Re: [gentoo-user] [OT] Digital signatures
On Friday 20 Jan 2012 07:57:38 Frank Steinmetzger wrote: On Thu, Jan 19, 2012 at 01:22:50PM -0600, Paul Hartman wrote: On 1/19/2012 11:32 AM, Chris Walters wrote: On 1/19/2012 11:57 AM, Frank Steinmetzger wrote: On Thu, Jan 19, 2012 at 12:53:07AM -0600, Dale wrote: While on this subject, sort of. Who on here as their email set up to encrypt and decrypt emails? I want to test some things OFF LIST. Well, if you had signed your mail, then I could write you encrypted. :) This is a test. Enigmail has been trying to use a revoked and expired key to sign my messages, lately. Chris Looks good to me, at least based on what's presently available in the keyservers. Hm... I seem to be too dumb. Mutt tells me that the msg is signed, but doesn't tell me by whom (I know that I need to have the public key in my keyring to see a name, but it doesn't even tell me the key ID). Saving the whole mail to a file and verifying the sig doesn't work either, that too is obvious because 1) only the text is signed, not the rest of the mail and b) the signed stuff and the sig need to be two different files for gpg --verify to work. So I saved the signature.asc and the text separately. Now verification works and I see a key ID, but using gpg --search key ID doesn't find the given key on the server. GPGing was much easier when KMail still worked. ^^ Yes, I dabbled with mutt but I found the gpg and s/mime rather cranky compared with the super-smooth integration of kmail and kgpg. Unfortunately with kdepim-4.7 the whole kmail experience has been a rather unpleasant one for me. :( -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] S.O.P.A and P.I.P.A and the blackout.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 1/20/2012 02:57 AM, Frank Steinmetzger wrote: On Thu, Jan 19, 2012 at 01:22:50PM -0600, Paul Hartman wrote: On 1/19/2012 11:32 AM, Chris Walters wrote: This is a test. Enigmail has been trying to use a revoked and expired key to sign my messages, lately. Chris Looks good to me, at least based on what's presently available in the keyservers. Hm... I seem to be too dumb. Mutt tells me that the msg is signed, but doesn't tell me by whom (I know that I need to have the public key in my keyring to see a name, but it doesn't even tell me the key ID). Saving the whole mail to a file and verifying the sig doesn't work either, that too is obvious because 1) only the text is signed, not the rest of the mail and b) the signed stuff and the sig need to be two different files for gpg --verify to work. So I saved the signature.asc and the text separately. Now verification works and I see a key ID, but using gpg --search key ID doesn't find the given key on the server. GPGing was much easier when KMail still worked. ^^ Hmmm... Have you tried running 'gpg -k | less' and searching for either Christopher Walters or the keyid: EF9C0F58. If my key is not in your public keys, that would explain the problem identifying who signed the message. It sounds like it might be a problem with Mutt not importing the key, though I could be wrong. I only dabbled with Mutt a while ago, and now I don't even have an email client set up on my Gentoo system. This time, I'll include my key with the message, so it will have the key. Chris -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJPGSihAAoJEFHj8CHvnA9Yh9YP/jYpE9mnf2iCY3ihJ3JkVFQ9 Z4t89c+lBnPqaPs2aGoSbjOMcoWziU1f8adoKXv4DxPFNArX1Qgk+VKbt0GN91D7 L+WFdA7Tn/qZi9WfvhmpMFrA2e73OwOq+vUPLhh6cspRULwXx505VXlcv9QStuFf CfP1rA5WCU9zhikTwPgChZbiDwEZtfe7A8ypybdudHCeygPHQGBHuMV8Qt88inH6 dQIpH/5n1qimCtgQ+3qlVjordo9CU0FhklfhWT5n+zZhjlVOco8By68mISZjsLyH g3LHzWnAeLI6G5tJ/wXVyFKCIaQTDsGMijqJA9ChEfO0M/wbiX4X+3yy8QxYUzsz NgKDSqyYpdPVOdmwCvWgZ66epmZXOWWGWqZp5IVrvGTc+SXzrl6GBAosUdTeGk46 KKiNA9WQ7jasBYZvw21vYar1UxUG5UApMfSQmvmUPoJLjq8r4Ngh29Ed8MX83dSO INDBpHQQ1X2QsLmY8PdA2/BxQ74Zu00DuK8W/ng2ujcpVNLcZOfKYdoCTB4dP8mk jWpyK6D4+ogDrr+OQ7E9+oeIqku6IdNNRU50/86MgsoGwQTzprY+wauFNigh7sjF ZfLTGxtjnZqend6buRenKz6sgKKqpl9mOxpLkrIxpRp3wwpNSSzT7mVoxLeV5IW9 YTMfanz4zXaoDYC/tAbD =1iC+ -END PGP SIGNATURE- 0xEF9C0F58.asc Description: application/pgp-keys --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 120119-2, 01/19/2012 Tested on: 1/20/2012 3:41:09 AM avast! - copyright (c) 1988-2012 AVAST Software. http://www.avast.com
Re: [gentoo-user] S.O.P.A and P.I.P.A and the blackout.
Paul Hartman wrote: On Thursday, January 19, 2012, Dale rdalek1...@gmail.com mailto:rdalek1...@gmail.com wrote: I don't have mine set up to sign them all. I did a couple to see if it worked or not. Whenever I sign a message, it asks for the password. It is quite a long password and I don't want to type it in every time I send something. If you use gpg-agent (and configure Enigmail to use it), it will remember that you already entered your passphrase for some amount of time, so you don't need to keep reentering it over and over during the same session. Well, I dug around and found a time out setting. It is set to 5 minutes. At least I know I can change it or get er done in 5 minutes or less. Oooops. get er done may violate SOPA. Am I going to jail? ROFL Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n
Re: [gentoo-user] Portage option --changed-use not working?
Hilco Wijbenga wrote: On 19 January 2012 19:25, Dale rdalek1...@gmail.com wrote: Hilco Wijbenga wrote: On 19 January 2012 17:38, Dale rdalek1...@gmail.com wrote: Hilco Wijbenga wrote: On 19 January 2012 16:05, Dale rdalek1...@gmail.com wrote: Well, the USE flag got changed. Isn't that what -N is supposed to do? -N == --newuse not --changed-use :-) It's exactly for this reason that I use --changed-use and not --newuse. See the man page for the details. Well, sort of seems like about the same. The dev changed the USE flag, it is changed, portage sees it was changed, portage wants to recompile it with the new/changed flags. I'm not exactly clear on the difference between newuse and changed-use. If you enable a USE flag, it is changed. If you disable a USE flag, it is changed. If a new flag comes along and it is different than the last install, then it can be either a new flag or a changed flag. It should recompile either way. The point here is that a USE flag was removed but it wasn't enabled anyway. So no recompile necessary. Which is what --changed-use is supposed to be for (as I understand the man page). Maybe there is some subtle difference somewhere that I am missing. Which is why I included what it says in the man page and then referred you to said man page... ;-) Well, when I did mine, it showed up as a change. It was in yellow. Maybe your system was different or something. Nope, same here. And obviously there was a change: a flag was removed. But, again, my understanding of --changed-use (as opposed to --newuse) is that it should have prevented the reinstall. Most man pages are Greek. My Greek is not real good. :-) I don't think they're quite that bad although I agree that you sometimes sort of already need to know where to look. Sometimes my problem is it is like shooting skeet, it's a moving target. Sometimes it moves pretty darn fast too. Zac adds it faster than I can keep up. I wish they would announce new stuff when it get released, both unstable and stable. Then again, maybe it moves so fast he can't keep up either. lol Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n
[gentoo-user] after world update cxfe will not emerge
Hi. I just did a world update using unstable gentoo and my preserved-rebuild wants me to emerge cxfe, but cxfe will not emerge. I get the following: post.c: In function ?pplugin_parse_and_load?: post.c:106:5: warning: implicit declaration of function ?xine_strdupa? post.c:131:6: warning: ?xine_xmalloc? is deprecated (declared at /usr/include/xine/xineutils.h:136) post.c:137:6: warning: ?xine_xmalloc? is deprecated (declared at /usr/include/xine/xineutils.h:136) post.c: In function ?_pplugin_join_deinterlace_and_post_elements?: post.c:344:5: warning: ?xine_xmalloc? is deprecated (declared at /usr/include/xine/xineutils.h:136) post.c: In function ?pplugin_parse_and_load?: post.c:106:17: warning: ?post_chain? may be used uninitialized in this function x86_64-pc-linux-gnu-gcc -Wall -O2 -mtune=core2 -pipe -ggdb `xine-config --cflags` -c -o termio/getch2.o termio/getch2.c xine-config is DEPRECATED. Use pkg-config instead. x86_64-pc-linux-gnu-gcc -Wall -Wl,-O1 -Wl,--as-needed cxfe.o post.o termio/getch2.o `xine-config --libs` -L/usr/X11R6/lib -lXext -lxine -lncurses -lm -lXext \-lX11 -lX11 -o cxfe xine-config is DEPRECATED. Use pkg-config instead. cxfe.o: In function `cxfe_run_x11': /var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:1018: undefined reference to `xine_gui_send_vo_data' /var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:991: undefined reference to `xine_gui_send_vo_data' cxfe.o: In function `main': /var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:1288: undefined reference to `xine_gui_send_vo_data' /var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:1289: undefined reference to `xine_gui_send_vo_data' cxfe.o: In function `cxfe_run_x11': /var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:860: undefined reference to `xine_gui_send_vo_data' post.o: In function `pplugin_parse_and_load': /var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/post.c:106: undefined reference to `xine_strdupa' collect2: ld returned 1 exit status I emerged xine-lib again, but no joy. Any assistance would be appreciated. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
Re: [gentoo-user] Portage option --changed-use not working?
On Fri, 20 Jan 2012 03:07:18 -0600, Dale wrote: Sometimes my problem is it is like shooting skeet, it's a moving target. Sometimes it moves pretty darn fast too. Zac adds it faster than I can keep up. I wish they would announce new stuff when it get released, both unstable and stable. Then again, maybe it moves so fast he can't keep up either. lol --changed-use has been around for many years. -- Neil Bothwick *Libra*: /(Sept 23--Oct 23)/ An unfortunate typo on your application results in your being accepted into the Legion Of Superherpes. signature.asc Description: PGP signature
Re: [gentoo-user] Portage option --changed-use not working?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Neil Bothwick wrote: On Fri, 20 Jan 2012 03:07:18 -0600, Dale wrote: Sometimes my problem is it is like shooting skeet, it's a moving target. Sometimes it moves pretty darn fast too. Zac adds it faster than I can keep up. I wish they would announce new stuff when it get released, both unstable and stable. Then again, maybe it moves so fast he can't keep up either. lol --changed-use has been around for many years. It sounds like the way it works has changed tho. I don't think I have used that option before so I don't know how it used to work. I think the OP thinks the same. Something changed I guess. We all know that after the build output disappeared a while back. Dale :-) :-) - -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8ZPTkACgkQiBoxVpK2GMDCMQCfUzkiAiQpKZsfWzDyDKe2PEfS BJYAoLIpyMzkteuaTauSAgVY/Eh7YotY =WNq0 -END PGP SIGNATURE-
Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?
