pops up, the first thing I do is wait
and wonder why it's asking for it. As all the systems are already
added to the list.
Such a pop-up would be a very likely indication of a problem.
--
Grant. . . .
unix || die
rberos, mostly for the SSO abilities,
but haven't found a simple to follow howto yet which can be easily
adjusted so it can be added to an existing environment.
ACK
--
Grant. . . .
unix || die
t
the target host's certificate is signed by the trusted SSH CA and not
prompt for the typical Trust On First Use (TOFU) scenario. Thus you can
actually leverage the target host SSH fingerprint and not need to ignore
that security aspect like so many people do.
Added to my research-lis
need to know
/their/ password. Meaning that there was no need for multiple people to
know the shared target user's password like su does.
If I was in a different environment, I'd consider Kerberized versions of
su as an alternative.
--
Grant. . . .
unix || die
by a colon to indicate an explicit time interval.
Maybe there's something else, but it seems like the validity period is
for SSH /certificates/ and not SSH /keys/.
--
Grant. . . .
unix || die
On 2022-07-15, Mark Knecht wrote:
> On Fri, Jul 15, 2022 at 12:28 PM Grant Edwards
> wrote:
>>
>> It looks like www-client/google-chrome just added wayland and jack
>> audio to the dependancies. So now I have to have Pulse _and_ Jack?
> Is that truly a Chrome re
sed to think that someday Linux sound support would get
straightened out, but it just keeps getting worse...
--
Grant
be used? Or is it
the number of days / date range that they can be used?
--
Grant. . . .
unix || die
It looks like www-client/google-chrome just added wayland and jack
audio to the dependancies. So now I have to have Pulse _and_ Jack?
--
Grant
failing and try to control the likely ways that it can fail.
Paying yourself forward with time and effort developing (expect) scripts
will mean that you reap the rewards for years to come.
--
Grant. . . .
unix || die
Indeed it is, and now you've found a way to do what you want with
passwords, all is well.
However, I will look at scripting regular replacements for SSH keys,
for my own peace of mind.
/me loudly says "SSH /certificates/" from the top atop a pile of old
servers in the server room.
g passwords for servers and storing them in a password vault
is easier to automate.
I disagree.
Using passwords tends to negate things like authenticating to sudo with
SSH keys / certificates, thus prompting the use of NOPASSWD:.
--
Grant. . . .
unix || die
why I use passwords. (passwords are long random strings that
are changed regularly)
Fair enough. I only counter with take a few minutes to research SSH
/certificates/ and see if they are of any interest to you.
--
Grant. . . .
unix || die
hen possible, in order to make sure that someone
doesn't put a Trojanized version earlier in the path. }:-)
--
Grant. . . .
unix || die
On 7/14/22 1:08 PM, Neil Bothwick wrote:
I was accepting your point, one I hadn't considered.
Ah. Okay. :-/ Here I was hoping to learn something new from you. ;-)
Still a good discussion none the less. :-)
--
Grant. . . .
unix || die
/ be forgotten.
--
Grant. . . .
unix || die
get a copy of someone's
private SSH key file, especially if they are somewhat lax about it's
security believing that the passphrase will protect it.
--
Grant. . . .
unix || die
germane to this larger discussion.
--
Grant. . . .
unix || die
ate authenticating to sudo via (forwarded) SSH keys. This means
that your interactions with sudo are /always/ authenticated *and* done
so without requiring an interactive prompt.
Thanks in advance,
There's more than a little bit here. There are a number of ways that
this could go.
--
Grant. . . .
unix || die
On 2022-07-05, Jack wrote:
> On 2022.07.05 12:24, Grant Edwards wrote:
>> On 2022-07-05, William Kenworthy wrote:
>> It would be nice if the news item explained how to let the upgrade
>> procede while holding back a few packages.
>>
>> Can you set 3_9 and 3_1
olding back a few packages.
Can you set 3_9 and 3_10 globally, and then disable 3_10 for a few
individual packages that can't be built with 3_10?
--
Grant
On 2022-06-30, Walter Dnes wrote:
> On Wed, Jun 29, 2022 at 10:26:55PM -0000, Grant Edwards wrote
>>
>> AFAIK, you've got two choices.
