[gentoo-user] kernel 3.7 - internal 'udev'; signed lkms; file hash validation
Found this interesting: http://www.h-online.com/open/features/Kernel-Log-Coming-in-3-7-Part-3-Infrastructure-1755953.html Are there Gentoo guidelines on using these new kernel features? TIA
[gentoo-user] Re: devfs is obsolete?
On 03/14/11 20:48, walt wrote: On 03/14/2011 10:57 AM, 7v5w7go9ub0o wrote: .. FWICT, devfs mounts /dev/pts , so how do we mount /dev/pts in a post devfs world? I just deleted several paragraphs of fatherly advice from this reply after I noticed /lib/rc/init.d/started/devfs on my machine :-/ Heh! That's actually how I got into this; I was tracking down a different issue and came across devfs. I soon discovered that /etc/init.d/devfs belongs to the sys-apps/openrc package, Ah!! Thank you! Guess that's how it got back in there. which is not obsolete the way devfs is obsolete. This is what I have: #eselect rc list sysinit Init scripts to be started by runlevel sysinit devfs dmesg udev Thank you - same as mine. And I'll presume that your box will also break if you shut down devfs. Guess my next move is to Bugzilla and suggest they update the information on the two pages referenced above. Thanks again!
[gentoo-user] devfs is obsolete?
As per the http://www.gentoo.org/doc/en/devfs-guide.xml and http://www.gentoo.org/doc/en/udev-guide.xml I recompiled my kernel with pts support, installed udev, and used rc-update to remove devfs from sysinit. Everything seems to work fine, except that I can't create xterms. If I start up devfs, xterm creation is fine. FWICT, devfs mounts /dev/pts , so how do we mount /dev/pts in a post devfs world? TIA
[gentoo-user] ipv6 privacy random addresses
Have activated the privacy extensions on a dual stack (native) ipv6 configuration. A random local address is generated for each boot (for eth0). I'd like to be able to change it within a session. ip -6 address flush dev eth0; followed by /etc/init.d/net.eth0 restart; will generate a new random address (global temporary dynamic) - but one time only. So the question becomes, how could I do this repeatedly within a session? (ISTM there is a variable somewhere that limits the number of regenerations allowed - perhaps that could be tweaked? Alternatively, perhaps I could configure the /etc/conf.d/net script to assign a local ipv6 net address using random numbers generated within the net script? I'm a newbie, and would appreciate any corrections, flames and especially examples) TIA
[gentoo-user] 200-line patch to kernel = superkernel
FYI. If anyone understands the bash tweak, please explain :-) TIA 1. Original article: The ~200 Line Linux Kernel Patch That Does Wonders http://www.phoronix.com/scan.php?page=articleitem=linux_2637_videonum=1 2. The alternative (or additional) bash tweak: http://www.webupd8.org/2010/11/alternative-to-200-lines-kernel-patch.html
[gentoo-user] Re: Rooted/compromised Gentoo, seeking advice
On 08/09/10 12:25, Paul Hartman wrote: [] If anyone has advice on what I should look at forensically to determine the cause of this, it is appreciated. I'll first dig into the logs, bash history etc. and really hope that this very happened recently. Thanks for any tips and wish me good luck. :) AntiVir (Avira) anti-malware scanner has hundreds of Linux rootkit/virus signatures; you might scan your box with that. It has an on-access, realtime monitor option as well, which I use it to monitor anything downloaded and or compiled on my box (in case the distribution screen gets hacked). http://www.free-av.com/en/download/download_servers.php Presuming you're rooted, you might first try their stand-alone, linux live-disk scanner so as to avoid borked kernel and/or core utilities: http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
[gentoo-user] Re: anyone using Lilo to dual-boot ?
On 07/12/10 01:52, Philip Webb wrote: [] Is anyone successfully dual-booting Linux distros using Lilo ? Might it be ReiserFS ? -- should I re-install Ubuntu with another FS ? Hard to believe that the filesystem is causing a problem. Here's my conf (I have two kernels on the same OS; one hardened, one gentoo sources. I use an initrd only because I have loop-AES installed, and it prompts for a password): boot=/dev/sda prompt ignore-table large-memory timeout=100 default=Hard image=/boot/bzImagehard label=Hard append=ramdisk_size=290 vga=normal initrd=/boot/initrdhard.gz read-only root=/dev/sda3 image=/boot/bzImagegentoo label=Gentoo append=ramdisk_size=290 initrd=/boot/initrdgent.gz vga=normal read-only root=/dev/sda3 HTH .
[gentoo-user] Re: Fast checksumming of whole partitions
On 06/06/10 06:19, Andrea Conti wrote: 1. boot up knoppix 2. create a partition: mkdir /work 3. mount /work to the root partition: mount /dev/sdc /work 4. cd /work/usr/bin 5. run dcfldd: ./dcfldd This is fine, provided that 1- if the root partition is [part of] what you're copying, you *must* mount it read-only (mount -o ro /dev/sdc /work) Not from my experience; I simply mount, exec, and go - Works fine, be it a partition or a disk copy (though it seems likely that the last access dates would be changed if forensics is an issue). 2- the dcfldd executable is linked statically. If it uses dynamic linking, your live system -- knoppix in this case -- must have exactly the same library versions (especially glibc) as the gentoo system. Good point. I've been using a contemporary Gentoo live disk and the libraries happen to be compatible. # ldd /usr/bin/dcfldd linux-vdso.so.1 = (0x6cdd998b6000) libc.so.6 = /lib/libc.so.6 (0x6cdd99341000) /lib64/ld-linux-x86-64.so.2 (0x6cdd9969b000) Based on this thread, I'll be running my backups from a statically-linked copy of dcfldd on a jumpdisk (backup copy on the boot sector). - Any advice on the dd blocksize parameter?
[gentoo-user] Re: Fast checksumming of whole partitions
On 06/05/10 16:11, Manuel Klemenz wrote: I'm calculating checksums over partitions just by calling # md5sum /dev/sda1 or for the complete disk (incl. partition table + all partitions) # md5sum /dev/sda that's it :) - works with any distro/liveDVD Yep.. don't have to fool with an oddball program (dcfldd). So if you're dd'ing a disk, you need to: 1. dd the source to the destination. 2. md5sum the source 3. md5sum the destination. (3 passes on a big disk(s) takes a long time.) But if you use dcfldd instead of dd for the copy, then you'll get both the copy and the md5 on the first pass. 1. dcfldd the source to the destination; get the md5. 2. md5sum the destination. And if you use dcfldd instead of md5sum to run the destination hash, you can specify a large (e.g. 4 gig) blocksize - cutting back on disk I/O, wear and tear, and time required to hash the destination.
[gentoo-user] Re: Fast checksumming of whole partitions
On 06/06/10 15:47, Joerg Schilling wrote: 7v5w7go9ub0o7v5w7go9u...@gmail.com wrote: On 06/05/10 16:11, Manuel Klemenz wrote: I'm calculating checksums over partitions just by calling # md5sum /dev/sda1 or for the complete disk (incl. partition table + all partitions) # md5sum /dev/sda that's it :) - works with any distro/liveDVD Yep.. don't have to fool with an oddball program (dcfldd). So if you're dd'ing a disk, you need to: 1. dd the source to the destination. 2. md5sum the source 3. md5sum the destination. Why not just call: sdd if=/dev/something bs=1m -md5 -onull err.. what is sdd? If it is significantly faster than dd/dcfldd, then sdd may be the magic bullet! E.G. one would: 1. sdd if=/dev/something bs=xx -md5 -o /dev/somethingout 2. sdd if=/dev/somethingout bs=xx -md5 -o null Of course, one might ask, is it on Knopix?
[gentoo-user] Re: Fast checksumming of whole partitions
On 06/06/10 16:45, Andrea Conti wrote: 1- if the root partition is [part of] what you're copying, you *must* mount it read-only (mount -o ro /dev/sdc /work) Not from my experience; I simply mount, exec, and go - Works fine Let's say you are 50% done copying a partition, when something writes to it. If the write only affects the first half, which has alredy been copied, the target will consistently reflect the old state; if on the other hand the write only affects the second half, which has not been copied yet, the target will consistently reflect the new state. The problem is that with any write affecting both halves your copy will contain a mix of the two states and thus will be inconsistent. Should that happen, I certainly agree that the copies would be inconsistent... but I don't know what would cause the live OS to write anything to it (other than update the last access date/time - which occurs early on). At any rate, should that happen, the hashes would disagree and I'd reject the copy. Thus far the whole-disk hashes have always agreed Now, if this were a forensic investigation, then you're absolutely right - even updating an access time would be unacceptable; regardless that the changed source and copied destination hash the same.
[gentoo-user] Re: Fast checksumming of whole partitions
On 06/05/10 02:39, meino.cra...@gmx.de wrote: [] Is there any faster and reliable way to checksum whole paritions (not on per file base)??? FWIW, portage has a tool called dcfldd that works well for me. It is dd with the addition of: * Hashing on-the-fly - dcfldd can hash the input data as it is being transferred, helping to ensure data integrity. * Status output - dcfldd can update the user of its progress in terms of the amount of data transferred and how much longer operation will take. * Flexible disk wipes - dcfldd can be used to wipe disks quickly and with a known pattern if desired. * Image/wipe Verify - dcfldd can verify that a target drive is a bit-for-bit match of the specified input file or pattern. * Multiple outputs - dcfldd can output to multiple files or disks at the same time. * Split output - dcfldd can split output to multiple files with more configurability than the split command. * Piped output and logs - dcfldd can send all its log data and output to commands as well as files natively. e.g. when I copy my HD, I get a copy status report and hash by using the following commands: #!/bin/bash dcfldd if=/dev/sda bs=4096k sizeprobe=if status=on hashwindow=0 of=/dev/sdb dcfldd if=/dev/sdb bs=4096k sizeprobe=if status=on hashwindow=0 of=/dev/null When they've completed, I'll visually compare the two hashes (you can automate this.) You can get fancier and do the Verify instead of the hashes. HTH (p.s. Part of your answer is setting the best blocksize for dd or dcfldd. I'd presume it the smaller of your available memory, or the buffer size on your HD?.. someone please correct me on this!?)
[gentoo-user] ffmpeg threads parameter
Some ffmpeg-using applications (e.g. mplayer) allow you to pass numbers of threads (e.g. I use 6 on my Core-I7) to ffmpeg; others (e.g. chromium) do not. So I'm thinking of hardwiring a default threads number=6 into the ffmpeg source code; recompiling. Q: Has anyone done this; if so any surprises? TIA
[gentoo-user] Re: ffmpeg threads parameter
On 03/27/10 21:17, Nikos Chantziaras wrote: On 03/28/2010 02:40 AM, 7v5w7go9ub0o wrote: Some ffmpeg-using applications (e.g. mplayer) allow you to pass numbers of threads (e.g. I use 6 on my Core-I7) to ffmpeg; others (e.g. chromium) do not. First, mplayer uses its own bundled ffmpeg. It doesn't use media-video/ffmpeg at all. Furthermore, this is not what the threads USE flag does for ffmpeg. Thank you for replying!!! What would you guess the threads parameter is for ffmpeg? I've not found an explanation, and thought it might be the author catching up with Alexander Strange. http://ffmpeg.org/ffmpeg-doc.html Those applications that allow you to specify an amount of threads assume you're using ffmpeg-mt instead of normal ffmpeg. ffmpeg-mt is a fork of ffmpeg and is not in Portage because it's still considered non-stable upstream. There's an ebuild in Gentoo Bugzilla for ffmpeg-mt and an mplayer that uses ffmpeg-mt as its bundled ffmpeg version. The mt mplayer ebuild can also be found in the wirelay overlay (it's in layman.) AH! I had switched from bugzilla to the overlay for mplayer (thank you for providing it); but was unaware that ffmpeg-mt had a separate ebuild. Where is it, please? So the same question, then, for ffmpeg-mt; if I replace ffmpeg with ffmpeg-mt after setting a default of 6, can you imagine any problems (other than it is not stable)? Thanks for the help!
[gentoo-user] libvdpau (?)
I'd like to compile ffmpeg with vdpau - direct NVidia hardware acceleration. This is a configuration flag for ffmpeg. Setting the vdpau use flag seems to set the configuration flag, but also brings in the x11-libs/libvdpau libraries which I think I do not want, as my NVidia proprietary driver provides these libraries. 1. How do I enable the vdpau configuration flag for compiling ffmpeg, without bringing in x11-libs/libvdpau? (Sigh.. I suppose one work around is to bring them in, then reinstall the proprietary driver ) TIA
[gentoo-user] Re: libvdpau (?)
