[gentoo-user] Unknown keyword arguments "Description" during babl/meson build
Hi, New to Gentoo to get away from systemd CVEs and I enabled vaapi and IN10N use flags and after changed-use it suggested rebuild-rdeps rebuilding many packages. During babl and so meson build. I get 'Unknown keyword arguments "Description"' in the meson log. A similar message to here. "https://gitlab.gnome.org/GNOME/babl/-/issues/72; I assume I just wait for the build to be fixed or is it more likely that I did something wrong? Regards, Kc
Re: [gentoo-user] Removing pulseaudio
the solution (in the GNOME developers view) is not to remove PA, since the goal of the project is to cover *ALL* use cases. I don't know the details of the pulseaudio implementation but I have a hunch the problem boils down to blind arrogance and ignorance on the part of the roots of the project. Initially Lennart thought it truly would suit all including pro audio users and as he has apparently stated he thinks all systems should run dbus...endof. Knowing a bit about pro audio myself with my Dad building his first Class A/B amp in his twenties it is not just feasible but close to a guarantee that Lennart did not realise what level of detail goes into pro audio including analysing cd players to find they add timing issues and the windows mixer found to cause real damage and need bypassing just like pulseaudio needs switching off (windows being worse however). It is actually very easy to bypass on Windows though, you just install whatever mixer comes with your pro sound card driver. There is nothing wrong with mis understanding the depth proaudio goes to. The problem is coders should expect their software to be replaceable and code with that in mind with the added benefit of competition being good especially in a free software ecosystem where one of the plusses has been avoiding user entrapment to make money. As for Desktop distros, they make an understandable choice of PA by default but what I especially don't understand and demonstrates the dependency issue is getting much worse is why removing polkit on Ubuntu means you lose. KDE Steam-launcher nvidia-settings pulseaudio many many more.. All of which would function just fine and in most cases perfectly via sudo. Polkit tries to do two things well and fails at the second which sudo does very well indeed, unfortunately many developers don't seem to understand that. Pulseaudio, well I am not sure if it is the design of pulseaudio and lack of utilising universal interfaces or the programs that use it such as Gnome and the packagers setting dependencies badly. Perhaps if packagers were more careful there would be less work for Gentoo in trying to give users choice and more reason for Gnome not to depend upon a package. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Removing pulseaudio
the solution (in the GNOME developers view) is not to remove PA, since the goal of the project is to cover *ALL* use cases. I don't know the details of the pulseaudio implementation but I have a hunch the problem boils down to blind arrogance and ignorance on the part of the roots of the project. When trying to hunt down a thread to let a guy on the OpenBSD list know about Gnome 3.8 hard deps on pulseaudio. I came across this sarcasm about a comment by Lennart from a fairly prominent dev that adds to the idea of arrogance and ignorance possibly being a contributing factor. Lennart is a funny, funny man, go check the avahi code to see how nice it is. When working on Avahi I learned a lot about the complexities of safely and reliably running and maintaining system services, and about securing them as much as possible, which is particularly important for network facing services like Avahi. I implemented a lot of pretty nifty features in this area in Avahi. For example, Avahi is still pretty much the *only daemon* on a standard Linux install that chroot()s itself by default. ___ -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] How reliable is ext3?
Therefore Ext2 is a perfect match: * it is so old, that I guess by now most bugs have been found and squashed; * it is so old, that virtually any Linux (or Windows, FreeBSD, or most other knows OS's) are able to at least read it; * it is so old, that by now I bet there are countless recovery tools; * it is so simple (compared with others), that someone could just re-implement a reader for it, or recovery tools; Any feedback about the Ext2 for backups? (Hope I'm not wrong on this one...) Unexpectedly ext4 is actually rather good for embedded when compared to JFS etc.. However I have been considering using ext2 on my home partitions for the very reason you guess upon (it is easily recoverable by testdisk rather than carving out inodes, in fact ext4 was known to have this issue but traded it for other benefits when it was designed). I will have to look into the performance differences but thinking about it now as my IO is usually net or usb then I can't see it being relevant. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] Removing pulseaudio
Am 23.04.2013 22:59, schrieb William Hubbs: On Fri, Apr 19, 2013 at 09:49:19AM +0100, Kevin Chadwick wrote: Feel free to remove PA if you don't need it. I really don't see any scope for Lennart to make all of alsa redundant anytime soon (unlike udev...) Of course from many threads from a pro audio user called Ralf, Gentoo users and so a fraction of Linux users are the only ones lucky enough to be able to do that *easily* whilst keeping packages they want, especially Gnome ones! Im not a gnome user as of yet, but I can tell you that the day is coming (Gnome 3.8 I believe) when gnome will not work without PA, so you will have to install it if you want newer Gnome. William That's true, gnome3.8 will require you to install pulseaudio-2 Are you sure, I know there have been a couple of times in the past where Gnome has leaned towards Linux only but they have always steered clear eventually. I know of one guy who runs a network of hundreds of Gnome/OpenBSD machines that may wish to know about that as I think he is already getting fed up with the increasing amount of code he has to write in order to keep the port working. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] [gentoo-user] Re: [Bulk] Re: Removing pulseaudio
So are you saying plugs are no longer required or that they are only needed for certain apps that take over the audio device. I don't even know exactly what ALSA plugs are, and ALSA has worked perfectly for all these years, so yeah, whatever an ALSA plug is, either it is not required anymore, or it is handled automagically by ALSA. Just did a quick Google to refresh my memory and I used plug:dmix as the device file name in order to prevent apps hogging the sound card. From Wikipedia A card's interface is a description of an ALSA protocol for accessing the card; possible interfaces include: hw, plughw, default, and plug:dmix. The hw interface provides direct access to the kernel device, but no software mixing or stream adaptation support. The plughw and default enable sound output where the hw interface would produce an error. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: [Bulk] Re: Removing pulseaudio
Just throwing out there that users can or atleast could use alsa plugs to have multiple applications. I did that before pulseaudio came along to play nfs carbon under cedega and listen to music. It should be noted that ALSA users can have multiple applications by doing absolutely nothing other than using ALSA and using the applications they want to use. So are you saying plugs are no longer required or that they are only needed for certain apps that take over the audio device. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Removing pulseaudio
Feel free to remove PA if you don't need it. I really don't see any scope for Lennart to make all of alsa redundant anytime soon (unlike udev...) Of course from many threads from a pro audio user called Ralf, Gentoo users and so a fraction of Linux users are the only ones lucky enough to be able to do that *easily* whilst keeping packages they want, especially Gnome ones! -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Removing pulseaudio
Another question. Can the installation of PulseAudio and Jack coexist? Doable or a constant nightmare? There seems to be a a package to allow pulse to utilise jack. However if you are using jack for the high quality audio benefit then apparently you have to kill pulseaudio even if it means making a dummy package on binary distros to fool the system into thinking it is installed and so not removing lots. I suggested he use Gentoo but I think he saw it as too much work. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Removing pulseaudio
I suggested he use Gentoo but I think he saw it as too much work. (comment for me?) All I use is gentoo or embedded (state machines) on embeddded hardware. My target is jack on embedded gentoo, but, I've run into resource limitations, so I'm waiting on my new Arm15 dev board in May. Feel free to remove PA if you don't need it. I really don't see any scope for Lennart to make all of alsa redundant anytime soon (unlike udev...) Of course from many threads from a pro audio user called Ralf, Gentoo users and so a fraction of Linux users are the only ones lucky enough to be able to do that *easily* whilst keeping packages they want, especially Gnome ones! Ralf, Sorry. I should be more careful in what I write but I am in the middle of a few things. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] Removing pulseaudio
... (i) It's a sound server, a description I don't understand. What does it _do_? Why do I want it? It seems to be an unnecessary layer of fat between sound applications and the kernel. If you don't understand the term sound server you probably shouldn't be using Gentoo. When I'm watching a YouTube video I still want to hear my email client go bing or my chat program alert me of my buddy coming online. That's not possible if my web-browser has a hard-wired path into my soundcard and ain't letting go. Just throwing out there that users can or atleast could use alsa plugs to have multiple applications. I did that before pulseaudio came along to play nfs carbon under cedega and listen to music. Also I have never got around to looking into Jackd but isn't it meant to be by far the best. I know pro audio users use it and I have heard it is not the easiest to set up but is there any reason why it isn't the default setup. http://en.gentoo-wiki.com/wiki/JACK From a quick look at this jack can hook up multiple applications that seem to need to be set up individually. What's the scope for Jack a./ replacing pulseaudio b./ having a compat interface layer to make pulseaudio compatible apps talk to jack -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] Removing pulseaudio
I don't use wine. For a lot of good reasons. Name one. fat, slow and buggy. Do you need more? If I really had an application that I must use and is windows only - I would install windows. That is a lot quicker and less painful than that wine crapfest shitting all over the place. I agree with a lot of good reasons primarily around security but I have to say I don't agree with this. Wine is far faster that Virtualbox or rebooting. Take adding bookmarks to pdfs which I sorted out yesterday. Install foxit on windows copy the directory to wine (install failed for me) and bang, sorted. Perhaps the latest poppler and okular can do bookmarks properly now? but there are other commercial apps required thankfully falling one by one. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] [way OT but interesting] Massive recent DDOS attack
On Wed, 03 Apr 2013 03:33:17 +0200 Volker Armin Hemmann volkerar...@googlemail.com wrote: But somebody had to blow it up. And even more people jumped on it. Boohoo. So the next time you start insulting people, base your findings on more than a blog written by those guys who have an economical interest to blow the whole mess out of proportion. Of course, those responsible - all those guys with unpatched boxes whose little zombies took part in this attack, need a good kicking. But that is no excuse for spamming mailing lists with something the media already abused to no end. Yeah because it is all their fault. You know the cleaner down the road and not Microsoft (linux is beginning to follow a similar road awayfrom it's secure fs based and modular approach with polkit), Adobe or the IETF who though warned turned 3gbit/s into 300gbit/s. Hmmm, imagine a worm red now and with ntp so prevalent too. Blown out of proportion, really?, maybe this particular instance? I can understand the list spam argument though.
Re: [Bulk] [gentoo-user] Re: Udev update and persistent net rules changes
On Mon, 1 Apr 2013 14:12:17 +0100 Neil Bothwick n...@digimed.co.uk wrote: I still don't understand what's so bad with MAC-based identification? I mean, uniqueness defined through MAC Address identity, the system name is just a label... MAC addresses are not human-friendly. It would be OK if you could set up aliases, so your firewall rules could use enaabbccddeeff while you could still type eth0. It used to be dead easy to link the MAC to the device type and number from dmesg without looking up the MAC to Manufacturer codes. A lot of useful information seems to have been removed from the linux dmesg? atleast on 3.2 kernels.
Re: [Bulk] [gentoo-user] Re: Udev update and persistent net rules changes
On Sun, 31 Mar 2013 11:48:19 + (UTC) Nuno J. Silva (aka njsg) nunojsi...@ist.utl.pt wrote: instead of pushing a completely different (and possibly less reliable) naming scheme by default. Whilst I wouldn't want them changing on me (though if your physically changing the pci slot then you should be able to handle the number change). I find the OpenBSD method of different names like fxp0 useful because it means you can look up the manpage for that card type which as long as the documentation is good is very useful.
