On 10/14/2013 02:49 PM, Martin Vaeth wrote:
Hiding the salt would just be security through obscurity.
And yet it is stupid if you do not do it and give away a
huge constant factor for no advantage.
(I'll just agree to disagree about the rest.)
Keeping the salt secret makes your
I've been researching the very well-regarded configuration management
framework 'salt' and I wanted to report that it has Gentoo support:
Portage Config Module:
http://docs.saltstack.com/ref/modules/all/salt.modules.portage_config.html
Portage Config State:
http://docs.saltstack.com/ref/states
On 14/10/2013 21:17, Michael Orlitzky wrote:
On 10/14/2013 02:49 PM, Martin Vaeth wrote:
Hiding the salt would just be security through obscurity.
And yet it is stupid if you do not do it and give away a
huge constant factor for no advantage.
(I'll just agree to disagree about the rest
What is the difference between the kernel-stuff (targetcli is only the config-
tool) and scst?
http://scst.sourceforge.net/comparison.html
It was written by the SCST team, so it should be taken with a grain of
salt; it is nonetheless a useful overview of the alternatives out there.
andrea
On Tue, 2022-02-22 at 10:02 +0300, Anatoly Oreshkin wrote:
> The following package(s) were not found, and no possible matches were
> found in the package db: dev-python/confluent-kafka.
I've never used a gentoo system with salt stack, but I had a thought.
Salt can be picky with package
that the word I'm typing is 'test'. No
capitalization, no spaces, no nonsense. And yet the hashes md5crypt
returns are all different. Now, that's no good if you ask me.
These are all password-recognizers, not md5 hash strings (ok, they are
in part).
The $1$ identifies a salt lead-in, the next part
hash strings (ok, they are
in part).
The $1$ identifies a salt lead-in, the next part is the salt for your
password (generated randomly) up to the next $, then the hash of your
password + salt (to the end of the string). Given the secret salt,
Grub (or anything else using this method) can
of
machines, puppet can become unmanageable - with puppet master and
security being the culprit.
We have used puppet a lot but recently settled on salt (strictly
speaking not my decision so cannot really compare it with ansible) and
we are happy with the outcome. You might want to consider
app
o it
> every month so I have to go through Gentoo handbook); to configure it
> the way I want it takes another week or two.
Instead of running Gentoo with VirtualBox and backing up the image, I'd
recommend storing your configurations in a git repo and using ansible[1]
or salt[2] to deploy them
and
security being the culprit.
We have used puppet a lot but recently settled on salt (strictly
speaking not my decision so cannot really compare it with ansible) and
we are happy with the outcome. You might want to consider
app-admin/salt as well.
--
Eray
On 8 Jul 2009, at 15:51, J. Roeleveld wrote:
...
Take the following with the usual grain of salt.
I don't use WPA myself, but I have seen issues with WEP-passwords
where not
all systems convert it to the hash-value in the same way.
Try using the HEX-value for the WPA password rather
the be
unreadable.
When you setup a LUKS partition, cryptsetup creates a random key used for
encryption the partition. Using a random key for disk encryption is an absolute
MUST! A hash of this key is stored in binary data to do key verification. By
default a 128k salt is created for each password you wish
machines, puppet is overkill. For a lot of
machines, puppet can become unmanageable - with puppet master and
security being the culprit.
We have used puppet a lot but recently settled on salt (strictly
speaking not my decision so cannot really compare it with ansible) and
we are happy
Oreshkin wrote:
> > The following package(s) were not found, and no possible matches were
> > found in the package db: dev-python/confluent-kafka.
>
> I've never used a gentoo system with salt stack, but I had a thought.
> Salt can be picky with package names sometimes.
>
On 2013-04-15 2:02 PM, Michael Mol mike...@gmail.com wrote:
Were this one of my systems (none of which is in a prod scenario, so
take it with a grain of salt), I'd emerge -e --keep-going @system, and
then emerge --resume a few times. You're stuck in something not unlike a
bootstrap scenario
On Thursday, January 29, 2015 02:23:14 PM Andrea Conti wrote:
What is the difference between the kernel-stuff (targetcli is only the
config- tool) and scst?
http://scst.sourceforge.net/comparison.html
It was written by the SCST team, so it should be taken with a grain of
salt
be pushed out with a configuration management
tool/system like Salt or Ansible in my opinion and committed in a git
repo instead of being backed up.
