On 2020-08-27, Grant Edwards wrote:
> How do you determine the cause of a downgrade?
>
> Today I did "emerge --sync" and "emerge -auvNDt world" with (I think)
> no configuration changes since the last update a couple days ago, and
> now emerge wants to downgrad
" 0 KiB
Total: 5 packages (1 upgrade, 1 downgrade, 3 reinstalls), Size of downloads:
31,175 KiB
AFAICT both 1.20.9 and 1.20.8-r1 are stable on amd4 (the only
difference between the two .ebuild files are the keywords for hppa and
ppc). I can't find any ebuilds that appear to depend on the
downgraded version.
--
Grant
erability.
3. trying new protocols is fine. and is also fine to have
sub-communities that use different messaging protocols if they find
it more fitting.
Sure.
We already have that today.
e.g. i'll probably end up using smtp/imap for talking to people
in general, and use hillarymail [1] for talking to a closer nerdy
community.
To each their own.
--
Grant. . . .
unix || die
ing. Perhaps you have been lucky in
that your user base doesn't need forwarding. But that is perfectly fine
and perfectly legitimate use case.
--
Grant. . . .
unix || die
> You can, however, work around this in a rather unusual way via
> ip/nftables and DNAT.
Thanks, I should have known that was a problem that could be solved
with netfilter. After all, netfilter is apparently turning-complete:
http://sgros.blogspot.com/2011/09/implementing-turing-machine-using.html
--
Grant
it to listen on 127.0.0.1 and on whatever IP addresses are
assigned to two specified interfaces.
--
Grant
hnical brethren harshly for their decisions.
--
Grant. . . .
unix || die
On 8/18/20 6:44 PM, Grant Taylor wrote:
I will have to collect a list and get back to you.
Here are part of some crude notes that I created for myself to use to
build a Gentoo mail server about three years ago. This is the email
specific parts. The rest were for other non-email aspects
On 8/26/20 3:33 PM, Grant Taylor wrote:
I would suggest using any reference to Hillary Clinton.
Typo: I would suggest *NOT* using any reference to Hillary Clinton.
--
Grant. . . .
unix || die
se to
completely independently create their own implementation and it must be
interoperable with yours. Anything less and you'll never achieve
anything but an informational RFC status. And you will need a standards
track RFC status to get the big players to even think about entertaining
the notion of this.
--
Grant. . . .
unix || die
so basically total expected number of protocols/layers used in the
universe, per second, will be much less if we, on planet earth,
use a mail system that uses HTTP* instead of RESXCH_*.
I obviously disagree.
--
Grant. . . .
unix || die
SEC Mastery by Michael W. Lucas. That $20 (?)
book and moderate amounts of motivation is all anybody that wants to
implement DNSSEC /needs/.
2. A great hypothetical solution for the 0.002% of email users who
own a domain name, like you and me.
DNSSEC can be used for FAR more than just email domains.
--
Grant. . . .
unix || die
.
As Ashley explained, some MTAs trust the kernel. I've heard of others
issuing a sync after the write. But that is up to each MTA's
developers. They have all taken reasonable steps to ensure the safety
of email. Some have taken more-than-reasonable steps.
--
Grant. . . .
unix || die
and libraries from another computer.
That took some trial-and-error, but I eventually got to the point
where I could do an "emerge python".
--
Grant
ndeed -- I've done that. It's not fun. You certainly won't do it a
second time.
--
Grant
to unwrap the onion to
be able to validate the signature. But to do that you need to know what
the server(s) downstream of the signature being validated did to the
message.
Some of this is a one way trap door without any indication of what each
trap door did to the message.
--
Grant. . . .
unix || die
s.
A relay is the same thing for email that a router is for a network.
--
Grant. . . .
unix || die
to augment the existing SMTP infrastructure to make it better.
We do not /need/ to do a wholesale replacement and incur all the
complications ~> technical debt that goes along with such a replacement.
--
Grant. . . .
unix || die
e. These
types of changes are even more difficult to detect and unroll as part of
signature validation.
this way we can have group-level rules.
I'm not quite sure what you mean by group-level rules in this context.
--
Grant. . . .
unix || die
end-to-end connectivity is
almost unmatched. UUCP and NNTP are there with it.