Re: [Bulk] [gentoo-user] Re: Udev update and persistent net rules changes
On Sun, 31 Mar 2013 20:55:00 +0100 Neil Bothwick n...@digimed.co.uk wrote: What about USB network adaptors? A user may not even realise they plugged it into a different USB slot from last time, yet the device name changes. Fair point but wouldn't that be only if you plug in two of the same type that the names may switch? In which case there are various ways of solving the problem and name assignment may be handy in some cases, though I still think it would be good to have a man page linked to that name.
Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack
On Sat, 30 Mar 2013 13:06:16 +0100 Norman Rieß nor...@smash-net.org wrote: As we all know everything works better and cheaper when things are privatized Actually No it's not so simple at all. You get incompetence in private and public and you may be more likely to get away with it for longer in a public service than in a market with competition but there are many examples where things simply get worse. In the UK, water companies were privatisied and fat cats made lots of money letting the pipes deteriorate for future generations. British Telecom, well that's a mixed bag but it is certainly a tiny shadow of it's original self. We know ideals and theory hardly ever work but theoretically public should be much better when well managed. I wonder if ISPS wouldn't be handling things like TalkTalks Homesafe in such a stupid manner (across the board is where it is stupid, even for non users of the service) where they redirect all the http traffic through an undoubtedly insecure layer 7 handling huawei device with less commercial pressures or analysing bandwidth at layer 7 when they should be doing so more safely and completely at layers 3 and 4 leading me to believe they are not just thinking about bandwidth usage. Why does it matter if you download 1000Gb via torrents or http. ACKs can be managed in any case. I'm glad open source is beginning to make strides into public services as it should help put an end to expensive interoperability issues (if we stay away from non posix things like systemd, though even then shouldn't be too bad ;-)).
Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack
On Sat, 30 Mar 2013 15:53:29 +0100 Rene Rasmussen gen...@paranoidix.dk wrote: There is also the possibility to use opendns.com I've been using them for years, and have not had any trouble. I started using them when my ISP decided to block some sites. And their standard service is free :) They also support dnscurve but I thought that in the case of non existing domain lookups they do show adverts? I don't see just that as a huge problem as long as they are not targetted though?
Re: [gentoo-user] How to prevent a dns amplification attack
On Thu, 28 Mar 2013 16:12:04 +0100 Volker Armin Hemmann volkerar...@googlemail.com wrote: Hello, i am using pdns recursor to provide a dns server which should be usable for everybody.The problem is, that the server seems to be used in dns amplification attacks. I googled around on how to prevent this but did not really find something usefull. Does anyone got an idea about this? I haven't looked into it but. You could perhaps reduce the amplification by looking for trends that maximise response sizes such as the 100x amp against spamhaus of late, but you would be fighting against the wind and only buying time. Rate limiting may work but bear in mind that so many servers could be used that attacks maybe ongoing and you wouldn't notice, again you may be able to make attackers need to be subtler or go to more effort like for spam but you are not going to eradicate it. Really you would need some sort of network of dns servers communicating about who they are hurting as thankfully there is often a single victim, but really it would be better if the IETF had listened to the dangers and even now simply redesigned DNSSEC. As for tcp I used to have all my OpenBSD clients resolvers using the tcp option in resolv.conf but I haven't noticed another OS's resolver with that option. There are decent protections against syn floods but I assume you are wanting random clients to connect.
Re: [gentoo-user] How to prevent a dns amplification attack
listened to the dangers and even now simply redesigned DNSSEC. Or they could fudge it by making every request requiring padding larger than the response. Bandwidth would increase astronomically but amp attacks would have to find other avenues.
Re: [gentoo-user] How to prevent a dns amplification attack
On Thu, 28 Mar 2013 17:04:25 -0400 Michael Mol mike...@gmail.com wrote: listened to the dangers and even now simply redesigned DNSSEC. Or they could fudge it by making every request requiring padding larger than the response. Bandwidth would increase astronomically but amp attacks would have to find other avenues. Infeasible; the requester cannot know the size of the response in advance. If a packet comes in, and the response is larger than the request, is it really an amp packet, did the client not know, or is the server misconfigured and not limiting the response data as much as it could? I'm certainly not saying it's a good idea, hence the 'fudge' and 'making every request' which would mean non updateable clients or non updated routers (90%) needing special treatment. I'm sure there are probably other hurdles to it but it is certainly possible to make a request much larger than any potential response similar to the anti-spam system that makes creating a message take a lot of cpu and then only accepting messages from those that do (hsomething I think, only works too if all take part but would eliminate spam almost completely). However thinking about it, considering the want for dns to provide larger things like encryption keys, huge requests may be the best long term solution for a DNSSEC which seemingly refuses out of pride to add something like DNSCURVE to prevent spoofing. Similar to firewalls only sending a single syn ack (less than or equalise)
Re: [gentoo-user] udev blocks systemd etc
From a technical point of view (the quality of the code and the time it takes to fix bugs), I believe everyone (even Lennart's most fervent detractors) will agree that systemd is a superb piece of software. The problem is the philosophy behind it; if you agree with said philosophy, systemd is great. Otherwise, is a new fangled beast which goes against everything that UNIX stands for (whatever that means), a solution for a problem no one has, and fixing something that wasn't broken. I won't start this up again, there is lots of info out there. LWN and this lists archives maybe reasonable for some for and against arguments. This post is as bad as Lennarts myth busting post which avoided all the real issues and skirted around the ones he did mention. The real drive behind systemd is enterprise cloud type computing for Red Hat. The rest is snake oil and much of the features already exist without systemd. With more snake oil of promises of faster boot up on a portion of the code which is already fast and gains you maybe two seconds. 3. is openrc just a dead project is that why? Not even close, systemd is one of the least used init systems. The question you should ask yourself is why would anyone talk about the fact they are using OpenRC. Having said that I do hate all the symlinking rubbish many linux (not OpenRC) uses but would bear it over systemds technical flaws. So there you have it complete contradictions which mean you should make up your own mind, even if it is easier for the more advanced arguments against it to be overlooked. Is not dead; it has new releases and stuff. Just not many features are implemented to it, and it has some pretty awkward bugs, some of them years old, like not being able to start services in parallel. There is arguably more weight to the argument of an init system that does parallel starting being a bug. What do you gain, speed? and complexity, what do you lose reliability and predictability. If you cause disk churn it *may* even be slower too such as windows tools that stage autostarts. Do one thing and do it well and you are more likely to make it into every Unix-like OS for good not so obvious reasons. I hope this doesn't start into another discusssion just know that there are many arguments badly represented by Canek to research if you want your answer. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] Re: udev blocks systemd etc
On 27/03/13 at 11:27am, »Q« wrote: Eventually, as I understand it, GNOME and KDE will require systemd because they want full control of they system. For people not using GNOME or KDE, other init systems will still be possible, with either udev or a udev alternative. I have no idea how far away eventually will be. GNOME maybe/probably, but regarding KDE what makes you say this ? I don't recall reading anything about this (this one comes to mind but its got nothing to do with systemd [1]. The author explains in the comments why he chose not to use systemd). KDE always prides itself in being cross platform forcing systemd would be terribly detrimental. [1] http://dantti.wordpress.com/2013/02/27/1-2-3-plasma/ Actually it came up not too long ago that a commit was making Gnome Linux only and I believe it was decided not to be the way to Go. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] [gentoo-user] Re: [Bulk] Re: Back to openrc from systemd
On Sat, 23 Mar 2013 14:54:23 +0200 nunojsi...@ist.utl.pt (Nuno Silva) wrote: A good overview though I don't agree with If you don't 'need' Did your desktop really fail to run at all? I don't need any of this u* or other things for my desktop computer to work. Maybe this is related to the fact that I don't run a desktop environment, even if I use linux for desktop computing and run X. I'd be interested in what happens if all the consolekit and logind files are removed. Perhaps the reverse, systemd breaking and Openrc working?
Re: [Bulk] [gentoo-user] Re: Back to openrc from systemd
If you don't need user session monitoring for anything (which is what ConsoleKit and logind provides), nor interactive privilege granting (which is what polkit provides), then I believe you will have no Thanks. Now *that* is what I call explaining something in a nutshell :-) problems switching OpenRC and systemd withouth needing to recompile anything. However, that means no upower and no udisks at least; GNOME cannot run without any of those. XFCE needs them if the udev USE flag is enabled, which is enabled by default in Gentoo desktop profiles, and in KDE the three of them are optional dependencies turned on by default. You can turn them of in XFCE and KDE, but you kinda lose functionality without them. I do indeed remember having to fight the KDE use flags so that I could pull kdelibs without pulling the whole set of u* things someone decided that were required for a desktop environment (the fun thing being that I wasn't even using KDE as a DE). But I hope you don't mean the GNOME *libs* will be requiring logind/Consolekit/... in the near future? That would cause me some trouble, as I rely on evince a lot. A good overview though I don't agree with If you don't 'need' Did your desktop really fail to run at all? Why are dependencies suddenly getting a lot worse (ignoring konquerorFM without kde) when for so long dependencies were understood to be a big problem that must be fixed. It can only be bad design if a desktop does not work at all because 1% of the functionality is missing and may well have been replaced in every case above by alternative and in some cases superior (permissions) that may override others (sessions you don't use), choices of functionality. Is it really a freedesktop when almost all the rest are free-er? -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] [OT] Time-lock USB stick
We discussed using a simple RC timer to cut power to the device after a certain amount of uptime, but if I pointed out that if we were spend the time going to that trouble, we may as well go whole-hog and add built-in encryption and make money off the thing. I think the grab-data-and-eject solution is probably the best for our purposes. What about wiping the key. I would investigate if a hdparm reset negates that security. A long shot that all systems especially likely small ones will have floppies (though there may be a usb one) but using a floppy eject would certainly be one way (ignoring any buffers) as it is 100% mechanical on the enable direction. However why not just use a usb with perms set to root. If an attacker can get root which should be the biggest barrier and you are not worried about physical access then even SELINUX/RBAC may not save you. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
If you're going to call me out for ignoring things, missing things or simply not knowing things, please highlight what it is. the quote isn't very enlightening in this context. You have a nasty habit of referencing things without inlining them or referencing them directly, and this has gotten in the way of clear communication *multiple* times over the last week. I only wrote two lines and you still missed it I respond to what's written in the email I'm replying to, because that's what I've just read, and that's the context of the email. never mind the examples I had given in my original mail that do not only apply to remote content and that you wrongly interpreted. Honestly, I never expected you to be up in arms over being exposed to HTML syntax. I presumed you were concerned about libpng, libjpeg, swf and gif. As I clearly said both, but actually less so html. You seem to be under the impression Androids mail clients let you avoid all that but they do not. Talk about hitting your head against a brick wall. I presumed you were concerned about privacy concerns. Those are what most people who gripe about HTML email security are concerned with. That would be to do with scripts and remote content. Remote content Is as you have said almost always switchable and so was not a concern/thought of mine but yes, what people shout about. Scripts, well with Googles love of javascript (for obvious tracking reasons) I wouldn't be too surprised if that is enabled without recourse on android email. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
Either you ignored what I said about being able to disable loading remote content and being able to disable showing inline rich content, or you're seriously concerned about HTML parser vulnerabilities. You can't disable incoming rich content (which is the important one) like jpg logos on Android and which was the whole point. Considering most phones run Gingerbread it should be noted that this practice is actually rather dangerous. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] Can I chroot to a folder?