On 03/26/10 13:25, Kaddeh wrote: do you have VIDEO_CARDS set in your make.conf? Yes; and VIDEO_CARDS=nvidia seems to be picked up just fine. Thanks for helping.
[gentoo-user] Re: libvdpau (?)
On 03/26/10 14:29, Alex Kuster wrote: yes, because ffmpeg compiles against the shared library called vdpau to do the hardware acceleration ... so, the dependency IS necessary ... Thanks for the reply. Just downloaded the ffmpeg source distribution and FWICT, the ffmpeg source distribution includes the necessary code: ./libavcodec/vdpau.c ./libavcodec/vdpau_internal.h ./libavcodec/vdpau.h Unless there are additional snippets, it appears that ffmpeg (for one) doesn't need vdpau. [] you can use the variable EXTRA_ECONF to pass parameters to ./configure and manually add vdpau, but I don't know if there's an option to modify that on a package basis (like /etc/portage/package.use ) .. instead of a global var ... without touching ebuilds ... Didn't work; FWICT, EXTRA_ECONF provides limited function http://bugs.gentoo.org/38618 Is there a file anywhere that I can edit, which mandates that to use the vdpau use flag, I have to have the vdpau package installed? TIA
[gentoo-user] Re: libvdpau (?)
Is there a file anywhere that I can edit, which mandates that to use the vdpau use flag, I have to have the vdpau package installed? geze.. there it is in the ebuild. Removed the dependency and all compiles/works well. Thanks for the time and help!!
[gentoo-user] Re: libvdpau (?)
On 03/26/10 17:08, Paul Hartman wrote: On Fri, Mar 26, 2010 at 10:18 AM, 7v5w7go9ub0o7v5w7go9u...@gmail.com wrote: I'd like to compile ffmpeg with vdpau - direct NVidia hardware acceleration. This is a configuration flag for ffmpeg. Setting the vdpau use flag seems to set the configuration flag, but also brings in the x11-libs/libvdpau libraries which I think I do not want, as my NVidia proprietary driver provides these libraries. AFAIK Nvidia split the vdpau off into libvdpau late last year sometime. On my system I use both nvidia-drivers and libvdpau without issue. libvdpau provides libvdpau.so while nvidia-drivers provides libvdpau_nvidia.so Here are my versions: x11-libs/libvdpau-0.3-r2 x11-drivers/nvidia-drivers-195.36.15 Are you using older versions? I use ~amd64 so maybe if you run stable it has the older versions. AHA! THANKS! that explains a lot - including why they made libvdpau ebuild a requirement for ffmpeg. I didn't know that libvdpau ebuild is simply an open-source version of libvdpau.so. (The webpage describes a wrapper - duh, what's a wrapper? But I suppose that if libvdpau.so is the first in line, and subsequently loads other driver components, then it could be called a wrapper). Portage fell behind the NVidia driver releases a while back - probably before the split you described - so I then started installing drivers directly from NVidia.com, and not portage. (And NVidia continues to bundle libvdpau.so (proprietary?) along with the other components.) So when ffmpeg wanted to add a wrapper to the mix, I decided no thanks and started this thread - finally figuring out that I needed to remove the requirement from the ebuild. Having libvdpau.so, everything worked fine. Now that I know what it is, I've installed the libvdpau package and updated the portage NV drivers to current. If portage keeps current I'll use it; if portage again falls behind I should be able to use NVidia.com and ffmpeg will compile either way. Thanks again for your help.
[gentoo-user] Re: Pending layman directory relocation
On 03/01/10 18:09, Neil Bothwick wrote: On Mon, 01 Mar 2010 14:07:07 -0500, 7v5w7go9ub0o wrote: Or you can edit /var/lib/layman/make.conf and change the locations there. That didn't work for me; the current layman script still references the old location; which is why I added the soft link. You have to set the location in /etc/layman/layman.cfg. My layman directory is in neither of the locations you mention, but it works fine. Duh!! (Embarrassed) The first thing I should have looked for. Thanks. Obviously this isn't a bug, but I guess I'll send a suggestion to bugzilla to add an additional item to make the list more complete, and so that other newbies (like me) don't loose functionality. (news presently says: A) Moving 1. Move your current content to /var/lib/layman before upgrading. 3. Update PORTDIR_OVERLAY in /var/lib/layman/make.conf accordingly. 2. Make /etc/make.conf source /var/lib/layman/make.conf. additional item 4: 4. Update the /etc/layman/layman.cfg storage parameter to reflect the new location. Thanks everyone for the discussion.
[gentoo-user] Pending layman directory relocation
(this is a rather obvious fix...) eselect news has a new notice, advising of the pending change of the presumed location of the layman directory from /usr/local/portage/layman to /var/lib/layman. It offers three ways to deal with this location change. I chose alternative A. (actually moving the directory and updating make.conf and layman make.conf) and wanted to do it before I forgot about it. However, until layman is actually upgraded to version 1.3x, the script/executable will reference /usr/local/portage/layman and fail. So layman users choosing alternative A. now may want to add a step; after moving the directory, put a soft link in the /usr/local/portage pointing to the new location; i.e. cd /usr/local/portage; ln -s /var/lib/layman layman HTH
[gentoo-user] Re: Pending layman directory relocation
On 03/01/10 13:30, Tanstaafl wrote: On 2010-03-01 1:08 PM, 7v5w7go9ub0o wrote: So layman users choosing alternative A. now may want to add a step; after moving the directory, put a soft link in the /usr/local/portage pointing to the new location; i.e. cd /usr/local/portage; ln -s /var/lib/layman layman Thanks, I was planning on doing the same thing and glad to be validated... Question: the news itme also mentioned the reason as something like 'layman violates the general rule that nothing in portage should touch anything in /usr/local'... Well... my local overlays (that I set up a long time ago) are there... and portage obviously 'touches' those, so... should I move them as well? I did; I simply moved the whole layman directory. Works.
[gentoo-user] Re: Pending layman directory relocation
On 03/01/10 13:26, Nikos Chantziaras wrote: On 03/01/2010 08:08 PM, 7v5w7go9ub0o wrote: (this is a rather obvious fix...) eselect news has a new notice, advising of the pending change of the presumed location of the layman directory from /usr/local/portage/layman to /var/lib/layman. It offers three ways to deal with this location change. I chose alternative A. (actually moving the directory and updating make.conf and layman make.conf) and wanted to do it before I forgot about it. However, until layman is actually upgraded to version 1.3x, the script/executable will reference /usr/local/portage/layman and fail. So layman users choosing alternative A. now may want to add a step; after moving the directory, put a soft link in the /usr/local/portage pointing to the new location; i.e. cd /usr/local/portage; ln -s /var/lib/layman layman Or you can edit /var/lib/layman/make.conf and change the locations there. That didn't work for me; the current layman script still references the old location; which is why I added the soft link. The new 1.3x script will reference the new location. (though I suppose you could upgrade to 1.3 and avoid putting in the soft link)
[gentoo-user] Ping ElseCZ (re: Nvidia WAIT; (also KVM GPM passthrough ))
I tried to respond to your NVidia forums post; but couldn't join the forum (apparently they didn't like my gmail address). - FWIW I get that wait (WAIT (E, 0, 0x0887d, 0) ) when I activate the following kernel options: # set Bus options (PCI etc.) - Support for DMA Remapping Devices to * # set Bus options (PCI etc.) - Enable DMA Remapping Devices to * # set Bus options (PCI etc.) - PCI Stub driver to * Activating these options is prescribed by the KVM folks to allow VM access of the GPM; http://www.linux-kvm.org/page/How_to_assign_devices_with_VT-d_in_KVM - When I deactivate those options, the NV driver works fine. kernel: linux-2.6.32-gentoo-r6 (and r3) - Perhaps you could post these comments in the NV form. Perhaps you could also advise them that they might get more participation if they were a little more accessible.
[gentoo-user] Re: Sound card is only usable by one application at a time
Nikos Chantziaras wrote: You *might* want to look into OSS4 if your card is supported by it :P It will require a rebuild of many packages though (oss -alsa in make.conf) and it requires using non-portage packages from an overlay and rebuilding your kernel with sound support completely disabled. For what it's worth, that's what I use for a quite some time now. Do you see any advantage(s) to using OSS4 over alsa? e.g. 1. less distortion and/or better quality? 2. more control over the sound (e.g. equalizers)? 3. others? What about downsides? (I am presently using alsa, and intermittently have blocked sounds - guess it is due to how the app was written.) TIA
[gentoo-user] Mmplayer-1.0_rc4_p20091113 (standard or multi-thread/multi-core support)
http://bugs.gentoo.org/show_bug.cgi?id=282154 (This is the FFmpeg-mt branch which incorporates the mplayer-supported FFmpeg-mt, which speeds up the playback of 1080 H.264 files on multi-core cpus.) mplayer-1.0_rc4_p20091113.ebuild 115 new ffmpeg-mt commits since the last ebuild and latest mplayer updates from SVN (revision 29906). Thank You Nikos Chantziaras
[gentoo-user] Re: Gtk+ update results in slow Firefox
Peter Humphrey wrote: On Wednesday 04 November 2009 02:55:55 7v5w7go9ub0o wrote: NVidia updated their drivers at about the time you started having problems. Their latest driver update changed the permissions on /dev/nvidia0 nvidiactl ; resulting in VERY slow scrolling response on my box (amd64) using googleearth. Changing the permissions to crwxrw-rw- resulted in instant speed up; you may get by with r--r-- (?). I don't have that device on either of my systems using a GeForce 7300 GS. Nor can I find an nvidiactl. That device appears when you use the NV proprietary driver. There are basically three options with an NV card: - use the generic built-in driver additionally, - use the additional, open-source NV drivers. or - alternatively use the proprietary NV driver. This may be useful: http://en.gentoo-wiki.com/wiki/Nvidia FWIW, the NV drivers are blocked in portage for my hardened AMD64, so I get the drivers here: http://www.nvidia.com/object/unix.html HTH
[gentoo-user] Re: Gtk+ update results in slow Firefox
Nikos Chantziaras wrote: On 10/30/2009 10:06 PM, Nikos Chantziaras wrote: On 10/30/2009 09:39 PM, Volker Armin Hemmann wrote: On Freitag 30 Oktober 2009, Nikos Chantziaras wrote: do you have a bigger page with more scrolling showing the problem? because it seems to be fine here. http://www.kamenos.gr scrolls without any lag. Instant response. No lag at all. Even with effects turned on there is no lag. Then I wonder what's wrong here. It's so slow, that if I scroll the mouse wheel up/down quickly a few times, Firefox is still scrolling for several seconds after I stopped using the wheel, trying to catch up. Starting with a clean profile didn't help either. I've updated to Firefox 3.6 Beta (mozilla overlay) and this version restores the speed again. I guess I'll stay with this beta since (fortunately) the add-ons I use work with it. So I guess problem solved. :P Gah, the Flash plugin is very buggy with 3.6 (rendering corruption). I reverted to 3.5.4 and downgraded to Gtk+ 2.16.6 and gtkmm 2.16.0 instead. Any pointers at to what might be wrong are still welcome. Shot in the dark here. NVidia updated their drivers at about the time you started having problems. Their latest driver update changed the permissions on /dev/nvidia0 nvidiactl ; resulting in VERY slow scrolling response on my box (amd64) using googleearth. Changing the permissions to crwxrw-rw- resulted in instant speed up; you may get by with r--r-- (?). HTH
[gentoo-user] Mplayer multi-thread/multi-core ( FFmpeg-mt branch) upgrade
Speed up the playback of 1080 H.264 files in MPlayer, on multi-core cpus. Thank You, Nikos Chantziaras http://bugs.gentoo.org/show_bug.cgi?id=282154
[gentoo-user] Re: *WARNING* updating Xorg
daid kahl wrote: 2. The second guide uses a lot of one-shot emerges; could anyone please explain why I'd use a one-shot? ISTM that if a package is on my system, I'd want it routinely updated. If I need it only once, then instruct me to unmerge it after it's done!? The basic idea of --oneshot is to avoid recording in the portage world file. So, for example, you want xorg and some other things in world. This will call in the dependencies. However, for major upgrades, my experience with other packages is that sometimes it's better to pull some new dependencies in first, then install the update. In principle, portage should take care of all this, but portage isn't always perfect. I'd guess this is the reason for --oneshot on some new xorg dependencies. They'll be called in on updates via dependencies, but this is a better way to proceed for updating from a lower version. Maybe on a newer version of xorg, these dependencies won't be required (unlikely, but possible), and thus you can avoid putting them explicitly in world. ~daid Makes sense... thanks!
