the server doesn't access the client's filesystem directly but via an agent (Bacula does this, for instance), the server's access will be limited to what the agent provides. Rgds,