Re: [gentoo-user] gnome overlay?
On Mon, 11 Feb 2008 09:01:30 +0930, Iain Buchanan wrote: Thanks for the help. I'm updating rhythmbox via layman now. Not sure why evolution-data-server is a dependency though. it's required by totem-pl-parser for some reason: Do you have the eds USE flag set? -- Neil Bothwick Captain, I sense millions of minds focused on my cleavage. signature.asc Description: PGP signature
[gentoo-user] Can't satisfy GLSA 200801-19
camille ~ # glsa-check -t all This system is affected by the following GLSAs: 200801-19 camille ~ # glsa-check -d 200801-19 GLSA 200801-19: GOffice: Multiple vulnerabilities Synopsis: Multiple vulnerabilities in GOffice could result in the execution of arbitrary code. Announced on: January 30, 2008 Last revised on: January 30, 2008: 01 Affected package: x11-libs/goffice Affected archs:All Vulnerable:0.6.1 Unaffected:=0.6.1 =~0.4.3 Related bugs: 198385 Background:GOffice is a library of document-centric objects and utilities based on GTK. Description: GOffice includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities (GLSA 200711-30). Impact:An attacker could entice a user to open specially crafted documents with GOffice, which could possibly lead to the execution of arbitrary code, a Denial of Service or the disclosure of sensitive information. Workaround:There is no known workaround at this time. Resolution:All GOffice 0.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/goffice-0.4.3 All GOffice 0.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-libs/goffice-0.6.1 References: GLSA-200711-30: http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml camille ~ # emerge -pv =x11-libs/goffice-0.6.1 These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] x11-libs/goffice-0.6.1 USE=gnome -debug 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB I've emerged this several times and glsa-check still claims it needs to be fixed. Why? -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: [OT] Interrogate network for devices
Grant Edwards [EMAIL PROTECTED] writes: On 2008-02-11, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] writes: I've recently switched from DSL to Cable connection but still have both working currently. I've snipped all responses but carefully read through them. I think I didn't provide enough info at the outset. I see now that this cable modem has no ethernet address as several posters have suggested. It turned out to be a simple matter of cycling the various modem/router PC s in the right order. Once I got the help desk it took about 2 minutes to get things resolved. It was setup right just needed to recycle the Modem with router off. The cable modem acquires an IP address by dhcp from comcast but also internalizes the MAC of the NIC in the PC, so if you change the MAC (By inserting a router in between, with a different MAC in this case) then the modem continues to try to connect to the MAC it has internalized. It must be rebooted to acquire the new MAC (of the router in this case). Once that happens the Netgear routers (either one) connect with no problems. It almost certainly has an Ethernet address. It might not, however, have an IP address. As you may have guessed I meant IP address. That is, although the Modem connects to the PC by ethernet wire, it has no inward facing address. This was explained by at least two other posters. (Something I'd failed to realize. I expected there to be an inward facing IP) At any rate all is now well, and thanks to all for the tips and help. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: [OT] Interrogate network for devices
On 2008-02-11, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: As you may have guessed I meant IP address. That is, although the Modem connects to the PC by ethernet wire, it has no inward facing address. This was explained by at least two other posters. (Something I'd failed to realize. I expected there to be an inward facing IP) Many cable/DSL modems do, some don't. Ones that act as routers do. Ones that act as bridges _sometimes_ do, but often don't. AFAICT, cable modems that act as bridges are becoming more rare (DSL bridges were always more rare than cable bridges for some reason). Comcast has tried to replace my (rented) bridge with a router a couple times, but I always insist that I want it replaced with a bridge. So far, they've done it, but I'm afraid one of these days they aren't going to have any more of the bridging models available. -- Grant Edwards grante Yow! I left my WALLET in at the BATHROOM!! visi.com -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Imagemagick and gnome packages
I noticed a number of new gnome related packages dropping in all of a sudden as a result of the new svg USE flag in imagemagick: = # emerge -uptDv world These are the packages that would be merged, in reverse order: Calculating world dependencies... done! [nomerge ] net-print/hplip-2.7.10 USE=X ppds scanner -doc -fax -minimal -parport -snmp [nomerge ] dev-python/PyQt-3.17.3 USE=-debug -doc -examples [nomerge ] x11-libs/qscintilla-2.1-r1 [1.7.1] USE=python%* qt4%* -debug% -doc -examples% [ebuild N]dev-python/qscintilla-python-2.1 USE=qt4 1,824 kB [ebuild U ] x11-libs/qscintilla-2.1-r1 [1.7.1] USE=python%* qt4%* -debug% -doc -examples% 0 kB [ebuild U ] www-client/mozilla-firefox-bin-2.0.0.12 [2.0.0.11] USE=-restrict-javascript LINGUAS=el en_GB -af -ar -be -bg -ca -cs -da -de -es -es_AR -es_ES -eu -fi -fr -fy -fy_NL -ga -ga_IE -gu -gu_IN -he -hu -it -ja -ka -ko -ku -lt -mk -mn -nb -nb_NO -nl -nn -nn_NO -pa -pa_IN -pl -pt -pt_BR -pt_PT -ro -ru -sk -sl -sv -sv_SE -tr -uk -zh -zh_CN -zh_TW 9,774 kB [nomerge ] dev-python/qscintilla-python-2.1 USE=qt4 [ebuild N] dev-python/PyQt4-4.3.3 USE=-debug -doc -examples 6,047 kB [ebuild U ] media-libs/xine-lib-1.1.10.1 [1.1.10] USE=X a52 aac aalib alsa dts dvd flac imagemagick mad mng modplug musepack nls opengl oss real sdl speex theora truetype v4l vcd vidix vorbis win32codecs xcb xv xvmc (-altivec) -arts -debug -directfb -dxr3 -esd -fbcon -gnome -gtk -ipv6 -jack -libcaca -mmap -pulseaudio -samba -wavpack -xinerama 7,264 kB [ebuild U ] media-gfx/imagemagick-6.3.7.9 [6.3.5.10] USE=X bzip2 jpeg perl png svg%* tiff truetype wmf xml zlib -djvu% -doc -fontconfig% -fpx -graphviz -gs -hdri -jbig -jpeg2k -lcms -nocxx -openexr -q32 -q8 (-mpeg%*) 7,331 kB [ebuild N] gnome-base/librsvg-2.20.0 USE=zlib -debug -doc -gnome 453 kB [ebuild U ] app-text/ghostscript-esp-8.15.4 [8.15.3] USE=X cups xml -cjk -djvu% -gtk -threads 8,580 kB [ebuild U ] app-admin/testdisk-6.8-r1 [6.5] USE=jpeg ntfs reiserfs -static 751 kB [ebuild U ] sys-fs/ntfsprogs-2.0.0 [1.13.1-r1] USE=crypt -debug -fuse -gnome 883 kB [ebuild N] dev-libs/libconfig-1.2 494 kB [nomerge ] gnome-base/librsvg-2.20.0 USE=zlib -debug -doc -gnome [ebuild N] gnome-extra/libgsf-1.14.7 USE=bzip2 python -debug -doc -gnome 0 kB [nomerge ] net-print/cups-1.2.12-r4 USE=X dbus jpeg ldap nls pam png ppds ssl tiff -php -samba -slp [nomerge ] net-libs/gnutls-2.0.4 USE=nls zlib -doc -guile -lzo [ebuild U ] dev-libs/libtasn1-1.2 [0.3.5] USE=-doc 1,476 kB [ebuild NS ] sys-kernel/gentoo-sources-2.6.23-r8 USE=-build -symlink 280 kB [nomerge ] dev-python/PyQt4-4.3.3 USE=-debug -doc -examples [ebuild U ] dev-python/sip-4.7.3 [4.7.1] USE=-debug 436 kB [ebuild U ] sys-fs/dosfstools-2.11-r3 [2.11-r1] 0 kB [ebuild U ] www-client/mozilla-launcher-1.58 [1.56] 7 kB [nomerge ] net-print/cups-1.2.12-r4 USE=X dbus jpeg ldap nls pam png ppds ssl tiff -php -samba -slp [ebuild U ] app-text/libpaper-1.1.23 [1.1.21] 343 kB Total: 18 packages (12 upgrades, 5 new, 1 in new slot), Size of downloads: 45,936 kB = Other than setting -svg for imagemagick is there anything else I could do to keep these additional gnome packages out? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] load too high
Hello, One of the workstations (amd64 2gig ram) has a load that never drops below 1.0, as seen by top. Looking at a ps nothing stands out. I did notice that 'X' is at the top of the list, even when the machine is quiescent (nobody doing anything). Suspiciaous. Clearly I have a run away or hidden process using resources. Although all my system run kde 3.5.8 only one shows this problem. None of my other Gentoo system suffer this fate. Any ideas on finding the culprit(proccess)? James -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Kmail does not import gpg keys automatically?
