Re: [gentoo-user] load too high
On Wed, 2008-02-13 at 07:55 +0100, Dirk Heinrichs wrote: > Am Mittwoch, 13. Februar 2008 schrieb ext James: > > > I did not try this. what's the option to boot into single user mode? > > No need to boot, just "telinit 1" from a running system. And later switch > back to normal with "telinit 3". Just to show some alternatives: rc single / rc default useful if you use other runlevels, for example "nonetwork" or boot with kernel parameter "single" signature.asc Description: This is a digitally signed message part
Re: [gentoo-user] Which arch do I have ?
Alan McKinnon wrote: On Tuesday 12 February 2008, Wael Nasreddine wrote: This One Time, at Band Camp, Alan McKinnon <[EMAIL PROTECTED]> said, On Tue, Feb 12, 2008 at 03:05:20PM +0200: On Tuesday 12 February 2008, Wael Nasreddine wrote: The x86_64 name is used by Red Hat and other distros. There are all the same thing really, but using the wrong name in the wrong context clouds the issues and leads to vast side-threads asking question that have no answers and that accomplish nothing. I'm sorry but I'm just used to call it this way, most of distros I have tried in the past call it this way, anyway I'll try to memorize it. Cool. Nothing worse than composing a decent post, only to then have to explain that you weren't using THIS definition but rather THAT one. It's an easy enough error to make (do it myself too) so no worries sorry for the question: why does #ls /usr/src/linux/arch/ show alpha/ blackfin/ h8300/ m32r/ mips/ ppc/ sh64/ um/xtensa/ arm/ cris/ i386/ m68k/ parisc/s390/ sparc/ v850/ avr32/ frv/ ia64/ m68knommu/ powerpc/ sh/ sparc64/ x86_64/ but not amd64? kh So, the only good reason to move to amd64 is when you buy a 64 bit machine I have 1G RAM and it's a laptop doesn't serve huge databases so I guess despite if my CPU is 64 or 32 bits, I'll just stick with the 32 version, works great... Agreed. You have no obvious benefits from a 64 bit arch. You also get to not have to struggle with flash wondering if it will work this time or not ;-) -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] eth0 = pcmcia + usb adapter
On Wednesday 13 February 2008, Simon Turner wrote: > Strange it took almost a day before I could see my post! Guess I was > "moderated"... > > Hi Mick, > Thanks for the reply. I've gone through about 4 kernel recompiles, > each time wondering with question marks over my head, sure I had > everything compiled in... I ended up adding pretty much anything > that would be related to "PCI", "USB", "PCMCIA", "SCSI"... with the > exception of the modules specific to some hardware I clearly dont > have. > > I kept a copy of my .config each time, so, I will be able to study > what I changed between the 3rd and 4th recompiles. > > I have to say, it was my first adventure playing around with the > kernel, and I reached a high level of frustration, impatience but the > level of my greed kept being at the top and I'd say it simply changed > my life! =) > > I just find "make menuconfig" a bit confusing when searching for > things... a simple grep on Kconfigs is so much better sometimes: > `find /usr/src/linux/ -name "Kconfig" -exec grep {} -Hn -e "USB"` > > Someone told it wasn't correct to edit the .config directly (most > probably because of depencies), but is it possible, at my own risk? Not sure, because I've never done it! I keep using make menuconfig for edits. To find a particular driver in the maze of the kernel tree you can of course spend hours studying it line by line, enabling and disabling each branch as you go along (in six months you'll know it all by heart). Alternatively, you could get a life and decide to press / while in menuconfig and enter some suitable search terms. Also, I often cat .config | grep -i to find whether I have enabled something or other. After you compile a good kernel that does exactly what you want it to do, then copy its .config into any new kernel fs that you emerge and run make oldconfig instead. It'll prompt you for the changes and keep all your old settings which you know work. HTH. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] load too high
Am Mittwoch, 13. Februar 2008 schrieb ext James: > I did not try this. what's the option to boot into single user mode? No need to boot, just "telinit 1" from a running system. And later switch back to normal with "telinit 3". HTH... Dirk -- Dirk Heinrichs | Tel: +49 (0)162 234 3408 Configuration Manager | Fax: +49 (0)211 47068 111 Capgemini Deutschland | Mail: [EMAIL PROTECTED] Wanheimerstraße 68 | Web: http://www.capgemini.com D-40468 Düsseldorf | ICQ#: 110037733 GPG Public Key C2E467BB | Keyserver: www.keyserver.net signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Which arch do I have ?
Dmitry S. Makovey wrote: > On February 12, 2008, Alan McKinnon wrote: > So, the only good reason to move to amd64 is when you buy a 64 bit machine >>> I have 1G RAM and it's a laptop doesn't serve huge databases so I >>> guess despite if my CPU is 64 or 32 bits, I'll just stick with the 32 >>> version, works great... >>> >> Agreed. You have no obvious benefits from a 64 bit arch. You also get to >> not have to struggle with flash wondering if it will work this time or >> not ;-) >> > > just a bit of personal experience: flash works beter using nspluginwrapper in > 64bit mode because when it hangs - it's a simple as shooting it's wrapper > process and not the entire FF. > > oh, and for whatever reason wine performs better under 64 bit OS rather than > 32. Don't have any other proof then my own experience but Diablo LOD runs > much smoother once I've rebuilt my system with 64bit with the same useflags > and everything else. > I would agree that wine does seem to run better on the 64bit arch. One other thing that I've noticed with a 64bit binary, specifically HandBrake, is that video encoding is *much* faster then it is with a 32bit binary. -Hal -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: load too high
James R. Campbell reliant-data.com> writes: > What processes have the most on cpu time as reported by a 'ps ax' ? not certain what your are asking. Here is the result of ps ax: # ps ax PID TTY STAT TIME COMMAND 1 ?Ss 0:00 init [3] 2 ?S< 0:00 [kthreadd] 3 ?S< 0:00 [migration/0] 4 ?S< 0:00 [ksoftirqd/0] 5 ?S< 0:00 [migration/1] 6 ?S< 0:00 [ksoftirqd/1] 7 ?S< 0:00 [events/0] 8 ?S< 0:00 [events/1] 9 ?S< 0:00 [khelper] 109 ?S< 0:00 [kblockd/0] 110 ?S< 0:00 [kblockd/1] 113 ?S< 0:00 [kacpid] 114 ?S< 0:00 [kacpi_notify] 237 ?S< 0:00 [ata/0] 238 ?S< 0:00 [ata/1] 239 ?S< 0:00 [ata_aux] 242 ?S< 0:00 [ksuspend_usbd] 248 ?D< 0:01 [khubd] 251 ?S< 0:00 [kseriod] 253 ?S< 0:00 [kgameportd] 310 ?S 0:00 [pdflush] 311 ?S 0:00 [pdflush] 312 ?S< 0:00 [kswapd0] 313 ?S< 0:00 [aio/0] 314 ?S< 0:00 [aio/1] 1016 ?S< 0:00 [scsi_eh_0] 1018 ?S< 0:00 [scsi_eh_1] 1020 ?S< 0:00 [scsi_eh_2] 1022 ?S< 0:00 [scsi_eh_3] 1061 ?S< 0:00 [exec-osm/0] 1062 ?S< 0:00 [exec-osm/1] 1068 ?S< 0:00 [block-osm/0] 1069 ?S< 0:00 [block-osm/1] 1075 ?S< 0:00 [khpsbpkt] 1085 ?S< 0:00 [knodemgrd_0] 1166 ?S< 0:00 [kpsmoused] 1183 ?S< 0:00 [kondemand/0] 1184 ?S< 0:00 [kondemand/1] 1211 ?S< 0:00 [reiserfs/0] 1212 ?S< 0:00 [reiserfs/1] 1393 ?S
Re: [gentoo-user] eth0 = pcmcia + usb adapter
Strange it took almost a day before I could see my post! Guess I was "moderated"... Hi Mick, Thanks for the reply. I've gone through about 4 kernel recompiles, each time wondering with question marks over my head, sure I had everything compiled in... I ended up adding pretty much anything that would be related to "PCI", "USB", "PCMCIA", "SCSI"... with the exception of the modules specific to some hardware I clearly dont have. I kept a copy of my .config each time, so, I will be able to study what I changed between the 3rd and 4th recompiles. I have to say, it was my first adventure playing around with the kernel, and I reached a high level of frustration, impatience but the level of my greed kept being at the top and I'd say it simply changed my life! =) I just find "make menuconfig" a bit confusing when searching for things... a simple grep on Kconfigs is so much better sometimes: `find /usr/src/linux/ -name "Kconfig" -exec grep {} -Hn -e "USB"` Someone told it wasn't correct to edit the .config directly (most probably because of depencies), but is it possible, at my own risk? Thanks, Simon -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] layman -L does not show ecatmur, but I can layman -a ecatmur.
On Feb 12, 2008 10:52 PM, Willie Wong <[EMAIL PROTECTED]> wrote: > On Tue, Feb 12, 2008 at 05:37:16PM +0800, Penguin Lover Mark David Dumlao > squawked: > > TOTALLY WEIRD. I do a layman -L on my machine and strangely enough, > ecatmur > > isn't listed. I think I've used it beore on layman though, so I look up > the > > overlays listing on the gentoo overlays list, here: > > http://www.gentoo.org/proj/en/overlays/layman-global.txt > > > > Sure enough, ecatmur is present. So I just blindly go layman -a ecatmur > and > > he gets added. > > Did you run layman --fetch to update the overlays? > yep, and I'm still getting nothing doing with layman -L. -- thing.
Re: [gentoo-user] load too high
On Monday 11 February 2008, James wrote: > Hello, > > One of the workstations (amd64 2gig ram) has a load that never drops below > 1.0, as seen by top. Looking at a ps nothing stands out. I did notice that > 'X' is at the top of the list, even when the machine is quiescent (nobody > doing anything). Suspiciaous. Clearly I have a run away or hidden process > using resources. Although all my system run kde 3.5.8 only one shows this > problem. > > None of my other Gentoo system suffer this fate. Any ideas on finding the > culprit(proccess)? > > > > James What processes have the most on cpu time as reported by a 'ps ax' ? --James -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: load too high
Henry Gebhardt googlemail.com> writes: > Any ideas? > No.But do you also see this without X running, Yep, same load with X killed off without most daemons running, Yep in single user mode...? I did not try this. what's the option to boot into single user mode? What would it prove? James -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Which arch do I have ?