[gentoo-user] *WARNING* updating Xorg
1. FYI, There is a short, direct upgrade guide that should be referenced before upgrading to 1.6: http://www.gentoo.org/proj/en/desktop/x/x11/xorg-server-1.6-upgrade-guide.xml It refers to another, short upgrade guide that should definitely be reviewed before proceeding: http://www.gentoo.org/proj/en/desktop/x/x11/libxcb-1.4-upgrade-guide.xml 2. The second guide uses a lot of one-shot emerges; could anyone please explain why I'd use a one-shot? ISTM that if a package is on my system, I'd want it routinely updated. If I need it only once, then instruct me to unmerge it after it's done!? TIA
[gentoo-user] Re: Gentoo Virtualization
walt wrote: [] I don't use vmware but I do use virtualbox every day and I love it. It's extremely fast even compared to kvm, which I also use on my newest machine with hardware virtualization support. Some questions, please: 1. How would you contrast these two packages for security use? (I'm planning on setting up a server on my desktop, and would think running it in a VM would be appropriate) 2. Should someone get a shell in either of these VM clients, would they even be able to determine that they're not on hardware (using full virtualization)? 3. Do the VMs see themselves as being on a LAN (e.g. 192.168.x.x), or do they actually share the hardware with the host? 4. Do you communicate with them via, e.g. SSH and/or X? Thank You (been hoping to find someone who knew both VB and KVM :-) )
[gentoo-user] Re: How to play quicktime (*.mov) videos with firefox
Nikos Chantziaras wrote: On 09/01/2009 03:00 AM, Stroller wrote: On 31 Aug 2009, at 18:15, Nikos Chantziaras wrote: On 08/31/2009 05:00 PM, 7v5w7go9ub0o wrote: Nikos Chantziaras wrote: On 08/30/2009 10:59 PM, 7v5w7go9ub0o wrote: 64bit Linux, AFAICT, does not yet play .mov files They play fine here. Are you able to drag a link from this page: http://www.apple.com/trailers/sony_pictures/district9/ and play it on mplayer? No. Those are reference files (only a few kB big), not the real *.mov files. `mplayer -playlist /path/to/reference-file.mov` might be worth a go. Apple's server doesn't allow access to the actual movies (if you try to open the URL to the real *.mov file, you get redirected to some movie ads page). I guess it checks for the QuickTime player's user agent. So I can't try to test if those *.mov files play OK here since I can't even get to them. Yep you're right about the user agent! Apparently a quicktime user agent is a recent requirement - which explains why mplayer worked for me a few months ago (before going to 64bit). One can set the user agent string used by mplayer with -user-agent string; or via smplayer as well. So setting -user-agent QuickTime/7.6.2 will allow one to stream using mplayer; using wget -U QuickTime/7.6.2 allows one to download the .mov first. Also, rumor has it that if one adds quicktime to the user agent string of his browser, he can stream the apple movies within the browser (something I'm trying to get away from) ) this page describes how to get it to work: http://www.hd-trailers.net/blog/2009/08/20/direct-download-links-from-apple-are-not-working/ HTH
[gentoo-user] Re: How to play quicktime (*.mov) videos with firefox
Nikos Chantziaras wrote: On 08/30/2009 10:59 PM, 7v5w7go9ub0o wrote: 64bit Linux, AFAICT, does not yet play .mov files They play fine here. Are you able to drag a link from this page: http://www.apple.com/trailers/sony_pictures/district9/ and play it on mplayer? TIA!
[gentoo-user] Re: How to play quicktime (*.mov) videos with firefox
Harry Putnam wrote: I'm having a heck of a time getting firefox setup so it can handle quicktime videos. FWIW, out of security considerations I run FF in a chroot jail with as little other stuff in the jail as possible So using an extension called unplug https://addons.mozilla.org/en-US/firefox/addon/2254 I can locate embedded media and download the link or the file itself. I then play the download on 32bit using mplayer (in its own jail). 64bit Linux, AFAICT, does not yet play .mov files, so I'm presently using QTalternative in wine 'til mplayer, xine, or vlc works on 64bit. HTH
[gentoo-user] Re: pidgin 2.6.1 and video
Paul Hartman wrote: FYI if anyone wants to try audio and video chat on the new pidgin 2.6.1 release, it didn't work for me (UVC webcam) until I emerged these packages: pidgin-2.6.1 (with gstreamer USE flag enabled) gst-plugins-v4l2 gst-plugins-farsight gnome-media The last item was need to get gstreamer-properties, which let me define which audio/video devices to use for input and test them. If you're a gnome user you've probably already got it. Pidgin devs say they hope to allow configuration from within the app in the future, but right now it has to be done externally. Thanks for posting this! But. ugh!; the last one is a killer. Is there any way that I can vim some config somewhere, and avoid installing all of the gnome stuff required by gnome-media?
[gentoo-user] significant Mplayer multi-thread (multi-core) changes
Those using Nikos Chantziaras's fix to mplayer may wish to see his newest offering. http://bugs.gentoo.org/show_bug.cgi?id=282154
[gentoo-user] Re: flip video on gentoo
Allan Gottlieb wrote: I have received a flip video, ultra series (records 60 minutes) digital camcorder for a present. This works fine on windows, but I would naturally much prefer to use gentoo. The windows software can presumably do a bunch of stuff but I would be very happy to simply * Copy video from the camera to the computer. * Show, on the computer, video that has been copied on to the computer. * Delete video from the computer. I am reasonably experienced with gentoo, quite experienced with linux, but a complete novice with digital video. A google search suggests strongly that there is support on gentoo, but I have yet to find a HOWTO and would greatly appreciate a pointer. thanks, allan The Flip Video Ultra works great in linux. The device is mounted as a USB mass storage device. The videos are avi files encoded in mpeg4. Just drag and drop. Use Totem or mplayer to play. Very nice. http://jamesguske.blogspot.com/2007/10/flip-video-ultra-works-in-ubuntu.html Once you copy your files to HD, I'd guess that linux video editing software will do anything windows can do. :-) HTH
[gentoo-user] Re: Supercookies
Andrew Lewman wrote: On 08/20/2009 10:09 AM, Ted Smith wrote: You don't lose most functionality by using free software. Not picking on Ted, but this whole thread is off-topic. Arguably, this is very much on-topic. We all know to disable active content when trying to maximize/optimize anonymity. But real world, there are situations when we need to visit sites sub optimally, and knowing how to deal with flash is increasingly an issue. FWIW, I've always wondered; given that gnash is open source, could there be a way to have both flash content and pretty-good anonymity.
[gentoo-user] Re: Does mplayer use it's own internal ffmpeg on Gentoo?
Nikos Chantziaras wrote: [] I rolled my own and it works very nicely :) If anyone is interested, I submitted a version-bump bug with all needed files: http://bugs.gentoo.org/show_bug.cgi?id=282154 This worked fine on my core I7 (hardened) box. Thank You
[gentoo-user] Re: Gcc 4.3.4 --- 4.4.1
Nikos Chantziaras wrote: On 08/15/2009 03:33 AM, fe...@crowfix.com wrote: [...] This being 4.3.4 to 4.1.1 looks like a major version change according to the upgrade guide. It doesn't mention what a switch manual takes, but it does list a whole series of steps such as remerging system and world without saying exactly when they or how much are necessary. I'd just as soon not do that unless necessary, but I'd much more regret not doing it if I should have. Switching the compiler with gcc-config is enough with this update. There are no ABI changes and packages built with GCC 4.3 will happily work together with the ones build with 4.4. I am doing an emerge -e system and emerge -e world anyway though since I want to take advantage of the faster code 4.4 produces in general, but also more specific whether or not the new graphite optimizer of GCC 4.4 (needs graphite USE flag enabled for gcc) will give additional performance gain. (If anyone is interested in that, you need to first add: -floop-interchange -floop-strip-mine -floop-block to CFLAGS/CXXFLAGS (the options enabling the Graphite optimizer) and then emerge -e system and world.) Thanks for the information. 1. FWIW, I found the following note: To use this code transformation, GCC has to be configured with --with-ppl and --with-cloog to enable the Graphite loop transformation infrastructure. on the following page: http://gcc.gnu.org/onlinedocs/gcc-4.4.1/gcc/Optimize-Options.html#Optimize-Options 2. Also FWIW, I found the following note: * GCC can now emit code for protecting applications from stack-smashing attacks. The protection is realized by buffer overflow detection and reordering of stack variables to avoid pointer corruption. * Some built-in functions have been fortified to protect them against various buffer overflow (and format string) vulnerabilities. Compared to the mudflap bounds checking feature, the safe builtins have far smaller overhead. This means that programs built using safe builtins should not experience any measurable slowdown. on the following page: http://gcc.gnu.org/gcc-4.1/changes.html which suggests to me that the mudflap option should be disabled before emerging world HTH
[gentoo-user] Re: Gcc 4.3.4 --- 4.4.1
Nikos Chantziaras wrote: AFAIK, the mudflap pointer checker is just a command line GCC switch. You need to enable it explicitly using -fmudflap. ah o.k. I'm using the hardened overlay, and mudflap is a use flag defaulting to enabled. I'll post that second comment over in hardened. I'd guess that most here would appreciate it if you post your impressions about graphite.
[gentoo-user] Re: f-secure linux security 7.03 on gentoo?
Jarry wrote: Stefan G. Weichinger wrote: at a customers site they have some company-license for f-secure-products. I run a mail-gateway there, using gentoo, it runs amavisd which utilizes clamav and fsav ... (the customer *wants* me to use both as he pays for the f-secure-licenses ...) What mail-server are your running there, may I ask? I'm trying to get amavisd-new working with sendmail, but it is rather difficult. There is only brief documentation with amavisd-new, I do not know how to modify sendmail start-up script. Any help from someone having experience with sendmail + amavisd-new would be appreciated. (sorry for stealing topic) Jarry By some accountings ( http://www.av-comparatives.org/comparativesreviews/main-tests http://www.virusbtn.com/news/2008/09_02 ), Avira/Antivir is one of the better if not best virus/Trojan signature scanners out there. 1. It provides transparent on-access scanning. You stipulate which directories should be considered, and it monitors them. Much easier, IMHO, than fooling with agents and servers. 2. In addition to Windows signatures and heuristics, it includes hundreds of Linux/Unix Trojan, rootkit, and virus signatures - so I also scan user directories where browsers and mail clients work, and work directories where stuff is downloaded and compiled. 3. It is remarkably easy to install - a script both installs the scanner, and optionally builds the kernel module (dazuko) required to do the on access scanning. http://www.free-av.com/en/download/download_servers.php HTH
[gentoo-user] Re: NVidia setup instructions?