Is that partition mounted with noexec option? or user option without explicit exec option? problem solved :) You know you can bind mount just the directories you want with exec but as interpreters don't check this mount option, it's not as effective as it could be ;-( -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] Re: HTML editor WYSIWYG
sublimetext is nice, not OSS though Netbeans is quite useful for html5. Also chrome and firefox have good developer options so you can try changes and see them without a refresh. When I load my pages in a browser they are fine but in every WYSIWYG editor I have tried they are desimated to unreadable, though I do do width scaling without javascript ;-). -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Gentoo speed comparison to other distros
On 15 March 2013, at 17:32, Kevin Chadwick wrote: If you use the Gentoo hardened Tinfoil Linux you will need lots of ram and wait ages to boot but firefox will just pop up. I'm sorry, I don't understand this statement. Could you possibly explain, please? It's one of Blueness projects based on Hardened Gentoo. It loads into ram at boot (you need something like 4 gig of ram) which takes ages from dvd but could be from an ssd/hdd (defeating half the point without a ro switch though). It can update from the net once booted too. Once done everythings in ram so firefox can literally pop up like a web advert upon execution. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
Wait, K9 Mail doesn't have a plain text option? Perhaps I shouldn't be surprised, as I am also unable to comprehend why K9 might enforce top-posting on replies. K9 Mail can do both plain text and bottom posting. Both set in Account settings/Sending mail. It can write but forces html onto users, which potentially includes jpg exploits, png exploits, html exploits, script exploits, font exploits... And before you say anything. For what benefit, annoying ads from paypal. I am quite capable of opening a browser and deciding which domains *I* trust?? Google's network fell into this trap and banned Windows, but did they fix the real problem or just raise the bar a little (though I expect they took other unreleased measures that would be more interesting)? Would be even worse on Iphones where webkit is forced and so as old as the rom image. Rom cycle time is a major reason why even on cyanogenmod I use firefox over the chrome package which is ancient. Of course on Apple laptops even, Safari's webkit is sometimes months old anywhow. Having knocked Android, I haven't found the time to try the latest native email app. I'm not expecting a no html option but I'm pretty sure it will have some major pluses over k9mail, which was a trade of good for bad on Gingerbread. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
I don't know what mail client you use (I suppose I could check your headers), but *every* mail client I've used disables loading remote content by default. Except the content within the message. Why do you assume I am talking about remote content. Further, you're ranting about users being forced to send email with HTML, intimating that this means they'll send exploit-laden messages to their recipients. I am not. On 03/18/2013 04:38 PM, Kevin Chadwick wrote: It can write but forces html onto users, You seem to miss some of the details. I'll find time to respond on ipv6 too at some point ;-) -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Gentoo speed comparison to other distros
It's one of Blueness projects based on Hardened Gentoo. It loads into ram at boot (you need something like 4 gig of ram) which takes ages from dvd but could be from an ssd/hdd (defeating half the point without a ro switch though). It can update from the net once booted too. Once done everythings in ram so firefox can literally pop up like a web advert upon execution. In other words, it's a distribution designed to not allow persistent storage that might possibly be poisoned, Not really, that is one benefit, but don't forget that BIOS, HDD or Video card firmware could have been altered. The main goals are reliability and leave no trace elements but it does have some added tamper ensurance yes. I didn't spell it out because you should check the site to see all the details and would be bound to get it a little wrong without checking myself. and instead get much of its security-conscious code updated over the network. Security conscious code??? What do you mean? That says to me things like PAX brute force protection?? Even though it is from a DVD it can be updated just like standard linux. The problem is, if you run out of ram then things get killed. (Frankly, this sounds quite nice for kiosk environments.) Could be if you have a good enough network connection for Linux kernel updates or cut it right down ;-) -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On Mon, 18 Mar 2013 19:16:52 -0400 Michael Mol mike...@gmail.com wrote: On 03/18/2013 04:38 PM, Kevin Chadwick wrote: It can write but forces html onto users, You seem to miss some of the details. About that. See the attachment. It's a screenshot of the setting in K-9 where you can select composition methods. I took the screenshot on my own phone. (And then ran it through pngcrush -brute in deference to ML bandwidth...) I knew that perfectly well?? You even missed the quote? I only wrote two lines and you still missed it never mind the examples I had given in my original mail that do not only apply to remote content and that you wrongly interpreted. There is a security saying. Assumption is the mother of all f
Re: [gentoo-user] Re: Gentoo speed comparison to other distros
On Mon, 18 Mar 2013 19:28:04 -0400 Michael Mol mike...@gmail.com wrote: Even though it is from a DVD it can be updated just like standard linux. The problem is, if you run out of ram then things get killed. (Frankly, this sounds quite nice for kiosk environments.) Could be if you have a good enough network connection for Linux kernel updates or cut it right down ;-) Local gigabit is cheap, and a gigabit connection would transfer the image in under a minute. A bit more, of course, if you've got an overloaded server being slammed by ten or twenty machines. (I wonder if one can anycast TFTP on a local segment. Hm. I think you could just barely pull it off, since you'd have resolved the layer 2 address for your syn packet, and that should stick with the connection.) Kiosks are notorious for having difficulty in getting to connections as there place is determined by other factors. Still it may make a good choice of OS except for reboot time.
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On Mon, 18 Mar 2013 23:38:11 + Neil Bothwick n...@digimed.co.uk wrote: K9 Mail can do both plain text and bottom posting. Both set in Account settings/Sending mail. It can write but forces html onto users, which potentially includes jpg exploits, png exploits, html exploits, script exploits, font exploits... What are you talking about? K9 forces HTML on no one, it sends plain text if you set it to do so. If you receive a html email you have no choice but to execute code to handle as per my above examples. Having knocked Android, I haven't found the time to try the latest native email app. I'm not expecting a no html option but I'm pretty sure it will have some major pluses over k9mail, which was a trade of good for bad on Gingerbread. K9 is not Android, any more than yourfavouriteemailer is Linux. It is a program that runs on Android. As for being less capable than the native app, the opposite is the case as it is based on the code from the native app, but actively developed. Googles mail is part of android and they do maintain it. I maintain that while k9 has some improvements it also breaks things and I guess would have not seen light without Googles initial efforts.
Re: [Bulk] [gentoo-user] Re: Gentoo speed comparison to other distros
I didn't miss anything. I get what some are saying. The reason for my question is this. Gentoo allows a person to customize the OS to the specific hardware it is being run on. Redhat and other binary distros don't allow this, unless you compile your own packages which is no longer really a binary install. So, if I install Redhat on my machine, would it be less efficient than my Gentoo install which is customized for my hardware? Has someone else tested this and made it public? If people can't get this, never mind. I have not tested this nor seen data on this, but I'd look for comparisons on the efficiency and gains from gcc optimizations. These would be what benefits source-based distros on a specific system compared to binary distros, and a benchmark made with gcc will be simpler and easier to deal with than an os-wide benchmark. Or the real difference maker, designing the program itself to be faster or using a really fast storage device bearing in mind any draw backs like storage space. If you use hardened Gentoo or OpenBSD or a PAE gentoo like Sabayon it may be slightly slower but more secure but you won't notice any difference when waiting for firefox to open until the second time. If you use the Gentoo hardened Tinfoil Linux you will need lots of ram and wait ages to boot but firefox will just pop up. Compiling speed, well I would just get better hardware or do distributed compiles as otherwise chances are your taking risks especially if you don't test and understand exactly what you are changing very well bearing in mind that with compilers everything may work fine 97% instead of 99% of the time. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
From the headers of his email: Subject: Re: [gentoo-user] Gentoo speed comparison to other distros References: 51418728.7020...@gmail.com In-Reply-To: 51418728.7020...@gmail.com Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit It's perfectly compliant. You may want to correct your mail client to understand HTML. (Admittedly, it's unusual to see email clients send *only* text/html, rather than a multipart message with two different encodings.) ROFL. It's called me wrestling with thunderbird to try to remove html formatting but failing. Compulsory html annoys me on Android (If only you could have proper programs like Nokias N9 had claws) Claws would mean you needn't bother and still have html to text by default and can even enable html plugins if desired (right way around). -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
On Tue, 12 Mar 2013 13:29:38 +0200 Alan McKinnon alan.mckin...@gmail.com wrote: We should be pounding away on the fact that we're running out of IP addresses... period... end of story. If people ask about NAT, then mention that the undersupply will be so bad that even NAT won't help. In my presentations, I've stopped bothering to wait for people to ask about NAT, because it starts off in their minds from nearly the beginning--and until they get that question answered, most of what I say washes past them as ancillary and not as important as the question pressing on their minds. In one short paragraph you said exactly what I was trying to say in 4 mails (and still didn't succeed) You know I agree except the only people that brought NAT up and got fixated on it were those that were advocating ipv6!?!?
Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
Don't waste time and effort on it. Put your effort into pounding away on a simple issue that people do understand... we're running out of IP addresses. We have run out of unallocated ones, there are still loads of unused ones and even more due to global NAT, and even some being released. It is true eventually it will be an absolute problem but hopefully by then we will have a cleaner ipv7. Lets hope ISPs get smarter as recently they have gone downhill with all their *DANGEROUS* as cited by snort.org and compulsory layer 7 sifting. Until ipv6 is revised I can't see a day when there will be no ipv4. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
On 03/09/2013 07:53 AM, Kevin Chadwick wrote: There is no reason to believe that IPv6 will result in an increased use of IPsec. Bull. The biggest barrier to IPsec use has been NAT! If an intermediate router has to rewrite the packet to change the apparent source and/or destination addresses, then the cryptographic signature will show it, and the packet will be correctly identified as having been tampered with! http://marc.info/?l=openbsd-miscm=135325641430178w=2 It's hardly difficult to get around that now is it. Sure, you can use an IP-in-IP tunnel...but that's retarded. IPSec was designed from the beginning to allow you to do things like sign your IP header and encrypt everything else (meaning your UDP, TCP, SCTP or what have you). Setting up a tunnel just so your IP header can be signed wastes another 40 bytes for every non-fragmented packet. Ask someone trying to use data in a cellular context how valuable that 40 bytes can be. You are wrong the biggest barrier is that it is not desirable to do this as there are many reasons for firewalls to inspect incoming packets. I don't agree with things like central virus scanning especially by damn ISPs using crappy Huawei hardware, deep inspection traffic shaping rather than pure bandwidth usage tracking or active IDS myself but I do agree with scrubbing packets. It's not the transit network's job to scrub packets. Do your scrubbing at the VPN endpoint, where the IPSec packets are unwrapped. Trusting the transit network to scrub packets is antithetical to the idea of using security measures to avoid MITM and traffic sniffing attacks in the first place! I never said it was. I was more thinking of IPSEC relaying which would be analogous to a VPN end point but without losing the end-end, neither are desirable, NAT has little to do with the lack of IPSEC deployment. What do you gain considering the increased resources, pointlessly increasing chances of cryptanalysis and pointlessly increasing the chances of exploitation due to the fact that the more complex IPSEC itself can have bugs like Openssl does, not to mention amplifying DDOS without the attacker doing anything, which is the biggest and more of a threat than ever, or are you going to stop using the internet. When ipv4 can utilise encryption without limitations including IPSEC but more appropriately like ssh just fine when needed you see it is simply not desirable and a panacea that will not happen. You are simply in a bubble as the IETF were. With IPsec, NAT is unnecessary. (You can still use it if you need it...but please try to avoid it!) Actually it is no problem at all and is far better than some of the rubbish ipv6 encourages client apps to do. (See the links I sent in the other mail) Please read the links before you send them, and make specific references to the content you want people to look at. I've read and responded to the links you've offered (which were links to archived messages on mailing lists, and the messages were opinion pieces with little (if any) technical material.) Re DNS support for IPv6 Increased size of DNS responses due to larger addresses might be exploited for DDos attacks That's not even significant. Have you looked at the size of DNS responses? The increased size of the address pales in comparison to the amount of other data already stuffed into the packet. It's been ages since I looked at that link and longer addresses would certainly be needed anyway but certainly with DNSSEC again concocted by costly unthoughtful and unengaging groups who chose to ignore DJB and enable amplification attacks. What from DJB did they ignore? I honestly don't know what you're talking about. They completely ignored dnscurve.org or that RSA768 was not strong enough to be a good choice and ECDSA should be looked at and most importantly the DOS amplification (we are talking years ago). I even had a discussion with a dns caching tools (that I do like a lot) author who completely dismissed the potential of RSA being broken for years and years. Guess what's come to light since. His latest on the DNS security mess http://cr.yp.to/talks/2013.02.07/slides.pdf I've never before in my life seen someone animate slideshow transitions and save off intermediate frames as individual PDF pages. That was painful. Yeah, xpdf worked well though. I actually couldn't find the link and looked it up and thought it was just an update of 2012 as it had the same title and only got around to reading it about an hour later. So, I read what was discussed there. First, he describes failings of HTTPSEC. I don't have any problem with what he's talking about there, honestly; it makes a reasonable amount of sense, considering intermediate caching servers aren't very common for HTTP traffic, and HTTPS traffic makes intermediate caching impossible. (unless
Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
No, there was simply no useful result that came up. Incidentally, both links you provide *did* come up...but I dismissed them because I couldn't imagine anyone using them as a reference except in trying to deride Henning Brauer. http://marc.info/?l=openbsd-miscm=129666298029771w=2 He goes from advocating NAT444 to a spew of pejoratives about something. NAT444 is one of the nastiest, user-disempowering things to hit the Internet to date. The rest of this email is him bitching about having to parse CIDR notation. How disengenuous. He certainly doesn't. Did you miss the sarcasm. The only reason he advocates is because others using it allow him to keep running ipv4 pure networks. After that I'm sure you can forgive me if I note him to have absolutely no reason to be biased and give him a bit more credit and take his experience of writing one of the best and widely used interrupt driven firewalls and so code to deal with ipv6, helping get the netqmail patch sorted and runs his own decent sized network over yours who I am sure is genuine but could well be partial to ipv6 because as you say you teach setting up ipv6 networks. http://marc.info/?l=openbsd-miscm=124536321827774w=2 http://marc.info/?l=openbsd-miscm=135325826302392w=2 This email has absolutely no technical content whatsoever. Did you not follow the threads? I couldn't find the juicier threads about client troubles due to added complexity but here's some relevent ones and many by very competent devs. (and if I'm honest who tend to shadow every other list I've come across so far as long as you are not timid and can take a hit, though Gentoo is up there). http://marc.info/?l=openbsd-miscm=128822984018595w=2 http://marc.info/?l=openbsd-miscm=135325736302228w=2 http://marc.info/?l=openbsd-miscm=128825496411711w=2 http://marc.info/?l=openbsd-miscm=129665675320651w=2 http://marc.info/?l=openbsd-miscm=135111069427240w=2 http://marc.info/?l=openbsd-miscm=135110983026959w=2 http://marc.info/?l=openbsd-miscm=135110833526455w=2 http://marc.info/?l=openbsd-miscm=135110805826344w=2 http://marc.info/?l=openbsd-miscm=135110703125929w=2 http://marc.info/?l=openbsd-miscm=135110533625263w=2 http://marc.info/?l=openbsd-miscm=124537193506202w=2 -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
NAT behind a home router is bad, too. For IPv4, it's only necessary because there aren't enough IPv4 addresses to let everyone have a unique one. The best real reason for moving to IPV6 is address space (or lack thereof, in the case of IPV4). The people who are truly interested in speeding up IPV6 adoption should do their best to shut up the internet hippies who constantly rant and rave about how NAT is evil. Don't let the cause get distracted by that unrelated issue. Focus on the core issue. I completely agree divide and conquer tactics. You are being over-simplistic. Lack of IPv4 address space *caused* NAT to happen, the two are inextricably intertwined. Even worse, people now have NAT conflated with all sorts of other things. Like for example NAT and security. NAT was around way earlier and may I state again also that I have externally facing servers and games machines behind NAT. So are you saying that you think it is good for every machine to be in a DMZ, few chosen ones yes. I disagree completely as I do with the usefullness of push-email. NAT is the context of an IPv6 discussion is *very* relevant, it's one of the points you have to raise to illustrate what bits inside people's heads needs to be identified and changed. Until you change the content of people's heads, IPv6 is just not going to happen. NAT has more uses than those two, NAT type of functionality is apparently desired by some ipv6 networks to allow easier ISP migration. It's true NAT distracts from the bad points of ipv6 and which is the only part irrelevent for ipv4 modded to work with a larger address space (ipv5). I wonder if this is an example of how these technologies can get so convoluted? -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
There is no reason to believe that IPv6 will result in an increased use of IPsec. Bull. The biggest barrier to IPsec use has been NAT! If an intermediate router has to rewrite the packet to change the apparent source and/or destination addresses, then the cryptographic signature will show it, and the packet will be correctly identified as having been tampered with! It's hardly difficult to get around that now is it. You are wrong the biggest barrier is that it is not desirable to do this as there are many reasons for firewalls to inspect incoming packets. I don't agree with things like central virus scanning especially by damn ISPs using crappy Huawei hardware, deep inspection traffic shaping rather than pure bandwidth usage tracking or active IDS myself but I do agree with scrubbing packets. With IPsec, NAT is unnecessary. (You can still use it if you need it...but please try to avoid it!) Actually it is no problem at all and is far better than some of the rubbish ipv6 encourages client apps to do. (See the links I sent in the other mail) Re DNS support for IPv6 Increased size of DNS responses due to larger addresses might be exploited for DDos attacks That's not even significant. Have you looked at the size of DNS responses? The increased size of the address pales in comparison to the amount of other data already stuffed into the packet. It's been ages since I looked at that link and longer addresses would certainly be needed anyway but certainly with DNSSEC again concocted by costly unthoughtful and unengaging groups who chose to ignore DJB and enable amplification attacks. His latest on the DNS security mess http://cr.yp.to/talks/2013.02.07/slides.pdf An attacker can connect to an IPv4-only network, and forge IPv6 Router Advertisement messages. (*) Again, this depends on them being on the same layer 2 network segment. The same class of attacks would be possible for any IPv4 successor that implemented either RAs or DHCP. Neither of which I use. As I said we would be here all day and that link wasn't as good as the one I was actually looking for. local NAT done right is no problem and actually a good thing and I have no issues playing games, running servers or anything else behind NAT. Global NAT works well enough but isn't a good thing and wouldn't exist if they had simply added more addresses quickly. The hardware uptake would have been no issue rather than a decade of pleads. We haven't even touched on the code yet and so all the vulnerable especially home hardware which yes often has vulnerable sps anyway but by no way just home hardware. The ipvshit links give an insight into the code complexity. Note OpenBSDs kernel which is very secure (unlike Linux whose primary goal is function) and has had just a few remote holes in well over a decade, one of which was in ipv6 and which I had avoided without down time because I won't and what's more shouldn't use ipv6 wherever possible and had actually removed it from the kernel all together. If I am Trolling rather than simply trying to make people aware then stating ipv6 is wonderful is Trolling just as much or more. Regards, Kc -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
Lookup ipvshit I'll give you a hint. The guy who wrote most of the pf firewall that MAC OSX now uses as well as QNX, the latest version originating from OpenBSD and being far better than iptables has bought up lots of ipv4 just to stay away from ipvshit. Tried searching for it. You're going to have to provide some useful direct reference, because a basic search wasn't very illuminating. Perhaps Google doesn't approve of swear words?! http://marc.info/?l=openbsd-miscm=129666298029771w=2 http://marc.info/?l=openbsd-miscm=135325826302392w=2 -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
1. The craziness of trying to conserve IPv4 space 2. NAT. Finally, a good solid techical reason to make NAT just go away and stay away. Permanently. Forever. It's a great shame that isn't all it fixed (ipv5), then your job wouldn't have been so hard and there wouldn't be any reason for many of us to cling to ipv4 of which there are many strong reasons that are far far worse than NAT. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] {OT} RAM apache MaxClients (rock a hard place)
I can probably dump a lot of apache config. I still need SSL on both servers even though only nginx faces the user? Perhaps you need Apache for certain pages otherwise this is simply a quick fix which is fair enough, we always like those at times but it sounds to me like you could have gained more by simply switching Apache for nginx or tuning your max. Running both is actually wasting a little memory though you may have gained over just Apache. How web proxies with optional caches usually work such as OpenBSDs relayd is to keep track of requests perhaps using higher layer info and share the load among multiple web servers, perhaps adding headers to keep everything functional. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
1. The craziness of trying to conserve IPv4 space 2. NAT. Finally, a good solid techical reason to make NAT just go away and stay away. Permanently. Forever. It's a great shame that isn't all it fixed (ipv5), then your job wouldn't have been so hard and there wouldn't be any reason for many of us to cling to ipv4 of which there are many strong reasons that are far far worse than NAT. IPv5 never really existed. http://www.oreillynet.com/onlamp/blog/2003/06/what_ever_happened_to_ipv5.html First I've heard of ST or an actual ipv5 but sounds like they had dropped a layer. Having options like tcp or udp is a good thing. What would have been best, could have been done years ago and not cost lots of money and even more in security breaches and what I meant by ipv5 and would still be better to switch to even today with everyone being happy to switch to it is simply ipv4 with more bits for address space. If I got an ISP who only offers me IPV6 I would drop the ISP before the IPV4! -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
What would have been best, could have been done years ago and not cost lots of money and even more in security breaches and what I meant by ipv5 and would still be better to switch to even today with everyone being happy to switch to it is simply ipv4 with more bits for address space. This should be FAQ entry zero for the IPV6 FAQ... *NO* you can *NOT* add more bits to IPV4, and still have it backwards compatable. It won't work... period... end of story. Every piece of hardware and software that deals with IPV4 has the concept of 32 bits *HARD-CODED* into it. Switching over to IPV4-extended would be just as painfull as switching over to IPV6. No it would not, the headers would be different. All the hardware would have already updated because there would be no bad sides and it would have been released something like 15 years ago. But lets not discuss them as we would be here for an eternity and there are already whole websites dedicated to just that. I re-iterate it would be worth hardware not being backwards compatible again to go to ipv4 with large address space today. http://www.hackingipv6networks.com/past-trainings/hip2011-hacking-ipv6-networks.pdf That's just on security. There's a whole bad side to it's functionality too. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
Unfortunately, your logic is flawed. Where would you put the additional bits of address? That would involve rewriting the IP Header. Your assumption that I do not know that is flawed. I did a review of ipv6 before it was released and determined ipv4 to be superior then. That was before I was shown some of the bad sides more recently. And while we're at it, why not *totally* remake IP based on decades of observation experience? Who's observations and who's experience. Not everyones that's for damn sure. Hence, IPv6. Lookup ipvshit I'll give you a hint. The guy who wrote most of the pf firewall that MAC OSX now uses as well as QNX, the latest version originating from OpenBSD and being far better than iptables has bought up lots of ipv4 just to stay away from ipvshit. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Changing static IP remotely...
