Re: [gentoo-user] Icons at startup of a KDE session
Le Tuesday 10 August 2010 22:48:34, Petric Frank a écrit : Hello, On Tuesday, 10. August 2010 20:26:29 Petric Frank wrote: i've installed Gentoo and KDE 4.4 on an AMD64 system, configured /etc/conf.d/xdm to start kdm as login server. To be clear - it is not an 64 Bit OS, it is still x86. After login the KDE4 desktop starts up - a little box with at least 5 or 6 icons in it where one after the other icon displays blurred and then comes clear (Disk, Tools, World, ...). This process stops at the fourth icon (after the world icon) which remains blurred. At this stage the PC simply hangs - no ssh, no VT-switch, nothing. So my first question is - what stage the fourth icon stands for. And where to look for the issue. After a reboot to the command line i viewed the logs (/var/log/messages, /var/log/Xorg.0.log) but nothing looks suspicious. The last line in /var/log/messages reads: timestamp hostname kdm: 0:[pid]: pam_unix(kde:session): session opened for ... The user was newly created using useradd -m -g ...). There was no .kde4 directory in his home directory. Usually i add new users also to the plugdev group. As a test i removed the user from this group i got past the plash screen. Now the normal screen came up. So it seems that the problem has something to do with the plugging system. At which places i should throw an eye ? regards Petric first of all, do you have some disk space in your $HOME ? kde won't start until it have some space ... -- Stéphane Guedon page web : http://www.22decembre.eu/ carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf clé publique gpg : http://www.22decembre.eu/downloads/Stephane-Guedon.asc signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice
Walter Dnes wrote: On Tue, Aug 10, 2010 at 09:16:20PM -0500, Dale wrote I used to use wvdial as well as pon and I don't recall having to be root. I added myself the dial-up group if I recall correctly. It just worked for me. I also don't use sudo here either. ;-) As I mentioned, I also have to copy a new ssmtp.conf. I'm aware of the -C option for ssmtp, but then I'd have to muck around with mutt when switching between ADSL and dialup. This way, mutt doesn't care. It just works. A, so it's not pon that needs the permissions but another program. That makes sense. Sort of had me confused for a minute. Don't worry, I have those minutes a lot. lol They sometimes pass pretty quick but some take a bit longer. Dale :-) :-)
Re: [gentoo-user] How can I create dynamic link?
On Wednesday 11 August 2010 00:09:13 Bill Longman wrote: On 08/10/2010 02:06 PM, Jarry wrote: Hi, I am facing this problem: I have subdirectory, let's say /some/dir. I would like to create some kind of dynamic and preliminary link, so that any future subdirectories, created later in /some will in fact be links, pointing to /some/dir. So if later any user does: cd /some mkdir whatever There should not be subdirectory /some/whatever, but actually link: /some/whatever - /some/dir Is it possible? Unless you write your own kernel module, the answer is No. The slightly longer answer is that the idea, as presented, is stupid. Looks like a foolish grasp at a solution for a problem. If the OP wants a link in /some/ he needs to make one using ln If the OP wants a subdir in /some/ he needs to make one using mkdir There is no magic way to turn one into the other because they are different. It appears to me that he finds things like /some/otherdir/ that should never have been created at all and their contents should have gone into /some/dir/ instead. There's an easy solution to that: remove write permission from /some/ and add it to /some/dir/ for all users that write to /some/dir/. They can't create the wrong directories without permissions. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Icons at startup of a KDE session