Volker Armin Hemmann wrote: On Dienstag 05 Mai 2009, Mark Knecht wrote: On Mon, May 4, 2009 at 4:23 PM, Volker Armin Hemmann volkerar...@googlemail.com wrote: On Dienstag 05 Mai 2009, Mark Knecht wrote: SNIP Thanks Brandon. I'm up in X now on the 6200 AGP so it's functional. glxgears seems sort of slow at about 230FPS but I probably don't have things set up right yet. I had questions about the setup instructions as I went through it. 1) Do you completely drop out DRI support in the kernel? Seems this document says not to load the dri driver in xconf and it wasn't shown in the kernel options so I took it out. Maybe that should be enabled? no. Nvidia uses its own stuff. No need for dri in kernel. Without DRI in the kernel I got an error message when running glxinfo | grep direct. Once I put nvidia in xorg.conf it loaded automatically. That seems inconsistent with this new push to use hald and no xorg.conf. you need to have consolekit running before X starts to have working direct rendering. The Gentoo page I am following makes no mention of 'consolekit': http://www.gentoo.org/doc/en/nvidia-guide.xml It is installed but it's not set in rc-update to run at all. Should this be boot or default? dragonfly ~ # eix -I consolekit [I] sys-auth/consolekit Available versions: 0.2.3 0.2.10 ~0.2.10-r1 ~0.3.0 ~0.3.0-r1 {debug doc pam policykit} Installed versions: 0.2.10(02:17:12 PM 04/20/2009)(pam -debug) Homepage: http://www.freedesktop.org/wiki/Software/ConsoleKit Description: Framework for defining and tracking users, login sessions and seats. dragonfly ~ # Thanks, Mark default. And it is a recent development. FWICT, NVidia 180.51 appears to be working on this box without the consolekit. # glxinfo | grep direct direct rendering: Yes GL_EXT_depth_bounds_test, GL_EXT_direct_state_access, nvidia is masked on my hardened overlay/AMD64; on a lark tried the .run script available at the nvidia site. HTH
[gentoo-user] Re: KDE 4.2.1 : goodbye good riddance
Jorge Morais wrote: On Tue, 14 Apr 2009 09:56:20 -0700 Mark Knecht markkne...@gmail.com wrote: While not a KDE user I echo your thoughts. I'm personally a bit worried about Gentoo overlords sort of pushing this hald thing with reasons like 'Gnome's automounting depends on it'. Where have you got that from? I have not heard of that. I don't use hal either, and I have -hal in /etc/make.conf I started in Linux about 12 years ago and the best environment for my needs at that time (audio recording, 32 channels of live audio, real-time kernels, Ardour, etc.) was fluxbox. Low overhead. Easily customizable. Every time I get fed up with Gnome I go back to fluxbox. Takes a few minutes to build, not hours like Gnome or days like KDE. Not a great environment for my wife and kids, so they get Gnome. I have used Xfce at version 4.4.2 (or 4.4.3, I don't remember) and I think it has a lot of user-friendliness. And it is even similar to GNOME, so GNOME users will feel at home. I think Xubuntu is a good example of a well put together Xfce desktop. I don't agree with every Xubuntu choice for default apps, but it is a great start if you want to build a user-friendly, lightweight, customizable desktop with Xfce plus the right applications. So if you like simplicity and lightweight, but think your wife won't like fluxbox, give Xfce a try. Maybe even fluxbox could be configured and combined with the right applications to be easy to use, but starting with Xfce would probably be much easier (I say probably because I have never performed either of these tasks). On the other hand, maybe you should continue giving GNOME to your wife simply because GNOME is much more common than Xfce and, by knowing GNOME, she is more likely to know how to use another GNU/Linux computer, and if she needs technical support from, say, the ISP, the technicians are more likely to know GNOME and Xfce. For the record, I have moved from Xfce to LXDE because I am a speed freak and also a simplicity freak. More on simplicity below. I hope the future of Linux desktops doesn't look anything like Windows. Sometimes it seems to me we're moving too far that direction too fast. I get that feeling too. When I use Ubuntu and something fails, sometimes I feel it is hard to diagnose and fix the problem. Maybe this is the cost of things being automagic: when it works, great, but when it doesn't work, you've got to be a wizard to fix it. Car analogy: A person with mediocre knowledge of car mechanics can understand how a classical car works, and doesn't complain that the transmission is manual. He can even fix simple problems. A person with good knowledge of car mechanics can even fix more serious problems, because the car is simple, and many of its parts can be serviced by an interested man. But a modern car... With all of its automatic transmission and everything, one does not even need mediocre knowledge to drive it; but to understand how it works is hard. To fix simple problems is harder. To fix serious problems, one needs complex tools and specific knowledge that is almost beyond the reach of the common man. So I think that automagic things often tend to be harder to understand and much harder to fix. But so far, Ubuntu is actually *more* automagic than Windows but more open, easier to understand and easier to fix (Windows is a badly documented black box). And a Gentoo desktop is easier to understand and fix than Ubuntu. Specially if the user selected simple software such as Xfce or, even simpler, LXDE. Of course, you can theorize that at least part of this impression of mine is caused by me being used to my simple no-hal no-nothing LXDE Gentoo desktop and me being unfamiliar with Ubuntu. Regards, Jorge Heh. Your overall attitude, as suggested by the above, rang a sympathetic sound with me. So, I figured that even though LXDE couldn't be faster than my beloved fluxbox, I'd at least give it a try. WOW! It (seems) *significantly* faster than flux both in initial loading, and in the operation of windowed applications. Certain window activity (e.g. lightning alarms on TBird) now display as intended (something that I couldn't get working in FB). Only downside ...may... be the documentation; but everything is pretty intuitive so far. It stays. Ditto everything you said. Thanks!!!
[gentoo-user] Re: I don't like xorg-server 1.5.3
Dale wrote: Mark Knecht wrote: On Mon, Apr 13, 2009 at 8:41 AM, Dale rdalek1...@gmail.com wrote: Justin wrote: Peter Ruskin schrieb: Well, I did the upgrade at last, with -hal and my proven xorg-config, and the result is unusable. I use kde-3.5.9 and the mouse doesn't work right - right-click has no effect and single-right-click works a double-click. 'demerge' came to the rescue and now I'm happily back with xorg-server-1.3.0.0-r6. Any reason to use -hal? Simplicity - get it going without hal, then bring in hal after everything works. I'm not a dev by any means but this is my thoughts. Before releasing xorg-server, update the xorgcfg or xorgconfig commands to deal with a lot of this, at least get you to where you have a basic keyboard and mouse. After reading the upgrade guide, it seemed clear to me that my first attempt would be without hal, and without my old xorg.conf. It initially crashed because of some erroneous opengl softlinks (bugzilla already notified); correcting those using familiar Xorg.log resulted in x coming up nicely. I then played with my old xorg.conf 'til it worked well with the new xorg.server. I have not yet added hal; seems like unnecessary complexity at this point - I don't know how it will make life better. As a newbie, had I started with hal and my old xorg.conf, I'd likely still be fooling with it; too many balls in the air. My suggestion: start simple and safe, and add the new and powerful complexity as a follow up - explaining why the marginal increase in stuff is worth it's overhead, how it will make things better. HTH
[gentoo-user] Re: jagged, grey, fine, horizontal lines on xterm border
Paul Hartman wrote: On Thu, Apr 9, 2009 at 1:43 PM, 7v5w7go9ub0o 7v5w7go9u...@gmail.com wrote: snip But the question is, why do I (and you) see jaggedness when looking at that jpeg? I can ignore it, and likely it'll be fine (no jaggedness when looking at that particular pattern) the next update, or I can report it to bugzilla and let them pass it upstream. Guess that is what I'm presently pondering. Thanks for following this! If you use the xsetroot utility to alter the root window background, does it carry down to the xterm scrollbar? By that I mean I wonder if xterm inherits its visual look from the parent or if it is living in its own little world. It does not carry down to the xterm scrollbar - its own little world. heh on this box, xsetroot -gray produces a window background that perfectly demonstrates the jaggedness new with the latest xorg-server. Please try xsetroot -gray on your box, and see how it works for you. :-)
[gentoo-user] Re: jagged, grey, fine, horizontal lines on xterm border
Alan McKinnon wrote: On Thursday 09 April 2009 03:22:23 7v5w7go9ub0o wrote: something similar on my system. That's it. It is the same gray hash that appears as the background if you were to start X using xorgcfg to self generate an xorg-config. It's obviously something one can learn to live with (I work a lot with xterms); just irritating that I had it under control a while back, and suddenly it reappears. I'm guessing that Alan McKinnon has it right, and that xorg has a minor bug; that the -br parameter no longer works. X -br still works just fine, I use it here and that horrific cross-hatch doesn't show up. The OP's complaint turns out to be is the xterm scrollbar, by default it looks just like that. Well. in an effort to prove to myself that I haven't gone nuts, I brought up my maintenance OS - which is simply a copy of the primary OS on another partition. I copied it there immediately prior to the xorg update. I opened up an xterm (Paul Hartman, I've set a default in fluxbox that provides a scrollbar on every xterm - but thanks for your thought that I could turn it off) and there were the nice, civilized dots that I've seen for years; NOT the cross-hatch that we all see now. I then shut down X and started up X from a user who does not have an .xinitrc - thereby bringing up basic XDM - and there was the nice, dots background; NOT the jagged background that I see if I bring up that user post-xorg-update. So I figured that I should take a snapshot of the old xterm and post it next to yesterday's posting and allow folks an a:b comparison. But YIKES - when I looked at the photo on the updated box, I again saw the cross-hatch. And if I look carefully, I see the dots beneath the cross-hatch!?! So I'm now thinking that -br still works; and that there is some sort of minuscule frequency/refresh/other difference between the old and new xorg-server that is accounting for this jagged appearance on top of the dots.
[gentoo-user] Re: jagged, grey, fine, horizontal lines on xterm border
Paul Hartman wrote: On Thu, Apr 9, 2009 at 9:07 AM, 7v5w7go9ub0o 7v5w7go9u...@gmail.com wrote: So I figured that I should take a snapshot of the old xterm and post it next to yesterday's posting and allow folks an a:b comparison. But YIKES - when I looked at the photo on the updated box, I again saw the cross-hatch. And if I look carefully, I see the dots beneath the cross-hatch!?! So I'm now thinking that -br still works; and that there is some sort of minuscule frequency/refresh/other difference between the old and new xorg-server that is accounting for this jagged appearance on top of the dots. That's really weird. I don't use xterm, but from the man page it looks like you can define various scrollbar options in your X resources file(s). I wonder if you had that set and lost it, or if the system-wide defaults were changes from an update or something. For example: Scrollbar Resources The following resources are useful when specified for the Athena Scrollbar widget: thickness (class Thickness) Specifies the width in pixels of the scrollbar. background (class Background) Specifies the color to use for the background of the scrollbar. foreground (class Foreground) Specifies the color to use for the foreground of the scrollbar. The ``thumb'' of the scrollbar is a simple checkerboard pattern alternating pixels for foreground and background color. I think you're right. I can color the scrollbar and see the jaggedness no more. But the question is, why do I (and you) see jaggedness when looking at that jpeg? I can ignore it, and likely it'll be fine (no jaggedness when looking at that particular pattern) the next update, or I can report it to bugzilla and let them pass it upstream. Guess that is what I'm presently pondering. Thanks for following this!
[gentoo-user] Re: New xorg.conf with x11-base/xorg-server-1.5.3-r5
Volker Armin Hemmann wrote: On Tuesday 07 April 2009, Alan McKinnon wrote: On Tuesday 07 April 2009 13:02:28 Nikos Chantziaras wrote: Volker Armin Hemmann wrote: [...] but my real problem is that hal crap. In their fight to make x 'easier' they make it harder. keyboard layout is incorrect? well, bad luck, because hal's files are a bitch to deal with. I suppose the intention was for GUI tools to do the configuration, but as usual in Linux (:P) no one bothered because that would mean people won't learn. So be happy. You're learning how HAL syntax works. That's good for you. No? ;-) tongue_in_cheek Yes, it's wonderful. Let's face it, replacing something like Driver evdev with ?xml version=1.0 encoding=ISO-8859-1?deviceinfo version=0.2devicematch key=info.capabilities contains=input.keysmerge key=input.x11_driver type=stringkeyboard/mergematch key=/org/freedesktop/Hal/devices/computer:system.kernel.name string=Linuxmerge key=input.x11_driver type=stringevdev/merge/match/match/device/deviceinfo Is so OBVIOUSLY the correct way to go, and so OBVIOUSLY much easier. Right? I mean, what kind of twit do you have to be to not understand the hal files? /tongue_in_cheek using xml is just the rotten icing on that shitcake. Heh-hal worked just fine for this newbie! Thankfully, the upgrade guide owned-up to that option.
[gentoo-user] jagged, grey, fine, horizontal lines on xterm border
Just upgraded to xorg-server-1.5.3-r5, and now I see some sort of pattern on the edge of my xterms; reminiscent of the gray background of basic xwindows. I seem to recall seeing this years ago, and having to modify a configuration somewhere (e.g. with solid or black or ??). Can't remember if it was a fluxbox configuration, .Xdefaults, XDM, Xorg, or . Would love to see this go away. any ideas, please? TIA
[gentoo-user] Re: jagged, grey, fine, horizontal lines on xterm border
Alan McKinnon wrote: On Wednesday 08 April 2009 20:35:24 7v5w7go9ub0o wrote: Just upgraded to xorg-server-1.5.3-r5, and now I see some sort of pattern on the edge of my xterms; reminiscent of the gray background of basic xwindows. I seem to recall seeing this years ago, and having to modify a configuration somewhere (e.g. with solid or black or ??). Can't remember if it was a fluxbox configuration, .Xdefaults, XDM, Xorg, or . Would love to see this go away. any ideas, please? The config option you refer to is -br It's an option to X, so set it up in whatever you use to start X (kdm, gdm, startx, etc) Thanks for the quick reply! Doesn't seem to work. I typically start my xsession with startx, so it is easy to do startx -br - no effect. (Took a quick look inside startx, and it reviews that -br is a default anyway.) Any other possibilities? TIA
[gentoo-user] Re: jagged, grey, fine, horizontal lines on xterm border
Paul Hartman wrote: On Wed, Apr 8, 2009 at 1:35 PM, 7v5w7go9ub0o 7v5w7go9u...@gmail.com wrote: Just upgraded to xorg-server-1.5.3-r5, and now I see some sort of pattern on the edge of my xterms; reminiscent of the gray background of basic xwindows. I seem to recall seeing this years ago, and having to modify a configuration somewhere (e.g. with solid or black or ??). Can't remember if it was a fluxbox configuration, .Xdefaults, XDM, Xorg, or . Would love to see this go away. any ideas, please? Can you upload a screenshot somewhere? Here 'tis: http://www.fileqube.com/file/cuBQoco187071 (upper right hand corner of the xterm; top is o.k.; right side is hashed) TIA
[gentoo-user] Re: jagged, grey, fine, horizontal lines on xterm border
Paul Hartman wrote: On Wed, Apr 8, 2009 at 7:33 PM, 7v5w7go9ub0o 7v5w7go9u...@gmail.com wrote: Paul Hartman wrote: On Wed, Apr 8, 2009 at 1:35 PM, 7v5w7go9ub0o 7v5w7go9u...@gmail.com wrote: Just upgraded to xorg-server-1.5.3-r5, and now I see some sort of pattern on the edge of my xterms; reminiscent of the gray background of basic xwindows. I seem to recall seeing this years ago, and having to modify a configuration somewhere (e.g. with solid or black or ??). Can't remember if it was a fluxbox configuration, .Xdefaults, XDM, Xorg, or . Would love to see this go away. any ideas, please? Can you upload a screenshot somewhere? Here 'tis: http://www.fileqube.com/file/cuBQoco187071 (upper right hand corner of the xterm; top is o.k.; right side is hashed) TIA Is it the scrollbar? if I run xterm -sb -rightbar I can see something similar on my system. That's it. It is the same gray hash that appears as the background if you were to start X using xorgcfg to self generate an xorg-config. It's obviously something one can learn to live with (I work a lot with xterms); just irritating that I had it under control a while back, and suddenly it reappears. I'm guessing that Alan McKinnon has it right, and that xorg has a minor bug; that the -br parameter no longer works.