On Monday 11 February 2008, Patrick Holthaus wrote: Hi and thanks for the reply! I use hkp://subkeys.pgp.net as my default keyserver and do not seem to have such a problem (unless I open a new message offline, which has a new key that has not been imported yet from the keyserver). I changed the default server to the one you use. It seems to work now. gpg --refresh-keys had an error with the MIT server and it works with yours. Nevertheless I have to set the trust to ultimately of each imported key in KGPG, right? Patrick NO! Only if you trust the guy who owns the key. That trust can only be gained if you have verified (in person) that he is the owner of the registered email address and pgp key! Otherwise, the whole principle of Web of Trust falls apart. That's what the key exchange meetings are all about. Now, you can't meet everyone in person who has a pgp key, right? But if you have verified that Bob is who he says he is and his key matches up to his email address, and Bob has gone through the same process with Fred, then by implication you may chose to also trust Fred and any others that Bob has verified. For obvious reasons you may chose to mark Fred's key as trusted to a lesser degree than Bob's. Have a look at these links for more info on this subject: http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html http://en.wikipedia.org/wiki/Key_signing_party http://en.wikipedia.org/wiki/Web_of_trust HTH. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] OpenVPN setup
On Monday 11 February 2008, Grant wrote: The second guide deals with bridging and the first does not. Should I be setting up bridging? The first guide seems simpler. Should I be OK with that one? I'd hate to dig into one of them and then find out I should have chosen the other. - Grant IMHO you should always go with routed first, then bridged if you need it. Ask yourself this question: do you really need ethernet traffic to go through the vpn? There are cases where it could be useful, but I'm hard pressed to find a general case. With a routed vpn, you work with IP addresses, just like you do on the internet. -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] OpenVPN setup
I'm hoping to install openvpn on my remote hosted server. I have three machines to consider: 1. remote hosted web/mail server 2. local firewall, print server 3. local laptop I'm hoping to use the vpn in three few ways: 1. imap and smtp between my laptop and the mail server 2. ssh from my laptop to the remote server 3. cups printing from the remote server to the print server I've been over these guides: http://gentoo-wiki.com/HOWTO_OpenVPN_primer http://gentoo-wiki.com/HOWTO_Road_Warriors_with_OpenVPN It looks like there are plenty of opportunities for me to screw up so I'm hoping somebody might be able to help when I get stuck. The second guide deals with bridging and the first does not. Should I be setting up bridging? The first guide seems simpler. Should I be OK with that one? I'd hate to dig into one of them and then find out I should have chosen the other. - Grant -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
Hi Grant, On Tue, Feb 12, 2008 at 5:41 AM, Grant [EMAIL PROTECTED] wrote: I'm hoping to use the vpn in three few ways: 1. imap and smtp between my laptop and the mail server 2. ssh from my laptop to the remote server 3. cups printing from the remote server to the print server I don't think you need a VPN to SSH from your laptop to the remote server -- SSH is already encrypted. If your laptop is always behind your local firewall, then it should be sufficient to have an OpenVPN tunnel established between your local firewall/print server and your remote server. This should allow you to print. Configuring the routes on your laptop to go through your local firewall and VPN to the remote server should allow you to grab your mail. If you move around with your laptop then you'll need to establish the VPN tunnel to your remote server anytime you need to grab your mail from anywhere else but home (behind your local firewall). On Tue, Feb 12, 2008 at 5:53 AM, Alan McKinnon [EMAIL PROTECTED] wrote: IMHO you should always go with routed first, then bridged if you need it. Ask yourself this question: do you really need ethernet traffic to go through the vpn? There are cases where it could be useful, but I'm hard pressed to find a general case. With a routed vpn, you work with IP addresses, just like you do on the internet. As Alan said, try going with routed first. Also, think about whether you really need this. As mentioned above, SSH doesn't need to be tunneled over a VPN. IMAP and SMTP can be encrypted too. That leaves printing, for which you could use VPN. Have fun! Mike -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Switching to hardened
Eric Martin writes: Dan Farrell wrote: You might consider building packages but not installing them -- I think could use --buildpkgonly (aka -B) to achieve this end. If the world emerge with a -B flag finishes successfully, I think that means all packages were built and you are ready to emerge world with --usepkgonly (-K) without having to worry about build-time issues that could cause conflicting packages on the system. But what does everyone else think? I like it. The only problem is it might not work in some situations where you need program A to compile program B (kde4 requires qt4). I've never gone from a non-hardened system - hardened though so take my comments with a grain of salt. This could also work on other tricky upgrades. Nice idea. Maybe next time... I already had started the migration. And screwed up. I forgot about distcc being active, so some other boxes helped in compiling, but they do not have the hardened profile, and thus no hardened gcc. So, in fact nothing was compiled on the local machine. I emerged -e again, this time without distcc and ccache. All compiled fine, except for media-video/mplayer-1.0_rc2_p24929-r1 (vf_decimate.c:26: error: can't find a register in class `BREG' while reloading `asm') and net-nntp/pan-0.132-r1, which claims to need about 300 more megabytes of memory to compile. I did not reboot yet as I am not near the machine, but so far things work well. Mplayer is not needed on that machine anyway. I then decided to harden my desktop PC, too. I want to get some experience with the hardened setup, and I want that machine to be able to act as a distcc server for another hardened machine which will be set up soon. Here, also mplayer and some more packages failed. x11-misc/xaos-3.2: i386.c: In function `_control87': i386.c:31: error: PIC register `bx' clobbered in `asm' Solved by using the vanilla gcc. x11-misc/xscreensaver-5.04: lockward.c:59: error: syntax error before uint8_t app-emulation/dosemu-1.3.3: vga.c: In function `pcivga_init': vga.c:493: error: `PCI_CLASS_DISPLAY_VGA' undeclared (first use in this function) mplayer: compiles with vanilla gcc. But most annoying is that the nvidia drivers do not seem to work. First, they refused to compile telling me that this would do more harm than good with a hardened setup. I put them into packages.unmask, now they compile and the nvidia module loads, but still X has no GLX, xorg.0.log says Failed to initialize GLX extension (NVIDIA X driver not found), glxinfo segfaults. I guess I will try to re-compile all X stuff with the vanilla gcc. Would it be possible to make these changes permanent, that is, can I tell portage to compile specific packages with a specific compiler? /etc/portage/package.compilerflavor or something? If this makes things complicated, I think I will go back to a normal setup at least for my desktop machine. Thre hardened gcc will stay for distcc purposes (I will run two distccs on different ports, one for the hardened, one for the vanilla gcc), but I prefer to have a system which will run OpenGL. Wonko -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [OT] Migrating Drupal websites
Mick wrote: Thanks for the prefix tip! I was thinking of letting each site to have its own database within mysql, but my wife wants each one separately. As long as they are separable both for backups and uploads I don't mind really. Aren't multiple mysql instances going to affect server performance? You figure out the prefix idea after inheriting a db server with Members, Member, 1Member, and so on. And also Logs, New_logs, etc which you'd need to lookup to see which site were which database. It was a mess. :( I even do it on my own server for databases just in case I ever have to add a friend or migrate my data to someone else's machine. Yes running multiple instances will be more overhead, but there are odd cases when it's useful. I'd stick with just assigning a db per site in your case. If you're using Innodb I'd also set innodb_file_per_table which will cause Mysql to put Innodb data files in the same dir under /var/lib/mysql/$db_name/ rather than using the default /var/lib/mysql/ibdata files. It's a bit easier to tell where your data is and you get better disk IO that way as well. IIRC per table will not apply retroactively so you'll need to dump and reimport any db you'd like to take advantage of it. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Clock issue
Sounds like you have not set the timezone in /etc/conf.d/clock properly. It defaults to the word Factory BillK On Mon, 2008-02-11 at 16:38 +0100, Amar Cosic wrote: Hello all I just upgraded my kenel to 2.6.23-r8 and everything seems to be OK.Only issue I have is clock.Its +1 hour what it should be. I have this issue before and during boot there was some error that cant setup clock from /etc/conf.d/clock , you will have to set it up manualy .Unfortunetly I only have ssh acces to my machine and cant see exact error.In /etc/conf.d/clock I have local set up. Bios time is also what it should be. Before I build something in kernel and everything was fine. I just cant remember what was it :/ . Any help ? Thanks -- Amar Ćosić [EMAIL PROTECTED] [EMAIL PROTECTED] +38761240095 http://www.amar.co.ba -- William Kenworthy [EMAIL PROTECTED] Home in Perth! -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: installation of cross compiler binary
Suma Sharma Suma.Sharma at kpitcummins.com writes: Hi Please give me the procedure to install the cross-compiler sh4-unknown-linux-gnu toolchain available on http://tinderbox.dev.gentoo.org/cross-x86/ Your best resource is the newly revised:http://www.gentoo.org/proj/en/base/embedded/handbook/ If you join the gentoo-embedded, your sure to find other embedded folks woking on this architecture. hth, James -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Nvidia-drivers failing to install because kernel tree not found
On Monday 11 February 2008, Marzan, Richard non Unisys wrote: I wonder what's happening...Is there something that I could have missed? You forgot to reboot to run the new kernel I did reboot...more than once. Made sure uname -a corresponded to the kernel in /boot/ and to the symlink in /usr/src/ In that case you seem to have done everything you should have done. Do the alsa drivers build correctly? If so, it would seem you have tripped over a bug and should report it at b.g.o. Can't for the life of me think how such a bug would happen though, but still, should be reported :-) -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Kmail does not import gpg keys automatically?