Petric Frank writes: All hints are welcome. I had weird effects when I had forgotten to set the sticky bit on /tmp. ls wo...@weird ~ $ ls -ld /tmp drwxrwxrwt 16 root root 4096 11. Aug 10:48 /tmp If this ^ t is missing, do a chmod +t /tmp, and try again. Wonko
Re: [gentoo-user] write failed on dvd with growisofs
On Tue, Aug 10, 2010 at 11:14:55PM +0200, Joerg Schilling wrote: li...@gabriel-striewe.de wrote: Hello, I am incurring a strange problem when trying to burn DVDs. When I apply the command: # growisofs -dvd-compat -Z /dev/sr0 -R -J test/ I get the following output: Executing 'mkisofs -R -J test/ | builtin_dd of=/dev/sr0 obs=32k seek=0' Total translation table size: 0 Total rockridge attributes bytes: 273 Total directory bytes: 0 Path table size(bytes): 10 Max brk space used 0 182 extents written (0 MB) /dev/sr0: Current Write Speed is 2.5x1352KBps. :-[ wr...@lba=0h failed with SK=5h/WRITE PROTECTED]: Input/output error :-( write failed: Input/output error Did you try to use cdrecord instead? Did you try to kill hald before? J?rg /etc/init.d/hald status * status: stopped using cdrecord on a DVD+RW works fine, but I have this error when I try to burn a DVD-R: gstri...@laptop ~ $ cdrecord -v dev=0,1,0 test.iso cdrecord: No write mode specified. cdrecord: Assuming -sao mode. cdrecord: If your drive does not accept -sao, try -tao. cdrecord: Future versions of cdrecord may have different drive dependent defaults. Cdrecord-ProDVD-ProBD-Clone 3.00 (i686-pc-linux-gnu) Copyright (C) 1995-2010 Jrg Schilling TOC Type: 1 = CD-ROM scsidev: '0,1,0' scsibus: 0 target: 1 lun: 0 Linux sg driver version: 3.5.34 Using libscg version 'schily-0.9'. SCSI buffer size: 64512 atapi: 1 Device type: Removable CD-ROM Version: 5 Response Format: 2 Capabilities : Vendor_info: 'SONY' Identifikation : 'DVD RW DW-Q58A ' Revision : 'UFS2' Device seems to be: Generic mmc2 DVD-R/DVD-RW/DVD-RAM. Current: DVD+R Profile: DVD+R/DL Profile: DVD+R (current) Profile: DVD+RW Profile: DVD-RW sequential recording Profile: DVD-RW restricted overwrite Profile: DVD-R sequential recording Profile: DVD-ROM Profile: CD-RW Profile: CD-R Profile: CD-ROM cdrecord: Warning: controller returns wrong page 3 for Ricoh Vendor Page page (30). Using generic SCSI-3/mmc-3 DVD+R driver (mmc_dvdplusr). Driver flags : NO-CD DVD MMC-3 SWABAUDIO BURNFREE Supported modes: PACKET SAO Drive buf size : 1602048 = 1564 KB cdrecord: Warning: Cannot read drive buffer. cdrecord: Warning: The DMA speed test has been skipped. FIFO size : 4194304 = 4096 KB Track 01: data 0 MB padsize: 236 KB Total size:0 MB = 300 sectors Blocks total: 2295104 Blocks current: 2295104 Blocks remaining: 2294804 Reducing transfer size from 64512 to 32768 bytes. cdrecord: Warning: controller returns wrong page 3 for Ricoh Vendor Page page (30). Starting to write CD/DVD/BD at speed 2 in real SAO mode for single session. Last chance to quit, starting real write0 seconds. Operation starts. Waiting for reader process to fill input buffer ... input buffer ready. Starting new track at sector: 0 Track 01:0 of0 MB written.cdrecord: Input/output error. write_g1: scsi sendcmd: no error CDB: 2A 00 00 00 00 00 00 00 10 00 status: 0x2 (CHECK CONDITION) Sense Bytes: 70 00 05 00 00 00 00 0A 00 00 00 00 27 00 00 00 Sense Key: 0x5 Illegal Request, Segment 0 Sense Code: 0x27 Qual 0x00 (write protected) Fru 0x0 Sense flags: Blk 0 (not valid) cmd finished after 0.014s timeout 200s write track data: error after 0 bytes cdrecord: A write error occured. cdrecord: Please properly read the error message above. Writing time:5.037s Average write speed 0.1x. Fixating... Fixating time:0.009s cdrecord: fifo had 12 puts and 1 gets. cdrecord: fifo was 0 times empty and 0 times full, min fill was 100%. Hope this helps somehow. Thank you for your quick response.. Gabriel