Alec
On Wed, 2022-02-23 at 11:28 +0300, Anatoly Oreshkin wrote:
> Unfortunately specifying dev-python/confluent-kafka::guru hasn't
> helped.
Unfortunately I don't have any better ideas. I've had more problems
with the pkg.installed state than any other single thing in Salt.
If you states don'
is stored in a database
and algorithmically calculated as follows:
md5( md5( $password ) + salt ) )
The salt is also stored in the database (which I have full access to).
I can easily use the md5 library to compare what a user gives me and
see if that's the correct password (based on the salt
level of security and
authentication implemented.
The big issue here is that the user password is stored in a database
and algorithmically calculated as follows:
md5( md5( $password ) + salt ) )
The salt is also stored in the database (which I have full access to).
I can easily use the md5
generation algorithms:
plain: the initial vector is the 32-bit little-endian version of the sector
number, padded with zeros if neccessary.
essiv: encrypted sector|salt initial vector, the sector number is
encrypted with the bulk cipher using a salt as key. The salt
and
if necessary, enter them on a site.
snip
Once you enter the master password and select the appropriate settings
(length, character set, hashing algorithm etc etc), the password will be
generated. You can also use the current website as a salt, so using the
same settings will yield a different
never gone from a non-hardened system - hardened though so take my
comments with a grain of salt. This could also work on other tricky
upgrades.
--
gentoo-user@lists.gentoo.org mailing list
.
(Einstein)
It was just a guess. Take it with a grain of salt.
--
- Mark Shields
On 7/30/06, Rumen Yotov [EMAIL PROTECTED] wrote:
Hi Mark,
Check the official gentoo security guide (docs section).
...
2.b. Password protecting GRUB
GRUB supports two different ways of adding password protection to your
boot loader. The first uses plain text, while the latter uses md5+salt
to ignore the constant factor when talking about these things. A
problem is solved if it's easy to exponentially increase the amount of
work an attacker has to do.
For an analogy, a somewhat-related issue is that of salting passwords.
Typically one stores the salt in the database in clear text
options.
I do not have suspend enabled on my laptop, so take this with a grain of
salt.
Yeah, everything is set, even THINKPAD_ACPI. Still does not wake up :-(
If you still have the Arch kernel, could you run `lsmod' when that
kernel is booted and diff it against an `lsmod' when your Gentoo kernel
$salt$hash
x is 1 for md5 and 6 for sha512. salt is 8 characters for both
Thanks for spending time with this. After looking at the shadow file, I
have accounts with both md5 and sha512. In particular affected accounts
that have md5 and sha512.
I looked closely at the .bashrc (used echo made
itself to salt IV, so it seem to rule out all the aforementioned
vulnerabilities. Hash strength here ensures that it can't be turned
into former 'plain counters' case due to hash collision.
XTS/LRW/CBC/... are methods to encrypt the single data block to a disk
block. Since data is read in blocks
to generate passwords and
if necessary, enter them on a site.
snip
Once you enter the master password and select the appropriate settings
(length, character set, hashing algorithm etc etc), the password will be
generated. You can also use the current website as a salt, so using the
same
as
plaintext, though.
2. Relatively weak password hashes were stolen, for example MD5 or sha1
with no salt. With modern PCs, it isn't too hard to brute-force against
such, even without rainbow-tables. Then you should change your password
but you might get lucky and don't need to.
3. Strong password
or directory 2: IOR
file '/tmp/gconfd-michael/lock/ior' not opened successfully, no gconfd
located: No such file or directory))
I'm a KDE user, so take my advice with a grain of salt. But I googled a
bit, and you're not alone (even if your error is obscure). Unfortunately
I failed to find a clear
Hi Sean,
sean [EMAIL PROTECTED] writes:
I set up diskless booting recently but I'm by no means an expert, so
take my comments with plenty of salt.
Below is my in.tftpd file.
# /etc/init.d/in.tftpd
# Path to server files from
# Depending on your application you may have to change
Roger Mason wrote:
I set up diskless booting recently but I'm by no means an expert, so
take my comments with plenty of salt.
Sounds like you have had better success than me.