--
Grant. . . .
unix || die
For several decades, I was a loyal AMD customer. But the last time I
upgraded my home desktop (2013), AMD just didn't seem to have anything
that could complete with the Core-i3/5 CPUs with integrated graphics.
The Intel HD-2500 GPU was plenty fast enough for everything I did back
then, so I went
to start
with for personal email.
I'd like to build out Grant(Taylor) and Ashley's solution for further
learning and testing, on Rpi4 based gentoo systems. robust security and
reasonable straightforward (gentoo) admin, is my goal.
Sorry to be pedantic, but please list out what you mean
the things that it provides.
--
Grant. . . .
unix || die
l(fire)ball gets just enough traction
that people scratch the surface to look at it. That is if it doesn't
happen as part of getting enough people Interested. Or even your own
""API that you are graciously providing.
--
Grant. . . .
unix || die
as a vector to send spam. — Joe Job comes to mind.
--
Grant. . . .
unix || die
) reputation to be
associated with.
Think "some random person said" vs "Caveman said". Which will mean more
in the circles you travel in?
--
Grant. . . .
unix || die
from
your ISP-provided e-mail address.
--
Grant
der many definitions of
dedicated.
Carte blanch redirecting / intercepting SMTP traffic through one of
their hosts is also possible.
Your local / residential ISP can't do anything if you tunnel your
outbound SMTP through an encrypted connection to a VPS. But that
re-introduces other complications o
r even detrimental
in another configuration.
There are many recopies to get started.
You really need to start somewhere, learn as you go, and make your own
choices.
--
Grant. . . .
unix || die
; S/MIME, PGP, etc. help in this regard.
--
Grant. . . .
unix || die
) additional daemons
to run simple services or virtual routers (network namespaces)?
I don't like many of the implications which, as I understand it, Docker
imposes.
Conversely I can do what I want with a few relatively simple (to me)
commands directly in init scripts.
--
Grant. . . .
unix
twork / mount / UTS namespaces, containers, to
be extremely lightweight and easy to do things in. I've created some
wrapper scripts to make it trivial to add / list / remove such
containers; mknns, lsnns, rmnns.
--
Grant. . . .
unix || die
On 8/13/20 4:03 PM, Grant Edwards wrote:
I'm not sure what "go out of your way" means in this context. I assume
I'd create a network namespace for Plex, and then use either macvlan
or ipvlan to share one of the physical interaces between the root
namespace and the Plex namespace.
On 2020-08-15, Sid Spry wrote:
> On Fri, Aug 14, 2020, at 5:06 PM, Grant Edwards wrote:
>> [...]
>>
>> > iptables -A OUTPUT -o -m owner --uid-owner plex -j DROP
>>
>> I can confirm, that did indeed work as desired.
>>
>> Even with the kernel
service at
all and the examples all use "/etc/init.d/ ".
[That's what I tend to use because it allows tab-completion.]
--
Grant
runlevel is used instead.
Is there some significance to these differences?
--
Grant
On 2020-08-14, Grant Edwards wrote:
> I think this should work, but I need to rebuild my kernel with the
> iptables "owner" extension enabled:
>
> iptables -A OUTPUT -o -m owner --uid-owner plex -j DROP
I can confirm, that did indeed work as desired.
Even with the ker
n that interface.
I think this should work, but I need to rebuild my kernel with the
iptables "owner" extension enabled:
iptables -A OUTPUT -o -m owner --uid-owner plex -j DROP
I was just about to start experimenting with ipvlan and network
namespaces, but an iptables rule triggering on uid looks much much
easier.
--
Grant
you're right (as far as I know). You might wish to see if Plex has a
> premade container built. I typically don't like them, but it will save you
> a fair bit of work if it exists.
They do offer a docker download. I've never done anything with docker
containers before, but maybe it's time to learn.
--
Grant
On 2020-08-13, Sid Spry wrote:
> On Thu, Aug 13, 2020, at 4:33 PM, Grant Edwards wrote:
>> How does one hide a network interface from a badly-written application?
>>
>> I'm using Plex Media Server as a DVR, it it seems to have been written
>> by Windows programmers wh
and broadcast packets on all network interfaces
regardless of which interface you configure it to use.
Is creating a network namespace that contains only the interfaces Plex
is allowed to use the best way to try to fix this problem? [Assuming
the developers won't do anything about it.]