Re: [gentoo-user] write failed on dvd with growisofs
li...@gabriel-striewe.de wrote: /etc/init.d/hald status * status: stopped using cdrecord on a DVD+RW works fine, but I have this error when I try to burn a DVD-R: OK, could you send the outout from cdrecord -v -minfo with this medium? Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [gentoo-user] write failed on dvd with growisofs
On Wed, Aug 11, 2010 at 03:18:57PM +0200, Joerg Schilling wrote: li...@gabriel-striewe.de wrote: /etc/init.d/hald status * status: stopped using cdrecord on a DVD+RW works fine, but I have this error when I try to burn a DVD-R: OK, could you send the outout from cdrecord -v -minfo with this medium? J?rg $ cdrecord -v -minfo Linux sg driver version: 3.5.34 SCSI buffer size: 32768 No target specified, trying to find one... Using dev=0,1,0. cdrecord: Warning: controller returns wrong page 3 for Ricoh Vendor Page page (30). cdrecord: Warning: Cannot read drive buffer. cdrecord: Warning: The DMA speed test has been skipped. Cdrecord-ProDVD-ProBD-Clone 3.00 (i686-pc-linux-gnu) Copyright (C) 1995-2010 J??rg Schilling TOC Type: 1 = CD-ROM Using libscg version 'schily-0.9'. atapi: 1 Device type: Removable CD-ROM Version: 5 Response Format: 2 Capabilities : Vendor_info: 'SONY' Identifikation : 'DVD RW DW-Q58A ' Revision : 'UFS2' Device seems to be: Generic mmc2 DVD-R/DVD-RW/DVD-RAM. Current: DVD+R Profile: DVD+R/DL Profile: DVD+R (current) Profile: DVD+RW Profile: DVD-RW sequential recording Profile: DVD-RW restricted overwrite Profile: DVD-R sequential recording Profile: DVD-ROM Profile: CD-RW Profile: CD-R Profile: CD-ROM Using generic SCSI-3/mmc-3 DVD+R driver (mmc_dvdplusr). Driver flags : NO-CD DVD MMC-3 SWABAUDIO BURNFREE Supported modes: PACKET SAO Drive buf size : 1602048 = 1564 KB Current Secsize: 2048 book type: DVD+R, Version (10.1) disc size: 120mm (0) maximum rate:Not specified (15) number of layers:1 track path: Parallel Track Path (0) layer type: Rewritable Area (2) linear density: 0.267 ??m/bit (0) track density: 0.74 ??m/track (0) phys start: 196608 (0x3) phys end:2491711 end layer 0: 0 bca: 0 phys size:...2295104 Manufacturer:'RITEK' Media type: 'F16' Category/VersionA1 Disk size 0F Disk structure 02 Recoding density00 Manufacturer: 'RITEK' Media type: 'F16' Product revision1 ADIP numbytes 56 Reference speed 35 Max speed 84 rzone size: 40 rzone number: 1 border number: 1 ljrs: 0 track mode: 7 copy: 0 damage: 0 reserved track: 0 blank: 1 incremental: 0 fp: 0 data mode: 1 lra valid: 0 nwa valid: 1 rzone start:0 next wr addr: 0 free blocks:2295104 blocking factor:16 rzone size: 2295104 last recorded addr: 0 read compat lba:265696 Capacity Blklen/Sparesz. Format-type Type 2295104 2048 0x00 Unformated or Blank Media Mounted media class: DVD Mounted media type: DVD+R Disk Is not erasable data type:standard disk status: empty session status: empty BG format status: none first track: 1 number of sessions: 1 first track in last sess: 1 last track in last sess: 1 Disk Is unrestricted Disk type: DVD, HD-DVD or BD Track Sess Type Start Addr End Addr Size == 1 1 Blank 0 22951032295104 -1 Next writable address: 0 Remaining writable size:2295104 Thanks for your help, Gabriel
Re: [gentoo-user] write failed on dvd with growisofs
