Re: [gentoo-user] Beautification - Splash
On 4/5/06, Boyd Stephen Smith Jr. <[EMAIL PROTECTED]> wrote: > On Wednesday 05 April 2006 13:49, "Lord Sauron" > <[EMAIL PROTECTED]> wrote about 'Re: [gentoo-user] > Beautification - Splash': > > > You sent two copies of your message, one signed, the other not. You > > > also didn't publish your public key on any keyserver that my kmail > > > polls for keys (I think I poll 6 servers, though at least 3 of other > > > shares keys among themselves, too). > > > > So that's what people are talking about whenever they say there's > > gonna be a "public key signing!" I've been idly wondering what that > > could be. > > > > Okay... that makes sense now. > > No, a public key signing is when you verify that the key(s) provided by the > keyserver match the person they are supposed to. The keyserver provides a > key to you based on it's ID, and the key itself contains what emails > address it can be attached to, but that's don't tell you that *I* signed > it. You'd have to talk face-to-face with me (or some other pre-secured > method) to know that *I* uploaded that key. Anyone can upload a key > purporting to be from [EMAIL PROTECTED] and then send a message signed > with that key. (Keys are essentially random, and anyone can send a mail > with the "From" header saying "[EMAIL PROTECTED]". In the most > paranoid case, mail TO [EMAIL PROTECTED] [assuming it isn't a send-only > email address] can be intercepted by anyone with physical or root access > to the computer pointed to by the MX record of volumehost.net. Yeah, no system is foolproof. > > > This message is validly singed, although probably by a key you don't > > > trust (nor should you until to verify the key actually belongs to the > > > person it claims to). > > > > Most key servers use hardened linux or SE Linux, right? Since that is > > what they're supposed to be for? I think I could scrape together > > another cheap-o server to make into my own key server... that'd be > > cool. If nothing else it'd be nice to play with it a bit : ) > > Most keyservers were up and running before hardened or SE Linux was > available, but may have been upgraded. They are supposed to be difficult > to break into and/or spoof, just like any public server, but they are > *NOT* a source of trust. They accept and provide keys without any tests. > They are a convenient publishing method, they are *NOT* part of the trust > equation. Yeah, I was just thinking Hardened Linux would be a good choice b/c it's more resistant to some cracker breaking in and screwing stuff up all over the place. "Good data in, good data out; bad data in, bad data out" is the keyserver, but I don't want cracker pinhead to take the data and make it bad. > > > "If there's one thing we've established over the years, > > > it's that the vast majority of our users don't have the slightest > > > clue what's best for them in terms of package stability." > > > -- Gentoo Developer Ciaran McCreesh > > > > I honestly hope you're just joking. Really, the world gets much > > scarier when that is true... > > Check the Gmane archives if you don't believe me. Ciaran said it and has > yet to even take notice of my signature quoting him. Hell, sometimes I > almost believe it. In my most cynical moments, I think we should stop > helping people install Gentoo, just so we have some minimum competency > requirement for users. Yeah, there is a significant advantage to having competent users, however, when you make that distinction you narrow your target audience to so few people... > Then, I realize that I probably wouldn't have the wonderful Gentoo system I > have now without the support of the other Gentoo users; I'd probably be > running Debian. :/ I was a good person and learned all I could on Debian before trying Gentoo. That's why you don't see me asking questions like "what's bash" and "where's the start menu?" Luckily for you, that's where I picked up what few mailing-list manners I have ; ) You should have seen my posts before... scary. -- == GCv3.12 == GCS d-(++) s+: a? C++ UL+> P+ L++ E--- W+(+++) N++ o? K? w--- O? M+ V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+ DI+++ D+ G e* h- !r !y = END GCv3.12 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Beautification - Splash