Probably the safest thing you can do I use install scripts and so can have two system copies in tandem easily (aided by OpenBSD being simply brilliant with 0 kernel updates) and test out any procedure for a remote server locally with a VM before doing anything. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] Re: systemd-197-r1 starts gdm-3.6.2 [now gnome3]
I'm happy to be shown to be wrong and to be shown where Gnome3 has merit for being itself, where it can proudly stand on it's own. But I'm just not seeing it yet I thought the following brilliant feature was obvious? So your Gran has absolutely no chance of finding the power off button so that you can spy on her bedroom TV's camera ;-) p.s. In case your wondering, all my grans are long dead, you sick -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] systemd-197-r1 starts gdm-3.6.2 [now gnome3]
I'd still really like someone who groks what Gnome3 is all about to fill in these blanks in my understanding with truthiness ;-) Apparently the main drive is to have a brand, so a constant and so simple look is recognised as a Gnome/? machine. A bit pointless if no-one uses it or changes to something better (negative brand). The gnome3 devs may intend to restore the missing stuff at some point, but I don't know, and meanwhile I'm frustrated and my attitude is deteriorating. Certainly not all unless they change the 'Brand' position. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] systemd-197-r1 starts gdm-3.6.2 [now gnome3]
Do Gnome devs know how to spell fork? I think not they have an accent and keep saying 'pass me the fork an knife' Puzzled why they only got a knife they just get their heads down and start cutting away due to the funny look from the passer. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [Bulk] Re: [gentoo-user] Re: systemd-197-r1 starts gdm-3.6.2 [now gnome3]
If you can't find the power off button in a modern GNOME installation you have to be quite blind... of course, I don't even use it when I have it, powering off from the console and all. I guess you haven't seen the mountains of users who didn't consider holding ALT to change the suspend option to power off from the desktop and why would they??? -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] *draft* for setting up network bridge with systemd (for qemu/kvm)
And, BTW, I didn't mean behind in the sense that Gentoo doesn't support systemd; I meant behind in the sense that us systemd users get a lot flak just by mention it in the list. And that's exactly why I see Gentoo as being ahead and actually your talking about a few of the IMO more moronic distributions. The majority have rejected systemd but lets just agree to disagree before we start talking about API'sSNIP... and Startup scripts being GENERIC and easy to understand and very different to controller code. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] ebtables on Gentoo?
So anyway, my memory of this is all very wishy-washy, but ebtables turned out to be the best way to implement those inter-VM restrictions. It could probably have been done in iptables, but ebtables made it easy to say don't let these two talk. I don;t know the details but I expect that would be a false sense of security and that you would want a secure switch or ssh or ipsec. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Kernel Questions
Overheating problem? Considering it's about a Pentium 4, that seems a likely cause. Which P4 i has not so probs. The probs come with Atom. Older systems used to reset on overheat so it was obviously hardware. Newer cpus actually halt and then continue operation. Most of the time you won't notice, your laptop will just run slower than the spec would suggest. Some laptops never actually use the cpu fully from day one and so things like dust or a failing fan may make it very noticeable. Could be lots of things but I would check your temp sensors from the os or bios before the kernel. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Kernel Questions
Anything newer is a vast improvement, especially Core2 and newer. As long as you ignore the unfixable security issues even by microcode of core2 duos ;-). -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: System won't boot if CMOS clock is slow
So it is Linux' fault, that your mate used crap Hardware? That is great! let us blame it for the weather too. And stubbed toes. Well the point was that if OpenBSD had an auto update function I could have installed that and he would still be using OpenBSD happily. If Linux did what OpenBSD does then he would be a happy linux user, well aside from wanting Itunes, though I'm under the impression that's been sorted quite well now. As far as he was concerned he had a fscking watch, what's wrong with this fscking piece of.. or words to that affect and really he was right. The alternative was Vista which took and I mean no joke like 15 mins to finish booting, despite a cleanup and the drive checked out ok. He had just started a gym and couldn't afford extra ram at the time. No need to get touchy, simply real facts, better aired than ignored. Not a great loss or anything. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: System won't boot if CMOS clock is slow
I have had systems in the past who refused to boot because the motherboard time was off, and at first it looked like that was the problem again. OpenBSD takes the time from the filesystem in that case and boots. I wish linux did. I had a mate who used to ring me up everytime his mother in law unplugged the laptop and it was a laptop that's cmos was a pain to replace. I believe he ended up in 2034 or something after a few months because I told him the bios key and meant he could avoid fsck that sometimes gave him various problems =-) He was anti slow machines (Vista) and liked linux after being skeptical. I can't see him trying linux again now :-( -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Gigabyte wont boot
If all else fails, maybe it is dead. Yeah no beep equals cpu | ram | mb Check if pin 1 on the cpu is in the right place and cpu power cables right and no bent pins. The cpu and ram are compatible with the mb. Hoover the ram slot and reseat If your second mb works you could try the cpu and ram seperately in the working mb to eliminate the problems/problems bearing in mind they could damage the working mb. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] Questions about systemd logging
On Thu, 10 Jan 2013 23:46:29 +0700
Robin Atwood robin.atw...@attglobal.net wrote:
Thanks for the tips, now I can get more output to tty1 if I want. I
still can't get any systemd messages to syslog-ng, however. A bit of
a mystery.
This may be way off as I expect systemd to never shape up to a point
that I will use it, but with a bit of luck this may point you in the
right direction. On Arch systemd avoiders had to change their
syslog-ng.conf to the following to get their logging back.
source src {
unix-dgram(/dev/log);
internal();
file(/proc/kmsg);
};
Re: [gentoo-user] Processes hang - system dies
** I have a very severe problem after a recent disk replacement. After a few days running, all new processes just hang. The kernel reports: My guess is disk failing or kernel bug. Install smartmontools and see if smartctl -H devicename returns anything interesting. What kernel are you using? Try 3.7.1 if you're not already using that. That's my feeling too, since smartd is reporting sectors failing by the dozen. However the smartctl -H test gave me a clean bill of health. The kernel is 3.6.8, I have already upgraded with no improvement. Personally I wouldn't try changing anything initially if it worked before the disk change. I would try a read-write test of the disk or use dd to write or read many sectors possibly under 1 OS and machine depending on what happens. Is SMART enabled in your BIOS? -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Firefox and ssl
On Fri, 4 Jan 2013 12:18:45 -0500 Michael Mol mike...@gmail.com wrote: On Fri, Jan 4, 2013 at 12:13 PM, Mick michaelkintz...@gmail.com wrote: On Friday 04 Jan 2013 12:45:01 Robert David wrote: Hi all, anyone have problem with firefox and selfsigned ssl? I tryed firefox and firefox-bin. Firefox: Problem loading page: Secure connection failed. Firefox-bin: No problem loading page. I tryed with/without system-sqlite. Rebuild nss. Nothing helped. Robert David Hmm it should flag up a warning and once you accept it there shouldn't be a problem connecting. Some browsers (I don't know if FF is one of them) won't allow bypass depending on the cert details. I've seen the server has requested strict validation before. -- :wq Not seen certs that do that but HSTS http headers can prevent override. Unfortunately even though an incorrect clock is perfectly acceptable to SSL it is not to HSTS. I expect to hear user complaints getting play.com to disable HSTS due to flat bios batteries (and no NTP is seemingly no answer to this problem). My preference is a compulsory header redirect to ssl. I've suggested a disable HSTS option enabled by setting the mozilla master password. In any case he said it worked in one copy of firefox so It's unlikely to be the culprit. I assume you tested with the same url?
Re: [gentoo-user] Re: udev downgrade
On Fri, 04 Jan 2013 13:52:29 -0600 Dustin C. Hatch admiraln...@gmail.com wrote: You'll probably want to do this in single user mode (i.e. `rc single`), so running programs don't crash suddenly. A reboot afterward is probably a good idea as well. I'm interested in what may crash, do you mean after logging out and in again etc.. I have started and stopped udev in the past during testing without any apparent problems.
Re: [Bulk] RE: [gentoo-user] Re: Anyone switched to eudev yet?
On Fri, 4 Jan 2013 18:22:37 -0500 Mike Edenfield kut...@kutulu.org wrote: I have never personally run into any case where I had a single /+/usr and regretted it, but I *have* encountered situations where I could not get /usr mounted and ended up merging it with /. FWIW, YMMV, etc. And why was that, not udev? What is your point, others have avoided regretting it by having a seperate /usr. I can tell you that Pandu's analogy vis a vis Windows is a bit flawed. What Windows has done recently is (by default for clean installs) to split the boot loader and related bootstrap code into a separate partition from the actual operating system. Claiming that this is analogous to / and /usr is quite a stretch. It is much more accurate to make it analogous to / and /boot. The System Partition has no Windows files on it, just the equivalent to grub (and it's also used if you have BitLocker, to decrypt your boot partition). Which, to me, means it has absolutely nothing to do with the current discussion one way or the other :) He did define the fact that he mentioned it because he claimed the repair tools are stored in a small seperate partition like / or root is defined in the FHS which means he brought more to the discussion than you just have. In any case there are major benefits to having Windows with program files on a seperate partition and you shouldn't be stopped from having a seperate /usr without good reason and which there is not or if there is good reason in a hidden agenda/future plan it has not been brought to any discussion, note though that lies and mystery have. Broken for years indeed, more like tiny issues that few care about and so haven't been fixed by default. I re-assert that eudevs mentioning of moving potentially less stable/audited or even arbitrary code to later in the boot process is also welcomed by me.
Re: [gentoo-user] Anyone succeeded with kmail2?
On Thu, 03 Jan 2013 18:09:27 +0100 Peter Humphrey pe...@humphrey.ukfsn.org wrote: Thanks for your thoughts Alan. I didn't like Claws much last time I tried it, but then that was some time ago. Does anyone recommend a mail client that doesn't rely too heavily on the mouse? I much prefer to navigate, reply etc with the keyboard. I've seen Evolution recommended; is that OK? Meanwhile I'm having to use my ISP;s webmail service. I love claws but perhaps you should ask on the claws mailing list I thought it was too mouse heavy too but when I actually look it's very few tabs, arrows, enter and ctrl-R to reply etc. and the configurability of claws may help too, though I can't see if you can assign shortcuts to custom commands/actions. The manual says this but I can't find out how to change those shortcuts 'on the fly' myself after a quick try. I shall certainly be using the mouse less now anyway ;-) _ B. Default keyboard shortcuts B.1. Motivations and general conventions Although Claws Mail is a graphical application and can mainly be commanded with your mouse, it also requires the frequent use of the keyboard. Composing a mail is the most common of the tasks that require the use of the keyboard. For people who write a lot of mails, having to move hands from keyboard to mouse greatly reduces productivity, so Claws Mail provides keyboard shortcuts to allow faster operation. This not only benefits power users by providing keyboard alternatives and keyboard navigation, it also enables people with disabilities, (who may not be able to properly control a pointing device), to use Claws Mail. The most general convention is the Escape key. Focused dialogues or windows can be closed by hitting the Esc key. There are other key combinations which are assigned by default to menu items. We won't list these here, as they are already shown on the righthand side of the menus themselves, so you can easily learn them with usage. Furthermore, if you don't like them, these shortcuts can be changed on the fly by focusing on the menu item and pressing the desired key combination. In addition to these shortcuts there are others which vary from window to window, which are summarised in the following sections. _
Re: [gentoo-user] Anyone succeeded with kmail2?