INTFTPD_PATH=/tftpboot/
What happens with INTFTPD_PATH=/tftpboot? (remove trailing / )
Since removed. Made
too since it is too short to be a
salt followed by an encrypted password.
--
Michael Kjörling, [EMAIL PROTECTED] - http://michael.kjorling.com/
* ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments *
* . No bird soars too high if he soars with his own wings . *
*** Software
.
Whether you choose to use x, !, !!, * or some other variant is up to
you. Yes, x works in this case too since it is too short to be a
salt followed by an encrypted password.
I don't mean to be rude or anything, but I've seen many answers like this on
different mailinglist archives and everyone seems
acount in linux.
Good good.
What package uses this poppasswd file?
cmd5checkpw, and anything else which does CRAM MD5 authentication at a guess.
CRAM is done by sending a hash of the password over the wire, the salt is
unique for each connection, so you need the plain text password on the server
I would think a quick fix (by no means a FULL fix) would be to re-emerge
sys-apps/baselayout. That should at least get your init scrips, and important
configs back to the right permissions. I've never actually tried that however,
so take it with a grain of salt.
I would agree with most
. To tell the truth,
though, I have never even heard of q-tools...
Marcus
But as I have seen and read about, equery is not always correct. It is
handy but you need to take its results with a little salt.
That said, I use it a lot. just have to use the old noodle still.
Dale
:-) :-)
as a salt, so using the
same settings will yield a different password for different sites.
Sounds like I'm advocating this very heavily, in fact I don't have much
experience with it. It sounds reasonable to me, but I'll let you guys
discuss it :)
Matt
Dale writes:
I'm no expert on this package so take this with a grain of salt. Mine
just updated and portage said to run emerge @preserved-rebuild which
I did. Thing is, one of the packages failed to emerge so here I sit.
The error says something is missing which is the same reason
HTML messages with a huge font and bold typeface to the list.
Any chance of you reconfiguring KMail not to send HTML messages?
Please ... pretty please ... :-)
A mail-client worth its salt should be able to work around that ;-)
Thunderbird, the superior mail client (-- flame bait) has an option
to apply a
semantic name (eth0 or net0) at all. But you're hearing this come from a
C++ programmer turned network admin, so take that with a grain of salt. :)
signature.asc
Description: OpenPGP digital signature
:
Ok, added -zlib to package.mask and it is compiling now... I just don't
know if I need zlib support for our DB app... sigh
If this doesn't work I'll try your suggestion of:
Were this one of my systems (none of which is in a prod scenario, so
take it with a grain of salt), I'd emerge -e --keep
portage configs. I'm going to bring this to the 'salt'
mailing list to see if it might be a good fit. It seems like a much
lighter weight application.
Two general points I can add:
1. Sharing config files turns out to be really hard. By far the easiest
way is to just share /etc
, it would be nice if the different teams could
communicate and maybe take some patches from each other. (I'm no dev,
so take my opinions on what would be nice for development with a
chunk of salt.)
hw gc-24.de> writes:
> I'm trying to set up an ltsp server. It seems
> that one of the required packages is no longer
> available:
I never used ltsp so take what I say with a grain of salt
Look around the old code is out there. Find an old version that works
and get that work
the one, which
> >does not compile...
> >
> >?
> >
> >Best regards,
> >Meino
>
> It's currently 2am Perth time and I've been staring at a screen for
> too long trying to get a portable Win32 dev environmet for Uni students
> working. I've c
32 dev environmet for Uni students
working. I've consumed a fair amount of chocolate so the usual grain of
salt proviso applies. If I've understood the question correctly, this
link may be of help:
http://tinyurl.com/jur3t8v
Andrew
o gvim to start with, and assuming one is not daunted by a
reference to "acl"). I'm sure this just means I'm keyword-challenged,
but I bet I'm not the only one in the universe of plain Gentoo users.
OK, everybody makes mistakes. But reading "use emacs" is bound to
touch a few
On 2019-11-28 13:20, james wrote:
> My specific (eventual) goal is to communicate/manage a wide variety of
> gentoo systems, from servers & workstations to a myriad of embedded
> and 5G minimal gentoo systems; particularly those on embedded
> processors that have modest resources.