On Wednesday 05 April 2006 13:49, "Lord Sauron" <[EMAIL PROTECTED]> wrote about 'Re: [gentoo-user] Beautification - Splash': > > You sent two copies of your message, one signed, the other not. You > > also didn't publish your public key on any keyserver that my kmail > > polls for keys (I think I poll 6 servers, though at least 3 of other > > shares keys among themselves, too). > > So that's what people are talking about whenever they say there's > gonna be a "public key signing!" I've been idly wondering what that > could be. > > Okay... that makes sense now. No, a public key signing is when you verify that the key(s) provided by the keyserver match the person they are supposed to. The keyserver provides a key to you based on it's ID, and the key itself contains what emails address it can be attached to, but that's don't tell you that *I* signed it. You'd have to talk face-to-face with me (or some other pre-secured method) to know that *I* uploaded that key. Anyone can upload a key purporting to be from [EMAIL PROTECTED] and then send a message signed with that key. (Keys are essentially random, and anyone can send a mail with the "From" header saying "[EMAIL PROTECTED]". In the most paranoid case, mail TO [EMAIL PROTECTED] [assuming it isn't a send-only email address] can be intercepted by anyone with physical or root access to the computer pointed to by the MX record of volumehost.net. Everyone takes either key fingerprint, email address (or key ID), and personal ID that they expect to be able to give to others. Then they pair off in some organized fashion and exchange those items. At the end you go home to trust keys are what they purport to be and possibly sign them and publish the signatures. If you trust person X to thoroughly ID people, then a signature from X of Y's key tells you that Y's key actually belongs to person Y; so you can trust it. Thus, you can build a web of trust. > > This message is validly singed, although probably by a key you don't > > trust (nor should you until to verify the key actually belongs to the > > person it claims to). > > Most key servers use hardened linux or SE Linux, right? Since that is > what they're supposed to be for? I think I could scrape together > another cheap-o server to make into my own key server... that'd be > cool. If nothing else it'd be nice to play with it a bit : ) Most keyservers were up and running before hardened or SE Linux was available, but may have been upgraded. They are supposed to be difficult to break into and/or spoof, just like any public server, but they are *NOT* a source of trust. They accept and provide keys without any tests. They are a convenient publishing method, they are *NOT* part of the trust equation. There have been occasions, IIRC, that keyservers have been compromised, but since they aren't a source of trust, this isn't much of an issue. *Some* people /might/ trust any key obtained from a keyserver, but any technology can be incorrectly used, PKI is not exception. > > -- > > "If there's one thing we've established over the years, > > it's that the vast majority of our users don't have the slightest > > clue what's best for them in terms of package stability." > > -- Gentoo Developer Ciaran McCreesh > > I honestly hope you're just joking. Really, the world gets much > scarier when that is true... Check the Gmane archives if you don't believe me. Ciaran said it and has yet to even take notice of my signature quoting him. Hell, sometimes I almost believe it. In my most cynical moments, I think we should stop helping people install Gentoo, just so we have some minimum competency requirement for users. Then, I realize that I probably wouldn't have the wonderful Gentoo system I have now without the support of the other Gentoo users; I'd probably be running Debian. :/ -- "If there's one thing we've established over the years, it's that the vast majority of our users don't have the slightest clue what's best for them in terms of package stability." -- Gentoo Developer Ciaran McCreesh pgp1TmaAZYh6E.pgp Description: PGP signature
Re: [gentoo-user] Beautification - Splash