On Monday 11 February 2008, Patrick Holthaus wrote: Hey there! I wonder why Kmail does not import any gpg keys. For example on this list, many people sign their messages. But Kmail tells me something like this: Message was signed on xxx with unknown key xxx. The validity of the signature cannot be verified. Status: No public key to verify the signature OpenPGP is selected in Crypto Backends with default keyserver http://pgp.mit.edu Automatically import keys and certificates is also selected. I use hkp://subkeys.pgp.net as my default keyserver and do not seem to have such a problem (unless I open a new message offline, which has a new key that has not been imported yet from the keyserver). KGpg has a 'Refresh keys from server' selection in the menu that will do exactly that when you're on line, or bring back an error if a connection cannot be established (e.g. because you are off-line, the server does not accept connections, or the particular keys are not published on that server). Ditto if you run: $ gpg --refresh-keys HTH. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
RE: [gentoo-user] Nvidia-drivers failing to install because kernel tree not found
-Original Message- From: Alan McKinnon [mailto:[EMAIL PROTECTED] Sent: Monday, February 11, 2008 11:32 AM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Nvidia-drivers failing to install because kernel tree not found On Monday 11 February 2008, Marzan, Richard non Unisys wrote: I recently read an article at planet.gentoo.org about a 2 serious bugs in the kernel that could lead to someone crashing or rooting a system with linux kernels prior to gentoo-sources-2.6.23-r2. So being the paranoid one that I am, I unmasked this ebuild and installed it. I performed a `make oldconfig` and everything went well. I expected Alsa-drivers and nvidia-drivers to be broken after the upgrade of the kernel version. I symbolically linked linux to the new 2.6.24-r2 kernel source tree. Then, I proceed to re-emerge nvidia-drivers and it states that it, for some odd reason, it cannot find the kernel source. Moreover, it cannot even ascertain which system my kernel is built for i686, Kryptonite 8 or K8 (Athlon). I tried changing versions of the nvidia-drivers just incase the current stable one was not compatible with the latest gentoo-sources package and the problem remained the same. I wonder what's happening...Is there something that I could have missed? You forgot to reboot to run the new kernel -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list I did reboot...more than once. Made sure uname -a corresponded to the kernel in /boot/ and to the symlink in /usr/src/ -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [OT again..] Technical networking question about changing GW
FF will use whatever your conn is set to. as far as logging in thats cookie based (normally) so the browser should just resume session once the network is backup ( ie - /etc/init.d/net.eth0 restart) On Feb 11, 2008, at 11:28 AM, [EMAIL PROTECTED] wrote: I happen to be in a situation where I have both a DSL and CABLE connection to internet up for the time being... (Until the DSL contract month runs out). It affords a nifty opportunity to do some experiments. Of course I tested the speeds of both and it varies between 200 and 500 % faster on the Cable connection. (Nice). At first I used single machines connected independently to the respective IPs for testing, but it slowly dawned on me that I could hook everything up on the lan, to the same subnet and then just reset the GateWay target on individual machines as needed, for any of 6 machines. So currently I have two internet outlets and two gateway routers on 192.168.0.0/24 Here's the technical part: Assume I have loaded a web page that downloads a video to my cache as it plays. Assume further there are several of these to be played one by one. After playing one, if I reset my GW (and I have also rest /etc/resolv.conf to use that gw address for dns [probably not totally necessary]). Followed by /etc/init.d/net.eth0 restart. Will the browser, which has not been restarted, now use the new gateway when I run the next link (or for testing, run the same link again), or will it continue on the same route (which is still available), that is, will the browser (firefox) continue using the original GW until the browser itself is restarted? I know I could track all this with tcpdump but it gets sort of cumbersome unless you've memorized the necessary commands to filter output down to something more usable. I usually get so tangled up with tcpdump I spend more time on it than the project at hand. I don't use it very frequently so inevitably spend gobs of time at `man tcpdump' instead of tending to what I started to do. Why I ask is that the site I'm doing this on requires me to login and then relocate the stuff I want to see if I have to restart the browser. I wanted to try to gauge if there was much of a noticeable difference with the two IP connections. And it would be handy to just step through the links changine the GW intermittently. -- gentoo-user@lists.gentoo.org mailing list -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Nvidia-drivers failing to install because kernel tree not found
On Monday 11 February 2008, Marzan, Richard non Unisys wrote: I recently read an article at planet.gentoo.org about a 2 serious bugs in the kernel that could lead to someone crashing or rooting a system with linux kernels prior to gentoo-sources-2.6.23-r2. So being the paranoid one that I am, I unmasked this ebuild and installed it. I performed a `make oldconfig` and everything went well. I expected Alsa-drivers and nvidia-drivers to be broken after the upgrade of the kernel version. I symbolically linked linux to the new 2.6.24-r2 kernel source tree. Then, I proceed to re-emerge nvidia-drivers and it states that it, for some odd reason, it cannot find the kernel source. Moreover, it cannot even ascertain which system my kernel is built for i686, Kryptonite 8 or K8 (Athlon). I tried changing versions of the nvidia-drivers just incase the current stable one was not compatible with the latest gentoo-sources package and the problem remained the same. I wonder what's happening...Is there something that I could have missed? You forgot to reboot to run the new kernel -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
I'm hoping to use the vpn in three few ways: 1. imap and smtp between my laptop and the mail server 2. ssh from my laptop to the remote server 3. cups printing from the remote server to the print server I don't think you need a VPN to SSH from your laptop to the remote server -- SSH is already encrypted. For sure, but it seems like running SSH inside a VPN is better for security than running SSH on a non-standard port or even port knocking. If I need to set up a VPN for printing, shouldn't I use it for other stuff too? Maybe not, I have yet to actually use a VPN so please correct me if I'm wrong. If your laptop is always behind your local firewall, then it should be sufficient to have an OpenVPN tunnel established between your local firewall/print server and your remote server. This should allow you to print. Configuring the routes on your laptop to go through your local firewall and VPN to the remote server should allow you to grab your mail. If you move around with your laptop then you'll need to establish the VPN tunnel to your remote server anytime you need to grab your mail from anywhere else but home (behind your local firewall). Ah, tunnels, OK. I need to think in terms of tunnels. I'll definitely be moving around and won't be behind my local firewall too much of the time. Can I set up the openvpn server on my remote system and keep a tunnel open between it and the firewall/print server for printing, and also initiate a tunnel between the laptop and the remote system whenever I need to mail or SSH? Does that sound like a good plan? - Grant IMHO you should always go with routed first, then bridged if you need it. Ask yourself this question: do you really need ethernet traffic to go through the vpn? There are cases where it could be useful, but I'm hard pressed to find a general case. With a routed vpn, you work with IP addresses, just like you do on the internet. As Alan said, try going with routed first. Also, think about whether you really need this. As mentioned above, SSH doesn't need to be tunneled over a VPN. IMAP and SMTP can be encrypted too. That leaves printing, for which you could use VPN. Have fun! Mike -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fake IMAP - Real IMAP
I still can't send mail though, with or without authentication. I get this when port scanning with nmap: 25/tcp filtered smtp Does that mean my host is blocking the smtp port? It's possible. Or, perhaps you're behind a firewall without that port open? My local network firewall here? All outgoing connections on this firewall are accepted. Many ISPs do block 25. send me an IP if you want me to map from here. Otherwise, I'm sure if it looks closed, and you have it open on your end, it's got to be an ISP blockage. When I nmap my remote server I get these filtered results: 25/tcp filtered smtp 130/tcp filtered cisco-fna 131/tcp filtered cisco-tna 132/tcp filtered cisco-sys 133/tcp filtered statsrv 134/tcp filtered ingres-net 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 3128/tcp filtered squid-http /tcp filtered krb524 6881/tcp filtered bittorent-tracker 6969/tcp filtered acmsoda So that all must be filtered by my ISP (Cox)? Ouch, that's a cruel list. Turning of torrents just goes to show the massive misunderstanding of their nature and use. I recommend you use 587 (right?) the smtp submission port, with sasl authentication, and ssl if possible. What about your openvpn suggestion? That would get around this problem right? Plus it's a generally good practice? Either is good; however you are going to need a different MX host for your mail I'm afraid. Since hosts can't connect to 25 they can't send mail directly to you. COX probably has provided an outgoing relay host, but didn't expect their customers to be receiving their own mail. I'm thinking I may not have explained this properly. My local ISP is Cox and I get the above list of filtered ports when port scanning my remote machine which is hosted halfway across the country. Cox can't prevent me from scanning the SMTP port on my remote machine right? My host must be filtering the ports? - Grant -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: [OT] Interrogate network for devices
On 2008-02-11, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] writes: I've recently switched from DSL to Cable connection but still have both working currently. I've snipped all responses but carefully read through them. I think I didn't provide enough info at the outset. I see now that this cable modem has no ethernet address as several posters have suggested. It almost certainly has an Ethernet address. It might not, however, have an IP address. -- Grant Edwards grante Yow! Wow! Look!! A stray at meatball!! Let's interview visi.comit! -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Nvidia-drivers failing to install because kernel tree not found
I recently read an article at planet.gentoo.org about a 2 serious bugs in the kernel that could lead to someone crashing or rooting a system with linux kernels prior to gentoo-sources-2.6.23-r2. So being the paranoid one that I am, I unmasked this ebuild and installed it. I performed a `make oldconfig` and everything went well. I expected Alsa-drivers and nvidia-drivers to be broken after the upgrade of the kernel version. I symbolically linked linux to the new 2.6.24-r2 kernel source tree. Then, I proceed to re-emerge nvidia-drivers and it states that it, for some odd reason, it cannot find the kernel source. Moreover, it cannot even ascertain which system my kernel is built for i686, Kryptonite 8 or K8 (Athlon). I tried changing versions of the nvidia-drivers just incase the current stable one was not compatible with the latest gentoo-sources package and the problem remained the same. I wonder what's happening...Is there something that I could have missed? -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: [OT] Interrogate network for devices
Mick [EMAIL PROTECTED] writes: The cable modem acquires an IP address by dhcp from comcast but also internalizes the MAC of the NIC in the PC, so if you change the MAC (By inserting a router in between, with a different MAC in this case) then the modem continues to try to connect to the MAC it has internalized. It must be rebooted to acquire the new MAC (of the router in this case). He, he, that's what I told ya! Spoof (clone) the IP address on the router and you'd be good to go. On the other hand if you power cycle the devices in the right order as Dale told you, you'll also get to the same point. Yes you did, and like a bozo I let it fly right over my head. But taken together, all the input on this has cleared a number of things up for me. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fake IMAP - Real IMAP
On Mon, 11 Feb 2008 06:02:01 -0800 Grant [EMAIL PROTECTED] wrote: I still can't send mail though, with or without authentication. I get this when port scanning with nmap: 25/tcp filtered smtp Does that mean my host is blocking the smtp port? It's possible. Or, perhaps you're behind a firewall without that port open? My local network firewall here? All outgoing connections on this firewall are accepted. Many ISPs do block 25. send me an IP if you want me to map from here. Otherwise, I'm sure if it looks closed, and you have it open on your end, it's got to be an ISP blockage. When I nmap my remote server I get these filtered results: 25/tcp filtered smtp 130/tcp filtered cisco-fna 131/tcp filtered cisco-tna 132/tcp filtered cisco-sys 133/tcp filtered statsrv 134/tcp filtered ingres-net 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 3128/tcp filtered squid-http /tcp filtered krb524 6881/tcp filtered bittorent-tracker 6969/tcp filtered acmsoda So that all must be filtered by my ISP (Cox)? Ouch, that's a cruel list. Turning of torrents just goes to show the massive misunderstanding of their nature and use. I recommend you use 587 (right?) the smtp submission port, with sasl authentication, and ssl if possible. What about your openvpn suggestion? That would get around this problem right? Plus it's a generally good practice? Either is good; however you are going to need a different MX host for your mail I'm afraid. Since hosts can't connect to 25 they can't send mail directly to you. COX probably has provided an outgoing relay host, but didn't expect their customers to be receiving their own mail. jerks. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: {OT} CUPS alternative?