On February 12, 2008, Alan McKinnon wrote: > > > So, the only good reason to move to amd64 is when you buy a 64 bit > > > machine > > > > I have 1G RAM and it's a laptop doesn't serve huge databases so I > > guess despite if my CPU is 64 or 32 bits, I'll just stick with the 32 > > version, works great... > > Agreed. You have no obvious benefits from a 64 bit arch. You also get to > not have to struggle with flash wondering if it will work this time or > not ;-) just a bit of personal experience: flash works beter using nspluginwrapper in 64bit mode because when it hangs - it's a simple as shooting it's wrapper process and not the entire FF. oh, and for whatever reason wine performs better under 64 bit OS rather than 32. Don't have any other proof then my own experience but Diablo LOD runs much smoother once I've rebuilt my system with 64bit with the same useflags and everything else. -- Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245 signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] [query] kernel-2.6.24 + ndiswrapper
On Tuesday 12 February 2008, dell core2duo wrote: >but I am still getting WEXT errors. >Starting wpa_supplicant on wlan0 > ... > ioctl[SIOCSIWAUTH]: Operation not supported > WEXT auth param 4 value 0x0 - ioctl[SIOCSIWAUTH]: Operation not > supported [ ok ] > th param 5 value 0x1 - > * Starting wpa_cli on wlan0 > ... > [ ok ] > * Backgrounding ... WEXT seems to suggest "wireless extensions" (but I might be wrong of course). I have the following options enabled in my kernel (some might be redundant): CONFIG_WIRELESS_EXT=y CONFIG_CFG80211=y CONFIG_NL80211=y CONFIG_MAC80211=y CONFIG_MAC80211_RCSIMPLE=y CONFIG_MAC80211_DEBUG=y CONFIG_MAC80211_VERBOSE_DEBUG=y CONFIG_IEEE80211=y CONFIG_IEEE80211_DEBUG=y CONFIG_IEEE80211_CRYPT_WEP=y CONFIG_IEEE80211_CRYPT_CCMP=y CONFIG_IEEE80211_CRYPT_TKIP=y CONFIG_IEEE80211_SOFTMAC=y CONFIG_IEEE80211_SOFTMAC_DEBUG=y CONFIG_WLAN_80211=y CONFIG_B43=y CONFIG_B43_PCI_AUTOSELECT=y CONFIG_B43_PCICORE_AUTOSELECT=y CONFIG_B43_DEBUG=y CONFIG_B43_DMA=y CONFIG_B43_PIO=y CONFIG_B43_DMA_AND_PIO_MODE=y CONFIG_B43LEGACY=y CONFIG_B43LEGACY_PCI_AUTOSELECT=y CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y CONFIG_B43LEGACY_DEBUG=y CONFIG_B43LEGACY_DMA=y CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y I'm pretty sure some of them are redundant, but I have not had the time yet to read about the wireless extensions/*80211 changes and their implications. However, my card is working correctly with the above config. Is the firmware in place (the correct one for your driver)? Post the relevant sections from /var/log/messages where the wireless card is recognized and initialized. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: load too high
> Any ideas? No.But do you also see this without X running, without most daemons running, in single user mode...?
Re: [gentoo-user] OpenVPN setup
Grant wrote: I'm hoping to use the vpn in three few ways: 1. imap and smtp between my laptop and the mail server 2. ssh from my laptop to the remote server 3. cups printing from the remote server to the print server I don't think you need a VPN to SSH from your laptop to the remote server -- SSH is already encrypted. For sure, but it seems like running SSH inside a VPN is better for security than running SSH on a non-standard port or even port knocking. If I need to set up a VPN for printing, shouldn't I use it for other stuff too? Maybe not, I have yet to actually use a VPN so please correct me if I'm wrong. SSH + Public/Private Keys. I don't accept passwords on my box, you need to have a correct account name and a private key for that machine to even think about talking to you. The only authentication method is PubKeyAuth; everything else is NO. If your laptop is always behind your local firewall, then it should be sufficient to have an OpenVPN tunnel established between your local firewall/print server and your remote server. This should allow you to print. Configuring the routes on your laptop to go through your local firewall and VPN to the remote server should allow you to grab your mail. If you move around with your laptop then you'll need to establish the VPN tunnel to your remote server anytime you need to grab your mail from anywhere else but home (behind your local firewall). Ah, tunnels, OK. I need to think in terms of tunnels. I'll definitely be moving around and won't be behind my local firewall too much of the time. Can I set up the openvpn server on my remote system and keep a tunnel open between it and the firewall/print server for printing, and also initiate a tunnel between the laptop and the remote system whenever I need to mail or SSH? Does that sound like a good plan? - Grant The other thing you can do is run ssh and use tunneling to run printing over. Granted it's kind of a pita for more stuff, but it's a poor man's vpn. (and what I use to view my webservers at home) Eric -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: [OT] Interrogate network for devices
On Tuesday 12 February 2008, Dale wrote: > [EMAIL PROTECTED] wrote: > > It turned out to be a simple matter of cycling the various > > modem/router PC s in the right order. Once I got the help desk it > > took about 2 minutes to get things resolved. It was setup right just > > needed to recycle the Modem with router off. > > So that is why they told me to cut off everything then turn on in > sequence from the cable to the puter. Makes sense now. OK, spoke to a mate with a motorola modem. He logs in to the modem GUI on IP 192.168.0.100. Of course, since you have a different modem YMMV, unless Comcast ask all their hardware suppliers to configure the same LAN IP address. HTH. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Which arch do I have ?
This One Time, at Band Camp, Boris Fersing <[EMAIL PROTECTED]> said, On Tue, Feb 12, 2008 at 03:06:13PM -0500: > On Feb 12, 2008 8:06 AM, Benjamen R. Meyer <[EMAIL PROTECTED]> wrote: > > Wael Nasreddine wrote: > > > On Mon, Feb 11, 2008 at 10:31:30PM -0500, "Benjamen R. Meyer" <[EMAIL > > > PROTECTED]> wrote: > > >> As you have an Intel Core Duo, you should have the EMT64E version - > > >> Intel's version of the AMD64 instruction set - thus x86-64 compatible. > > >> Best place to check is Intel's website - here's what I found: > > >> http://processorfinder.intel.com/details.aspx?sspec=sl9dv > > >> http://developer.intel.com/design/mobile/core/duodocumentation.htm > > >> With EMT64E, you will be able to compile for 64-bit mode using the > > >> x86-64 builds. (You can only use Intel64 if you have the Itanium procs > > >> if memory serves.) > > >> However, unless you specifically install the x86-64/AMD64/64-bit > > >> version, you will have a 32-bit x86 environment and kernel. You can > > >> upgrade if you like...see other threads for that info. > > >> HTH, > > >> Ben > > > Let's say this processor supports 64 bits, what whould I gain from > > > migrating to x86_64 I mean would it be faster??? I've never > > > owned/worked on a 64bit machine before so excuse my lack of knowledge > > > :) > > The primary advantage is larger memory space, and more native use of the > > entire processor. I'm running it b/c I want to be - not b/c I need the > > memory space, I'm not pushing 4GB for Physical RAM which is primarily > > what it is about. > > From my understanding, you won't gain much if any in speed. The > > processor is still the same clock rate. 64-bit programs may (not sure, > > someone verify?) be bigger as the opcodes are larger. > > You can run any of the following configs: > > 1) pure 32-bit > > 2) pure 64-bit > > 3) mixed 32-64 bit (multi-lib) > HI again, > the T2250 is a Core Duo and not a Core 2 Duo. It only supports 32 bits > instructions. > http://download.intel.com/design/processor/manuals/253665.pdf page 55 > regards, > Boris. Well here you go, thanks for clearing this up. > > #3 will be the largest install as you have a lot of duplications since > > you are hosting both a 32-bit and 64-bit environment. However, with #2 > > you might not get a lot of programs since there are quite a few that > > have not been fully ported to 64-bit modes. You're running #1 now. > > So not much is gained for now. > > Ben > > >> Wael Nasreddine wrote: > > >>> Hello, > > >>> It's been like 6 months I'm using the arch i686, but today I saw on this > > >>> page[1] something that confused me, saying that I have an x86_64 arch I > > >>> have a > > >>> Toshiba A135-S4427 with Intel dual core 1.73Ghz here's the output of > > >>> /proc/cpuinfo > > >>> CUT > > >>> processor : 0 > > >>> vendor_id : GenuineIntel > > >>> cpu family : 6 > > >>> model : 14 > > >>> model name : Genuine Intel(R) CPU T2250 @ 1.73GHz > > >>> stepping: 8 > > >>> cpu MHz : 800.000 > > >>> cache size : 2048 KB > > >>> physical id : 0 > > >>> siblings: 2 > > >>> core id : 0 > > >>> cpu cores : 2 > > >>> fdiv_bug: no > > >>> hlt_bug : no > > >>> f00f_bug: no > > >>> coma_bug: no > > >>> fpu : yes > > >>> fpu_exception : yes > > >>> cpuid level : 10 > > >>> wp : yes > > >>> flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > > >>> mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe > > >>> constant_tsc arch_perfmon bts pni monitor est tm2 xtpr > > >>> bogomips: 3460.63 > > >>> clflush size: 64 > > >>> processor : 1 > > >>> vendor_id : GenuineIntel > > >>> cpu family : 6 > > >>> model : 14 > > >>> model name : Genuine Intel(R) CPU T2250 @ 1.73GHz > > >>> stepping: 8 > > >>> cpu MHz : 800.000 > > >>> cache size : 2048 KB > > >>> physical id : 0 > > >>> siblings: 2 > > >>> core id : 1 > > >>> cpu cores : 2 > > >>> fdiv_bug: no > > >>> hlt_bug : no > > >>> f00f_bug: no > > >>> coma_bug: no > > >>> fpu : yes > > >>> fpu_exception : yes > > >>> cpuid level : 10 > > >>> wp : yes > > >>> flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > > >>> mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe > > >>> constant_tsc arch_perfmon bts pni monitor est tm2 xtpr > > >>> bogomips: 3457.55 > > >>> clflush size: 64 > > >>> CUT > > >>> So which arch do I really have?? > > >>> [1]: > > >>> http://docs.fedoraproject.org/install-guide/f8/en_US/sn-which-arch.html > > -- > > gentoo-user@lists.gentoo.org mailing list -- Wael Nasreddine http://wael.nasreddine.com PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2 .: An infinite numb
Re: [gentoo-user] OpenVPN setup
On Tue, 2008-02-12 at 19:30 +0200, Alan McKinnon wrote: > On Tuesday 12 February 2008, Etaoin Shrdlu wrote: > > On Tuesday 12 February 2008, Alan McKinnon wrote: > > > Your statement "it seems like running SSH inside a VPN is better > > > for security than running SSH on a non-standard port" is > > > non-sensical. From a security and encryption perspective, ssh and > > > OpenVPN are exactly the same thing - stuff wrapped in an encryption > > > layer provided by ssl, complete with exactly the same key setup > > > should you choose to use that route. > > > > Perhaps confusingly, ssh itself can be used to create openVPN-like > > VPNs (actually, much simpler), using the -w option and a couple of > > tun (or tap) interfaces on the connected computers. > > hehehe, I'd forgetten about that one for a bit :-) > > I just thought of a nice way to describe the difference (seeing as > technically they are essentially equivalent): > > Use SSH if you need a quick ad-hoc connection or something temporary. > Use OpenVPN if you need something more permanent that is always prsent > and just works. > > -- > Alan McKinnon > alan dot mckinnon at gmail dot com > Another alternative not mentioned so far - zebedee. Its a port based tunnel - that is instead of creating a new network with all its fuss and bother, just create a local port (may be on another local machine) that "surfaces" on a distant machine/network. I used it for many years for email and protecting telnet servers before openvpn became of age and my needs expanded. Recommended. Again, ssh can do this as well, but zebedee is a lot more flexible/convenient. Create tunnels for ports 25, 143 and 631 and you have email and cups. e.g., I map port 2225 to port 25 and set my local mail client to send email to localhost:2225 and it magicly connects to my mail server at home. It can also be done at a user level - you dont need admin privileges so if you have user level access to a machine, you can run a tunnel on it unlike openvpn. It is also cross platform which is nice :) >From the mailing list, it seems there are quite a few enterprise users as its got a good reputation in its niche. BillK -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] eth0 = pcmcia + usb adapter
On Monday 11 February 2008, Simon Turner wrote: > Hi, > I'm having trouble installing gentoo on my old laptop... It says it > can't find the interface eth0. I believe it has to do with the fact I > have a pcmcia card with usb ports on which a usb2eth adapter is > plugged. > > On another system I use on that laptop, it usually tries to > recognize my net adapters first (doesn't find any), then recognizes > pcmcia cards which enables support for the usb adapter, then in my > rc.local I have to manually setup my ip address or tell to use dhcp. > > Hmmm, from inside the gentoo system, I found lsmod was empty (which > could be normal as I wanted everything compiled in the kernel) and > lspci was not found... > > I'm pretty confortable with everything exept these pcmcia cards... if > anybody could give me a hand! > > Thanks, Simon > > Below are extracts from my current system (slax6rc6, livelinux based > on slackware) # lspci -v will show you more detail. So, should lshw, when you install it. From the listed modules these seem to deal with your cardbus: yenta_socket 24076 3 rsrc_nonstatic 11776 1 yenta_socket pcmcia_core33684 4 3c589_cs,pcmcia,yenta_socket,rsrc_nonstatic pcmcia 32172 1 3c589_cs Build the relevant USB drivers for your machine into the kernel. HTH. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] OpenVPN setup
On Tue, 12 Feb 2008 19:42:44 +0200 Alan McKinnon <[EMAIL PROTECTED]> wrote: > > What about having ssh, imap, smtp, cups, and possibly a non-standard > > https port all hidden within a VPN? Should that be considered a > > benefit of running a VPN? One other thought about ssh+vpn, if you have VPN problems (for example, the server goes down or you can't route to the subnet (if, say, you were on a local subnet with the same address it gets hairy) you can still get in with SSH. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Which arch do I have ?
