Re: [CentOS] XScreenSaver

2018-04-09 Thread Stephen John Smoogen 
On 9 April 2018 at 04:47, Tom Grace  wrote:
> On 09/04/2018 07:47, Nicolas Kovacs wrote:
>> I didn't know a screensaver was that critical.
>
> It's critical in that XScreenSaver deals with locking the screen/dealing
> with passwords. I believe the fancy animation bits are separate.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

xscreensaver is security critical for the following reasons:
1. Several of the screensavers take user input which may not be the
main user. If the software has a security problem. those plugins could
overwrite the users data.
2. If the user is expecting that the xscreensaver is locking out a
user and it does not then that is security related
3. The way X works is that every X application can listen to all mouse
and keyboard actions. This also has a security context.

For many sites, any of these make Xscreensaver into a high security
item. It makes perfect sense from jwz's point of view because several
times something 'simple' in an xscreensaver code has turned into a
meltdown somewhere. And the fact that people email him before emailing
the EPEL maintainer or opening a bugzilla about it says his time is
better served saying "not my problem mate."

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-announce] CESA-2018:0648 Important CentOS 7 thunderbird Security Update

2018-04-09 Thread Johnny Hughes 

CentOS Errata and Security Advisory 2018:0648 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0648

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
78c170024613cdf14dc70084dda0c83a321f6829959333ee0e6c518bc772c501  
thunderbird-52.7.0-1.el7.centos.x86_64.rpm




-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2018:0649 Important CentOS 6 libvorbis Security Update

2018-04-09 Thread Johnny Hughes 

CentOS Errata and Security Advisory 2018:0649 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0649

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
2e06e17e114f1fb82b38494b2a749d03a24ab1ad4c7bd5802ca8c7d6d604dcdb  
libvorbis-1.2.3-5.el6_9.1.i686.rpm
40e0518e9a1bca52011bbd00605f55bcdc2bf571dfc8b34847b3fa662c7bc55d  
libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm
d833b6e19caceb7df39ca2bcc782f73f1b7774d7bd52abd6704ac29d778bb882  
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm

x86_64:
2e06e17e114f1fb82b38494b2a749d03a24ab1ad4c7bd5802ca8c7d6d604dcdb  
libvorbis-1.2.3-5.el6_9.1.i686.rpm
e2b276ee079787afa938fc33d26255a167e592670303c74656e84b96c09ace5b  
libvorbis-1.2.3-5.el6_9.1.x86_64.rpm
40e0518e9a1bca52011bbd00605f55bcdc2bf571dfc8b34847b3fa662c7bc55d  
libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm
e043eec9adabbada05e9229f7669b1f1de85693265dd8fb98366b36ee23886a4  
libvorbis-devel-1.2.3-5.el6_9.1.x86_64.rpm
d833b6e19caceb7df39ca2bcc782f73f1b7774d7bd52abd6704ac29d778bb882  
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm

Source:
cf05cdba31b5c0bd71bbe2e333821dc586a9c2eddd8a6fe762c4d35ee836934d  
libvorbis-1.2.3-5.el6_9.1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2018:0647 Important CentOS 6 thunderbird Security Update

2018-04-09 Thread Johnny Hughes 

CentOS Errata and Security Advisory 2018:0647 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0647

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
8faab804fa19089343fd1e489a02b3d351cec5544ed592b6dbec7a3006af99cf  
thunderbird-52.7.0-1.el6.centos.i686.rpm

x86_64:
647747711d64e16d5b2e1529f7e5974464bb0b510cdbcad045f08048dba0d0da  
thunderbird-52.7.0-1.el6.centos.x86_64.rpm

Source:
5089b20a8b1521a7ff70fc6ff5f053a6c6ab5ff2f6fa7f4a0a9af812c8774933  
thunderbird-52.7.0-1.el6.centos.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

Re: [CentOS] Semi-OT: install python package in userspace

2018-04-09 Thread Liam O'Toole 
On 2018-04-09, Valeri Galtsev
 wrote:
>
>
> On 04/09/18 11:15, Paul Heinlein wrote:
>> On Sat, 7 Apr 2018, Pete Biggs wrote:
>> 
 Does CentOS changed the package management? :-)
>>>
>>> Quite.
>>>
>>> This is not an Ubuntu dig, but when I challenge some of the users
>>> about the more dangerous sudo's they try, inevitably they say they
>>> got the command from the net, and by that they usually mean Ubuntu
>>> forums.
>> 
>> Whether the instructions come from the Ubuntu forums or not, we
>> regularly experience the same thing: users unthinkingly following
>> instructions in a REAME or posted on a web page. My experience
>> suggests these folks are just on autopilot.
>
> Sadly, people became zombies. The ability to categorize (hence use the
> menu) is wiped completely. Even the majority of "modern" Desktop
> Environment interfaces expect you to search for what you need instead
> of giving the menu: everything arranged by category. That's why I
> switched to MATE quite a while ago. I guess, I didn't blend in into
> iPad generation...