On 2012-01-19 5:32 PM, Mick michaelkintz...@gmail.com wrote: On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote: On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafltansta...@libertytrek.org wrote: I have a reasonable grasp of how to use IP addresses etc with IPv4, but every time I start rading about IPv6 I get a headache... Does anyone know of a decent tutorial written specifically to those who have an ok (but not hugely in-depth) understanding of IPv4, and doesn't get bogged down in too many technical details, but simply explains what you need to know to be able to transition to it and use it effectively *and securely* - and/or how *not* to have to expose your entire private network to the world (what IPv4 NAT protects you from)? I've been doing IPv6 presentations at LUGs and tech cons, and I'm getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty sure I'm also not the most knowledgeable on this list wrt IPv6, either. Still, what would you like to know? (I can use your questions as fodder and experience for future presentations. ^^) Now that IPv6 is enabled by default on Linux, is one meant to duplicate all the IPv4 iptable rules also for IPv6? I'm using arno ip tables and from what I saw in the config file it is either 4 or 6 that one can activate. Perhaps this has improved with later versions. That was the very first question (and headache) I got from looking at this. The OP would probably have more questions, but if you ever pull together a pack of slides I would much appreciate a link to look at them. I really wouldn't know where to start... that is why I was looking for a decent tutorial that covered the topic in total, so I could hopefully get to the point that I *could* ask some intelligent questions about it... One very general question I have is, how can you - or even *can* you - hide all of your internal devices from the outside world, similar to how the use of 'private' IP's behind a NAT'd firewall are hidden from the outside world (nor directly accessible). I definitely do *not* want all of my internal devices directly accessible from the internet.
Re: [gentoo-user] S.O.P.A and P.I.P.A and the blackout.
On 2012-01-19 5:42 PM, Alan McKinnon alan.mckin...@gmail.com wrote: There's no known way to decrypt a mail like that without the single private key needed (this works exactly like https traffic to your bank). I feel very confident saying no known way as cracking that puzzle has been the Holy Grail of maths prizes for 40 years and no-one has announced success. Seeing as mathematicians are a vain lot, and the one that accomplishes this feat with be showered with honour and glory for all time (making Einstein look like a child), it's a safe assumption that it hasn't been done yet. Heh - yeah, *loved* the movie 'Sneakers'... Setec Astronomy == Too Many Secrets
Re: [gentoo-user] Portage option --changed-use not working?
On Fri, 20 Jan 2012 04:08:57 -0600, Dale wrote: Sometimes my problem is it is like shooting skeet, it's a moving target. Sometimes it moves pretty darn fast too. Zac adds it faster than I can keep up. I wish they would announce new stuff when it get released, both unstable and stable. Then again, maybe it moves so fast he can't keep up either. lol --changed-use has been around for many years. It sounds like the way it works has changed tho. I don't think I have used that option before so I don't know how it used to work. I think the OP thinks the same. Something changed I guess. We all know that after the build output disappeared a while back. It hasn't changed and generally works as expected. I suspect this is specific to the KDE ebuilds (or eclass). changed-use should only skip an ebuild with changed flags if re-emerging would produce exactly the same code as before, this may not be the case. For example, in some ebuilds, it is the absence of a USE flag that triggers an extra configure option, so removing that use flag would give the same code as if the package had been emerged with it enabled. Something like this happened recently with the nls flag on glibc. -- Neil Bothwick Idaho - It's not the end of the world, but you can see it from there. signature.asc Description: PGP signature
Re: [gentoo-user] Portage option --changed-use not working?
Neil Bothwick wrote: On Fri, 20 Jan 2012 04:08:57 -0600, Dale wrote: Sometimes my problem is it is like shooting skeet, it's a moving target. Sometimes it moves pretty darn fast too. Zac adds it faster than I can keep up. I wish they would announce new stuff when it get released, both unstable and stable. Then again, maybe it moves so fast he can't keep up either. lol --changed-use has been around for many years. It sounds like the way it works has changed tho. I don't think I have used that option before so I don't know how it used to work. I think the OP thinks the same. Something changed I guess. We all know that after the build output disappeared a while back. It hasn't changed and generally works as expected. I suspect this is specific to the KDE ebuilds (or eclass). changed-use should only skip an ebuild with changed flags if re-emerging would produce exactly the same code as before, this may not be the case. For example, in some ebuilds, it is the absence of a USE flag that triggers an extra configure option, so removing that use flag would give the same code as if the package had been emerged with it enabled. Something like this happened recently with the nls flag on glibc. I'll take your word for it. ;-) Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n
Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?
Tanstaafl tansta...@libertytrek.org wrote: On 2012-01-19 5:32 PM, Mick michaelkintz...@gmail.com wrote: On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote: On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafltansta...@libertytrek.org wrote: I have a reasonable grasp of how to use IP addresses etc with IPv4, but every time I start rading about IPv6 I get a headache... Does anyone know of a decent tutorial written specifically to those who have an ok (but not hugely in-depth) understanding of IPv4, and doesn't get bogged down in too many technical details, but simply explains what you need to know to be able to transition to it and use it effectively *and securely* - and/or how *not* to have to expose your entire private network to the world (what IPv4 NAT protects you from)? I've been doing IPv6 presentations at LUGs and tech cons, and I'm getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty sure I'm also not the most knowledgeable on this list wrt IPv6, either. Still, what would you like to know? (I can use your questions as fodder and experience for future presentations. ^^) Now that IPv6 is enabled by default on Linux, is one meant to duplicate all the IPv4 iptable rules also for IPv6? I'm using arno ip tables and from what I saw in the config file it is either 4 or 6 that one can activate. Perhaps this has improved with later versions. That was the very first question (and headache) I got from looking at this. The OP would probably have more questions, but if you ever pull together a pack of slides I would much appreciate a link to look at them. I really wouldn't know where to start... that is why I was looking for a decent tutorial that covered the topic in total, so I could hopefully get to the point that I *could* ask some intelligent questions about it... One very general question I have is, how can you - or even *can* you - hide all of your internal devices from the outside world, similar to how the use of 'private' IP's behind a NAT'd firewall are hidden from the outside world (nor directly accessible). I definitely do *not* want all of my internal devices directly accessible from the internet. I saw something on the shorewall.org site which was an introduction to ipv6 -- look in the documentation area. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
[gentoo-user] For those who complain
For those who complain about default portage behavior: It changes constantly. If you can't accept the bleeding edge behavior, you're probably using the wrong distro. There are always going to be changes. Some you don't like, some you say oh gosh, finally!. For the latter, I cheer, for former, I work around. EMERGE_DEFAULT_OPTS is your friend. For those who complain about not knowing something was added/removed/changed. Most packages do a decent job of providing good ChangeLogs, either from Gentoo or upstream. It's not Gentoo's responsibility to make you read them. It's like reading the fine print. Yet you can't complain that it's not there if it's in the fine print. Some say there should be more announcements for changes, yet others say there are too many announcements and important stuff gets lost. One man's trash is another man's treasure. There just doesn't exist a sweet spot that will satisfy everyone. For those who complain about man pages being too cryptic/incomplete/etc. Man pages have pretty much always been designed to be reference manuals. The key word is reference. They are not guides, they are not tutorials. They are more suited for I know this library provides a function to do *this* but I don't know the function's signature. They are less suited for I don't know how to do *this*. There are other resources for the latter. And if there are not, that's not the fault of the man page. But in my experience, and I'm sure I'm not alone on this, most people who complain about man pages are those who don't bother, or at least put *very* little effort, to *read* the man pages. For those who complain Why do I have to compile all this stuff to get X?: Why are you using Gentoo? For those who complain about bugs/regressions: Why do you use software? For those who complain about software/features needed/unwanted/changed in a way you disagree with: Where is your patch? For those who have genuine technical questions; for those who can provide answers to those questions w/o being overly critical; for those who give back by submitting bug reports, patches, ideas, praise: Thank you. Gentoo is a rainbow with no end and no pot of gold. -a
[gentoo-user] Re: Link-local ipv6 address in /etc/hosts? in browsers?
On 2012-01-19, Michael Mol mike...@gmail.com wrote: Do you really want that much broadcast and wide multicast (think DNS-SD and NTP in multicast mode) traffic on the same Ethernet segment? That bit I don't understand. ??It's no worse that ARP, and we seem to live with that quite easily. Not just arp, but actual broadcast/multicast data. If you've ever run PulseAudio and enabled network sources and sinks on a couple boxes, you might have accidentally discovered an easy way to bring a wireless network to its knees. And that's just something I've had personal experience with. Come to think of it, that's a good reason I should continue to keep my home wired and wireless networks on separate subnets, and not simply bridged as I'd done at the time. I don't understand what that has to do with L-L address support in applications. -- Grant Edwards grant.b.edwardsYow! Youth of today! at Join me in a mass rally gmail.comfor traditional mental attitudes!
[gentoo-user] [OT] IPv6 usage patterns (static, DHCPv6, RA, mDNS, ?)
As you may have gathered from my posts yesterday, I'm working on adding IPv6 to an embedded device (actually a family of serial device servers). I've got the device working fine with link-local addressing, but I'm not sure what the next phase should be. While some of our customers are asking for IPv6 support, I'm pretty sure almost none of those asking are actually using IPv6 nor do they have any plans to do so in the near future. They're either trying to satisfy a feature checklist handed down from on high (where somebody read an airline magazine article about IPv6), or they think that maybe, someday, somehow, IPv6 might be useful (but they have no idea when or how). It is unheard of for these devices to have a routable address, and they're often on small networks that have no connectivity to the outside world at all. Very occasionally they will be accessed via a corporate WAN that involves routing betwen multple subnets. But, they are pretty much never accessed from The Internet nor do they access The Internet. The existing devices are used probably half the time with Ethernet MAC addressing only (no IP). When they're used with IPv4 it's 99% static addressing with the other 1% using DHCP. It's also probably relevent that the devices doesn't use a DNS server. Judging by the lack of support in many apps, I'm assuming people aren't going to be using IPv6 link-local addressing (though it corresponds very nicely to our currently common use-case involving MAC addressing). What I'm wondering about is what are the most likely use cases for IPv6 address configuration? 1) Almost all our customers who are using IPv4 use static addressing. Do people configure static IPv6 addresses in devices? 2) Is IPv6 router announcement sufficient for some common use cases? 3) Is DHPCv6 commonly used? 4) The device doesn't use DNS and doesn't have a hostname, so there's nothing to do regarding mDNS, right? I think I have to implment someting besides link-local addressing, and I'm wondering what... -- Grant Edwards grant.b.edwardsYow! I don't understand at the HUMOUR of the THREE gmail.comSTOOGES!!
Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?
On 01/20/12 05:07, Tanstaafl wrote: On 2012-01-19 5:32 PM, Mick michaelkintz...@gmail.com wrote: On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote: On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafltansta...@libertytrek.org wrote: I have a reasonable grasp of how to use IP addresses etc with IPv4, but every time I start rading about IPv6 I get a headache... Does anyone know of a decent tutorial written specifically to those who have an ok (but not hugely in-depth) understanding of IPv4, and doesn't get bogged down in too many technical details, but simply explains what you need to know to be able to transition to it and use it effectively *and securely* - and/or how *not* to have to expose your entire private network to the world (what IPv4 NAT protects you from)? I've been doing IPv6 presentations at LUGs and tech cons, and I'm getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty sure I'm also not the most knowledgeable on this list wrt IPv6, either. Still, what would you like to know? (I can use your questions as fodder and experience for future presentations. ^^) Now that IPv6 is enabled by default on Linux, is one meant to duplicate all the IPv4 iptable rules also for IPv6? I'm using arno ip tables and from what I saw in the config file it is either 4 or 6 that one can activate. Perhaps this has improved with later versions. That was the very first question (and headache) I got from looking at this. The OP would probably have more questions, but if you ever pull together a pack of slides I would much appreciate a link to look at them. I really wouldn't know where to start... that is why I was looking for a decent tutorial that covered the topic in total, so I could hopefully get to the point that I *could* ask some intelligent questions about it... One very general question I have is, how can you - or even *can* you - hide all of your internal devices from the outside world, similar to how the use of 'private' IP's behind a NAT'd firewall are hidden from the outside world (nor directly accessible). I definitely do *not* want all of my internal devices directly accessible from the internet. If you want a good place to start, try Mark Newton's AusCERT IPv6 talk. http://risky.biz/AusCERT-Newton It's not exactly laymen, but I still recommend it. It's a good talk taking your IPv4 knowledge and comparing it to the IPv6 equivalents, and brings up some good general ideas that make you think of IPv6 in a practical sense. Unfortunately I haven't found a video version of it. :( I've done a hand full of IPv6 conversions, small to medium networks, I'd be willing to answer some questions if you need help. As for your general question, the short answer is you can't. If you need internet access, then you will have to have public IPs. Question: Why do you want to hide internal devices? I don't expect an answer, this is something you should ask yourself. Is it to protect running services from attack/discovery? Great, that's what your firewall is for, so you don't need to worry about private addresses. Another option is to deploy IPSec for internal services, this would hide internal services even from hosts on the private address space unless they are trusted though IPSec rules. Is it to hide the actual devices? or your network architecture/topology? Scanning for host discovery in IPv6 is not feasible. Consider how big IPv6 is. A typical host discovery scan on an IPv4 private network can be done in a few hours. Given a (really fast) average host discovery of 1000 hosts a second, lets apply some math to your internal IPv6 range. We'll compare both ::/64 and ::/48, which amounts to 2^64 and 2^80 addresses. Your host discovery scan would take between 600 million, and 38 trillion years to check each IP. If you still want private addresses, IPv6 has unique local addresses (fc00::/7 range, http://www.sixxs.net/tools/grh/ula/ has a reg form to help assign a /48 to you). But since there's no address translation, your stuck running dual networks for everything that needs a private address and internet access. It's not entirely a bad thing, but it can be a long tedious process, and some software sucks at it (mysqld). Hope that helps. Chris
[gentoo-user] Re: Portage option --changed-use not working?
On Thu, 19 Jan 2012 21:25:31 -0600 Dale rdalek1...@gmail.com wrote: Most man pages are Greek. My Greek is not real good. Maybe you've got LINGUAS set incorrectly. ;) Quoting the relevant bit again, the --changed-use option does not trigger reinstallation when flags that the user has not enabled are added or removed. kdeenablefinla was a flag the user (me or Hilco) had *not* enabled, so that option should *not* have triggered reinstallation. FWIW, there is discussion of the issue of triggering needless reinstalls on the dev list now because of kdeenablefinal, buried in the thread [gentoo-commits] gentoo-x86 commit in sys-libs/glibc: It's mixed in with arguing about changing USE flags on stable ebuilds. --changed-use isn't mentioned, instead --exclude=kde-base/* is recommended, and they are talking about mentioning --exclude in the --newuse section of the man page. I'm not filing a --changed-use bug or posting in the dev list because of Medico's IMO rather prickly attitude about this kind of thing. He says in this case: The fact is, the user is not being forced to rebuild anything. They can simply run full system updates with --newuse less often if it puts too much strain on them. Lest I seem ungrateful, let me be clear I do appreciate the tons of work he's put into portage for many years.
[gentoo-user] Re: Portage option --changed-use not working?
On Fri, 20 Jan 2012 12:06:22 + Neil Bothwick n...@digimed.co.uk wrote: I suspect this is specific to the KDE ebuilds (or eclass). changed-use should only skip an ebuild with changed flags if re-emerging would produce exactly the same code as before, this may not be the case. For example, in some ebuilds, it is the absence of a USE flag that triggers an extra configure option, so removing that use flag would give the same code as if the package had been emerged with it enabled. Something like this happened recently with the nls flag on glibc. Ah, that makes sense -- thanks. (And now I wish I'd read the entire thread in dev before I posted a few minutes ago.) IMO, the man page's section on --changed-use should say what you've just said rather than what it says now.
[gentoo-user] Strange outbound requests
My firewall is blocking periodic outbound connections to port 3680 on a Rackspace IP. How can I find out more about what's going on? Maybe which program is generating the connection requests? - Grant
Re: [gentoo-user] Re: Portage option --changed-use not working?
»Q« wrote: On Thu, 19 Jan 2012 21:25:31 -0600 Dale rdalek1...@gmail.com wrote: Most man pages are Greek. My Greek is not real good. Maybe you've got LINGUAS set incorrectly. ;) Quoting the relevant bit again, the --changed-use option does not trigger reinstallation when flags that the user has not enabled are added or removed. kdeenablefinla was a flag the user (me or Hilco) had *not* enabled, so that option should *not* have triggered reinstallation. FWIW, there is discussion of the issue of triggering needless reinstalls on the dev list now because of kdeenablefinal, buried in the thread [gentoo-commits] gentoo-x86 commit in sys-libs/glibc: It's mixed in with arguing about changing USE flags on stable ebuilds. --changed-use isn't mentioned, instead --exclude=kde-base/* is recommended, and they are talking about mentioning --exclude in the --newuse section of the man page. I'm not filing a --changed-use bug or posting in the dev list because of Medico's IMO rather prickly attitude about this kind of thing. He says in this case: The fact is, the user is not being forced to rebuild anything. They can simply run full system updates with --newuse less often if it puts too much strain on them. Lest I seem ungrateful, let me be clear I do appreciate the tons of work he's put into portage for many years. Well, I'm like this. I had to emerge those packages because of the USE flag doing whatever you want to call it. Then a couple days later, I had to do it again for another reason. I posted this on -dev that I wish they could have done both changes at the same time and someone else posted about the same thing. That is a wish tho, nothing else. No harm, nothing broke or blew up. My biggest thing tho, I want a sane system that works. Sometimes that means compiling software several times. If that is the case, then fine because I get what I want. I used to run emerge -uv world for my updates. Sometimes that lead to issues. Something changed and software would no longer work correctly or was buggy or something. So, I added options until I could get a sane system. I ended up with this boatload of settings: emerge --jobs=10 --backtrack=30 --keep-going --verbose --newuse --oneshot --quiet-build=n --with-bdeps=y --deep world or some package here Lets also not forget the revdep-rebuild command either. That thing grew over time. Thing is, my system works pretty darn well. That's what I wanted. This is also why I built a nice rig to do this on too. I built my rig from parts with a AMD 4 core CPU running at 3.2Ghz, 16Gbs of ram with portages work directory on tmpfs and plenty of drive space. I also have one heck of a CPU cooler and a super nice case with lots of fans. All this because I know Gentoo requires lots of compiling. The comment about man pages being Greek was sort of a old saying for when you read something but it doesn't help or don't understand it. I could have said that it was in French, Russian or any other language that I don't speak. Sort of like a joke. As everyone knows, there is always a workaround for things but you also have to pick and chose your settings. I recently added --oneshot because sometime back things started getting added to the world file even if it was just a request for a upgrade of the package. I didn't know that was changed and neither did some other folks. I had to go clean up my world file and I think others did the same. Sometimes I wonder if I should freeze portage version in place, read the man page and get everything set like I EXPECT then stick with it for a good long while. Thing is, Zac adds some really neat stuff and most everything is really nice. Sometimes things sort of surprise me, like adding packages to the world file when you only want a upgrade, but still, he does make emerge do some neato things. So, I may disagree with Zac on some things and I usually point that out but I to am grateful for what he does cause he does some really neat things. I also read somewhere that portage was a bit of a mess when he started. I think all coders say that since everyone has their own style but still, he has brought portage forward to say it lightly. We should all be supportive of that. I know I am. I even said that when the build output change discussion was going on. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n
[gentoo-user] Re: Portage option --changed-use not working?
On Fri, 20 Jan 2012 10:53:32 -0600 »Q« boxc...@gmx.net wrote: I'm not filing a --changed-use bug or posting in the dev list because of Medico's IMO rather prickly attitude about this kind of thing. He says in this case: The fact is, the user is not being forced to rebuild anything. They can simply run full system updates with --newuse less often if it puts too much strain on them. Lest I seem ungrateful, let me be clear I do appreciate the tons of work he's put into portage for many years. And I probably owe him an apology for pulling a quote out of context.
Re: [gentoo-user] Strange outbound requests
On 20 January 2012, at 18:34, Grant wrote: My firewall is blocking periodic outbound connections to port 3680 on a Rackspace IP. How can I find out more about what's going on? Maybe which program is generating the connection requests? Uh, a packet sniffer? I have an old laptop here that I have a second (cardbus) network card in. Really cheap and cheerful - the sort of thing you can pick up on freecycle. It's been a while since I've done anything like this, but you should be able to stick a box like that between the router and the rest of your network, run Wireshark and filter on that port. If the connection is encrypted then at least you'll see the originating IP. I don't think it's relevant that the IP belongs to Rackspace - don't they just hire (virtual) servers to anyone that wants one? Stroller.