On Feb 12, 2008 8:06 AM, Benjamen R. Meyer <[EMAIL PROTECTED]> wrote: > Wael Nasreddine wrote: > > On Mon, Feb 11, 2008 at 10:31:30PM -0500, "Benjamen R. Meyer" <[EMAIL > > PROTECTED]> wrote: > > > >> As you have an Intel Core Duo, you should have the EMT64E version - > >> Intel's version of the AMD64 instruction set - thus x86-64 compatible. > > > >> Best place to check is Intel's website - here's what I found: > > > >> http://processorfinder.intel.com/details.aspx?sspec=sl9dv > >> http://developer.intel.com/design/mobile/core/duodocumentation.htm > > > >> With EMT64E, you will be able to compile for 64-bit mode using the > >> x86-64 builds. (You can only use Intel64 if you have the Itanium procs > >> if memory serves.) > > > >> However, unless you specifically install the x86-64/AMD64/64-bit > >> version, you will have a 32-bit x86 environment and kernel. You can > >> upgrade if you like...see other threads for that info. > > > >> HTH, > > > >> Ben > > > > Let's say this processor supports 64 bits, what whould I gain from > > migrating to x86_64 I mean would it be faster??? I've never > > owned/worked on a 64bit machine before so excuse my lack of knowledge > > :) > > The primary advantage is larger memory space, and more native use of the > entire processor. I'm running it b/c I want to be - not b/c I need the > memory space, I'm not pushing 4GB for Physical RAM which is primarily > what it is about. > > From my understanding, you won't gain much if any in speed. The > processor is still the same clock rate. 64-bit programs may (not sure, > someone verify?) be bigger as the opcodes are larger. > > You can run any of the following configs: > 1) pure 32-bit > 2) pure 64-bit > 3) mixed 32-64 bit (multi-lib) HI again, the T2250 is a Core Duo and not a Core 2 Duo. It only supports 32 bits instructions. http://download.intel.com/design/processor/manuals/253665.pdf page 55 regards, Boris. > > #3 will be the largest install as you have a lot of duplications since > you are hosting both a 32-bit and 64-bit environment. However, with #2 > you might not get a lot of programs since there are quite a few that > have not been fully ported to 64-bit modes. You're running #1 now. > > So not much is gained for now. > > Ben > > > >> Wael Nasreddine wrote: > >>> Hello, > > > >>> It's been like 6 months I'm using the arch i686, but today I saw on this > >>> page[1] something that confused me, saying that I have an x86_64 arch I > >>> have a > >>> Toshiba A135-S4427 with Intel dual core 1.73Ghz here's the output of > >>> /proc/cpuinfo > > > >>> CUT > >>> processor : 0 > >>> vendor_id : GenuineIntel > >>> cpu family : 6 > >>> model : 14 > >>> model name : Genuine Intel(R) CPU T2250 @ 1.73GHz > >>> stepping: 8 > >>> cpu MHz : 800.000 > >>> cache size : 2048 KB > >>> physical id : 0 > >>> siblings: 2 > >>> core id : 0 > >>> cpu cores : 2 > >>> fdiv_bug: no > >>> hlt_bug : no > >>> f00f_bug: no > >>> coma_bug: no > >>> fpu : yes > >>> fpu_exception : yes > >>> cpuid level : 10 > >>> wp : yes > >>> flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > >>> mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc > >>> arch_perfmon bts pni monitor est tm2 xtpr > >>> bogomips: 3460.63 > >>> clflush size: 64 > > > >>> processor : 1 > >>> vendor_id : GenuineIntel > >>> cpu family : 6 > >>> model : 14 > >>> model name : Genuine Intel(R) CPU T2250 @ 1.73GHz > >>> stepping: 8 > >>> cpu MHz : 800.000 > >>> cache size : 2048 KB > >>> physical id : 0 > >>> siblings: 2 > >>> core id : 1 > >>> cpu cores : 2 > >>> fdiv_bug: no > >>> hlt_bug : no > >>> f00f_bug: no > >>> coma_bug: no > >>> fpu : yes > >>> fpu_exception : yes > >>> cpuid level : 10 > >>> wp : yes > >>> flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > >>> mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc > >>> arch_perfmon bts pni monitor est tm2 xtpr > >>> bogomips: 3457.55 > >>> clflush size: 64 > >>> CUT > > > >>> So which arch do I really have?? > > > >>> [1]: > >>> http://docs.fedoraproject.org/install-guide/f8/en_US/sn-which-arch.html > > > > > -- > > gentoo-user@lists.gentoo.org mailing list > > -- $ ruby -e'puts " .:@BFegiklnorst".unpack("x4ax7aaX6ax5aX15ax4aax6aaX7ax2 \ aX5aX8axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4 \ ax3aX4aXaX12ax10aaX7a").join' -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: [OT again..] Technical networking question about changing GW
On Mon, 11 Feb 2008 21:23:15 -0600 [EMAIL PROTECTED] wrote: > Dan Farrell <[EMAIL PROTECTED]> writes: > > >> I wanted to try to gauge if there was much of a noticeable > >> difference with the two IP connections. And it would be handy to > >> just step through the links changine the GW intermittently. > > > > Yes, you can do that, but if you put a linux box between the > > gateways and the network you can use both at once. > > Thanks for the tips... > > I'm pretty sure I've done that before in a similar situation a couple > years ago. I don't recall exactly what I did now but I had only one > nic on the linux machine and ran two routers each with an Internet > connection. > > Seems like it was a matter of setting a static route to some internet > address through the second gateway, but I've forgotten if there was > more to it. > > The trick is getting stuff to use something besides the default route. > > Ping can be directed but not any applications like browsers that I > know of. > http://lartc.org/howto/lartc.rpdb.multiple-links.html -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: load too high
Miguel Peña Gomez linuxhelp.cl> writes: > atop 3 > filter by "p" ATOP - galiot 2008/02/12 14:49:183 seconds elapsed PRC | sys 0.01s | user 0.09s | #proc130 | #zombie0 | #exit ? | CPU | sys 1% | user 3% | irq 0% | idle197% | wait 0% | cpu | sys 0% | user 3% | irq 0% | idle 97% | cpu001 w 0% | cpu | sys 0% | user 0% | irq 0% | idle 99% | cpu000 w 0% | CPL | avg1 1.00 | avg51.01 | avg15 1.00 | csw 1639 | intr1100 | MEM | tot2.0G | free 824.6M | cache 395.2M | buff 219.5M | slab 182.9M | SWP | tot6.0G | free6.0G | | vmcom 477.2M | vmlim 7.0G | NPROCS SYSCPU USRCPU VSIZE RSIZE RDDSK WRDSK RNET SNET CPU CMD 1/1 1 0.00s 0.03s 489.2M 122.6M 0 000 1% X 1 0.00s 0.02s 614.7M 179.8M 0 000 1% seamonkey-bin 1 0.00s 0.02s 124.4M 18172K 0 000 1% konsole 1 0.01s 0.01s 20808K 3448K 0 000 1% atop 1 0.00s 0.01s 114.1M 10928K 0 000 0% klipper 1 0.00s 0.00s 0K 0K 0 000 0% khubd OK, I see X hosed at the top, like I stated earlier. I rebuilt xorg-server, just for grins but it makes no difference. Any ideas? James -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: load too high
Alan McKinnon gmail.com> writes: > > One of the workstations (amd64 2gig ram) has a load that never drops > > below 1.0, as seen by top. Looking at a ps nothing stands out. I did > > notice that 'X' is at the top of the list, even when the machine is > > quiescent (nobody doing anything). Suspiciaous. Clearly I have a run > > away or hidden process using resources. Although all my system run > > kde 3.5.8 only one shows this problem. > vmstat is your friend here. It's all in the man page, so use it and > narrow down the process that's blocking. Maybe you have a threading > race condition or similar. # vmstat procs ---memory-- ---swap-- -io -system-- cpu r b swpd free buff cache si sobibo in cs us sy id wa 0 0 0 847368 224736 403404002612 172 251 1 0 98 1 vmstat -s 2057808 total memory 1212156 used memory 611628 active memory 341672 inactive memory 845652 free memory 224784 buffer memory 404524 swap cache 6273340 total swap 0 used swap 6273340 free swap 20189 non-nice user cpu ticks 110 nice user cpu ticks 3748 system cpu ticks 268 idle cpu ticks 28905 IO-wait cpu ticks 588 IRQ cpu ticks 80 softirq cpu ticks 0 stolen cpu ticks 659529 pages paged in 289340 pages paged out 0 pages swapped in 0 pages swapped out 4307893 interrupts 6269353 CPU context switches 1202832933 boot time 7300 forks > Also look into a hardware difference between this machine and the > others, and differences in the kernel config and loaded modules. Nothing here, all is similar to other system. And historically, this system has not had this problem. I'm not certain when it started: $ w 14:39:25 up 3:23, 1 user, load average: 1.00, 1.00, 1.00 It looks more like corruption in the application binary to me. When have you ever seen a system at all three timing interval locked at 1.00 when a system is quiescent? What package is top part of? > If all this reveals nothing, then maybe you do have a suspicious > problem. In which case, post back real quick I do not suspect a 'hack' is involved, because if I pull the ethernet cable, it does not effect the load (still at 1.00). Jame -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Which arch do I have ?