--
Grant
and moves on with life.
RAW /speed/ is more important in these types of limited use cases.
As such, the journal is actually a disadvantage /because/ it slows
things down somewhat.
--
Grant. . . .
unix || die
.
--
Grant. . . .
unix || die
ext2 for something like a news spool where performance is
more important and the data is somewhat ephemeral. Likewise for a
caching proxy spool.
--
Grant. . . .
unix || die
-lib.
--
Grant. . . .
unix || die
On 2020-08-10, Grant Edwards wrote:
> On 2020-08-10, Grant Edwards wrote:
>
>>> Much of it appears to be texlive, which is now apparently required
>>> by the 'atril' pdf viewer. [...]
>>
>> That's the result of a questionable decision by Atril m
On 2020-08-10, Grant Edwards wrote:
>
>> Much of it appears to be texlive, which is now apparently required by
>> the 'atril' pdf viewer. [...]
>
> That's the result of a questionable decision by Atril maintainers.
> It's since been fixed, and the 'synctex' feature wh
On 2020-08-10, Grant Edwards wrote:
> [ usual whining ]
> Forty-nine new packages?!
>
> Much of it appears to be texlive, which is now apparently required by
> the 'atril' pdf viewer. Why does it suddenly require texlive?
> There's a 'dvi' use flag which understandably would
On 2020-08-10, Grant Edwards wrote:
> Much of it appears to be texlive, which is now apparently required by
> the 'atril' pdf viewer. Why does it suddenly require texlive?
> There's a 'dvi' use flag which understandably would require tex stuff,
> but that flag is not set.
Can some
of package-bloat is getting out
of hand?
--
Grant
on an email server is going to be problematic.
I'm focusing on email servers because that's what this thread had
largely been about.
--
Grant. . . .
unix || die
are
exactly that mom-n-pop setup that are run by a bunch of engineers, as
opposed to accountants.
:-)
--
Grant. . . .
unix || die
On 8/1/20 5:36 PM, Grant Edwards wrote:
Statically entered in the DHCP server doesn't count as static?
Not to the client computer that's running the DHCP client.
The computer is still configured to use a dynamic method to acquire it's
IP address.
--
Grant. . . .
unix || die
On 2020-08-01, Grant Taylor wrote:
> Static IP address has some very specific meaning when it comes to
> configuring TCP/IP stacks. Specifically that you enter the address to
> be used, and it doesn't change until someone changes it in the
> configuration.
Right. That's what I
On 7/31/20 2:01 PM, Grant Edwards wrote:
There may be half way decent ISPs in the US, but I haven't seen one
in over 20 years since the last one I was aware of stopped dealing
with residential customers. They were a victem of the "race to the
bottom" when not enough residential cust
On 7/31/20 2:05 PM, Grant Edwards wrote:
Nit: DHCPv6 can be (and usually is) dynamic, but it doesn't have to
be. It's entirely possible to have a static IP address that your OS
(or firewall/router) acquires via DHCPv6 (or v4). [I set up stuff
like that all the time.]
Counter Nit: That's
On 7/31/20 1:54 PM, Grant Edwards wrote:
If I had a week with nothing to do, I'd love to try to get something
like that working
You don't need a week. You don't even need a day. You can probably
have a test tunnel working (on your computer) in less than an hour.
Then maybe a few more hours
tical issues have
influencing the technological standards that are used. Sure, they are
influencing who they are used with, and in some cases /not/ used with.
But, thus far, the underlying technical standards have been the same.
But someone like you (Grant) could help guide and document a gentoo
c
tion is down the VPS will not establish a TCP connection (because
ssh is not listening on the remotely forwarded port) thus remote
connecting systems will fail hard / fast, thus it's more likely to be
brought to a human's attention.
--
Grant. . . .
unix || die
On 2020-07-31, Grant Taylor wrote:
> On 7/29/20 9:41 AM, Peter Humphrey wrote:
>> Aren't all IPv6 addresses static?
>
> No.
>
> SLAAC and DHCPv6 are as dynamic as can be.
Nit: DHCPv6 can be (and usually is) dynamic, but it doesn't have to
be. It's entirely possible to hav
On 2020-07-31, Grant Taylor wrote:
> On 7/30/20 5:38 PM, Ralph Seichter wrote:
>> I'd be interested to hear from users who still need to pay extra
>> for IPv6.