On 4/4/06, Bo Andresen <[EMAIL PROTECTED]> wrote: > On Wednesday 05 April 2006 02:33, Lord Sauron wrote: > [SNIP] > > So I now use the theme "livecd-2006.0" Just my $0.02, but it's sorta > > difficult to change themes. Soon as I'm more bash literate, I'll try > > to make a script to change themes in a easier manner > > ("lsauron_cngsplshthm [theme]", perhaps? I dunno... Mind of a > > programmer, once more). I counted 2 places I have to change to change > > themes: > > > > /etc/splash splashutils_geninitramfs... // generate new initramfs file > > /boot/grub/menu.lst // point to it, and make sure kernel command line > > args are nice and happy > [SNIP] > > I guarantee nothing... ;) : > > #!/bin/bash > RES=1400x1050 > THEME=${1} > splash_geninitramfs ${THEME} -r ${RES} -g /boot/fbsplash -v > sed -i -e 's/theme:[a-z0-9.-]*/theme:'${THEME}'/' /boot/grub/menu.lst Hmm... I'll have to play around with that in KDevelop and see if I can make it guaranteeable... that'd be a good project for a nut like me... -- == GCv3.12 == GCS d-(++) s+: a? C++ UL+> P+ L++ E--- W+(+++) N++ o? K? w--- O? M+ V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+ DI+++ D+ G e* h- !r !y = END GCv3.12 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Beautification - Splash
On 4/4/06, Boyd Stephen Smith Jr. <[EMAIL PROTECTED]> wrote: > On Tuesday 04 April 2006 19:33, "Lord Sauron" > <[EMAIL PROTECTED]> wrote about 'Re: [gentoo-user] > Beautification - Splash': > > PS: I'm playing with this GPG stuff... I want to see if any of you > > can use [verify] this. I'm just curious... I had some nut case > > ghosting off of my domain and email and then emailing some friends. I > > was not happy. Someone suggested signing my messages. So, I'm > > trying. Tell me if I'm doing it right if it's conveinient. > > You sent two copies of your message, one signed, the other not. You also > didn't publish your public key on any keyserver that my kmail polls for > keys (I think I poll 6 servers, though at least 3 of other shares keys > among themselves, too). So that's what people are talking about whenever they say there's gonna be a "public key signing!" I've been idly wondering what that could be. Okay... that makes sense now. Don't laugh - it was my very first try and encryption. > This message is validly singed, although probably by a key you don't trust > (nor should you until to verify the key actually belongs to the person it > claims to). Most key servers use hardened linux or SE Linux, right? Since that is what they're supposed to be for? I think I could scrape together another cheap-o server to make into my own key server... that'd be cool. If nothing else it'd be nice to play with it a bit : ) > -- > "If there's one thing we've established over the years, > it's that the vast majority of our users don't have the slightest > clue what's best for them in terms of package stability." > -- Gentoo Developer Ciaran McCreesh I honestly hope you're just joking. Really, the world gets much scarier when that is true... -- == GCv3.12 == GCS d-(++) s+: a? C++ UL+> P+ L++ E--- W+(+++) N++ o? K? w--- O? M+ V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+ DI+++ D+ G e* h- !r !y = END GCv3.12 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Beautification - Splash
On Tuesday 04 April 2006 19:33, "Lord Sauron" <[EMAIL PROTECTED]> wrote about 'Re: [gentoo-user] Beautification - Splash': > PS: I'm playing with this GPG stuff... I want to see if any of you > can use [verify] this. I'm just curious... I had some nut case > ghosting off of my domain and email and then emailing some friends. I > was not happy. Someone suggested signing my messages. So, I'm > trying. Tell me if I'm doing it right if it's conveinient. You sent two copies of your message, one signed, the other not. You also didn't publish your public key on any keyserver that my kmail polls for keys (I think I poll 6 servers, though at least 3 of other shares keys among themselves, too). This message is validly singed, although probably by a key you don't trust (nor should you until to verify the key actually belongs to the person it claims to). -- "If there's one thing we've established over the years, it's that the vast majority of our users don't have the slightest clue what's best for them in terms of package stability." -- Gentoo Developer Ciaran McCreesh pgpSCeBNs1ypM.pgp Description: PGP signature