Wael Nasreddine wrote: > On Mon, Feb 11, 2008 at 10:31:30PM -0500, "Benjamen R. Meyer" <[EMAIL > PROTECTED]> wrote: > >> As you have an Intel Core Duo, you should have the EMT64E version - >> Intel's version of the AMD64 instruction set - thus x86-64 compatible. > >> Best place to check is Intel's website - here's what I found: > >> http://processorfinder.intel.com/details.aspx?sspec=sl9dv >> http://developer.intel.com/design/mobile/core/duodocumentation.htm > >> With EMT64E, you will be able to compile for 64-bit mode using the >> x86-64 builds. (You can only use Intel64 if you have the Itanium procs >> if memory serves.) > >> However, unless you specifically install the x86-64/AMD64/64-bit >> version, you will have a 32-bit x86 environment and kernel. You can >> upgrade if you like...see other threads for that info. > >> HTH, > >> Ben > > Let's say this processor supports 64 bits, what whould I gain from > migrating to x86_64 I mean would it be faster??? I've never > owned/worked on a 64bit machine before so excuse my lack of knowledge > :) The primary advantage is larger memory space, and more native use of the entire processor. I'm running it b/c I want to be - not b/c I need the memory space, I'm not pushing 4GB for Physical RAM which is primarily what it is about. >From my understanding, you won't gain much if any in speed. The processor is still the same clock rate. 64-bit programs may (not sure, someone verify?) be bigger as the opcodes are larger. You can run any of the following configs: 1) pure 32-bit 2) pure 64-bit 3) mixed 32-64 bit (multi-lib) #3 will be the largest install as you have a lot of duplications since you are hosting both a 32-bit and 64-bit environment. However, with #2 you might not get a lot of programs since there are quite a few that have not been fully ported to 64-bit modes. You're running #1 now. So not much is gained for now. Ben >> Wael Nasreddine wrote: >>> Hello, > >>> It's been like 6 months I'm using the arch i686, but today I saw on this >>> page[1] something that confused me, saying that I have an x86_64 arch I >>> have a >>> Toshiba A135-S4427 with Intel dual core 1.73Ghz here's the output of >>> /proc/cpuinfo > >>> CUT >>> processor : 0 >>> vendor_id : GenuineIntel >>> cpu family : 6 >>> model : 14 >>> model name : Genuine Intel(R) CPU T2250 @ 1.73GHz >>> stepping: 8 >>> cpu MHz : 800.000 >>> cache size : 2048 KB >>> physical id : 0 >>> siblings: 2 >>> core id : 0 >>> cpu cores : 2 >>> fdiv_bug: no >>> hlt_bug : no >>> f00f_bug: no >>> coma_bug: no >>> fpu : yes >>> fpu_exception : yes >>> cpuid level : 10 >>> wp : yes >>> flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca >>> cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc >>> arch_perfmon bts pni monitor est tm2 xtpr >>> bogomips: 3460.63 >>> clflush size: 64 > >>> processor : 1 >>> vendor_id : GenuineIntel >>> cpu family : 6 >>> model : 14 >>> model name : Genuine Intel(R) CPU T2250 @ 1.73GHz >>> stepping: 8 >>> cpu MHz : 800.000 >>> cache size : 2048 KB >>> physical id : 0 >>> siblings: 2 >>> core id : 1 >>> cpu cores : 2 >>> fdiv_bug: no >>> hlt_bug : no >>> f00f_bug: no >>> coma_bug: no >>> fpu : yes >>> fpu_exception : yes >>> cpuid level : 10 >>> wp : yes >>> flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca >>> cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc >>> arch_perfmon bts pni monitor est tm2 xtpr >>> bogomips: 3457.55 >>> clflush size: 64 >>> CUT > >>> So which arch do I really have?? > >>> [1]: http://docs.fedoraproject.org/install-guide/f8/en_US/sn-which-arch.html > -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [query] kernel-2.6.24 + ndiswrapper
Hi, Some updates. with the help of following links, http://gentoo-wiki.com/HARDWARE_BCM43xx http://ubuntuforums.org/showthread.php?t=647273&highlight=b43 http://ubuntuforums.org/showthread.php?t=649038 http://linuxwireless.org/en/users/Drivers/b43?action=show&redirect=en%2Fusers%2FDrivers%2Fbcm43xx I have successfully built and load b43 driver. Now I can see the "wlan0" interface. - flukebox home # lsmod |grep b43 b43 130276 0 input_polldev 5784 1 b43 ouput of iwconfig is below. flukebox home # iwconfig wlan0 IEEE 802.11g ESSID:"iitk" Mode:Managed Frequency:2.442 GHz Access Point: 00:11:95:D8:E3:33 Tx-Power=off Retry min limit:7 RTS thr:off Fragment thr=2346 B Encryption key:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 -- But still I am able to transmit any message. There is some error while transmission. flukebox home # dmesg|grep ERROR [ 2420.327210] b43-phy0 ERROR: PHY transmission error [ 2420.327622] b43-phy0 ERROR: PHY transmission error [ 2420.327686] b43-phy0 ERROR: PHY transmission error [ 2420.527136] b43-phy0 ERROR: PHY transmission error [ 2420.527201] b43-phy0 ERROR: PHY transmission error [ 2420.721574] b43-phy0 ERROR: PHY transmission error [ 2420.721649] b43-phy0 ERROR: PHY transmission error [ 2425.936058] b43-phy0 ERROR: PHY transmission error [ 2425.936137] b43-phy0 ERROR: PHY transmission error [ 2426.001384] b43-phy0 ERROR: PHY transmission error [ 2429.932210] b43-phy0 ERROR: PHY transmission error [ 2433.852553] b43-phy0 ERROR: PHY transmission error [ 2433.910519] b43-phy0 ERROR: PHY transmission error [ 2437.927955] b43-phy0 ERROR: PHY transmission error [ 2441.883687] b43-phy0 ERROR: PHY transmission error [ 2445.890988] b43-phy0 ERROR: PHY transmission error - but I am still getting WEXT errors. - * Starting wpa_supplicant on wlan0 ... ioctl[SIOCSIWAUTH]: Operation not supported WEXT auth param 4 value 0x0 - ioctl[SIOCSIWAUTH]: Operation not supported [ ok ] th param 5 value 0x1 - * Starting wpa_cli on wlan0 ... [ ok ] * Backgrounding ... Please help. Thanks , flukebox On Feb 12, 2008 10:38 PM, dell core2duo <[EMAIL PROTECTED]> wrote: > Hi, > I complied the kernel buitin broadcom drivers. So now, I have a > interface named "wlan0_rename". > But things are still not working for me. > > > > flukebox flukebox # iwconfig > lono wireless extensions. > > eth0 no wireless extensions. > > sit0 no wireless extensions. > > ip6tnl0 no wireless extensions. > > eth1 no wireless extensions. > > wlan0_rename IEEE 802.11g ESSID:"" > Mode:Managed Channel:0 Access Point: Not-Associated > Tx-Power=0 dBm > Retry min limit:7 RTS thr:off Fragment thr=2346 B > Encryption key:off > Link Quality:0 Signal level:0 Noise level:0 > Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 > Tx excessive retries:0 Invalid misc:0 Missed beacon:0 > > flukebox flukebox # /etc/init.d/net.wlan0_rename start > * Starting wlan0_rename > * /etc/conf.d/wireless is deprecated > * Please put all settings in /etc/conf.d/net > * /etc/conf.d/wireless is deprecated > * Please put all settings in /etc/conf.d/net > * Starting wpa_supplicant on wlan0_rename ... > ioctl[SIOCSIWAUTH]: Operation not supported > WEXT auth param 4 value 0x0 - ioctl[SIOCSIWAUTH]: Operation not > supported [ > ok ]th param 5 value 0x1 - > * Starting wpa_cli on wlan0_rename > ... > [ ok ] > * Backgrounding ... > > > > > I guess "param 4 value 0x0 - ioctl[SIOCSIWAUTH]: Operation not supported > " this has something to do with wpa_suplicant. > can somebody help me out here ?? > Also, is there any way to change my interface name wlan0_rename to wlan0 > or eth1 ?? > > > TIA, > flukebox > > > > > > > > > On Feb 10, 2008 3:17 AM, Dan Farrell <[EMAIL PROTECTED]> wrote: > > > On Sat, 9 Feb 2008 13:28:39 +0100 > > Etaoin Shrdlu <[EMAIL PROTECTED]> wrote: > > > > > > BTW, > > > > I am more interested to get thi
Re: [gentoo-user] OpenVPN setup
On Tuesday 12 February 2008, Grant wrote: > I need temporary, but automated. Can an ssh tunnel be set up in an > automated way? Sure. Can you write bash scripts? Can you read man pages? Just work out what command invocations do what you require and stick them in a script. Cron the script if that suits your needs -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
On Tuesday 12 February 2008, Grant wrote: > > Use SSH if you need a quick ad-hoc connection or something > > temporary. Use OpenVPN if you need something more permanent that is > > always prsent and just works. > > I need temporary, but automated. Can an ssh tunnel be set up in an > automated way? Of course, especially if you set up public key authentication. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
On Tuesday 12 February 2008, Alan McKinnon wrote: > > Perhaps confusingly, ssh itself can be used to create openVPN-like > > VPNs (actually, much simpler), using the -w option and a couple of > > tun (or tap) interfaces on the connected computers. > > hehehe, I'd forgetten about that one for a bit :-) > > I just thought of a nice way to describe the difference (seeing as > technically they are essentially equivalent): Well, almost. Ssh uses TCP, so a ssh-based VPN might encounter problems due to the notorious TCP-over-TCP issue (though I never had a problem, but I have a fast connection, so I might just be lucky), whereas OpenVPN uses UDP (by default at least) and thus must implement its own protocol for reliability and recovery. Both solutions introduce a certain amount of overhead, although I could not say which one is larger (perhaps OpenVPN?). (Well, actually every kind of VPN introduces some overhead, but that's another story.) From the point of view of the way virtual (tun/tap) interfaces are used, they are mostly the same, with OpenVPN designed to scale better when many connections are needed. Some considerations apply to both, for example that using bridged mode might rapidly produce a lot of traffic on the link if more than few machines are connected (especially if they are windows machines), so it should be avoided for large setups. > Use SSH if you need a quick ad-hoc connection or something temporary. > Use OpenVPN if you need something more permanent that is always prsent > and just works. 100% agree :-) -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: No ping man page
On Tuesday 12 February 2008, [EMAIL PROTECTED] wrote: > Yup, it does seem way over the top. Surely though there is some > rhyme to the reason. Man pages are such a large part of the very > essence of unix. It seems a serious shame that a user is better off > googling for `linux man ping' than the long standing `man ping'. In the interest of benefiting the entire gentoo community, reducing frustration levels and helping fellow gentoo users from having to download 8M of stuff to get the ping man page restored to it's rightful place of honour, I hereby humbly offer the following miniscule attachment - the ping man page nicked off a conveniently located Ubuntu machine. At a mere 5539 bytes it's size is negligible compared to the bandwidth that will be otherwise consumed. Save attachment as /usr/local/share/man/man8/ping.8.gz then chown root:root /usr/local/share/man/man8/ping.8.gz chmod 0644 /usr/local/share/man/man8/ping.8.gz To round off the package I can supply suitable man pages for arping and tracepath as well at the grand size of 1481 and 1785 bytes respectively :-) -- Alan McKinnon alan dot mckinnon at gmail dot com ping.8.gz Description: GNU Zip compressed data
Re: [gentoo-user] Which arch do I have ?