[gentoo-user] Re: hal requires cryptsetup!? will hal work with loop-aes?
ABCD wrote: I'm not sure if you will need sys-fs/cryptsetup for your setup, but I think you may have gotten confused over the difference between USE and IUSE. IUSE is a variable set by an ebuild to tell portage (or your PM of choice) that this package supports certain USE flags. See ebuild(5) for more information. AH! Thank You!!
[gentoo-user] hal requires cryptsetup!? will hal work with loop-aes?
BACKGROUND: Am preparing for the xorg update, and hal wants to bring in cryptsetup: ('ebuild', '/', 'sys-fs/cryptsetup-1.0.5-r1', 'merge') pulled in by =sys-fs/cryptsetup-1.0.5 required by ('ebuild', '/', 'sys-apps/hal-0.5.11-r8', 'merge') A quick look at the ebuild reveals this: IUSE=X acpi apm crypt debug dell disk-partition doc laptop selinux ${KERNEL_IUSE} RDEPEND==dev-libs/dbus-glib-0.61 =dev-libs/glib-2.14 =dev-libs/expat-1.95.8 =dev-libs/libusb-0.1.10a =sys-apps/pciutils-2.2.7-r1 =dev-util/gperf-3.0.3 sys-apps/usbutils virtual/eject amd64? ( =sys-apps/dmidecode-2.7 ) dell? ( =sys-libs/libsmbios-0.13.4 ) disk-partition? ( =sys-apps/parted-1.8.0 ) ia64? ( =sys-apps/dmidecode-2.7 ) kernel_linux? ( =sys-fs/udev-117 =sys-apps/util-linux-2.13 =sys-kernel/linux-headers-2.6.19 crypt? ( =sys-fs/cryptsetup-1.0.5 ) ) (I'm aware of the udev vs cryptsetup workaround listed in bugzilla) QUESTIONS: 1. Is cryptsetup really necessary on non-encrypted systems? It appears to be both setting, and then testing for crypt. If it does require cryptsetup, then Why? 2. I'm using loop-aes. If the answer to question number 1 is yes, then will hal have an issue with loop-aes/loop devices? Thanks in advance... Newbie
[gentoo-user] Re: boot messages; vga; vesa; HDTV monitor
Volker Armin Hemmann wrote: On Saturday 29 November 2008, 7v5w7go9ub0o wrote: 1. Anyone aware of a wiki or other gentoo help that describes how to change the boot message size during boot? yes, it is. In /usr/src/Documentation. Thanks for the reply. Wasn't able to find any reference here (/usr/src/linux/Documentation) to anything other than configuring the kernel for framebuffer alternatives. Either way, it seems that my HDTV monitor is not very happy with the framebuffer - but works great with X.
[gentoo-user] boot messages; vga; vesa; HDTV monitor
A few years back I installed gentoo and everything worked fine, except that the OS bootup messages were too big, and scrolled by too fast. Somewhere I found a tweak (IIRC, it involved recompiling the kernel) that handled it fine - i.e. the font was reduced dramatically after the bios was booted, right at the beginning of the OS booting. Today I replaced my monitor with an HDTV monitor which works fine during the bios boot; works fine after X is booted; but is shakey and unreliable during the OS boot. I have worked around these symptoms by adding vga=ask to lilo.conf, and then telling it to use vga. Questions: 1. Anyone aware of a wiki or other gentoo help that describes how to change the boot message size during boot? It is possible that I simply added a framebuffer, but it seems that I changed some config. somewhere as well. 2. Anyone have a workaround for using a new HDTV monitor with an older ATI graphics card? TIA
[gentoo-user] Re: Compiling for an unbooted kernel
[EMAIL PROTECTED] wrote: Dirk Heinrichs [EMAIL PROTECTED] [08-10-09 20:23]: Am Donnerstag, 9. Oktober 2008 19:48:37 schrieb [EMAIL PROTECTED]: Is it possible -- and how -- to compile/install this interface for the new kernel while the old one is still running? KERNEL_DIR=/lib/modules/kernel-version/source emerge nvidia-driver Would save me one reboot... Why? 1) Build new kernel 2) reboot 3) emerge nvidia-driver 4) modprobe nvidia 5) /etc/init.d/xdm start One reboot. Bye... Dirk Hi Dirk, thanks for help. But let me come back to my initial question: Is it possible to compile the source of the nvidia driver interface for a currently compiled but unbooted kernel ? Kind regards, mcc almost certainly yes. point /usr/src/linux to the subdirectory that contains the unbooted source code. the compiler should look for the source code via /usr/src/linux. HTH
[gentoo-user] Re: Gentoo on Centrino 2 -- Have to wait?
Jan Seeger wrote: Hey list, I have just received my new notebook, a Dell Latitude E6400. Of course, I now want to install linux on it. The problem is that the Gentoo minimal install cd recognizes neither the ethernet nor the wireless cards. Is the network card in this laptop (an Intel 82567LM Gigabit network controller) supported in the newest linux kernel or will I have to wait? If it is supported, how would I go about booting with a newer kernel? FWIW, I use the same box on my desktop and notebook. So I'd tweak the desktop kernel to include drivers and support appropriate for the laptop and recompile it; I'd install the necessary laptop stuff (e.g. special drivers, kismet, wpa_supplicant, etc.). Once you have that done, back up your brand new notebook; load up a live cd; use parted/gparted/qparted to resize the NTFS partition to an appropriate size; create some partitions for linux use; use NFS to copy your desktop OS to the LT; chroot into the notebook root partition and re-run lilo/grub after tweaking lilo.conf, xorg.conf, fstab, net, and perhaps syslog.conf; create a multi-boot option within the windows boot loader to jump to your linux boot partition. There are some real cons to this approach, but some real advantages as well: 1. you maintain only one OS, and copy it. 2. you have a second box ready to go if your primary breaks. 3. Why tear up a little laptop with the machinations necessary to maintain a gentoo box? HTH
[gentoo-user] arpstar (arp spoofing protection) work arounds?
Arpstar was out of commission as of kernel 2.6.24.x Two separate, weeks old gento bugzilla reports describing the specifics have not yet even been acknowledged. Given the importance of this program at hotspots, I'm guessing that laptop users are downloading and installing directly (as, for example, I am doing with the vidalia software) - perhaps with a patch!? Would anyone using arpstar on a 2.6.24 or later kernel please post the secret? Thanks in Advance!!
[gentoo-user] Re: DNS poisoning fix
Mick wrote: Hi All, Have you seen this? http://uk.news.yahoo.com/afp/20080709/ttc-us-it-internet-software-crime-e0bba4a.html and this? http://www.doxpara.com/ Is it merely a matter of using the right version of bind (for those who run a bind daemon locally), or does it go further than that? This note from the author of maradns might help understand the issue. (FWIW, maradns is straightforward and simple if you want to try it on an interim basis 'til bind is fixed.) MaraDNS is immune to the new cache poisoning attack. MaraDNS has always been immune to this attack. Ditto with Deadwood (indeed, people can use MaraDNS or Deadwood on the loopback interface to protect their machines from this attack). OK, basically, this is an old problem DJB wrote about well over seven years ago. The solution is to randomize both the query ID and the source port; MaraDNS/Deadwood do this (and have been doing this since around the time of their first public releases that could resolve DNS queries) using a cryptographically strong random number generator (MaraDNS uses an AES variant; Deadwood uses the 32-bit version of Radio Gatun). - Sam -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Firefox 3 stability
Adam Carter wrote: I'm finding it unusable as it crashes often. How are you guys finding it? I find the -bin version is stable, and works well with embedded flash (e.g. youtube). (I find the new Opera is more stable, and when loaded without the mail programs (Opera -nomail -nolirc ) it absolutely flies.) So Opera with JS, Flash, cookies, and IFrames off for general browsing; FF when I need to do media. HTH -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Loop-AES versus DM-Crypt versus ???
Sebastian Wiesner wrote: 7v5w7go9ub0o [EMAIL PROTECTED] at Friday 27 June 2008, 05:41:15 Chris Walters wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Sorry if this subject has been hashed and rehashed again, but I was wondering which Gentoo partition encryption scheme is considered the best, in terms of: 1. Security Another thing: If I remember correctly, LUKS keeps the actual key on the encrypted disk, itself encrypted with a passphrase. Naturally this means that an attacker only has to break the passphrase, which gets him the key Naturally ... if the user wants to use passphrases, the key needs to be related to the passphrase somehow, whether by it being derived from the passphrase through hashing or it being encrypted with a second key, that is derived from the passphrase. But a decent hard disk encrpytion system should be able to store the key file on a USB stick or on a smart card. Beside a increased security, because there is weak passphrase, it provides increased comfort: You don't have to enter a silly passphrase on every boot ;) Yes. But If I understand his comment, the LUKS standard requires a copy to be stored on the HD - even if using the more secure dongle - and keeping a passphrase-encrypted copy on the HD permanently renders the HD integrity compromised. ISTM the better way to use a passphrase would be to passphrase-encrypt the encryption key and store it somewhere on a boot sector. On the boot sector - but not within the encrypted disk - as having it on the disk weakens the disk integrity. If you later acquire a USB, you simply transfer the whole encryption key to the USB and remove the passphrase obscuration programs from the boot sector. So IIUC the question becomes, can one configure LUKS to NOT keep a copy of the passphrase-protected encryption key on the HD (or is keeping it there part of the LUKS standard)? -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] recent updates (stunnel, vidalia, nmap, filezilla, rkhunter, ckrootkit)
I'm maintaining these directly from the authors' sites. This is an FYI for others who are doing the same. stunnel: 4.24 Vidalia: 0.1.3 nmap: 4.6.5 filezilla: 3.0.10 rkhunter: 1.3.2 chkrootkit: 0.48 HTH -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Fun with Foo (matic) ?