I have no
Curiously,
Does anyone have any experience, tips or comments on the use of saltstack
Gentoo specific location::
https://docs.saltstack.com/en/latest/topics/installation/gentoo.html#post-installation-tasks
My specific (eventual) goal is to communicate/manage a wide variety of
gentoo systems,
as. I've had more problems
> with the pkg.installed state than any other single thing in Salt.
>
> If you states don't need to be extended to other platforms, you could
> just resort to cmd.run again. Seems you're already doing that with
> emaint anyway.
>
>
>
as
plaintext, though.
2. Relatively weak password hashes were stolen, for example MD5 or sha1
with no salt. With modern PCs, it isn't too hard to brute-force against
such, even without rainbow-tables. Then you should change your password
but you might get lucky and don't need to.
3. Strong password hashes
and examine the shadow file.
See what kind of hashes the affected accounts are using. md5 is 34 characters
long and sha512 is 98 in this format:
$x$salt$hash
x is 1 for md5 and 6 for sha512. salt is 8 characters for both
If the affected account is sha512, run
openssl passwd -1
to generate an md5
packages themselves, but
portage config files and then let each laptop emerge unattended based
on those portage configs. I'm going to bring this to the 'salt'
mailing list to see if it might be a good fit. It seems like a much
lighter weight application.
Two general points I can add:
1
ised
(or wouldn't tell you). As a precaution they asked users to change their
master passwd, while they changed their server's salt. In addition, there
were XSS vulnerabilities later on, which is probably to be expected with
JavaScript and similar technologies.
> As
> I pointed ou
' not
opened successfully, no gconfd located: No such file or directory 2: IOR
file '/tmp/gconfd-michael/lock/ior' not opened successfully, no gconfd
located: No such file or directory))
I'm a KDE user, so take my advice with a grain of salt. But I googled a
bit, and you're not alone (even
of salt.
I rarely upgrade unless I have new hardware that needs it or there is
some security thing that affects me. Since I am on dial-up, good luck
with the last one.
Basically, upgrade when you need to. It may be new hardware that is not
in the older kernels, some security issue that affects
opinion and you are welcome to take it with a grain of salt.
I rarely upgrade unless I have new hardware that needs it or there is
some security thing that affects me. Since I am on dial-up, good luck
with the last one.
I'm on ADSL but keep the connection and machine (laptop) always
strongley urge you to amd, since they usually give
you more performance for the buck.
(That being said.. i'm no fan of intel. Therefore take this with a grain
of salt.)
Oh btw.. you may ignore GHz numbers now.. they are no longer an
indicator of how fast processors are.
- Folken
--
gentoo-user
uses this poppasswd file?
cmd5checkpw, and anything else which does CRAM MD5 authentication at a guess.
CRAM is done by sending a hash of the password over the wire, the salt is
unique for each connection, so you need the plain text password on the server
to check against, which are kept
--
Fred Lio tells me that chips are best fried with sea salt and vinegar.
Dang it! Maybe that's what I'm doing wrong. I've been smothering them
in sour cream onion this whole time!
~DP. Following thread on him blowing his display card
Sortir en Pantoufles: up 205 days, 1:27
--
[EMAIL PROTECTED
On 24/07/05 18:06:51, Stroller wrote:
On Jul 24, 2005, at 1:49 am, Ian K wrote:
I have an older laptop that I want to add to my network,
(its a 802.11B one) and I was wondering what brands/models
would work the best under Linux. Im fairly flexible, and would
really not like to tinker with too
GRUB supports two different ways of adding password protection to your
boot loader. The first uses plain text, while the latter uses md5+salt
encryption.
...
Haven't used it though.
HTH.Rumen
smime.p7s
Description: S/MIME Cryptographic Signature
anymore is it?). It's a
standard protocol.
WPA2 does work with wicd - are you getting anything in the logs at all
using both methods?
Take the following with the usual grain of salt.
I don't use WPA myself, but I have seen issues with WEP-passwords where not
all systems convert it to the hash
and you don't
really show nearly enough info from your configuration files, so it may be
worth having a look at this old wiki page (but take it with a pinch of salt
as things may have changed slightly since):
http://www.gentoo-wiki.info/HOWTO_Apache_VirtualHost_by_IP_Address
HTH.