Re: [gentoo-user] Beautification - Splash
On Wednesday 05 April 2006 02:33, Lord Sauron wrote: [SNIP] > So I now use the theme "livecd-2006.0" Just my $0.02, but it's sorta > difficult to change themes. Soon as I'm more bash literate, I'll try > to make a script to change themes in a easier manner > ("lsauron_cngsplshthm [theme]", perhaps? I dunno... Mind of a > programmer, once more). I counted 2 places I have to change to change > themes: > > /etc/splash splashutils_geninitramfs... // generate new initramfs file > /boot/grub/menu.lst // point to it, and make sure kernel command line > args are nice and happy [SNIP] I guarantee nothing... ;) : #!/bin/bash RES=1400x1050 THEME=${1} splash_geninitramfs ${THEME} -r ${RES} -g /boot/fbsplash -v sed -i -e 's/theme:[a-z0-9.-]*/theme:'${THEME}'/' /boot/grub/menu.lst > PS: I'm playing with this GPG stuff... I want to see if any of you > can use [verify] this. I'm just curious... I had some nut case > ghosting off of my domain and email and then emailing some friends. I > was not happy. Someone suggested signing my messages. So, I'm > trying. Tell me if I'm doing it right if it's conveinient. "Message was signed on 1/1-1970 00:59 with unknown key 0x8F22D39E. The validity of the signature cannot be verified." [SNIP] "End of signed message" I guess not... -- Bo Andresen -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Beautification - Splash
To be a bit more verbose... I downloaded the web page to disk so I could toy with it during lunch, when I'm not connected to the internet. After about ten reboots I finally had it nailed down. My Windoze friends are gonna hate this... they've always regarded Window's bootup graphics as making windows "superior" in some way or another. I think they've just let their minds be harmed by all the years of windows ; ) So I now use the theme "livecd-2006.0" Just my $0.02, but it's sorta difficult to change themes. Soon as I'm more bash literate, I'll try to make a script to change themes in a easier manner ("lsauron_cngsplshthm [theme]", perhaps? I dunno... Mind of a programmer, once more). I counted 2 places I have to change to change themes: /etc/splash splashutils_geninitramfs... // generate new initramfs file /boot/grub/menu.lst // point to it, and make sure kernel command line args are nice and happy but otherwise it was rather painless. The initial install was painful... when you have to do a manual rc-update add or whatever it is, that's a sign that you need to make a script of some kind... my personal feelings, of course. So thanks for the help - Probably wouldn't have gotten this far by myself (I have a habit of bouncing off the same walls until someone explains to me why my thinking isn't right, even though it is quite logical). PS: I'm playing with this GPG stuff... I want to see if any of you can use [verify] this. I'm just curious... I had some nut case ghosting off of my domain and email and then emailing some friends. I was not happy. Someone suggested signing my messages. So, I'm trying. Tell me if I'm doing it right if it's conveinient. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To be a bit more verbose... I downloaded the web page to disk so I could toy with it during lunch, when I'm not connected to the internet. After about ten reboots I finally had it nailed down. My Windoze friends are gonna hate this... they've always regarded Window's bootup graphics as making windows "superior" in some way or another. I think they've just let their minds be harmed by all the years of windows ; ) So I now use the theme "livecd-2006.0" Just my $0.02, but it's sorta difficult to change themes. Soon as I'm more bash literate, I'll try to make a script to change themes in a easier manner ("lsauron_cngsplshthm [theme]", perhaps? I dunno... Mind of a programmer, once more). I counted 2 places I have to change to change themes: /etc/splash splashutils_geninitramfs... // generate new initramfs file /boot/grub/menu.lst // point to it, and make sure kernel command