Re: [gentoo-user] Strange outbound requests
My firewall is blocking periodic outbound connections to port 3680 on a Rackspace IP. How can I find out more about what's going on? Maybe which program is generating the connection requests? Uh, a packet sniffer? I have an old laptop here that I have a second (cardbus) network card in. Really cheap and cheerful - the sort of thing you can pick up on freecycle. It's been a while since I've done anything like this, but you should be able to stick a box like that between the router and the rest of your network, run Wireshark and filter on that port. If the connection is encrypted then at least you'll see the originating IP. I've actually got the originating local IP from the shorewall log. I'm just trying to figure out which program and maybe which user on that system is generating the outbound requests to port 3680. Is there any way to get more info without setting up a new box? I don't think it's relevant that the IP belongs to Rackspace - don't they just hire (virtual) servers to anyone that wants one? Yeah I just meant the request could be going to anyone. - Grant
[gentoo-user] Re: after world update cxfe will not emerge
On 01/20/2012 01:15 AM, cov...@ccs.covici.com wrote: Hi. I just did a world update using unstable gentoo and my preserved-rebuild wants me to emerge cxfe, but cxfe will not emerge. I get the following: /var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:1018: undefined reference to `xine_gui_send_vo_data' I emerged xine-lib again, but no joy. I have xine-lib-1.2.0-r1 installed and it doesn't define any symbols containing the word gui. Do you have xine-ui installed?
Re: [gentoo-user] Strange outbound requests
On Friday 20 Jan 2012 19:18:59 Grant wrote: My firewall is blocking periodic outbound connections to port 3680 on a Rackspace IP. How can I find out more about what's going on? Maybe which program is generating the connection requests? Uh, a packet sniffer? I have an old laptop here that I have a second (cardbus) network card in. Really cheap and cheerful - the sort of thing you can pick up on freecycle. It's been a while since I've done anything like this, but you should be able to stick a box like that between the router and the rest of your network, run Wireshark and filter on that port. If the connection is encrypted then at least you'll see the originating IP. I've actually got the originating local IP from the shorewall log. I'm just trying to figure out which program and maybe which user on that system is generating the outbound requests to port 3680. Is there any way to get more info without setting up a new box? I don't think it's relevant that the IP belongs to Rackspace - don't they just hire (virtual) servers to anyone that wants one? Yeah I just meant the request could be going to anyone. - Grant Are you running NPDS in your LAN and is it configured to access any sites on rackspace? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?
On Fri, Jan 20, 2012 at 6:07 AM, Tanstaafl tansta...@libertytrek.org wrote: On 2012-01-19 5:32 PM, Mick michaelkintz...@gmail.com wrote: On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote: On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafltansta...@libertytrek.org wrote: I have a reasonable grasp of how to use IP addresses etc with IPv4, but every time I start rading about IPv6 I get a headache... Does anyone know of a decent tutorial written specifically to those who have an ok (but not hugely in-depth) understanding of IPv4, and doesn't get bogged down in too many technical details, but simply explains what you need to know to be able to transition to it and use it effectively *and securely* - and/or how *not* to have to expose your entire private network to the world (what IPv4 NAT protects you from)? I've been doing IPv6 presentations at LUGs and tech cons, and I'm getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty sure I'm also not the most knowledgeable on this list wrt IPv6, either. Still, what would you like to know? (I can use your questions as fodder and experience for future presentations. ^^) Now that IPv6 is enabled by default on Linux, is one meant to duplicate all the IPv4 iptable rules also for IPv6? I'm using arno ip tables and from what I saw in the config file it is either 4 or 6 that one can activate. Perhaps this has improved with later versions. That was the very first question (and headache) I got from looking at this. The OP would probably have more questions, but if you ever pull together a pack of slides I would much appreciate a link to look at them. I really wouldn't know where to start... that is why I was looking for a decent tutorial that covered the topic in total, so I could hopefully get to the point that I *could* ask some intelligent questions about it... One very general question I have is, how can you - or even *can* you - hide all of your internal devices from the outside world, similar to how the use of 'private' IP's behind a NAT'd firewall are hidden from the outside world (nor directly accessible). I definitely do *not* want all of my internal devices directly accessible from the internet. Use a firewall on your router. My home firewall disallows incoming connections, except to ports/hosts I designate. If you want to avoid an external host from knowing your internal hosts' IP addresses, you can use IPv6 privacy extensions. With these, a machine has several temporary IP addresses and one permanent IP address. It will prefer using its temporary IP addresses for outbound connections. If you want to go further, you can use DHCPv6 to prevent hosts from autoconfiguring global-scope addresses. -- :wq
Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?
On Fri, Jan 20, 2012 at 6:07 AM, Tanstaafl tansta...@libertytrek.org wrote: On 2012-01-19 5:32 PM, Mick michaelkintz...@gmail.com wrote: On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote: On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafltansta...@libertytrek.org wrote: I have a reasonable grasp of how to use IP addresses etc with IPv4, but every time I start rading about IPv6 I get a headache... Does anyone know of a decent tutorial written specifically to those who have an ok (but not hugely in-depth) understanding of IPv4, and doesn't get bogged down in too many technical details, but simply explains what you need to know to be able to transition to it and use it effectively *and securely* - and/or how *not* to have to expose your entire private network to the world (what IPv4 NAT protects you from)? I've been doing IPv6 presentations at LUGs and tech cons, and I'm getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty sure I'm also not the most knowledgeable on this list wrt IPv6, either. Still, what would you like to know? (I can use your questions as fodder and experience for future presentations. ^^) Now that IPv6 is enabled by default on Linux, is one meant to duplicate all the IPv4 iptable rules also for IPv6? I'm using arno ip tables and from what I saw in the config file it is either 4 or 6 that one can activate. Perhaps this has improved with later versions. That was the very first question (and headache) I got from looking at this. The OP would probably have more questions, but if you ever pull together a pack of slides I would much appreciate a link to look at them. I really wouldn't know where to start... that is why I was looking for a decent tutorial that covered the topic in total, so I could hopefully get to the point that I *could* ask some intelligent questions about it... I *highly* recommend Hurricane Electric's IPv6 certification process. It takes you from newbie status up through operating servers on IPv6. https://ipv6.he.net/certification/ -- :wq
Re: [gentoo-user] For those who complain
Albert W. Hopkins wrote: For those who complain about default portage behavior: It changes constantly. If you can't accept the bleeding edge behavior, you're probably using the wrong distro. There are always going to be changes. Some you don't like, some you say oh gosh, finally!. For the latter, I cheer, for former, I work around. EMERGE_DEFAULT_OPTS is your friend. For those who complain about not knowing something was added/removed/changed. Most packages do a decent job of providing good ChangeLogs, either from Gentoo or upstream. It's not Gentoo's responsibility to make you read them. It's like reading the fine print. Yet you can't complain that it's not there if it's in the fine print. Some say there should be more announcements for changes, yet others say there are too many announcements and important stuff gets lost. One man's trash is another man's treasure. There just doesn't exist a sweet spot that will satisfy everyone. For those who complain about man pages being too cryptic/incomplete/etc. Man pages have pretty much always been designed to be reference manuals. The key word is reference. They are not guides, they are not tutorials. They are more suited for I know this library provides a function to do *this* but I don't know the function's signature. They are less suited for I don't know how to do *this*. There are other resources for the latter. And if there are not, that's not the fault of the man page. But in my experience, and I'm sure I'm not alone on this, most people who complain about man pages are those who don't bother, or at least put *very* little effort, to *read* the man pages. For those who complain Why do I have to compile all this stuff to get X?: Why are you using Gentoo? For those who complain about bugs/regressions: Why do you use software? For those who complain about software/features needed/unwanted/changed in a way you disagree with: Where is your patch? For those who have genuine technical questions; for those who can provide answers to those questions w/o being overly critical; for those who give back by submitting bug reports, patches, ideas, praise: Thank you. Gentoo is a rainbow with no end and no pot of gold. -a And sometimes those people are finding problems. This is from -dev: On 01/20/2012 10:28 AM, Hilco Wijbenga wrote: I'd like to chime in here. I started a thread on gentoo-user (Portage option --changed-use not working?) pretty much about this. I use --changed-use instead of --newuse to get the advantages of a fully up-to-date system without the unnecessary churn. From the man page I understand that (part of) the idea behind --changed-use is to *not* rebuild packages where an unused/disabled USE flag is dropped. Which ought to apply to kdeenablefinal, right? It seems my understanding is incorrect because I see --new-use + --exclude is being recommended, not --changed-use. Would somebody please set me straight? You've found a bug. It's fixed in git now: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=a77292d37e3c2604479514abed2dda64dabace25 As a workaround, you can add --binpkg-respect-use=n to your options. -- Thanks, Zac So, it was a bug and Zac is fixing it. Sometimes when people complain, it is because something is not working as it should. Also, complaining is sometimes beneficial. It's how things get improved. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n
Re: [gentoo-user] Portage option --changed-use not working?
Hilco Wijbenga wrote: Hi all, In man emerge I read: --changed-use Tells emerge to include installed packages where USE flags have changed since installation. This option also implies the --selective option. Unlike --newuse, the --changed-use option does not trigger reinstallation when flags that the user has not enabled are added or removed. So I always include --changed-use when upgrading @world. But with the removal of kdeenablefinal I now get 150 reinstalls with changed-use. This seems to be contradicting the man page? Or am I misunderstanding things? Or did I misconfigure something? To be clear, I have never enabled kdeenablefinal. The full command I usually run is emerge --verbose --deep --with-bdeps=y --complete-graph --update --changed-use --keep-going world should that be relevant. Cheers, Hilco To update, it appears this was a bug and Zac has fixed it. This is from -dev: On 01/20/2012 10:28 AM, Hilco Wijbenga wrote: I'd like to chime in here. I started a thread on gentoo-user (Portage option --changed-use not working?) pretty much about this. I use --changed-use instead of --newuse to get the advantages of a fully up-to-date system without the unnecessary churn. From the man page I understand that (part of) the idea behind --changed-use is to *not* rebuild packages where an unused/disabled USE flag is dropped. Which ought to apply to kdeenablefinal, right? It seems my understanding is incorrect because I see --new-use + --exclude is being recommended, not --changed-use. Would somebody please set me straight? You've found a bug. It's fixed in git now: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=a77292d37e3c2604479514abed2dda64dabace25 As a workaround, you can add --binpkg-respect-use=n to your options. -- Thanks, Zac So, it will work like it should pretty soon. Things are getting better. Gentoo has been doing that for years anyway. lol Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n
[gentoo-user] Re: For those who complain
On 01/20/2012 10:51 PM, Dale wrote: Albert W. Hopkins wrote: [...] And sometimes those people are finding problems. Please don't feed the troll.