So I would set up openvpn on my remote server and connect to it from: here's a few ideas about the subject, some options to think about. 1. my local print server for printing Look into routed vpn networks. If I were in your case I would probably set up a VPN server on (one of) my firewall(s) and then either route/allow :641 traffic to the remote print server through the VPN or simply redirect :641 connections through the VPN, just like port forwarding for NATed servers behind firewalls. in this configuration, the remote print server is really a VPN client rather than a server. That sounds good. 2. my laptop for ssh and imap I like to allow myself, with my laptop, to connect to my SOHO-sized server setup through a VPN. To this end I tell the gateways on select subnets to route throught to the VPN, and tell the VPN server to route to those subnets' gateways. That way I can configure any computer (through the vpn, of course) without having to worry about opening it to external connections. If you wanted to make the VPN transparent, you could NAT the VPN traffic instead, and make it look like it came from the VPN server itself. Can't say I understand this but I have some reading to do about VPN. I cringe at the idea of having to use a VPN for imap, however. Why? Would you say the same of using it for SMTP? Could I also only allow access to my website's admin pages through openvpn? You could, but it might be a little tricky, depending on your setup. If it were my goal, I would probably put the server pages in a directory and control access to that directory to only VPN addresses (Again, this assumes a routed vpn). Or you could put it on a different server entirely. However, I would do no such thing. I would want to use an entirely different access scheme for website admin, using a user login to perhaps an ssl protected webpage, or if I were really concerned, HTTP authentication. . I would not want my web admins, who likely enjoy the ease with which they can manipulate their web pages, to be allowed on the VPN, and wouldn't want to set it up on their computers or worry about them getting viruses and the like. It's hard for a virus to transmit in a meaningful fashion over FTP and access to webpages, but trojans on a VPN client give the trojan controller the same access to the VPN -- and a copy of the client's certificates. I am not quick to pass out trusted certs for my vpn. I was thinking authentication + VPN, but maybe that's overkill. I kinda like the idea of everything non-public going through the VPN. Nobody should be in there but me so there's no trust problem. Is that too much? There are only three machines involved here: 1. remote web/mail server, print client 2. local firewall/router/print server 3. local web/mail/print client I think it would make sense to make machine #2 the VPN server, but it is not nearly as reliable as machine #1 in terms of the internet connection and the hardware (machine #2 is getting old). I would hate to be out of town and lose access to all email services because machine #2 goes down. Machine #1 basically never goes down. Could I make #1 the VPN server to maximize reliability and have everything work the way I want it to? - Grant In short, better uses of the VPN in this case would probalby be remote access to the corp. network from your laptop and secure access to remote print servers from whatever the number of hosts. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fake IMAP - Real IMAP
I still can't send mail though, with or without authentication. I get this when port scanning with nmap: 25/tcp filtered smtp Does that mean my host is blocking the smtp port? It's possible. Or, perhaps you're behind a firewall without that port open? My local network firewall here? All outgoing connections on this firewall are accepted. Many ISPs do block 25. send me an IP if you want me to map from here. Otherwise, I'm sure if it looks closed, and you have it open on your end, it's got to be an ISP blockage. When I nmap my remote server I get these filtered results: 25/tcp filtered smtp 130/tcp filtered cisco-fna 131/tcp filtered cisco-tna 132/tcp filtered cisco-sys 133/tcp filtered statsrv 134/tcp filtered ingres-net 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 3128/tcp filtered squid-http /tcp filtered krb524 6881/tcp filtered bittorent-tracker 6969/tcp filtered acmsoda So that all must be filtered by my ISP (Cox)? I recommend you use 587 (right?) the smtp submission port, with sasl authentication, and ssl if possible. What about your openvpn suggestion? That would get around this problem right? Plus it's a generally good practice? Thank you very much for all your help, and I'm going to get back to that other thread now. - Grant -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Can't satisfy GLSA 200801-19
On Mon, Feb 11, 2008 at 09:24:41AM -0600, Michael Sullivan wrote: camille ~ # glsa-check -t all This system is affected by the following GLSAs: 200801-19 camille ~ # glsa-check -d 200801-19 GLSA 200801-19: GOffice: Multiple vulnerabilities Synopsis: Multiple vulnerabilities in GOffice could result in the execution of arbitrary code. Announced on: January 30, 2008 Last revised on: January 30, 2008: 01 Affected package: x11-libs/goffice Affected archs:All Vulnerable:0.6.1 Unaffected:=0.6.1 =~0.4.3 camille ~ # emerge -pv =x11-libs/goffice-0.6.1 These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] x11-libs/goffice-0.6.1 USE=gnome -debug 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB I've emerged this several times and glsa-check still claims it needs to be fixed. Why? I have had a similar issue with a Python GLSA. Have you checked to see if you have multiple versions installed (in slots)? Try 'emerge --unmerge --pretend goffice' and see if it offers to unmerge multiple versions. You may simply need to unmerge the vulnerable version to sort things out. -- Reverend Paul Colquhoun, ULC.http://andor.dropbear.id.au/~paulcol Asking for technical help in newsgroups? Read this first: http://catb.org/~esr/faqs/smart-questions.html#intro -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: [OT] Interrogate network for devices
On Monday 11 February 2008, [EMAIL PROTECTED] wrote: The cable modem acquires an IP address by dhcp from comcast but also internalizes the MAC of the NIC in the PC, so if you change the MAC (By inserting a router in between, with a different MAC in this case) then the modem continues to try to connect to the MAC it has internalized. It must be rebooted to acquire the new MAC (of the router in this case). He, he, that's what I told ya! Spoof (clone) the IP address on the router and you'd be good to go. On the other hand if you power cycle the devices in the right order as Dale told you, you'll also get to the same point. Once that happens the Netgear routers (either one) connect with no problems. It almost certainly has an Ethernet address. It might not, however, have an IP address. As you may have guessed I meant IP address. That is, although the Modem connects to the PC by ethernet wire, it has no inward facing address. This was explained by at least two other posters. (Something I'd failed to realize. I expected there to be an inward facing IP) Quite often there *is* a static LAN IP address for the modem, which can be used to connect to it for diagnostic purposes. Of course if the modem has only one ethernet port then you have to disconnect the router from it and connect your computer directly, after you set up the same IP subdomain using ifconfig. A mate of mine has a Comcast router (probably different to yours) I'll ask how he got in and let you know. At any rate all is now well, and thanks to all for the tips and help. Glad it worked out for you. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] [OT] Migrating Drupal websites
On Monday 11 February 2008, kashani wrote: Mick wrote: I am not quite sure how best to setup a local Drupal development server. This is only for developing the websites, which when ready for publishing will be migrated to the hosting server. Still at the planning stage with all this, I want to keep each website separate. So I was thinking of having separate MySQL users, each with their own MySQL database. Also, I am not sure where to save (physically) each database. Is it prudent to keep them separately under the respective virtual host domainname fs (/var/www/domainname), or should I leave these under the default /var/lib/mysql/, or where ever they are normally stored? Haven't looked into tablespaces yet. For the sake of avoiding a major domestic, I want to make sure that migration to the hosting server will happen without any glitches, or worse having to redesign the website from scratch! What's a clever way of going about this? Are you going to be running multiple instances of Mysql or just letting each site have it's own db within Mysql? Most of the time people do that later and if that is the case Mysql will store each db in it's own dir under /var/lib/mysql/. I do recommend using a customer prefix for databases. Some thing like acme_drupal, sears_drupal, etc which will make it much simpler to remember what db is for what. You'll need to work out your release system. I'm not sure what tools drupal offers if any. Have you looked through their docs? Thanks for the prefix tip! I was thinking of letting each site to have its own database within mysql, but my wife wants each one separately. As long as they are separable both for backups and uploads I don't mind really. Aren't multiple mysql instances going to affect server performance? I thought that I had gone through the docs but it seems that I missed a whole category under HOWTOs which explains all that is hopefully needed. Thanks for your help. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] ifconfig after upgrade to 2.6.24-r2
Hi, After kernel renewing to 2.6.24-r1, ifconfig doesn't show alias' on interfaces. # ifconfig eth0 Link encap:Ethernet HWaddr 00:04:23:DE:56:38 inet addr:111.222.111.222 Bcast:111.222.111.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:138264206 errors:0 dropped:677 overruns:0 frame:0 TX packets:132035071 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:98025249910 (93484.1 Mb) TX bytes:90219726063 (86040.2 Mb) Base address:0x2020 Memory:b882-b884 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:31307042 errors:0 dropped:0 overruns:0 frame:0 TX packets:31307042 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:54799494113 (52260.8 Mb) TX bytes:54799494113 (52260.8 Mb) # cat /etc/conf.d/net config_eth0=( 111.222.111.222 netmask 255.255.255.0 brd 111.222.111.255 10.0.2.3 netmask 255.255.0.0 brd 10.0.255.255 ) routes_eth0=( default gw 111.222.111.1 ) dns_servers_eth0=111.222.111.181 111.222.111.270 dns_domain_eth0=mydomain.hu config_lo=( 111.222.111.223/32 111.222.111.224/32 ) # emerge -pv gentoo-sources These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] sys-kernel/gentoo-sources-2.6.24-r1 USE=-build -symlink* 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB Gentoo 2007.0, x86_64. -- BRGDS. Alesha. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Clock issue
No , timezone is Europe/Sarajevo as it should be On Feb 11, 2008 10:48 PM, William Kenworthy [EMAIL PROTECTED] wrote: Sounds like you have not set the timezone in /etc/conf.d/clock properly. It defaults to the word Factory BillK On Mon, 2008-02-11 at 16:38 +0100, Amar Cosic wrote: Hello all I just upgraded my kenel to 2.6.23-r8 and everything seems to be OK.Only issue I have is clock.Its +1 hour what it should be. I have this issue before and during boot there was some error that cant setup clock from /etc/conf.d/clock , you will have to set it up manualy .Unfortunetly I only have ssh acces to my machine and cant see exact error.In /etc/conf.d/clock I have local set up. Bios time is also what it should be. Before I build something in kernel and everything was fine. I just cant remember what was it :/ . Any help ? Thanks -- Amar Ćosić [EMAIL PROTECTED] [EMAIL PROTECTED] +38761240095 http://www.amar.co.ba -- William Kenworthy [EMAIL PROTECTED] Home in Perth! -- gentoo-user@lists.gentoo.org mailing list -- Amar Ćosić [EMAIL PROTECTED] [EMAIL PROTECTED] +38761240095 http://www.amar.co.ba