>
> I'd be willing, if not happy, to pay a reasonable monthly fee to be able
> to get native IPv6 from my ISP.
On 2020-07-31, Grant Taylor wrote:
> On 7/29/20 5:23 PM, james wrote:
>> Free static IPs?
>
> Sure.
>
> Sign up with Hurricane Electric for an IPv6 in IPv4 tunnel and request
> that they route a /56 to you. It's free. #hazFun
If I had a week with nothing to do
to you via the
non-globally-routed IPv6 link-net IPv6 address.
There are multiple ways to keep the same IP while changing the
connecting link.
--
Grant. . . .
unix || die
lomerates are
doing that is killing the standards based networking.
The trump-china disputes are only accelerating open standards for
communications systems, including all things TCP/IP.
Please elaborate.
--
Grant. . . .
unix || die
. :-(
As such, I use a tunnel for IPv6.
--
Grant. . . .
unix || die
On 7/29/20 1:28 PM, Grant Edwards wrote:
I don't know what most ISPs are doing. I couldn't get IPv6 via
Comcast (or whatever they're called this week) working with OpenWRT
(probably my fault, and I didn't really need it). So I never figured
out if the IPv6 address I was getting was static
On 7/29/20 9:41 AM, Peter Humphrey wrote:
Aren't all IPv6 addresses static?
No.
SLAAC and DHCPv6 are as dynamic as can be.
Static is certainly an option. But I see SLAAC and DHCPv6 used frequently.
--
Grant. . . .
unix || die
On 2020-07-29, Peter Humphrey wrote:
> On Wednesday, 29 July 2020 13:59:11 BST Grant Edwards wrote:
>
>> Pricing isn't based on cost. Pricing is based on what people are
>> willing to pay. People are willing to pay extra for a static IPv6
>> address, therefore static I
that! Still, I
> wouldn't put it past them to charge extra for what should be free.
Pricing isn't based on cost. Pricing is based on what people are
willing to pay. People are willing to pay extra for a static IPv6
address, therefore static IPv6 addresses cost extra.
--
Grant
to your local system. You get just about everything,
save for what's specifically needed for the VPN.
--
Grant. . . .
unix || die
that.
> BTW, I have pam totally masked out...
I used to run without pam, but something required it a while back.
Maybe I should look into removing pam again.
--
Grant
On 2020-07-22, Ashley Dixon wrote:
> On Wed, Jul 22, 2020 at 02:29:48AM -0000, Grant Edwards wrote:
>> Yes, that's what I did months ago, and everything worked fine with
>> Xorg using the "suid" flag and without consolekit or elogind -- until
>> this morning, when
On 2020-07-22, Walter Dnes wrote:
> On Tue, Jul 21, 2020 at 04:00:21PM -0000, Grant Edwards wrote
>>
>> Before I can try that, I apparently have to enable the elogind USE
>> flag because of somthing else that changed since I sync'ed yesterday.
>>
>> That
On 2020-07-21, Grant Edwards wrote:
> On 2020-07-21, Peter Humphrey wrote:
>> On Tuesday, 21 July 2020 15:47:25 BST Neil Bothwick wrote:
>>
>>> Sync, re-emerge bind-tools and try again. The man pages are now
>>> downloaded as a separate tarball, so Sphinx a
urse every self-respecting package needs to install at least one new
programming language -- this time it's dev-lang/spidermonkey. :/
Sheesh.
--
Grant
On 2020-07-21, Neil Bothwick wrote:
> On Tue, 21 Jul 2020 13:08:16 - (UTC), Grant Edwards wrote:
>
>> > These are build-only dependencies so "emerge --depclean" can remove
>> > them after you install bind-tools.
>>
>> Except it doesn't. I did
On 2020-07-20, Michael Orlitzky wrote:
> These are build-only dependencies so "emerge --depclean" can remove them
> after you install bind-tools.
Except it doesn't. I did an "emerge --depclean" after updating
bind-tools, and sphinx et al were not removed.
--
Grant
et, so why does it demand that
sphinx be installed?