Re: [gentoo-user] Re: For those who complain
Nikos Chantziaras wrote: On 01/20/2012 10:51 PM, Dale wrote: Albert W. Hopkins wrote: [...] And sometimes those people are finding problems. Please don't feed the troll. Since it was fixed, I took his food bowl away. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n
Re: [gentoo-user] Strange outbound requests
My firewall is blocking periodic outbound connections to port 3680 on a Rackspace IP. How can I find out more about what's going on? Maybe which program is generating the connection requests? Uh, a packet sniffer? I have an old laptop here that I have a second (cardbus) network card in. Really cheap and cheerful - the sort of thing you can pick up on freecycle. It's been a while since I've done anything like this, but you should be able to stick a box like that between the router and the rest of your network, run Wireshark and filter on that port. If the connection is encrypted then at least you'll see the originating IP. I've actually got the originating local IP from the shorewall log. I'm just trying to figure out which program and maybe which user on that system is generating the outbound requests to port 3680. Is there any way to get more info without setting up a new box? I don't think it's relevant that the IP belongs to Rackspace - don't they just hire (virtual) servers to anyone that wants one? Yeah I just meant the request could be going to anyone. - Grant Are you running NPDS in your LAN and is it configured to access any sites on rackspace? -- Regards, Mick I am not running NPDS. I looked it up when I was researching port 3680 and read about it for the first time. I know which machine is making the requests. Any way to drill down further? - Grant
[gentoo-user] Resurrecting a Gentoo install
I have an old Gentoo system that hasn't been updated or used at all in at least 2 years. It's remote but I have SSH access. I've updated portage but I thought I should check with you guys before I plow ahead with emerge -DuN world. It won't be used for anything until I bring it up to speed and someone can physically log in and issue commands a couple times per week so an outage isn't the end of the world. Any advice? - Grant
Re: [gentoo-user] Resurrecting a Gentoo install
On Fri, Jan 20, 2012 at 2:37 PM, Grant emailgr...@gmail.com wrote: I have an old Gentoo system that hasn't been updated or used at all in at least 2 years. It's remote but I have SSH access. I've updated portage but I thought I should check with you guys before I plow ahead with emerge -DuN world. It won't be used for anything until I bring it up to speed and someone can physically log in and issue commands a couple times per week so an outage isn't the end of the world. Any advice? - Grant Ugh...not a fun task. First step - eix-sync then emerge -fDuN @world and see if it will fetch what you need. If it does, great. If not then you have a first look into what sort of problems you'll be dealing with. Good luck, Mark
Re: [gentoo-user] Resurrecting a Gentoo install
On Fri, 20 Jan 2012 14:37:06 -0800, Grant wrote: I have an old Gentoo system that hasn't been updated or used at all in at least 2 years. It's remote but I have SSH access. I've updated portage but I thought I should check with you guys before I plow ahead with emerge -DuN world. It won't be used for anything until I bring it up to speed and someone can physically log in and issue commands a couple times per week so an outage isn't the end of the world. Any advice? Take small steps. emerge -pv @system first and be prepared to emerge packages a few at a time. -- Neil Bothwick Top Oxymorons Number 9: Political science signature.asc Description: PGP signature
Re: [gentoo-user] Resurrecting a Gentoo install
I have an old Gentoo system that hasn't been updated or used at all in at least 2 years. It's remote but I have SSH access. I've updated portage but I thought I should check with you guys before I plow ahead with emerge -DuN world. It won't be used for anything until I bring it up to speed and someone can physically log in and issue commands a couple times per week so an outage isn't the end of the world. Any advice? Take small steps. emerge -pv @system first and be prepared to emerge packages a few at a time. Weird, it looks like portage didn't update to the latest version. emerging it again seems to want to update it again. I get this: # emerge -pv portage [snip] [ebuild NS ] dev-lang/python-2.7.2-r3 [2.5.2-r7] USE=gdbm ncurses readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6 -sqlite -tk -wininst 11,494 kB [ebuild U ] sys-apps/portage-2.1.10.41 [2.1.6.13] USE=(ipc%*) -build -doc -epydoc -python2% -python3% (-selinux) (-less%*) LINGUAS=-pl 899 kB [blocks B ] dev-lang/python:2.7 (dev-lang/python:2.7 is blocking sys-apps/portage-2.1.6.13) [blocks B ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking dev-lang/python-2.7.2-r3) I think I'll be able to resolve most stuff myself but this one is tricking me. I don't want to mess around unmerging python or portage. - Grant
Re: [gentoo-user] Resurrecting a Gentoo install
On 1/20/2012 5:37 PM, Grant wrote: I have an old Gentoo system that hasn't been updated or used at all in at least 2 years. It's remote but I have SSH access. I've updated portage but I thought I should check with you guys before I plow ahead with emerge -DuN world. It won't be used for anything until I bring it up to speed and someone can physically log in and issue commands a couple times per week so an outage isn't the end of the world. Any advice? - Grant You will likely pull in the 'new' OpenRC ebuild during your update process (sys-apps/open-rc i believe). Watch out for this! If you merge it you must make sure all your configs are up to date in /etc or your server won't come back following a restart (etc-update, dispatch-conf, etc.). You'll want to move over any settings in /etc/conf.d/rc to /etc/rc.conf. Upgrade guide: http://www.gentoo.org/doc/en/openrc-migration.xml Good luck. -- EJ e...@ejane.org
Re: [gentoo-user] Strange outbound requests
On Fri, Jan 20, 2012 at 5:32 PM, Grant emailgr...@gmail.com wrote: My firewall is blocking periodic outbound connections to port 3680 on a Rackspace IP. How can I find out more about what's going on? Maybe which program is generating the connection requests? Uh, a packet sniffer? I have an old laptop here that I have a second (cardbus) network card in. Really cheap and cheerful - the sort of thing you can pick up on freecycle. It's been a while since I've done anything like this, but you should be able to stick a box like that between the router and the rest of your network, run Wireshark and filter on that port. If the connection is encrypted then at least you'll see the originating IP. I've actually got the originating local IP from the shorewall log. I'm just trying to figure out which program and maybe which user on that system is generating the outbound requests to port 3680. Is there any way to get more info without setting up a new box? I don't think it's relevant that the IP belongs to Rackspace - don't they just hire (virtual) servers to anyone that wants one? Yeah I just meant the request could be going to anyone. - Grant Are you running NPDS in your LAN and is it configured to access any sites on rackspace? -- Regards, Mick I am not running NPDS. I looked it up when I was researching port 3680 and read about it for the first time. I know which machine is making the requests. Any way to drill down further? If the machine is running linux, then 'watch lsof -n|grep TCP|grep 3680' as root is a sloppy but effective way to find it. There's probably some way to set up a firewall rule on the host in question that logs out the user and (possibly) PID of the connection, but I don't know. If the machine is running Windows, then I'd suggest SysInternals TCPView: http://technet.microsoft.com/en-us/sysinternals/bb897437 -- :wq
Re: [gentoo-user] Resurrecting a Gentoo install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21.01.2012 00:09, Grant wrote: I have an old Gentoo system that hasn't been updated or used at all in at least 2 years. It's remote but I have SSH access. I've updated portage but I thought I should check with you guys before I plow ahead with emerge -DuN world. It won't be used for anything until I bring it up to speed and someone can physically log in and issue commands a couple times per week so an outage isn't the end of the world. Any advice? Take small steps. emerge -pv @system first and be prepared to emerge packages a few at a time. Weird, it looks like portage didn't update to the latest version. emerging it again seems to want to update it again. I get this: # emerge -pv portage [snip] [ebuild NS ] dev-lang/python-2.7.2-r3 [2.5.2-r7] USE=gdbm ncurses readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6 -sqlite -tk -wininst 11,494 kB [ebuild U ] sys-apps/portage-2.1.10.41 [2.1.6.13] USE=(ipc%*) -build -doc -epydoc -python2% -python3% (-selinux) (-less%*) LINGUAS=-pl 899 kB [blocks B ] dev-lang/python:2.7 (dev-lang/python:2.7 is blocking sys-apps/portage-2.1.6.13) [blocks B ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking dev-lang/python-2.7.2-r3) I think I'll be able to resolve most stuff myself but this one is tricking me. I don't want to mess around unmerging python or portage. - Grant You could do: emerge =dev-lang/python-2.6.7-r2 You should disable threads if it doesn't work (there is something related to it in the portage ebuild). After that, switch to python 2.6 via eselect and try to update portage. If I read the ebuilds correctly, that should work. Another possibility would be to install a 3.x version of python and switch portage to that (via the python3 useflag). I'd try the python3 approach first, since it could spare you a 2.6 install. Don't forget to run python-updater after updating everything or if you get strange (python related) errorrs in between... Good luck Hinnerk -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPGfkPAAoJEJwwOFaNFkYcr48H/iAVc/K6gOkGZ/wFewkoggWZ gKS5bRiuwWRRLBL3nRPraIlYvnfzqTTG/PLkYasFgcEeCpKE70mMcKqIvFFzt3Ab UVc5Xly8qaYUR4XUYNzz5ww9TAs6BrmYyJvxCSXdp+oiZx6RmeyuXuwFU6v04v1I QkWrVkOIOtq9YVFxgu096KiQeRzZ2m5iURgkipl8rBYNXSaKBVktuKlnS0loFUAZ rqNLs3qUuAsEmlua7KLV8LHWVfnBICuXwrgCssy+cBHJGeTUEQIyIc4lnI7Mwe2d 7GWuMTkxKfyWtChiW/hWxYv5c4lQFkP+5GIyQT64rJ7cjkufkPkkNZx7wQtszjs= =ASiv -END PGP SIGNATURE-
Re: [gentoo-user] Strange outbound requests
My firewall is blocking periodic outbound connections to port 3680 on a Rackspace IP. How can I find out more about what's going on? Maybe which program is generating the connection requests? Uh, a packet sniffer? I have an old laptop here that I have a second (cardbus) network card in. Really cheap and cheerful - the sort of thing you can pick up on freecycle. It's been a while since I've done anything like this, but you should be able to stick a box like that between the router and the rest of your network, run Wireshark and filter on that port. If the connection is encrypted then at least you'll see the originating IP. I've actually got the originating local IP from the shorewall log. I'm just trying to figure out which program and maybe which user on that system is generating the outbound requests to port 3680. Is there any way to get more info without setting up a new box? I don't think it's relevant that the IP belongs to Rackspace - don't they just hire (virtual) servers to anyone that wants one? Yeah I just meant the request could be going to anyone. - Grant Are you running NPDS in your LAN and is it configured to access any sites on rackspace? -- Regards, Mick I am not running NPDS. I looked it up when I was researching port 3680 and read about it for the first time. I know which machine is making the requests. Any way to drill down further? If the machine is running linux, then 'watch lsof -n|grep TCP|grep 3680' as root is a sloppy but effective way to find it. There's probably some way to set up a firewall rule on the host in question that logs out the user and (possibly) PID of the connection, but I don't know. All of my systems run Gentoo. :) Where does watch come from? - Grant
Re: [gentoo-user] Strange outbound requests
On Fri, Jan 20, 2012 at 5:27 PM, Michael Mol mike...@gmail.com wrote: If the machine is running linux, then 'watch lsof -n|grep TCP|grep 3680' as root is a sloppy but effective way to find it. There's probably some way to set up a firewall rule on the host in question that logs out the user and (possibly) PID of the connection, but I don't know. lsof -i is easier, it only shows network connections :) catching it when it happens (if it is very briefly connected) could be hard with lsof... Maybe setup a tarpit firewall rule on that box so the connection stays open for a long time.