Re: [gentoo-user] OpenVPN setup
I do this with my work printer - the printer is locked down to a local network - I can print from locked out offices/labs anywhere (and even from home, picking up the printouts when I arrive - convenient!) I also transfer sometimes large files (using scp) and run ssh sessions and imap/smtp mail all through the same tunnel(s) - I actually use two in series with a convenient host in between to get around some local routing issues. All can be transparent and just work. scp can sometimes be a pain with slow speeds but its dependent on network conditions external to the tunnel - i.e., some external conditions cause interactions that affect packet sizes/latency within the tunnel - doesnt happen often though. Routing is often an issue (particularly to networks a few hops away on the inside) - ospf (quagga) was the solution, though RIP is probably easier/better for this The downside - gentoos openvpn and networking design is ok for simple setups, but has to be overidden when getting complex. Can be fragile when design changes are taking place - breaks when you least expect it like when they introduced the bind flag into the init.d script (gr) Note that you need sympathetic or pliable IT staff if its a workplace - helps to have them onside if you are going to bypass their security policies for your own benefit! BillK On Mon, 2008-02-11 at 19:44 -0600, Dan Farrell wrote: On Mon, 11 Feb 2008 16:00:49 -0800 Grant [EMAIL PROTECTED] wrote: You can print from your laptop to your printer at home while overseas, for example. Sounds very convenient ; ) -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] load too high
On Monday 11 February 2008, James wrote: Hello, One of the workstations (amd64 2gig ram) has a load that never drops below 1.0, as seen by top. Looking at a ps nothing stands out. I did notice that 'X' is at the top of the list, even when the machine is quiescent (nobody doing anything). Suspiciaous. Clearly I have a run away or hidden process using resources. Although all my system run kde 3.5.8 only one shows this problem. None of my other Gentoo system suffer this fate. Any ideas on finding the culprit(proccess)? First thing to understand is exactly what the system load is. Maybe you already know this, but I'll post it anyway for the benefit of everyone else reading. Load is defined as the number of processes waiting for cpu time averaged over a certain time period. top and uptime measure this in three periods - 1 minute, 5 minutes and 15 minutes. A process can be waiting for cpu time because it is blocked - waiting for some I/O to complete. Therefore it's easy to get a high load and low cpu utilization. I find this in fact to be the most common reason (!) vmstat is your friend here. It's all in the man page, so use it and narrow down the process that's blocking. Maybe you have a threading race condition or similar. Also look into a hardware difference between this machine and the others, and differences in the kernel config and loaded modules. If all this reveals nothing, then maybe you do have a suspicious problem. In which case, post back real quick :-) -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Can't satisfy GLSA 200801-19 [SOLVED]
On Tue, 2008-02-12 at 09:57 +1100, [EMAIL PROTECTED] wrote: On Mon, Feb 11, 2008 at 09:24:41AM -0600, Michael Sullivan wrote: camille ~ # glsa-check -t all This system is affected by the following GLSAs: 200801-19 camille ~ # glsa-check -d 200801-19 GLSA 200801-19: GOffice: Multiple vulnerabilities Synopsis: Multiple vulnerabilities in GOffice could result in the execution of arbitrary code. Announced on: January 30, 2008 Last revised on: January 30, 2008: 01 Affected package: x11-libs/goffice Affected archs:All Vulnerable:0.6.1 Unaffected:=0.6.1 =~0.4.3 camille ~ # emerge -pv =x11-libs/goffice-0.6.1 These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] x11-libs/goffice-0.6.1 USE=gnome -debug 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB I've emerged this several times and glsa-check still claims it needs to be fixed. Why? I have had a similar issue with a Python GLSA. Have you checked to see if you have multiple versions installed (in slots)? Try 'emerge --unmerge --pretend goffice' and see if it offers to unmerge multiple versions. You may simply need to unmerge the vulnerable version to sort things out. That fixed it. There was a previous version (0.2.0 or something like that); I unmerged it and did a glsa-check -t all and it was gone... -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: Fake IMAP - Real IMAP
On 2008-02-12, Dan Farrell [EMAIL PROTECTED] wrote: I've been waiting and waiting and waiting forever for DSL to come to my neighborhood just so that I can switch to a decent provider and rid myself of this nonsense. Don't assume DSL will be better. They often block ports too (as you said, it's well within their service agreement to do so, but I still think it sucks). At least 'round here you have far more ISP choices with DSL. With cable all you get is a choice between 2-3 of the national send us your money and shut up ISPs. With DSL you can pick from at least a dozen and a couple of them are top notch local firms run by geeks for geeks. -- Grant Edwards grante Yow! ... I don't like at FRANK SINATRA or his visi.comCHILDREN. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] load too high
atop 3 filter by p El lun, 11-02-2008 a las 19:49 +, James escribió: Hello, One of the workstations (amd64 2gig ram) has a load that never drops below 1.0, as seen by top. Looking at a ps nothing stands out. I did notice that 'X' is at the top of the list, even when the machine is quiescent (nobody doing anything). Suspiciaous. Clearly I have a run away or hidden process using resources. Although all my system run kde 3.5.8 only one shows this problem. None of my other Gentoo system suffer this fate. Any ideas on finding the culprit(proccess)? James -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fake IMAP - Real IMAP
Grant wrote: I'm thinking I may not have explained this properly. My local ISP is Cox and I get the above list of filtered ports when port scanning my remote machine which is hosted halfway across the country. Cox can't prevent me from scanning the SMTP port on my remote machine right? My host must be filtering the ports? It's fairly standard practice on large mostly residential user ISPs to filter outgoing port 25 traffic to any IP, but the local SMTP servers. This stops a fair amount of spam, but can make troubleshooting complicated. kashani -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
On Mon, 11 Feb 2008 16:00:49 -0800 Grant [EMAIL PROTECTED] wrote: You can print from your laptop to your printer at home while overseas, for example. Sounds very convenient ; ) -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [OT again..] Technical networking question about changing GW
On Mon, 11 Feb 2008 11:28:16 -0600 [EMAIL PROTECTED] wrote: I happen to be in a situation where I have both a DSL and CABLE connection to internet up for the time being... (Until the DSL contract month runs out). It affords a nifty opportunity to do some experiments. Of course I tested the speeds of both and it varies between 200 and 500 % faster on the Cable connection. (Nice). Neat. You should set up advanced routing so you can use both at once. At first I used single machines connected independently to the respective IPs for testing, but it slowly dawned on me that I could hook everything up on the lan, to the same subnet and then just reset the GateWay target on individual machines as needed, for any of 6 machines. So currently I have two internet outlets and two gateway routers on 192.168.0.0/24 Good job! Many wouldn't have caught that possibility, I bet. Here's the technical part: Assume I have loaded a web page that downloads a video to my cache as it plays. Assume further there are several of these to be played one by one. After playing one, if I reset my GW (and I have also rest /etc/resolv.conf to use that gw address for dns [probably not totally necessary]). Right; you could use either to resolve. Followed by /etc/init.d/net.eth0 restart. You may not even need to do that. I think old ips should work OK with a reset router. Will the browser, which has not been restarted, now use the new gateway when I run the next link (or for testing, run the same link again), or will it continue on the same route (which is still available), that is, will the browser (firefox) continue using the original GW until the browser itself is restarted? AFAIK the browser is effectively 'stateless'. It shouldn't need to be restarted for it's behavior to reflect changes to route, ifconfig, or resolv.conf. I know I could track all this with tcpdump but it gets sort of cumbersome unless you've memorized the necessary commands to filter output down to something more usable. I usually get so tangled up with tcpdump I spend more time on it than the project at hand. I don't use it very frequently so inevitably spend gobs of time at `man tcpdump' instead of tending to what I started to do. Yeah, it's confusing. I usually use one of a few incantations: # tcpdump -i eth0 port not 22 that dumps packets on interface eth0 that arent to port 22 (which I was using to connect to the server, and gets messy real fast, as tcpdump itself will be sending over port 22, hence a never-ending cycle of tcpdump reporting its own traffic) or perhaps something like: # tcpdump -i eth0 port 80 that dumps all connections with port 80 on either side. Finally, for you, something like # tcpdump will dump everything. You can then ctrl-C and look through the output (shift-pageUp/Dn if you have scrollback buffer in the kernel) Why I ask is that the site I'm doing this on requires me to login and then relocate the stuff I want to see if I have to restart the browser. No, I do this stuff all the time (to set up vpn from coffeeshops and the like) and I don't ever restart my browser. I wanted to try to gauge if there was much of a noticeable difference with the two IP connections. And it would be handy to just step through the links changine the GW intermittently. Yes, you can do that, but if you put a linux box between the gateways and the network you can use both at once. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fake IMAP - Real IMAP
On Mon, 11 Feb 2008 10:14:59 -0500 Willie Wong [EMAIL PROTECTED] wrote: I've been waiting and waiting and waiting forever for DSL to come to my neighborhood just so that I can switch to a decent provider and rid myself of this nonsense. Don't assume DSL will be better. They often block ports too (as you said, it's well within their service agreement to do so, but I still think it sucks). -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: [OT] Interrogate network for devices
[EMAIL PROTECTED] wrote: It turned out to be a simple matter of cycling the various modem/router PC s in the right order. Once I got the help desk it took about 2 minutes to get things resolved. It was setup right just needed to recycle the Modem with router off. So that is why they told me to cut off everything then turn on in sequence from the cable to the puter. Makes sense now. Dale :-) :-) -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] eth0 = pcmcia + usb adapter
