[gentoo-user] Re: abi_x86_32
On 29/03/13 16:21, Raffaele BELARDI wrote: By the way, I found this: $ cat /usr/portage/profiles/desc/abi_x86.desc [...] 32 - 32-bit (x86) libraries 64 - 64-bit (amd64) libraries x32 - x32 ABI libraries ...and searching for USE_EXPAND in http://devmanual.gentoo.org/general-concepts/use-flags/ shows that USE=abi_x86_32 and ABI_X86=32 have the same meaning, which was my other doubt. It's just a way to provide a default but still be able to override it if needed. Putting ABI_X86=32 in your make.conf will enable abi_x86_32 for all ebuilds, but you can disable it for individual ebuilds by using -abi_x86_32 in package.use.
Re: [gentoo-user] 4G Stick Huawei E3276
On Friday 29 Mar 2013 23:40:18 Stefan G. Weichinger wrote: Am 29.03.2013 22:40, schrieb Stefan G. Weichinger: Am 29.03.2013 22:03, schrieb Stefan G. Weichinger: I don't know about NM's preferences ... I just assume this could be the problem. Gotta dig up some udev-ruling for this, any quick pointers anyone? even easier: You can change the device name using ifrename from package wireless_tools. Now I have device wwan0 but still NM does not care about it. I really don't want to rant ... but ... you know. Just an observation: Started a VM on my main workstation ... Windows XP inside of VMware Player. Not even KVM or something ... Connected that funny stick to that very VM ... and connected to funky internet on first try ... Don't you lve OS automation? Especially when it works! ;-) If you look at the device manager you will probably find different strings describing the USB device interfaces that WinXP detects/assigns compared to your Linux OS + udevd + systemd. When you tried adding the new module you should see a load more interfaces coming up in dmesg, through usbserial_generic and then cdc_wdm and qmi_wann, like this: http://www.spinics.net/lists/linux-usb/msg64061.html This guys seems to be getting 3 x ttyUSBX popping up. Once you get to this stage with an appropriate udev rule if need be, then apparently you need to emerge this: $ eix -l libqmi * net-libs/libqmi Available versions: ~ 1.0.0 [doc static-libs test] ** [doc static-libs test] Homepage:http://cgit.freedesktop.org/libqmi/ Description: QMI modem protocol helper library and see if that with its qmicli utility allows you to manage your connection. HTH. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] 4G Stick Huawei E3276
Am 30.03.2013 08:54, schrieb Mick: Don't you lve OS automation? Especially when it works! ;-) ;-) If you look at the device manager you will probably find different strings describing the USB device interfaces that WinXP detects/assigns compared to your Linux OS + udevd + systemd. When you tried adding the new module you should see a load more interfaces coming up in dmesg, through usbserial_generic and then cdc_wdm and qmi_wann, like this: http://www.spinics.net/lists/linux-usb/msg64061.html This guys seems to be getting 3 x ttyUSBX popping up. Once you get to this stage with an appropriate udev rule if need be, then apparently you need to emerge this: $ eix -l libqmi * net-libs/libqmi Available versions: ~ 1.0.0 [doc static-libs test] ** [doc static-libs test] Homepage: http://cgit.freedesktop.org/libqmi/ Description: QMI modem protocol helper library and see if that with its qmicli utility allows you to manage your connection. I have my udev-rule to get wwan0 ... but I don't get that /dev/cdc-wdm device :-( This is rather frustrating S
Re: [gentoo-user] Re: Is 'MAKEOPTS=--jobs --load-average=5' silly?
Another interesting point about this load control thing is that if the package uses a build system which doesn't support load control, load will surge high. It is currently happening with me while installing Mongo, because the build system scons doesn't have load control feature. On Mar 29, 2013 11:36 PM, Michael Mol mike...@gmail.com wrote: On 03/29/2013 01:46 PM, Dale wrote: »Q« wrote: On Fri, 29 Mar 2013 16:54:37 + Stroller strol...@stellar.eclipse.co.uk wrote: On 29 March 2013, at 03:36, Nilesh Govindrajan wrote: ... I can only imagine he was pointing out that you have a single CPU with four cores in it. You're right, of course. I should have said /cores/. Cores or CPUs.. in this context it's *almost*, __NOT EXACTLY__ same. Which is exactly what was so twitch inducing! Whatever you do, don't read the first sentence at https://en.wikipedia.org/wiki/Multi-core_processor. Especially this FIRST part: A *multi-core processor* is a single computing https://en.wikipedia.org/wiki/Computing component . . . So, it is a SINGLE component. To me, CPUs means having more than one CPU component, such as dual CPUs or even quad CPUs which used to be fairly common. I have a single CPU computer. It has 4 cores but a single CPU. I hope to upgrade one day to a 8 core CPU. I'll still have a single CPU component installed tho. This is getting really funny. ROFL You can tell when the list is getting slow when we start parsing each word and each words meaning. ;-) The list hasn't been slow all week. ^^
Re: [gentoo-user] 4G Stick Huawei E3276
my udev-rule: # cat /etc/udev/rules.d/10-network.rules SUBSYSTEM==net, ACTION==add, ATTR{address}==0c:5b:8f:27:9a:64, NAME=wwan0 What I get: # lsusb Bus 001 Device 043: ID 12d1:1506 Huawei Technologies Co., Ltd. E398 LTE/UMTS/GSM Modem/Networkcard # lsmod Module Size Used by qmi_wwan6931 0 cdc_wdm 8744 1 qmi_wwan option 26697 0 usb_wwan6886 1 option cdc_ncm 9365 0 usbserial 23426 2 option,usb_wwan usbnet 19268 2 qmi_wwan,cdc_ncm crc32c_intel 13975 0 i2c_i8018765 0 btusb 11699 0 # dmesg [22590.544358] usb 1-1.1: new high-speed USB device number 40 using ehci-pci [22590.673777] scsi74 : usb-storage 1-1.1:1.0 [22590.674803] scsi75 : usb-storage 1-1.1:1.1 [22591.389956] usb 1-1.1: USB disconnect, device number 40 [22591.594997] usb 1-1.1: new high-speed USB device number 41 using ehci-pci [22591.683754] scsi76 : usb-storage 1-1.1:1.2 [22591.684223] scsi77 : usb-storage 1-1.1:1.3 [22591.689635] usbcore: registered new interface driver usbserial [22591.689803] usbcore: registered new interface driver usbserial_generic [22591.689960] usbserial: USB Serial support registered for generic [22591.691066] usbcore: registered new interface driver option [22591.691159] usbserial: USB Serial support registered for GSM modem (1-port) [22591.691162] usb 1-1.1: MAC-Address: 0c:5b:8f:27:9a:64 [22591.692096] cdc_ncm 1-1.1:1.1 wwan0: register 'cdc_ncm' at usb-:00:1a.0-1.1, Mobile Broadband Network Device, 0c:5b:8f:27:9a:64 [22591.692147] usbcore: registered new interface driver cdc_ncm [22591.692674] option 1-1.1:1.0: GSM modem (1-port) converter detected [22591.692823] usb 1-1.1: GSM modem (1-port) converter now attached to ttyUSB0 [22592.685651] scsi 76:0:0:0: CD-ROMHUAWEI Mass Storage 2.31 PQ: 0 ANSI: 2 [22592.685673] scsi 77:0:0:0: Direct-Access HUAWEI TF CARD Storage 2.31 PQ: 0 ANSI: 2 [22592.689637] sr1: scsi-1 drive [22592.690530] sr 76:0:0:0: Attached scsi CD-ROM sr1 [22592.701874] sd 77:0:0:0: [sdb] Attached SCSI removable disk [22627.149043] usbcore: registered new interface driver cdc_wdm [22627.151412] usbcore: registered new interface driver qmi_wwan [22749.903886] usb 1-1.1: USB disconnect, device number 41 [22749.904440] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0 [22749.904556] option 1-1.1:1.0: device disconnected [22749.904779] cdc_ncm 1-1.1:1.1 wwan0: unregister 'cdc_ncm' usb-:00:1a.0-1.1, Mobile Broadband Network Device [22749.917266] systemd[1]: Collecting dev-disk-by\x2dpath-pci\x2d:00:1a.0\x2dusb\x2d0:1.1:1.3\x2dscsi\x2d0:0:0:0.device [22749.917275] systemd[1]: Collecting sys-devices-pci:00-:00:1a.0-usb1-1\x2d1-1\x2d1.1-1\x2d1.1:1.1-net-wwan0.device [22749.917281] systemd[1]: Collecting sys-subsystem-net-devices-wwan0.device [22749.917288] systemd[1]: Collecting sys-devices-pci:00-:00:1a.0-usb1-1\x2d1-1\x2d1.1-1\x2d1.1:1.2-host76-target76:0:0-76:0:0:0-block-sr1.device [22749.917294] systemd[1]: Collecting dev-sr1.device [22749.917301] systemd[1]: Collecting dev-disk-by\x2did-usb\x2dHUAWEI_Mass_Storage\x2d0:0.device [22749.917307] systemd[1]: Collecting dev-disk-by\x2dlabel-Mobile\x5cx20Partner.device [22749.917314] systemd[1]: Collecting dev-disk-by\x2dpath-pci\x2d:00:1a.0\x2dusb\x2d0:1.1:1.2\x2dscsi\x2d0:0:0:0.device [22749.917321] systemd[1]: Collecting dev-disk-by\x2duuid-2012\x2d08\x2d20\x2d10\x2d00\x2d00\x2d00.device [22749.917327] systemd[1]: Collecting sys-devices-pci:00-:00:1a.0-usb1-1\x2d1-1\x2d1.1-1\x2d1.1:1.0-ttyUSB0-tty-ttyUSB0.device [22749.917333] systemd[1]: Collecting dev-ttyUSB0.device [22749.917340] systemd[1]: Collecting dev-serial-by\x2did-usb\x2dHUAWEI_Technology_HUAWEI_Mobile\x2dif00\x2dport0.device [22749.917347] systemd[1]: Collecting dev-serial-by\x2dpath-pci\x2d:00:1a.0\x2dusb\x2d0:1.1:1.0\x2dport0.device [22764.654002] usb 1-1.1: new high-speed USB device number 42 using ehci-pci [22764.783891] scsi78 : usb-storage 1-1.1:1.0 [22764.784457] scsi79 : usb-storage 1-1.1:1.1 [22765.499601] usb 1-1.1: USB disconnect, device number 42 [22765.677723] usb 1-1.1: new high-speed USB device number 43 using ehci-pci [22765.766646] option 1-1.1:1.0: GSM modem (1-port) converter detected [22765.767012] usb 1-1.1: GSM modem (1-port) converter now attached to ttyUSB0 [22765.768979] usb 1-1.1: MAC-Address: 0c:5b:8f:27:9a:64 [22765.769603] cdc_ncm 1-1.1:1.1 wwan0: register 'cdc_ncm' at usb-:00:1a.0-1.1, Mobile Broadband Network Device, 0c:5b:8f:27:9a:64 [22765.769961] scsi80 : usb-storage 1-1.1:1.2 [22765.770692] scsi81 : usb-storage 1-1.1:1.3 [22766.772145] scsi 81:0:0:0: Direct-Access HUAWEI TF CARD Storage 2.31 PQ: 0 ANSI: 2 [22766.772174] scsi 80:0:0:0: CD-ROMHUAWEI Mass Storage 2.31 PQ: 0 ANSI: 2 [22766.776568] sr1: scsi-1 drive [22766.778814] sd 81:0:0:0: [sdb] Attached SCSI
Re: [gentoo-user] 4G Stick Huawei E3276
next steps: Pulled HUAWEI Data Cards Linux Driver from http://www.huaweidevice.com/worldwide/downloadCenter.do?method=toDownloadFileflay=softwaresoftid=NDcwMzU= With this I was able to enter the PIN and get mobile broadband in NM ... although still no connection. The install-process of this driver-set is a bit problematic with gentoo ... some things don't fit too well and I assume that linux 3.8.4 doesn't fit exactly as well. But small progress, yes. Stefan
Re: [gentoo-user] Current Dells and UEFI/secureboot (or other showstoppers)?
130330 Walter Dnes wrote: I have 2 Dell desktops (production and hot backup) that are pushing 5 or 6 years of age, and I need to replace at least one. They simply can't keep up with HD video streams... * I'm running Gentoo with full optimizations * I'm running ICEWM with no desktop environment; see my sig So I don't think there are any more optimizations to be had, other than a new PC. Assuming there are no showstoppers, I'll be buying another Dell. They seem to last for me. Why don't you build a custom machine ? I've built 4 since 2000 : it's cheaper you get exactly what you want. IIRC you live in the Toronto area : I bought all my parts at Canada Computers on College St, which has an excellent website. There's lots of advice via this list once you decide to try. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] How to prevent a dns amplification attack
Am 29.03.2013 um 23:34 schrieb Paul Hartman paul.hartman+gen...@gmail.com: On Thu, Mar 28, 2013 at 7:49 PM, Peter Humphrey pe...@humphrey.ukfsn.org wrote: On Thursday 28 March 2013 20:53:49 Paul Hartman wrote: In my case, my ISP's DNS servers are slow (several seconds to reply), fail randomly when they should resolve, return an IP (which goes to their ad-laden helper website if you are using a web browser) when they should instead return nxdomain, and they have openly admitted to selling customer DNS lookup history to marketers for targeted advertising. That is just evil. Have you no alternative to this ISP? Not really. I have a 100 megabit connection through the cable company; my only wired alternative is DSL (1.5 mbit for almost half the price I'm paying for 100mbit). Cellular or satellite are not viable options for me because of comparatively poor value, latency and miniscule data usage caps. […] It is no longer legal for local governments to award monopolies, but the damage has been done. What we have is essentially the cable TV infrastructure that was laid out during the decade when local cable monopolies were legal, and the cost of entry for a new player into the market now is so high that nobody ever bothers. End result for consumers is a lack of choice. There are some places where competition exists, but those places are pretty rare, in my experience. There are some other possible alternatives to cable internet and DSL, such as municipal wifi, mesh networks, powerline and FTTx, but none are available where I live. The service I receive from the cable company here is actually excellent, with the exception of the aforementioned DNS woes. Pretty much every major ISP in the US does DNS-hijacking and other shenanigans, so there's no avoiding the evilness. I believe the board members of major cable and telecom companies would sell their own mothers into slavery if it meant a rise in share prices or a larger bonus at the end of the year... That is pretty much the same as what happened in Germany. The telephone network was build by the german postal service in the past and was run by the government. As we all know everything works better and cheaper when things are privatized, so the Deutsche Telekom was created and with it a semi monopoly over night. Regions not dense enough are not part of the developing plans of any of the companies. So if you are lucky like me, you are stuck with 16mbit DSL provided by one company rented by an other company. If people start to build their own network or a competitor reaches for a specific underdeveloped region, this region gets an upgrade like to DSL 3 Mbit or something like that, so the competitors draw of. If you are really lucky you live in a region which is really dense or a cable company provides you with internet, so you get 100mbit. But this is only a fraction of all people. If the government is confronted with this they say, the market will regulate that, which it does not. And if voices get too loud, the tell the companies to develop the underdeveloped regions, they shake hands on TV and nothing happens. And as Paul said, most ISP do DNS-hijacking and the like, which breaks things in incredible unexpected ways. So when i wrote this post to the mailing list and got answers like unnecessary crap and why make it available for everyone i thougt, this to be answers of some weirdos which should be ignored. Here you do not trust your ISP… you use the ISP which sucks less or the only one that gives you any internet at all. If you reach a certain level of knowledge, you change your DNS settings to free DNS servers and if you run a resolver you do it for the other poor souls as well. There are lists of unfiltered DNS Servers (http://www.ungefiltert-surfen.de/nameserver/de.html), which are checked regularly if they provide unfiltered answers an the like. And there are howtos for the average user on how to change the dns settings and to avoid your isp´s dns servers. Regards Norman
eudev - is it a viable *long-term* option? - WAS: Re: [gentoo-user] Updating our live servers. I'm scared!