On Wed, Aug 11, 2010 at 05:00:45PM +0200, Joerg Schilling wrote: li...@gabriel-striewe.de wrote: On Wed, Aug 11, 2010 at 03:18:57PM +0200, Joerg Schilling wrote: li...@gabriel-striewe.de wrote: /etc/init.d/hald status * status: stopped using cdrecord on a DVD+RW works fine, but I have this error when I try to burn a DVD-R: OK, could you send the outout from cdrecord -v -minfo with this medium? Ritek may not be the best media quality. Did you try Verbatim? J?rg They were from Aldi, however I used also CDR from there, they seem to be manufactured by Plasmon Data Systems (both are labeled Tevion). With those CDR I have usually no problem. I realize however that my DVDRW which work without problems are from Verbatim. So I will try out Verbatim DVD+R and report back to the list how it's going. Thanks for your help Gabriel
Re: [gentoo-user] write failed on dvd with growisofs
li...@gabriel-striewe.de wrote: Ritek may not be the best media quality. Did you try Verbatim? J?rg They were from Aldi, however I used also CDR from there, they seem to be manufactured by Plasmon Data Systems (both are labeled Tevion). With those CDR I have usually no problem. I realize however that my DVDRW which work without problems are from Verbatim. So I will try out Verbatim DVD+R and report back to the list how it's going. Not all drives work well with all media. Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [gentoo-user] Icons at startup of a KDE session
Hello, On Wednesday, 11. August 2010 07:15:13 Stéphane Guedon wrote: i've installed Gentoo and KDE 4.4 on an AMD64 system, configured /etc/conf.d/xdm to start kdm as login server. To be clear - it is not an 64 Bit OS, it is still x86. After login the KDE4 desktop starts up - a little box with at least 5 or 6 icons in it where one after the other icon displays blurred and then comes clear (Disk, Tools, World, ...). This process stops at the fourth icon (after the world icon) which remains blurred. At this stage the PC simply hangs - no ssh, no VT-switch, nothing. So my first question is - what stage the fourth icon stands for. And where to look for the issue. After a reboot to the command line i viewed the logs (/var/log/messages, /var/log/Xorg.0.log) but nothing looks suspicious. The last line in /var/log/messages reads: timestamp hostname kdm: 0:[pid]: pam_unix(kde:session): session opened for ... The user was newly created using useradd -m -g ...). There was no .kde4 directory in his home directory. Usually i add new users also to the plugdev group. As a test i removed the user from this group i got past the plash screen. Now the normal screen came up. So it seems that the problem has something to do with the plugging system. At which places i should throw an eye ? first of all, do you have some disk space in your $HOME ? Yes. There is at least 5 GBytes free. kde won't start until it have some space ... It is starting if the user is not member of the group plugdev. I thought - ok, if not plugdev then use policykit. I enabled this use-flag and re-build everything marked by this flag (emerge -uDN world). But this does not help. I'm back to not being able to log in. :-( regards Petric
Re: [gentoo-user] Icons at startup of a KDE session
Hello, On Wednesday, 11. August 2010 10:59:33 Alex Schuster wrote: Petric Frank writes: All hints are welcome. I had weird effects when I had forgotten to set the sticky bit on /tmp. That is a rather new direction. I never checked this. ls wo...@weird ~ $ ls -ld /tmp drwxrwxrwt 16 root root 4096 11. Aug 10:48 /tmp same here - sticky bit set If this ^ t is missing, do a chmod +t /tmp, and try again. It is there. regards Petric
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice
On 10 Aug 2010, at 20:22, Hazen Valliant-Saunders wrote: ... Good Luck getting people to change them frequently and haveing your techs and it departments meeting complexity and length policy. I'm pretty sure that's a trivial setting for expiration policy and a PAM plugin or option to enforce complexity. Stroller.