line args are nice and happy but otherwise it was rather painless. The initial install was painful... when you have to do a manual rc-update add or whatever it is, that's a sign that you need to make a script of some kind... my personal feelings, of course. So thanks for the help - Probably wouldn't have gotten this far by myself (I have a habit of bouncing off the same walls until someone explains to me why my thinking isn't right, even though it is quite logical). - -- == GCv3.12 == GCS d-(++) s+: a? C++ UL+> P+ L++ E--- W+(+++) N++ o? K? w--- O? M+ V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+ DI+++ D+ G e* h- !r !y = END GCv3.12 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEMw9zHcNVi48i054RAi3sAJ0cV7/YUJVybJiPjGBtL2T5SsFINwCfeDEu fFpF1fK9A/3ocaiuN3J6tus= =g3tf -END PGP SIGNATURE- -- == GCv3.12 == GCS d-(++) s+: a? C++ UL+> P+ L++ E--- W+(+++) N++ o? K? w--- O? M+ V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+ DI+++ D+ G e* h- !r !y = END GCv3.12 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Beautification - Splash
Yeah, I read you. I found that during lunch. It works now : ) On 4/4/06, Bo Andresen <[EMAIL PROTECTED]> wrote: > On Tuesday 04 April 2006 20:48, Lord Sauron wrote: > [SNIP] > > and then I modified /boot/grub/menu.lst: > > > > localhost ~ # cat /boot/grub/menu.lst > > default 0 > > timeout 7 > > splashimage=(hd0,0)/grub/splash.xpm.gz > > title Current Kernel > > root (hd0,0) > > kernel /vmlinuz root=/dev/hda3 > > initrd /fbsplash > >[SNIP] > > So now you have told it where to find the theme files. Now you just need to > alter your kernel line to specify what theme to use and in which mode. An > example is given in [1]. But to view full documentation of kernel parameters > for splash type in a terminal (this assumes that you have splashutils > installed): > > # zcat -c /usr/share/doc/splashutils*/kernel_parameters.gz | less > > Also I have just added two sections to the howto i.e. [2] and [3]. > > [1] http://gentoo-wiki.com/HOWTO_gensplash#GRUB_Example > [2] http://gentoo-wiki.com/HOWTO_gensplash#View_contents_of_initramfs > [3] http://gentoo-wiki.com/HOWTO_gensplash#Choosing_a_theme > > -- > Bo Andresen > -- > gentoo-user@gentoo.org mailing list > > -- == GCv3.12 == GCS d-(++) s+: a? C++ UL+> P+ L++ E--- W+(+++) N++ o? K? w--- O? M+ V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+ DI+++ D+ G e* h- !r !y = END GCv3.12 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Beautification - Splash
On Tuesday 04 April 2006 20:48, Lord Sauron wrote: [SNIP] > and then I modified /boot/grub/menu.lst: > > localhost ~ # cat /boot/grub/menu.lst > default 0 > timeout 7 > splashimage=(hd0,0)/grub/splash.xpm.gz > title Current Kernel > root (hd0,0) > kernel /vmlinuz root=/dev/hda3 > initrd /fbsplash >
Re: [gentoo-user] Beautification - Splash
I was a good cookie and went and tried my best. I did see some signs of success, however, they're not all complete... no pictures. The one sign of success was that the resolution was at [EMAIL PROTECTED], which is a good sign. However, I think that was more attributable to my recompile of the kernel, which I'm happy to say I'm reletively expert at now. I can make menuconfig and make && make install my way around now, so that's good news. On 4/2/06, Bo Andresen <[EMAIL PROTECTED]> wrote: > http://gentoo-wiki.com/HOWTO_fbsplash I followed these instructions, however, something didn't work, because there were no pretty pictures : ( I did appreciate the increased resolution, however. The instructions I took were pretty simple: http://gentoo-wiki.com/HOWTO_fbsplash#Non-genkernel_users Then I: http://gentoo-wiki.com/HOWTO_fbsplash#Non-genkernel_users and then I modified /boot/grub/menu.lst: localhost ~ # cat /boot/grub/menu.lst default 0 timeout 7 splashimage=(hd0,0)/grub/splash.xpm.gz title Current Kernel root (hd0,0) kernel /vmlinuz root=/dev/hda3 initrd /fbsplashP+ L++ E--- W+(+++) N++ o? K? w--- O? M+ V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+ DI+++ D+ G e* h- !r !y = END GCv3.12 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Beautification - Splash
http://gentoo-wiki.com/HOWTO_fbsplash -- Bo Andresen -- gentoo-user@gentoo.org mailing list