>>
>> 1. Use an "app password"
>>
>> https://support.google.com/accounts/answer/185833
>>
>
don't support OAUTH 2.0 (or if they do, it's via a complex
plugin/helper scheme). For mutt I looked into OAUTH, and it can be
done with some external helper applications. Creating an app password
for mutt to use with IMAP was much easier.
--
Grant
On 2022-06-20, Grant Edwards wrote:
> At the end of an update today, I got an error message from
>
> sys-apps/dbus-1.12.22-r2:
>
> * CONFIG_EPOLL: is not set when it should be.
>Please check to make sure these options are set correctly. Failure
>to do so may caus
an "experts only"
parent menu that warns
This is for specialized environments which can tolerate a
"non-standard" kernel. Only use this if you really know what you
are doing.
Is this new requirement for CONFIG_EPOLL legit?
--
Grant
ut I always forgot something.
--
Grant
On 2022-06-06, Grant Edwards wrote:
> On 2022-06-06, Grant Edwards wrote:
>> Can anybody recommend a good replacement for RabbitVCS? I've been
>> using it for ages to browse repos (mainly SVN), but it seems to have
>> died off. It's no longer in the package database nor
On 2022-06-06, Grant Edwards wrote:
> Can anybody recommend a good replacement for RabbitVCS? I've been
> using it for ages to browse repos (mainly SVN), but it seems to have
> died off. It's no longer in the package database nor in PyPi. The
> last update in the developer blog is
Can anybody recommend a good replacement for RabbitVCS? I've been
using it for ages to browse repos (mainly SVN), but it seems to have
died off. It's no longer in the package database nor in PyPi. The
last update in the developer blog is 2-1/2 years old.
What are the alternatives?
--
Grant
of
this feature.
--
Grant. . . .
unix || die
.
--
Grant. . . .
unix || die
On 2022-05-12, Mansour Al Akeel wrote:
> Thank you for your response. The idea of "getting harder and harder"
> is hard to accept. Gentoo has always been about having choices.
It is. You can choose to avoid Rust if you want.
> Firefox requires rust, but is there a way to disable this?
No.
>
with submit.cf / submit.mc.
Would you be willing to share your sendmail.mc and submit.mc files?
Feel free to "REDACT" things as necessary. (Please make sure it's easy
to tell what is redacted.)
--
Grant. . . .
unix || die
odd.
> Or perhaps it's the speakers and their amplifiers.
IMO, that's the logical conclusion.
I've never had the audio chip on any computer fail -- ever. Nor have I
ever had a USB audio adapter fail (though I've only used a couple of
them over the years).
--
Grant
check an old backup and see if I have one for my sendmail.mc and
get back.
ACK
--
Grant. . . .
unix || die
. Can
you do that with your sendmail.cf or sendmail.mc file?
There's also a chance that it's your submit.cf or submit.mc file since
we're talking about the MSA on port 587. (Unless you aren't using the
separate MSA which has been standard for 15+ years.)
--
Grant. . . .
unix || die
running?
Did your (START)TLS certificate expire? Contemporary clients may
silently refuse to use expired certs.
Thanks.
You're welcome.
Feel free to poke things and respond with more questions / details /
errors / etc.
--
Grant. . . .
unix || die
On 2022-05-01, John Covici wrote:
> These configurations are in /etc/modprobe.d/alsa.conf as to which is
> the default sound card and its parameters.
I believe that file is only used if alsa is a module. I've never
configured alsa as a module.
> The name might not be alsa.conf, but you would
On 2022-05-01, Grant Edwards wrote:
>
>> The usual fallback is wiki.archlinux.org, but its instructions to
>> place the following in /etc/asound.conf or ~/.asoundrc doesn't work:
>>
>> defaults.pcm.card 1
>> defaults.ctl.card 1
>
> wiki.gentoo.or
On 2022-05-01, Grant Edwards wrote:
> On Gentoo, with OpenRC, how do you configure the default board/device
> for ALSA?
>
> I've asked Google, and all the links it comes up with are for sites
> that are broken because of PHP or database failures (e.g. wiki.gentoo.org
> and
the wiki.archlinux.org advice to set ALSA_CARD to the card
name shown by aplay -l also doesn't work.
How do you set the devault card/device for ALSA on Gentoo?