Hi, I'm having trouble installing gentoo on my old laptop... It says it can't find the interface eth0. I believe it has to do with the fact I have a pcmcia card with usb ports on which a usb2eth adapter is plugged. On another system I use on that laptop, it usually tries to recognize my net adapters first (doesn't find any), then recognizes pcmcia cards which enables support for the usb adapter, then in my rc.local I have to manually setup my ip address or tell to use dhcp. Hmmm, from inside the gentoo system, I found lsmod was empty (which could be normal as I wanted everything compiled in the kernel) and lspci was not found... I'm pretty confortable with everything exept these pcmcia cards... if anybody could give me a hand! Thanks, Simon Below are extracts from my current system (slax6rc6, livelinux based on slackware) ---(lspci)-- 00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (AGP disabled) (rev 03) 00:02.0 CardBus bridge: Toshiba America Info Systems ToPIC97 (rev 05) 00:02.1 CardBus bridge: Toshiba America Info Systems ToPIC97 (rev 05) 00:04.0 VGA compatible controller: Trident Microsystems Cyber 9525 (rev 49) 00:05.0 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 02) 00:05.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01) 00:05.2 USB Controller: Intel Corporation 82371AB/EB/MB PIIX4 USB (rev 01) 00:05.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 02) 00:07.0 Communication controller: Agere Systems 56k WinModem (rev 01) 00:0a.0 Communication controller: Toshiba America Info Systems FIR Port (rev 23) 00:0c.0 Multimedia audio controller: ESS Technology ES1978 Maestro 2E (rev 10) 05:00.0 USB Controller: NEC Corporation USB (rev 43) 05:00.1 USB Controller: NEC Corporation USB (rev 43) 05:00.2 USB Controller: NEC Corporation USB 2.0 (rev 04) ---(lsmod)--- Module Size Used by xt_multiport3968 1 nf_conntrack_ipv4 14220 1 xt_state2944 1 nf_conntrack 49160 2 nf_conntrack_ipv4,xt_state nfnetlink 5912 2 nf_conntrack_ipv4,nf_conntrack xt_tcpudp 4096 5 iptable_filter 3328 1 ip_tables 11620 1 iptable_filter x_tables 12420 4 xt_multiport,xt_state,xt_tcpudp,ip_tables snd_seq_dummy 3588 0 snd_seq_oss29696 0 snd_seq_midi_event 7040 1 snd_seq_oss snd_seq46544 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event snd_pcm_oss39584 0 snd_mixer_oss 14848 1 snd_pcm_oss capability 4232 0 commoncap 6272 1 capability fuse 38676 0 3c589_cs 11396 0 agpgart26568 0 lp 10792 0 parport_pc 24868 1 parport31816 2 lp,parport_pc psmouse35592 0 pegasus23568 0 mii 5632 1 pegasus radio_maestro 7296 0 compat_ioctl32 2176 1 radio_maestro ohci_hcd 19460 0 ehci_hcd 29964 0 videodev 25728 1 radio_maestro v4l2_common23296 1 videodev v4l1_compat14724 2 radio_maestro,videodev pcmcia 32172 1 3c589_cs snd_es1968 24832 0 gameport 12168 1 snd_es1968 snd_ac97_codec 93860 1 snd_es1968 ac97_bus2944 1 snd_ac97_codec snd_pcm68100 3 snd_pcm_oss,snd_es1968,snd_ac97_codec snd_timer 18948 2 snd_seq,snd_pcm donauboe 11008 0 snd_page_alloc 8328 2 snd_es1968,snd_pcm snd_mpu401_uart 7552 1 snd_es1968 snd_rawmidi19360 1 snd_mpu401_uart irda 109112 1 donauboe snd_seq_device 7308 4 snd_seq_dummy,snd_seq_oss,snd_seq,snd_rawmidi serio_raw 6148 0 crc_ccitt 2816 2 donauboe,irda pcspkr 3328 0 snd43108 11 snd_seq_oss,snd_seq,snd_pcm_oss,snd_mixer_oss,snd_es1968,snd_ac97_codec,snd_pcm,snd_timer,snd_mpu401_uart,snd_rawmidi,snd_seq_device soundcore 6752 1 snd ata_generic 6020 0 i2c_piix4 8332 0 i2c_core 18176 1 i2c_piix4 yenta_socket 24076 3 rsrc_nonstatic 11776 1 yenta_socket pcmcia_core33684 4 3c589_cs,pcmcia,yenta_socket,rsrc_nonstatic sg 27292 0 evdev 8960 0 usb_storage79936 3 uhci_hcd 21644 0 nls_iso8859_1 4864 1 nls_cp437 6528 1 aufs 97140 1 squashfs 45316 59 sqlzma 3844 1 squashfs unlzma 5504 1 sqlzma -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Clock issue
Hello all I just upgraded my kenel to 2.6.23-r8 and everything seems to be OK.Onlyissue I have is clock.Its +1 hour what it should be. I have this issue before and during boot there was some error that cant setup clock from /etc/conf.d/clock , you will have to set it up manualy .Unfortunetly I only have ssh acces to my machine and cant see exact error.In /etc/conf.d/clock I have local set up. Bios time is also what it should be. Before I build something in kernel and everything was fine. I just cant remember what was it :/ . Any help ? Thanks -- Amar Ćosić [EMAIL PROTECTED] [EMAIL PROTECTED] +38761240095 http://www.amar.co.ba
Re: [gentoo-user] Fake IMAP - Real IMAP
On Mon, Feb 11, 2008 at 08:54:06AM -0600, Dan Farrell wrote: Either is good; however you are going to need a different MX host for your mail I'm afraid. Since hosts can't connect to 25 they can't send mail directly to you. COX probably has provided an outgoing relay host, but didn't expect their customers to be receiving their own mail. jerks. Well, technically, if COX's service is anything like CableVision/Optimum Online's, the small print in the TOS usually does specify that you are not allowed to run servers on their residential network (for which the ports are filtered [OTOH, if you are on a business network, you should sue their ass for not delivering promised performance]). I know that there might be a technical/legal gray area as to whether a torrent tracker constitutes a server, but I am pretty sure that doing your own Mail would require having an SMTP server, explicitly disallowed by the TOS. I've been waiting and waiting and waiting forever for DSL to come to my neighborhood just so that I can switch to a decent provider and rid myself of this nonsense. -- Willie W. Wong 408 Fine Hall, Department of Mathematics, Princeton University, Princeton A mathematician's reputation rests on the number of bad proofs he has given. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
I'm hoping to use the vpn in three few ways: 1. imap and smtp between my laptop and the mail server 2. ssh from my laptop to the remote server 3. cups printing from the remote server to the print server I don't think you need a VPN to SSH from your laptop to the remote server -- SSH is already encrypted. For sure, but it seems like running SSH inside a VPN is better for security than running SSH on a non-standard port or even port knocking. If I need to set up a VPN for printing, shouldn't I use it for other stuff too? Maybe not, I have yet to actually use a VPN so please correct me if I'm wrong. There are other ways to make SSH more secure. For example, you could But what's wrong with this one? :) Honestly though, why would any of those methods be preferred to openvpn? only enable PubkeyAuthentication while disabling all other methods of Authentication, then use a large (4096-bit?) key pair with a strong passphrase[1] and use keychain[2] so you don't have to type in the passphrase all the time. OK, I'm exaggerating a bit with those passwords from GRC, but you get the idea. [1] https://www.grc.com/passwords.htm [2] http://www.gentoo.org/proj/en/keychain/ Also keep in mind the added overhead with OpenVPN -- your encrypted SSH traffic is again encrypted by the VPN. Is this significant? Would my SSH latency be increased, the system slowed down, or both? If your laptop is always behind your local firewall, then it should be sufficient to have an OpenVPN tunnel established between your local firewall/print server and your remote server. This should allow you to print. Configuring the routes on your laptop to go through your local firewall and VPN to the remote server should allow you to grab your mail. If you move around with your laptop then you'll need to establish the VPN tunnel to your remote server anytime you need to grab your mail from anywhere else but home (behind your local firewall). Ah, tunnels, OK. I need to think in terms of tunnels. I'll definitely be moving around and won't be behind my local firewall too much of the time. Can I set up the openvpn server on my remote system and keep a tunnel open between it and the firewall/print server for printing, and also initiate a tunnel between the laptop and the remote system whenever I need to mail or SSH? Does that sound like a good plan? Yep, that should work. With a 'permanent' tunnel established between your remote server and your local firewall/print server, you'll always have access to those too simply by connecting via VPN to your remote server. You can print from your laptop to your printer at home while overseas, for example. Nice, thanks Mike. - Grant -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] [OT] About Mozilla cache and online video watching
I'm sorry to be bringing so much stuff up on this forum that is actually off topic. No one has complained but if anyone knows where this question should be sent... please let me know. I'm trying to work out the sequence of events when playing videos from the internet. There are many freebies out there to practice on and some even worth keeping. Lots of tutorial type stuff. In the current case when I click a link to play a specific video I'm seeing a file downloaded into firefox cache that appears to persist for apparently whatever time user has set for cache stuff to linger. They pile up in there as more links are clicked. When I click a link a video appears in the browser window being played by mplayer and is in qt format. A file name consisting of numbers and uppercase letters appears in the cache. That file can be renamed with a *.mov (quicktime) extension and will play in mplayer or quicktime there after. However something strange happens when the file size is slightly above 25mb. In that case the name that appeared in the cache when downloading started, suddenly and instantly disappears when the download finishes. The embedded browser player can still play it as much as desired but the on disk file has totally disappeared or been moved somewhere else. The cache shows zero files, yet the embedded player seems unaffected. It appears to occur consistently just slightly above 25mb as reported by reiserfs and closely confirmed by information on the website that tells the file size. The online material itself does not appear to be protected or whatever since they are offered for free right on the internet for anyone. No login or the like required. I'm pretty sure the file is not being held in memory at that size and in fact one would expect the smaller ones to also be if that were the case. I would like to understand what is happening but don't really have a good idea how to track it down. Or even where to take such a question or search for information that might help. In the future I'd like to offer some of my own videos to my far flung family across the internet and would like to have a pretty good grasp on how it all works on both ends. Since I will be expected to debug or otherwise make sure things work smoothly. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: USB Mouse
On Feb 7, 2008 12:23 PM, Hilco Wijbenga [EMAIL PROTECTED] wrote: I have a USB mouse which likes to freeze up every now and then. Whenever I don't use my box for a little while (not necessarily long enough for the screen saver to kick in) and then touch the mouse, it will freeze right away or within a few seconds. Leaving X and starting X again doesn't fix the problem: I have to actually reboot. The only solution I have found is to make sure I use the keyboard to wake up the system. If I touch a key and wait a few seconds (that's important; if I use the mouse too fast it may still freeze up), I can safely use the mouse again without any trouble. So it looks like the USB mouse is going to sleep after a short period of inactivity and then refuses to wake up ... unless I use the keyboard first. There's a USB selective suspend/resume and wakeup in the kernel which I have made sure to deselect but that doesn't fix the problem. Does anyone else have this problem? Can anyone explain to me why this is happening? Does anyone know of a real solution? P.S. I have been running with the sys-kernel/mm-sources kernel which seems to behave much better but it's not officially supported so I went back to the regular sys-kernel/gentoo-sources kernel. I notice it's improved since the last time I tried it (i.e. the mouse doesn't freeze up as often anymore). Anyone? -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: [OT] Interrogate network for devices
Grant Edwards [EMAIL PROTECTED] writes: AFAICT, cable modems that act as bridges are becoming more rare (DSL bridges were always more rare than cable bridges for some reason). Comcast has tried to replace my (rented) bridge with a router a couple times, but I always insist that I want it replaced with a bridge. So far, they've done it, but I'm afraid one of these days they aren't going to have any more of the bridging models available. Assuming I've got it right that this modem is a bridging modem, it was just sent out to me a few days ago so maybe they are still using them here. (Gary Indiana). Scientific Atlanta (Its a division of Cisco) DPC2100R2 -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Kmail does not import gpg keys automatically?