[...]

Both GNOME and KDE Plasma offer you a menu of applications by category,
if that is what you want. I don't see the problem.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Do you blog about CentOS?

2018-04-09 Thread Nicolas Kovacs 
Le 09/04/2018 à 15:33, Rich Bowen a écrit :
> Do you blog about CentOS? Or about Linux in general? We need your voice.

My french tech blog has a heavy CentOS bias.

https://blog.microlinux.fr/

CentOS on the desktop:

https://blog.microlinux.fr/poste-de-travail/

CentOS on a LAN server:

https://blog.microlinux.fr/serveur-lan/

CentOS on a public server in a datacenter:

https://blog.microlinux.fr/serveur-dedie/

CentOs-based application hosting:

https://blog.microlinux.fr/hebergement/

I'm adding articles to it on a regular basis.

Cheers,

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Semi-OT: install python package in userspace

2018-04-09 Thread Valeri Galtsev 



On 04/09/18 11:15, Paul Heinlein wrote:

On Sat, 7 Apr 2018, Pete Biggs wrote:


Does CentOS changed the package management? :-)


Quite.

This is not an Ubuntu dig, but when I challenge some of the users 
about the more dangerous sudo's they try, inevitably they say they got 
the command from the net, and by that they usually mean Ubuntu forums.


Whether the instructions come from the Ubuntu forums or not, we 
regularly experience the same thing: users unthinkingly following 
instructions in a REAME or posted on a web page. My experience suggests 
these folks are just on autopilot.


Sadly, people became zombies. The ability to categorize (hence use the 
menu) is wiped completely. Even the majority of "modern" Desktop 
Environment interfaces expect you to search for what you need instead of 
giving the menu: everything arranged by category. That's why I switched 
to MATE quite a while ago. I guess, I didn't blend in into iPad 
generation...


Soon we will ask google how much money we have in our wallet ;-)

Valeri

We don't even follow up any more on 
most of the alerts; they'll ask us if it's important. So we rarely give 
out sudo on shared systems and when we do there's some "extreme vetting" 
going on.


Also, Python has such a mature virtual-environment setup that more 
publicly posted instructions are using that route anyway.




--

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Semi-OT: install python package in userspace

2018-04-09 Thread Paul Heinlein 

On Sat, 7 Apr 2018, Pete Biggs wrote:


Does CentOS changed the package management? :-)


Quite.

This is not an Ubuntu dig, but when I challenge some of the users 
about the more dangerous sudo's they try, inevitably they say they 
got the command from the net, and by that they usually mean Ubuntu 
forums.


Whether the instructions come from the Ubuntu forums or not, we 
regularly experience the same thing: users unthinkingly following 
instructions in a REAME or posted on a web page. My experience 
suggests these folks are just on autopilot. We don't even follow up 
any more on most of the alerts; they'll ask us if it's important. So 
we rarely give out sudo on shared systems and when we do there's some 
"extreme vetting" going on.


Also, Python has such a mature virtual-environment setup that more 
publicly posted instructions are using that route anyway.


--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] iscsiadm: Could not perform SendTargets discovery: encountered non-retryable iSCSI login failure

2018-04-09 Thread marcos sr 
Hello

I know this not the place to ask help, but i can't send messages to iscsi
list. :(


I have 3 CentOS 6 connecting to a ISCSI server with Targecli suddenly they
lost connection and i receive this error when i performance iscsiadm --mode
discovery --type sendtargets --portal x.x.x.x

iscsiadm: Could not perform SendTargets discovery: encountered
non-retryable iSCSI login failure


I have already changed the password for the ACLs.

Thanks for attention.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Do you blog about CentOS?

2018-04-09 Thread Rich Bowen 

Do you blog about CentOS? Or about Linux in general? We need your voice.

As mentioned on 
https://blog.centos.org/2018/04/seven-centos-org-is-dead-long-life-to-blog-centos-org/ 
this morning, authentication for blog.centos.org is tied to 
accounts.centos.org (through OpenID). So if you have a CentOS account, 
you have an account on the blog server. We would love to have your 
articles there - hear about what you're doing on top of this awesome 
platform.


On the other hand, if you have your own blog, and you're writing CentOS 
content there, please let me know about that, too. Our aggregator - 
planet.centos.org - is where we collect the various sites with quality 
CentOS content, and we'd love to add you there. Send me an RSS/Atom URL 
for your content - preferably one that's filtered by tag/keyword, so 
that it's just the CentOS/Linux content, and not your posts about your 
cat and your skiing trip - and we'll get you added.