Re: [gentoo-user] Resurrecting a Gentoo install
On Fri, Jan 20, 2012 at 3:09 PM, Grant emailgr...@gmail.com wrote: I have an old Gentoo system that hasn't been updated or used at all in at least 2 years. It's remote but I have SSH access. I've updated portage but I thought I should check with you guys before I plow ahead with emerge -DuN world. It won't be used for anything until I bring it up to speed and someone can physically log in and issue commands a couple times per week so an outage isn't the end of the world. Any advice? Take small steps. emerge -pv @system first and be prepared to emerge packages a few at a time. Weird, it looks like portage didn't update to the latest version. emerging it again seems to want to update it again. I get this: # emerge -pv portage [snip] [ebuild NS ] dev-lang/python-2.7.2-r3 [2.5.2-r7] USE=gdbm ncurses readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6 -sqlite -tk -wininst 11,494 kB [ebuild U ] sys-apps/portage-2.1.10.41 [2.1.6.13] USE=(ipc%*) -build -doc -epydoc -python2% -python3% (-selinux) (-less%*) LINGUAS=-pl 899 kB [blocks B ] dev-lang/python:2.7 (dev-lang/python:2.7 is blocking sys-apps/portage-2.1.6.13) [blocks B ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking dev-lang/python-2.7.2-r3) I think I'll be able to resolve most stuff myself but this one is tricking me. I don't want to mess around unmerging python or portage. - Grant OK, so the install is old and portage has dependencies, right? emerge -pvDuN portage will get you closer. However this is probably best covered using Neil's suggestion of emerge -pvDuN @system which would, if successful, update portage as well as everything else that's required to get the machine up and running. If that does work then don't forget all the eselect python gcc-config type stuff that you'll need to do to tell the system about the new environment. One little area you might want to be careful about here is grub. Best IMO if you do not update grub until you have the machine actually booting the updated environment, assuming we get that far. HTH, Mark
Re: [gentoo-user] Resurrecting a Gentoo install
Weird, it looks like portage didn't update to the latest version. emerging it again seems to want to update it again. I get this: # emerge -pv portage [snip] [ebuild NS ] dev-lang/python-2.7.2-r3 [2.5.2-r7] USE=gdbm ncurses readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6 -sqlite -tk -wininst 11,494 kB [ebuild U ] sys-apps/portage-2.1.10.41 [2.1.6.13] USE=(ipc%*) -build -doc -epydoc -python2% -python3% (-selinux) (-less%*) LINGUAS=-pl 899 kB [blocks B ] dev-lang/python:2.7 (dev-lang/python:2.7 is blocking sys-apps/portage-2.1.6.13) [blocks B ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking dev-lang/python-2.7.2-r3) I think I'll be able to resolve most stuff myself but this one is tricking me. I don't want to mess around unmerging python or portage. - Grant You could do: emerge =dev-lang/python-2.6.7-r2 You should disable threads if it doesn't work (there is something related to it in the portage ebuild). After that, switch to python 2.6 via eselect and try to update portage. If I read the ebuilds correctly, that should work. I get: # emerge -av1 =dev-lang/python-2.6.7-r2 [snip] [ebuild NS ] dev-lang/python-2.6.7-r2 [2.5.2-r7] USE=gdbm ncurses readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6 -sqlite -tk -wininst 10,840 kB [blocks B ] =dev-lang/python-2.6.6:2.6 (=dev-lang/python-2.6.6:2.6 is blocking sys-apps/portage-2.1.6.13) [blocks B ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking dev-lang/python-2.6.7-r2) Total: 6 packages (5 new, 1 in new slot), Size of downloads: 11,588 kB Conflict: 2 blocks (2 unsatisfied) * Error: The above package list contains packages which cannot be * installed at the same time on the same system. ('ebuild', '/', 'dev-lang/python-2.6.7-r2', 'merge') pulled in by =dev-lang/python-2.6.7-r2 Another possibility would be to install a 3.x version of python and switch portage to that (via the python3 useflag). I get: # emerge -av1 =dev-lang/python-3.1.4-r3 [snip] !!! All ebuilds that could satisfy =dev-lang/python-3.1.4-r3 have been masked. !!! One of the following masked packages is required to complete your request: - dev-lang/python-3.1.4-r3 (masked by: EAPI 3) The current version of portage supports EAPI '2'. You must upgrade to a newer version of portage before EAPI masked packages can be installed. - Grant
Re: [gentoo-user] Resurrecting a Gentoo install
120120 Neil Bothwick wrote: On Fri, 20 Jan 2012 14:37:06 -0800, Grant wrote: I have an old Gentoo system that hasn't been updated or used at all in at least 2 years. It's remote but I have SSH access. Take small steps. emerge -pv @system first and be prepared to emerge packages a few at a time. That's always the best way to update a Gentoo system. I've never done a simple 'emerge -??? world' hoped for the best have never run off the rails since first installing Gentoo 2003. 'emerge -Dup world' lists all the pkgs Portage wants to update shows the order in which it plans to tackle them : you can use that to do a few pkgs at a time as you do them, check the output, warnings etc. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] Strange outbound requests
On Friday 20 Jan 2012 23:34:12 Grant wrote: My firewall is blocking periodic outbound connections to port 3680 on a Rackspace IP. How can I find out more about what's going on? Maybe which program is generating the connection requests? Uh, a packet sniffer? I have an old laptop here that I have a second (cardbus) network card in. Really cheap and cheerful - the sort of thing you can pick up on freecycle. It's been a while since I've done anything like this, but you should be able to stick a box like that between the router and the rest of your network, run Wireshark and filter on that port. If the connection is encrypted then at least you'll see the originating IP. I've actually got the originating local IP from the shorewall log. I'm just trying to figure out which program and maybe which user on that system is generating the outbound requests to port 3680. Is there any way to get more info without setting up a new box? I don't think it's relevant that the IP belongs to Rackspace - don't they just hire (virtual) servers to anyone that wants one? Yeah I just meant the request could be going to anyone. - Grant Are you running NPDS in your LAN and is it configured to access any sites on rackspace? -- Regards, Mick I am not running NPDS. I looked it up when I was researching port 3680 and read about it for the first time. I know which machine is making the requests. Any way to drill down further? If the machine is running linux, then 'watch lsof -n|grep TCP|grep 3680' as root is a sloppy but effective way to find it. There's probably some way to set up a firewall rule on the host in question that logs out the user and (possibly) PID of the connection, but I don't know. All of my systems run Gentoo. :) Where does watch come from? - Grant ps axf and look at the tree that contains the PID of what lsof | grep 3680 showed. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Resurrecting a Gentoo install
OK, so the install is old and portage has dependencies, right? emerge -pvDuN portage will get you closer. However this is probably best covered using Neil's suggestion of emerge -pvDuN @system I can't even get started: # emerge -avDuN system [snip] !!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have been masked. !!! One of the following masked packages is required to complete your request: - sys-auth/pambase-20101024-r1 (masked by: EAPI 4) - sys-auth/pambase-20101024 (masked by: EAPI 3) The current version of portage supports EAPI '2'. You must upgrade to a newer version of portage before EAPI masked packages can be installed. - Grant
Re: [gentoo-user] Resurrecting a Gentoo install
On Friday 20 Jan 2012 23:53:32 Philip Webb wrote: 120120 Neil Bothwick wrote: On Fri, 20 Jan 2012 14:37:06 -0800, Grant wrote: I have an old Gentoo system that hasn't been updated or used at all in at least 2 years. It's remote but I have SSH access. Take small steps. emerge -pv @system first and be prepared to emerge packages a few at a time. That's always the best way to update a Gentoo system. I've never done a simple 'emerge -??? world' hoped for the best have never run off the rails since first installing Gentoo 2003. 'emerge -Dup world' lists all the pkgs Portage wants to update shows the order in which it plans to tackle them : you can use that to do a few pkgs at a time as you do them, check the output, warnings etc. Only to add use -1 instead of -u if you do not want these packages in your world file. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Resurrecting a Gentoo install
On 01/20/12 18:58, Grant wrote: OK, so the install is old and portage has dependencies, right? emerge -pvDuN portage will get you closer. However this is probably best covered using Neil's suggestion of emerge -pvDuN @system I can't even get started: Do you have some idea of what config files are important on the machine? You can always extract a stage3 at the root. That basically installs the latest @system for you, with the massive caveat that you won't have CONFIG_PROTECTion.