Hey there! I wonder why Kmail does not import any gpg keys. For example on this list, many people sign their messages. But Kmail tells me something like this: Message was signed on xxx with unknown key xxx. The validity of the signature cannot be verified. Status: No public key to verify the signature OpenPGP is selected in Crypto Backends with default keyserver http://pgp.mit.edu Automatically import keys and certificates is also selected. gpg-agent is running, with the following config (gpg.conf): grep -v '^#' ~/.gnupg/gpg.conf | uniq keyserver-options auto-key-retrieve use-agent default-key 40A7BD65 utf8-strings verbose utf8-strings encrypt-to 0x40A7BD65 and gpg-agent.conf: grep -v '^#' ~/.gnupg/gpg-agent.conf | uniq pinentry-program /usr/bin/pinentry-qt no-grab default-cache-ttl 1800 debug-level basic log-file socket:///home/pholthau/.gnupg/log-socket allow-mark-trusted I am running Kmail 1.9.7 (KDE 3.5.8) and gnupg 2.0.7. Anyone knows whats going wrong? Thanks Patrick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Which arch do I have ?
As you have an Intel Core Duo, you should have the EMT64E version - Intel's version of the AMD64 instruction set - thus x86-64 compatible. Best place to check is Intel's website - here's what I found: http://processorfinder.intel.com/details.aspx?sspec=sl9dv http://developer.intel.com/design/mobile/core/duodocumentation.htm With EMT64E, you will be able to compile for 64-bit mode using the x86-64 builds. (You can only use Intel64 if you have the Itanium procs if memory serves.) However, unless you specifically install the x86-64/AMD64/64-bit version, you will have a 32-bit x86 environment and kernel. You can upgrade if you like...see other threads for that info. HTH, Ben Wael Nasreddine wrote: Hello, It's been like 6 months I'm using the arch i686, but today I saw on this page[1] something that confused me, saying that I have an x86_64 arch I have a Toshiba A135-S4427 with Intel dual core 1.73Ghz here's the output of /proc/cpuinfo CUT processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 14 model name : Genuine Intel(R) CPU T2250 @ 1.73GHz stepping: 8 cpu MHz : 800.000 cache size : 2048 KB physical id : 0 siblings: 2 core id : 0 cpu cores : 2 fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 10 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon bts pni monitor est tm2 xtpr bogomips: 3460.63 clflush size: 64 processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 14 model name : Genuine Intel(R) CPU T2250 @ 1.73GHz stepping: 8 cpu MHz : 800.000 cache size : 2048 KB physical id : 0 siblings: 2 core id : 1 cpu cores : 2 fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 10 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon bts pni monitor est tm2 xtpr bogomips: 3457.55 clflush size: 64 CUT So which arch do I really have?? [1]: http://docs.fedoraproject.org/install-guide/f8/en_US/sn-which-arch.html -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Which arch do I have ?
On Feb 11, 2008 10:17 PM, Wael Nasreddine [EMAIL PROTECTED] wrote: Hello, It's been like 6 months I'm using the arch i686, but today I saw on this page[1] something that confused me, saying that I have an x86_64 arch I have a Toshiba A135-S4427 with Intel dual core 1.73Ghz here's the output of /proc/cpuinfo CUT processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 14 model name : Genuine Intel(R) CPU T2250 @ 1.73GHz stepping: 8 cpu MHz : 800.000 cache size : 2048 KB physical id : 0 siblings: 2 core id : 0 cpu cores : 2 fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 10 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon bts pni monitor est tm2 xtpr bogomips: 3460.63 clflush size: 64 processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 14 model name : Genuine Intel(R) CPU T2250 @ 1.73GHz stepping: 8 cpu MHz : 800.000 cache size : 2048 KB physical id : 0 siblings: 2 core id : 1 cpu cores : 2 fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 10 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon bts pni monitor est tm2 xtpr bogomips: 3457.55 clflush size: 64 CUT So which arch do I really have?? Hi, AFAIK the T2250 is a Yonah, which is only 32bits. Boris. [1]: http://docs.fedoraproject.org/install-guide/f8/en_US/sn-which-arch.html -- Wael Nasreddine http://wael.nasreddine.com PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2 .: An infinite number of monkeys typing into GNU emacs, would never make a good program. (L. Torvalds 1995) :. -- $ ruby -e'puts .:@BFegiklnorst.unpack(x4ax7aaX6ax5aX15ax4aax6aaX7ax2 \ aX5aX8axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4 \ ax3aX4aXaX12ax10aaX7a).join' -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Kmail does not import gpg keys automatically?
Hi and thanks for the reply! I use hkp://subkeys.pgp.net as my default keyserver and do not seem to have such a problem (unless I open a new message offline, which has a new key that has not been imported yet from the keyserver). I changed the default server to the one you use. It seems to work now. gpg --refresh-keys had an error with the MIT server and it works with yours. Nevertheless I have to set the trust to ultimately of each imported key in KGPG, right? Patrick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Re: [OT again..] Technical networking question about changing GW
Dan Farrell [EMAIL PROTECTED] writes: I wanted to try to gauge if there was much of a noticeable difference with the two IP connections. And it would be handy to just step through the links changine the GW intermittently. Yes, you can do that, but if you put a linux box between the gateways and the network you can use both at once. Thanks for the tips... I'm pretty sure I've done that before in a similar situation a couple years ago. I don't recall exactly what I did now but I had only one nic on the linux machine and ran two routers each with an Internet connection. Seems like it was a matter of setting a static route to some internet address through the second gateway, but I've forgotten if there was more to it. The trick is getting stuff to use something besides the default route. Ping can be directed but not any applications like browsers that I know of. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Which arch do I have ?
Hello, It's been like 6 months I'm using the arch i686, but today I saw on this page[1] something that confused me, saying that I have an x86_64 arch I have a Toshiba A135-S4427 with Intel dual core 1.73Ghz here's the output of /proc/cpuinfo CUT processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 14 model name : Genuine Intel(R) CPU T2250 @ 1.73GHz stepping: 8 cpu MHz : 800.000 cache size : 2048 KB physical id : 0 siblings: 2 core id : 0 cpu cores : 2 fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 10 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon bts pni monitor est tm2 xtpr bogomips: 3460.63 clflush size: 64 processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 14 model name : Genuine Intel(R) CPU T2250 @ 1.73GHz stepping: 8 cpu MHz : 800.000 cache size : 2048 KB physical id : 0 siblings: 2 core id : 1 cpu cores : 2 fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 10 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon bts pni monitor est tm2 xtpr bogomips: 3457.55 clflush size: 64 CUT So which arch do I really have?? [1]: http://docs.fedoraproject.org/install-guide/f8/en_US/sn-which-arch.html -- Wael Nasreddine http://wael.nasreddine.com PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2 .: An infinite number of monkeys typing into GNU emacs, would never make a good program. (L. Torvalds 1995) :. pgpur5icYGojK.pgp Description: PGP signature
[gentoo-user] Re: Fake IMAP - Real IMAP
On 2008-02-11, Grant [EMAIL PROTECTED] wrote: I'm thinking I may not have explained this properly. My local ISP is Cox and I get the above list of filtered ports when port scanning my remote machine which is hosted halfway across the country. Cox can't prevent me from scanning the SMTP port on my remote machine right? My host must be filtering the ports? It's fairly standard practice on large mostly residential user ISPs to filter outgoing port 25 traffic to any IP, but the local SMTP servers. This stops a fair amount of spam, but can make troubleshooting complicated. Crazy, I didn't think they filtered outgoing ports. Some do. I try not to deal with ISPs that do that. So far, so good. This doesn't mean I need an MX host other than my remote server right? Right. The MX is fine. You just need an ISP that doesn't suck or a way around an ISP that does. It's not like the server connects via residential Cox, it's a hosted system. I should be able to use SMTP from my laptop if I set up openvpn right? Yup. I told you there were going to be plenty of other uses for a VPN besides printing. :) -- Grant Edwards grante Yow! I want the presidency at so bad I can already taste visi.comthe hors d'oeuvres. -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] [OT again..] Technical networking question about changing GW
I happen to be in a situation where I have both a DSL and CABLE connection to internet up for the time being... (Until the DSL contract month runs out). It affords a nifty opportunity to do some experiments. Of course I tested the speeds of both and it varies between 200 and 500 % faster on the Cable connection. (Nice). At first I used single machines connected independently to the respective IPs for testing, but it slowly dawned on me that I could hook everything up on the lan, to the same subnet and then just reset the GateWay target on individual machines as needed, for any of 6 machines. So currently I have two internet outlets and two gateway routers on 192.168.0.0/24 Here's the technical part: Assume I have loaded a web page that downloads a video to my cache as it plays. Assume further there are several of these to be played one by one. After playing one, if I reset my GW (and I have also rest /etc/resolv.conf to use that gw address for dns [probably not totally necessary]). Followed by /etc/init.d/net.eth0 restart. Will the browser, which has not been restarted, now use the new gateway when I run the next link (or for testing, run the same link again), or will it continue on the same route (which is still available), that is, will the browser (firefox) continue using the original GW until the browser itself is restarted? I know I could track all this with tcpdump but it gets sort of cumbersome unless you've memorized the necessary commands to filter output down to something more usable. I usually get so tangled up with tcpdump I spend more time on it than the project at hand. I don't use it very frequently so inevitably spend gobs of time at `man tcpdump' instead of tending to what I started to do. Why I ask is that the site I'm doing this on requires me to login and then relocate the stuff I want to see if I have to restart the browser. I wanted to try to gauge if there was much of a noticeable difference with the two IP connections. And it would be handy to just step through the links changine the GW intermittently. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] OpenVPN setup
Hi Grant, On Tue, Feb 12, 2008 at 8:11 AM, Grant [EMAIL PROTECTED] wrote: I'm hoping to use the vpn in three few ways: 1. imap and smtp between my laptop and the mail server 2. ssh from my laptop to the remote server 3. cups printing from the remote server to the print server I don't think you need a VPN to SSH from your laptop to the remote server -- SSH is already encrypted. For sure, but it seems like running SSH inside a VPN is better for security than running SSH on a non-standard port or even port knocking. If I need to set up a VPN for printing, shouldn't I use it for other stuff too? Maybe not, I have yet to actually use a VPN so please correct me if I'm wrong. There are other ways to make SSH more secure. For example, you could only enable PubkeyAuthentication while disabling all other methods of Authentication, then use a large (4096-bit?) key pair with a strong passphrase[1] and use keychain[2] so you don't have to type in the passphrase all the time. OK, I'm exaggerating a bit with those passwords from GRC, but you get the idea. [1] https://www.grc.com/passwords.htm [2] http://www.gentoo.org/proj/en/keychain/ Also keep in mind the added overhead with OpenVPN -- your encrypted SSH traffic is again encrypted by the VPN. If your laptop is always behind your local firewall, then it should be sufficient to have an OpenVPN tunnel established between your local firewall/print server and your remote server. This should allow you to print. Configuring the routes on your laptop to go through your local firewall and VPN to the remote server should allow you to grab your mail. If you move around with your laptop then you'll need to establish the VPN tunnel to your remote server anytime you need to grab your mail from anywhere else but home (behind your local firewall). Ah, tunnels, OK. I need to think in terms of tunnels. I'll definitely be moving around and won't be behind my local firewall too much of the time. Can I set up the openvpn server on my remote system and keep a tunnel open between it and the firewall/print server for printing, and also initiate a tunnel between the laptop and the remote system whenever I need to mail or SSH? Does that sound like a good plan? Yep, that should work. With a 'permanent' tunnel established between your remote server and your local firewall/print server, you'll always have access to those too simply by connecting via VPN to your remote server. You can print from your laptop to your printer at home while overseas, for example. Mike -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] gnome overlay?