--
Regards
to compare and you don't
really show nearly enough info from your configuration files, so it may be
worth having a look at this old wiki page (but take it with a pinch of salt
as things may have changed slightly since):
http://www.gentoo-wiki.info/HOWTO_Apache_VirtualHost_by_IP_Address
HTH.
post
...
Well, I added CONFIG_SENSORS_ATK0110=y to my 940/M4A79DX setup and
gkrellm doesn't show anything. That was one test only, so take it with a
grain of salt.
compromise worth its salt, all logs will be
tampered to clear traces of interfering with your system. Monitoring network
traffic from a healthy machine is a good way to establish suspicious activity
on the compromised box and it also helps checking for open ports (nmap, or
netcat) to find out
on October 5th.
--
Neil Bothwick
Do you recollect whether you ran python-updater immediately after the
2.7 emerge, and do you remember whether you set 2.7 as your active
version 2 python version before or after running python-updater?
My grain of salt of experience from yesterday:
1
grain of salt of experience from yesterday:
1. emerged python 2.7 (upon a regular daily update)
2. eselect switch to 2.7
3. python-updater (rebuilt about 30 pkgs; all went fine, except pygtk
complained about something apparently minor)
4. re-emerge pygtk, just to be sure, this time it doesn't complain
(usually
done using the taskset command from sys-apps/util-linux).
For the disk I/O you can set an ionice in your make.conf like:
PORTAGE_IONICE_COMMAND=ionice -c 3 -p \${PID}
Salt to taste. :)
affinity (usually
done using the taskset command from sys-apps/util-linux).
For the disk I/O you can set an ionice in your make.conf like:
PORTAGE_IONICE_COMMAND=ionice -c 3 -p \${PID}
Salt to taste. :)
Well, this is interesting:
root@fireball # emerge -1av kate
ionice: bad prio class -3
fail. I couldn't even emerge -e world because
of those stupid masked package versions...
OK, I haven't used Myth now in over a year so take this with a grain
of salt. From the log file it appears that your client isn't
connecting to the server which likely explains why you don't see the
programs
from October 12
till 24. It was an epic fail. I couldn't even emerge -e world because
of those stupid masked package versions...
OK, I haven't used Myth now in over a year so take this with a grain
of salt. From the log file it appears that your client isn't
connecting to the server which
, and CUPS is more complicated than classical lpr.
Why do you find it so good?
No idea. I only posted this because the OP didn't say what's bad about
systemd :-) I really don't know I should care whether my system runs OpenRC
or systemd.
Take this with a grain (or a kilo) of salt, since I'm
On Mon, 23 Apr 2012 21:53:36 +0300, Nikos Chantziaras wrote about
[gentoo-user] Re: new mobo : Eth0 recovered:
On 23/04/12 21:34, David W Noon wrote:
[snip]
Any chance of you reconfiguring KMail not to send HTML messages?
Please ... pretty please ... :-)
A mail-client worth its salt
... :-)
A mail-client worth its salt should be able to work around that ;-)
Thunderbird, the superior mail client (-- flame bait) has an option that
says Display HTML messages as plain text, so I never notice when someone
posts HTML messages here (or anywhere else.)
My client - which is probably
, assuming a
modern SSDs.
2) In a post where I asked about this sort of stuff in the Vertex
forums I received the following response from folks who seem to have
more experience than I. Of course, take this with a grain of salt:
[QUOTE]
Just using round numbers and assuming effective wear leveling
of the idea
with a grain of salt. I also make no claims to know exactly how to
implement this for programs not already inherently kerberized.
You might use Kerberos to enforce access limits by associating services
with each thing you wish to control, giving the auth tickets a short
rollover period
it with a grain of salt), I'd emerge -e --keep-going @system, and
then emerge --resume a few times. You're stuck in something not unlike a
bootstrap scenario.
Thanks a lot Michael... first time anything like this has happened to me
in a long time. I forgot what it is like to have users
On 2013-04-15 2:02 PM, Michael Mol mike...@gmail.com wrote:
Were this one of my systems (none of which is in a prod scenario, so
take it with a grain of salt), I'd emerge -e --keep-going @system, and
then emerge --resume a few times. You're stuck in something not unlike a
bootstrap scenario
themselves, but
portage config files and then let each laptop emerge unattended based
on those portage configs. I'm going to bring this to the 'salt'
mailing list to see if it might be a good fit. It seems like a much
lighter weight application.