On Thu, 3 Jan 2013 18:24:13 + I wrote: it's very few tabs If tabs are the irritation to scroll open mail, try three column view to reduce the likelihood or small screen view which only needs arrows enter and escape.
Re: [gentoo-user] Re: [OT] codec for video embedded in presentation
On Tue, 1 Jan 2013 13:16:25 -0200 Francisco Ares fra...@gmail.com wrote: I don't think so. Most of them are very basic level users, and they just have to have the same software, and it's gotta be from M$ - nothing out of main stream. But what is your point? Boot an OS with office that works and as long as you can boot it should be a near certainty of working. PDF presentations may be another option to investigate but I imagine you may hit problems. I've found mpeg2 to be the most likely supported video format but still not quite run everywhere. There isn't one. Hopefully webm will do one day, it is the only decent one with compression that can.
Re: [gentoo-user] Re: Heads up if you start X with startx; xorg-server suid flag
On Mon, 31 Dec 2012 22:06:00 +0800 kwk...@hkbn.net wrote: That already has a de-facto answer; USE=suid must be on by default as without it users cannot run a desktop (xorg-server does not yet run without root permissions) I use some hackery to run startx on some systems as a normal user on linux and without suid. The only important things that break on these systems is hotplugging mice etc. and which could be quite easily fixed if it was worth the time. I've found a log out triggering a relaunch good enough with 0 complaints for now. But(!) if one uses a login manager, xorg server would only be ever be run by root, right? On Linux maybe but the default on OpenBSD is for X to run as the X11 user and xdm to run as root. Hence the use flag rather than a must like, e.g., sys-apps/shadow (and the question whether the dangerous suid should be set in desktop profiles instead of default on even for hardened).
Re: [gentoo-user] Re: [OT] codec for video embedded in presentation
On Sun, 30 Dec 2012 21:35:52 -0200 Francisco Ares fra...@gmail.com wrote: If my colleagues would at least be kind enough to have OpenOffice installed on their machines also... Will they let you boot a usb?
Re: Should /usr be merged with /? (Was: Re: [gentoo-user] Re: Anyone switched to eudev yet?)
On Sun, 30 Dec 2012 20:19:44 +0800 Mark David Dumlao madum...@gmail.com wrote: I'd certainly be happy fixing FHS to say that tools for mounting and recovering essential system partitions be located in /, and that these essential system partitions contain the tools for mounting and recovering non-essential partitions. The beef with the comment on /home being nonessential is besides the point, /usr, /var, or /opt could have been some special case FUSE filesystem, making it still impossible to predict which files _should_ be in /. The more relevant matter here is that plan FHS, in combination with FUSE, makes that difficult. That's not best practice though is it and I completely disagree with the rules you seem to believe the english language has too. It is not a difficult problem, just FUSE is not expected or intended for that, if that changes it is easily fixed immediately by the admin or by the packager preferably in concert with some root management body or project. Many/All of these issues that have come up are actually of 0 effect, we are not talking about preventing users from merging them as most Linux users do because they just hit ok ok ok in ubuntus installation but about a major degradation due to some devs whim and without I might add proper community involvement or commentry ALLOWED. One things for sure real problems will arise directly due to this merge if this merge becomes standard and possibly with won't fixes used leading to pointlessly breaking existing servers and linux becoming even more of an unorganised mess. On windows production machines I arrived at putting c: on it's own smaller partition and program files on a larger partition. It meant I could have many more c: backups and restore much more quickly too resulting in much higher uptime and reduced loss in the cases that registry restore wasn't good enough and system restore is crap. With windows 7 it's not so beneficial as windows 7 is huge but still useful as everything is getting huge on windows these days. You do get the occasional dumb program perhaps fixable with a drive link within c:. Windows 8 should be more reliable but I expect brings new issues in this area due to app restrictions and where sandboxing could have been used for security instead.
Re: Should /usr be merged with /? (Was: Re: [gentoo-user] Re: Anyone switched to eudev yet?)
The latest FHS dates from 2004, the same year as the *earliest* FUSE release I can see on the FUSE web site. I'd say a good working hypothesis is that FHS was simply written *before* any user-space file systems were more than an experimental oddity. IF the system's /home directory is formatted as an OpenBSD partition, then yes, FHS demands that tools for mounting and recovering it be in /. I'd certainly be happy fixing FHS to say that tools for mounting and recovering essential system partitions be located in /, and that these essential system partitions contain the tools for mounting and recovering non-essential partitions. Which would include testdisk (As far as I know the only linux tool able to read an OpenBSD partition) in /usr. Of course the admin is free to move a copy of testdisk to /. No-one is saying the FHS is perfect, I know the BSD crowd would say far from it but we want it to move in the right not wrong direction. If you are wondering where I stand, I currently boot with an initramfs, since I have everything except /boot located on LVM devices. This includes / and a seperate /usr, done mostly from habit after 15 years of habit, and working where that was the corporate standard production practice. As to system recovery, nowdays I ususlly do that by booting from a live CD/DVD so I have access to all the tools when I need them. Which reminds me that I need to update my rescue DVD to the latest version... A rescue CD has the benefit of being on read only media and perhaps including tools and perhaps enabling permissions you don't want on the system or auditing without running anything from the system and as a fallback but in general single user is more appropriate than both cd and ramdisk and atleast is useful as it can be tailored to the system, is the system and is more likely familiar to the user, a system may not have a cd and maybe not usbs or be remote and as shown is less likely to be upto date and so secure and so useful online, especially if you need a host to upload the cd image. Note: This should highlight how wrong Gregs freedesktop.org links are. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] Re: Anyone switched to eudev yet?
Should perl be in / or /usr? Now that is a good question, if only because Perl traditionally _loathes_ being in /bin, for its own philosophical reasons. Now, as a practical matter? WTF are the scripts written in Perl? Or in anything other than sh? If they're intended for emergency use, they've got some pretty fat dependencies, and should probably be launched from a full rescue environment instead. Or the log files should be copied to some place with more featureful tools available. Can perl be built statically and moved to / by the admin for this corner case? If not you should have all the tools to fix /usr in root and then if anything needs fixing via perl then you should be able to mount /usr or mount -a and have a fully working single user system to run perl from. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: Should /usr be merged with /? (Was: Re: [gentoo-user] Re: Anyone switched to eudev yet?)
On Sat, 29 Dec 2012 01:16:34 +0800 Mark David Dumlao madum...@gmail.com wrote: whatever filesystem type it is. Following this, for any distro to correctly FHS, there needs to be a package manager switch to copy arbitrary packages (and dependent libraries) from /usr to /. As of yet not implemented. Not at all, FUSE is a userspace flesystem meant to be used after single user. The spec says you have to be able to mount other filesystems not all other filesystems. I'd like to see you mount an OpenBSD ffs partition. So no your point does not stand. As has already been said the cure is worse than the disease many of which have been demonstrated to amount to exactly nothing in all cases and likely why Greg refused to specify what was broken. You've completely ignored the part of FHS about the root filesystem and completely made up your own rules to justify Linux having management problems that some irresponsible devs chose to enforce upon all and now eudev is working to fix and bring the core of linux back into compliance and higher reliability. I'm not surprised Michael can't be bothered to reply. I would use your time more constructively than responding to this thread pollution in any comprehensive manner.
Re: [gentoo-user] Re: Anyone switched to eudev yet? - what was wron with SysVInit?
On Thu, 27 Dec 2012 17:38:15 -0600 Canek Peláez Valdés can...@gmail.com wrote: In SysV, I can *write* the daemon in the init script. In *that* sense, the init system tells the daemon how to do things, Please explain, sure there is the environment that tells a daemon what to do. No shell can tell a c daemon like sshd how to drop priviledges or use systrace but it could do these things for it in a more fine grained manner before it tries and fails itself or if the daemon wishes it to like monit. It's still not telling how but duplicating or removing the need. That's just a bonus that applies to all init systems because shell is so powerful on unix.
Re: [gentoo-user] Re: Anyone switched to eudev yet? - what was wron with SysVInit?
On Fri, 28 Dec 2012 13:14:46 -0600 Canek Peláez Valdés can...@gmail.com wrote: On Fri, Dec 28, 2012 at 12:53 PM, Kevin Chadwick ma1l1i...@yahoo.co.uk wrote: On Thu, 27 Dec 2012 17:38:15 -0600 Canek Peláez Valdés can...@gmail.com wrote: In SysV, I can *write* the daemon in the init script. In *that* sense, the init system tells the daemon how to do things, Please explain, sure there is the environment that tells a daemon what to do. No shell can tell a c daemon like sshd how to drop priviledges or use systrace but it could do these things for it in a more fine grained manner before it tries and fails itself or if the daemon wishes it to like monit. It's still not telling how but duplicating or removing the need. That's just a bonus that applies to all init systems because shell is so powerful on unix. Stop thinking in sshd. I can write the *whole* daemon in shell, not in another script file, but inside /etc/init.d/mystupiddaemon (or /etc/rc.whatever); shell is Turing-complete, I can write in it anything I can write in C (or in assembler, or machine code). In that sense, the init system (which uses shell for launching daemons) can be used to determine *how* the daemon behaves (because it uses shell for launching daemons). That's what you meant, how disappointing. Yeah I've knocked up a few very useful ones myself but call them scripts (Such as grepping logs or dns servers and feeding real daemons with info). You can't do that with systemd; there is a clear and unavoidable You can't is better is it? Yet you can exec a daemon written in shell with systemd. separation between the starting/stoping/monitoring of daemons, and the daemons themselves. Such distinction doesn't really exists in SysV nor OpenRC (since they use shell, a Turing-complete language, for With regular expressions to get the exact pid but /usr/sbin/sshd -f /etc/ssh/sshd_config = start /usr/bin/pkill sshd = stop or many other incantations There are many tools that do this job just fine. If systemd just did this and was there by default I would consider replacing monit with it. Like a reliable root filesystem I want a reliable pid 1. launching daemons), and therefore you can mixup everything. I agree, it doesn't necessarily means that it *will* happen; but even the possibility is frigthning for a system administrator in a production server. With systemd, that possibility *doesn't exist* (because it doesn't uses a Turing-complete language to start/stop/monitor daemons). Doesn't frighten me one bit. I know the startup almost inside out of my servers, doesn't take long on OpenBSD. On Linux it would take longer but nowhere near reviewing systemd and knowing C has nothing to do with the immediate control shell can provide under any init system including systemd but the Turing complete argument is simply propaganda as well as all the features to distract from the fundamental flaws in the design of systemd. Like the clear separation between content and presentation in webapps, or between the model and the view in the MVC design patter, having a clear separation between how you start/stop/monitor your daemon, and what the daemon does, is a good thing. If you don't agree with that, well, we must agree to disagree. There is nothing else, you exec or parse a script or daemon just as systemd does. The only difference is systemd tracking double forked processes with cgroups and I have already provided a link that refutes any point to do so. There are corner cases that are easily manageable and it certainly isn't worth the sacrifice of POSIX compatibility and so Linux applicability. Linus has said cgroups are a horrible but necessary evil, which in my opinion means avoid them unless you have no choice. There is a perfectly good and in my opinion superior choice, but I love simplicity, it has served me well.