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice
On 10 Aug 2010, at 19:50, Alan McKinnon wrote: ... The major threat by analysis on a workstation is stepping away for a leak and forgetting to lock the screen. sudo is adequate protection against this as long as more than 5 minutes have elapsed since the last sudo was run - ... And I seem to recall the 5 minute grace period can be changed or removed in it sudo's settings. There was a big furore about this in the Mac community a couple of years ago, before someone pointed out that sudo existed and was established on Linux, too. Stroller.
[gentoo-user] Re: bluetooth device bd address is 11:11:11:11:11:11
On 08/09/2010 03:10 PM, Xi Shen wrote: hi, i have a usb bluetooth device, after i plug it into the usb slot and ran hciconfig, it shows the bd address is 11:11:11:11:11:11. is it correct? or maybe the driver is not loaded correctly? Some devices use fake adresses like that. Usually because vendor haven't it's own address range.
Re: [gentoo-user] LVM on LUKS
Am 07.08.2010 11:48, schrieb Florian Philipp: Hi list! I'm building a new Gentoo system (notebook) and want to rearrange a few things. I thought it would be good to have the following layout: - boot on a normal partition - root on a normal partition - one big encrypted partition (dmcrypt / LUKS) - on that partition an LVM volume group - on that volume group all stuff not necessary for booting: home, var, tmp, etc. AFAIK, the Gentoo boot process is organized so that LVM gets stated before dmcrypt is started. I would need it vice versa. Is that possible with baselayout-1? Do I need to switch to baselayout-2? Thanks in advance! Florian Philipp Thanks everyone for your suggestions! However, I decided against using them for basically two reasons: 1. I want to keep it simple and safe and there are few things more troublesome than a system which cannot even mount its root. Therefore I keep root on a normal partition while everything with possibly valuable information (tmp, var, home, srv) gets encrypted. opt and usr/local will follow, if necessary. It is also my reason for not using an initrd. 2. I want as few single points of failure as possible on my system. A key file would be such a point. Granted, a single volume with a passphrase is also a SPOF - but one which is less likely to fall prey to an rm -rf *. (Okay, I have a backup, but I would like to avoid using it ;) ) Long story short: In the end, I tried baselayout-2 and it works like a charm. I just configured /etc/conf.d/dmcrypt, added dmcrypt to runlevel sysinit and then (just for good measure, don't think it's necessary) added 'rc_dmcrypt_before=lvm' to /etc/rc.conf. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice
Stroller wrote: On 10 Aug 2010, at 20:22, Hazen Valliant-Saunders wrote: ... Good Luck getting people to change them frequently and haveing your techs and it departments meeting complexity and length policy. I'm pretty sure that's a trivial setting for expiration policy and a PAM plugin or option to enforce complexity. Stroller. Thing about changing passwords to often, the person forgets what the password is. I have a good strong password for my bank and credit card. If I had to change it every month, six months or something, I would set it to something simple so that I could remember what the password is. Then I would write it down to help me remember it as well. Changing the password often can actually lead to other issues. Dale :-) :-)
[gentoo-user] Postgres gem not found by cron job
I feel like I should be able to solve this one, but it started after my last world update so maybe someone else has had a similar problem. We have a ruby script called 'mailshears' on our mail server that cleans up orphaned users and domains every night. The main script, /root/src/mailshears/bin/mailshears includes a class, require 'src/postfixadmin_db' which in turn requires the postgres library from ruby-postgres: require 'postgres' I don't think there's anything fancy going on here. All of the required packages are installed, and the script runs fine when I execute it manually. For example, both of the following work: cd /root/src/mailshears/bin/ ./mailshears cd / export PATH=/sbin:/bin:/usr/sbin:/usr/bin export HOME=/ /root/src/mailshears/bin/mailshears (That last one mimics my crontab.) The problem is, whenever the nightly cron job runs, the 'postgres' library can't be found. I get mailed this every night: /root/src/mailshears/bin/../src/postfixadmin_db.rb:1:in `require': no such file to load -- postgres (LoadError) from /root/src/mailshears/bin/../src/postfixadmin_db.rb:1 from /etc/cron.daily/01mailshears:35:in `require' from /etc/cron.daily/01mailshears:35 The path /etc/cron.daily/01mailshears is simply a symlink to /root/src/mailshears/bin/mailshears, and of course, if I execute that symlink manually, it runs fine. What's different between my root environment and the one in which cron runs (with respect to ruby and its gems)? Where should I start looking?