On 2013-03-28 2:15 PM, Dale rdalek1...@gmail.com wrote: Just a thought. Have you thought about switching to eudev? That would solve some udev issues. Since you are running a hardened profile and servers, may not be a option tho. I'm curious... Is eudev still being 'maintained'? Does it still have any advantages over the new udev? I'm mostly concerned about getting so far behind that I end up in an untenable situation... ie, eudev dies in 1+ years, and the changes between now and then make it virtually to update to whatever is the new way...
Re: eudev - is it a viable *long-term* option? - WAS: Re: [gentoo-user] Updating our live servers. I'm scared!
I should have added that this is for a server (not hardened), so I don't care about hot plug this or that, I just care about stability and reliability with respect to updates not breaking booting capability... On 2013-03-30 10:39 AM, Tanstaafl tansta...@libertytrek.org wrote: On 2013-03-28 2:15 PM, Dale rdalek1...@gmail.com wrote: Just a thought. Have you thought about switching to eudev? That would solve some udev issues. Since you are running a hardened profile and servers, may not be a option tho. I'm curious... Is eudev still being 'maintained'? Does it still have any advantages over the new udev? I'm mostly concerned about getting so far behind that I end up in an untenable situation... ie, eudev dies in 1+ years, and the changes between now and then make it virtually to update to whatever is the new way...
Re: [gentoo-user] How to prevent a dns amplification attack
On Sat, 30 Mar 2013 13:06:16 +0100 Norman Rieß nor...@smash-net.org wrote: Am 29.03.2013 um 23:34 schrieb Paul Hartman paul.hartman+gen...@gmail.com: On Thu, Mar 28, 2013 at 7:49 PM, Peter Humphrey pe...@humphrey.ukfsn.org wrote: On Thursday 28 March 2013 20:53:49 Paul Hartman wrote: In my case, my ISP's DNS servers are slow (several seconds to reply), fail randomly when they should resolve, return an IP (which goes to their ad-laden helper website if you are using a web browser) when they should instead return nxdomain, and they have openly admitted to selling customer DNS lookup history to marketers for targeted advertising. That is just evil. Have you no alternative to this ISP? Not really. I have a 100 megabit connection through the cable company; my only wired alternative is DSL (1.5 mbit for almost half the price I'm paying for 100mbit). Cellular or satellite are not viable options for me because of comparatively poor value, latency and miniscule data usage caps. […] It is no longer legal for local governments to award monopolies, but the damage has been done. What we have is essentially the cable TV infrastructure that was laid out during the decade when local cable monopolies were legal, and the cost of entry for a new player into the market now is so high that nobody ever bothers. End result for consumers is a lack of choice. There are some places where competition exists, but those places are pretty rare, in my experience. There are some other possible alternatives to cable internet and DSL, such as municipal wifi, mesh networks, powerline and FTTx, but none are available where I live. The service I receive from the cable company here is actually excellent, with the exception of the aforementioned DNS woes. Pretty much every major ISP in the US does DNS-hijacking and other shenanigans, so there's no avoiding the evilness. I believe the board members of major cable and telecom companies would sell their own mothers into slavery if it meant a rise in share prices or a larger bonus at the end of the year... That is pretty much the same as what happened in Germany. The telephone network was build by the german postal service in the past and was run by the government. As we all know everything works better and cheaper when things are privatized, so the Deutsche Telekom was created and with it a semi monopoly over night. Regions not dense enough are not part of the developing plans of any of the companies. So if you are lucky like me, you are stuck with 16mbit DSL provided by one company rented by an other company. If people start to build their own network or a competitor reaches for a specific underdeveloped region, this region gets an upgrade like to DSL 3 Mbit or something like that, so the competitors draw of. If you are really lucky you live in a region which is really dense or a cable company provides you with internet, so you get 100mbit. But this is only a fraction of all people. If the government is confronted with this they say, the market will regulate that, which it does not. And if voices get too loud, the tell the companies to develop the underdeveloped regions, they shake hands on TV and nothing happens. And as Paul said, most ISP do DNS-hijacking and the like, which breaks things in incredible unexpected ways. So when i wrote this post to the mailing list and got answers like unnecessary crap and why make it available for everyone i thougt, this to be answers of some weirdos which should be ignored. Here you do not trust your ISP… you use the ISP which sucks less or the only one that gives you any internet at all. If you reach a certain level of knowledge, you change your DNS settings to free DNS servers and if you run a resolver you do it for the other poor souls as well. There are lists of unfiltered DNS Servers (http://www.ungefiltert-surfen.de/nameserver/de.html), which are checked regularly if they provide unfiltered answers an the like. And there are howtos for the average user on how to change the dns settings and to avoid your isp´s dns servers. Regards Norman There is also the possibility to use opendns.com I've been using them for years, and have not had any trouble. I started using them when my ISP decided to block some sites. And their standard service is free :) Best regards, Rene
Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack
On Sat, 30 Mar 2013 13:06:16 +0100 Norman Rieß nor...@smash-net.org wrote: As we all know everything works better and cheaper when things are privatized Actually No it's not so simple at all. You get incompetence in private and public and you may be more likely to get away with it for longer in a public service than in a market with competition but there are many examples where things simply get worse. In the UK, water companies were privatisied and fat cats made lots of money letting the pipes deteriorate for future generations. British Telecom, well that's a mixed bag but it is certainly a tiny shadow of it's original self. We know ideals and theory hardly ever work but theoretically public should be much better when well managed. I wonder if ISPS wouldn't be handling things like TalkTalks Homesafe in such a stupid manner (across the board is where it is stupid, even for non users of the service) where they redirect all the http traffic through an undoubtedly insecure layer 7 handling huawei device with less commercial pressures or analysing bandwidth at layer 7 when they should be doing so more safely and completely at layers 3 and 4 leading me to believe they are not just thinking about bandwidth usage. Why does it matter if you download 1000Gb via torrents or http. ACKs can be managed in any case. I'm glad open source is beginning to make strides into public services as it should help put an end to expensive interoperability issues (if we stay away from non posix things like systemd, though even then shouldn't be too bad ;-)).
Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack
On Sat, 30 Mar 2013 15:53:29 +0100 Rene Rasmussen gen...@paranoidix.dk wrote: There is also the possibility to use opendns.com I've been using them for years, and have not had any trouble. I started using them when my ISP decided to block some sites. And their standard service is free :) They also support dnscurve but I thought that in the case of non existing domain lookups they do show adverts? I don't see just that as a huge problem as long as they are not targetted though?
[gentoo-user] Udev update and persistent net rules changes
Ok, just read the new news item and the linked udev-guide wiki page, and the only thing left that I'm unsure/concerned about now is the persistent net rules changes... The very last line on the wiki page says: 4. Known problems Stale 70-persistent-net.rules (or other network rules) in /etc/udev/rules.d can prevent the predictable network naming from being enabled. Both 70-persistent-net.rules and 70-persistent-cd.rules are from the now deleted rule_generator These 'stale' 70- rules are all I have right now (again I'm still on udev-171-r10), and while the wiki page doesn't say what to do with/about them, it seems to hint that I could leave these in place and... they would still work as they did previously (prevent the predictable network naming from being enabled)? My system (8+ years old) has a Tyan motherboard (S2895) with dual Gb ethernet ports, with only one port currently used (but both are enabled in the BIOS so both are listed in my current rules file). Contents of rules.d: myhost : Sat Mar 30, 08:33:28 : ~ # ls -al /etc/udev/rules.d total 16 drwxr-xr-x 2 root root 4096 Feb 23 15:04 . drwxr-xr-x 4 root root 4096 Feb 23 15:04 .. -rw-r--r-- 1 root root 1187 Apr 11 2010 70-persistent-cd.rules -rw-r--r-- 1 root root 492 Feb 23 15:04 70-persistent-net.rules -rw-r--r-- 1 root root0 Feb 23 15:04 .keep_sys-fs_udev-0 myhost : Sat Mar 30, 08:33:29 : ~ Contents of 70-persistent-net.rules: # This file was automatically generated by the /lib/udev/write_net_rules # program, probably run by the persistent-net-generator.rules rules file. # # You can modify it, as long as you keep each rule on a single line. # PCI device 0x10de:0x0057 (forcedeth) SUBSYSTEM==net, DRIVERS==?*, ATTR{address}==00:e0:81:54:9c:8b, KERNEL==eth*, NAME=eth1 # PCI device 0x10de:0x0057 (forcedeth) SUBSYSTEM==net, DRIVERS==?*, ATTR{address}==00:e0:81:54:9c:8a, KERNEL==eth*, NAME=eth0 So... after reading the new news item, am I right that all I need to do to make sure that my network comes up properly is... edit the 80-* rule(s) that are created after udev is updated to make sure the same adapters that were named eth0/1 are now named net0/1, and the kernel will now take care of naming net0/1 eth0/1? Also, is it critical to remove (or at least rename) the old 70- rules *before* the update, or just be sure to do so before I reboot after the update? Thanks - I'm sure I'm just being paranoid, but it has helped me to avoid lots of pain in the past with other major updates on this system over these last 8+ years. (I'm not concerned about the cd rule because obviously that won't affect the system booting, so I can come back and fix this one later if needed)
[gentoo-user] udev-197 vs udev-200??
Ok, I don't understand this... Why is it that when I comment out the package.mask entries for udev: #=sys-fs/udev-181 #=virtual/udev-181 emerge -pvuND world shows updates to udev-197, with no mention of udev-200, but... when I uncomment them: =sys-fs/udev-181 =virtual/udev-181 emerge -pvuDN world shows updates to BOTH virtual/udev-197-r2 *and* udev-200, with strange Blockers referencing udev-186??? [ebuild U #] sys-fs/udev-200 [171-r10] USE=acl%* firmware-loader%* kmod%* openrc%* -doc% -gudev -hwdb -introspection -keymap (-selinux) -static-libs% (-action_modeswitch%) (-build%) (-debug%) (-edd%) (-extras%) (-floppy%) (-rule_generator%*) (-test%) 2,063 kB [ebuild U #] virtual/udev-197-r2 [171] USE=kmod -gudev -hwdb -introspection -keymap (-selinux) -static-libs 0 kB [ebuild N~] sys-fs/udev-init-scripts-25 5 kB ... [blocks B ] sys-fs/udev-186 (sys-fs/udev-186 is blocking sys-fs/udev-init-scripts-25) [blocks B ] sys-apps/module-init-tools (sys-apps/module-init-tools is blocking sys-apps/kmod-12-r1) [blocks B ] sys-apps/kmod (sys-apps/kmod is blocking sys-apps/module-init-tools-3.16-r2) followed by a whole bunch of new warnings: !!! Multiple package instances within a single package slot have been pulled !!! into the dependency graph, resulting in a slot conflict: virtual/udev:0 (virtual/udev-171::gentoo, installed) pulled in by (no parents that aren't satisfied by other packages in this slot) (virtual/udev-197-r2::gentoo, ebuild scheduled for merge) pulled in by =virtual/udev-197-r1 required by (sys-fs/udev-200::gentoo, ebuild scheduled for merge) (and 2 more with the same problem) sys-fs/udev:0 (sys-fs/udev-171-r10::gentoo, installed) pulled in by ~sys-fs/udev-171[gudev?,hwdb?,introspection?,keymap?,selinux?] required by (virtual/udev-171::gentoo, installed) (sys-fs/udev-200::gentoo, ebuild scheduled for merge) pulled in by =sys-fs/udev-197-r8[gudev?,hwdb?,introspection?,keymap?,kmod?,selinux?,static-libs?] required by (virtual/udev-197-r2::gentoo, ebuild scheduled for merge) It may be possible to solve this problem by using package.mask to prevent one of those packages from being selected. However, it is also possible that conflicting dependencies exist such that they are impossible to satisfy simultaneously. If such a conflict exists in the dependencies of two different packages, then those packages can not be installed simultaneously. For more information, see MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. The following keyword changes are necessary to proceed: (see package.accept_keywords in the portage(5) man page for more details) # required by sys-fs/udev-200[openrc] # required by virtual/udev-197-r2 # required by sys-apps/hwids-20130329[udev] # required by @selected # required by @world (argument) =sys-fs/udev-init-scripts-25 ~amd64 # required by virtual/udev-197-r2 # required by sys-apps/hwids-20130329[udev] # required by @selected # required by @world (argument) =sys-fs/udev-200 ~amd64 The following mask changes are necessary to proceed: (see package.unmask in the portage(5) man page for more details) # required by sys-fs/udev-200 # required by @selected # required by @world (argument) # /etc/portage/package.mask: #=dev-db/mariadb-5.2 #=dev-lang/php-5.4 =virtual/udev-197-r2 # required by virtual/udev-197-r2 # required by sys-apps/hwids-20130329[udev] # required by @selected # required by @world (argument) # /etc/portage/package.mask: #=dev-db/mariadb-5.2 #=dev-lang/php-5.4 =sys-fs/udev-200 NOTE: The --autounmask-keep-masks option will prevent emerge from creating package.unmask or ** keyword changes. That seems bizarre...
Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack
On 2013-03-30 11:15 AM, Kevin Chadwick ma1l1i...@yahoo.co.uk wrote: On Sat, 30 Mar 2013 15:53:29 +0100 Rene Rasmussen gen...@paranoidix.dk wrote: There is also the possibility to use opendns.com I've been using them for years, and have not had any trouble. I started using them when my ISP decided to block some sites. And their standard service is free :) They also support dnscurve but I thought that in the case of non existing domain lookups they do show adverts? This can be disabled... The biggest problem with using them (or google dns) is if you are running a mail server, you cannot use spamhaus or many other DNSBLs, because they don't work with these free DNS services: http://www.spamhaus.org/faq/section/DNSBL%20Usage#261
[gentoo-user] Re: Udev update and persistent net rules changes
On 2013-03-30, Tanstaafl tansta...@libertytrek.org wrote: Ok, just read the new news item and the linked udev-guide wiki page, and the only thing left that I'm unsure/concerned about now is the persistent net rules changes... The very last line on the wiki page says: 4. Known problems Stale 70-persistent-net.rules (or other network rules) in /etc/udev/rules.d can prevent the predictable network naming from being enabled. Both 70-persistent-net.rules and 70-persistent-cd.rules are from the now deleted rule_generator These 'stale' 70- rules are all I have right now (again I'm still on udev-171-r10), and while the wiki page doesn't say what to do with/about them, it seems to hint that I could leave these in place and... they would still work as they did previously (prevent the predictable network naming from being enabled)? My system (8+ years old) has a Tyan motherboard (S2895) with dual Gb ethernet ports, with only one port currently used (but both are enabled in the BIOS so both are listed in my current rules file). (And, more importantly, they're seen and handled by the running kernel.) [...] Contents of 70-persistent-net.rules: # PCI device 0x10de:0x0057 (forcedeth) SUBSYSTEM==net, DRIVERS==?*, ATTR{address}==00:e0:81:54:9c:8b, KERNEL==eth*, NAME=eth1 # PCI device 0x10de:0x0057 (forcedeth) SUBSYSTEM==net, DRIVERS==?*, ATTR{address}==00:e0:81:54:9c:8a, KERNEL==eth*, NAME=eth0 So... after reading the new news item, am I right that all I need to do to make sure that my network comes up properly is... edit the 80-* rule(s) that are created after udev is updated to make sure the same adapters that were named eth0/1 are now named net0/1, and the kernel will now take care of naming net0/1 eth0/1? You can either remove it and get what udev gives you (a bit more cryptic, but it is supposed to be somewhat persistent unless the cards are moved around, or there are major kernel changes), or you can give them the names you want, as far as it's not ethX. But you will always have to update other config files (firewall, init scripts, etc.) to have the new names. Also, is it critical to remove (or at least rename) the old 70- rules *before* the update, or just be sure to do so before I reboot after the update? No idea, I'd expect it to be only needed for the reboot, but I don't know udev *that* well. Thanks - I'm sure I'm just being paranoid, but it has helped me to avoid lots of pain in the past with other major updates on this system over these last 8+ years. (I'm not concerned about the cd rule because obviously that won't affect the system booting, so I can come back and fix this one later if needed) -- Nuno Silva (aka njsg) http://njsg.sdf-eu.org/
Re: eudev - is it a viable *long-term* option? - WAS: Re: [gentoo-user] Updating our live servers. I'm scared!
Tanstaafl wrote: I should have added that this is for a server (not hardened), so I don't care about hot plug this or that, I just care about stability and reliability with respect to updates not breaking booting capability... As far as I know, it is actively maintained. Do I see the people banging hammers, no. lol I did have a update on eudev tho: Sun Feb 10 20:07:23 2013 sys-fs/eudev-1_beta2-r2 merge time: 55 seconds. This is from the changelog for eudev: 10 Mar 2013; Anthony G. Basile bluen...@gentoo.org eudev-.ebuild: Remove hacky export ac_cv_path_GPERF=true since the check is merged upstream 10 Mar 2013; Anthony G. Basile bluen...@gentoo.org eudev-.ebuild: Depend on gperf only if USE=keymap, bug #452760 20 Feb 2013; Anthony G. Basile bluen...@gentoo.org files/40-gentoo.rules: Sync 40-gentoo.rules with sys-fs/udev, bug #457868 *eudev-1_beta2-r2 (10 Feb 2013) 10 Feb 2013; Anthony G. Basile bluen...@gentoo.org +eudev-1_beta2-r2.ebuild, -eudev-1_beta2-r1.ebuild: Rev bump to push out root fix, bug #456384 09 Feb 2013; Luca Barbato lu_z...@gentoo.org eudev-1_beta2-r1.ebuild, eudev-.ebuild, +files/eudev-hwdb-offset-root.patch: Update eudev ebuilds to support ROOT properly It seems the latest change was March 10 which was not long ago. As I mentioned earlier, I have plugged in USB sticks, cameras, printers and such pretty regular. The eudev fork has worked fine for me. Servers seem to worry less about *new stuff* since they usually run with what they have at boot time anyway. Heck, mdev may would work fine for you too. It seems based on reading the -dev list that udev is about to introduce some more changes. I'm hoping those don't affect me either. I just noticed that someone else on this list has ran into the news message for it too and has questions already. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!
Re: [gentoo-user] udev-197 vs udev-200??
On Sat, 30 Mar 2013 11:24:49 -0400, Tanstaafl wrote: Why is it that when I comment out the package.mask entries for udev: #=sys-fs/udev-181 #=virtual/udev-181 emerge -pvuND world shows updates to udev-197, with no mention of udev-200, but... Because you're running stable? Versions higher than 197-r8 are still in testing. -- Neil Bothwick Meow SPLAT! Woof SPLAT!Jeez, it's really raining today. signature.asc Description: PGP signature
Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack
Am 30.03.2013 16:11, schrieb Kevin Chadwick: On Sat, 30 Mar 2013 13:06:16 +0100 Norman Rieß nor...@smash-net.org wrote: As we all know everything works better and cheaper when things are privatized Actually No it's not so simple at all. You get incompetence in private and public and you may be more likely to get away with it for longer in a public service than in a market with competition but there are many examples where things simply get worse. In the UK, water companies were privatisied and fat cats made lots of money letting the pipes deteriorate for future generations. British Telecom, well that's a mixed bag but it is certainly a tiny shadow of it's original self. We know ideals and theory hardly ever work but theoretically public should be much better when well managed. I wonder if ISPS wouldn't be handling things like TalkTalks Homesafe in such a stupid manner (across the board is where it is stupid, even for non users of the service) where they redirect all the http traffic through an undoubtedly insecure layer 7 handling huawei device with less commercial pressures or analysing bandwidth at layer 7 when they should be doing so more safely and completely at layers 3 and 4 leading me to believe they are not just thinking about bandwidth usage. Why does it matter if you download 1000Gb via torrents or http. ACKs can be managed in any case. I'm glad open source is beginning to make strides into public services as it should help put an end to expensive interoperability issues (if we stay away from non posix things like systemd, though even then shouldn't be too bad ;-)). I think, you did not spot the sarcasm in what i said :-).
Re: [gentoo-user] udev-197 vs udev-200??
On 2013-03-30 12:42 PM, Neil Bothwick n...@digimed.co.uk wrote: On Sat, 30 Mar 2013 11:24:49 -0400, Tanstaafl wrote: Why is it that when I comment out the package.mask entries for udev: #=sys-fs/udev-181 #=virtual/udev-181 emerge -pvuND world shows updates to udev-197, with no mention of udev-200, but... Because you're running stable? Versions higher than 197-r8 are still in testing. Right... hence my question... why if I comment out those lines do I now see all of these other weird updates for udev-200?
[gentoo-user] jedit : no keyboard input possible
Hi, after quite some time I have tried to use jedit again. To my surprise, I cannot input any key (the mouse is working though). I've tried a trivial Keyboard read test written in Java which works just fine. What's going on here? Many thanks for a hint, Helmut.
Re: [gentoo-user] udev-197 vs udev-200??
On 03/30/2013 11:24 PM, Tanstaafl wrote: Ok, I don't understand this... Why is it that when I comment out the package.mask entries for udev: #=sys-fs/udev-181 #=virtual/udev-181 emerge -pvuND world shows updates to udev-197, with no mention of udev-200, but... when I uncomment them: =sys-fs/udev-181 =virtual/udev-181 emerge -pvuDN world shows updates to BOTH virtual/udev-197-r2 *and* udev-200, with strange Blockers referencing udev-186??? [ebuild U #] sys-fs/udev-200 [171-r10] USE="acl%* firmware-loader%* kmod%* openrc%* -doc% -gudev -hwdb -introspection -keymap (-selinux) -static-libs% (-action_modeswitch%) (-build%) (-debug%) (-edd%) (-extras%) (-floppy%) (-rule_generator%*) (-test%)" 2,063 kB [ebuild U #] virtual/udev-197-r2 [171] USE="kmod -gudev -hwdb -introspection -keymap (-selinux) -static-libs" 0 kB [ebuild N ~] sys-fs/udev-init-scripts-25 5 kB ... [blocks B ] sys-fs/udev-186 ("sys-fs/udev-186" is blocking sys-fs/udev-init-scripts-25) [blocks B ] sys-apps/module-init-tools ("sys-apps/module-init-tools" is blocking sys-apps/kmod-12-r1) [blocks B ] sys-apps/kmod ("sys-apps/kmod" is blocking sys-apps/module-init-tools-3.16-r2) My reading is: there are some packages either in your tree or being pulled in that require a later version of udev. So even if you mask udev-197, it's still being pulled in by something else. You have to uninstall / mask those package versions as well. How they got there or what they are, I don't know. If you're unlucky that might just be because the portage tree was in the middle of syncing... As for 186, emerge is hilariously tripping all over itself here. sys-fs/udev is being upgraded, but it requires udev-init-scripts to be installed. And udev-init-scripts conflicts with older versions of udev which is installed, so... Try increasing the backtrack to see if emerge can resolve it automatically. --backtrack=30. If it can't, the canon advice would be to manually uninstall (emerge -C --deselect=n) the older version before installing the newer one.
[gentoo-user] Re: [seriously O/T] How to prevent a dns amplification attack
On Saturday 30 Mar 2013 15:11:17 Kevin Chadwick wrote: On Sat, 30 Mar 2013 13:06:16 +0100 Norman Rieß nor...@smash-net.org wrote: As we all know everything works better and cheaper when things are privatized Actually No it's not so simple at all. You get incompetence in private and public and you may be more likely to get away with it for longer in a public service than in a market with competition but there are many examples where things simply get worse. In the UK, water companies were privatisied and fat cats made lots of money letting the pipes deteriorate for future generations. British Telecom, well that's a mixed bag but it is certainly a tiny shadow of it's original self. We know ideals and theory hardly ever work but theoretically public should be much better when well managed. Well, as you said, ... it's not so simple at all. ;-) Errors, incompetence, inefficiencies due to organisational friction and poor structures, plus perverse incentives exist in all organisations. They feed on human traits and do not depend simply on the public, or private type of ownership, despite what political propaganda based on the prevailing Neo- liberal economic dogma would have you believe. In the UK, in particular, we have had railways, water, gas and energy all privatised and costs increased 3 to 4 times as a minimum, while performance in many cases decreased dramatically. Failed privatisations and re- nationalisation en mass of railways is an example where fat subsidies to the private sector did not produce the improvements in performance or cost efficiencies promised at the beginning. The UK government is now pushing with the privatisation of the Health Service, despite the majority of studies showing that a public ownership model is a more cost effective model. British Telecom was actually a mixed bag, i.e. there are areas of improvement, especially where technological innovation could be easily taken advantage of (read low business risk). Economic theory speaks of 'natural monopolies' where high risk and very long term investments with relatively low returns, make public ownership more suitable. Typically these kind of industries are better and cheaper managed under public ownership; i.e. goals of ownership and those of customers/users are better aligned. However, markets with smaller scope and and shorter life span, is where private sector ownership and competition thrives and excels. I wonder if ISPS wouldn't be handling things like TalkTalks Homesafe in such a stupid manner (across the board is where it is stupid, even for non users of the service) where they redirect all the http traffic through an undoubtedly insecure layer 7 handling huawei device with less commercial pressures or analysing bandwidth at layer 7 when they should be doing so more safely and completely at layers 3 and 4 leading me to believe they are not just thinking about bandwidth usage. Why does it matter if you download 1000Gb via torrents or http. ACKs can be managed in any case. I'm glad open source is beginning to make strides into public services as it should help put an end to expensive interoperability issues (if we stay away from non posix things like systemd, though even then shouldn't be too bad ;-)). Talk-Talk is not the only UK ISP who undertakes deep-packet inspection, and filtering of DNS. There was a debacle only a couple of years ago when TalkTalk (along with Virgin, PlusNet, and Sky I think) gave their users' details to some lawyer who in turn blackmailed them with a law suit against their alleged p2p activity. Some users paid him, but most told him where to go and stick his head! I think his email account and company PC was also hacked and a lot of information leaked. He ended up in court for failing to protect private data! :D -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Current Dells and UEFI/secureboot (or other showstoppers)?
On 30 March 2013, at 04:20, Walter Dnes wrote: ... * it could keep up with Youtube 480p videos fullscreen under ADSL 5 megabit service. The stream was the limit. * after the speed was bumped up, it could keep up with Youtube 720p videos fullscreen under ADSL 6 megabit service. The stream was the limit. The download still couldn't keep up with 1080p videos. * This week, I moved from legacy 6 GAS to FTTN 7. Unlike GAS, FTTN speeds are net, not gross. So my Speedtest.net results jumped from approx 5.1-5.2 megabits to 7.1-7.2 megabits, and it can keep up with 1080p streams. Sorry, but the speed of your broadband is irrelevant. You can show the resolution and format of YouTube videos with: youtube-dl -F http://www.youtube.com/watch?v=US3Px2sePWk (package is net-misc/youtube-dl) Decide whether or not you need a new PC and make a new post - UEFI/secureboot is irrelevant to poor YouTube performance. Stroller.
Re: eudev - is it a viable *long-term* option? - WAS: Re: [gentoo-user] Updating our live servers. I'm scared!