On Tuesday 12 February 2008, Wael Nasreddine wrote: > This One Time, at Band Camp, Alan McKinnon <[EMAIL PROTECTED]> said, On Tue, Feb 12, 2008 at 03:05:20PM +0200: > > On Tuesday 12 February 2008, Wael Nasreddine wrote: > > The x86_64 name is used by Red Hat and other distros. There are all > > the same thing really, but using the wrong name in the wrong > > context clouds the issues and leads to vast side-threads asking > > question that have no answers and that accomplish nothing. > > I'm sorry but I'm just used to call it this way, most of distros I > have tried in the past call it this way, anyway I'll try to memorize > it. Cool. Nothing worse than composing a decent post, only to then have to explain that you weren't using THIS definition but rather THAT one. It's an easy enough error to make (do it myself too) so no worries > > So, the only good reason to move to amd64 is when you buy a 64 bit > > machine > > I have 1G RAM and it's a laptop doesn't serve huge databases so I > guess despite if my CPU is 64 or 32 bits, I'll just stick with the 32 > version, works great... Agreed. You have no obvious benefits from a 64 bit arch. You also get to not have to struggle with flash wondering if it will work this time or not ;-) -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
On Tuesday 12 February 2008, Grant wrote: > > Even if you just want to encrypt some clear-text protocol that > > doesn't have an encrypted equivalent, a vpn is still overkill. For > > that you use ssh tunneling (which is essentially the same thing as > > an encrypted version of a protocol). 'ssh -X' is the classic > > example of easily tunneling a protocol that doesn't have a native > > encrypted equivalent. > > I see what you're saying. Can tunneling through ssh be made > automatic so that a cron job initiates a script that opens a tunnel > between the remote server and local print server and pages are > printed through the tunnel? Sure. ssh is just a process after all and in principle encapsulated whatever gets put into it. All you need is a connection that isn't firewalled out and an sshd that is listening to what is coming in. ssh will even port forward for you and can be made to transform any tcp connection to appear to come from whatever port you want. What you put inside the tunnel is up to you. If the print server won't accept what is coming in, then google will find you any number of apps that will mangle the traffic. > > Your statement "it seems like running SSH inside a VPN is better > > for security than running SSH on a non-standard port" is > > non-sensical. From a security and encryption perspective, ssh and > > OpenVPN are exactly the same thing - stuff wrapped in an encryption > > layer provided by ssl, complete with exactly the same key setup > > should you choose to use that route. > > What about having ssh, imap, smtp, cups, and possibly a non-standard > https port all hidden within a VPN? Should that be considered a > benefit of running a VPN? I've filed the original post somewhere else and forgot the scenario :-) Is this a setup you need to be present often or even all the time? If so, you have 5 protocols in use, and setting up tunnels could become cumbersome. You might consider that it's more effort than it's worth and a VPN that is there and JustWorks(tm) is preferable. I would call that a sensible use of a VPN :-) I don't think there's a golden rule about when using a VPN is right or wrong. It's more like "do the advantages outweigh the hassle of setting it up and maintaining it?". Sometimes this answer is obvious, sometimes less so. Sometimes it's a judgement call. Side note: I'm starting to consider that even the most whacky, bizarre and stupid use of OpenVPN is preferable to the heartache and pain involved with trying to get IPSec working as designed -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
> > > Your statement "it seems like running SSH inside a VPN is better > > > for security than running SSH on a non-standard port" is > > > non-sensical. From a security and encryption perspective, ssh and > > > OpenVPN are exactly the same thing - stuff wrapped in an encryption > > > layer provided by ssl, complete with exactly the same key setup > > > should you choose to use that route. > > > > Perhaps confusingly, ssh itself can be used to create openVPN-like > > VPNs (actually, much simpler), using the -w option and a couple of > > tun (or tap) interfaces on the connected computers. > > hehehe, I'd forgetten about that one for a bit :-) > > I just thought of a nice way to describe the difference (seeing as > technically they are essentially equivalent): > > Use SSH if you need a quick ad-hoc connection or something temporary. > Use OpenVPN if you need something more permanent that is always prsent > and just works. I need temporary, but automated. Can an ssh tunnel be set up in an automated way? - Grant -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: No ping man page
Alan McKinnon <[EMAIL PROTECTED]> writes: > Code like this makes me want to vomit. The > OS-that-shall-not-be-named pulls stunts like this, I really think FLOSS > stuff should be better. > > So, I have to emerge an entire sgml kit to generate a man page. Wow. > Especially since last time I looked, man pages were not in sgml format > or even any format that vaguely resembles mark-up > > To the upstream iputils dev: > > "Dude, wtf were you thinking?" Yup, it does seem way over the top. Surely though there is some rhyme to the reason. Man pages are such a large part of the very essence of unix. It seems a serious shame that a user is better off googling for `linux man ping' than the long standing `man ping'. The more so since someone needing the man page for ping is somewhat more likely to be having network troubles than the average bear, and may not be able to google. I took Alans' comment as at root, friendly, and maybe the devs if any read it will too. But please any developer who can ... explain what is the reasoning here. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
On Tuesday 12 February 2008, Etaoin Shrdlu wrote: > On Tuesday 12 February 2008, Alan McKinnon wrote: > > Your statement "it seems like running SSH inside a VPN is better > > for security than running SSH on a non-standard port" is > > non-sensical. From a security and encryption perspective, ssh and > > OpenVPN are exactly the same thing - stuff wrapped in an encryption > > layer provided by ssl, complete with exactly the same key setup > > should you choose to use that route. > > Perhaps confusingly, ssh itself can be used to create openVPN-like > VPNs (actually, much simpler), using the -w option and a couple of > tun (or tap) interfaces on the connected computers. hehehe, I'd forgetten about that one for a bit :-) I just thought of a nice way to describe the difference (seeing as technically they are essentially equivalent): Use SSH if you need a quick ad-hoc connection or something temporary. Use OpenVPN if you need something more permanent that is always prsent and just works. -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Error in network commands in root mode
dell core2duo wrote: > No, its not due to proxy. > See the output below. > -- > flukebox driver # wget yahoo.com > --2008-02-12 22:30:56-- http://yahoo.com/ > Resolving relproxy.iitk.ac.in... 172.31.1.233 > Connecting to relproxy.iitk.ac.in|172.31.1.233|:3128... Connection Refused: > Forbidden > failed: Connection refused. > flukebox driver # exit > exit > [EMAIL PROTECTED] ~ $ wget yahoo.com > --2008-02-12 22:31:04-- http://yahoo.com/ > Resolving relproxy.iitk.ac.in... 172.31.1.233 > Connecting to relproxy.iitk.ac.in|172.31.1.233|:3128... connected. OK, if it's not the proxy refusing the connection but something on your local machine, I'm not sure what causes it. Some selinux policy maybe? Or an iptables rule with an owner match on uid 0? Regards mks -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [query] kernel-2.6.24 + ndiswrapper
Hi, I complied the kernel buitin broadcom drivers. So now, I have a interface named "wlan0_rename". But things are still not working for me. flukebox flukebox # iwconfig lono wireless extensions. eth0 no wireless extensions. sit0 no wireless extensions. ip6tnl0 no wireless extensions. eth1 no wireless extensions. wlan0_rename IEEE 802.11g ESSID:"" Mode:Managed Channel:0 Access Point: Not-Associated Tx-Power=0 dBm Retry min limit:7 RTS thr:off Fragment thr=2346 B Encryption key:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 flukebox flukebox # /etc/init.d/net.wlan0_rename start * Starting wlan0_rename * /etc/conf.d/wireless is deprecated * Please put all settings in /etc/conf.d/net * /etc/conf.d/wireless is deprecated * Please put all settings in /etc/conf.d/net * Starting wpa_supplicant on wlan0_rename ... ioctl[SIOCSIWAUTH]: Operation not supported WEXT auth param 4 value 0x0 - ioctl[SIOCSIWAUTH]: Operation not supported [ ok ]th param 5 value 0x1 - * Starting wpa_cli on wlan0_rename ... [ ok ] * Backgrounding ... I guess "param 4 value 0x0 - ioctl[SIOCSIWAUTH]: Operation not supported " this has something to do with wpa_suplicant. can somebody help me out here ?? Also, is there any way to change my interface name wlan0_rename to wlan0 or eth1 ?? TIA, flukebox On Feb 10, 2008 3:17 AM, Dan Farrell <[EMAIL PROTECTED]> wrote: > On Sat, 9 Feb 2008 13:28:39 +0100 > Etaoin Shrdlu <[EMAIL PROTECTED]> wrote: > > > > BTW, > > > I am more interested to get things working. Quality would be my > > > second priority. > > > > As I said before, I did not have any problem (unfortunately, I cannot > > access the hardware now and check the bandwidth issue). > > I have not yet gotten the new driver to work, though admittedly I > didn't have much time to try and so went for ndiswrapper pretty > quickly. > > has anyone had luck with this driver recently? > -- > gentoo-user@lists.gentoo.org mailing list > >
Re: [gentoo-user] No ping man page
On Tuesday 12 February 2008, Etaoin Shrdlu wrote: > Short answer: according to Changelog, use USE=doc for iputils until > next version of iputils comes out (but be prepared to pull in *lots* > of stuff meanwhile). > > Somewhat longer answer: read > > http://bugs.gentoo.org/show_bug.cgi?id=158660 > > Essentially, building man pages for iputils requires openjade + > various docbook/sgml/xml tools. Code like this makes me want to vomit. The OS-that-shall-not-be-named pulls stunts like this, I really think FLOSS stuff should be better. So, I have to emerge an entire sgml kit to generate a man page. Wow. Especially since last time I looked, man pages were not in sgml format or even any format that vaguely resembles mark-up To the upstream iputils dev: "Dude, wtf were you thinking?" -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Error in network commands in root mode
Hi, No, its not due to proxy. See the output below. -- flukebox driver # wget yahoo.com --2008-02-12 22:30:56-- http://yahoo.com/ Resolving relproxy.iitk.ac.in... 172.31.1.233 Connecting to relproxy.iitk.ac.in|172.31.1.233|:3128... Connection Refused: Forbidden failed: Connection refused. flukebox driver # exit exit [EMAIL PROTECTED] ~ $ wget yahoo.com --2008-02-12 22:31:04-- http://yahoo.com/ Resolving relproxy.iitk.ac.in... 172.31.1.233 Connecting to relproxy.iitk.ac.in|172.31.1.233|:3128... connected. Proxy request sent, awaiting response... 301 Moved Permanently Location: http://www.yahoo.com/ [following] --2008-02-12 22:31:05-- http://www.yahoo.com/ Connecting to relproxy.iitk.ac.in|172.31.1.233|:3128... connected. Proxy request sent, awaiting response... 200 OK Length: 9533 (9.3K) [text/html] Saving to: `index.html' 100%[=>] 9,533 45.6K/s in 0.2s 2008-02-12 22:31:07 (45.6 KB/s) - `index.html' saved [9533/9533] [EMAIL PROTECTED] ~ $ --- On Feb 12, 2008 9:11 PM, Markus Schönhaber <[EMAIL PROTECTED]> wrote: > dell core2duo schrieb: > > > Whenever I am trying to do ssh/telnet/emerge --sync in root mode it > gives > > me error saying "Connection Refused: Forbidden". while same works fine > in > > user mode. > > Below are some examples . > [...] > > flukebox flukebox # wget yahoo.com > > --2008-02-12 19:50:15-- http://yahoo.com/ > Compare this ^ > > Resolving relproxy.iitk.ac.in... 172.31.1.233 > > Connecting to relproxy.iitk.ac.in|172.31.1.233|:3128... Connection > Refused: > and that^^^ > > Forbidden > > failed: Connection refused. > > With your root account, you're obviously using a proxy that refuses the > request. > Since similar things happen when you use telnet/ssh you're maybe using > socksified versions of those commands. > > Check your proxy and socks settings. > > Regards > mks > -- > gentoo-user@lists.gentoo.org mailing list > >