Re: [gentoo-user] Strange outbound requests
If the machine is running linux, then 'watch lsof -n|grep TCP|grep 3680' as root is a sloppy but effective way to find it. There's probably some way to set up a firewall rule on the host in question that logs out the user and (possibly) PID of the connection, but I don't know. lsof -i is easier, it only shows network connections :) catching it when it happens (if it is very briefly connected) could be hard with lsof... Maybe setup a tarpit firewall rule on that box so the connection stays open for a long time. The connections are only attempted a few times throughout the day. Is a tarpit firewall rule the only way to do this? Can anyone tell me what package 'watch' belongs to if that would work? - Grant
Re: [gentoo-user] Resurrecting a Gentoo install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21.01.2012 00:52, Grant wrote: Weird, it looks like portage didn't update to the latest version. emerging it again seems to want to update it again. I get this: # emerge -pv portage [snip] [ebuild NS ] dev-lang/python-2.7.2-r3 [2.5.2-r7] USE=gdbm ncurses readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6 -sqlite -tk -wininst 11,494 kB [ebuild U ] sys-apps/portage-2.1.10.41 [2.1.6.13] USE=(ipc%*) -build -doc -epydoc -python2% -python3% (-selinux) (-less%*) LINGUAS=-pl 899 kB [blocks B ] dev-lang/python:2.7 (dev-lang/python:2.7 is blocking sys-apps/portage-2.1.6.13) [blocks B ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking dev-lang/python-2.7.2-r3) I think I'll be able to resolve most stuff myself but this one is tricking me. I don't want to mess around unmerging python or portage. - Grant You could do: emerge =dev-lang/python-2.6.7-r2 You should disable threads if it doesn't work (there is something related to it in the portage ebuild). After that, switch to python 2.6 via eselect and try to update portage. If I read the ebuilds correctly, that should work. I get: # emerge -av1 =dev-lang/python-2.6.7-r2 [snip] [ebuild NS ] dev-lang/python-2.6.7-r2 [2.5.2-r7] USE=gdbm ncurses readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6 -sqlite -tk -wininst 10,840 kB [blocks B ] =dev-lang/python-2.6.6:2.6 (=dev-lang/python-2.6.6:2.6 is blocking sys-apps/portage-2.1.6.13) [blocks B ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking dev-lang/python-2.6.7-r2) Total: 6 packages (5 new, 1 in new slot), Size of downloads: 11,588 kB Conflict: 2 blocks (2 unsatisfied) * Error: The above package list contains packages which cannot be * installed at the same time on the same system. ('ebuild', '/', 'dev-lang/python-2.6.7-r2', 'merge') pulled in by =dev-lang/python-2.6.7-r2 Another possibility would be to install a 3.x version of python and switch portage to that (via the python3 useflag). I get: # emerge -av1 =dev-lang/python-3.1.4-r3 [snip] !!! All ebuilds that could satisfy =dev-lang/python-3.1.4-r3 have been masked. !!! One of the following masked packages is required to complete your request: - dev-lang/python-3.1.4-r3 (masked by: EAPI 3) The current version of portage supports EAPI '2'. You must upgrade to a newer version of portage before EAPI masked packages can be installed. - Grant Could you try: emerge =python-2.6.6-r2 -v1 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPGgRQAAoJEJwwOFaNFkYcz2sIAMsA6Eww2zCgRKCH1ptGxnfU q7BYe8zvpvNYe2ejedFZH1U9X42mxTFTB3qsZ8ZILClLTu7gLaXbygTJhVeFmBU+ UPXrWtAM6mQSGgdjjavLGHGj0uTr7feNHO9K8t4qYeE1ZFMFznwQPbKKlHK0/Mn5 0Fp+M6pwCR7I5kr3Fv6LsGlBtKz7iuq/a9sCUd460OMTdZOw/ie4TOlcMuM/Td95 s/kIHjT19yprGSZiWzlAW9WJcP2hmHnHLw2gHVoYRqo0eFKYoOAMgfPYz12EV3uJ a1rSWD2yTMjfUX8lKw0edREbERpyImHDH4HZuVE6Va/9ZBdMPNDUxD/SWCwugdQ= =AVYG -END PGP SIGNATURE-
Re: [gentoo-user] Resurrecting a Gentoo install
You could do: emerge =dev-lang/python-2.6.7-r2 You should disable threads if it doesn't work (there is something related to it in the portage ebuild). After that, switch to python 2.6 via eselect and try to update portage. If I read the ebuilds correctly, that should work. I get: # emerge -av1 =dev-lang/python-2.6.7-r2 [snip] [ebuild NS ] dev-lang/python-2.6.7-r2 [2.5.2-r7] USE=gdbm ncurses readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6 -sqlite -tk -wininst 10,840 kB [blocks B ] =dev-lang/python-2.6.6:2.6 (=dev-lang/python-2.6.6:2.6 is blocking sys-apps/portage-2.1.6.13) [blocks B ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking dev-lang/python-2.6.7-r2) Total: 6 packages (5 new, 1 in new slot), Size of downloads: 11,588 kB Conflict: 2 blocks (2 unsatisfied) * Error: The above package list contains packages which cannot be * installed at the same time on the same system. ('ebuild', '/', 'dev-lang/python-2.6.7-r2', 'merge') pulled in by =dev-lang/python-2.6.7-r2 Another possibility would be to install a 3.x version of python and switch portage to that (via the python3 useflag). I get: # emerge -av1 =dev-lang/python-3.1.4-r3 [snip] !!! All ebuilds that could satisfy =dev-lang/python-3.1.4-r3 have been masked. !!! One of the following masked packages is required to complete your request: - dev-lang/python-3.1.4-r3 (masked by: EAPI 3) The current version of portage supports EAPI '2'. You must upgrade to a newer version of portage before EAPI masked packages can be installed. - Grant Could you try: emerge =python-2.6.6-r2 -v1 I get the same thing unfortunately. - Grant
Re: [gentoo-user] Strange outbound requests
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21.01.2012 01:12, Grant wrote: If the machine is running linux, then 'watch lsof -n|grep TCP|grep 3680' as root is a sloppy but effective way to find it. There's probably some way to set up a firewall rule on the host in question that logs out the user and (possibly) PID of the connection, but I don't know. lsof -i is easier, it only shows network connections :) catching it when it happens (if it is very briefly connected) could be hard with lsof... Maybe setup a tarpit firewall rule on that box so the connection stays open for a long time. The connections are only attempted a few times throughout the day. Is a tarpit firewall rule the only way to do this? Can anyone tell me what package 'watch' belongs to if that would work? - Grant I get: equery b watch * Searching for watch ... net-irc/irssi-0.8.15-r1 (/usr/share/irssi/help/watch) sys-process/procps-3.2.8_p11 (/usr/bin/watch) x11-themes/gnome-themes-standard-3.3.4 (/usr/share/cursors/xorg-x11/Adwaita/cursors/watch) First and third can be ruled out, I think. So one candidate remains: sys-process/procps Available versions: 3.2.8 (~)3.2.8-r1 3.2.8-r2 (~)3.2.8_p10-r1 3.2.8_p11 {unicode} Installed versions: 3.2.8_p11(00:15:18 22.12.2011)(unicode) Homepage:http://procps.sourceforge.net/ Description: Standard informational utilities and process-handling tools -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPGghBAAoJEJwwOFaNFkYc22gH/1hx7MQb/exllk3GhkQSQes/ P6XFg/8dJy3Kag0FReAN/xN6or9SHPHXgUiVUsN+XIYV6Vt94Gbm/ZUHfwkzckJG DP3/z+pQ0E0+xle32Gabo5Hpt47chgzsThdyghVkWVefMqQdkJwJPGwHcQ3yCzC5 LIXgZzmKoPUx5I9BaFnl/KkxRGbtTDYieWdpaxkOPjHiMZ+8wDPO6XDfhSggJPdR 4hMFik2B/04s7OTlqA9Qfvk1PZszSPnFN5t4Ick1PHwi/ZesobJGR5eeBlUfq5av Y9STFvDojCAo3Mjf2IiXWCP8j8Fs9e7ToXvwmhn55t4XjS0v9Y+qhq8B3IsSl7o= =gaPQ -END PGP SIGNATURE-
Re: [gentoo-user] Strange outbound requests
On 01/20/2012 07:12 PM, Grant wrote: If the machine is running linux, then 'watch lsof -n|grep TCP|grep 3680' as root is a sloppy but effective way to find it. There's probably some way to set up a firewall rule on the host in question that logs out the user and (possibly) PID of the connection, but I don't know. lsof -i is easier, it only shows network connections :) catching it when it happens (if it is very briefly connected) could be hard with lsof... Maybe setup a tarpit firewall rule on that box so the connection stays open for a long time. The connections are only attempted a few times throughout the day. Is a tarpit firewall rule the only way to do this? Can anyone tell me what package 'watch' belongs to if that would work? `watch` isn't going to help too much unless you're looking at it. Append the output to some log file instead. I chose netstat because its output looked easier to parse with a stupid regexp. while true; do netstat -antp | grep ':993 ' mystery.log; sleep 1; done; You'll want to change the port -- I tested to make sure that was really logging my Thunderbird connections.