I'm soaking up a lot of your time (again). I'll
shouldn't push packages themselves, but
portage config files and then let each laptop emerge unattended based
on those portage configs. I'm going to bring this to the 'salt'
mailing list to see if it might be a good fit. It seems like a much
lighter weight application.
Two general points
gallium or not. Adjust accordingly.
Take what I say here with a pinch of salt (building the right drivers
with the right settings to work right on the right hardware is, IMNSHO,
a huge amount of black magic :-)
anyway, I seem to recall that USE=i915 or i965 was the old way of doing
with a pinch of salt (building the right drivers
with the right settings to work right on the right hardware is, IMNSHO,
a huge amount of black magic :-)
anyway, I seem to recall that USE=i915 or i965 was the old way of doing
things and you needed to know what chipset to build for. Recent code has
no dev,
so take my opinions on what would be nice for development with a
chunk of salt.)
Actually, that's my point by saying offer: Rather than letting them
build eudev from scratch, let's work together on the eudev we have,
promote it to something distro-neutral, then let Gentoo and Devuan
pful.
I personally do not run Hardened, so take this with a grain of salt.
Alec
ded attributes. What type of
> > > filesystem is /var/tmp mounted on?
> > >
> > > Other info like the output of `emerge --info', what kernel you're
> > > running, and what profile you're on would be helpful.
> > >
> > > I personally do not run
James wrote:
hw gc-24.de> writes:
I'm trying to set up an ltsp server. It seems
that one of the required packages is no longer
available:
I never used ltsp so take what I say with a grain of salt
Look around the old code is out there. Find an old version that works
and
ating - only you know
that.
I think you want Tower or AWX or even rundeck, those are
scheduling/controlling/orchestration wrappers that can fire off ansible
jobs.
As a last resort you can always add a cron to run an overall site.yml
play every X hours or so
Are you coming from a puppet/salt/ch
On 21/8/22 13:34, Grant Taylor wrote:
On 8/20/22 10:22 PM, William Kenworthy wrote:
...
If that is an Odroid XU4, then I strongly suspect that /dev/sda is
passing through a USB interface. So ... I'd take those numbers with a
grain of salt. -- If the system is working for you, then by all
I'm thinking I shouldn't push packages themselves, but
portage config files and then let each laptop emerge unattended based
on those portage configs. I'm going to bring this to the 'salt'
mailing list to see if it might be a good fit. It seems like a much
lighter weight application.
Two
know if any passwds were compromised
> (or wouldn't tell you). As a precaution they asked users to change their
> master passwd, while they changed their server's salt. In addition, there
> were XSS vulnerabilities later on, which is probably to be expected with
> JavaScript and sim
user, please
either skip the rest or at least take it with a *packet* of salt rather than a
grain... If you are not, read on, and pay attention.
The danger is not Gentoo as such, but the utterly 'naked' commands being used
by someone who does not yet understand all the 'inwardnesses' of what must
you more performance for the buck.
(That being said.. i'm no fan of intel. Therefore take this with a grain
of salt.)
Oh btw.. you may ignore GHz numbers now.. they are no longer an
indicator of how fast processors are.
- Folken
--
gentoo-user@gentoo.org mailing list
--
gentoo-user
even more strongley urge you to amd, since they usually give
you more performance for the buck.
(That being said.. i'm no fan of intel. Therefore take this with a grain
of salt.)
Oh btw.. you may ignore GHz numbers now.. they are no longer an
indicator of how fast processors are.
- Folken
files and not try to install
'dev-lang/php' ?
I cannot just install 'dev-lang/php' as it is blocked by the (2)
dev-php files that I need:
dev-php/mod_php and dev-php/php. Of coarse, take what I'm saying
with a grain of salt, as I'm describing the symptoms of a php
problem without fully
/? file to get
the system to accept the older dev-php files and not try to install
'dev-lang/php' ?
I cannot just install 'dev-lang/php' as it is blocked by the (2)
dev-php files that I need:
dev-php/mod_php and dev-php/php. Of coarse, take what I'm saying
with a grain of salt, as I'm describing
1 - 100 of 183 matches
Mail list logo