--
Grant
On 2022-04-27, Rich Freeman wrote:
> On Wed, Apr 27, 2022 at 10:22 AM Grant Edwards
> wrote:
>>
>> Is there any advantage (either to me or the Gentoo community) to
>> continue to use rsync and the rsync pool instead of switching the
>> rest of my machines to git?
different mirrors and hard-wiring one in my config file because
the one I (or the pool) had chosen had fallen back to using a Bell-212
modem for its internet connection. Sync operations often used to take
many minutes and would sometimes just hang.
--
Grant
r a rebuild for little
> benefit. Again, expect ~24h.
Yea, building LLVM is brutal, and pretty much unavoidable these days.
--
Grant
of pretending to be the destination
or another known / easily identifiable lie.
Mail servers that send server to server traffic actually SHOULD use
proper names that validate. Clients shouldn't need to adhere to as high
a standard. I consider nullmailer to be a client in this case.
--
Grant
On 3/31/22 10:17 AM, Grant Taylor wrote:
I do know that the DHCP protocol supports adding additional options /
definitions / parameters (?term?) to specify ... static routes.
In case others are interested in this, a few pointers about using it.
ISC's DHCP server has two options
use the C.I.R. when there are reasons that more proper
routing can't be configured. The C.I.R. is an abstraction layer that
allows either side to operate almost completely independently of each
other, save for IP conflicts between each directly attached LAN.
--
Grant. . . .
unix || die
. Next time I probably won't be so lucky.
--
Grant
On 2022-03-22, Grant Taylor wrote:
> On 3/22/22 10:41 AM, Grant Edwards wrote:
>> How does one run "modern" X11 apps remotely?
>
> Xvnc
>
> As in run an Xvnc server as an X11 server / display. Point your
> programs at that display / server. Then have a VNC cl
Some clarifications.
On 3/22/22 1:28 PM, Grant Taylor wrote:
Xvnc
I have looked at NoMachine (a.k.a. NX) in the past. But I've not tried
it myself because my work client machine has a VNC client built in and
doesn't have an NX client.
As in run an Xvnc server as an X11 server / display
On 3/22/22 10:41 AM, Grant Edwards wrote:
How does one run "modern" X11 apps remotely?
Xvnc
As in run an Xvnc server as an X11 server / display. Point your
programs at that display / server. Then have a VNC client connect to
said VNC server.
Using ssh -X or ssh -Y works fine
On 2022-03-22, Grant Edwards wrote:
> How does one run "modern" X11 apps remotely?
> [...]
> I do not want a "remote desktop". I just want to run a single
> application on a remote machine and have its window show up locally.
It looks like xpra will do what I wa
On 2022-03-22, Laurence Perkins wrote:
>>Even something "lightweight" like atril is so slow it's barely usable.
>>
>>I do not want a "remote desktop". I just want to run a single
>>application on a remote machine and have its window show up locally.
>>
>>Back in the day, I used to run X11 apps
till
actually usable...
X11 transparent network support was its killer feature, but for all
practical purpopses, that feature seems to have been killed.
--
Grant
problem.
I'm fairly certain that they offer Gentoo as an option when creating the
VPS. It's been too long and I've messed with too many things since then.
--
Grant. . . .
unix || die
On 2022-03-15, Grant Edwards wrote:
>> I bit the bullet, let it depclean and rebooted.
>
> I'll give that a go the next time I'm in the office (which is where
> the machine in question lives).
It _almost_ "just worked". The names of the displays changed, so I had
t
On 2022-03-15, Neil Bothwick wrote:
> If X doesn't come up, simply re-emerge xf86-video-intel. That won't take
> long because you will obviously have quickpkg'd it before depcleaning...
You would think so. And you would think that would fix it.
--
Grant
On 2022-03-14, Neil Bothwick wrote:
> On Mon, 14 Mar 2022 17:07:54 - (UTC), Grant Edwards wrote:
>
>> I was a bit startled thos morning when emerge --depclean wanted to
>> remove xf86-video-intel. I presume this is a result of the switch to
>> the "
compatible controller: Intel Corporation IvyBridge GT2 [HD
Graphics 4000] (rev 09)
And the only card-selection configuration I've done was to set
VIDEO_CARDS="intel" in make.conf.