Re: [gentoo-user] No ping man page
On Tuesday 12 February 2008, [EMAIL PROTECTED] wrote: > Anyone else noticed there is no man page for ping? I know I've looked > up things in man ping in the past, maybe quite far in the past and > possibly even on a different distribution, but still I thought maybe > my man page setup was borked but looking at: > equery files net-misc/iputils (which contains ping) > > I see no man pages mentioned in the output. Short answer: according to Changelog, use USE=doc for iputils until next version of iputils comes out (but be prepared to pull in *lots* of stuff meanwhile). Somewhat longer answer: read http://bugs.gentoo.org/show_bug.cgi?id=158660 Essentially, building man pages for iputils requires openjade + various docbook/sgml/xml tools. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] No ping man page
On Tue, Feb 12, 2008 at 11:12:47AM -0500, Andrey Falko wrote: > On Feb 12, 2008 11:06 AM, <[EMAIL PROTECTED]> wrote: > > Anyone else noticed there is no man page for ping? I know I've looked I have a ping manpage. > There is a -doc use flag, which if problably disabled by default. > USE="doc" emerge -1 iputils this way you'll almost certainly get > the man page. Possibly: [11:21 AM]wwong man8 $ equery belongs ping.8.bz2 [ Searching for file(s) ping.8.bz2 in *... ] net-misc/iputils-20070202 (/usr/share/man/man8/ping.8.bz2) [11:21 AM]wwong man8 $ equery uses iputils [ Searching for packages matching iputils... ] [ Colour Code : set unset ] [ Legend : Left column (U) - USE flags from make.conf ] [: Right column (I) - USE flags packages was installed with ] [ Found these USE variables for net-misc/iputils-20070202 ] U I + + doc: Adds extra documentation (API, Javadoc, etc) - - ipv6 : Adds support for IP version 6 - - static : !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically And, looking at the ebuild, if use doc && type -p docbook2html ; then emake -j1 html man || die fi So, yeah. W -- Willie W. Wong [EMAIL PROTECTED] 408 Fine Hall, Department of Mathematics, Princeton University, Princeton A mathematician's reputation rests on the number of bad proofs he has given. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Which arch do I have ?
This One Time, at Band Camp, Alan McKinnon <[EMAIL PROTECTED]> said, On Tue, Feb 12, 2008 at 03:05:20PM +0200: > On Tuesday 12 February 2008, Wael Nasreddine wrote: > > Let's say this processor supports 64 bits, what whould I gain from > > migrating to x86_64 I mean would it be faster??? I've never > > owned/worked on a 64bit machine before so excuse my lack of knowledge > > :) > Please stop using the x86_64 nomenclature with respect to gentoo. Gentoo > does not define this arch and has no such name - all 64 bit extended > arches compatible with x86 are called amd64 on gentoo. > The x86_64 name is used by Red Hat and other distros. There are all the > same thing really, but using the wrong name in the wrong context clouds > the issues and leads to vast side-threads asking question that have no > answers and that accomplish nothing. I'm sorry but I'm just used to call it this way, most of distros I have tried in the past call it this way, anyway I'll try to memorize it. > You will not notice a speed increase with a 64 bit processor. You might > be able to measure one but it won't really feel any different in real > life. What you will notice are: > 1. The annoyance of having to put up with 32 bit apps with no 64 bit > equivalent > 2. Apps can now see more than 3.1GB of memory per app, and can see it > linearly. If you run a massive database this will be important to you. > If you don't, you won't. Do you have more than 4G of RAM? > So, the only good reason to move to amd64 is when you buy a 64 bit > machine I have 1G RAM and it's a laptop doesn't serve huge databases so I guess despite if my CPU is 64 or 32 bits, I'll just stick with the 32 version, works great... -- Wael Nasreddine http://wael.nasreddine.com PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2 .: An infinite number of monkeys typing into GNU emacs, would never make a good program. (L. Torvalds 1995) :. pgpuiwmSe5VUu.pgp Description: PGP signature
Re: [gentoo-user] No ping man page
On Feb 12, 2008 11:06 AM, <[EMAIL PROTECTED]> wrote: > Anyone else noticed there is no man page for ping? I know I've looked > up things in man ping in the past, maybe quite far in the past and > possibly even on a different distribution, but still I thought maybe > my man page setup was borked but looking at: > equery files net-misc/iputils (which contains ping) > > I see no man pages mentioned in the output. > > There is a -doc use flag, which if problably disabled by default. USE="doc" emerge -1 iputils this way you'll almost certainly get the man page. > > -- > gentoo-user@lists.gentoo.org mailing list > > -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] No ping man page
Anyone else noticed there is no man page for ping? I know I've looked up things in man ping in the past, maybe quite far in the past and possibly even on a different distribution, but still I thought maybe my man page setup was borked but looking at: equery files net-misc/iputils (which contains ping) I see no man pages mentioned in the output. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fake IMAP -> Real IMAP
> > I still can't send mail though, with or without > > authentication. I get this when port scanning with nmap: > > > > 25/tcp filtered smtp > > > > Does that mean my host is blocking the smtp port? > It's possible. Or, perhaps you're behind a firewall without > that port open? > >>> My local network firewall here? All outgoing connections on > >>> this firewall are accepted. > >>> > Many ISPs do block 25. send me an IP if you want me to map > from here. Otherwise, I'm sure if it looks closed, and you > have it open on your end, it's got to be an ISP blockage. > >>> When I nmap my remote server I get these filtered results: > >>> > >>> 25/tcp filtered smtp 130/tcp filtered cisco-fna 131/tcp > >>> filtered cisco-tna 132/tcp filtered cisco-sys 133/tcp > >>> filtered statsrv 134/tcp filtered ingres-net 135/tcp filtered > >>> msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns > >>> 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn > >>> 445/tcp filtered microsoft-ds 3128/tcp filtered squid-http > >>> /tcp filtered krb524 6881/tcp filtered bittorent-tracker > >>> 6969/tcp filtered acmsoda > >>> > >>> So that all must be filtered by my ISP (Cox)? > > > > > I'm thinking I may not have explained this properly. My local ISP > > is Cox and I get the above list of filtered ports when port > > scanning my remote machine which is hosted halfway across the > > country. Cox can't prevent me from scanning the SMTP port on my > > remote machine right? My host must be filtering the ports? > > > > - Grant > Can you please ssh to your box and run an nmap from your box > (locally)? This will answer if smtp and imap are running and if they > are being filtered by your isp. I'm not sure if someone mentioned > before but imap might not be configured to listen on anything besides > 127.0.0.1. I wouldn't be surprised if Cox filters 25, but nmapping > locally will shed some light on it. I did this and nmap reports smtp is open and no ports are filtered. So those filtered ports are all Cox-filtered I guess. - Grant > Thanks! > Eric -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Error in network commands in root mode
dell core2duo schrieb: > Whenever I am trying to do ssh/telnet/emerge --sync in root mode it gives > me error saying "Connection Refused: Forbidden". while same works fine in > user mode. > Below are some examples . [...] > flukebox flukebox # wget yahoo.com > --2008-02-12 19:50:15-- http://yahoo.com/ Compare this ^ > Resolving relproxy.iitk.ac.in... 172.31.1.233 > Connecting to relproxy.iitk.ac.in|172.31.1.233|:3128... Connection Refused: and that^^^ > Forbidden > failed: Connection refused. With your root account, you're obviously using a proxy that refuses the request. Since similar things happen when you use telnet/ssh you're maybe using socksified versions of those commands. Check your proxy and socks settings. Regards mks -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Error in network commands in root mode
Hi, Whenever I am trying to do ssh/telnet/emerge --sync in root mode it gives me error saying "Connection Refused: Forbidden". while same works fine in user mode. Below are some examples . -- -- flukebox flukebox # ssh csews53 Connection Refused: Forbidden ssh: connect to host csews53 port 22: Connection refused flukebox flukebox # wget yahoo.com --2008-02-12 19:50:15-- http://yahoo.com/ Resolving relproxy.iitk.ac.in... 172.31.1.233 Connecting to relproxy.iitk.ac.in|172.31.1.233|:3128... Connection Refused: Forbidden failed: Connection refused. flukebox flukebox # telnet apah Trying 172.31.1.33... Connection Refused: Forbidden telnet: Unable to connect to remote host: Connection refused flukebox flukebox # flukebox flukebox # emerge --sync >>> Starting rsync with rsync://172.31.76.254/gentoo-portage... >>> Checking server timestamp ... Connection Refused: Forbidden rsync: failed to connect to 172.31.76.254: Connection refused (111) rsync error: error in socket IO (code 10) at clientserver.c(113) [receiver= 3.0.0pre8] >>> Retrying... - More interestingly, when i do "emerge -af something" then packet is being fetched without any problem may be because that work is done by portage user. This error may have something to do with permissions, I guess. But i have no clue where is the error. Any help would be appreciated. Thanks in advance, Flukebox
Re: [gentoo-user] OpenVPN setup
> > > I don't think you need a VPN to SSH from your laptop to the remote > > > server -- SSH is already encrypted. > > > > For sure, but it seems like running SSH inside a VPN is better for > > security than running SSH on a non-standard port or even port > > knocking. If I need to set up a VPN for printing, shouldn't I use it > > for other stuff too? Maybe not, I have yet to actually use a VPN so > > please correct me if I'm wrong. > > The name tells you everything you need to know. > > vpn is Virtual Private *Network*. If you would normally have a dedicated > line between this place and that place to form a network, but this is > too expensive so you use the internet instead, then you use a vpn. Why? > Because the internet is a public pathway and you don't want your stuff > out in the open. > > If you want a client machine somewhere to connect to a server machine > somewhere else, then this is normal internet connectivity and vpn is > the wrong thing. If you want the client machine to be part of the same > network the server is on so that lots of stuff works the way it does in > the office itself, then vpn is the correct thing. > > Even if you just want to encrypt some clear-text protocol that doesn't > have an encrypted equivalent, a vpn is still overkill. For that you use > ssh tunneling (which is essentially the same thing as an encrypted > version of a protocol). 'ssh -X' is the classic example of easily > tunneling a protocol that doesn't have a native encrypted equivalent. I see what you're saying. Can tunneling through ssh be made automatic so that a cron job initiates a script that opens a tunnel between the remote server and local print server and pages are printed through the tunnel? > Your statement "it seems like running SSH inside a VPN is better for > security than running SSH on a non-standard port" is non-sensical. From > a security and encryption perspective, ssh and OpenVPN are exactly the > same thing - stuff wrapped in an encryption layer provided by ssl, > complete with exactly the same key setup should you choose to use that > route. What about having ssh, imap, smtp, cups, and possibly a non-standard https port all hidden within a VPN? Should that be considered a benefit of running a VPN? - Grant -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] layman -L does not show ecatmur, but I can layman -a ecatmur.