Re: [gentoo-user] Postgres gem not found by cron job
snip What's different between my root environment and the one in which cron runs (with respect to ruby and its gems)? Where should I start looking? No direct answer, sorry, Michael. You might want to use: /bin/bash -l -x -c /root/src/mailshears/bin/mailshears to at least help debug it.
Re: [gentoo-user] Postgres gem not found by cron job
On 08/11/2010 03:16 PM, Bill Longman wrote: snip What's different between my root environment and the one in which cron runs (with respect to ruby and its gems)? Where should I start looking? No direct answer, sorry, Michael. You might want to use: /bin/bash -l -x -c /root/src/mailshears/bin/mailshears to at least help debug it. Thanks for the tip. The cron environment was missing RUBYOPT=-rauto_gem -- adding it fixed the problem. Dark magic, whatever it does.
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice
On Wednesday 11 August 2010 18:58:02 Stroller wrote: On 10 Aug 2010, at 19:50, Alan McKinnon wrote: ... The major threat by analysis on a workstation is stepping away for a leak and forgetting to lock the screen. sudo is adequate protection against this as long as more than 5 minutes have elapsed since the last sudo was run - ... And I seem to recall the 5 minute grace period can be changed or removed in it sudo's settings. There was a big furore about this in the Mac community a couple of years ago, before someone pointed out that sudo existed and was established on Linux, too. Stroller. And the clueless nutjobs on Ubuntu had exactly the same furore when Warty came out 6 years ago. And every other distro before that. And every other *nix before that right back to when sudo was released for the first time. Every time it's the same. Rant! Rave! Go ballistic about . about I dunno weird stuff about sudo!! Not a friggin brain cell amongst the lot of them. I've developed a savage delight in systematically dismantling people's objections to sudo and showing how clueless they usually are. People who do understand sudo and know it doesn't fit their needs never seem to rant about it :-) -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice
On Wednesday 11 August 2010 20:16:42 Dale wrote: Stroller wrote: On 10 Aug 2010, at 20:22, Hazen Valliant-Saunders wrote: ... Good Luck getting people to change them frequently and haveing your techs and it departments meeting complexity and length policy. I'm pretty sure that's a trivial setting for expiration policy and a PAM plugin or option to enforce complexity. Stroller. Thing about changing passwords to often, the person forgets what the password is. I have a good strong password for my bank and credit card. If I had to change it every month, six months or something, I would set it to something simple so that I could remember what the password is. Then I would write it down to help me remember it as well. Changing the password often can actually lead to other issues. I refuse to implement password expiration policies and have a vast array of literature to back me up when some dimwit damager gets on his expiration high horse. My users pick their own passwords - I present a list of 5 from apg and let them pick one. Accounts do expire if they go unused for 90 days, but not passwords. What put me onto this policy? I found Gartner recommending password expiration. I find the best security possible is always the opposite of what Gartner says. Discovering how the AD admins in the company go about their jobs was the convincing straw :-) -- alan dot mckinnon at gmail dot com
[gentoo-user] python modules
Hi Is there a way to safely install python modules ? Except from portage itself (or do I need an overlay ?) Thanks -- Stéphane Guedon page web : http://www.22decembre.eu/ carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf clé publique gpg : http://www.22decembre.eu/downloads/Stephane-Guedon.asc signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice - AKA passwords