--
Grant
On 2022-03-12, Nikos Chantziaras wrote:
> On 12/03/2022 18:03, Grant Edwards wrote:
>> On 2022-03-12, Nikos Chantziaras wrote:
>>> On 12/03/2022 10:43, Dale wrote:
>>>> https://bugs.gentoo.org/767700
>>>>
>>>> Is that the one? It mention
t?
>
> No. Unlike GCC, LLVM/Clang is always a cross-compiler.
You can't use LLVM/Clang to compile for the host on which it's
running?
--
Grant
;
protection for clobbering existing files where you likely meant to
append ">>" to them.
But I am ignorant as to how this is a /systemd/ thing.
--
Grant. . . .
unix || die
parameters as paths, independent of the HTTP daemon.
Aside: +1 to everything that Stefan S. said.
--
Grant. . . .
unix || die
On 2022-02-22, Felix Kuperjans wrote:
> you could use gzip to tell you the compressed size of the file and then
> use another method to copy just those bytes (dd for example):
>
> gzip -clt
> Should print the compressed size in bytes, although by reading through
> the entire stream once.
On 2022-02-22, Rich Freeman wrote:
> On Mon, Feb 21, 2022 at 8:29 PM Grant Edwards
> wrote:
>>
>> But I was trying to figure out a way to do it without uncompressing
>> and recompressing the data. I had hoped that the gzip header would
>> contain a "length&quo
way to find the end of the
compressed data is to parse it using the proper algorithm (deflate, in
this case).
--
Grant
t;countersunk". I think the former is the more common name for what
you're looking for. There are several different types of countersunk
heads, and flathead is the one you want.
--
Grant
this.
It's an inexpensive plastic one from a local hardware store, but it gets
the job done. (I'm only going to one decimal place on mm measurements.)
--
Grant. . . .
unix || die
On 2022-02-04, Arve Barsnes wrote:
> On Fri, 4 Feb 2022 at 22:49, Grant Edwards wrote:
>>
>> I've got two "slots" of java currently installed (8 and 11).
>> [...]
>> How does one manually invoke non-selected version(s) of java?
>> [...]
>
> I d
gcc-X.Y.Z to invoke the non-selected version.
What's the equivalent for java?
--
Grant
On 2022-01-21, Grant Edwards wrote:
> [...]
>
> This appears to be triggered by a rule in
>
>/lib/udev/rules.d/69-libmtp.rules
>
> which is owned by media-libs/libmtp
>
> Why does that library think it should be probing every USB device I
> [...]
Oh, and tell
s that library think it should be probing every USB device I
plug in? Is that automatic probing required for libmtp and mtpfs to
work?
I do _not_ want anything to happen "automagically" when I plug in a
USB mtp device. I know if a device is an MTP device, and if I want it
mounted, I'll mount it manually.
--
Grant
Let's make sure that all the bases are
covered.
About Caddy, I do not want to install another server and deal with
another config.
I can fully understand and appreciate that.
Thanks!
You're welcome.
--
Grant. . . .
unix || die
Apache
and rebranded by IBM / Oracle) web server in production on multiple
platforms for each and every year for the last two decades. I've
personally run Apache in production for that entire time.
--
Grant. . . .
unix || die
something to unify the .local name in the mDNS
and uDNS name spaces. This can be done via a gateway that speaks both
protocols. E.g. listens for mDNS queries as well as being an
authoritative uDNS server for the .local domain / TLD.
It's not /simple/ but nor is it /impossible/.
--
Grant
considered pretty old and clunky,
but it is much easier than apache still).
Why start the email asking why something old is used and then finish the
email suggesting the possibility of using something else old?
--
Grant. . . .
unix || die
your friend.
Thanks.
You're welcome.
--
Grant. . . .
unix || die
for more than two decades. It's been my
primary desktop for almost all of that time too.
--
Grant. . . .
unix || die
quot; comes to mind.
-- Make yourself happy.
--
Grant. . . .
unix || die
to query external resources on behalf of the LAN
clients.
If someone knows a guide to help, I'll be glad to know.
Please reply if any of my assumptions are wrong or if you have other
questions.
Thanks.
You're welcome.