Mick wrote: On Friday 09 May 2008, Alan McKinnon wrote: On Friday 09 May 2008, 7v5w7go9ub0o wrote: See other thread on this very subject yesterday and today for details: emerge -avC all foomatic ebuilds emerge -av  all foomatic ebuilds Yes; that worked. Thank you very much for patiently answering this question -- sigh -- again! (Wish I had parsed it more carefully!!) It gets easier round about the 42nd time. At least that's how it worked for me :-) Is foomatic needed for cups to work? I have been carrying it around for the last few years, but I was not sure if it is needed. I don't pretend to know how it all worked before and now, but in my case I had all of the foomatic stuff stuff installed. After reading Alan's advice, I decided to unmerge all of them and then let emerge tell me what it needed - which is now only net-print/foomatic-filters. Works fine. (I'm running an HP printer, hplp-2.8.2, and cups-1.3.7-r1.) HTH -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Best anti-virus
forgottenwizard wrote: On 20:13 Fri 09 May , 7v5w7go9ub0o wrote: I am extremely pleased with Antivir (aka Avira) and its realtime LKM, Dazuko! 1. The Antivir database and heuristics contain dozens of Linux-specific rootkits and Trojans. These in addition to Windows sigs. FWICT, the only freeware AntiMalware that take Linux seriously (Kaspersky payware does). 2. With Dazuko - a LKM, developed by AntiVir/Avira which provides real-time, on-access (read/write) scanning within directories you specify in configuration. I scan mail (in a chroot jail), browser and downloads (within a chroot jail, within RamDisk), Portage and portage work areas, and /home. Given that emerges are done with Root privilege, this scanning for signatures may keep your box from being borked, should someone hack a distribution site, or poison the DNS system, or etc. 3. Recent testing by Windows testers indicate that Antivir is now one of the better windows AV's, and that their heuristics are quite effective. I'd guess the same to be true for 'ix. 4. It scans for Linux screwups. :-) :-) e.g. here's one that I have left unrepaired because I think it's so great: ANTIVIR 2008-05-05_05:49:12.39449 Mon May 5 01:49:12 2008 WARNING: file '/etc/openvpn/trustconnect/pwd' is group or others accessible 5. its heuristics have notified me of XSS script attacks (at test sites) after scanning scripts loaded into the browser cache, with suspicious script warnings - and blocking that script from use by the browser. The only other tool of similar function that I know of is NoScript, an extension for use in FireFox. 6. I run WAN/LAN-connected applications in chroot jails (Grsecurity Hardened). Anything downloaded into a browser jail, lftp or TBird jail is moved to a download area via a script that invokes a deep scan by Antivir after it gets there. Dazuko invokes a second scan, as it also monitors that area. 7. AntiVir is not in portage. Dazuko is. Dazuko can be used with other AntiMalwares, or customized to respond to user-created tests (e.g. changed file). 8. Linux and Unix oldtimers will scoff at real-time malware scanning - but I'm convinced that in todays world, realtime scanning is one important thing (perhaps the only thing) that we can learn from Windows. HTH I think alot of old-timers also realize that, unless you specifically allow something to run, then it can't hurt you. Agreed! Keep the power off; allow nothing to run; a safe state. Chances are, unless you are allowing XSS and are surfing sites you can't trust, you're close to bullet-proof, with the exception of program exploits that you really can't do anything about. Well, nowadays you can take a significant steps against those exploits as well - memory protection and RBAC are two obvious ones. Hardened kernels and hardened chroot jails also effectively confine many of those exploits. Realtime Linux Anti-Trojan signature scanning overhead is simply cheap (almost free) insurance IMHO, and may be most important when compiling and installing new or updated sourcecode. Or installing a new plugin to your browser; or opening a media file. But I sure acknowledge the majority opinion - almost ALL Linux users, and many Windows users as well, choose not to run real-time AntiMalware scanners. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Best anti-virus
Alan McKinnon wrote: On Saturday 10 May 2008, 7v5w7go9ub0o wrote: But I sure acknowledge the majority opinion - almost ALL Linux users, and many Windows users as well, choose not to run real-time AntiMalware scanners. I do this, and I do it for a perfectly obvious reason: Your suggestion protects me from a problem that does not exist. I can't for the life of me imagine why I would ever do such a thing. Geeee I'm suddenly besieged!!! :-) What is missing in this conversation is specific context; i.e. what are the various threat models which are the basis for why/what we do in security-oriented things. Clearly you've analyzed your situation and determined that you don't need it. - I happen to mostly use a laptop on public wifi; using non-OS-specific tools such as: Firefox browser and thunderbird mail client (each with lots of extensions - third-party, unregulated, tools that enhance the operation of the browser/mail client. These extensions have been found to contain Trojans in the past. - I often install software directly from the author - or what I presume is the author's webpage; from what I hope is an uncompromised library. - I stream both via the browser and directly, a full range of media content. Seems to me that each of these areas represent a small possibility for mischief, especially in the case of extensions; e.g. everytime I invoke check for updated plugins, I run the risk of something I don't want (e.g. password sniffer) from a compromised distribution, or spoofed location. An updated heuristic or signature may review that one of the extensions I installed last week came with what is now a recognized bug. You've indicated that the problem doesn't exist - true 'nuff for you. But IMHO -a- problem/potential for trouble does exist for me, and I've - perhaps unnecessarily - assumed the overhead and complexity of scanning what I perceive as the problem areas in the way I use this box. I don't run anti-malware on all activity within the box; just on the browser, lftp, media, and mail client jails, the download and work areas for portage (and where I compile non-portage software), and the /home/TaxAct area where I run WINE (using a dedicated, unprivileged taxact:taxact user:group). Reviewing my original response, it may seem that I was promoting real-time Anti-Malware for the masses. No - I definitely do not. Though I do think that people should, as a rule, review and create a threat model for their setup andhow they do business; and after doing so, consider AntiVir/Dazuko a potentially useful, possibly cost-effective addition. But we can certainly agree to disagree on the potential usefulness of this tool in my situation. :-) Tony was not determining if, but rather, which anti-malware. What really happened is that I'm trying to express the basis for my enthusiasm about this particular, versatile Windows-and-Linux anti-malware product to Tony - in response to his original question: best Anti Virus. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Fun with Foo (matic) ?
My printer stopped working yesterday (no ppds?), so I upgraded CUPS and hplip to the latest masked versions and everything worked fine. Today did an emerge -puDv world, and got this: [ebuild UD] net-print/foomatic-db-ppds-3.0.20060720 [20060720] 12,056 kB Any help would be appreciated (UD for an ebuild that is already at the current version?) TIA -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Fun with Foo (matic) ?
7v5w7go9ub0o wrote: My printer stopped working yesterday (no ppds?), so I upgraded CUPS and hplip to the latest masked versions and everything worked fine. Today did an emerge -puDv world, and got this: [ebuild UD] net-print/foomatic-db-ppds-3.0.20060720 [20060720] 12,056 kB Any help would be appreciated (UD for an ebuild that is already at the current version?) TIA oops and this: [ebuild UD] net-print/foomatic-db-3.0.20060720 [20060720] 0 kB -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Fun with Foo (matic) ?
Alan McKinnon wrote: On Friday 09 May 2008, 7v5w7go9ub0o wrote: My printer stopped working yesterday (no ppds?), so I upgraded CUPS and hplip to the latest masked versions and everything worked fine. Today did an emerge -puDv world, and got this: [ebuild UD] net-print/foomatic-db-ppds-3.0.20060720 [20060720] 12,056 kB Any help would be appreciated (UD for an ebuild that is already at the current version?) See other thread on this very subject yesterday and today for details: emerge -avC all foomatic ebuilds emerge -av all foomatic ebuilds Yes; that worked. Thank you very much for patiently answering this question -- sigh -- again! (Wish I had parsed it more carefully!!) -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Best anti-virus
Tony Caudel wrote: I am currently using the clamv anti-virus program. I was wondering if there is a better one for Gentoo, especially one that integrates well with Thunderbird. That has been my one disappointment with clamav. Not necessarily clamav's fault since T/B maintains its emails in one long file. Tony I am extremely pleased with Antivir (aka Avira) and its realtime LKM, Dazuko! 1. The Antivir database and heuristics contain dozens of Linux-specific rootkits and Trojans. These in addition to Windows sigs. FWICT, the only freeware AntiMalware that take Linux seriously (Kaspersky payware does). 2. With Dazuko - a LKM, developed by AntiVir/Avira which provides real-time, on-access (read/write) scanning within directories you specify in configuration. I scan mail (in a chroot jail), browser and downloads (within a chroot jail, within RamDisk), Portage and portage work areas, and /home. Given that emerges are done with Root privilege, this scanning for signatures may keep your box from being borked, should someone hack a distribution site, or poison the DNS system, or etc. 3. Recent testing by Windows testers indicate that Antivir is now one of the better windows AV's, and that their heuristics are quite effective. I'd guess the same to be true for 'ix. 4. It scans for Linux screwups. :-) :-) e.g. here's one that I have left unrepaired because I think it's so great: ANTIVIR 2008-05-05_05:49:12.39449 Mon May 5 01:49:12 2008 WARNING: file '/etc/openvpn/trustconnect/pwd' is group or others accessible 5. its heuristics have notified me of XSS script attacks (at test sites) after scanning scripts loaded into the browser cache, with suspicious script warnings - and blocking that script from use by the browser. The only other tool of similar function that I know of is NoScript, an extension for use in FireFox. 6. I run WAN/LAN-connected applications in chroot jails (Grsecurity Hardened). Anything downloaded into a browser jail, lftp or TBird jail is moved to a download area via a script that invokes a deep scan by Antivir after it gets there. Dazuko invokes a second scan, as it also monitors that area. 7. AntiVir is not in portage. Dazuko is. Dazuko can be used with other AntiMalwares, or customized to respond to user-created tests (e.g. changed file). 8. Linux and Unix oldtimers will scoff at real-time malware scanning - but I'm convinced that in todays world, realtime scanning is one important thing (perhaps the only thing) that we can learn from Windows. HTH -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Updated ebuild; bypassing manifest check
Alan McKinnon wrote: On Friday 02 May 2008, 7v5w7go9ub0o wrote: Following the instructions here, I tried to create an updated ebuild for mozilla-thunderbird-bin. The newest version is 2.0.0.14; current ebuild is 2.0.0.12. http://gentoo-wiki.com/HOWTO_Create_an_Updated_Ebuild Everything worked fine until I tried to update the hashes in the manifest, ebuild /usr/local/portage/mail-client/mozilla-thunderbird-bin/mozilla-thunde rbird-bin-2.0.0.14.ebuild digest and it failed, being unable to download the '.14 file from Gentoo.something. Well, this is to be expected, as Gentoo.something doesn't have the '.14 file yet; and the ebuild downloads the source code from the author's site, not from gentoo.something. So I ended up running the emerge 3 times, manually tweaking the Manifest's hashes with the newer hashes, 'til everything matched, and tbird 2.0.0.14 emerged normally. So the question becomes, is there a way to bypass the manifest check? Or alternatively, build the manifest with the correct hashes based upon the source code's author's code. I think the assumption is that the dev making the ebuild already has the downloadable files. You have to have them to see how the build works to be able to write an ebuild that automates it. So what I do in these cases is wget all the files manually, run 'ebuild /path/to/ebuild manifest' and emerge it. YES. makes sense; and now that you mention it, I recall somewhere seeing someone doing that! Thanks!! p.s. apologies to the guy maintaining Mozilla. I sent a couple of bugzilla notes about TBird being two releases behind; turns out that there was no release 2.0.0.13 for 'nix - that Portage Tbird ebuild was in fact quite on top of things.. apologies again. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Updated ebuild; bypassing manifest check
Following the instructions here, I tried to create an updated ebuild for mozilla-thunderbird-bin. The newest version is 2.0.0.14; current ebuild is 2.0.0.12. http://gentoo-wiki.com/HOWTO_Create_an_Updated_Ebuild Everything worked fine until I tried to update the hashes in the manifest, ebuild /usr/local/portage/mail-client/mozilla-thunderbird-bin/mozilla-thunderbird-bin-2.0.0.14.ebuild digest and it failed, being unable to download the '.14 file from Gentoo.something. Well, this is to be expected, as Gentoo.something doesn't have the '.14 file yet; and the ebuild downloads the source code from the author's site, not from gentoo.something. So I ended up running the emerge 3 times, manually tweaking the Manifest's hashes with the newer hashes, 'til everything matched, and tbird 2.0.0.14 emerged normally. So the question becomes, is there a way to bypass the manifest check? Or alternatively, build the manifest with the correct hashes based upon the source code's author's code. TIA -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Rootkit Hunter release 1.3.2
(Portage is a little dated at 1.2.9) http://sourceforge.net/projects/rkhunter/ -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] chkrootkit release 0.48
http://www.chkrootkit.org/#new -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Rootkit Hunter release 1.3.2
Florian Philipp wrote: On Sat, 2008-04-26 at 14:38 -0400, 7v5w7go9ub0o wrote: (Portage is a little dated at 1.2.9) http://sourceforge.net/projects/rkhunter/ Thanks for the info but this doesn't belong here. The proper thing to do would be to open a bug on http://bugs.gentoo.org and request a version bump. Thanks for replying I've tried bugs (under admin, iirc), and always get notes telling me that my version info. post doesn't belong there, and deleting my submission. If there is a category for version bumps, I haven't figure it out. I wasn't going to say anything (I love Gentoo and don't want to be a complainer), but rtkthunter and chkrootkit are arguably important packages for newbies like me. (fwiw, I imagine that others, like me, have a few packages - especially those linked to online activity, or security issues (e.g. maradns, runit, rtkthunter, chkrootkit, vidalia, etc.) that are simply maintained from source, hoping that portage someday catch up :-( ) -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Rootkit Hunter release 1.3.2
Florian Philipp wrote: On Sat, 2008-04-26 at 18:46 -0400, 7v5w7go9ub0o wrote: Florian Philipp wrote: On Sat, 2008-04-26 at 14:38 -0400, 7v5w7go9ub0o wrote: (Portage is a little dated at 1.2.9) http://sourceforge.net/projects/rkhunter/ Thanks for the info but this doesn't belong here. The proper thing to do would be to open a bug on http://bugs.gentoo.org and request a version bump. Thanks for replying I've tried bugs (under admin, iirc), and always get notes telling me that my version info. post doesn't belong there, and deleting my submission. If there is a category for version bumps, I haven't figure it out. As I understand it, Admin is meant for administrative purposes of the Gentoo-project as a whole. I'd post it in Gentoo Linux. Most of the time, Gentoo Linux is the right place for version bumps. Since this is also security-related, you could argue for Gentoo Security but this is meant for Security holes and stuff like that. Of course, it would have been better if the bug wrangler had moved your bug to the right place or at least told you where to file it. If you think you've been treated wrong, feel free to file a bug in User Relations but I'd rather not. Jakub and the other bug wrangler might seem rude from time to time but they are doing quiet a hard job very well when trying to keep pace with the input of bugs. That's why I wouldn't take such things personally. Nope. I'm sure they're busy, and took the message at face value. 'Twould be nice if someone added a little note to the categories indicating that Gentoo Linux is the place to put version bumps; it might get more of us newbies involved and owning part of the effort. I'll post some version-bump notices that I've been holding back on, and see if they take. (If they don't, I'll come back here and ping you :-) ) Thanks. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: local caching DNS?