On Tue, Feb 12, 2008 at 05:37:16PM +0800, Penguin Lover Mark David Dumlao squawked: > TOTALLY WEIRD. I do a layman -L on my machine and strangely enough, ecatmur > isn't listed. I think I've used it beore on layman though, so I look up the > overlays listing on the gentoo overlays list, here: > http://www.gentoo.org/proj/en/overlays/layman-global.txt > > Sure enough, ecatmur is present. So I just blindly go layman -a ecatmur and > he gets added. Did you run layman --fetch to update the overlays? W -- The true significance of Sacajawea's involvement in the Lewis and Clark expedition: It was the first documented trip in history where men asked a woman for directions and followed them, allowing them to arrive at their destination. Sortir en Pantoufles: up 431 days, 13:22 -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fake IMAP -> Real IMAP
On Mon, Feb 11, 2008 at 07:18:50PM -0600, Penguin Lover Dan Farrell squawked: > > I've been waiting and waiting and waiting forever for DSL to come to > > my neighborhood just so that I can switch to a decent provider and rid > > myself of this nonsense. > > Don't assume DSL will be better. They often block ports too (as you > said, it's well within their service agreement to do so, but I still > think it sucks). With DSL, I am more likely to have a choice... (last time I checked [about 2 years ago], Speakeasy has no port blocks and actually encourage you running your own server on the provided static IP. I don't know whether it is still the case.) Verizon is no better than Cable in this regards, but it will be cheaper (and since the most important internet application that I use is ssh, I doubt 368K vs. 1m is a big difference anyway). W -- Marten: Goddamnit Pintsize I'm trying to have a moment here! Pintsize: Well I'm trying to have one with this cake mix! Sortir en Pantoufles: up 431 days, 13:14 -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Switching to hardened
On Mon, Feb 11, 2008 at 11:24:49PM +0100, Penguin Lover Alex Schuster squawked: > I emerged -e again, this time without distcc and ccache. All compiled fine, > except for media-video/mplayer-1.0_rc2_p24929-r1 (vf_decimate.c:26: error: > can't find a register in class `BREG' while reloading `asm') and http://bugs.gentoo.org/show_bug.cgi?id=175627 Like you found below, it can be avoided using vanilla GCC. That is why I still only have mplayer-1.0_rc1-r2, that one compiled okay. > I then decided to harden my desktop PC, too. I want to get some experience > with the hardened setup, and I want that machine to be able to act as a > distcc server for another hardened machine which will be set up soon. > x11-misc/xscreensaver-5.04: > lockward.c:59: error: syntax error before "uint8_t" Not a problem with hardened. http://bugs.gentoo.org/show_bug.cgi?id=208731 Meanwhile, downgrade to 5.03, that one works. > But most annoying is that the nvidia drivers do not seem to work. First, what card and which drivers? I have an old card that is not supported by drivers >= 1.0.9700, so ... scratch that, I didn't notice that the versioning scheme changed. http://www.gentoo.org/doc/en/nvidia-guide.xml > they refused to compile telling me that this would do more harm than good > with a hardened setup. I put them into packages.unmask, now they compile > and the nvidia module loads, but still X has no GLX, xorg.0.log > says "Failed to initialize GLX extension (NVIDIA X driver not found)", This really does not sound like a hardened issue... I need to upgrade my drivers to the 96.* to see if I can reproduce your problem, but with 1.0.8776 (from two years ago) I definitely do not have your problem. > glxinfo segfaults. I guess I will try to re-compile all X stuff with the > vanilla gcc. glxinfo segfaulting is expected. Do you have chpax/paxctl installed? There are a metric shitload of stuff that will run afoul of pax on hardened. A quick list from my /etc/conf.d/chpax has (admittedly, this is info that is two years old, since chpax is obsolete and hasn't been updated) java, wine, xorg, xine, openoffice, mplayer, mozilla, firefox, glxinfo, glxgears, ut2004, skype glxinfo has problem with mprotect. Check your system log, there should be something to that effect when your hardened system shuts glxinfo down. I have my entire system on the hardened profile (including X and nvidia [yes, despite the warnings of the hardened team about nvidia]) and no problems. My guess is that your problem with GLX lies somewhere else. > Would it be possible to make these changes permanent, that is, can I tell > portage to compile specific packages with a specific > compiler? /etc/portage/package.compilerflavor or something? Don't know. On the wiki there is a way to switch CFLAGS, don't know if something like that can be used to strip SSP and/or PIC flags from the hardened. W -- "Somebody has suggested that as a solution to global warming we just change the earth's orbit a little bit. Personally, I'm not too keen to carry out this experiment quite yet." ~DeathMech, S. Sondhi. P-town PHY 205 Sortir en Pantoufles: up 431 days, 12:37 -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
On Tuesday 12 February 2008, Alan McKinnon wrote: > Your statement "it seems like running SSH inside a VPN is better for > security than running SSH on a non-standard port" is non-sensical. > From a security and encryption perspective, ssh and OpenVPN are > exactly the same thing - stuff wrapped in an encryption layer provided > by ssl, complete with exactly the same key setup should you choose to > use that route. Perhaps confusingly, ssh itself can be used to create openVPN-like VPNs (actually, much simpler), using the -w option and a couple of tun (or tap) interfaces on the connected computers. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Error in network comment in root mode
Hi, Whenever I am trying to do ssh/telnet/emerge --sync in root mode it gives me error saying "Connection Refused: Forbidden". while same works fine in user mode. Below are some examples . flukebox flukebox # ssh csews53 Connection Refused: Forbidden ssh: connect to host csews53 port 22: Connection refused flukebox flukebox # wget yahoo.com --2008-02-12 19:50:15-- http://yahoo.com/ Resolving relproxy.iitk.ac.in... 172.31.1.233 Connecting to relproxy.iitk.ac.in|172.31.1.233|:3128... Connection Refused: Forbidden failed: Connection refused. flukebox flukebox # telnet apah Trying 172.31.1.33... Connection Refused: Forbidden telnet: Unable to connect to remote host: Connection refused flukebox flukebox # flukebox flukebox # emerge --sync >>> Starting rsync with rsync://172.31.76.254/gentoo-portage... >>> Checking server timestamp ... Connection Refused: Forbidden rsync: failed to connect to 172.31.76.254: Connection refused (111) rsync error: error in socket IO (code 10) at clientserver.c(113) [receiver= 3.0.0pre8] >>> Retrying... - More interestingly, when i do "emerge -af something" then packet is being fetched without any problem may be because that work is done by portage user. This error may have something to do with permissions, I guess. But i have no clue where is the error. Any help would be appreciated. Thanks in advance, Flukebox
Re: [gentoo-user] load too high
Dale wrote: 443-653-1569 wrote: On 23:27 Mon 11 Feb , Miguel Peña Gomez wrote: atop 3 filter by "p" WOW!!, this atop program is great, one of the best diagnostic tools I've seen. Why haven't I heard more about it? Bill Roberts What package provides that command? Dale :-) :-) Never mind. I just needed my glasses. I thought it was _S_top not _A_top. :/ Dale :-) :-) -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: load too high
Dale <[EMAIL PROTECTED]> wrote: > 443-653-1569 wrote: >> On 23:27 Mon 11 Feb , Miguel Peña Gomez wrote: >> >>> atop 3 >>> >>> filter by "p" >>> >>> >>> >> >> WOW!!, this atop program is great, one of the best diagnostic tools I've >> seen. Why haven't I heard more about it? >> >> Bill Roberts >> > > What package provides that command? atop Michael -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] load too high
443-653-1569 wrote: On 23:27 Mon 11 Feb , Miguel Peña Gomez wrote: atop 3 filter by "p" WOW!!, this atop program is great, one of the best diagnostic tools I've seen. Why haven't I heard more about it? Bill Roberts What package provides that command? Dale :-) :-) -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] load too high
On 23:27 Mon 11 Feb , Miguel Peña Gomez wrote: > > > atop 3 > > filter by "p" > > > > El lun, 11-02-2008 a las 19:49 +, James escribió: > > Hello, > > > > One of the workstations (amd64 2gig ram) has a load that never drops below > > 1.0, as seen by top. Looking at a ps nothing stands out. I did notice that > > 'X' is at the top of the list, even when the machine is quiescent (nobody > > doing anything). Suspiciaous. Clearly I have a run away or hidden process > > using > > resources. Although all my system run kde 3.5.8 only one shows this problem. > > > > None of my other Gentoo system suffer this fate. Any ideas on finding the > > culprit(proccess)? WOW!!, this atop program is great, one of the best diagnostic tools I've seen. Why haven't I heard more about it? Bill Roberts pgpRV7b3I3MTh.pgp Description: PGP signature
Re: [gentoo-user] Re: Fake IMAP -> Real IMAP
Grant wrote: I've been waiting and waiting and waiting forever for DSL to come to my neighborhood just so that I can switch to a decent provider and rid myself of this nonsense. Don't assume DSL will be better. They often block ports too (as you said, it's well within their service agreement to do so, but I still think it sucks). At least 'round here you have far more ISP choices with DSL. With cable all you get is a choice between 2-3 of the national "send us your money and shut up" ISPs. With DSL you can pick from at least a dozen and a couple of them are top notch local firms run by geeks for geeks. Where is that, New York City? Sounds like the promised land. - Grant Since DSL is supposed to be coming here soon, I'd like to know what is a good one myself. AT&T is the one running the cable but do I have other choices? Is AT&T OK for a home setup? Anything has to beat this stinking dial-up I have right now tho. Thanks Dale :-) :-) :-) -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: Fake IMAP -> Real IMAP
> >> I've been waiting and waiting and waiting forever for DSL to > >> come to my neighborhood just so that I can switch to a decent > >> provider and rid myself of this nonsense. > > > > Don't assume DSL will be better. They often block ports too > > (as you said, it's well within their service agreement to do > > so, but I still think it sucks). > > At least 'round here you have far more ISP choices with DSL. > With cable all you get is a choice between 2-3 of the national > "send us your money and shut up" ISPs. With DSL you can pick > from at least a dozen and a couple of them are top notch local > firms run by geeks for geeks. Where is that, New York City? Sounds like the promised land. - Grant -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Which arch do I have ?