On 08/11/2010 01:30 PM, Alan McKinnon wrote: I refuse to implement password expiration policies and have a vast array of literature to back me up when some dimwit damager gets on his expiration high horse. My users pick their own passwords - I present a list of 5 from apg and let them pick one. Accounts do expire if they go unused for 90 days, but not passwords. What put me onto this policy? I found Gartner recommending password expiration. I find the best security possible is always the opposite of what Gartner says. Discovering how the AD admins in the company go about their jobs was the convincing straw :-) The bigger buggerboo I see is the password complexity [il]logic. There's this vapid requirement of all these different types of characters needed in one's password, yet the thing you really want to enforce is adequate entropy. If my password is an entire sentence, it will not be brute-forced, even if I used just ASCII A-z. There's just too much key space in 4.7^32. At 10^5 attempts per second, you're likely to find the answer in half a billion years. I hope your keyboard still works, let alone exists
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice - AKA passwords
On Thursday 12 August 2010 00:11:12 Bill Longman wrote: On 08/11/2010 01:30 PM, Alan McKinnon wrote: I refuse to implement password expiration policies and have a vast array of literature to back me up when some dimwit damager gets on his expiration high horse. My users pick their own passwords - I present a list of 5 from apg and let them pick one. Accounts do expire if they go unused for 90 days, but not passwords. What put me onto this policy? I found Gartner recommending password expiration. I find the best security possible is always the opposite of what Gartner says. Discovering how the AD admins in the company go about their jobs was the convincing straw :-) The bigger buggerboo I see is the password complexity [il]logic. There's this vapid requirement of all these different types of characters needed in one's password, yet the thing you really want to enforce is adequate entropy. If my password is an entire sentence, it will not be brute-forced, even if I used just ASCII A-z. There's just too much key space in 4.7^32. At 10^5 attempts per second, you're likely to find the answer in half a billion years. I hope your keyboard still works, let alone exists Your reasoning makes sense, until you consider password length limits imposed by machines. Cisco routers authenticating via Tacacs for instance often support nothing more than DES hashing yuck. The hash routines accept up to 10 characters for a password but only use the first 8 to calculate the hash. There are Solaris version nowhere near EOL yet that have similar limits. All this makes my life as a system integrator cum authenticate go-to guy very tricky indeed. Luckily management tends to say Just do what Alan says. It makes him shut up and go away. :-) p.s. dig the use of vapid. Wonderful word, truly splendid. Communicates in 5 letters something that takes paragraphs any other way. I shall make a note for future use. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] python modules
On Wed, Aug 11, 2010 at 1:40 PM, Stéphane Guedon steph...@22decembre.euwrote: Hi Is there a way to safely install python modules ? Except from portage itself (or do I need an overlay ?) Thanks -- The ones in portage are best (that is, most likely to work and keep working). You can use an overlay for ones you cannot otherwise find, but then all maintenance is yours to do. -- Kevin O'Gorman, PhD
[gentoo-user] DVD borked: SysFS removed
Baseline- I'm lazy and not very smart: So my console output upon booting berated me about continuing to use sysfs. OK. So I removed it and built a new kernel (AMD 64). Everything works but the DVD. Ok, so I need a udev rule to fix it? Googling has produced lots of antiquated info; nothing useful. Can somebody point me to a document, preferable one with an easy example to follow to get a variety of different DVD (reader writers) working again, Sata, ata, atapi, ide.. as this is now broken on all of my 2.6.34-r1 gentoo (systems) kernels I have.. I found this: http://reactivated.net/writing_udev_rules.html#example-cdrom but I do not have 'udevinfo' or 'udevtest' on the system. I did find this: /usr/portage/app-emulation/xen-tools/files/xen-tools-3.4.0-udevinfo.patch Seems like it out to be trivial to write a udev rule for these drives: Probing IDE interface ide0... hda: _NEC DVD_RW ND-3550A, ATAPI CD/DVD-ROM drive or ata3.00: ATAPI:scsi 2:0:0:0: CD-ROMPLEXTOR DVDR PX-755A 1.04 PQ: 0 ANSI: 5 PLEXTOR DVDR PX-755A, 1.04, max UDMA/66 TIA, James