Does bind-tools really need packages like sphinxcontrib-qthelp,
sphinxcontrib-applehelp, sphinxcontrib-jsmath, sphinxcontrib-htmlhelp?
--
Grant
vice to others: don't grow old. :)
Oops!
--
Grant. . . .
unix || die
ot;Laptop" drives are traditionally 2.5" platters and use metric (M3) screws.
"Desktop" drives are traditionally 3.6" platters and use SAE (6-32) screws.
--
Grant
On 7/10/20 11:12 PM, Walter Dnes wrote:
Would the following activity trigger creation of .ssh/config ??
If I'm reading your sequence of events properly, no, they should not
alter your desktop's SSH config to cause it to try to log into the
notebook as the root user.
--
Grant
as well.
Is there a chance that you used a fancy wrapper, possibly menu driven,
that might have updated the ~/.ssh/config file?
--
Grant. . . .
unix || die
erminfo problem, so
> it may apply to more than just nano.
--
Grant
nano (et al.). Things can get
weird then.
Beyond any of this, I'd be quite curious what problems you're having.
--
Grant. . . .
unix || die
il the drive is failed and
offline. :)
--
Grant
mitted to
flash when the card was pulled. One would hope that SD cards have
sync write commands and those commands would be used by the umount
code...
--
Grant
On 2020-06-15, Grant Edwards wrote:
> backblocks was designed to do what you want.
...
> babblocks would be a good start.
Geez, I can't even mistype "badblocks" consistently...
--
Grant
:
https://packages.gentoo.org/packages/app-benchmarks/stress-ng
https://wiki.gentoo.org/wiki/User:Maffblaster/Drafts/stress-ng
--
Grant
nsist on trying to work through this,
Which is something many of us have done once just to see if we could.
It's not something one tends to do a second time. :)
--
Grant
l only show 4 video
windows in gallery mode (or whatever it's called), but other than that
it works perfectly.
--
Grant
On 2020-06-11, Neil Bothwick wrote:
> On Thu, 11 Jun 2020 18:46:23 - (UTC), Grant Edwards wrote:
>
>> > You may want to experiment by setting env variables for Chromium to
>> > restrict --jobs and --load-average so as to keep broadly within the
>> >
On 2020-06-11, Michael wrote:
> On Thursday, 11 June 2020 16:32:50 BST Grant Edwards wrote:
>
>> Besides the dependencies, Chromium itself is a very long build. 2.5
>> days on my oldish laptop, 1.5 days on all my other machines.
>>
> [...]
>
> You may want to ex
chines.
--
Grant
On 2020-06-10, J. Roeleveld wrote:
> I had it working in Firefox.
firfox or firefox-bin?
--
Grant
On 2020-06-10, Walter Dnes wrote:
> On Wed, Jun 10, 2020 at 05:41:18PM -0000, Grant Edwards wrote
>
>> I've nevert gotten Netflix to work in anything except Chrome. [Though
>> I don't remember trying Opera.]
>
> I've got the sinking feeling that it's c copyright manag
Opera.]
--
Grant
tion and LVM, neither of which I want; where is it
> going to end?
Running Openbox instead of Plasma?
I had a hard enough time preventing XFCE from installing tons of stuff
I didn't wan't. Gnome and KDE desktops are so far beyond the pale it
takes OTH radar to find them.
--
Grant
On 2020-05-27, Ashley Dixon wrote:
>
> These are likely due to a problem with your tool-chain as a whole, and
> not
> individual packages. See [1] and [2] for more discussion regarding this
> matter.
>
> Do you run a multilib profile ? Does /usr/lib contain anything at all ?
Yes. I have
On 2020-05-27, Grant Edwards wrote:
> I tried to emerge matplotlib today, and it failed because it's linking
> in 32-bit libraries instead of 64 bit ones:
>
> x86_64-pc-linux-gnu-g++ -shared -Wl,-O1 -Wl,--as-needed -march=native -O2
> -pipe -fno-strict-aliasing -DNDEBUG
>
I tried to emerge matplotlib today, and it failed because it's linking
in 32-bit libraries instead of 64 bit ones:
x86_64-pc-linux-gnu-g++ -shared -Wl,-O1 -Wl,--as-needed -march=native -O2
-pipe -fno-strict-aliasing -DNDEBUG
601 - 700 of 5173 matches
Mail list logo