There's a HUGE amount of clickbait/spammy content out there about CentOS 
("How to Install Bash On CentOS In Twelve Easy Steps!") and we need to 
combat that with quality, substantive content.


Thanks!

--
Rich Bowen - rbo...@redhat.com
@RDOcommunity // @CentOSProject // @rbowen
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

2018-04-09 Thread Tom Grace 
On 09/04/2018 07:47, Nicolas Kovacs wrote:
> I didn't know a screensaver was that critical.

It's critical in that XScreenSaver deals with locking the screen/dealing
with passwords. I believe the fancy animation bits are separate.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 + MariaDB + phpMyAdmin

2018-04-09 Thread Nux! 
Hello,

You should contact your control panel supplier as they are known to heavily 
modify the stock settings and packages and are not really supported here.

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Frank M. Ramaekers" 
> To: "CentOS mailing list" 
> Sent: Sunday, 8 April, 2018 04:12:57
> Subject: [CentOS] CentOS 7 + MariaDB + phpMyAdmin

> I can't seem to get phpMyAdmin working.  I got the ip address problem
> (permission) resolved, but now I'm getting a "Parallels H-Sphere" error "Error
> 404: File Not found".  I've looked in all the logs and cannot determine what
> file is not found.
> 
> Frank M. Ramaekers Jr. | Systems Programmer | Information Technology | 
> American
> Income Life Insurance Company | 254-761-6649 (732-6649)
> 
> --
> This message contains information which is privileged and confidential and is
> solely for the use of the intended recipient. If you are not the intended
> recipient, be aware that any review, disclosure, copying, distribution, or use
> of the contents of this message is strictly prohibited. If you have received
> this in error, please destroy it immediately and notify us at
> privacy...@torchmarkcorp.com.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

2018-04-09 Thread Pete Biggs 

> It's not rocket science: someone on your distro's team just needs to
> update it ONCE A YEAR. If that is too onerous for them, then I'd prefer
> that they not distribute my software at all.

And that just goes to show that he knows not what CentOS is - since
clearly he doesn't realise that it is NOT distributed by CentOS at all.
I suspect RH don't touch it for this very reason.

> 
> If you don't like the way XScreenSaver works, then don't run it. I hear
> GNOME Screensaver is a thing that also exists. See how that works out
> for you instead."
> 
> I didn't know a screensaver was that critical.
> 
I tend to go along with Gnome when it comes to screen savers: they
serve no purpose what so ever other than eye candy. Don't bother with
them. Just configure Gnome to lock the session and blank the screen so
the monitor turns off.

If your corporate masters require uplifting messages to be shown on all
the screens, then require them to provide you with the resources to
sort out the software.

P.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

2018-04-09 Thread wwp 
Hello,


On Sun, 08 Apr 2018 18:10:35 -0700 Keith Keller 
 wrote:

> On 2018-04-08, Nicolas Kovacs  wrote:
> > Le 09/04/2018 à 00:33, Keith Keller a écrit :  
> >> I think you can use the --no-splash switch.
> >> 
> >> https://www.jwz.org/xscreensaver/man1.html
> >> 
> >> There's probably also a config setting in .xscreensaver.  
> >
> > No, there's no configuration setting. And no way to turn it off.  
> 
> Not even --no-splash?  That option shows up right on JWZ's site.

Years ago I was using xscreensaver with --no-splash and had no problem
with it. But, I must admit that I gave up with xscreensaver just
because I was using the blank screen feature + power management
settings, and the screensaver service provided by GNOME is just
equivalent and more simple to get (anything but a blank screen is NOT a
screen or energy *saver*, it's an entertainment). I presume KDE has its
own too, so, with regards to the feature, we really don't need
xscreensaver and the whole discussion here and without the author is a
loss of time. Even to the OP of this thread, I'd not recommend using
xscreensaver for school computers administration, he's losing time and
energy.


Regards,

-- 
wwp


pgpZlEImimtA0.pgp
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] XScreenSaver

2018-04-09 Thread Nicolas Kovacs 
Le 09/04/2018 à 03:04, Chris Adams a écrit :
> It's Open Source - patching to remove such a nag is legal and a service
> to the users.
> 
> It's a screensaver program - how many updates does it need anyway?  If
> it is just updates to add more fancy animations, there is zero reason to
> demand people upgrade.

Here's the exact response I got from the developer after asking for help:

"I am not going to go out of my way to help you run security-critical
software that is YEARS out of date. In fact, I consider it my
responsibility to do exactly the opposite.

It's not rocket science: someone on your distro's team just needs to
update it ONCE A YEAR. If that is too onerous for them, then I'd prefer
that they not distribute my software at all.

If you don't like the way XScreenSaver works, then don't run it. I hear
GNOME Screensaver is a thing that also exists. See how that works out
for you instead."

I didn't know a screensaver was that critical.

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos