[gentoo-user] Unknown keyword arguments "Description" during babl/meson build

2022-05-15 Thread Kevin Chadwick
Hi,

New to Gentoo to get away from systemd CVEs and I enabled vaapi and IN10N use
flags and after changed-use it suggested rebuild-rdeps rebuilding many packages.

During babl and so meson build.

I get 'Unknown keyword arguments "Description"' in the meson log.

A similar message to here. "https://gitlab.gnome.org/GNOME/babl/-/issues/72";

I assume I just wait for the build to be fixed or is it more likely that I did
something wrong?

Regards, Kc



Re: [gentoo-user] Portage: emerge(1) ebuild(1) ebuild.sh

2021-01-07 Thread Kevin Shell
On Thu, Jan 07, 2021 at 08:51:40AM +, Neil Bothwick wrote:
> On Thu, 7 Jan 2021 16:43:00 +0800, Kevin Shell wrote:
>
> > What's the relationship between
> > ebuild(1) & emerge(1), ebuild(1) & ebuild.sh?
>
> emerge is the high level command normally used by users to manage
> packages. ebuild is only used for installing and removing packages,
> emerge does a lot more besides, and is a more low level command.
> ebuild.sh is for use by portage, bit by users.
>
Is ebuild(1) meant for standalone use and not used by emerge(1)?
I know ebuild.sh is used by emerge(1).

> > Why the ebuild(1)(python script) command exists,
> > is it for debugging ebuild scripts?
>
> That is one of its main uses, it can also be used to hack the ebuild
> process.
>
>
> --
> Neil Bothwick

Thanks for reply.

--
kevin



[gentoo-user] Portage: emerge(1) ebuild(1) ebuild.sh

2021-01-07 Thread Kevin Shell
Hello gentoo list.

What's the relationship between
ebuild(1) & emerge(1), ebuild(1) & ebuild.sh?

Why the ebuild(1)(python script) command exists,
is it for debugging ebuild scripts?

--
kevin



[gentoo-user] Re: Well, I went about updating my system again. (day 6)

2016-12-09 Thread Kevin Monceaux
On Fri, Dec 09, 2016 at 07:41:51PM +, Grant Edwards wrote:
 
> I think he meant that from a "desktop productivity" standpoint, the
> two are the same: you have to close every single program you are using
> and then start over.

I'm old fashioned.  I use text based apps as much as possible.  I'm using
mutt and vim to compose this e-mail, for example.  They're running under
screen, which is running in an rxvt-unicode terminal under dwm.  I could
detach my screen session, exit rxvt-unicode and bounce dwm without having to
exit vim or mutt.  I also have music playing via moc in another screen
session.  Thanks to screen I could bounce my window manager without missing
a beat.  :-)



-- 

Kevin
http://www.RawFedDogs.net
http://www.Lassie.xyz
http://www.WacoAgilityGroup.org
Bruceville, TX

What's the definition of a legacy system? One that works!
Errare humanum est, ignoscere caninum.



Re: [gentoo-user] Re: Well, I went about updating my system again. (day 6)

2016-12-08 Thread Kevin Monceaux
On Wed, Dec 07, 2016 at 06:42:21PM -0500, Alan Grimes wrote:
 
> -> Updating weekly, as I used to do is a Good Idea, Agreed.

Sounds like a good idea.  I update anywhere from daily to a few times a
week.  Every once in a while I loose track of the time and go a week or so
between updates.  A "long time" between updates for me would be a couple of
weeks.

> --> X11 would probably need to be shut down two which is equivalent to a
> reboot on a desktop system anyway.

Shutting down X11 doesn't appear to be equivalent to a reboot on my desktop.
If I shut down X11, my uptime still keeps accumulating.  

I'm way overdue for a reboot to switch to a newer kernel.  It's been 83 days
since my last reboot.  I've built a couple of new kernels that I haven't
tested yet.  

-- 

Kevin
http://www.RawFedDogs.net
http://www.Lassie.xyz
http://www.WacoAgilityGroup.org
Bruceville, TX

What's the definition of a legacy system? One that works!
Errare humanum est, ignoscere caninum.



Re: [gentoo-user] [OT] What's up with Firefox?

2013-07-04 Thread Kevin Thompson

On Jul 4, 2013, at 10:29, Peter Humphrey  wrote:

> Sorry to be a nuisance but I can't think of where else to ask.
> 
> On the website I run I have a link to our Twitter profile (or whatever it's 
> called). This is the link:
> 
>https://twitter.com/TideswellMVC
> 
> If I examine the page using the web host's file editor I see exactly that, 
> yet if I press CTRL-U in www-client/firefox-17.0.7 it shows this:
> 
>https://twitter.com/#%21/TideswellMVC
> 
> and if I click the link in the main window I'm asked for a login and 
> password.
> 
> Trying the latest Windows version of Firefox in an XP virtual box I get the 
> unaltered link. I can't tell what version that is because "About Firefox" 
> merely checks, then tells me I'm up to date.
> 
> Incidentally, I have a web server running on my LAN with an identical copy 
> of the site. Using that as the target, rather than the public version, gives 
> the same results.
> 
> I haven't used JavaScript anywhere.
> 
> What's going on here?
> 
> -- 
> Peter
> 
> 

What architecture are you running this on? What USE flags are enabled with 
Firefox?


[gentoo-user] conky crashes with JSON output.

2013-05-05 Thread Kevin Thompson
Hello, everyone. I'm experiencing some problems with conky that seems to
be Gentoo-specific. All of my friends running other distributions are
able to run my configuration file just fine. Here's the output from
conky:

7f2af50f5000-7f2af52f4000 ---p 0012 08:02 1469347
/usr/lib64/libglib-2.0.so.0.3400.3
7f2af52f4000-7f2af52f5000 r--p 0011f000 08:02 1469347
/usr/lib64/libglib-2.0.so.0.3400.3
7f2af52f5000-7f2af52f6000 rw-p 0012 08:02 1469347
/usr/lib64/libglib-2.0.so.0.3400.3
7f2af52f6000-7f2af52f7000 rw-p  00:00 0 
7f2af52f7000-7f2af5346000 r-xp  08:02 393324
/lib64/libncurses.so.5.9
7f2af5346000-7f2af5545000 ---p 0004f000 08:02 393324
/lib64/libncurses.so.5.9
7f2af5545000-7f2af5549000 r--p 0004e000 08:02 393324
/lib64/libncurses.so.5.9
7f2af5549000-7f2af554a000 rw-p 00052000 08:02 393324
/lib64/libncurses.so.5.9
7f2af554a000-7f2af554b000 rw-p  00:00 0 
7f2af554b000-7f2af5553000 r-xp  08:02 395702
/lib64/libiw.so.30
7f2af5553000-7f2af5752000 ---p 8000 08:02 395702
/lib64/libiw.so.30
7f2af5752000-7f2af5753000 r--p 7000 08:02 395702
/lib64/libiw.so.30
7f2af5753000-7f2af5754000 rw-p 8000 08:02 395702
/lib64/libiw.so.30
7f2af5754000-7f2af576c000 r-xp  08:02 393403
/lib64/libpthread-2.15.so
7f2af576c000-7f2af596b000 ---p 00018000 08:02 393403
/lib64/libpthread-2.15.so
7f2af596b000-7f2af596c000 r--p 00017000 08:02 393403
/lib64/libpthread-2.15.so
7f2af596c000-7f2af596d000 rw-p 00018000 08:02 393403
/lib64/libpthread-2.15.so
7f2af596d000-7f2af5971000 rw-p  00:00 0 
7f2af5971000-7f2af5992000 r-xp  08:02 393396
/lib64/ld-2.15.so
7f2af59ab000-7f2af5b7 r--p  08:02 1588257
/usr/lib64/locale/locale-archive
7f2af5b7-7f2af5b76000 rw-p  00:00 0 
7f2af5b8f000-7f2af5b92000 rw-p  00:00 0 
7f2af5b92000-7f2af5b93000 r--p 00021000 08:02 393396
/lib64/ld-2.15.so
7f2af5b93000-7f2af5b94000 rw-p 00022000 08:02 393396
/lib64/ld-2.15.so
7f2af5b94000-7f2af5b95000 rw-p  00:00 0 
7fff6c9e6000-7fff6ca07000 rw-p  00:00 0
[stack]
7fff6ca6c000-7fff6ca6d000 r-xp  00:00 0
[vdso]
ff60-ff601000 r-xp  00:00 0
[vsyscall]
[1]2770 abort  conky -c .i3/conkyrc

This happens when I kill my network and conky is running. The
configuration for my network is as follows:

{ "full_text" : "${if_up wlp9s0}Wifi:${else}${if_up
enp8s0}Eth:${else}Network Down$endif$endif" , "separator": ${if_up
wlp9s0}false${else}${if_up enp8s0}false${else}true$endif$endif ,
"separator_block_width" : ${if_up wlp9s0}4${else}${if_up
enp8s0}4${else}6$endif$endif , "color" : "\#4c7899" },
  { "full_text" : "${if_up wlp9s0}${wireless_essid wlp9s0}${else}${if_up
  enp8s0}up$endif$endif" , "color" : ${if_up wlp9s0}${if_match
  ${wireless_link_qual_perc wlp9s0}>90}"\#4E9A06"${else}${if_match
  ${wireless_link_qual_perc
  wlp9s0}>80}"\#C4A000"${else}"\#CC"${else}${if_up
  enp8s0}"\#4E9A06"$endif$endif$endif$endif },

Here is the output of conky -v:

Conky 1.9.0 compiled Sun May  5 18:03:28 CDT 2013 for Linux
3.7.10-gentoo-r1 (x86_64)

Compiled in features:

System config file: /etc/conky/conky.conf
Package library path: /usr/lib64/conky


 Music detection:
   * MPD
   * MOC

 General:
   * math
   * portmon
   * wireless
   * config-output
   * iostats
   * ncurses

Any ideas?



Re: [gentoo-user] problem trying to play sound when pulse audio is enabled

2013-04-29 Thread Kevin Thompson
; >>
> > >> >> I think of the following; try to delete both /root/.pulse and
> > >> >> $HOME/.pulse, and rebooting (probably a logout/login should suffice,
> > >> >> but you never know).
> > >> >>
> > >> >> Another thing: if you installed PA since GNOME 3.8 needs it, why are
> > >> >> you using it without GNOME? If you use GNOME, the session manager will
> > >> >> automatically start PA as a user for you, and everything should work.
> > >> >> If you are not running GNOME, why do you run PA? If you are at the
> > >> >> console without X running, just don't use PA. Use mplayer -ao alsa or
> > >> >> whatever.
> > >> >>
> > >> >> Or do you want to run several audio apps in the console?
> > >> >
> > >> > I want to run apps from the console, but to start gnome when I need it.
> > >>
> > >> Then do that. When you start GNOME, it will start PA automatically:
> > >> you don't need to do anything. Don't try to start PA yourself; it's
> > >> DBus activated.
> > >>
> > >>
> > >> > I am running pa as a user and things are still not working, except for
> > >> > the root user who can play sounds.
> > >>
> > >> I repeat: you don't need to run PA. GNOME will start it for you.
> > >
> > > But will that workif I have spawn=no in my /etc/pulse/client.conf which
> > > I have to have for regular apps to work from theconsole?  Or is there
> > > some other way to make this happen?
> > 
> > I don't understand the question. If you don't run PA by yourself, then
> > it will be started only when using GNOME. And if you are using GNOME,
> > you can use the nice sound settings dialog to get your sound.
> > 
> > If you don't start GNOME, then PA will not be started. If you don't
> > have sound in your console even without PA running, then is for some
> > issue completely unrelated to PA.
> > 
> > PA should not be started if you only log in through the console.
> > Unless you are still running it system-wide, which is basically
> > unsupported.
> 
> OK, we will see what happens, so I have set spawn=no which should work
> to prevent pa except in gnome, so hopefully that should work.
> 
> Thanks for clarifying this for me.
> 
> 
> -- 
> Your life is like a penny.  You're going to lose it.  The question is:
> How do
> you spend it?
> 
>  John Covici
>  cov...@ccs.covici.com
> 

I had the same issue here when installing pulseaudio. I don't use GNOME,
so that does take part of the equation away. The problem was solved by
changing permissions to /dev/snd and it's containing files. After
chmodding /dev/snd/* to 666, I was able to play sounds as a normal user.
In the Gentoo guide, it mentions this, and it also mentions taking your
user out of the audio group if you're currently in it. Please see
http://wiki.gentoo.org/wiki/PulseAudio#Root_can_play_sound.2C_other_users_cannot
for more detailed information.

Very Respectfully,

Kevin Thompson



Re: [gentoo-user] Removing pulseaudio

2013-04-26 Thread Kevin Chadwick
> > the
> > solution (in the GNOME developers view) is not to "remove PA", since
> > the goal of the project is to cover *ALL* use cases.  
> 
> I don't know the details of the pulseaudio implementation but I have a
> hunch the problem boils down to blind arrogance and ignorance on the
> part of the roots of the project.


When trying to hunt down a thread to let a guy on the OpenBSD list
know about Gnome 3.8 hard deps on pulseaudio. I came across this
sarcasm about a comment by Lennart from a fairly prominent dev that
adds to the idea of arrogance and ignorance possibly being a
contributing factor.



Lennart is a funny, funny man, go check the avahi code to see how nice
it is.

"When working on Avahi I learned a lot about the complexities of safely
and reliably running and maintaining system services, and about
securing them as much as possible, which is particularly important for
network facing services like Avahi. I implemented a lot of
pretty nifty features in 
this area in Avahi. For example, Avahi is still pretty much
the *only daemon* on a standard Linux install that chroot()s
itself by default."
___

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Removing pulseaudio

2013-04-26 Thread Kevin Chadwick
> the
> solution (in the GNOME developers view) is not to "remove PA", since
> the goal of the project is to cover *ALL* use cases.

I don't know the details of the pulseaudio implementation but I have a
hunch the problem boils down to blind arrogance and ignorance on the
part of the roots of the project.

Initially Lennart thought it truly would suit all including pro
audio users and as he has apparently stated he thinks all systems should
run dbus...endof. Knowing a bit about pro audio myself with my Dad
building his first Class A/B amp in his twenties it is not just
feasible but close to a guarantee that Lennart did not realise what
level of detail goes into pro audio including analysing cd players to
find they add timing issues and the windows mixer found to cause real
damage and need bypassing just like pulseaudio needs switching off
(windows being worse however). It is actually very easy to bypass on
Windows though, you just install whatever mixer comes with your pro
sound card driver.

There is nothing wrong with mis understanding the depth proaudio goes
to. The problem is coders should expect their software to be
replaceable and code with that in mind with the added benefit of
competition being good especially in a free software ecosystem where one
of the plusses has been avoiding user entrapment to make money.

As for Desktop distros, they make an understandable choice of PA by
default but what I especially don't understand and demonstrates the
dependency issue is getting much worse is why removing polkit on Ubuntu
means you lose.

KDE
Steam-launcher
nvidia-settings
pulseaudio
many many more..

All of which would function just fine and in most cases perfectly via
sudo.

Polkit tries to do two things well and fails at the second which sudo
does very well indeed, unfortunately many developers don't seem to
understand that.

Pulseaudio, well I am not sure if it is the design of pulseaudio and
lack of utilising universal interfaces or the programs that use it such
as Gnome and the packagers setting dependencies badly. Perhaps if
packagers were more careful there would be less work for Gentoo in
trying to give users choice and more reason for Gnome not to depend upon
a package.


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] [gentoo-user] Re: [Bulk] Re: Removing pulseaudio

2013-04-25 Thread Kevin Chadwick
> >
> > So are you saying plugs are no longer required or that they are only
> > needed for certain apps that take over the audio device.  
> 
> I don't even know exactly what ALSA plugs are, and ALSA has worked
> perfectly for all these years, so yeah, whatever an ALSA plug is, either
> it is not required anymore, or it is handled automagically by ALSA.

Just did a quick Google to refresh my memory and I used plug:dmix as the
device file name in order to prevent apps hogging the sound card.

From Wikipedia

"A card's interface is a description of an ALSA protocol for accessing
the card; possible interfaces include: hw, plughw, default, and
plug:dmix. The hw interface provides direct access to the kernel
device, but no software mixing or stream adaptation support. The plughw
and default enable sound output where the hw interface would produce an
error."

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] Removing pulseaudio

2013-04-25 Thread Kevin Chadwick
> Am 23.04.2013 22:59, schrieb William Hubbs:
> > On Fri, Apr 19, 2013 at 09:49:19AM +0100, Kevin Chadwick wrote:
> >>> Feel free to remove PA if you don't need it. I really don't see any
> >>> scope for Lennart to make all of alsa redundant anytime soon (unlike
> >>> udev...)
> >>
> >> Of course from many threads from a pro audio user called Ralf, Gentoo
> >> users and so a fraction of Linux users are the only ones lucky enough
> >> to be able to do that *easily* whilst keeping packages they want,
> >> especially Gnome ones!
> > 
> > I"m not a gnome user as of yet, but I can tell you that the day is
> > coming (Gnome 3.8 I believe) when gnome will not work without PA, so you
> > will have to install it if you want newer Gnome.
> > 
> > William
> > 
> 
> That's true, gnome3.8 will require you to install pulseaudio-2
> 

Are you sure, I know there have been a couple of times in the past
where Gnome has leaned towards Linux only but they have always steered
clear eventually. I know of one guy who runs a network of hundreds of
Gnome/OpenBSD machines that may wish to know about that as I think he
is already getting fed up with the increasing amount of code he has to
write in order to keep the port working.


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] How reliable is ext3?

2013-04-25 Thread Kevin Chadwick
> Therefore Ext2 is a perfect match:
> * it is so old, that I guess by now most bugs have been found and 
> squashed;
> * it is so old, that virtually any Linux (or Windows, FreeBSD, or
> most other knows OS's) are able to at least read it;
> * it is so old, that by now I bet there are countless recovery tools;
> * it is so simple (compared with others), that someone could just
> re-implement a reader for it, or recovery tools;
> 
> Any feedback about the Ext2 for backups? (Hope I'm not wrong on this 
> one...)

Unexpectedly ext4 is actually rather good for embedded when compared to
JFS etc..

However I have been considering using ext2 on my home partitions
for the very reason you guess upon (it is easily recoverable by
testdisk rather than carving out inodes, in fact ext4 was known to have
this issue but traded it for other benefits when it was designed). I
will have to look into the performance differences but thinking about
it now as my IO is usually net or usb then I can't see it being
relevant.


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Re: [Bulk] Re: Removing pulseaudio

2013-04-21 Thread Kevin Chadwick
> >
> > Just throwing out there that users can or atleast could use alsa
> > plugs to have multiple applications. I did that before pulseaudio
> > came along to play nfs carbon under cedega and listen to music.  
> 
> It should be noted that ALSA users can have multiple applications by
> doing absolutely nothing other than using ALSA and using the
> applications they want to use.

So are you saying plugs are no longer required or that they are only
needed for certain apps that take over the audio device.


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Re: Removing pulseaudio

2013-04-19 Thread Kevin Chadwick
> > I suggested he use Gentoo but I think he saw it as too much work.  
> 
> (comment for me?)
> All I use is gentoo or embedded (state machines) on embeddded hardware. My
> target is jack on embedded gentoo, but, I've run into resource limitations,
> so I'm waiting on my new Arm15 dev board in May.

> > > > Feel free to remove PA if you don't need it. I really don't see any
> > > > scope for Lennart to make all of alsa redundant anytime soon (unlike
> > > > udev...)  

>>> Of course from many threads from a pro audio user called Ralf, Gentoo
>>> users and so a fraction of Linux users are the only ones lucky enough
>>> to be able to do that *easily* whilst keeping packages they want,
>>> especially Gnome ones!

Ralf, Sorry. I should be more careful in what I write but I am in the
middle of a few things.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Re: Removing pulseaudio

2013-04-19 Thread Kevin Chadwick
> Another question. Can the installation of PulseAudio and Jack
> coexist? Doable or a constant nightmare?

There seems to be a a package to allow pulse to utilise jack. However
if you are using jack for the high quality audio benefit then
apparently you have to kill pulseaudio even if it means making a dummy
package on binary distros to fool the system into thinking it is
installed and so not removing lots.

I suggested he use Gentoo but I think he saw it as too much work.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Removing pulseaudio

2013-04-19 Thread Kevin Chadwick
> Feel free to remove PA if you don't need it. I really don't see any
> scope for Lennart to make all of alsa redundant anytime soon (unlike
> udev...)

Of course from many threads from a pro audio user called Ralf, Gentoo
users and so a fraction of Linux users are the only ones lucky enough
to be able to do that *easily* whilst keeping packages they want,
especially Gnome ones!

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] Removing pulseaudio

2013-04-18 Thread Kevin Chadwick
> >> I don't use wine. For a lot of good reasons.
> >>  
> > Name one.
> >  
> fat, slow and buggy. Do you need more? If I really had an application
> that I must use and is windows only - I would install windows. That
> is a lot quicker and less painful than that wine crapfest shitting
> all over the place.

I agree with a lot of good reasons primarily around security but I have
to say I don't agree with this.

Wine is far faster that Virtualbox or rebooting.

Take adding bookmarks to pdfs which I sorted out yesterday. Install
foxit on windows copy the directory to wine (install failed for me) and
bang, sorted.

Perhaps the latest poppler and okular can do bookmarks properly now?
but there are other commercial apps required thankfully falling one by
one.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] Removing pulseaudio

2013-04-18 Thread Kevin Chadwick
> > ...
> > (i) It's a "sound server", a description I don't understand.  What
> > does it _do_?  Why do I want it?  It seems to be an unnecessary
> > layer of fat between sound applications and the kernel.  
> 
> If you don't understand the term "sound server" you probably
> shouldn't be using Gentoo. 
> 
> When I'm watching a YouTube video I still want to hear my email
> client go bing or my chat program alert me of my buddy coming online. 
> 
> That's not possible if my web-browser has a hard-wired path into my
> soundcard and ain't letting go.

Just throwing out there that users can or atleast could use alsa plugs
to have multiple applications. I did that before pulseaudio came along
to play nfs carbon under cedega and listen to music.

Also I have never got around to looking into Jackd but isn't it meant
to be by far the best. I know pro audio users use it and I have heard it
is not the easiest to set up but is there any reason why it isn't the
default setup.

http://en.gentoo-wiki.com/wiki/JACK

From a quick look at this jack can hook up multiple applications that
seem to need to be set up individually. What's the scope for Jack

a./ replacing pulseaudio

b./ having a compat interface layer to make pulseaudio compatible apps
talk to jack

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] [way OT but interesting] Massive recent DDOS attack

2013-04-03 Thread Kevin Chadwick
On Wed, 03 Apr 2013 03:33:17 +0200
Volker Armin Hemmann  wrote:


> But somebody had to blow it up. And even more people jumped on it.
> Boohoo.

> So the next time you start insulting people, base your findings on
> more than a blog written by those guys who have an economical
> interest to blow the whole mess out of proportion.

> Of course, those responsible - all those guys with unpatched boxes
> whose little zombies took part in this attack, need a good kicking.
> But that is no excuse for spamming mailing lists with something the
> media already abused to no end.

Yeah because it is all their fault. You know the cleaner down the road
and not Microsoft (linux is beginning to follow a similar road awayfrom
it's secure fs based and modular approach with polkit), Adobe or the
IETF who though warned turned 3gbit/s into 300gbit/s.

Hmmm, imagine a worm red now and with ntp so prevalent too.

Blown out of proportion, really?, maybe this particular instance? I can
understand the list spam argument though.



Re: [Bulk] [gentoo-user] Re: Udev update and persistent net rules changes

2013-04-01 Thread Kevin Chadwick
On Mon, 1 Apr 2013 14:12:17 +0100
Neil Bothwick  wrote:

> > I still don't understand what's so bad with MAC-based
> > identification? I mean, uniqueness defined through MAC Address
> > identity, the system name is just a label...  
> 
> MAC addresses are not human-friendly. It would be OK if you could set
> up aliases, so your firewall rules could use enaabbccddeeff while you
> could still type eth0.

It used to be dead easy to link the MAC to the device type and number
from dmesg without looking up the MAC to Manufacturer codes. A lot of
useful information seems to have been removed from the linux dmesg?
atleast on 3.2 kernels.



Re: [Bulk] [gentoo-user] Re: Udev update and persistent net rules changes

2013-03-31 Thread Kevin Chadwick
On Sun, 31 Mar 2013 20:55:00 +0100
Neil Bothwick  wrote:

> What about USB network adaptors? A user may not even realise they
> plugged it into a different USB slot from last time, yet the device
> name changes.

Fair point but wouldn't that be only if you plug in two of the same
type that the names may switch? In which case there are various ways of
solving the problem and name assignment may be handy in some cases,
though I still think it would be good to have a man page linked to
that name.



Re: [Bulk] [gentoo-user] Re: Udev update and persistent net rules changes

2013-03-31 Thread Kevin Chadwick
On Sun, 31 Mar 2013 11:48:19 + (UTC)
"Nuno J. Silva (aka njsg)"  wrote:

> instead of pushing a completely
> different (and possibly less reliable) naming scheme by default.

Whilst I wouldn't want them changing on me (though if your physically
changing the pci slot then you should be able to handle the number
change). I find the OpenBSD method of different names like fxp0 useful
because it means you can look up the manpage for that card type which
as long as the documentation is good is very useful.



Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack

2013-03-30 Thread Kevin Chadwick
On Sat, 30 Mar 2013 15:53:29 +0100
Rene Rasmussen  wrote:

> There is also the possibility to use opendns.com
> I've been using them for years, and have not had any trouble. I
> started using them when my ISP decided to block some sites. And their
> standard service is free :)

They also support dnscurve but I thought that in the case of non
existing domain lookups they do show adverts? I don't see just that as
a huge problem as long as they are not targetted though?



Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack

2013-03-30 Thread Kevin Chadwick
On Sat, 30 Mar 2013 13:06:16 +0100
Norman Rieß  wrote:

>  As we all know everything works better and cheaper when things are
> privatized

Actually No it's not so simple at all.

You get incompetence in private and public and you may be more likely
to get away with it for longer in a public service than in a market with
competition but there are many examples where things simply get worse.

In the UK, water companies were privatisied and fat cats made lots of
money letting the pipes deteriorate for future generations.

British Telecom, well that's a mixed bag but it is certainly a
tiny shadow of it's original self.

We know ideals and theory hardly ever work but theoretically public
should be much better when well managed.

I wonder if ISPS wouldn't be handling things like TalkTalks
Homesafe in such a stupid manner (across the board is where it is
stupid, even for non users of the service) where they redirect all the
http traffic through an undoubtedly insecure layer 7 handling huawei
device with less commercial pressures or analysing bandwidth at layer
7 when they should be doing so more safely and completely at layers 3
and 4 leading me to believe they are not just thinking about bandwidth
usage. Why does it matter if you download 1000Gb via torrents or http.
ACKs can be managed in any case.

I'm glad open source is beginning to make strides into public services
as it should help put an end to expensive interoperability issues (if
we stay away from non posix things like systemd, though even then
shouldn't be too bad ;-)).



Re: [gentoo-user] How to prevent a dns amplification attack

2013-03-28 Thread Kevin Chadwick
On Thu, 28 Mar 2013 17:04:25 -0400
Michael Mol  wrote:

> >   
> >> listened to the dangers and even now simply redesigned DNSSEC.  
> > 
> > Or they could fudge it by making every request requiring padding
> > larger than the response. Bandwidth would increase astronomically
> > but amp attacks would have to find other avenues.
> >   
> 
> Infeasible; the requester cannot know the size of the response in
> advance. If a packet comes in, and the response is larger than the
> request, is it really an amp packet, did the client not know, or is
> the server misconfigured and not limiting the response data as much
> as it could?

I'm certainly not saying it's a good idea, hence the 'fudge' and 'making
every request' which would mean non updateable clients or non updated
routers (90%) needing special treatment. I'm sure there are probably
other hurdles to it but it is certainly possible to make a request much
larger than any potential response similar to the anti-spam system
that makes creating a message take a lot of cpu and then only accepting
messages from those that do (hsomething I think, only works too if all
take part but would eliminate spam almost completely).

However thinking about it, considering the want for dns to provide
larger things like encryption keys, huge requests may be the best long
term solution for a DNSSEC which seemingly refuses out of pride to add
something like DNSCURVE to prevent spoofing. Similar to firewalls only
sending a single syn ack (less than or equalise)



Re: [gentoo-user] How to prevent a dns amplification attack

2013-03-28 Thread Kevin Chadwick

> listened to the dangers and even now simply redesigned DNSSEC.

Or they could fudge it by making every request requiring padding larger
than the response. Bandwidth would increase astronomically but amp
attacks would have to find other avenues.



Re: [gentoo-user] How to prevent a dns amplification attack

2013-03-28 Thread Kevin Chadwick
On Thu, 28 Mar 2013 16:12:04 +0100
Volker Armin Hemmann  wrote:

> > Hello,
> >
> > i am using pdns recursor to provide a dns server which should be
> > usable for everybody.The problem is, that the server seems to be
> > used in dns amplification attacks.
> > I googled around on how to prevent this but did not really find
> > something usefull.
> >
> > Does anyone got an idea about this?

I haven't looked into it but.

You could perhaps reduce the amplification by looking for trends that
maximise response sizes such as the 100x amp against spamhaus of late,
but you would be fighting against the wind and only buying time.

Rate limiting may work but bear in mind that so many servers could be
used that attacks maybe ongoing and you wouldn't notice, again you may
be able to make attackers need to be subtler or go to more effort like
for spam but you are not going to eradicate it.

Really you would need some sort of network of dns servers communicating
about who they are hurting as thankfully there is often a single
victim, but really it would be better if the IETF had listened to the
dangers and even now simply redesigned DNSSEC.

As for tcp I used to have all my OpenBSD clients resolvers using the tcp
option in resolv.conf but I haven't noticed another OS's resolver with
that option. There are decent protections against syn floods but I
assume you are wanting random clients to connect.



Re: [gentoo-user] Best whois client?

2013-03-27 Thread Kevin Brandstatter
from eix, it says that jwhois can do "recursive queries"
whatever that means.

-Kevin

On 03/27/2013 06:37 PM, Michael Orlitzky wrote:
> On 03/27/2013 06:08 AM, Mick wrote:
>
> > Like Stroller I've been using net-misc/whois for ever and it does
> > what I want, but don't know what the other packages may be able to
> > do/do better.  I would also be interested to find out why people
> > prefer using these.
>
>
> They're all identical. The whois protocol is stupid simple; here's the
> entire spec from the RFC:
>
>2.  Protocol Specification
>
>A WHOIS server listens on TCP port 43 for requests from WHOIS
>clients.  The WHOIS client makes a text request to the WHOIS server,
>then the WHOIS server replies with text content.  All requests are
>terminated with ASCII CR and then ASCII LF.  The response might
>contain more than one line of text, so the presence of ASCII CR or
>ASCII LF characters does not indicate the end of the response.  The
>WHOIS server closes its connection as soon as the output is finished.
>The closed TCP connection is the indication to the client that the
>response has been received.
>
> Different data are located in different places, though. So if you're
> looking up an IP address, you'll want one server. If you're looking up
> an AS number, you'll want another. All the client does is run
> heuristics to figure out who (and how) to query. Then it dumps it to a
> terminal.
>
> In short, there are a lot of whois clients for the same reason there
> are a lot of telnet clients: it's something you can sit down and write
> in a weekend.
>
> Personally, I tried jwhois at first, but couldn't remember to type the
> 'j'. So now I use non-j whois.
>
>




signature.asc
Description: OpenPGP digital signature


Re: [Bulk] Re: [gentoo-user] Re: udev blocks systemd etc

2013-03-27 Thread Kevin Chadwick
> On 27/03/13 at 11:27am, »Q« wrote:
> > Eventually, as I understand it, GNOME and KDE will require systemd
> > because they want full control of they system.  For people not using
> > GNOME or KDE, other init systems will still be possible, with either
> > udev or a udev alternative.  I have no idea how far away "eventually"
> > will be.  
> 
> GNOME maybe/probably, but regarding KDE what makes you say this ? 
> I don't recall reading anything about this (this one comes to mind but
> its got nothing to do with systemd [1]. The author explains in the
> comments why he chose not to use systemd). KDE always prides itself in 
> being cross platform forcing systemd would be terribly detrimental. 
> 
> [1] http://dantti.wordpress.com/2013/02/27/1-2-3-plasma/

Actually it came up not too long ago that a commit was making Gnome
Linux only and I believe it was decided not to be the way to Go.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] udev blocks systemd etc

2013-03-27 Thread Kevin Chadwick
> From a technical point of view (the quality of the code and the time
> it takes to fix bugs), I believe everyone (even Lennart's most fervent
> detractors) will agree that systemd is a superb piece of software. The
> problem is the philosophy behind it; if you agree with said
> philosophy, systemd is great. Otherwise, is a new fangled beast which
> goes against everything that UNIX stands for (whatever that means), "a
> solution for a problem no one has", and "fixing something that wasn't
> broken".
> 

I won't start this up again, there is lots of info out there. LWN
and this lists archives maybe reasonable for some for and against
arguments. This post is as bad as Lennarts myth busting post which
avoided all the real issues and skirted around the ones he did mention.

The real drive behind systemd is enterprise cloud type computing for
Red Hat. The rest is snake oil and much of the features already exist
without systemd. With more snake oil of promises of faster boot up on a
portion of the code which is already fast and gains you maybe two
seconds.

> 3. "is openrc just a dead project is that why?"
> 

Not even close, systemd is one of the least used init systems. The
question you should ask yourself is why would anyone talk about the fact
they are using OpenRC. Having said that I do hate all the symlinking
rubbish many linux (not OpenRC) uses but would bear it over systemds
technical flaws.

So there you have it complete contradictions which mean you should make
up your own mind, even if it is easier for the more advanced arguments
against it to be overlooked.

> Is not dead; it has new releases and stuff. Just not many features are
> implemented to it, and it has some pretty awkward bugs, some of them
> years old, like not being able to start services in parallel.
> 

There is arguably more weight to the argument of an init system that
does parallel starting being a bug.

What do you gain, speed? and complexity, what do you lose reliability
and predictability.

If you cause disk churn it *may* even be slower too such as windows
tools that stage autostarts.

Do one thing and do it well and you are more likely to make it into
every Unix-like OS for good not so obvious reasons.

I hope this doesn't start into another discusssion just know that there
are many arguments badly represented by Canek to research if you want
your answer.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] [gentoo-user] Re: [Bulk] Re: Back to openrc from systemd

2013-03-23 Thread Kevin Chadwick
On Sat, 23 Mar 2013 14:54:23 +0200
 (Nuno Silva) wrote:

> > A good overview though I don't agree with "If you don't 'need'"
> >
> > Did your desktop really fail to run at all?  
> 
> I don't need any of this u* or other things for my desktop computer to
> work. Maybe this is related to the fact that I don't run a desktop
> environment, even if I use linux for desktop computing and run X.

I'd be interested in what happens if all the consolekit and logind
files are removed. Perhaps the reverse, systemd breaking and
Openrc working?



Re: [Bulk] [gentoo-user] Re: Back to openrc from systemd

2013-03-22 Thread Kevin Chadwick
> > If you don't need user session monitoring for anything (which is what
> > ConsoleKit and logind provides), nor interactive privilege granting
> > (which is what polkit provides), then I believe you will have no  
> 
> Thanks. Now *that* is what I call explaining something in a nutshell :-)
> 
> > problems switching OpenRC and systemd withouth needing to recompile
> > anything. However, that means no upower and no udisks at least; GNOME
> > cannot run without any of those. XFCE needs them if the udev USE flag
> > is enabled, which is enabled by default in Gentoo desktop profiles,
> > and in KDE the three of them are optional dependencies turned on by
> > default. You can turn them of in XFCE and KDE, but you kinda lose
> > functionality without them.  
> 
> I do indeed remember having to fight the KDE use flags so that I could
> pull kdelibs without pulling the whole set of u* things someone decided
> that were required for a desktop environment (the fun thing being that I
> wasn't even using KDE as a DE).
> 
> But I hope you don't mean the GNOME *libs* will be requiring
> logind/Consolekit/... in the near future? That would cause me some
> trouble, as I rely on evince a lot.

A good overview though I don't agree with "If you don't 'need'"

Did your desktop really fail to run at all?

Why are dependencies suddenly getting a lot worse (ignoring konquerorFM
without kde) when for so long dependencies were understood to be a big
problem that must be fixed. It can only be bad design if a desktop does
not work at all because < 1% of the functionality is missing and may
well have been replaced in every case above by alternative and in some
cases superior (permissions) that may override others (sessions you
don't use), choices of functionality.

Is it really a freedesktop when almost all the rest are free-er?

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] [OT] Time-lock USB stick

2013-03-21 Thread Kevin Chadwick
> We discussed using a simple RC timer to cut power to the device after a
> certain amount of uptime, but if I pointed out that if we were spend the
> time going to that trouble, we may as well go whole-hog and add built-in
> encryption and make money off the thing.
> 
> I think the grab-data-and-eject solution is probably the best for our
> purposes.

What about wiping the key.

I would investigate if a hdparm reset negates that security.

A long shot that all systems especially likely small ones will have
floppies (though there may be a usb one) but using a floppy eject would
certainly be one way (ignoring any buffers) as it is 100% mechanical
on the enable direction.

However why not just use a usb with perms set to root. If an attacker
can get root which should be the biggest barrier and you are not worried
about physical access then even SELINUX/RBAC may not save you.


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )

2013-03-19 Thread Kevin Chadwick
> Either you ignored what I said about being able to disable loading
> remote content and being able to disable showing inline rich content, or
> you're seriously concerned about HTML parser vulnerabilities.

You can't disable incoming rich content (which is the important one)
like jpg logos on Android and which was the whole point. Considering
most phones run Gingerbread it should be noted that this practice is
actually rather dangerous.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )

2013-03-19 Thread Kevin Chadwick
> If you're going to call me out for ignoring things, missing things or
> simply not  knowing things, please highlight what it is. "the quote"
> isn't very enlightening in this context. You have a nasty habit of
> referencing things without inlining them or referencing them directly,
> and this has gotten in the way of clear communication *multiple* times
> over the last week.
> 
> > I only wrote two lines and you still missed it  
> 
> I respond to what's written in the email I'm replying to, because that's
> what I've just read, and that's the context of the email.
> 
> > never mind the examples I had given in my original mail that do not
> > only apply to remote content and that you wrongly interpreted.  
> 
> Honestly, I never expected you to be up in arms over being exposed to
> HTML syntax.
> 
> I presumed you were concerned about libpng, libjpeg, swf and gif.

As I clearly said both, but actually less so html. You seem to be under
the impression Androids mail clients let you avoid all that but they do
not. Talk about hitting your head against a brick wall.

> I
> presumed you were concerned about privacy concerns. Those are what most
> people who gripe about HTML email security are concerned with.

That would be to do with scripts and remote content.

Remote content Is as you have said almost always switchable and so was
not a concern/thought of mine but yes, what people shout about. Scripts,
well with Googles love of javascript (for obvious tracking reasons) I
wouldn't be too surprised if that is enabled without recourse on
android email.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )

2013-03-18 Thread Kevin Chadwick
On Mon, 18 Mar 2013 23:38:11 +
Neil Bothwick  wrote:

> > > K9 Mail can do both plain text and bottom posting.
> > > Both set in Account settings/Sending mail.
> > 
> > It can write but forces html onto users, which potentially includes
> > jpg exploits, png exploits, html exploits, script exploits, font
> > exploits...  
> 
> What are you talking about? K9 forces HTML on no one, it sends plain
> text if you set it to do so.
> 

If you receive a html email you have no choice but to execute code to
handle as per my above examples.

> > Having knocked Android, I haven't found the time to try the latest
> > native email app. I'm not expecting a no html option but I'm pretty
> > sure it will have some major pluses over k9mail, which was a trade
> > of good for bad on Gingerbread.  
> 
> K9 is not Android, any more than yourfavouriteemailer is Linux. It is
> a program that runs on Android. As for being less capable than the
> native app, the opposite is the case as it is based on the code from
> the native app, but actively developed.

Googles mail is part of android and they do maintain it. I maintain
that while k9 has some improvements it also breaks things and I guess
would have not seen light without Googles initial efforts.



Re: [gentoo-user] Re: Gentoo speed comparison to other distros

2013-03-18 Thread Kevin Chadwick
On Mon, 18 Mar 2013 19:28:04 -0400
Michael Mol  wrote:

> > 
> > Even though it is from a DVD it can be updated just like standard
> > linux. The problem is, if you run out of ram then things get killed.
> > 
> >   
> >> (Frankly, this sounds quite nice for kiosk environments.)  
> > 
> > Could be if you have a good enough network connection for Linux
> > kernel updates or cut it right down ;-)  
> 
> Local gigabit is cheap, and a gigabit connection would transfer the
> image in under a minute. A bit more, of course, if you've got an
> overloaded server being slammed by ten or twenty machines.
> 
> (I wonder if one can anycast TFTP on a local segment. Hm. I think you
> could just barely pull it off, since you'd have resolved the layer 2
> address for your syn packet, and that should stick with the
> connection.)

Kiosks are notorious for having difficulty in getting to connections
as there place is determined by other factors. Still it may make a good
choice of OS except for reboot time.



Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )

2013-03-18 Thread Kevin Chadwick
On Mon, 18 Mar 2013 19:16:52 -0400
Michael Mol  wrote:

> > 
> > On 03/18/2013 04:38 PM, Kevin Chadwick wrote:  
> >>> It can write but forces html onto users,  
> > 
> > You seem to miss some of the details.  
> 
> About that. See the attachment. It's a screenshot of the setting in
> K-9 where you can select composition methods. I took the screenshot
> on my own phone. (And then ran it through pngcrush -brute in
> deference to ML bandwidth...)

I knew that perfectly well??

You even missed the quote? I only wrote two lines and you still
missed it never mind the examples I had given in my original mail that
do not only apply to remote content and that you wrongly interpreted.

There is a security saying.

Assumption is the mother of all f



Re: [gentoo-user] Re: Gentoo speed comparison to other distros

2013-03-18 Thread Kevin Chadwick
> > 
> > It's one of Blueness projects based on Hardened Gentoo. It loads into
> > ram at boot (you need something like 4 gig of ram) which takes ages
> > from dvd but could be from an ssd/hdd (defeating half the point
> > without a ro switch though). It can update from the net once booted too.
> > 
> > Once done everythings in ram so firefox can literally pop up like a
> > web advert upon execution.
> >   
> 
> In other words, it's a distribution designed to not allow persistent
> storage that might possibly be poisoned,

Not really, that is one benefit, but don't forget that BIOS, HDD
or Video card firmware could have been altered.

The main goals are reliability and leave no trace elements but it does
have some added tamper ensurance yes.

I didn't spell it out because you should check the site to see all the
details and would be bound to get it a little wrong without checking
myself.

> and instead get much of its
> security-conscious code updated over the network.
> 

Security conscious code??? What do you mean? That says to me things
like PAX brute force protection??

Even though it is from a DVD it can be updated just like standard linux.
The problem is, if you run out of ram then things get killed.


> (Frankly, this sounds quite nice for kiosk environments.)

Could be if you have a good enough network connection for Linux kernel
updates or cut it right down ;-)

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )

2013-03-18 Thread Kevin Chadwick
> I don't know what mail client you use (I suppose I could check your
> headers), but *every* mail client I've used disables loading remote
> content by default.
>

Except the content within the message. Why do you assume I am talking
about remote content.

> Further, you're ranting about users being "forced" to send email with
> HTML, intimating that this means they'll send exploit-laden messages to
> their recipients.

I am not.

On 03/18/2013 04:38 PM, Kevin Chadwick wrote:
>> It can write but forces html onto users,

You seem to miss some of the details. I'll find time to respond on ipv6
too at some point ;-)

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )

2013-03-18 Thread Kevin Chadwick
> > Wait, K9 Mail doesn't have a plain text option?
> >
> > Perhaps I shouldn't be surprised, as I am also unable to comprehend why K9 
> > might enforce top-posting on replies.  
> 
> K9 Mail can do both plain text and bottom posting.
> Both set in Account settings/Sending mail.

It can write but forces html onto users, which potentially includes jpg
exploits, png exploits, html exploits, script exploits, font exploits...

And before you say anything. For what benefit, annoying ads from
paypal. I am quite capable of opening a browser and deciding which
domains *I* trust??

Google's network fell into this trap and banned Windows, but did they
fix the real problem or just raise the bar a little (though I expect
they took other unreleased measures that would be more interesting)?

Would be even worse on Iphones where webkit is forced and so as old as
the rom image. Rom cycle time is a major reason why even on cyanogenmod
I use firefox over the chrome package which is ancient.

Of course on Apple laptops even, Safari's webkit is sometimes months old
anywhow.

Having knocked Android, I haven't found the time to try the latest
native email app. I'm not expecting a no html option but I'm pretty
sure it will have some major pluses over k9mail, which was a trade of
good for bad on Gingerbread.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Re: Gentoo speed comparison to other distros

2013-03-18 Thread Kevin Chadwick
> On 15 March 2013, at 17:32, Kevin Chadwick wrote:
> > 
> > If you use the Gentoo hardened Tinfoil Linux you will need lots of ram
> > and wait ages to boot but firefox will just pop up.  
> 
> I'm sorry, I don't understand this statement. Could you possibly explain, 
> please?

It's one of Blueness projects based on Hardened Gentoo. It loads into
ram at boot (you need something like 4 gig of ram) which takes ages
from dvd but could be from an ssd/hdd (defeating half the point
without a ro switch though). It can update from the net once booted too.

Once done everythings in ram so firefox can literally pop up like a
web advert upon execution.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] Re: HTML editor WYSIWYG

2013-03-18 Thread Kevin Chadwick
> sublimetext is nice, not OSS though

Netbeans is quite useful for html5. Also chrome and firefox have good
developer options so you can try changes and see them without a refresh.
When I load my pages in a browser they are fine but in every WYSIWYG
editor I have tried they are desimated to unreadable, though I do
do width scaling without javascript ;-).

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] Can I chroot to a folder?

2013-03-18 Thread Kevin Chadwick
> > Is that partition mounted with "noexec" option? or "user" option
> > without explicit "exec" option?
> >  
> 
> problem solved :)

You know you can bind mount just the directories you want with exec but
as interpreters don't check this mount option, it's not as effective as
it could be ;-(

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )

2013-03-15 Thread Kevin Chadwick
> >
> > From the headers of his email:
> >
> > Subject: Re: [gentoo-user] Gentoo speed comparison to other distros
> > References: <51418728.7020...@gmail.com>
> > In-Reply-To: <51418728.7020...@gmail.com>
> > Content-Type: text/html; charset=ISO-8859-1
> > Content-Transfer-Encoding: 7bit
> >
> > It's perfectly compliant. You may want to correct your mail client to
> > understand HTML.
> >
> > (Admittedly, it's unusual to see email clients send *only* text/html,
> > rather than a multipart message with two different encodings.)
> >  
> 
> ROFL. It's called "me wrestling with thunderbird to try to remove html
> formatting but failing".

Compulsory html annoys me on Android (If only you could have proper
programs like Nokias N9 had claws)

Claws would mean you needn't bother and still have html to text by
default and can even enable html plugins if desired (right way around).


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] [gentoo-user] Re: Gentoo speed comparison to other distros

2013-03-15 Thread Kevin Chadwick
> > I didn't miss anything.  I get what some are saying.  The reason for my
> > question is this.  Gentoo allows a person to customize the OS to the
> > specific hardware it is being run on.  Redhat and other binary distros
> > don't allow this, unless you compile your own packages which is no
> > longer really a binary install. 
> >
> > So, if I install Redhat on my machine, would it be less efficient than
> > my Gentoo install which is customized for my hardware?  Has someone else
> > tested this and made it public? 
> >
> > If people can't get this, never mind.   
> 
> I have not tested this nor seen data on this, but I'd look for
> comparisons on the efficiency and gains from gcc optimizations. These
> would be what benefits source-based distros on a specific system
> compared to binary distros, and a benchmark made with gcc will be
> simpler and easier to deal with than an os-wide benchmark.

Or the real difference maker, designing the program itself to be faster
or using a really fast storage device bearing in mind any draw backs
like storage space.

If you use hardened Gentoo or OpenBSD or a PAE gentoo like Sabayon it
may be slightly slower but more secure but you won't notice any
difference when waiting for firefox to open until the second time.

If you use the Gentoo hardened Tinfoil Linux you will need lots of ram
and wait ages to boot but firefox will just pop up.

Compiling speed, well I would just get better hardware or do
distributed compiles as otherwise chances are your taking risks
especially if you don't test and understand exactly what you are
changing very well bearing in mind that with compilers everything may
work fine 97% instead of 99% of the time.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-12 Thread Kevin Chadwick
On Tue, 12 Mar 2013 13:29:38 +0200
Alan McKinnon  wrote:

> >> We should be pounding away on the fact that we're running out of
> >> IP   
> >> > addresses... period... end of story.  If people ask about NAT,
> >> > then mention that the undersupply will be so bad that even NAT
> >> > won't help.  
> > In my presentations, I've stopped bothering to wait for people to
> > ask about NAT, because it starts off in their minds from nearly the
> > beginning--and until they get that question answered, most of what
> > I say washes past them as ancillary and not as important as the
> > question pressing on their minds.
> >   
> 
> In one short paragraph you said exactly what I was trying to say in 4
> mails (and still didn't succeed)

You know I agree except the only people that brought NAT up and
got fixated on it were those that were advocating ipv6!?!?



Re: [Bulk] Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-11 Thread Kevin Chadwick
> >> NAT behind a home router is bad, too. For IPv4, it's only necessary
> >> because there aren't enough IPv4 addresses to let everyone have a unique
> >> one.  
> > 
> >   The best real reason for moving to IPV6 is address space (or lack
> > thereof, in the case of IPV4).  The people who are truly interested in
> > speeding up IPV6 adoption should do their best to shut up the internet
> > hippies who constantly rant and rave about how "NAT is evil".  Don't let
> > the cause get distracted by that unrelated issue.  Focus on the core
> > issue.
> >

I completely agree divide and conquer tactics.

> 
> You are being over-simplistic.
> 
> Lack of IPv4 address space *caused* NAT to happen, the two are
> inextricably intertwined. Even worse, people now have NAT conflated with
> all sorts of other things. Like for example NAT and security.
> 

NAT was around way earlier and may I state again also that I have
externally facing servers and games machines behind NAT.

So are you saying that you think it is good for every machine to be in
a DMZ, few chosen ones yes. I disagree completely as I do with the
usefullness of push-email.

> NAT is the context of an IPv6 discussion is *very* relevant, it's one of
> the points you have to raise to illustrate what bits inside people's
> heads needs to be identified and changed.
> 
> Until you change the content of people's heads, IPv6 is just not going
> to happen.

NAT has more uses than those two, NAT type of functionality is
apparently desired by some ipv6 networks to allow easier ISP
migration.

It's true NAT distracts from the bad points of ipv6 and which is the
only part irrelevent for ipv4 modded to work with a larger address space
(ipv5).

I wonder if this is an example of how these technologies can get so
convoluted?

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-11 Thread Kevin Chadwick
> No, there was simply no useful result that came up. Incidentally, both
> links you provide *did* come up...but I dismissed them because I
> couldn't imagine anyone using them as a reference except in trying to
> deride Henning Brauer.
> 
> > 
> > http://marc.info/?l=openbsd-misc&m=129666298029771&w=2  
> 
> He goes from advocating NAT444 to a spew of pejoratives about something.
> NAT444 is one of the nastiest, user-disempowering things to hit the
> Internet to date. The rest of this email is him bitching about having to
> parse CIDR notation.
> 

How disengenuous. He certainly doesn't. Did you miss the sarcasm. The
only reason he advocates is because others using it allow him to keep
running ipv4 pure networks.

After that I'm sure you can forgive me if I note him to have absolutely
no reason to be biased and give him a bit more credit and take his
experience of writing one of the best and widely used interrupt driven
firewalls and so code to deal with ipv6, helping get the netqmail patch
sorted and runs his own decent sized network over yours who I am sure
is genuine but could well be partial to ipv6 because as you say you
teach setting up ipv6 networks.

   http://marc.info/?l=openbsd-misc&m=124536321827774&w=2

> > 
> > http://marc.info/?l=openbsd-misc&m=135325826302392&w=2
> >   
> 
> This email has absolutely no technical content whatsoever.

Did you not follow the threads?

I couldn't find the juicier threads about client troubles due to added
complexity but here's some relevent ones and many by very competent
devs. (and if I'm honest who tend to shadow every other list I've come
across so far as long as you are not timid and can take a hit, though
Gentoo is up there).

  http://marc.info/?l=openbsd-misc&m=128822984018595&w=2
  http://marc.info/?l=openbsd-misc&m=135325736302228&w=2
  http://marc.info/?l=openbsd-misc&m=128825496411711&w=2
  http://marc.info/?l=openbsd-misc&m=129665675320651&w=2
  http://marc.info/?l=openbsd-misc&m=135111069427240&w=2
  http://marc.info/?l=openbsd-misc&m=135110983026959&w=2
  http://marc.info/?l=openbsd-misc&m=135110833526455&w=2
  http://marc.info/?l=openbsd-misc&m=135110805826344&w=2
  http://marc.info/?l=openbsd-misc&m=135110703125929&w=2
  http://marc.info/?l=openbsd-misc&m=135110533625263&w=2
  http://marc.info/?l=openbsd-misc&m=124537193506202&w=2


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-11 Thread Kevin Chadwick
> On 03/09/2013 07:53 AM, Kevin Chadwick wrote:
> >> "There is no reason to believe that IPv6 will result in an 
> >> increased use of IPsec."
> >> 
> >> Bull. The biggest barrier to IPsec use has been NAT! If an 
> >> intermediate router has to rewrite the packet to change the 
> >> apparent source and/or destination addresses, then the 
> >> cryptographic signature will show it, and the packet will be 
> >> correctly identified as having been tampered with!
> >> 

http://marc.info/?l=openbsd-misc&m=135325641430178&w=2

> > 
> > It's hardly difficult to get around that now is it.
> 
> Sure, you can use an IP-in-IP tunnel...but that's retarded. IPSec was
> designed from the beginning to allow you to do things like sign your IP
> header and encrypt everything else (meaning your UDP, TCP, SCTP or what
> have you).
> 
> Setting up a tunnel just so your IP header can be signed wastes another
> 40 bytes for every non-fragmented packet. Ask someone trying to use data
> in a cellular context how valuable that 40 bytes can be.
> 
> > You are wrong the biggest barrier is that it is not desirable to do 
> > this as there are many reasons for firewalls to inspect incoming 
> > packets. I don't agree with things like central virus scanning 
> > especially by damn ISPs using crappy Huawei hardware, deep inspection
> > traffic shaping rather than pure bandwidth usage tracking or active
> > IDS myself but I do agree with scrubbing packets.
> 
> It's not the transit network's job to scrub packets. Do your scrubbing
> at the VPN endpoint, where the IPSec packets are unwrapped.
> 
> Trusting the transit network to scrub packets is antithetical to the
> idea of using security measures to avoid MITM and traffic sniffing
> attacks in the first place!
> 

I never said it was. I was more thinking of IPSEC relaying which would
be analogous to a VPN end point but without losing the end-end, neither
are desirable, NAT has little to do with the lack of IPSEC deployment.

What do you gain considering the increased resources, pointlessly
increasing chances of cryptanalysis and pointlessly increasing the
chances of exploitation due to the fact that the more complex IPSEC
itself can have bugs like Openssl does, not to mention amplifying DDOS
without the attacker doing anything, which is the biggest and more of a
threat than ever, or are you going to stop using the internet. When
ipv4 can utilise encryption without limitations including IPSEC but more
appropriately like ssh just fine when needed you see it is simply not
desirable and a panacea that will not happen. You are simply in a
bubble as the IETF were.

> > 
> >> With IPsec, NAT is unnecessary. (You can still use it if you need 
> >> it...but please try to avoid it!)
> >> 
> > 
> > Actually it is no problem at all and is far better than some of the 
> > rubbish ipv6 encourages client apps to do. (See the links I sent in 
> > the other mail)
> 
> Please read the links before you send them, and make specific references
> to the content you want people to look at. I've read and responded to
> the links you've offered (which were links to archived messages on
> mailing lists, and the messages were opinion pieces with little (if any)
> technical material.)
> 


> > 
> >> Re "DNS support for IPv6"
> >> 
> >> "Increased size of DNS responses due to larger addresses might be 
> >> exploited for DDos attacks"
> >> 
> >> That's not even significant. Have you looked at the size of DNS 
> >> responses? The increased size of the address pales in comparison to
> >> the amount of other data already stuffed into the packet.
> > 
> > It's been ages since I looked at that link and longer addresses
> > would certainly be needed anyway but certainly with DNSSEC again
> > concocted by costly unthoughtful and unengaging groups who chose to
> > ignore DJB and enable amplification attacks.
> 
> What from DJB did they ignore? I honestly don't know what you're talking
> about.
> 

They completely ignored dnscurve.org or that RSA768 was not strong
enough to be a good choice and ECDSA should be looked at and most
importantly the DOS amplification (we are talking years ago). I even had
a discussion with a dns caching tools (that I do like a lot) author who
completely dismissed the potential of RSA being broken for years and
years. Guess what's come to light since.

> > 
> > His latest on the "DNS security mess"
> > 
> > http://cr.yp.to/talks/2013.02.07/slides.pdf
> 
> I've never before 

Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-11 Thread Kevin Chadwick
> Don't waste time and effort on it.  Put your
> effort into pounding away on a simple issue that people do understand...
> we're running out of IP addresses.

We have run out of unallocated ones, there are still loads of unused
ones and even more due to global NAT, and even some being released.

It is true eventually it will be an absolute problem but hopefully by
then we will have a cleaner ipv7. Lets hope ISPs get smarter as
recently they have gone downhill with all their *DANGEROUS* as cited by
snort.org and compulsory layer 7 sifting.

Until ipv6 is revised I can't see a day when there will be no ipv4.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-09 Thread Kevin Chadwick
> > 
> > Lookup ipvshit
> > 
> > I'll give you a hint.
> > 
> > The guy who wrote most of the pf firewall that MAC OSX now uses as well
> > as QNX, the latest version originating from OpenBSD and being far better
> > than iptables has bought up lots of ipv4 just to stay away from ipvshit.
> >   
> 
> Tried searching for it. You're going to have to provide some useful
> direct reference, because a basic search wasn't very illuminating.

Perhaps Google doesn't approve of swear words?!

http://marc.info/?l=openbsd-misc&m=129666298029771&w=2

http://marc.info/?l=openbsd-misc&m=135325826302392&w=2

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-09 Thread Kevin Chadwick
> "There is no reason to believe that IPv6 will result in an increased use
> of IPsec."
> 
> Bull. The biggest barrier to IPsec use has been NAT! If an intermediate
> router has to rewrite the packet to change the apparent source and/or
> destination addresses, then the cryptographic signature will show it,
> and the packet will be correctly identified as having been tampered with!
> 

It's hardly difficult to get around that now is it. You are wrong the
biggest barrier is that it is not desirable to do this as there are
many reasons for firewalls to inspect incoming packets. I don't agree
with things like central virus scanning especially by damn ISPs using
crappy Huawei hardware, deep inspection traffic shaping rather than
pure bandwidth usage tracking or active IDS myself but I do agree
with scrubbing packets.

> With IPsec, NAT is unnecessary. (You can still use it if you need
> it...but please try to avoid it!)
> 

Actually it is no problem at all and is far better than some of the
rubbish ipv6 encourages client apps to do. (See the links I sent in the
other mail)

> Re "DNS support for IPv6"
> 
> "Increased size of DNS responses due to larger addresses might be
> exploited for DDos attacks"
> 
> That's not even significant. Have you looked at the size of DNS
> responses? The increased size of the address pales in comparison to the
> amount of other data already stuffed into the packet.

It's been ages since I looked at that link and longer addresses would
certainly be needed anyway but certainly with DNSSEC again concocted by
costly unthoughtful and unengaging groups who chose to ignore DJB
and enable amplification attacks.

His latest on the "DNS security mess"

http://cr.yp.to/talks/2013.02.07/slides.pdf

> "An attacker can connect to an IPv4-only network, and forge IPv6 Router
> Advertisement messages. (*)"

> Again, this depends on them being on the same layer 2 network segment.

> The same class of attacks would be possible for any IPv4 successor that
> implemented either RAs or DHCP.

Neither of which I use.

As I said we would be here all day and that link wasn't as good as the
one I was actually looking for.

local NAT done right is no problem and actually a good thing and I have
no issues playing games, running servers or anything else behind NAT.
Global NAT works well enough but isn't a good thing and wouldn't exist
if they had simply added more addresses quickly. The hardware uptake
would have been no issue rather than a decade of pleads.

We haven't even touched on the code yet and so all the vulnerable
especially home hardware which yes often has vulnerable sps anyway but
by no way just home hardware.

The ipvshit links give an insight into the code complexity. Note
OpenBSDs kernel which is very secure (unlike Linux whose primary goal is
function) and has had just a few remote holes in well over a decade, one
of which was in ipv6 and which I had avoided without down time because I
won't and what's more shouldn't use ipv6 wherever possible and had
actually removed it from the kernel all together.

If I am Trolling rather than simply trying to make people aware then
stating ipv6 is wonderful is Trolling just as much or more.

Regards,
Kc

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-08 Thread Kevin Chadwick
> Unfortunately, your logic is flawed.
> 
> Where would you put the additional bits of address?
> 
> That would involve rewriting the IP Header.
> 

Your assumption that I do not know that is flawed. I did a review of
ipv6 before it was released and determined ipv4 to be superior then.
That was before I was shown some of the bad sides more recently.

> And while we're at it, why not *totally* remake IP based on decades of
> observation & experience?
> 

Who's observations and who's experience. Not everyones that's for damn
sure.

> Hence, IPv6.

Lookup ipvshit

I'll give you a hint.

The guy who wrote most of the pf firewall that MAC OSX now uses as well
as QNX, the latest version originating from OpenBSD and being far better
than iptables has bought up lots of ipv4 just to stay away from ipvshit.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-08 Thread Kevin Chadwick
> > What would have been best, could have been done years ago and not cost
> > lots of money and even more in security breaches and what I meant by
> > ipv5 and would still be better to switch to even today with everyone
> > being happy to switch to it is simply ipv4 with more bits for address
> > space.  
> 
>   This should be FAQ entry zero for the IPV6 FAQ... *NO* you can *NOT*
> add more bits to IPV4, and still have it backwards compatable.  It won't
> work... period... end of story.  Every piece of hardware and software
> that deals with IPV4 has the concept of 32 bits *HARD-CODED* into it.
> Switching over to IPV4-extended would be just as painfull as switching
> over to IPV6.

No it would not, the headers would be different. All the hardware would
have already updated because there would be no bad sides and it would
have been released something like 15 years ago. But lets not discuss
them as we would be here for an eternity and there are already whole
websites dedicated to just that.

I re-iterate it would be worth hardware not being backwards compatible
again to go to ipv4 with large address space today.

http://www.hackingipv6networks.com/past-trainings/hip2011-hacking-ipv6-networks.pdf

That's just on security. There's a whole bad side to it's functionality
too.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-08 Thread Kevin Chadwick
> >> 1. The craziness of trying to conserve IPv4 space
> >> 2. NAT. Finally, a good solid techical reason to make NAT just go away
> >> and stay away. Permanently. Forever.  
> > 
> > It's a great shame that isn't all it fixed (ipv5), then your job
> > wouldn't have been so hard and there wouldn't be any reason for many of
> > us to cling to ipv4 of which there are many strong reasons that are far
> > far worse than NAT.
> > 
> >   
> 
> IPv5 never really existed.
> 
> http://www.oreillynet.com/onlamp/blog/2003/06/what_ever_happened_to_ipv5.html

First I've heard of ST or an actual ipv5 but sounds like they had
dropped a layer. Having options like tcp or udp is a good thing.

What would have been best, could have been done years ago and not cost
lots of money and even more in security breaches and what I meant by
ipv5 and would still be better to switch to even today with everyone
being happy to switch to it is simply ipv4 with more bits for address
space.

If I got an ISP who only offers me IPV6 I would drop the ISP before the
IPV4!

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] {OT} RAM & apache MaxClients (rock & a hard place)

2013-03-08 Thread Kevin Chadwick
> I can probably dump a lot of apache config.  I still need SSL on both
> servers even though only nginx faces the user?

Perhaps you need Apache for certain pages otherwise this is simply a
quick fix which is fair enough, we always like those at times but it
sounds to me like you could have gained more by simply switching Apache
for nginx or tuning your max.

Running both is actually wasting a little memory though you may have
gained over just Apache.

How web proxies with optional caches usually work such as OpenBSDs
relayd is to keep track of requests perhaps using higher layer info and
share the load among multiple web servers, perhaps adding headers to
keep everything functional.


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?

2013-03-08 Thread Kevin Chadwick
> 1. The craziness of trying to conserve IPv4 space
> 2. NAT. Finally, a good solid techical reason to make NAT just go away
> and stay away. Permanently. Forever.

It's a great shame that isn't all it fixed (ipv5), then your job
wouldn't have been so hard and there wouldn't be any reason for many of
us to cling to ipv4 of which there are many strong reasons that are far
far worse than NAT.


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Changing static IP remotely...

2013-02-28 Thread Kevin Chadwick
> Probably the safest thing you can do

I use install scripts and so can have two system copies in tandem easily
(aided by OpenBSD being simply brilliant with 0 kernel updates) and
test out any procedure for a remote server locally with a VM before
doing anything.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Amazon-Instant video

2013-02-13 Thread Kevin Brandstatter
No thats not it, i am using the adobe plugin not pepperflash.
This is the message that I get

http://imgur.com/LoNB9RV

-Kevin

On 02/12/2013 09:14 AM, Bruce Hill wrote:
> On Tue, Feb 12, 2013 at 01:32:10AM -0600, Kevin Brandstatter wrote:
>> I just got amazon prime for the instant videos (among other things) and
>> figured i should
>> be able to watch it on linux since its in flash.
>> However, I have had no luck getting it to play an instant video,
>> i've narrowed it down to videos with DRM, (because trailers play fine
>> and DRM screws up everything)
>> Google searches come up that it needs HAL (which is deprecated)
>> I even managed to install HAL, and still no luck
>>
>> i keep getting "error occurred and your player cannot be updated"
>> I have the latest flash, chrome and firefox. (tried both)
>>
>> Just wondering if others are having the same trouble or if someone has a
>> solution.
>>
>> -Kevin
> Is this attached screenshot the type of message you get? If so, you should
> have clicked on the link there which states "Why can't I watch videos on my
> Chrome browser in Linux?" ... and this is the message it provides:
>
> The Flash Player Plugin in Chrome removed support for Digital Rights
> Management (DRM) in Linux as part of the upgrade from 11.3 to 11.4. This
> upgrade was bundled with the latest Chrome 22 update for Linux. If you applied
> the Chrome update, you are no longer able to watch DRM-protected content, such
> as movies and TV episodes. Trailers are unaffected as they do not use DRM. To
> get around this issue, you can use a different browser, such as Firefox. For
> information on Chrome and the Flash Player plug-in, see:
> https://support.google.com/chrome/bin/answer.py?hl=en&answer=108086.
>
> My Gentoo workstation is using firefox-18.0.1 and just updated to
> adobe-flash-11.2.202.262 but won't play the free instant video I tried.
>
> Since that's the latest version of flash in portage, I supposed you could try
> and get the later source and create a local overlay and try that.




signature.asc
Description: OpenPGP digital signature


Re: [Bulk] Re: [Bulk] Re: [gentoo-user] Re: systemd-197-r1 starts gdm-3.6.2 [now gnome3]

2013-02-13 Thread Kevin Chadwick
> If you can't find the power off button in a modern GNOME installation
> you have to be quite blind... of course, I don't even use it when I
> have it, powering off from the console and all.

I guess you haven't seen the mountains of users who didn't consider
holding ALT to change the suspend option to power off from the
desktop and why would they???

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] systemd-197-r1 starts gdm-3.6.2 [now gnome3]

2013-02-13 Thread Kevin Chadwick
> Do Gnome devs know how to spell "fork"?

I think not they have an accent and keep saying

'pass me the fork an knife'

Puzzled why they only got a knife they just get their heads down and
start cutting away due to the funny look from the passer.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] systemd-197-r1 starts gdm-3.6.2 [now gnome3]

2013-02-13 Thread Kevin Chadwick
> I'd still really like someone who groks what Gnome3 is all about to fill
> in these blanks in my understanding with truthiness ;-)

Apparently the main drive is to have a brand, so a constant and so
simple look is recognised as a Gnome/? machine. A bit pointless if
no-one uses it or changes to something better (negative brand).

>> The gnome3 devs may intend to restore the missing stuff at some point, but I
>> don't know, and meanwhile I'm frustrated and my attitude is deteriorating.

Certainly not all unless they change the 'Brand' position.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] Re: systemd-197-r1 starts gdm-3.6.2 [now gnome3]

2013-02-13 Thread Kevin Chadwick
> I'm happy to be shown to be wrong and to be shown where Gnome3 has merit
> for being itself, where it can proudly stand on it's own. But I'm just
> not seeing it yet

I thought the following brilliant feature was obvious?

So your Gran has absolutely no chance of finding the "power off" button
so that you can spy on her bedroom TV's camera ;-)


p.s. In case your wondering, all my grans are long dead, you sick

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



[gentoo-user] Amazon-Instant video

2013-02-11 Thread Kevin Brandstatter
I just got amazon prime for the instant videos (among other things) and
figured i should
be able to watch it on linux since its in flash.
However, I have had no luck getting it to play an instant video,
i've narrowed it down to videos with DRM, (because trailers play fine
and DRM screws up everything)
Google searches come up that it needs HAL (which is deprecated)
I even managed to install HAL, and still no luck

i keep getting "error occurred and your player cannot be updated"
I have the latest flash, chrome and firefox. (tried both)

Just wondering if others are having the same trouble or if someone has a
solution.

-Kevin



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-user] {OT} LWP::UserAgent slows website

2013-02-07 Thread Kevin Brandstatter
A little more infromation would help. like what webserver, what kind of
requests, etc

-Kevin

On 02/06/2013 07:13 PM, Grant wrote:
> I have a script that makes 6 successive HTTP requests via
> LWP::UserAgent.  It runs fine and takes only about 3 seconds, but
> whenever it is run I start receiving alerts that my website is
> responding slowly to requests.  This lasts for up to around 10
> minutes.  I've tried turning the timeout down to 3 seconds and I've
> tried LWPx::ParanoidAgent but the behavior is the same.
>
> Can anyone tell me how to go about tracking this down?
>
> - Grant
>




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-user] ebtables on Gentoo?

2013-01-29 Thread Kevin Chadwick
> So anyway, my memory of this is all very wishy-washy, but ebtables
> turned out to be the best way to implement those inter-VM restrictions.
> It could probably have been done in iptables, but ebtables made it easy
> to say "don't let these two talk."

I don;t know the details but I expect that would be a false sense of
security and that you would want a secure switch or ssh or ipsec.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] *draft* for setting up network bridge with systemd (for qemu/kvm)

2013-01-29 Thread Kevin Chadwick
> And, BTW, I didn't mean "behind" in the sense that Gentoo doesn't
> support systemd; I meant "behind" in the sense that us systemd users
> get a lot flak just by mention it in the list.


And that's exactly why I see Gentoo as being ahead and actually your
talking about a few of the IMO more moronic distributions. The majority
have rejected systemd but lets just agree to disagree before we start
talking about API'sSNIP... and Startup scripts being GENERIC and
easy to understand and very different to controller code.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Kernel Questions

2013-01-23 Thread Kevin Chadwick
> Anything newer is a vast improvement, especially Core2 and newer.

As long as you ignore the unfixable security issues even by microcode of
core2 duos ;-).

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Kernel Questions

2013-01-23 Thread Kevin Chadwick
> > Overheating problem? Considering it's about a Pentium 4, that seems a likely
> > cause.  
> 
> Which P4 i has not so probs. The probs come with Atom.

Older systems used to reset on overheat so it was obviously hardware.
Newer cpus actually halt and then continue operation. Most of the time
you won't notice, your laptop will just run slower than the spec would
suggest. Some laptops never actually use the cpu fully from day one and
so things like dust or a failing fan may make it very noticeable.

Could be lots of things but I would check your temp sensors from
the os or bios before the kernel.


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Re: System won't boot if CMOS clock is slow

2013-01-17 Thread Kevin Chadwick
> So it is Linux' fault, that your mate used crap Hardware? That is great!
> let us blame it for the weather too. And stubbed toes.

Well the point was that if OpenBSD had an auto update function I could
have installed that and he would still be using OpenBSD happily. If
Linux did what OpenBSD does then he would be a happy linux user, well
aside from wanting Itunes, though I'm under the impression that's been
sorted quite well now.

As far as he was concerned he had a fscking watch, what's wrong with
this fscking piece of.. or words to that affect and really he was right.

The alternative was Vista which took and I mean no joke like 15 mins to
finish booting, despite a cleanup and the drive checked out ok. He had
just started a gym and couldn't afford extra ram at the time.

No need to get touchy, simply real facts, better aired than ignored. Not
a great loss or anything.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Re: System won't boot if CMOS clock is slow

2013-01-16 Thread Kevin Chadwick
> I have had systems in the past who refused to boot because the
> motherboard time was off, and at first it looked like that was the
> problem again.

OpenBSD takes the time from the filesystem in that case and boots. I
wish linux did. I had a mate who used to ring me up everytime his mother
in law unplugged the laptop and it was a laptop that's cmos was a pain
to replace. I believe he ended up in 2034 or something after a few
months because I told him the bios key and meant he could avoid
fsck that sometimes gave him various problems =-)

He was anti slow machines (Vista) and liked linux after being
skeptical. I can't see him trying linux again now :-(

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] java vs icedtea6

2013-01-15 Thread Kevin Brandstatter
I'm curious as well about the potential exploitability of icedtea. I
would think that since the icedtea vm is not the same as the sun/oracle
one and so I don't think the code base is the same, which would mean an
exploit in the sun/oracle jvm would not necessarily affect icedtea.
However, I know very little on this matter and seeing as i think both
are open sourced i have no idea how much or if there is any code overlap.

-Kevin

On 01/15/2013 06:32 PM, William Kenworthy wrote:
> Looking for comments:
>
> A while back I removed java during an upgrade on my main desktop system
> and left icedtea6-bin in place without any noticeable effect.
>
>
> Presumably icedtea6 suffers the same java bug (cant find anything in
> their bugzilla though?) thats got everybody riled at the moment, though
> the last security bug on gentoo bugzilla is 2011.
>
>
> I am happy not using a mainstream java and avoiding the fuss that goes
> with dealing with oracles nonsense download restrictions but have two
> questions:
>
> 1. are there any "real" problems with using icedtea6?
>
> 2. icedtea6 and icedtea6-bin ... any difference in features? - I have
> had a much more stable experience with openoffice vs openoffice-bin so
> presume build yourself would be the same here?
>
>
> The questions may seem redundant seeing I am using both icedtea and java
> on various systems, but others experience may not be the same, or have
> more knowledge which would be useful before I move everything over.
>
> BillK
>
>




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-user] Re: Gigabyte wont boot

2013-01-13 Thread Kevin Chadwick
> If all else fails, maybe it is dead. 

Yeah no beep equals cpu | ram | mb

Check 

if pin 1 on the cpu is in the right place and cpu power cables right
and no bent pins.
The cpu and ram are compatible with the mb.
Hoover the ram slot and reseat
If your second mb works you could try the cpu and ram seperately in
the working mb to eliminate the problems/problems bearing in mind they
could damage the working mb.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] Questions about systemd logging

2013-01-10 Thread Kevin Chadwick
On Thu, 10 Jan 2013 23:46:29 +0700
Robin Atwood  wrote:

> Thanks for the tips, now I can get more output to tty1 if I want. I
> still can't get any systemd messages to syslog-ng, however. A bit of
> a mystery. 

This may be way off as I expect systemd to never shape up to a point
that I will use it, but with a bit of luck this may point you in the
right direction. On Arch systemd avoiders had to change their
syslog-ng.conf to the following to get their logging back.

source src {
unix-dgram("/dev/log");
internal();
file("/proc/kmsg");
};



Re: [gentoo-user] Processes hang - system dies

2013-01-08 Thread Kevin Chadwick
> > > **
> > > 
> > > I have a very severe problem after a recent disk replacement. After a few 
> > >  
> >   
> > > days running, all new processes just hang. The kernel reports:  
> > My guess is disk failing or kernel bug. Install smartmontools and see if
> > smartctl -H  returns anything interesting.
> > 
> > What kernel are you using? Try 3.7.1 if you're not already using that.  
> 
> That's my feeling too, since smartd is reporting sectors failing by the 
> dozen. 
> However the smartctl -H test gave me a clean bill of health. The kernel is 
> 3.6.8, I have already upgraded with no improvement.

Personally I wouldn't try changing anything initially if it worked
before the disk change.

I would try a read-write test of the disk or use dd to write or read
many sectors possibly under >1 OS and machine depending on what
happens. Is SMART enabled in your BIOS?

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] E17 lock screen

2013-01-04 Thread Kevin Brandstatter
Sure, ive attached one to this email.

-Kevin


On 01/03/2013 03:08 PM, Robert David wrote:
> This is wired, can you post screenshot?
>
> There does not seem to be some condition in code.
>
> Robert.
>
> On Thu, 03 Jan 2013 12:27:41 -0600
> Kevin Brandstatter  wrote:
>
>> i cleared out the  configs when i installed the release. Suspend
>> works, it even locks now, but i still cant change the settings. no
>> dbus problems that i can see
>>
>> -Kevin
>>
>> On 01/03/2013 04:26 AM, Robert David wrote:
>>> Did you try e with new config with e-17 release? Or you had some
>>> previous configs and was replaced with release. Because there was
>>> some config upgrade and old configs did not work and some was not
>>> replaced correctly (mixer gadget).
>>>
>>> And suspendig with E works ok? You use pm-suspend? Dont you have
>>> some dbus problems? As the events are send through dbus I think,
>>> for me it works even with running pm-suspend from console (E locks
>>> screen).
>>>
>>> Robert.
>>>
>>>
>>> On Thu, 03 Jan 2013 03:51:34 -0600
>>> Kevin Brandstatter  wrote:
>>>
>>>> The problem is the option to lock screen on suspend is greyed out
>>>> and uncheckable.
>>>> Did try building with all modules
>>>>
>>>> -Kevin
>>>>
>>>> On 12/28/2012 04:16 AM, Robert David wrote:
>>>>> Hi Kevin,
>>>>>
>>>>> what exactly you missing on screen lock in E17? I use E17 and
>>>>> screen lock is ok when suspending. It does not need some
>>>>> xscreenlock stuff, it is just part of e. Just check
>>>>> settings->sceen->screen_lock and checkin lock_on_suspend. Thats
>>>>> all:)
>>>>>
>>>>> If you missing something, just make sure you build with all the
>>>>> modules flags.
>>>>>
>>>>> x11-wm/enlightenment-0.17.0 was built with the following:
>>>>> USE="nls pam spell udev ukit -doc -emotion -static-libs"
>>>>> ENLIGHTENMENT_MODULES="access backlight battery clock comp
>>>>> conf-applications conf-dialogs conf-display conf-edgebindings
>>>>> conf-interaction conf-intl conf-keybindings conf-menus conf-paths
>>>>> conf-performance conf-randr conf-shelves conf-theme
>>>>> conf-window-manipulation conf-window-remembers connman cpufreq
>>>>> dropshadow everything fileman fileman-opinfo gadman ibar ibox
>>>>> illume2 mixer msgbus notification pager quickaccess shot start
>>>>> syscon systray tasks temperature tiling winlist wizard xkbswitch"
>>>>>
>>>>>
>>>>> Robert.
>>>>>
>>>>>
>>>>> On Thu, 27 Dec 2012 18:51:26 -0600
>>>>> Kevin Brandstatter  wrote:
>>>>>
>>>>>> On 12/27/2012 05:16 PM, Mick wrote:
>>>>>>> On Saturday 22 Dec 2012 01:29:57 Kevin Brandstatter wrote:
>>>>>>>> So e17 just came out and ive been using for a bit. The only
>>>>>>>> problem ive had with it is that i cant check the option to lock
>>>>>>>> the screen on suspend. I don't think this is a problem on some
>>>>>>>> of the other distributions so thought it could be a policy
>>>>>>>> problem on gentoo.
>>>>>>>>
>>>>>>>> Curious if anyone else uses e17/has this problem and maybe a
>>>>>>>> fix. or just for suggestions of where to look
>>>>>>> I can't select it here either, but I suspect that this may be
>>>>>>> because I do not use xscreenlock or equivalent.
>>>>>>>
>>>>>>> Have you tried posting either at the e17 or the
>>>>>>> enlightenm...@gentoo.org mailing lists?
>>>>>> yes I first posted to the e17-users list. It was working for
>>>>>> other people so i thought it might be distro specific, I emerged
>>>>>> xscreensaver to see if that would fix it at all but no luck. I
>>>>>> had this problem a while ago and i think it had something to do
>>>>>> with polkit settings
>>>>>>
>>>>>> -Kevin
>>>>>>
>>
>

<>

signature.asc
Description: OpenPGP digital signature


Re: [Bulk] RE: [gentoo-user] Re: Anyone switched to eudev yet?

2013-01-04 Thread Kevin Chadwick
On Fri, 4 Jan 2013 18:22:37 -0500
"Mike Edenfield"  wrote:

>  I have never personally run into any case
> where I had a single /+/usr and regretted it, but I *have* encountered
> situations where I could not get /usr mounted and ended up merging it
> with /. FWIW, YMMV, etc.

And why was that, not udev? What is your point, others have avoided
regretting it by having a seperate /usr.

> 
> I can tell you that Pandu's analogy vis a vis Windows is a bit
> flawed. What Windows has done recently is (by default for clean
> installs) to split the boot loader and related bootstrap code into a
> separate partition from the actual operating system. Claiming that
> this is analogous to / and /usr is quite a stretch. It is much more
> accurate to make it analogous to / and /boot. The System Partition
> has no "Windows" files on it, just the equivalent to grub (and it's
> also used if you have BitLocker, to decrypt your boot partition).
> 
> Which, to me, means it has absolutely nothing to do with the current
> discussion one way or the other :)

He did define the fact that he mentioned it because he claimed the
repair tools are stored in a small seperate partition like / or root is
defined in the FHS which means he brought more to the discussion than
you just have. 

In any case there are major benefits to having Windows with program
files on a seperate partition and you shouldn't be stopped from having a
seperate /usr without good reason and which there is not or if there is
good reason in a hidden agenda/future plan it has not been brought to
any discussion, note though that lies and mystery have. Broken
for years indeed, more like tiny issues that few care about and so
haven't been fixed by default.

I re-assert that eudevs mentioning of moving potentially less
stable/audited or even arbitrary code to later in the boot process is
also welcomed by me.



Re: [gentoo-user] Re: udev downgrade

2013-01-04 Thread Kevin Chadwick
On Fri, 04 Jan 2013 13:52:29 -0600
"Dustin C. Hatch"  wrote:

> You'll probably want to do this in single user mode (i.e. 
> `rc single`), so running programs don't crash suddenly. A reboot 
> afterward is probably a good idea as well.

I'm interested in what may crash, do you mean after logging out and in
again etc.. I have started and stopped udev in the past during testing
without any apparent problems.



Re: [gentoo-user] Firefox and ssl

2013-01-04 Thread Kevin Chadwick
On Fri, 4 Jan 2013 12:18:45 -0500
Michael Mol  wrote:

> On Fri, Jan 4, 2013 at 12:13 PM, Mick 
> wrote:
> >
> > On Friday 04 Jan 2013 12:45:01 Robert David wrote:
> >> Hi all,
> >>
> >> anyone have problem with firefox and selfsigned ssl? I tryed
> >> firefox and firefox-bin.
> >>
> >> Firefox:
> >> Problem loading page: Secure connection failed.
> >>
> >> Firefox-bin:
> >> No problem loading page.
> >>
> >>
> >> I tryed with/without system-sqlite. Rebuild nss. Nothing helped.
> >>
> >>
> >>
> >> Robert David
> >
> > Hmm  it should flag up a warning and once you accept it there
> > shouldn't be a problem connecting.
> 
> Some browsers (I don't know if FF is one of them) won't allow bypass
> depending on the cert details. I've seen "the server has requested
> strict validation" before.
> 
> 
> --
> :wq
> 

Not seen certs that do that but HSTS http headers can prevent override.
Unfortunately even though an incorrect clock is perfectly acceptable to
SSL it is not to HSTS. I expect to hear user complaints getting
play.com to disable HSTS due to flat bios batteries (and no NTP is
seemingly no answer to this problem). My preference is a
compulsory header redirect to ssl. I've suggested a disable HSTS option
enabled by setting the mozilla master password. In any case he said it
worked in one copy of firefox so It's unlikely to be the culprit. I
assume you tested with the same url?



Re: [gentoo-user] Anyone succeeded with kmail2?

2013-01-03 Thread Kevin Chadwick
On Thu, 3 Jan 2013 18:24:13 +
I wrote:

> it's very
> few tabs

If tabs are the irritation to scroll open mail, try three column view to
reduce the likelihood or small screen view which only needs arrows enter
and escape.



Re: [gentoo-user] E17 lock screen

2013-01-03 Thread Kevin Brandstatter
i cleared out the  configs when i installed the release. Suspend works,
it even locks now, but i still cant change the settings. no dbus
problems that i can see

-Kevin

On 01/03/2013 04:26 AM, Robert David wrote:
> Did you try e with new config with e-17 release? Or you had some
> previous configs and was replaced with release. Because there was some
> config upgrade and old configs did not work and some was not replaced
> correctly (mixer gadget).
>
> And suspendig with E works ok? You use pm-suspend? Dont you have some
> dbus problems? As the events are send through dbus I think, for me it
> works even with running pm-suspend from console (E locks screen).
>
> Robert.
>
>
> On Thu, 03 Jan 2013 03:51:34 -0600
> Kevin Brandstatter  wrote:
>
>> The problem is the option to lock screen on suspend is greyed out and
>> uncheckable.
>> Did try building with all modules
>>
>> -Kevin
>>
>> On 12/28/2012 04:16 AM, Robert David wrote:
>>> Hi Kevin,
>>>
>>> what exactly you missing on screen lock in E17? I use E17 and screen
>>> lock is ok when suspending. It does not need some xscreenlock
>>> stuff, it is just part of e. Just check
>>> settings->sceen->screen_lock and checkin lock_on_suspend. Thats
>>> all:)
>>>
>>> If you missing something, just make sure you build with all the
>>> modules flags.
>>>
>>> x11-wm/enlightenment-0.17.0 was built with the following:
>>> USE="nls pam spell udev ukit -doc -emotion -static-libs"
>>> ENLIGHTENMENT_MODULES="access backlight battery clock comp
>>> conf-applications conf-dialogs conf-display conf-edgebindings
>>> conf-interaction conf-intl conf-keybindings conf-menus conf-paths
>>> conf-performance conf-randr conf-shelves conf-theme
>>> conf-window-manipulation conf-window-remembers connman cpufreq
>>> dropshadow everything fileman fileman-opinfo gadman ibar ibox
>>> illume2 mixer msgbus notification pager quickaccess shot start
>>> syscon systray tasks temperature tiling winlist wizard xkbswitch"
>>>
>>>
>>> Robert.
>>>
>>>
>>> On Thu, 27 Dec 2012 18:51:26 -0600
>>> Kevin Brandstatter  wrote:
>>>
>>>> On 12/27/2012 05:16 PM, Mick wrote:
>>>>> On Saturday 22 Dec 2012 01:29:57 Kevin Brandstatter wrote:
>>>>>> So e17 just came out and ive been using for a bit. The only
>>>>>> problem ive had with it is that i cant check the option to lock
>>>>>> the screen on suspend. I don't think this is a problem on some
>>>>>> of the other distributions so thought it could be a policy
>>>>>> problem on gentoo.
>>>>>>
>>>>>> Curious if anyone else uses e17/has this problem and maybe a fix.
>>>>>> or just for suggestions of where to look
>>>>> I can't select it here either, but I suspect that this may be
>>>>> because I do not use xscreenlock or equivalent.
>>>>>
>>>>> Have you tried posting either at the e17 or the
>>>>> enlightenm...@gentoo.org mailing lists?
>>>> yes I first posted to the e17-users list. It was working for other
>>>> people so i thought it might be distro specific, I emerged
>>>> xscreensaver to see if that would fix it at all but no luck. I had
>>>> this problem a while ago and i think it had something to do with
>>>> polkit settings
>>>>
>>>> -Kevin
>>>>
>>
>




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-user] Anyone succeeded with kmail2?

2013-01-03 Thread Kevin Chadwick
On Thu, 03 Jan 2013 18:09:27 +0100
"Peter Humphrey"  wrote:

> Thanks for your thoughts Alan. I didn't like Claws much last time I
> tried it, but then that was some time ago.
> 
> Does anyone recommend a mail client that doesn't rely too heavily on
> the mouse? I much prefer to navigate, reply etc with the keyboard.
> I've seen Evolution recommended; is that OK?
> 
> Meanwhile I'm having to use my ISP;s webmail service.

I love claws but perhaps you should ask on the claws mailing list I
thought it was too mouse heavy too but when I actually look it's very
few tabs, arrows, enter and ctrl-R to reply etc. and the
configurability of claws may help too, though I can't see if you can
assign shortcuts to custom commands/actions.

The manual says this but I can't find out how to change those shortcuts
'on the fly' myself after a quick try. I shall certainly be using the
mouse less now anyway ;-)

_

B. Default keyboard shortcuts
B.1. Motivations and general conventions

Although Claws Mail is a graphical application and can mainly be
commanded with your mouse, it also requires the frequent use of the
keyboard. Composing a mail is the most common of the tasks that require
the use of the keyboard. For people who write a lot of mails, having to
move hands from keyboard to mouse greatly reduces productivity, so
Claws Mail provides keyboard shortcuts to allow faster operation.

This not only benefits power users by providing keyboard alternatives
and keyboard navigation, it also enables people with disabilities, (who
may not be able to properly control a pointing device), to use Claws
Mail.

The most general convention is the Escape key. Focused dialogues or
windows can be closed by hitting the Esc key.

There are other key combinations which are assigned by default to menu
items. We won't list these here, as they are already shown on the
righthand side of the menus themselves, so you can easily learn them
with usage. Furthermore, if you don't like them, these shortcuts can be
changed on the fly by focusing on the menu item and pressing the
desired key combination.

In addition to these shortcuts there are others which vary from window
to window, which are summarised in the following sections. 
_



Re: [gentoo-user] E17 lock screen

2013-01-03 Thread Kevin Brandstatter
The problem is the option to lock screen on suspend is greyed out and
uncheckable.
Did try building with all modules

-Kevin

On 12/28/2012 04:16 AM, Robert David wrote:
> Hi Kevin,
>
> what exactly you missing on screen lock in E17? I use E17 and screen
> lock is ok when suspending. It does not need some xscreenlock stuff, it
> is just part of e. Just check settings->sceen->screen_lock and checkin
> lock_on_suspend. Thats all:)
>
> If you missing something, just make sure you build with all the modules
> flags.
>
> x11-wm/enlightenment-0.17.0 was built with the following:
> USE="nls pam spell udev ukit -doc -emotion -static-libs"
> ENLIGHTENMENT_MODULES="access backlight battery clock comp
> conf-applications conf-dialogs conf-display conf-edgebindings
> conf-interaction conf-intl conf-keybindings conf-menus conf-paths
> conf-performance conf-randr conf-shelves conf-theme
> conf-window-manipulation conf-window-remembers connman cpufreq
> dropshadow everything fileman fileman-opinfo gadman ibar ibox illume2
> mixer msgbus notification pager quickaccess shot start syscon systray
> tasks temperature tiling winlist wizard xkbswitch"
>
>
> Robert.
>
>
> On Thu, 27 Dec 2012 18:51:26 -0600
> Kevin Brandstatter  wrote:
>
>> On 12/27/2012 05:16 PM, Mick wrote:
>>> On Saturday 22 Dec 2012 01:29:57 Kevin Brandstatter wrote:
>>>> So e17 just came out and ive been using for a bit. The only problem
>>>> ive had with it is that i cant check the option to lock the screen
>>>> on suspend. I don't think this is a problem on some of the other
>>>> distributions so thought it could be a policy problem on gentoo.
>>>>
>>>> Curious if anyone else uses e17/has this problem and maybe a fix.
>>>> or just for suggestions of where to look
>>> I can't select it here either, but I suspect that this may be
>>> because I do not use xscreenlock or equivalent.
>>>
>>> Have you tried posting either at the e17 or the
>>> enlightenm...@gentoo.org mailing lists?
>> yes I first posted to the e17-users list. It was working for other
>> people so i thought it might be distro specific, I emerged
>> xscreensaver to see if that would fix it at all but no luck. I had
>> this problem a while ago and i think it had something to do with
>> polkit settings
>>
>> -Kevin
>>
>




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-user] Re: [OT] codec for video embedded in presentation

2013-01-01 Thread Kevin Chadwick
On Tue, 1 Jan 2013 13:16:25 -0200
Francisco Ares  wrote:

> I don't think so. Most of them are very basic level users, and they
> just have to have the same software, and it's gotta be from M$ -
> nothing out of main stream.
> 
> But what is your point?

Boot an OS with office that works and as long as you can boot it should
be a near certainty of working. PDF presentations may be another option
to investigate but I imagine you may hit problems.

I've found mpeg2 to be the most likely supported video format but still
not quite run everywhere. There isn't one. Hopefully webm will do one
day, it is the only decent one with compression that can.



Re: [gentoo-user] Re: [OT] codec for video embedded in presentation

2012-12-31 Thread Kevin Chadwick
On Sun, 30 Dec 2012 21:35:52 -0200
Francisco Ares  wrote:

> If my colleagues would at least be kind enough to have OpenOffice
> installed on their machines also...

Will they let you boot a usb?



Re: [gentoo-user] Re: Heads up if you start X with startx; xorg-server suid flag

2012-12-31 Thread Kevin Chadwick
On Mon, 31 Dec 2012 22:06:00 +0800
kwk...@hkbn.net wrote:

> > That already has a de-facto answer; USE="suid" must be on by default
> > as without it users cannot run a desktop (xorg-server does not yet
> > run without root permissions)  

I use some hackery to run startx on some systems as a normal user on
linux and without suid. The only important things that break on these
systems is hotplugging mice etc. and which could be quite easily fixed
if it was worth the time. I've found a log out triggering a relaunch
good enough with 0 complaints for now.

> 
> But(!) if one uses a login manager, xorg server would only be ever be
> run by root, right?  

On Linux maybe but the default on OpenBSD is for X to run as the X11
user and xdm to run as root.

> Hence the use flag rather than a must like, e.g.,
> sys-apps/shadow (and the question whether the dangerous suid should be
> set in desktop profiles instead of default on even for hardened).



Re: Should /usr be merged with /? (Was: Re: [gentoo-user] Re: Anyone switched to eudev yet?)

2012-12-30 Thread Kevin Chadwick
On Sun, 30 Dec 2012 20:19:44 +0800
Mark David Dumlao  wrote:

> > I'd certainly be happy "fixing" FHS to say that tools for mounting
> > and recovering "essential system partitions" be located in /, and
> > that these "essential system partitions" contain the tools for
> > mounting and recovering non-essential partitions.  
> 
> The beef with the comment on /home being nonessential is besides the
> point, /usr, /var, or /opt could have been some special case FUSE
> filesystem, making it still impossible to predict which files _should_
> be in /. The more relevant matter here is that plan FHS, in
> combination with FUSE, makes that difficult.

That's not best practice though is it and I completely disagree with the
rules you seem to believe the english language has too. 

It is not a difficult problem, just FUSE is not expected or intended
for that, if that changes it is easily fixed immediately by the admin
or by the packager preferably in concert with some root management body
or project. 

Many/All of these issues that have come up are actually of 0 effect, we
are not talking about preventing users from merging them as most Linux
users do because they just hit ok ok ok in ubuntus installation but
about a major degradation due to some devs whim and without I might add
proper community involvement or commentry ALLOWED. One things for sure
real problems will arise directly due to this merge if this merge
becomes standard and possibly with won't fixes used leading to
pointlessly breaking existing servers and linux becoming even more of an
unorganised mess.

On windows production machines I arrived at putting c: on it's own
smaller partition and program files on a larger partition. It meant I
could have many more c: backups and restore much more quickly too
resulting in much higher uptime and reduced loss in the cases that
registry restore wasn't good enough and system restore is crap. With
windows 7 it's not so beneficial as windows 7 is huge but still useful
as everything is getting huge on windows these days. You do get the
occasional dumb program perhaps fixable with a drive link within c:.

Windows 8 should be more reliable but I expect brings new issues in this
area due to app restrictions and where sandboxing could have been used
for security instead.



Re: Should /usr be merged with /? (Was: Re: [gentoo-user] Re: Anyone switched to eudev yet?)