Re: [Bulk] Re: [gentoo-user] Re: Anyone switched to eudev yet?
Again you don't break the spec unless you have to and you don't change the spec unless it is an improvement or you have no choice. Non of which is the case. Just like you do not mould a mail RFC to a widely used technically inferior hotmail implementation. He's like DJB on crack. Except DJB made every Linux system on this planet more reliable simple and secure through better coding practices and pointing out how buggy sendmail was. Lennart if anything will accomplish the exact opposite where systemd is used. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Anyone switched to eudev yet? - what was wron with SysVInit?
* Finally, and what I think is the most fundamental difference between systemd and almost any other init system: The service unit files in systemd are *declarative*; you tell the daemon *what* to do, not *how* to do it. If the service files are shell scripts (like in OpenRC/SysV), everything can spiral out of control really easily. And it usually does (again, look at sshd; and that one is actully nicely written, there are all kind of monsters out there abusing the power that shell gives you). Then Kevin started to suggest that I know nothing about init systems, and I responded in kind. I did not and apologise if you took offense. I said perhaps badly that based on this posting, you don't have a great deal of experience in init systems. To me, your comment demonstrated that you don't on the vast plethora of init systems which all actually accomplish the same thing daemon wise just with varying reliability and functionality surrounding the process of doing so. No init system can tell a daemon how to do anything. So your comment. What to do, how to do actually has nothing to do with systemd. What does is having to learn a new more restrictive non intuitive and non externally useful or non universal *declarative* language. Like polkit/pkexecs javascript vs sudo. I will take sudoers every time and for good reason. Shell scripts usually spiral out of control is just utter FUD. I do realise you didn't originate this FUD, but it shouldn't be spread. Yes some corner case wants in init that some thought impossible in shell can get complex by scripting them but a small c tool following the unix philosophy simply becomes a shell command potentially useful in even unforeseeable cases. We are dealing with simple options meant for admins here. As I said OpenBSDs scripts are usually rediculously simple and should often really be called commands. As others have said the argument of function being in the scripts rather than the daemon is an irrelevance to using systemd. Systemd may try to become the whole OS but I'm fairly sure it hasn't plagiarised the c code to check and deal with ssh keys yet. That is rightly the job of the aptly named ssh-keygen and IMO some very simple shell code. The arch sshd script is only 44 lines and includes more than that to make the output colourful. The gentoo sshd script is actually simple too and doesn't do anything most of the time and is easily modifiable in absolutely predictable ways. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Anyone switched to eudev yet? - what was wron with SysVInit?
On Tue, 25 Dec 2012 02:01:13 -0600 Canek Peláez Valdés can...@gmail.com wrote: To the OP of this OT sub-thread. The main difference for me is OpenRC removes some of the symlink mess and uncertainty compared to for example debians init. I very much like OpenRC but my fav is still OpenBSD that tries to minimise the number of files/folders to be potentially locked down and is very transparent and quick to follow through. On Tue, Dec 25, 2012 at 1:38 AM, G.Wolfe Woodbury redwo...@gmail.com wrote: [ snip ] From what has been happening with the systemd stuff, I do not see what advantages it really offers over the SysV scheme and its successors like OpenRC. Someone enlighten me please? I wrote the following some months ago; I think nothing much has changed since then (I added a couple of comments): Take this with a grain (or a kilo) of salt, since I'm obviously biased, but IMHO this are systemd advantages over OpenRC: * Really fast boot. OpenRC takes at least double the time that systemd does when booting, easily verifiable. In my laptop systemd is twice as fast as OpenRC; in my desktop is three times faster. (With a solid state hard drive, my laptop now boots even faster). The usual statistic cited is 2 seconds but systemd can increase the time dramatically or be a complete no go on embedded systems with limited cpu and/or ram. Percentages of a section of the bootup is just playing games like often used by annoying marketing departments. You will save more boot time by switching to xfce from KDE/Gnome with stronger arguments for doing so. * Really parallel service startup: OpenRC has never been reliable on parallel service startup; its documentation says it explicitly. Some will tell you that for them it works, but just like the guys who have a separate /usr and refuse to use an initramfs, they just haven't been bitten by the inherent problems of it (just ask kernel developer Greg Kroah-Hartman). The Gentoo devs recognize that OpenRC is just broken with parallel service startup. Not only that but is seen by many to be pointless except to minute speed gains and a cause of various problems such as increased difficulty in determining where a problem occurs. * Really simple service unit files: The service unit files are really small, really simple, really easy to understand/modify. Compare the 9 lines of sshd.service: But require reading documentation to understand with no other external gain, unlike shell. * Really good documentation: systemd has one of the best documentations I have ever seen in *any* project. Everything (except really new, experimental features) is documented, with manual pages explaining everything. And besides, there are blog posts by Lennart explaining in a more informal way how to do neat tricks with systemd. That explains why I see so many asking for help. The documentation may? be complete but is terrible. Like LVM it is spread out into many illogical files that would require a non existent sitemap to find. OpenBSD is renowned for it's excellent documentation and note that it's openssl pages are consolidated. * Really good in-site customization: The service unit files are trivially overrided with custom ones for specific installations, without needing to touch the ones installed by systemd or a program. With OpenRC, if I modify a /etc/init.d file, chances are I need to check out my next installation so I can see how the new file differs from the old one, and adapt the changes to my customized version. Nothing new, OpenBSD does similar. Completely aside from this discussion. * All the goodies from Control Groups: You can use kernel cgroups to monitor/control several properties of your daemons, out of the box, almost no admin effort involved. The OpenBSD list pointed out the double forking argument to be technically pointless. http://marc.info/?l=openbsd-miscm=135314269712851w=2 * It tries to unify Linux behaviour among distros (some can argue that this is a bad thing): Using systemd, the same configurations/techniques work the same in every distribution. No more need to learn /etc/conf.d, /etc/sysconfig, /etc/default hacks by different distros. So why was /etc/inittab removed for something that takes much more effort to configure. * Finally, and what I think is the most fundamental difference between systemd and almost any other init system: The service unit files in systemd are *declarative*; you tell the daemon *what* to do, not *how* to do it. If the service files are shell scripts (like in OpenRC/SysV), everything can spiral out of control really easily. And it usually does (again, look at sshd; and that one is actully nicely written, there are all kind of monsters out there abusing the power that shell gives you). Then you don't have a great deal of experience in init systems. These are the ones off the top of my head; but what I like the most about systemd is that it just works, and that
Re: [gentoo-user] Re: Anyone switched to eudev yet?
On Tue, 25 Dec 2012 07:09:49 +0800 William Kenworthy bi...@iinet.net.au wrote: Not all the proposed changes are bad ... a read only /usr would be nice, but I object to being forced into what I regard as an unreliable configuration (or use unreliable, crappy software, eg pulse audio!) because of these changes - and for those who say I have a choice ... thats correct, my choice will be eudev. A read only /usr is perfectly possible in any case too, especially if you choose to do things more correctly like avoiding dhcp and as a bonus it's various security issues of the past.
Re: [gentoo-user] Re: Anyone switched to eudev yet? - what was wron with SysVInit?
On Tue, 25 Dec 2012 08:56:38 -0500 Joshua Murphy poiso...@gmail.com wrote: It would still be a (notable, at that) drop in size if the shell script was redone to provide exactly the same set of features, then compared, but that size difference wouldn't have the same shock value as the comparison against 80+ lines. If you look at the ssh devs distribution OpenBSD, sshd's rc config is a one liner basically of simply enable or provide command line arguments. Key checking is part of the OS startup script which is beautifully easy to read and follow through to shutdown. The turing complete language as oppose to the increased pid1 of systemd is a theoretical fallacy where bugs can be immediately fixed with a text editor or swapping the constantly tested but admittedly complex shell code. Note though that init does not require a shell or Turing complete language at all or anything else making it appropriate in it's various forms to all cases. Ironically this variation can be seen as unifying unix communities. What would be good is a common agreement on the format or sysadmins equivelent to API of controlling a universally applicable init system.
Re: [gentoo-user] Re: Anyone switched to eudev yet?
On Thu, 27 Dec 2012 00:01:58 +0800 Mark David Dumlao madum...@gmail.com wrote: Nobody's telling you _your_ system, as in the collection of programs you use for your productivity, is broken. What we're saying is that _the_ system, as in the general practice as compared to the specification, is broken. Those are two _very_ different things. If the spec and practice are out of sync then if possible as this thread demonstrates most and is perfectly possible then you fix the practice and do not erode the spec.
Re: [gentoo-user] Re: Anyone switched to eudev yet? - what was wron with SysVInit?
On Wed, 26 Dec 2012 17:01:17 -0600 Canek Peláez Valdés can...@gmail.com wrote: And, what community is being divided? Fedora,OpenSuse, and Arch use systemd by default. From debian and hurd to slackware which will not touch systemd ever and ubuntu and also embedded with the kernel working on more and more deeply embedded processors and userland working potentially on less or more difficulties in porting if lennart's dreams ever come to pass, which I hope many won't. So way more than half of linux will not use systemd by default likely ever and it is rather different. Any unification it does bring like /etc/hostname could be easily achieved with a little organisation without systemd and would be way more constructive if it happened because of that single purpose. I didn't even mention POSIX compliance which is a requirement on many projects. Fudging POSIX into Linux only would defeat the whole point of POSIX, though apparently that is a real danger.
Re: [Bulk] Re: [gentoo-user] Re: Anyone switched to eudev yet?
It was in fact a weirdo corner case since day 1. Right, a weirdo corner case that is part of best practice and the default suggestion on debian stable used on many many servers and for good reason. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Anyone switched to eudev yet?
Are there any other cases, apart from emotional attachment based on inertia, where a separate / and /usr are desirable? As I see it, there is only the system, and it is an atomic unit. You should really read the thread before posting. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Anyone switched to eudev yet?