On Mar 30, 2013 9:48 PM, Tanstaafl tansta...@libertytrek.org wrote: I should have added that this is for a server (not hardened), so I don't care about hot plug this or that, I just care about stability and reliability with respect to updates not breaking booting capability... On 2013-03-30 10:39 AM, Tanstaafl tansta...@libertytrek.org wrote: On 2013-03-28 2:15 PM, Dale rdalek1...@gmail.com wrote: Just a thought. Have you thought about switching to eudev? That would solve some udev issues. Since you are running a hardened profile and servers, may not be a option tho. I'm curious... Is eudev still being 'maintained'? Does it still have any advantages over the new udev? I'm mostly concerned about getting so far behind that I end up in an untenable situation... ie, eudev dies in 1+ years, and the changes between now and then make it virtually to update to whatever is the new way... All my servers use mdev. 'nuff said. Rgds, --
Re: [gentoo-user] udev-197 vs udev-200??
On Sat, 30 Mar 2013 12:49:52 -0400, Tanstaafl wrote: emerge -pvuND world shows updates to udev-197, with no mention of udev-200, but... Because you're running stable? Versions higher than 197-r8 are still in testing. Right... hence my question... why if I comment out those lines do I now see all of these other weird updates for udev-200? --tree should show what is asking for a later udev. Either you are running some testing packages or you have found a bug. -- Neil Bothwick Windows booting: insert CD-ROM 2. signature.asc Description: PGP signature
Re: [gentoo-user] udev-197 vs udev-200??
On Sat, 30 Mar 2013 18:46:43 +, Neil Bothwick wrote: Because you're running stable? Versions higher than 197-r8 are still in testing. Right... hence my question... why if I comment out those lines do I now see all of these other weird updates for udev-200? --tree should show what is asking for a later udev. Either you are running some testing packages or you have found a bug. I've just synced again and udev-200 has gone stable. -- Neil Bothwick Procedure: (n.) a method of performing a program sub-task in an inefficient way by extensively using the stack instead of a GOTO. signature.asc Description: PGP signature
Re: [gentoo-user] Current Dells and UEFI/secureboot (or other showstoppers)?
On Sat, Mar 30, 2013 at 05:39:15PM +, Stroller wrote Decide whether or not you need a new PC and make a new post - UEFI/secureboot is irrelevant to poor YouTube performance. I may not have been as clear as I wanted to be. With the increase in my download speed, the bottleneck to Youtube/etc performance is now my PC. I *HAVE* decided to replace it. The only question is with what. As per the subject line, I'm asking if current Dells have any showstoppers for Gentoo. If not, I'll probably go with a Dell. My usage patterns may be different from yours, but Dells have lasted more years for me than other brands or custom-built machines. -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
Re: [gentoo-user] Current Dells and UEFI/secureboot (or other showstoppers)?
On 31/03/2013 00:20, Walter Dnes wrote: On Sat, Mar 30, 2013 at 05:39:15PM +, Stroller wrote Decide whether or not you need a new PC and make a new post - UEFI/secureboot is irrelevant to poor YouTube performance. I may not have been as clear as I wanted to be. With the increase in my download speed, the bottleneck to Youtube/etc performance is now my PC. I *HAVE* decided to replace it. The only question is with what. As per the subject line, I'm asking if current Dells have any showstoppers for Gentoo. If not, I'll probably go with a Dell. My usage patterns may be different from yours, but Dells have lasted more years for me than other brands or custom-built machines. I don't know what your budget is, but if you can afford a Precision, buy a Precision. I'll give you some numbers. We are 1600 staff in the company, more than half are entitled to laptops. Low level staff are encouraged to get HPs and mid-level Dell's. More senior staff can basically get any model they want up to a maximum price (which is very generous). Two models are popular: Precision M4700 - over 50 bought so far Whatever Apple thingie Apple sells today The procurement guy won't tell me failure numbers for Apple (he's embarrassed). For the Dells, zero maintenance callouts for failure. To break them, you have to drop them or hit them or stand on them to break them. This one of mine is an M4600, the previous model. It's 15 months old and has given me zero issues just like the 5 Dells before it in a row :-) Same for the wife's (she got one too) The few fellows that got the 17 M6700 range reckon it is actually too big and heavy, stick with the 15 models. Gentoo installs on this one just fine, I use it in BIOS mode, but UEFI works great. I switched back simply because I don't fully grok UEFI and BIOS is familiar ground. All the other Linux users report the same results, including those who bought the XPS range. Two tips though: Don't upsize a Precision to an optical slot drive, stick with the standard tray (dodgy discs stick inside and cause woes). Get the larger 9 cell battery, the 6 cell sucks on battery life -- Alan McKinnon alan.mckin...@gmail.com
[gentoo-user] Difference between --update and --emptytree?
Did an update today. After the update, I checked again... [d531][waltdnes][~] emerge -pv --update --changed-use world These are the packages that would be merged, in order: Calculating dependencies... done! Total: 0 packages, Size of downloads: 0 kB Good... nothing to add... I think. But replace --update with --emptytree, and a whole bunch of new and updated stuff shows up. Is there a logical explanation? Should I emerge world? Or just the new and updated stuff (with the -1 flag)? Here are listings of the new and updated stuff... [d531][waltdnes][~] emerge -pv --changed-use --emptytree world | grep ' N ' [ebuild N ] virtual/perl-Locale-Maketext-Simple-0.210.0-r2 0 kB [ebuild N ] virtual/perl-Package-Constants-0.20.0-r2 0 kB [ebuild N ] virtual/perl-IO-Zlib-1.100.0-r2 0 kB [ebuild N ] perl-core/Compress-Raw-Bzip2-2.60.0 133 kB [ebuild N ] perl-core/Compress-Raw-Zlib-2.60.0 231 kB [ebuild N ] perl-core/Params-Check-0.360.0 12 kB [ebuild N ] perl-core/Module-CoreList-2.800.0 57 kB [ebuild N ] perl-core/Module-Load-0.240.0 6 kB [ebuild N ] virtual/perl-Params-Check-0.360.0 0 kB [ebuild N ] virtual/perl-Compress-Raw-Bzip2-2.60.0 0 kB [ebuild N ] virtual/perl-Compress-Raw-Zlib-2.60.0 0 kB [ebuild N ] virtual/perl-Module-CoreList-2.800.0 0 kB [ebuild N ] virtual/perl-Module-Load-0.240.0 0 kB [ebuild N ] perl-core/IO-Compress-2.60.0 238 kB [ebuild N ] virtual/perl-IO-Compress-2.60.0 0 kB [ebuild N ] perl-core/Archive-Tar-1.900.0 57 kB [ebuild N ] perl-core/Module-Load-Conditional-0.540.0 13 kB [ebuild N ] virtual/perl-Module-Load-Conditional-0.540.0 0 kB [ebuild N ] perl-core/IPC-Cmd-0.780.0 27 kB [ebuild N ] virtual/perl-IPC-Cmd-0.780.0 0 kB [ebuild N ] perl-core/CPAN-Meta-Requirements-2.122.0 21 kB [ebuild N ] virtual/perl-CPAN-Meta-Requirements-2.122.0 0 kB [ebuild N ] dev-lang/vala-0.18.1:0.18 USE={-test} -vapigen 0 kB [d531][waltdnes][~] emerge -pv --changed-use --emptytree world | grep ' U ' [ebuild U ] app-arch/rpm2targz-9.0.0.5g [9.0.0.4g] 6 kB [ebuild U ] gnome-base/gnome-common-3.6.0:3 [3.1.0:3] 141 kB [ebuild U ] dev-lang/nasm-2.10.07 [2.10.05] USE=-doc 665 kB [ebuild U ] perl-core/version-0.990.100 [0.940.0] 105 kB [ebuild U ] perl-core/Test-Harness-3.260.0 [3.230.0] 288 kB [ebuild U ] perl-core/Scalar-List-Utils-1.270.0 [1.230.0] 68 kB [ebuild U ] perl-core/CPAN-Meta-YAML-0.8.0 [0.4.0] 31 kB [ebuild U ] perl-core/ExtUtils-Manifest-1.610.0 [1.580.0] 29 kB [ebuild U ] perl-core/ExtUtils-Install-1.540.0 [1.54] 0 kB [ebuild U ] virtual/perl-version-0.990.100 [0.940.0] 0 kB [ebuild U ] virtual/perl-Scalar-List-Utils-1.270.0 [1.230.0-r2] 0 kB [ebuild U ] virtual/perl-CPAN-Meta-YAML-0.8.0 [0.4.0] 0 kB [ebuild U ] virtual/perl-Test-Harness-3.260.0 [3.230.0-r3] 0 kB [ebuild U ] virtual/perl-ExtUtils-Manifest-1.610.0 [1.580.0-r1] 0 kB [ebuild U ] virtual/perl-ExtUtils-Install-1.540.0 [1.54] 0 kB [ebuild U ] perl-core/Module-Metadata-1.0.11 [1.0.6] 27 kB [ebuild U ] perl-core/Parse-CPAN-Meta-1.440.400 [1.440.100] 8 kB [ebuild U ] virtual/perl-Parse-CPAN-Meta-1.440.400 [1.440.100-r2] 0 kB [ebuild U ] virtual/perl-Module-Metadata-1.0.11 [1.0.6] 0 kB [ebuild U ] virtual/perl-Archive-Tar-1.900.0 [1.54] 0 kB [ebuild U ] perl-core/ExtUtils-CBuilder-0.280.205 [0.27.03] 34 kB [ebuild U ] virtual/perl-ExtUtils-CBuilder-0.280.205 [0.27.03] 0 kB [ebuild U ] perl-core/ExtUtils-MakeMaker-6.640.0 [6.620.0] 412 kB [ebuild U ] virtual/perl-ExtUtils-MakeMaker-6.640.0 [6.620.0] 0 kB [ebuild U ] perl-core/CPAN-Meta-2.120.921 [2.112.621] 75 kB [ebuild U ] virtual/perl-CPAN-Meta-2.120.921 [2.112.621] 0 kB [ebuild U ] perl-core/Module-Build-0.400.300 [0.380.0] USE={-test%} 301 kB [ebuild U ] virtual/perl-Module-Build-0.400.300 [0.380.0-r2] 0 kB [ebuild U ] app-arch/libarchive-3.0.4-r1 [3.0.3] USE=bzip2 zlib -acl -e2fsprogs -expat -iconv -lzma -nettle -static-libs -xattr 3,548 kB -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
Re: [gentoo-user] Difference between --update and --emptytree?
On Sat, Mar 30, 2013 at 9:49 PM, Walter Dnes waltd...@waltdnes.org wrote: Did an update today. After the update, I checked again... [d531][waltdnes][~] emerge -pv --update --changed-use world These are the packages that would be merged, in order: Calculating dependencies... done! Total: 0 packages, Size of downloads: 0 kB Good... nothing to add... I think. But replace --update with --emptytree, and a whole bunch of new and updated stuff shows up. Is there a logical explanation? Should I emerge world? Or just the new and updated stuff (with the -1 flag)? Here are listings of the new and updated stuff... The extra stuff is probably build-time deps, which do not get updated by default. Try this: emerge -pv --update --changed-use --with-bdeps=y world
Re: [gentoo-user] How to prevent a dns amplification attack
On Thu, Mar 28, 2013 at 3:51 AM, Norman Rieß nor...@smash-net.org wrote: Hello, i am using pdns recursor to provide a dns server which should be usable for everybody.The problem is, that the server seems to be used in dns amplification attacks. I googled around on how to prevent this but did not really find something usefull. Does anyone got an idea about this? Coincidentally, yesterday US-CERT published a small article about DNS amplification attacks and mitigation strategies: http://www.us-cert.gov/ncas/alerts/TA13-088A
Re: [gentoo-user] Difference between --update and --emptytree?
On Sat, Mar 30, 2013 at 10:04:24PM -0400, Mike Gilbert wrote On Sat, Mar 30, 2013 at 9:49 PM, Walter Dnes waltd...@waltdnes.org wrote: Did an update today. After the update, I checked again... [d531][waltdnes][~] emerge -pv --update --changed-use world These are the packages that would be merged, in order: Calculating dependencies... done! Total: 0 packages, Size of downloads: 0 kB Good... nothing to add... I think. But replace --update with --emptytree, and a whole bunch of new and updated stuff shows up. Is there a logical explanation? Should I emerge world? Or just the new and updated stuff (with the -1 flag)? Here are listings of the new and updated stuff... The extra stuff is probably build-time deps, which do not get updated by default. Try this: emerge -pv --update --changed-use --with-bdeps=y world I see nothing at all to be emerged... [d531][waltdnes][~] emerge -pv --update --changed-use --with-bdeps=y world These are the packages that would be merged, in order: Calculating dependencies... done! Total: 0 packages, Size of downloads: 0 kB I've written an autodepclean script that I run to guide me through cleaning up orphaned dependancies. Think of it as a sane depclean. After each use, I run revdep-rebuild to ensure that nothing is broken. Could this be at the root of my situation? -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
Re: [gentoo-user] Current Dells and UEFI/secureboot (or other showstoppers)?
Sorry if I was terse in my previous reply. On 30 March 2013, at 22:20, Walter Dnes wrote: ... As per the subject line, I'm asking if current Dells have any showstoppers for Gentoo. If not, I'll probably go with a Dell. I would think Dell would probably be a very good choice. I know that they support Linux on all their PowerEdge servers (RedHat and I think Suse and now recently they've added Ubuntu certification), and I wouldn't be at all surprised if they offered Linux-supported desktops, too. I'd be surprised if there was a Dell that Linux didn't run on, TBH. My usage patterns may be different from yours, but Dells have lasted more years for me than other brands or custom-built machines. Yeah, I have most always recommended Dell, myself. Generally speaking they have best, or amongst the best, economies of scale when it comes to off-the-shelf desktop PCs. Gamers are never satisfied with the graphics cards in off-the-shelf desktop PCs, everyone else is. It's all very well building your own PC - and I'll likely do that myself next time - until you're posting here saying I'm experiencing random reboots and kernel panics, every 12 hours or so, and I don't know which of these dozen components to return to the supplier. You can spend hours debugging that - I've known such hardware crashes to be caused by RAM, by power supplies and even by floppy drives and CD-ROMs - and it's more than my time's worth, honestly. It's worth a hundred quid to me not to have to deal with that. I've had amazing service on Dell's business support, even at the bronze level. An acquaintance's son's laptop died with a failed GPU and regular artefacts at 13 months old, warranty expired by a month. One snotty letter later, sale of goods act, european law, up to 6 years and a little Dell man was on his doorstep, very helpful. http://lists.us.dell.com/ I don't have experience of UEFI/secureboot, but I'll bet that the popular alarm is unwarranted. Microsoft are trying to make it impossible to boot linux is the sort of think we've been hearing since Halloween '98. Stroller.