2012-12-29 Thread Kevin Chadwick
> The latest FHS dates from 2004, the same year as the *earliest* FUSE release 
> I 
> can see on the FUSE web site.  I'd say a good working hypothesis is that FHS 
> was simply written *before* any user-space file systems were more than an 
> experimental oddity.
> 
> 
> > IF the system's /home directory is formatted as an OpenBSD partition,
> > then yes, FHS demands that tools for mounting and recovering it be in
> > /.  
> 
> 
> I'd certainly be happy "fixing" FHS to say that tools for mounting and 
> recovering "essential system partitions" be located in /, and that these 
> "essential system partitions" contain the tools for mounting and recovering 
> non-essential partitions.
> 

Which would include testdisk (As far as I know the only linux tool able
to read an OpenBSD partition) in /usr. Of course the admin is
free to move a copy of testdisk to /. No-one is saying the FHS is
perfect, I know the BSD crowd would say far from it but we want it to
move in the right not wrong direction.

> If you are wondering where I stand, I currently boot with an initramfs, since 
> I have everything except /boot located on LVM devices. This includes / and a 
> seperate /usr, done mostly from habit after 15 years of habit, and working 
> where that was the corporate standard production practice.
> 
> As to system recovery, nowdays I ususlly do that by booting from a live 
> CD/DVD 
> so I have access to all the tools when I need them. Which reminds me that I 
> need to update my rescue DVD to the latest version...

A rescue CD has the benefit of being on read only media and perhaps
including tools and perhaps enabling permissions you don't want on the
system or auditing without running anything from the system and as a
fallback but in general single user is more appropriate than both cd and
ramdisk and atleast is useful as it can be tailored to the system, is
the system and is more likely familiar to the user, a system may not
have a cd and maybe not usbs or be remote and as shown is less likely
to be upto date and so secure and so useful online, especially if you
need a host to upload the cd image.

Note: This should highlight how wrong Gregs freedesktop.org links are.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Re: Anyone switched to eudev yet? -> what was wron with SysVInit?

2012-12-28 Thread Kevin Chadwick
On Fri, 28 Dec 2012 13:14:46 -0600
Canek Peláez Valdés  wrote:

> On Fri, Dec 28, 2012 at 12:53 PM, Kevin Chadwick
>  wrote:
> > On Thu, 27 Dec 2012 17:38:15 -0600
> > Canek Peláez Valdés  wrote:
> >
> >> In SysV, I can *write* the daemon in the init script.
> >> In *that* sense, the init system tells the daemon how to do things,
> >
> > Please explain, sure there is the environment that tells a daemon
> > what to do. No shell can tell a c daemon like sshd how to drop
> > priviledges or use systrace but it could do these things for it in
> > a more fine grained manner before it tries and fails itself or if
> > the daemon wishes it to like monit. It's still not telling how but
> > duplicating or removing the need. That's just a bonus that applies
> > to all init systems because shell is so powerful on unix.
> 
> Stop thinking in sshd. I can write the *whole* daemon in shell, not in
> another script file, but inside /etc/init.d/mystupiddaemon (or
> /etc/rc.whatever); shell is Turing-complete, I can write in it
> anything I can write in C (or in assembler, or machine code). In that
> sense, the init system (which uses shell for launching daemons) can be
> used to determine *how* the daemon behaves (because it uses shell for
> launching daemons).
> 

That's what you meant, how disappointing. Yeah I've knocked up a few
very useful ones myself but call them scripts (Such as grepping logs or
dns servers and feeding real daemons with info).

> You can't do that with systemd; there is a clear and unavoidable

You can't is better is it? Yet you can exec a daemon written in shell
with systemd.

> separation between the starting/stoping/monitoring of daemons, and the
> daemons themselves. 

> Such distinction doesn't really exists in SysV nor
> OpenRC (since they use shell, a Turing-complete language, for

With regular expressions to get the exact pid but

/usr/sbin/sshd -f /etc/ssh/sshd_config = start
/usr/bin/pkill sshd = stop or many other incantations

There are many tools that do this job just fine. If systemd just did
this and was there by default I would consider replacing monit with it.
Like a reliable root filesystem I want a reliable pid 1.

> launching daemons), and therefore you can mixup everything. I agree,
> it doesn't necessarily means that it *will* happen; but even the
> possibility is frigthning for a system administrator in a production
> server. With systemd, that possibility *doesn't exist* (because it
> doesn't uses a Turing-complete language to start/stop/monitor
> daemons).

Doesn't frighten me one bit. I know the startup almost inside out of my
servers, doesn't take long on OpenBSD. On Linux it would take longer but
nowhere near reviewing systemd and knowing C has nothing to do with the
immediate control shell can provide under any init system including
systemd but the Turing complete argument is simply propaganda as well
as all the features to distract from the fundamental flaws in the
design of systemd.

> 
> Like the clear separation between content and presentation in webapps,
> or between the model and the view in the MVC design patter, having a
> clear separation between how you start/stop/monitor your daemon, and
> what the daemon does, is a good thing. If you don't agree with that,
> well, we must agree to disagree.

There is nothing else, you exec or parse a script or daemon just as
systemd does. The only difference is systemd tracking double forked
processes with cgroups and I have already provided a link that refutes
any point to do so. There are corner cases that are easily manageable
and it certainly isn't worth the sacrifice of POSIX compatibility and
so Linux applicability. Linus has said cgroups are a horrible
but necessary evil, which in my opinion means avoid them unless you have
no choice. There is a perfectly good and in my opinion superior
choice, but I love simplicity, it has served me well.



Re: [gentoo-user] Re: Anyone switched to eudev yet? -> what was wron with SysVInit?

2012-12-28 Thread Kevin Chadwick
On Thu, 27 Dec 2012 17:38:15 -0600
Canek Peláez Valdés  wrote:

> In SysV, I can *write* the daemon in the init script.
> In *that* sense, the init system tells the daemon how to do things,

Please explain, sure there is the environment that tells a daemon what
to do. No shell can tell a c daemon like sshd how to drop priviledges
or use systrace but it could do these things for it in a more fine
grained manner before it tries and fails itself or if the daemon
wishes it to like monit. It's still not telling how but duplicating or
removing the need. That's just a bonus that applies to all init
systems because shell is so powerful on unix.



Re: Should /usr be merged with /? (Was: Re: [gentoo-user] Re: Anyone switched to eudev yet?)

2012-12-28 Thread Kevin Chadwick
On Sat, 29 Dec 2012 01:16:34 +0800
Mark David Dumlao  wrote:

>  whatever filesystem type
> it is.

>Following this, for any distro to correctly FHS, there needs to be a
>package manager switch to copy arbitrary packages (and dependent
>libraries) from /usr to /. As of yet not implemented.
>


Not at all, FUSE is a userspace flesystem meant to be used after single
user.

The spec says you have to be able to mount other filesystems not all
other filesystems. I'd like to see you mount an OpenBSD ffs partition.


So no your point does not stand. As has already been said the
cure is worse than the disease many of which have been
demonstrated to amount to exactly nothing in all cases and likely why
Greg refused to specify what was broken. You've completely ignored the
part of FHS about the root filesystem and completely made up your own
rules to justify Linux having management problems that some
irresponsible devs chose to enforce upon all and now eudev is working to
fix and bring the core of linux back into compliance and higher
reliability. 

I'm not surprised Michael can't be bothered to reply. I would use your
time more constructively than responding to this thread pollution in
any comprehensive manner.



Re: [Bulk] Re: [gentoo-user] Re: Anyone switched to eudev yet?

2012-12-28 Thread Kevin Chadwick
> > Should perl be in / or /usr?  
> 
> Now that is a good question, if only because Perl traditionally _loathes_
> being in /bin, for its own philosophical reasons.
> 


> Now, as a practical matter? WTF are the scripts written in Perl? Or in
> anything other than sh? If they're intended for emergency use, they've got
> some pretty fat dependencies, and should probably be launched from a full
> rescue environment instead. Or the log files should be copied to some place
> with more featureful tools available.


Can perl be built statically and moved to / by the admin for this
corner case?

If not you should have all the tools to fix /usr in root and then if
anything needs fixing via perl then you should be able to mount /usr or
mount -a and have a fully working single user system to run perl from.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] E17 lock screen

2012-12-27 Thread Kevin Brandstatter
On 12/27/2012 05:16 PM, Mick wrote:
> On Saturday 22 Dec 2012 01:29:57 Kevin Brandstatter wrote:
>> So e17 just came out and ive been using for a bit. The only problem
>> ive had with it is that i cant check the option to lock the screen on
>> suspend. I don't think this is a problem on some of the other
>> distributions so thought it could be a policy problem on gentoo.
>>
>> Curious if anyone else uses e17/has this problem and maybe a fix. or
>> just for suggestions of where to look
> I can't select it here either, but I suspect that this may be because I do 
> not 
> use xscreenlock or equivalent.
>
> Have you tried posting either at the e17 or the enlightenm...@gentoo.org 
> mailing lists?
yes I first posted to the e17-users list. It was working for other
people so i thought it might be distro specific, I emerged xscreensaver
to see if that would fix it at all but no luck. I had this problem a
while ago and i think it had something to do with polkit settings

-Kevin



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-user] Re: Anyone switched to eudev yet? -> what was wron with SysVInit?

2012-12-27 Thread Kevin Chadwick
> * Finally, and what I think is the most fundamental difference between
> systemd and almost any other init system: The service unit files in
> systemd are *declarative*; you tell the daemon *what* to do, not *how*
> to do it. If the service files are shell scripts (like in
> OpenRC/SysV), everything can spiral out of control really easily. And
> it usually does (again, look at sshd; and that one is actully nicely
> written, there are all kind of monsters out there abusing the power
> that shell gives you).
>  

> Then Kevin started to suggest that I know nothing about init systems,
> and I responded in kind.

I did not and apologise if you took offense. I said perhaps badly that
based on this posting, you don't have a great deal of experience in
init systems. To me, your comment demonstrated that you don't on the
vast plethora of init systems which all actually accomplish the same
thing daemon wise just with varying reliability and functionality
surrounding the process of doing so. No init system can tell a daemon
how to do anything.

So your comment.

What to do, how to do actually has nothing to do with systemd.

What does is having to learn a new more restrictive non
intuitive and non externally useful or non universal *declarative*
language. Like polkit/pkexecs javascript vs sudo. I will take sudoers
every time and for good reason.

"Shell scripts usually spiral out of control" is just utter FUD. I
do realise you didn't originate this FUD, but it shouldn't be
spread. Yes some corner case wants in init that some thought
impossible in shell can get complex by scripting them but a small c
tool following the unix philosophy simply becomes a shell command
potentially useful in even unforeseeable cases.

We are dealing with simple options meant for admins here. As I said
OpenBSDs scripts are usually rediculously simple and should often
really be called commands. As others have said the argument of function
being in the scripts rather than the daemon is an irrelevance to using
systemd. Systemd may try to become the whole OS but I'm fairly sure it
hasn't plagiarised the c code to check and deal with ssh keys yet. That
is rightly the job of the aptly named ssh-keygen and IMO some very
simple shell code.

The arch sshd script is only 44 lines and includes more than that to
make the output colourful. The gentoo sshd script is actually simple
too and doesn't do anything most of the time and is easily modifiable
in absolutely predictable ways.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [Bulk] Re: [gentoo-user] Re: Anyone switched to eudev yet?

2012-12-27 Thread Kevin Chadwick

Again you don't break the spec unless you have to and you don't change
the spec unless it is an improvement or you have no choice. Non of
which is the case. Just like you do not mould a mail RFC to a
widely used technically inferior hotmail implementation.

> He's like DJB on crack.

Except DJB made every Linux system on this planet more reliable simple
and secure through better coding practices and pointing out how buggy
sendmail was. Lennart if anything will accomplish the exact opposite
where systemd is used.


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___



Re: [gentoo-user] Re: Anyone switched to eudev yet? -> what was wron with SysVInit?

2012-12-26 Thread Kevin Chadwick
On Wed, 26 Dec 2012 17:01:17 -0600
Canek Peláez Valdés  wrote:

> And, what community is being divided? Fedora,OpenSuse, and Arch use
> systemd by default.

From debian and hurd to slackware which will not touch systemd ever and
ubuntu and also embedded with the kernel working on more and more
deeply embedded processors and userland working potentially on less or
more difficulties in porting if lennart's dreams ever come to pass,
which I hope many won't. So way more than half of linux will not use
systemd by default likely ever and it is rather different. Any
unification it does bring like /etc/hostname could be easily achieved
with a little organisation without systemd and would be way more
constructive if it happened because of that single purpose.

I didn't even mention POSIX compliance which is a requirement on many
projects. Fudging POSIX into Linux only would defeat the whole point of
POSIX, though apparently that is a real danger.



Re: [gentoo-user] Re: Anyone switched to eudev yet?

2012-12-26 Thread Kevin Chadwick
On Thu, 27 Dec 2012 00:01:58 +0800
Mark David Dumlao  wrote:

> Nobody's telling you _your_ system, as in the collection of programs
> you use for your productivity, is broken. What we're saying is that
> _the_ system, as in the general practice as compared to the
> specification, is broken. Those are two _very_ different things.

If the spec and practice are out of sync then if possible as this
thread demonstrates most and is perfectly possible then you fix the
practice and do not erode the spec.



Re: [gentoo-user] Re: Anyone switched to eudev yet? -> what was wron with SysVInit?

2012-12-26 Thread Kevin Chadwick
On Tue, 25 Dec 2012 08:56:38 -0500
Joshua Murphy  wrote:

> It would still be a (notable, at that) drop
> in size if the shell script was redone to provide exactly the same set
> of features, then compared, but that size difference wouldn't have the
> same shock value as the comparison against 80+ lines.

If you look at the ssh devs distribution OpenBSD, sshd's rc config is a
one liner basically of simply enable or provide command line arguments.
Key checking is part of the OS startup script which is beautifully easy
to read and follow through to shutdown.

The turing complete language as oppose to the increased pid1 of systemd
is a theoretical fallacy where bugs can be immediately fixed with a
text editor or swapping the constantly tested but admittedly
complex shell code. Note though that init does not require a shell or
Turing complete language at all or anything else making it appropriate
in it's various forms to all cases. Ironically this variation can be
seen as unifying unix communities. What would be good is a common
agreement on the format or sysadmins equivelent to API of controlling a
universally applicable init system.



  1   2   3   4   5   6   7   8   9   >