On Tuesday 12 February 2008, Wael Nasreddine wrote: > Let's say this processor supports 64 bits, what whould I gain from > migrating to x86_64 I mean would it be faster??? I've never > owned/worked on a 64bit machine before so excuse my lack of knowledge > > :) Please stop using the x86_64 nomenclature with respect to gentoo. Gentoo does not define this arch and has no such name - all 64 bit extended arches compatible with x86 are called amd64 on gentoo. The x86_64 name is used by Red Hat and other distros. There are all the same thing really, but using the wrong name in the wrong context clouds the issues and leads to vast side-threads asking question that have no answers and that accomplish nothing. You will not notice a speed increase with a 64 bit processor. You might be able to measure one but it won't really feel any different in real life. What you will notice are: 1. The annoyance of having to put up with 32 bit apps with no 64 bit equivalent 2. Apps can now see more than 3.1GB of memory per app, and can see it linearly. If you run a massive database this will be important to you. If you don't, you won't. Do you have more than 4G of RAM? So, the only good reason to move to amd64 is when you buy a 64 bit machine -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
On Tuesday 12 February 2008, Grant wrote: > > I don't think you need a VPN to SSH from your laptop to the remote > > server -- SSH is already encrypted. > > For sure, but it seems like running SSH inside a VPN is better for > security than running SSH on a non-standard port or even port > knocking. If I need to set up a VPN for printing, shouldn't I use it > for other stuff too? Maybe not, I have yet to actually use a VPN so > please correct me if I'm wrong. The name tells you everything you need to know. vpn is Virtual Private *Network*. If you would normally have a dedicated line between this place and that place to form a network, but this is too expensive so you use the internet instead, then you use a vpn. Why? Because the internet is a public pathway and you don't want your stuff out in the open. If you want a client machine somewhere to connect to a server machine somewhere else, then this is normal internet connectivity and vpn is the wrong thing. If you want the client machine to be part of the same network the server is on so that lots of stuff works the way it does in the office itself, then vpn is the correct thing. Even if you just want to encrypt some clear-text protocol that doesn't have an encrypted equivalent, a vpn is still overkill. For that you use ssh tunneling (which is essentially the same thing as an encrypted version of a protocol). 'ssh -X' is the classic example of easily tunneling a protocol that doesn't have a native encrypted equivalent. Your statement "it seems like running SSH inside a VPN is better for security than running SSH on a non-standard port" is non-sensical. From a security and encryption perspective, ssh and OpenVPN are exactly the same thing - stuff wrapped in an encryption layer provided by ssl, complete with exactly the same key setup should you choose to use that route. -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fake IMAP -> Real IMAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Grant wrote: > I still can't send mail though, with or without > authentication. I get this when port scanning with nmap: > > 25/tcp filtered smtp > > Does that mean my host is blocking the smtp port? It's possible. Or, perhaps you're behind a firewall without that port open? >>> My local network firewall here? All outgoing connections on >>> this firewall are accepted. >>> Many ISPs do block 25. send me an IP if you want me to map from here. Otherwise, I'm sure if it looks closed, and you have it open on your end, it's got to be an ISP blockage. >>> When I nmap my remote server I get these filtered results: >>> >>> 25/tcp filtered smtp 130/tcp filtered cisco-fna 131/tcp >>> filtered cisco-tna 132/tcp filtered cisco-sys 133/tcp >>> filtered statsrv 134/tcp filtered ingres-net 135/tcp filtered >>> msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns >>> 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn >>> 445/tcp filtered microsoft-ds 3128/tcp filtered squid-http >>> /tcp filtered krb524 6881/tcp filtered bittorent-tracker >>> 6969/tcp filtered acmsoda >>> >>> So that all must be filtered by my ISP (Cox)? > > I'm thinking I may not have explained this properly. My local ISP > is Cox and I get the above list of filtered ports when port > scanning my remote machine which is hosted halfway across the > country. Cox can't prevent me from scanning the SMTP port on my > remote machine right? My host must be filtering the ports? > > - Grant Can you please ssh to your box and run an nmap from your box (locally)? This will answer if smtp and imap are running and if they are being filtered by your isp. I'm not sure if someone mentioned before but imap might not be configured to listen on anything besides 127.0.0.1. I wouldn't be surprised if Cox filters 25, but nmapping locally will shed some light on it. Thanks! Eric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHsZC2aiVxdKlBO58RAmS6AJ9+GOwI+tj9OS0DaAjpmPntS1ImTQCeM5g7 UGgLR7ddg7bIckXmMYfV+7c= =2px8 -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list
RE: [gentoo-user] Installation of binary packages
Hi We were able to install the cross compiler binary packages. The commands used were as follows:- $ echo cross-${CTARGET} >> /etc/portage/categories $ emerge -k binutils $ emerge -k gcc $ emerge -k glibc $ emerge -k linux-headers The above series of commands installs the cross compiler packages present in /usr/portage/packages/cross/${CTARGET}/ Regards Suma Sharma -Original Message- From: Neil Bothwick [mailto:[EMAIL PROTECTED] Sent: Thursday, February 07, 2008 6:09 PM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Installation of binary packages On Thu, 7 Feb 2008 17:05:39 +0530, Suma Sharma wrote: > !!! Binary package has an unrecognized category: > '/usr/portage/packages/cross/sh4-unknown-linux-gnu/All/binutils-2.18-r1. tbz2' !!! > 'cross-sh4-unknown-linux-gnu/binutils-2.18-r1' has a category that is > not listed in /etc/portage/categories The error message is quite explicit, All is not a recognised category, you need to create a symlink to the package in $PKGDIR/sys-devel then do emerge -K1 =sys-devel/binutils-2.18-r1 -- Neil Bothwick One-seventh of life is spent on Monday. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Which arch do I have ?
On Mon, Feb 11, 2008 at 10:31:30PM -0500, "Benjamen R. Meyer" <[EMAIL PROTECTED]> wrote: > As you have an Intel Core Duo, you should have the EMT64E version - > Intel's version of the AMD64 instruction set - thus x86-64 compatible. > Best place to check is Intel's website - here's what I found: > http://processorfinder.intel.com/details.aspx?sspec=sl9dv > http://developer.intel.com/design/mobile/core/duodocumentation.htm > With EMT64E, you will be able to compile for 64-bit mode using the > x86-64 builds. (You can only use Intel64 if you have the Itanium procs > if memory serves.) > However, unless you specifically install the x86-64/AMD64/64-bit > version, you will have a 32-bit x86 environment and kernel. You can > upgrade if you like...see other threads for that info. > HTH, > Ben Let's say this processor supports 64 bits, what whould I gain from migrating to x86_64 I mean would it be faster??? I've never owned/worked on a 64bit machine before so excuse my lack of knowledge :) Thank you > Wael Nasreddine wrote: > > Hello, > > It's been like 6 months I'm using the arch i686, but today I saw on this > > page[1] something that confused me, saying that I have an x86_64 arch I > > have a > > Toshiba A135-S4427 with Intel dual core 1.73Ghz here's the output of > > /proc/cpuinfo > > CUT > > processor : 0 > > vendor_id : GenuineIntel > > cpu family : 6 > > model : 14 > > model name : Genuine Intel(R) CPU T2250 @ 1.73GHz > > stepping: 8 > > cpu MHz : 800.000 > > cache size : 2048 KB > > physical id : 0 > > siblings: 2 > > core id : 0 > > cpu cores : 2 > > fdiv_bug: no > > hlt_bug : no > > f00f_bug: no > > coma_bug: no > > fpu : yes > > fpu_exception : yes > > cpuid level : 10 > > wp : yes > > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca > > cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc > > arch_perfmon bts pni monitor est tm2 xtpr > > bogomips: 3460.63 > > clflush size: 64 > > processor : 1 > > vendor_id : GenuineIntel > > cpu family : 6 > > model : 14 > > model name : Genuine Intel(R) CPU T2250 @ 1.73GHz > > stepping: 8 > > cpu MHz : 800.000 > > cache size : 2048 KB > > physical id : 0 > > siblings: 2 > > core id : 1 > > cpu cores : 2 > > fdiv_bug: no > > hlt_bug : no > > f00f_bug: no > > coma_bug: no > > fpu : yes > > fpu_exception : yes > > cpuid level : 10 > > wp : yes > > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca > > cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc > > arch_perfmon bts pni monitor est tm2 xtpr > > bogomips: 3457.55 > > clflush size: 64 > > CUT > > So which arch do I really have?? > > [1]: http://docs.fedoraproject.org/install-guide/f8/en_US/sn-which-arch.html -- Wael Nasreddine http://wael.nasreddine.com PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2 .: An infinite number of monkeys typing into GNU emacs, would never make a good program. (L. Torvalds 1995) :. pgpJPmqn4aQAf.pgp Description: PGP signature
Re: [gentoo-user] Nvidia-drivers failing to install because kernel tree not found
On Mon, 11 Feb 2008 18:32:04 +0200, Alan McKinnon wrote: > You forgot to reboot to run the new kernel That shouldn't be necessary. You can install and compile a new kernel then re-emerge nvidia-drivers before rebooting. The drivers are built for the kernel linked from /usr/src/linux, not the running one. -- Neil Bothwick Memory Map - A sheet of paper showing location of computer store. signature.asc Description: PGP signature
[gentoo-user] layman -L does not show ecatmur, but I can layman -a ecatmur.
I'm currently dual-booting a machine that I'd like to shift completely to gentoo, but I left an ubuntu installaiton in the other disk (where I hope to transfer my gentoo). However, my brother has been downloading some torrents for weeks on end, and their sessions have been left alive in the gnome-btdownload interface. It gets annoying when he boots up to ubuntu sometimes because I often remotely login to my machine and all. So I thought to install gnome-btdownload. Unfortunately I couldnt find it in portage a few weeks ago, and I just forgot about it. Today I logged in remotely to my machine, remembered my old problem, and decided to hunt for an ebuild. I noticed that it's in the ecatmur tree, so I thought just to add it on layman and get it done with. TOTALLY WEIRD. I do a layman -L on my machine and strangely enough, ecatmur isn't listed. I think I've used it beore on layman though, so I look up the overlays listing on the gentoo overlays list, here: http://www.gentoo.org/proj/en/overlays/layman-global.txt Sure enough, ecatmur is present. So I just blindly go layman -a ecatmur and he gets added. I don't understand why layman wouldn't report ecatmur in his listing but accepts ecatmur there anyway when I add? Is this a bug? trixie / # layman --version 1.1.1 trixie / # emerge --version Portage 2.1.3.19 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.22-ck1 x86_64) weird? I remember somewhere that there was something you had to edit to make the overlays appear in the listing, (the stock layman would only show a few entries I think). Maybe this is an extension of that idea but I couldn't find what to edit in the documentation. Any ideas? -- thing.