Re: [gentoo-user] Re: For those who complain
Gentoo is a rainbow with no end and no pot of gold. I will write that one down.. In the mean while, if you just want something that you install quickly on a small system it is really good - assuming you will update your system only 6 to 6 months ... Érico V. Porto On Fri, Jan 20, 2012 at 7:31 PM, Dale rdalek1...@gmail.com wrote: Nikos Chantziaras wrote: On 01/20/2012 10:51 PM, Dale wrote: Albert W. Hopkins wrote: [...] And sometimes those people are finding problems. Please don't feed the troll. Since it was fixed, I took his food bowl away. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n
Re: [gentoo-user] Strange outbound requests
If the machine is running linux, then 'watch lsof -n|grep TCP|grep 3680' as root is a sloppy but effective way to find it. There's probably some way to set up a firewall rule on the host in question that logs out the user and (possibly) PID of the connection, but I don't know. lsof -i is easier, it only shows network connections :) catching it when it happens (if it is very briefly connected) could be hard with lsof... Maybe setup a tarpit firewall rule on that box so the connection stays open for a long time. The connections are only attempted a few times throughout the day. Is a tarpit firewall rule the only way to do this? Can anyone tell me what package 'watch' belongs to if that would work? `watch` isn't going to help too much unless you're looking at it. Append the output to some log file instead. I chose netstat because its output looked easier to parse with a stupid regexp. while true; do netstat -antp | grep ':993 ' mystery.log; sleep 1; done; You'll want to change the port -- I tested to make sure that was really logging my Thunderbird connections. Thanks a lot. Test, working, will watch the log and report back. - Grant
Re: [gentoo-user] Strange outbound requests
On Fri, Jan 20, 2012 at 6:34 PM, Grant emailgr...@gmail.com wrote: My firewall is blocking periodic outbound connections to port 3680 on a Rackspace IP. How can I find out more about what's going on? Maybe which program is generating the connection requests? Uh, a packet sniffer? I have an old laptop here that I have a second (cardbus) network card in. Really cheap and cheerful - the sort of thing you can pick up on freecycle. It's been a while since I've done anything like this, but you should be able to stick a box like that between the router and the rest of your network, run Wireshark and filter on that port. If the connection is encrypted then at least you'll see the originating IP. I've actually got the originating local IP from the shorewall log. I'm just trying to figure out which program and maybe which user on that system is generating the outbound requests to port 3680. Is there any way to get more info without setting up a new box? I don't think it's relevant that the IP belongs to Rackspace - don't they just hire (virtual) servers to anyone that wants one? Yeah I just meant the request could be going to anyone. - Grant Are you running NPDS in your LAN and is it configured to access any sites on rackspace? -- Regards, Mick I am not running NPDS. I looked it up when I was researching port 3680 and read about it for the first time. I know which machine is making the requests. Any way to drill down further? If the machine is running linux, then 'watch lsof -n|grep TCP|grep 3680' as root is a sloppy but effective way to find it. There's probably some way to set up a firewall rule on the host in question that logs out the user and (possibly) PID of the connection, but I don't know. All of my systems run Gentoo. :) Where does watch come from? shortcircuit@saffron ~ $ equery b `which watch` /usr/lib64/portage/pym/portage/package/ebuild/config.py:353: UserWarning: 'cache.metadata_overlay.database' is deprecated: /etc/portage/modules (user_auxdbmodule, modules_file)) * Searching for /usr/bin/watch ... sys-process/procps-3.2.8_p11 (/usr/bin/watch) shortcircuit@saffron ~ $ Incidentally, does anyone know why all my portage-related executions get that 'cache.metadata_overlay.database' warning? I've been seeing it for weeks, even on fresh installs. I would have assumed a bug like that would have been fixed by now. -- :wq
Re: [gentoo-user] Strange outbound requests
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21.01.2012 02:39, Michael Mol wrote: On Fri, Jan 20, 2012 at 6:34 PM, Grant emailgr...@gmail.com wrote: My firewall is blocking periodic outbound connections to port 3680 on a Rackspace IP. How can I find out more about what's going on? Maybe which program is generating the connection requests? Uh, a packet sniffer? I have an old laptop here that I have a second (cardbus) network card in. Really cheap and cheerful - the sort of thing you can pick up on freecycle. It's been a while since I've done anything like this, but you should be able to stick a box like that between the router and the rest of your network, run Wireshark and filter on that port. If the connection is encrypted then at least you'll see the originating IP. I've actually got the originating local IP from the shorewall log. I'm just trying to figure out which program and maybe which user on that system is generating the outbound requests to port 3680. Is there any way to get more info without setting up a new box? I don't think it's relevant that the IP belongs to Rackspace - don't they just hire (virtual) servers to anyone that wants one? Yeah I just meant the request could be going to anyone. - Grant Are you running NPDS in your LAN and is it configured to access any sites on rackspace? -- Regards, Mick I am not running NPDS. I looked it up when I was researching port 3680 and read about it for the first time. I know which machine is making the requests. Any way to drill down further? If the machine is running linux, then 'watch lsof -n|grep TCP|grep 3680' as root is a sloppy but effective way to find it. There's probably some way to set up a firewall rule on the host in question that logs out the user and (possibly) PID of the connection, but I don't know. All of my systems run Gentoo. :) Where does watch come from? shortcircuit@saffron ~ $ equery b `which watch` /usr/lib64/portage/pym/portage/package/ebuild/config.py:353: UserWarning: 'cache.metadata_overlay.database' is deprecated: /etc/portage/modules (user_auxdbmodule, modules_file)) * Searching for /usr/bin/watch ... sys-process/procps-3.2.8_p11 (/usr/bin/watch) shortcircuit@saffron ~ $ Incidentally, does anyone know why all my portage-related executions get that 'cache.metadata_overlay.database' warning? I've been seeing it for weeks, even on fresh installs. I would have assumed a bug like that would have been fixed by now. You get the warning, because you hat a directory /etc/portage/modules - - simply remove it (or move it, if you are afraid to break something). -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPGhmmAAoJEJwwOFaNFkYcBFQIAJlWjVqACiqCSxwNnigFvXfa olRedLttuzZUGcJKsx59gptBeaRxSc/kQ7oEai6QSmFzY7nq5bsz3QMtJEB5QJpo rOwD844f6pKRKv4GWjCg++1W6LJJcbMs4s0TARLM1+o+uaTC8Lgb/tjdJCov6cWF Hhl/KxRpdy/mCL/QB7/kOQRL/lDryy23xoxCln8S60xzD8pWQ/HsPdMNKg2LDpOL RxKyywJQ/y35OTJU60w6vgkPhJnhQQ4WgzrruvsNCSS60t1Mr51XXdmj5ATEChCw qaxml/3x1eHc4L2j5GekjED0PL2fROOTYujoDlpuTHGTUy5tHNvww+/2upqLf9U= =t8zl -END PGP SIGNATURE-
Re: [gentoo-user] Resurrecting a Gentoo install
On Fri, 20 Jan 2012 15:58:36 -0800, Grant wrote: # emerge -avDuN system [snip] !!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have been masked. !!! One of the following masked packages is required to complete your request: - sys-auth/pambase-20101024-r1 (masked by: EAPI 4) - sys-auth/pambase-20101024 (masked by: EAPI 3) USE=-pam emerge @system will avoid that particular block, although it may only get you as far as the next one. -- Neil Bothwick C:\BELFRY is where I keep my .BAT files ^^^oo^^^ signature.asc Description: PGP signature
Re: [gentoo-user] Resurrecting a Gentoo install
# emerge -avDuN system [snip] !!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have been masked. !!! One of the following masked packages is required to complete your request: - sys-auth/pambase-20101024-r1 (masked by: EAPI 4) - sys-auth/pambase-20101024 (masked by: EAPI 3) USE=-pam emerge @system will avoid that particular block, although it may only get you as far as the next one. I seem to get an error like this from whatever I try to emerge. Is untarring a stage3 my only option? - Grant
Re: [gentoo-user] Resurrecting a Gentoo install
On 01/20/2012 09:42 PM, Grant wrote: # emerge -avDuN system [snip] !!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have been masked. !!! One of the following masked packages is required to complete your request: - sys-auth/pambase-20101024-r1 (masked by: EAPI 4) - sys-auth/pambase-20101024 (masked by: EAPI 3) USE=-pam emerge @system will avoid that particular block, although it may only get you as far as the next one. I seem to get an error like this from whatever I try to emerge. Is untarring a stage3 my only option? - Grant You don't have to do the entire stage3 at once, http://tinderbox.dev.gentoo.org/ has precompiled packages for the major arches and profiles. You could try to replace just pambase, pam, python, etc. -- whatever's giving you trouble. This was not my first recommendation because I've managed to break e.g. `tar` and `cp` before in the attempt at which point you have two rescues to attempt.
Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?
On Fri, Jan 20, 2012 at 10:45:08AM -0600, Chris Frederick wrote If you still want private addresses, IPv6 has unique local addresses (fc00::/7 range, http://www.sixxs.net/tools/grh/ula/ has a reg form to help assign a /48 to you). If it's a unique ***LOCAL*** address, then why is it a problem if multiple places on the planet use it??? Doesn't sound very local to me. Probably the easiest conversion for most people would be to do what was done with TV sets... * When analogue UHF stations first came out, you could get a translator box that had a tuner which translated UHF channels to channel 3 or 4 on your old VHF-only TV set * When non-encrypted analogue midband channels came out on cable TV, you could get a translator box that mapped cable midband channels to UHF * When ATSC (digital) broadcast TV came out, you could get a translator box that converted ATSC signals to NTSC, and fed them to your old non-digital TV set. Too bad that NAT-PT has been deprecated. It could've been the transition answer. Don't get me wrong. I agree that eventually we'll have to transition to IPV6. I held off going 64-bit on Gentoo, until I got a machine with more than 3 gigs of RAM. Similarly, one of these days, I'll eventually do an IPV6 install. What I did not appreciate was the day when the ipv6 USE flag was added as a default. I found out about it when Firefox started taking a minute or so to find sites, i.e. timing out on the IPV6 lookup before failing over to IPV4. Since that day, I start my USE flags with -* in /etc/make.conf to avoid similar surprises. -- Walter Dnes waltd...@waltdnes.org
[gentoo-user] System shuts off on boot-up
I am working on trying to get my AMD64 system back online. I recently rebuilt it (from scratch) after a very bad case of being out of date and build issues as a result (for numerous reasons). However, after I started trying to get X configured (Xorg) with the nouveau driver (I think I ran the proprietary nVidia driver before) it is now shutting off during boot-up. As the system starts to boot-up, it switches like it is going to start X - changing a video mode somehow. I don't have xdm in the runlevels yet, so it can't be starting XDM at all.This seems to happen right after udevd is started, while it waiting on the udev events. The system then just shuts off (power remain on - fans are still on, but monitors are off, and nothing responds, etc.) , and it never completes boot-up. Note: Xorg won't load yet as I am still figuring out the drivers. I'm out of my mind in trying to figure out what is wrong with the system. Ben
Re: [gentoo-user] Resurrecting a Gentoo install
# emerge -avDuN system [snip] !!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have been masked. !!! One of the following masked packages is required to complete your request: - sys-auth/pambase-20101024-r1 (masked by: EAPI 4) - sys-auth/pambase-20101024 (masked by: EAPI 3) USE=-pam emerge @system will avoid that particular block, although it may only get you as far as the next one. I seem to get an error like this from whatever I try to emerge. Is untarring a stage3 my only option? - Grant You don't have to do the entire stage3 at once, http://tinderbox.dev.gentoo.org/ has precompiled packages for the major arches and profiles. You could try to replace just pambase, pam, python, etc. -- whatever's giving you trouble. This was not my first recommendation because I've managed to break e.g. `tar` and `cp` before in the attempt at which point you have two rescues to attempt. The errors I'm getting seem to be complaining about emerging ebuilds with a higher EAPI number than my portage has. Should I just install the latest portage binary package? If so, how should I do that? - Grant
Re: [gentoo-user] Resurrecting a Gentoo install
Grant wrote: # emerge -avDuN system [snip] !!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have been masked. !!! One of the following masked packages is required to complete your request: - sys-auth/pambase-20101024-r1 (masked by: EAPI 4) - sys-auth/pambase-20101024 (masked by: EAPI 3) USE=-pam emerge @system will avoid that particular block, although it may only get you as far as the next one. I seem to get an error like this from whatever I try to emerge. Is untarring a stage3 my only option? - Grant You don't have to do the entire stage3 at once, http://tinderbox.dev.gentoo.org/ has precompiled packages for the major arches and profiles. You could try to replace just pambase, pam, python, etc. -- whatever's giving you trouble. This was not my first recommendation because I've managed to break e.g. `tar` and `cp` before in the attempt at which point you have two rescues to attempt. The errors I'm getting seem to be complaining about emerging ebuilds with a higher EAPI number than my portage has. Should I just install the latest portage binary package? If so, how should I do that? - Grant Only because I had to do this once myself. http://www.gentoo.org/proj/en/portage/doc/manually-fixing-portage.xml Hope that helps. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n