Ralf Stephan wrote: Hello, I'm fed up with waiting for ever the same name requests from my browser (and open servers don't cut it either): which DNS cache or caching DNS for simple local installation would you recommend? consider maradns http://www.maradns.org/changelog.html - It is a recursive dns client/server (and authoritative server if desired), described in Portage as Proxy DNS server with permanent caching. - It is extremely fast - It avoids your ISP's DNS server entirely (your ISP's server may be out of date; poisoned; very slow; etc.) - Download the current version from the web page, as the ebuild is out of date (sigh... of course). HTH -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: local caching DNS?
Uwe Thiem wrote: On Wednesday 09 April 2008, 7v5w7go9ub0o wrote: Ralf Stephan wrote: Hello, I'm fed up with waiting for ever the same name requests from my browser (and open servers don't cut it either): which DNS cache or caching DNS for simple local installation would you recommend? consider maradns http://www.maradns.org/changelog.html - It is a recursive dns client/server (and authoritative server if desired), described in Portage as Proxy DNS server with permanent caching. Wiht permanent caching? I don't know. I never found a reference to it in the documentation. I quoted portage because I thought it might make sense to others. I'd *guess* that it means that it'll keep long-TTL records beyond a restart - i.e. it does not flush the cache at start up. If it really does this, not honouring TTLs, it's crap. That said, I actually don't know whether they mean permanent when they say permanent. ;-) When MaraDNS' recursive resolver receives a host not there reply, instead of using the SOA minimum of the host not there reply as the TTL (Look at RFC1034 §4.3.4), MaraDNS uses the TTL of the SOA reply. MaraDNS keeps referral NS records in the cache for one day instead of the TTL specified by the remote server. MaraDNS recursive resolver treats any TTL shorter than min_ttl seconds (min_ttl_cname seconds when the record is a CNAME record) as if the TTL in question was min_ttl (or min_ttl_cname) seconds long when determining when to expire a record from MaraDNS' cache. TTLs which are shorter than 20 seconds long are given a TTL of 20 seconds; TTLs which are more than 63072000 (2 years) long are given a TTL of 2 years. HTH -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Boot Gentoo to clean windows
Mick wrote: On 28/03/2008, 7v5w7go9ub0o [EMAIL PROTECTED] wrote: Anti-Virus on Linux. No. (presuming that you don't run as root, and have lots of unprivileged users for individual applications.) Anti-Malware on Linux. Yes. (Malware gets to the box via spoofed or hacked software distribution or creation sites; bad links or poisoned DNS caches; or via (e.g.) browser memory attacks - at plugins or exploits) The oldtimers will tell you that safe hex and perhaps integrity monitoring (e.g. Samhain or tripwire) are all that's needed. But desktop Linux with Browsing, IM, etc. is changing that, IMHO. The three packages above have Linux Trojan and Rootkit signatures, as well as Windows malware sigs. Easy enough to run an occasional scan of the Linux box (or Windows partition); and to scan each Linux download before reading, compiling, or passing on. (Dazuko additionally allows realtime scans of compilation read/writes). IMHO, Linux and MAC are the next frontier for malware, and -SADLY- AntiMalware signature and heuristic techniques are one thing we can learn about from Windows :-( http://news.yahoo.com/s/pcworld/20080327/tc_pcworld/143901 What worries me is the reference to Safari . . . (khtml rendering engine?) What is an appropriate anti-malware for Linux, other than safe-hex? As a monitor (a.k.a. real-time access), I've had good experience with AntiVir and Dazuko. AntiVir has lots of Linux signatures and heuristics, and Dazuko/Antivir has both caught bugs in downloads, and blocked suspicious scripts in my browser cache when visiting bad sites. As a scanner, I tend to scan my box from a second maintenance OS on another partition hoping to avoid stealthing by any RootKits on the primary partition. Scanning includes Samhain, equery md5 checks, the three Anti-Malware products mentioned earlier, Rootkithunter, and Checkrootkit. I'll run this occasionally overnight. Interesting that this year's exploit was a safe browser Safari, on a safe 'nix/BSD OS MAC. And last year's exploit winner, QuickTime, can also appear on multiple OS's. Both of these were likely online attacks; via streaming in the case of quicktime. Seems to me that WAN-connected applications should be sequestered from the rest of the system in the same way that a server sequesters WAN-connected processes - i.e. put them each in their own chroot jail. In addition to individual chroot jails, I run my mail client and browser in RamDisk - so that any changes to them (other than bookmarks and mail) are discarded at shutdown Using Hardened Sources (GRSecurity) with both memory protection and access control, one gets a particularly resilient, hardened chroot jail (i.e. OpenBSD theory :-) ) and a kernel that restricts where the browser user/application can go, and what it can do. hth -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Boot Gentoo to clean windows
Stroller wrote: snip important, informative stuff Be aware that sometimes Windows isn't cleanly fixable. Although I try to avoid it until I've exhausted avenues for a clean repair, sometimes the best thing to do is simply to back-up reinstall. Think this is a great write up. The last paragraph seems most important - given today's professionally-authored compromises, the best thing to do may be presume that you've been rooted with redundancy, and simply be prepared to quickly rebuild the box from scratch. Especially if you use the computer for business or other sensitive matters. So arguably, one should use the second OS (Linux or Windows) as a diagnostic tool to determine if it's compromised or not, and except for something simple (e.g. an infection vector caught before activation by an AntiTrojan scanner in a browser cache, mail letter, etc.), one should simply rebuild the box. So to the above, I'd add a have a rebuild strategy i.e. copies of data (not executables), addresses, passwords, etc. that can be quickly returned to a rebuilt OS. Windows benefits greatly from rebuilding - a rebuilt box will seem quicker and faster than ever before, and won't have lingering relics from earlier maintenance levels. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Boot Gentoo to clean windows
Florian Philipp wrote: snip FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each has BOTH Linux and Windows Trojan and virus signatures. So you can install these and scan your windows box, and then scan your Linux box/downloads for malware (e.g. openoffice files, media files, etc.). Add Dazuko, and you can get real-time scanning of your Linux box while downloading/compiling software. This is getting OT but I still want to ask: Is it really necessary to run an anti-virus on linux? I just want to hear some opinions on that topic because I thought security fixes for your software are the way to go for fighting virae on linux. Anti-Virus on Linux. No. (presuming that you don't run as root, and have lots of unprivileged users for individual applications.) Anti-Malware on Linux. Yes. (Malware gets to the box via spoofed or hacked software distribution or creation sites; bad links or poisoned DNS caches; or via (e.g.) browser memory attacks - at plugins or exploits) The oldtimers will tell you that safe hex and perhaps integrity monitoring (e.g. Samhain or tripwire) are all that's needed. But desktop Linux with Browsing, IM, etc. is changing that, IMHO. The three packages above have Linux Trojan and Rootkit signatures, as well as Windows malware sigs. Easy enough to run an occasional scan of the Linux box (or Windows partition); and to scan each Linux download before reading, compiling, or passing on. (Dazuko additionally allows realtime scans of compilation read/writes). IMHO, Linux and MAC are the next frontier for malware, and -SADLY- AntiMalware signature and heuristic techniques are one thing we can learn about from Windows :-( -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Boot Gentoo to clean windows
Mikie wrote: Does anyone know of a product (hopefully free) that can clean a Windows PC while booted on Gentoo? I guess I need a good malware tool that runs on Linux and cleans NTFS volumes. Thanks. FWIW, AntiVir, Bitdefender, and F-Prot run quite well on Linux, and each has BOTH Linux and Windows Trojan and virus signatures. So you can install these and scan your windows box, and then scan your Linux box/downloads for malware (e.g. openoffice files, media files, etc.). Add Dazuko, and you can get real-time scanning of your Linux box while downloading/compiling software. (AntiVir and Bitdefender each usually score high on the antivirus/antiTrojan tests run for Windows bugs. Bitdefender and F-Prot are ebuilds; AntiVir is available as a Linux source hth -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Nvidia GeForce Go 6800 and nvidia-drivers == Cannot switch to ttys or close X
Enrico Weigelt wrote: You're talking about the NV's secret-code driver ? It makes heavy trouble with fbdev. Both together monst likely won't work. That's because they refuse to use the well approved DRI interface and do something completely own and obfuscated. Nobody outside of NV can really help you :( Help, please! I'm thinking of building a new box: asus p5e/intel core2 quad. I had thought of getting an NV. Would ATI be the better choice? -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: SSH brute force attacks and blacklist.py
Steve wrote: I can't believe that I'm the only person with this, so it's probably worth asking. I'm one of the (many) people who has opportunists trying usernames and passwords against SSH... while every effort has been made to secure this service by configuration; strong passwords; no root login remotely etc. I would still prefer to block sites using obvious dictionary attacks against me. I used to use DenyHosts - but that became annoying as it used rather a lot of resources (and relied upon tcp wrappers... which, I'm informed are somewhat old-fashioned) I migrated to try using iptables as my firewall and using blacklist.py - which I got working after some minor config-tweaking. I'm aware that there is configuration in the blacklist.py script for BLOCKING_PERIOD - but what I really miss the blocked forever nature of the DenyHosts alternative though I prefer every other aspect of the iptables/blacklist.py approach. Has anyone else resolved this? As far as I'm concerned, once I detect someone has attempted a brute force (which blaclist.py does fantastically well) what I want is for no further communication to be accepted from the IP address - even after I reboot etc. While I don't know which sites I want to be accessible from in advance, I can be sure none of them would launch a brute force attack against me. :-) Recommendations? If this is a personal or low-user connection, consider fwknop - single packet authorization port knocking. - works well for my home box - the port simply drops pings, connection attempts, etc. 'til opened - fwknop uses pcap to listen for authorization packets; when one comes through with the correct (encrypted) command, it'll send an iptables command to temporarily open the port for a designated period of time allowing you to connect. The encrypted packets include a time of day field to prevent replay attacks. http://www.cipherdyne.org/fwknop/download/ I'm looking for the neatest Gentoo way to do this... rather than recommendations for how to write something to do what I want from scratch... fwknop is not Gentoo; but compiles cleanly. HTH -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: SSH brute force attacks and blacklist.py
Sorry here's the link I should have posted: http://www.cipherdyne.org/fwknop/ -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Horribly off-topic linux distro question...
Hans-Werner Hilse wrote: Hi, On Thu, 07 Feb 2008 13:05:00 -0500 7v5w7go9ub0o [EMAIL PROTECTED] wrote: - The SSL connection is established within the Linux VM, so all the host sees is an encrypted connection to your bank. Wrong: It will also see all the virtual memory the virtualized machine is using, including those parts containing your precious unencrypted data. All you win by using a VM is that you don't need to boot into the OS (which might be impossible on some public terminals while running qemu might work). Huh!? Sure, virtual memory and real memory will together have bits and pieces of all executing code and data - paged in and out at various times - and if your local library or friend's windows machine is actually logging, reconstructing, and effectively parsing all of that, you could indeed be compromised. Never heard of such a resource-intensive, sophisticated attack; but can see that it could -theoretically- be done on a public library or friend's computer; though not likely on any computer I'll ever come across. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Horribly off-topic linux distro question...