--
Grant. . . .
unix || die
On 2022-01-14, Michael wrote:
> On Friday, 14 January 2022 16:53:06 GMT Grant Edwards wrote:
>> On 2022-01-14, Grant Edwards wrote:
>> > urxvt has suddenly started prompting for confimation when pasting text
>> > by clicking the middle mouse button. This is excruciati
On 2022-01-14, Grant Edwards wrote:
> urxvt has suddenly started prompting for confimation when pasting text
> by clicking the middle mouse button. This is excruciatingly
> annoying. I don't see any relevent X resources when I do 'urxvt
> -help'. Does anybody know how to disable t
urxvt has suddenly started prompting for confimation when pasting text
by clicking the middle mouse button. This is excruciatingly
annoying. I don't see any relevent X resources when I do 'urxvt
-help'. Does anybody know how to disable this horrible new "feature"?
--
Grant
On 2022-01-12, Neil Bothwick wrote:
> On Wed, 12 Jan 2022 16:25:29 - (UTC), Grant Edwards wrote:
>
>> > If it was installed through portage, there would have been an ebuild
>> > for it, in /var/db/pkg.
>>
>> Yes, correct past tense. There was at some
On 2022-01-12, Neil Bothwick wrote:
> On Wed, 12 Jan 2022 14:53:06 - (UTC), Grant Edwards wrote:
>
>> Then it must have been ipkg-utils itself that required the older
>> python_exec, but there was no ebuild present for it.
>
> If it was installed through portag
On 2022-01-12, Arve Barsnes wrote:
> On Wed, 12 Jan 2022 at 01:44, Grant Edwards wrote:
>> Still not sure what command one uses to determine what package is
>> preventing some other package from being upgraded...
>
> It should all be in the emerge output, although it
depclean then removed python2.7, and then emerge -auvND
happily upgraded python-exec to 2.4.8.
Still not sure what command one uses to determine what package is
preventing some other package from being upgraded...
--
Grant
It seems that every time a new Python version is unmasks, it breaks
something on one or another of my machines.
This time it's a python-exec version conflict that prevents emerge
-u. FAICT, Python 3.10 requires python-exec 2.4.8, and some other
package requires 2.4.6.
I've fixed things
VMM (virt-manager).
The 2nd NIC means that you don't end up with a chicken & egg problem
trying to administer a network interface across the network, which is
how I do much of my work. Re-configuring things through the console
also simplifies things in this regard.
--
Grant. . . .
unix || die
has been running perfectly fine for many years.
--
Grant. . . .
unix || die
h tells me (Control)-(Alt)-(F#)
which means that any given virtual console should be able to see the new
groups if it logs out and logs back in, even if others stay logged in.
--
Grant. . . .
unix || die
that you've been added to which hasn't
been loaded (?) instantiated (?) ... in the current session.
--
Grant. . . .
unix || die
oups.
--
Grant. . . .
unix || die
is running:
# rc-service libvirtd status
Also:
# rc-update add libvirtd default
You may need to add your user account to -- what I think is -- the "kvm"
group. (Don't forget the usual dance when adding yourself to a new group.)
--
Grant. . . .
unix || die
you're doing.
I had some problems deleting mail with "net-mail/mailutils" program.
*nod*
--
Grant. . . .
unix || die
On 12/31/21 3:58 PM, the...@sys-concept.com wrote:
How do you configure "~/.forward"?
echo "u...@example.net" > ~/.forward
That will cause most MTAs to forward message for your local user to the
u...@example.net email address.
--
Grant. . . .
unix || die
of need is why I have ~/.forward files on most systems so that
email to my local account is forwarded to (one of) my primary email
accounts that Thunderbird does check.
--
Grant. . . .
unix || die
the number of variables that you're working with at
one time.
--
Grant. . . .
unix || die
onfig file
(~/.ssh/config or /etc/ssh/ssh_config). Using the config file means
that anything that uses OpenSSH commands benefits from and inherits the
configuration parameters; rsync, git, what have you.
--
Grant. . . .
unix || die
On 2021-12-21, Wols Lists wrote:
> Oh - and as for using the command line, it's all very well until you
> try and figure out where to tell the command line to cut the video
> file - I really don't want to have to run the command line hundreds
> of times, checking the output every time, and
201 - 300 of 5173 matches
Mail list logo