[gentoo-user] root in LVM with ext4 as mount ext2
Hi all, I transfer data to a new harddisk ,and use LVM . when it boots up ,the root is mounted as ext2 ,the real filesystem is ext4 ,how should I do ? here is /etc/fstab /dev/sda5 /boot ext3noatime 0 1 /dev/mapper/sysvg-root / ext4 noatime 0 1 /dev/mapper/sysvg-usr /usrext4 noatime 0 1 /dev/mapper/sysvg-home /home ext4 noatime 0 1 /dev/mapper/sysvg-var /varext4 noatime 0 1 /dev/sda6 noneswapsw 0 0 /dev/cdrom /mnt/cdrom autousers,noauto,ro 0 0 /dev/sda2 /mnt/cpan ntfs-3g users 0 0 /dev/sda3 /mnt/dpan ntfs-3g users 0 0 #/dev/sda6 /mnt/epan ntfs-3g users 0 0 #/dev/sda1 /mnt/vbox ntfs-3g users,exec 0 0 #/dev/fd0 /mnt/floppy autonoauto 0 0 # glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for # POSIX shared memory (shm_open, shm_unlink). # (tmpfs is a dynamically expandable/shrinkable ramdisk, and will # use almost no memory if not populated with files) shm /dev/shmtmpfs nodev,nosuid,noexec 0 0 proc/proc proc defaults0 0 and menu.lst the initramfs I use genkernel title Gentoo Linux 2.6.34-r1 LVM root (hd0,4) kernel /boot/kernel-2.6.34-gentoo-r1 dolvm root=/dev/ram0 real_root=/dev/sysvg/root rootfstype=ext4 init=/linuxrc splash=silent,theme:emergence console=tty quiet initrd /boot/initramfs-genkernel-x86_64-2.6.34-gentoo-r1
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice - AKA passwords
On Wed, Aug 11, 2010 at 4:09 PM, Alan McKinnon alan.mckin...@gmail.comwrote: On Thursday 12 August 2010 00:11:12 Bill Longman wrote: On 08/11/2010 01:30 PM, Alan McKinnon wrote: I refuse to implement password expiration policies and have a vast array of literature to back me up when some dimwit damager gets on his expiration high horse. My users pick their own passwords - I present a list of 5 from apg and let them pick one. Accounts do expire if they go unused for 90 days, but not passwords. What put me onto this policy? I found Gartner recommending password expiration. I find the best security possible is always the opposite of what Gartner says. Discovering how the AD admins in the company go about their jobs was the convincing straw :-) The bigger buggerboo I see is the password complexity [il]logic. There's this vapid requirement of all these different types of characters needed in one's password, yet the thing you really want to enforce is adequate entropy. If my password is an entire sentence, it will not be brute-forced, even if I used just ASCII A-z. There's just too much key space in 4.7^32. At 10^5 attempts per second, you're likely to find the answer in half a billion years. I hope your keyboard still works, let alone exists Your reasoning makes sense, until you consider password length limits imposed by machines. Cisco routers authenticating via Tacacs for instance often support nothing more than DES hashing yuck. The hash routines accept up to 10 characters for a password but only use the first 8 to calculate the hash. There are Solaris version nowhere near EOL yet that have similar limits. All this makes my life as a system integrator cum authenticate go-to guy very tricky indeed. Luckily management tends to say Just do what Alan says. It makes him shut up and go away. :-) p.s. dig the use of vapid. Wonderful word, truly splendid. Communicates in 5 letters something that takes paragraphs any other way. I shall make a note for future use. -- alan dot mckinnon at gmail dot com Absolutely. If you do not change your ENCRYPT_METHOD or your PASS_MAX_LEN in your login.defs file and are still relying on the back end's ability to safely store your passwords in DES format, well, you're in trouble.