You are only considering the case of /usr being on a plain hard disk partition, what if it in on an LVM volume, or encrypted (or both) of mounted over the network? All of these require something to be run before they can be mounted, and if that cannot be run until udev has started, we have been painted into a corner. I agree that there will always be a small number of corner-cases where an initr* is required. What annoys me, and probably a lot of other people, is the-dog-in-the-manger attitude http://en.wikipedia.org/wiki/The_Dog_in_the_Manger where some people seem to say If my weirdo, corner-case system can't boot a separate /usr without an initr* then, by-golly, I'll see to it that *NOBODY* can boot a separate /usr without an initr* Maybe they should swap names with eudev being for obviously functional corner cases aka early udev and the current eudev becoming udev by default as being most correct for most cases. Arguably all cases for a well designed system. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Anyone switched to eudev yet?
really? once upon a time I was told mounting / ro and /usr rw was a GOOD THING to do. I ignored that the same way I ignore it the other way round. With bind mounting and stuff, you can make single directories rw.. so what is the matter? Ignorance is bliss, so good for you. Only as root and if RBAC/SELINUX doesn't stop you. It's an extra quite formidable layer. It is a good thing for many reasons and even a requirement on some embedded systems. The kernel can also inform you of any remounts making monitoring far simpler, easier and so powerful and more efficient. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Anyone switched to eudev yet?
On Thu, Dec 20, 2012 at 2:42 AM, Volker Armin Hemmann volkerar...@googlemail.com wrote: with redhat's push to move everything into /usr - why not stop right there and move everything back into /? I originally thought this way, but they actually reviewed the technical and historical merits for all the use cases and and found /usr to be superior. Straight out of the freedesktop wiki: http://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge 0) If / and /usr are kept separate, programs in /usr can't be updated independently of programs in /, because the libraries they depend on might break compatibility. If the binaries and libraries were *all* in /usr, then the entire system's binaries would always be consistent regardless of where /usr were sourced from (config files in /etc, however, would still break). Complete rubbish. If something in / needs something it should be in / if something is in / that isn't critical it shouldn't be there and won't matter. In all other cases everything exists. If you want some special feature that adds complexity to your early boot up stage or single user then that should be an optional package that installs into /. Similar to ssh enabled grub, it's optional. 2) If /usr were separated from /, then /usr could be mounted read-only, with / being mounted normally. Which makes sense, as / does have bits that are meant to be read-write. It certainly does not. There are packages that fix dhcp. I haven't ever setup a system that needed to do that. Updates get temporary controlled access. 3) Most software packagers write their binaries to a PREFIX defaulting to /usr/local, or /usr, as opposed to /. Determining which ones belong in / or /usr can sometimes be dependent on the distro and/or sysad. But since more of them default to /usr, if everything were in /usr it'd be a saner default. A concensus would be good. A right consensus is more likely to get a consensus. This has no bearing on the matters at hand. (0) basically says that keeping them separate only works as intended if the both the sysad and the distro upstream work together for their shared /usr mount. In many cases, however, sysads have to do a lot of working around and careful planning to get /usr mounted remotely. (1), (2), and (3) provide advantages to mounting the binaries and libraries separately from the / filesystem, which mounting them as part of / does not provide. Rubbish you can mount the whole of / or /usr. If all you have is /usr then if anything all you can mount is / but in fact you can mount any folder anywhere due to unix-like systems being ace. I wonder what percentage of Linux users believe you should have one partition for everything due to easier installs. I know the number will be increasing every day. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Anyone switched to eudev yet?
On Fri, 21 Dec 2012 05:46:33 +0800 Mark David Dumlao madum...@gmail.com wrote: A concensus would be good. A right consensus is more likely to get a consensus. This has no bearing on the matters at hand. /usr as the default prefix for installed packages is the consensus of the vast majority of packages out there. Why do you think this has no bearing on their consideration? I'm just pointing out that despite what many seem to state there are losses and unclear/non forth coming positive reasons or real benefits to the current apparently to be imposed or your doomed consensus of consolidating data. Once your at multi-user the whole filesystem is one for all intensive purposes anyway and so much of what you have said is misleading. It really shouldn't be a difficult problem to fix, it is just data after all. I certainly don't expect linux to solve these management problems, quite the opposite in fact but I can hope. I am just glad eudev is removing some of the excuse to ignore and quieten complaints that may be the real motivation to allow changes later that don't break anything or cause too loud screams, being the rules of the kernel devs before allowing more radical changes. There are a few indicators that lend credence to this possibility. What is even more encouraging is eudevs keen eye on unneccesary complexity and increased potential for bugs and unexpected code pull in at the very core of the early boot process. Stability and security features or design is never missed until it's too late and then lots is spent on ineffective band aids.
Re: [gentoo-user] Re: Anyone switched to eudev yet?
On Fri, 21 Dec 2012 00:09:50 + Kevin Chadwick ma1l1i...@yahoo.co.uk wrote: I certainly don't expect linux to solve these management problems, quite the opposite in fact but I can hope. I hope mentioning OpenBSD won't put anyone off but taking a leap out of their book I feel could really benefit linux. This could be a busybox like project but with general usage fully functional and non space sensitive goals that creates a core reliable single user environment with compilation options like busybox for distros to pick and choose from that is consistent across all distros and self managing via packagers needing to request for immediate inclusion by default but obviously being installable though recognising they are crossing the line drawn in the sand.
Re: [gentoo-user] Re: Anyone switched to eudev yet?
Surely not libs, those go in /usr/lib or /lib. If it's variable data somehow related to libs then someone needs to look up lib in a dictionary. I have to say I was shocked a while back when I found /usr/bin/firefox linking to a shell script at /usr/lib/firefox/firefox I'd be interested if anyone can explain that oddity? I see one other on this system. Perhaps systemd-udev copied firefox? If it really is lib code, then my question is how exactly is this stuff variable to warrant being in /var? Maybe it's for JIT on steroids. JIT for pid1, what an unnerving thought. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: [gentoo-user] Re: Anyone switched to eudev yet?
Thankfully, I've never had to maintain systems whose disks were small and low performing enough that it actually mattered to separate / from /usr. So you don't understand it much at all. Actually many of lennarts pages such as his security.html are full of wildly incorrect claims and innaccurate assumptions and feature plagiarism leading me to believe he doesn't have much experience outside of coding. Going back in time his claim of pulse audio being good for professional audio was also completely off the mark. Seperating Gnome and pulse can now cause pro audio users on binary distro's major headaches too. I pointed one fellow in the direction of a pro audio on gentoo tutorial rather than deal with some new problems a little after systemd hit Arch. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Anyone switched to eudev yet?
So, since I have /usr separate from the rest, I could mount it read only and reduce the chance of corruption if say my UPS failed? I already do this for /boot. Interesting. Very interesting indeed. If the other issues happen, computers is likely the least of our problems. ;-) Or if the bulk of the user data is under /usr perhaps with further partitions for even more highly written locations then you can have a more trusted ro root though in fact all the partitions gain. It's not just power failure this covers and less so these days with journaling, (though remember, journaling may not apply to your system such as some embedded). I guess also the system crash term may have been used in the FHS to cover more than just power failure, filesystem bugs (less code used), hardware failure etc.. There are other plus points in the FHS too. A counter point is head movement though that could be improved at the same time due to a reduced fragmentation (I know it's much lower on unix but still applies) depending on a few obvious things and removed with ssd. p.s. I'm 30 in January, so I hope I wouldn't be thought of as an old fart already. Just because I agree with the /bin/grep /usr/bin/grep consolidation but not the data consolidation. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Re: Anyone switched to eudev yet?
On Sun, 16 Dec 2012 22:32:24 +0200 nunojsi...@ist.utl.pt (Nuno J. Silva) wrote: My thanks, too! There's nothing like reading on some actual experience with this. So this was once the reason to keep / separate. Not that important anymore (but this is still no excuse to force people to keep /usr in the same filesystem). Sorry but real world data is important and I am fully aware of the academic theorist problems compared to practical experience but this simply doesn't apply here. I didn't see any evidence or argument that a larger root conducting millions more writes is as safe as a smaller read only one perhaos not touched for months. The testing criteria were very generally put and just because an earthquake hasn't hit 200 building in the last 50 years is no reason to remove shock absorbers or other measures from sky scrapers.
Re: [gentoo-user] Anyone switched to eudev yet?
On Sat, 15 Dec 2012 11:18:25 +0100 Volker Armin Hemmann volkerar...@googlemail.com wrote: It should be moving in the other direction for stability reasons and busybox is no full answer. On OpenBSD which has the benefit of userland being part of it. All the critical single user binaries are in root and built statically as much as possible, maximising system reliability no matter the custom requirements or packages. until a flaw is found in one of the libs used and all those statically linked binaries are in danger. Well done! How unlikely and is why you have test systems. Other problem this protects against are far less predictable. There is even a distro that attempts to statically build everything. It's worth reading that distros arguments for doing so in any case. Ch3.1 of fhs-2.3. ___ Rationale The primary concern used to balance these considerations, which favor placing many things on the root filesystem, is the goal of keeping root as small as reasonably possible. For several reasons, it is desirable to keep the root filesystem small: Disk errors that corrupt data on the root filesystem are a greater problem than errors on any other partition. A small root filesystem is less prone to corruption as the result of a system crash.
Re: [gentoo-user] {OT} dedicated server or cloud server?
Doesn't a good cloud server also have potentially higher availability compared to dedicated? Perhaps at your price point through redundancy which could be applied to dedicated all be it at higher cost and so potentially still more reliable and certainly more secure and also tested in almost any case (lookup the paper about timing attacks on amazon services etc.). -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [gentoo-user] Anyone switched to eudev yet?
On Fri, 14 Dec 2012 08:53:35 -0800 Mark Knecht markkne...@gmail.com wrote: I guess the other question that's lurking here for me is why do you have /usr on a separate partition? What's the usage model that drives a person to do that? The most I've ever done is move /usr/portage and /usr/src to other places. My /usr never has all that much in it beyond those two directories, along with maybe /usr/share. Would it not be easier for you in the long run to move /usr back to / and not have to deal with this question at all? It should be moving in the other direction for stability reasons and busybox is no full answer. On OpenBSD which has the benefit of userland being part of it. All the critical single user binaries are in root and built statically as much as possible, maximising system reliability no matter the custom requirements or packages. The way I have it on OpenBSD / ro 100 megabytes and I never need to fsck and can reliably fix all but the most likely problem and snapshot quickly, though there is no need as the kernel is rock solid. /usr ro,nodev ~600 megabytes that I almost never need to fsck even when I pull the plug /usr/local ro,nodev,nosuid All installed packages go here and I can give users the ability to only mount writeable this location. There are other plusses I won't bother going into. All the BSDs and debian stable (old and initramfs) still get's this right with debian suggesting a seperate /usr during install in compliance with the filesystem hiearchical standard and the upcoming draft/version 3, which states the real technical and uptime benefits of a seperate /usr. https://wiki.linuxfoundation.org/en/FHS Unfortunately stability and security often only get's noticed and chosen over other function when it's completely obliterated and has stopped functioning alltogether. When hard worked (including rusty russel) documents like this get ignored when freedesktop.org is given so much credence even though freedesktop.org is actually simply stating opinion without having debate/comments on it's site and in contrast a combined root/usr has no technical benefit not addressed elsewhere (grub etc..) and when the issues in userland are far from insurmountable it is quite worrying and I am grateful to those who have stood up against this and the trend of added complexity into pid1/systemd and early boot. What is also worrying is the recent trends of the kits, udisks dropping features for months to get multiseat and dbus getting everywhere like Windows and RPC. I can take spread out documentation compared to OpenBSD but some of these issues are quite rediculous, I just wish OpenBSD had more devs for KMS and stable updates as it is perhaps due to being a smaller project involving both core userland and kernel and with hard fast goals, far better managed.