Thanks for the help. I'm updating rhythmbox via layman now. Not sure why evolution-data-server is a dependency though. it's required by totem-pl-parser for some reason: Do you have the eds USE flag set? No I've actually got -eds in make.conf. - Grant -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Fake IMAP - Real IMAP
I'm thinking I may not have explained this properly. My local ISP is Cox and I get the above list of filtered ports when port scanning my remote machine which is hosted halfway across the country. Cox can't prevent me from scanning the SMTP port on my remote machine right? My host must be filtering the ports? It's fairly standard practice on large mostly residential user ISPs to filter outgoing port 25 traffic to any IP, but the local SMTP servers. This stops a fair amount of spam, but can make troubleshooting complicated. Crazy, I didn't think they filtered outgoing ports. This doesn't mean I need an MX host other than my remote server right? It's not like the server connects via residential Cox, it's a hosted system. I should be able to use SMTP from my laptop if I set up openvpn right? - Grant kashani -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] eth0 = pcmcia + usb eth
Hi, I'm having trouble installing gentoo on my old laptop... It says it can't find the interface eth0. I believe it has to do with the fact I have a pcmcia card with usb ports on which a usb2eth adapter is plugged. On another system I use on that laptop, it usually tries to recognize my net adapters first (doesn't find any), then recognizes pcmcia cards which enables support for the usb adapter, then in my rc.local I have to manually setup my ip address or tell to use dhcp. Hmmm, from inside the gentoo system, I found lsmod was empty (which could be normal as I wanted everything compiled in the kernel) and lspci was not found... I'm pretty confortable with everything exept these pcmcia cards... if anybody could give me a hand! Thanks, Simon -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] [O.T] Satellite A40-201 changing hard disk
Hi, has someone changed the hard disk of that laptop? (or one from its family?) Any advice? May I buy a generic one? TIA, -- Arnau Bria http://blog.emergetux.net Bombing for peace is like fucking for virginity -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: USB Mouse
On Feb 7, 2008 12:23 PM, Hilco Wijbenga [EMAIL PROTECTED] wrote: I have a USB mouse which likes to freeze up every now and then. Whenever I don't use my box for a little while (not necessarily long enough for the screen saver to kick in) and then touch the mouse, it will freeze right away or within a few seconds. Leaving X and starting X again doesn't fix the problem: I have to actually reboot. The only solution I have found is to make sure I use the keyboard to wake up the system. If I touch a key and wait a few seconds (that's important; if I use the mouse too fast it may still freeze up), I can safely use the mouse again without any trouble. So it looks like the USB mouse is going to sleep after a short period of inactivity and then refuses to wake up ... unless I use the keyboard first. There's a USB selective suspend/resume and wakeup in the kernel which I have made sure to deselect but that doesn't fix the problem. It looks like a hardware problem: have you tried a variety of mouses ? Have you tried plugging onto all your USB ports ? -- ,, SUPPORT ___//___, Philip Webb : [EMAIL PROTECTED] ELECTRIC /] [] [] [] [] []| Centre for Urban Community Studies TRANSIT`-O--O---' University of Toronto -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: {OT} CUPS alternative?
On Mon, 11 Feb 2008 06:23:23 -0800 Grant [EMAIL PROTECTED] wrote: I cringe at the idea of having to use a VPN for imap, however. Why? Would you say the same of using it for SMTP? I read email rather compulsively I guess, and would hate to be bothered with VPNs, then use an encrypted mail session anyway. I was thinking authentication + VPN, but maybe that's overkill. I kinda like the idea of everything non-public going through the VPN. Nobody should be in there but me so there's no trust problem. Is that too much? No, especially not if you don't have other admins to deal with. There are only three machines involved here: 1. remote web/mail server, print client 2. local firewall/router/print server 3. local web/mail/print client I think it would make sense to make machine #2 the VPN server, but it is not nearly as reliable as machine #1 in terms of the internet connection and the hardware (machine #2 is getting old). I would hate to be out of town and lose access to all email services because machine #2 goes down. Machine #1 basically never goes down. Could I make #1 the VPN server to maximize reliability and have everything work the way I want it to? Yes, any of the computers can be the server. I would put it on the connection with best upload speeds myself, but your considerations here seem relevant. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Gentoo Install CD 2008.Feb.08. minimal i686
Hi, Torrent file available here: http://www.torrentbox.com/torrent_details?id=174031 http://isohunt.com/release/116718/gentoo?poster=cat=-1 They are the same, but isohunt is only a search engine, while the torrentbox is the tracker. Please help to seed if you can. Thank you, István Magyarszkiul: van torrent, ha tudsz, segíts a seed-ben, köszönöm! -- BSA. Mert megérdemlitek. Open Source. Mert megérdemlem. -- BSA. They value it. Open Source. The value. It. -- http://www.osbusiness.hu -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Re: [OT] Interrogate network for devices
[EMAIL PROTECTED] writes: I've recently switched from DSL to Cable connection but still have both working currently. I've snipped all responses but carefully read through them. I think I didn't provide enough info at the outset. I see now that this cable modem has no ethernet address as several posters have suggested. Listing models may help the discussion so here they are: The Comcast Cable modem: Scientific Atlanta-DPC2100RC (has MAC listed on the sticker) Two different Netgear Router/firewalls have been tried. Same router but older and newer models: Older Netgear: FVS318 (Says Cable/DSL PROsafe VPN Firewall FVS318 across the front) Newer Netgear: FVS318v3 (Says Cable/DSL PROsafe VPN Firewall FVS318 across the front) The newer one is a couple of years newer and purchased about 1 yr ago. It may just be software differences but they do have somewhat different interfaces. The older one is using the latest software it is capable of loading, as is the newer one, but in the later case the software is a newer version than the old one supports. One curious thing here is that both of these Netgear routers have at one time or another been connected to a Comcast provided modem and worked fine. In both of those cases the Netgear using its connection wizard, simply found and ID'ed the cable modem... and just worked from there on. I only setup the lanside addressing since I prefer all static addresses inside. Ditto for DSL... again both Netgear routers have worked with DSL routers and again the connection was established by simply running the connection wizard. In the current case, neither of these routers was able to just identify and connect to the cable modem or internet through it. And in both cases the wizard ends up saying the connection type is STATIC and offers to accept the static addresses from user. I doubt the addressing is really STATIC. I think my next step here will be to take the IP address and Nameserver from IPconfig (or netstat) on the windows box that will connect using the Cable modem, and see if those addresses will work when inserted into the netgears as static outside addresses to connect to. If that works, It may hold until a new address is issued for whatever reason from comcast... and I may get some help from them by then. I will report back if there is any interest? -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [O.T] Satellite A40-201 changing hard disk
On Mon, 11 Feb 2008 11:55:29 +0100 Arnau Bria [EMAIL PROTECTED] wrote: Hi, has someone changed the hard disk of that laptop? (or one from its family?) Any advice? May I buy a generic one? TIA, judging by http://es.computers.toshiba-europe.com/cgi-bin/ToshibaCSG/jsp/SUPPORTSECTION/discontinuedProductPage.do?service=EScom.broadvision.session.new=YesPRODUCT_ID=83494 it appears to be a 'normal' laptop, any 'normal' 2.5 drive should work. If I were you I'd take out the drive and make sure you get the same kind -- but I haven't heard of anything funky going on with the drives recently. any generic drive should do the trick. -- gentoo-user@lists.gentoo.org mailing list