Jan Seeger wrote: snip insane security paranoia insane? What's insane: Presuming the windows host is compromised? or having your computer on a USB flash drive? or using two browsers to confirm the integrity of a site? The procedure is quite easy, once you've done it once or twice. But go ahead and do something less; it's easy to do something less cautious. Actually, at that stage, you should be more worried about the hardware. Slip a little hardware keylogger in there and all that is for nothing. And try to do online banking without entering anything... If your bank doesn't require something like a TAN (transaction number) or ITAN (indexed transaction number), I wouldn't use it at all. So it would probably wiser to get a laptop and take good care of it. Definitely agree. Laptop is easily the best choice. (But I still check for DNS poisoning and XSS attacks at the destination) :-) - However, maybe Steve doesn't have a laptop! At any rate, he is discussing a solution for use at a windows pc. (And I wouldn't mind entering a TAN via a library keyboard if the primary authentication (initial phase of a two phase identification) was hidden from the hardware - it alone won't compromise my account.) -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Horribly off-topic linux distro question...
Steve wrote: In the context of online banking, where Windows of some flavour is the desktop OS, I see a substantial risk arising through spyware and/or viruses. I suspect that a neat way to mitigate this would be to run an OS from a CD which offers nothing more fancy than a basic web-browser. Is there anything like this already available? My preference is using a safe browser (Opera with plugins removed) on a QEMU/Hardened Gentoo VM - on a USB flash stick. It presents the user with a window in which the Linux OS boots up and in my case, presents a Fluxbox desktop. - The VM (actually, a qemu emulator in virtual mode) will start up without privilege - say, while on the road at a public library. - At the end of the session, there are no relics that I can find, except for a single, minor note in the windows registry. - The SSL connection is established within the Linux VM, so all the host sees is an encrypted connection to your bank. - IIUC, today's biggest banking concerns, besides pharming and phishing, are Trojan/Keyloggers. This kind of VM is -probably- immune from most kinds of spyware on the Windows host, though not hardware loggers on the keyboard or Terminal. Workaround is to have passwords handled automatically by the browser within the Linux OS - so that passwords are neither typed nor displayed. - Other banking concerns are pharming, DNS poisoning, and XSS attacks. So I go to my banking site with FireFox first, confirm that the DNS is correct (or do your own lookup at Sam Spade), and have NoScript confirm that everything is o.k. Then use Opera (safer browser) to consummate the transaction. - If you go this route, do a little research and get a fast and quick USB flash. HTH -- gentoo-user@lists.gentoo.org mailing list
[Fwd: Re: [gentoo-user] Gentoo Rules]
Volunteer to pick up part of the load, I guess - something that I, as a newbie, am reluctant to do - but I guess I will if filezilla continues to languish. There is indeed an issue; e.g. TOR, a popular desktop package, is a release behind; Vidalia, is two releases behind - one a security release. Probably this is the consequence of a busy maintainer, but you'd think someone would pick up the slack (and yes, I've already filed a bugzilla security report on Vidalia). OTOH, the good news is that a newbie like me can install an outdated package (e.g. Vidalia); resolve dependencies; uninstall the portage version; download and compile the current version from the developer. ---BeginMessage--- Lately I've been shopping around for other distros as well as looking at *BSD. Gentoo development seems to have slowed way down and I like things being improved as quickly as possible. FreeBSD is supposed to be the closest relation, but even that won't do. I don't think there is anything as satisfying as Gentoo out there. The concept is second to none, the execution of that concept is fantastic, but it needs to keep moving forward. What is the next step? Or should we keep treading water? - Grant I love gentoo and can't settle for anything else. What can I do to make sure development doesn't stop? Let me in on that. What can I do too? - Grant -- [EMAIL PROTECTED] mailing list ---End Message---
Re: [Fwd: Re: [gentoo-user] Gentoo Rules]
Randy Barlow wrote: 7v5w7go9ub0o wrote: OTOH, the good news is that a newbie like me can install an outdated package (e.g. Vidalia); resolve dependencies; uninstall the portage version; download and compile the current version from the developer. If you know how to do those things, learning how to make the ebuild that does it isn't that much more to do. Then, instead of just filing the bug report, you can submit an ebuild as a suggested fix with it and help out. Linux works best when the users take part in it! Fair enough! My concerns with this, other than my abilities, are: 1. Showing proper respect to the guy who pioneered the effort to date, and who may simply be out of town. (This disrespect would be alleviated if there was an official policy encouraging volunteer ebuilds.) 2. He won't be there to proofread my work anyway, so therefor my ebuild would still not get into the disribution. (This could be alleviated if there was a designated backup for each package - someone who could either temporarily fill, or accept a volunteer ebuild, and move it forward. It would also be nice if there was a single, temporary homeless list of ebuilds belonging to folks who will be out of town for a while - this would be a one-stop page to notify designated backup people, and others who could keep an eye on the distributions.) 3. If a volunteer ebuild isn't proofread, it could contain a bug. (you don't know me.) P.S. A good place to start in writing an e-build for a new version of a package is to use the ebuild for the old version ;) I'll do that; and I'll also look forward to the reply to b.n.'s request. -- [EMAIL PROTECTED] mailing list
[gentoo-user] Re: revdep-rebuild question
Alan, Seems reasonable. Would I (Could I?) then do an equery depends on each binary and assuming nothing depends on it remove them by hand without causing damage? I'd want to do another revdep-rebuild every so often to ensure that things remained consistent. Makes sense to me - doing the equery on the package that installed the binary (which may have a name unrelated). IIUC, there are two tools useful for second/third opinions for this task; dep and pquery. Here's an example of their use on fftw: dep -L fftw pquery --vdb --revdep sci-libs/fftw And as you idicated, do a revdep-rebuild after the manual deletion. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: Best printer to use with Gentoo.
On Wed, 24 Jan 2007 10:33:39 -0500, Carl Adams [EMAIL PROTECTED] wrote: I've had no success getting my HP PSC 1610 Inkjet/Scanner connected to CUPS under Gentoo. Of course, there's no such thing as a best printer, but do any subscribers have recommendations for printers they've found easy to connect and use? Either inkjet or low-cost laser. FWIW, I could not get my HP photosmart 7660 to work 'til I went with hplip 1.6.12 and cups 1.2.7. (I print only rarely, but when necessary, I start up hplip, then cupsd.) Everything works fine. HTH -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: Which Laptop is recommended for Gentoo GNU/Linux?
On Fri, 05 Jan 2007 23:49:48 -0500, »Q« [EMAIL PROTECTED] wrote: qfpvajdy [EMAIL PROTECTED] wrote: I'm interessted to buy a laptop on which I would like to install Gentoo GNU/Linux by using 100% all hardware functions of the laptop for which I have bought. I've just installed Gentoo on a Sony VAIO VGN-FS740, and I recommend against it. Almost everything in it is well-supported, but one of the most important things is a PiTA. Sony uses some unusual system to handle power management, and there are things the drivers available with the kernel will not handle. Most notably, I could not get control of LCD brightness without installing a driver which is (a) not in portage and (b) AFAICT not in most distros' repositories. If someone hadn't published a portage overlay for it, I would still be struggling with it. From what I've read (which was a lot more than I wanted to, this is the situation with most (all?) of Sony's FS models. Think that this is exactly right. However, I wouldn't limit my laptop selection to one that is 100% Gentooable. e.g. I went with Sony (their smallest) and would do so again, because small size, light weight, and high-quality display (necessary on a tiny box) were so important. As you indicated, it was a PITA; Lot of stuff still doesn't work :-( , but it's light enough (2.7 lbs) and small enought that I stick it in the backpack and don't resent it. -- gentoo-user@gentoo.org mailing list
[gentoo-user] DieHard ? ( hardens against memory errors)
Anyone using this on a hardened box (e.g. to augment a precompiled, non-ssp binary, such as OOffice)? http://www.diehard-software.org/ (Emery Berger, UMass) DieHard completely prevents particular memory management errors from having any effect (these are double frees and invalid frees). It dramatically reduces the likelihood of another kind of error known as dangling pointer errors, and lowers the odds that moderate buffer overflows will have any effect. It prevents certain library-based heap overflows (e.g., through strcpy), and all but eliminates another problem known as heap corruption. How does DieHard differ from Vista's and OpenBSD's address space randomization? Address space randomization places large chunks of memory (obtained via mmap / VirtualAlloc) at different places in memory, but leaves unchanged the relative position of heap objects. OpenBSD adds quasi-random shuffling of allocated objects around on a page. DieHard not only completely randomizes the placement of objects across the entire heap, but also adds protection from a wide variety of errors. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: linux-headers vs gentoo-sources
This show the disadvantage of aggressively cleaning $DISTDIR. You have already downloaded this file once, when you installed 2.6.17-r1 (or even earlier when you first installed a 2.6.17 kernel). Patch level updates use the same source files, so cleaning out tarballs for installed packages results in more downloads and more load on the mirrors. Thanks for pointing this out. Suppose it's listed somewhere, but new to me. Newbie p.s. perhaps a permanent link on the newsletter to a page titled 20 (30?) useful tidbits that everyone knows about Gentoo, that make life easier? It would include a link to Bugzilla; references to equery depends; dep -L; pquery --vdb --revdep; only one emerge sync per day; etc. i.e. all the stuff that recurrs here. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: browser advice
Another vote for Opera here. I'm running 9.02 at home. A few observations from my set-up, although they could be as much to do me having not got something else in my configuration right ... And another strong Opera vote here :-) 1) This version of Opera really seems to struggle with heavy pages. The whole app slows down, no response to clicks etc, until the page has fully rendered. Example of affected page: http://funds.ft.com/funds/searchFund.do?symb=AQSTGtype=F1 2) Opera infrequently causes my system to hang completely. I can't ctrl +alt+F1 to a terminal screen, I can ctrl+alt+backspace to kill X, I can't do anything. It's a hard reboot of the box. Admittedly I'm slightly impatient, but I give it 10 secs before hitting reset, sometimes longer. I can't categorically state that it's Opera, but I've a very strong suspicion. Especially given that I basically use an xterm, sylpheed and opera 95% of the time. Not had these issues ... sorry. 3) Javascript seems fairly broken in Opera - but that could be my fault for not setting something up properly. JS works great here - perhaps reemerge everything? 4) Some pages just don't render properly in Opera and I have occasion to fall back to firefox. As another poster said, it's often badly designed banking sites. Yep . So I changed banks (earlier bank wanted I.E.). I tell them that if they want my business, they'll get their site to work on Linux/Opera. Present bank got it to work fine (not perfect rendition - but functional). 5) Overall though, IMO Opera is a nicer browser to use than firefox. Tabbed browsing is implemented in a more effective fashion. Keyboard shortcuts are lovely, eg F2 to bring a dialog for typing a URL, which can be configured to fire up a new tab is very nice. Shift+F2 allows you to have a one key shortcut for favourite bookmarks (again firing up a new tab). Sidebar is far more effective in Opera. Obviously personal preference, but I much prefer it. IMHO, Opera loads MUCH faster, and surfs much faster as well. ALSO, it is easy to put Opera in a Chroot Jail; FF is a PITA to put into a jail. Final note is that most FF users seem to have never tried Opera; Most Opera users have tried FF - gotten it to work adequately - and chosen Opera. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: udev upgrade and non-working eth0
FWIW, I also upgraded and find that my laptop, which previously had eth0 and eth1 for its two cards (one wired and one wireless) now has eth0 and eth2. After editing my scripts and configurations (e.g. wpa_supplicant startup and kismet conf), things seem to work fine. HTH, newbie -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: ipw2200 + Intel Pro Wireless 2915 a/b/g: ipw2200: Firmware error detected. Restarting.
Hope that you get a more useful response FWIW, I Had precisely these symptoms on my Sony 2200 laptop - and can't tell you why - but it is rock sold now. I think there were two things going on: 1. This might be a kill switch? Some of my problems were certainly due to the kill switch. I finally noticed that the little wireless LEDs were off. I had turned them off while using the windows OS - given that it is susceptable to the wonderful new driver attacks - and had failed to turn it on when booting up hardened Linux (which I believe is NOT susectable to the driver buffer overflows). 2. I also suggest a step by step walk-through of the following page (check your kernel config). http://gentoo-wiki.com/HARDWARE_ipw2200 P.S. Contrary to their suggestion, I emerged the latest driver/firmware from portage. Newbie. (HTH; good luck.) On Wed, 25 Oct 2006 09:38:04 -0400, fire-eyes [EMAIL PROTECTED] wrote: I am having a very irritating problem with the wireless driver and card above. Sometimes, but not all the times, it gets into this phase where the wireless drops, comes back, drops, comes back (etc) and eventually I start seeing this in kernel logs: -- gentoo-user@gentoo.org mailing list